Lucene search
K
PacketstormMost viewed

50773 matches found

Packet Storm
Packet Storm
•added 2021/04/19 12:0 a.m.•534 views

Nagios XI 5.7.3 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Nagios XI 5.6.0-5.7.3 - Mibs.php Authenticated Remote Code Exection', 'Description' = %q This module exploits CVE-2020-5791, an OS command...

9CVSS7.2AI score0.78632EPSS
Exploits7
Packet Storm
Packet Storm
•added 2021/03/29 12:0 a.m.•534 views

WordPress WP Super Cache 1.7.1 Remote Code Execution

Exploit Title: WordPress Plugin WP Super Cache 1.7.1 - Remote Code Execution Authenticated Google Dork: inurl:/wp-content/plugins/wp-super-cache/ Date: 2021-03-13 Exploit Author: m0ze Version: Cache Location option. Direct access to the wp-cache-config.php file is not prohibited, so this...

Exploits0
Packet Storm
Packet Storm
•added 2019/09/02 12:0 a.m.•534 views

Microsoft Outlook Web Access Build 15.1.1591 Header Injection

!/usr/bin/perl -w Microsoft Outlook Web Access build:15.1.1591 Remote Header 'Host' Injection Exploit Copyright 2019 c Todor Donev Disclaimer: This or previous programs are for Educational purpose ONLY. Do not use it without permission. The usual disclaimer applies, especially the fact that Todor...

0.2AI score
Exploits0
Packet Storm
Packet Storm
•added 2021/09/20 12:0 a.m.•533 views

WordPress 5.7 Media Library XML Injection

Exploit Title: WordPress 5.7 - 'Media Library' XML External Entity Injection XXE Authenticated Date: 16/09/2021 Exploit Author: David Utón M3n0sD0n4ld Vendor Homepage: https://wordpress.com Affected Version: WordPress 5.6-5.7 & PHP8 Tested on: Linux Ubuntu 18.04.5 LTS CVE : CVE-2021-29447...

7.1CVSS0.7AI score0.85719EPSS
Exploits20
Packet Storm
Packet Storm
•added 2020/07/12 12:0 a.m.•533 views

Liferay Portal Remote Code Execution

Exploit Title: Data in Liferay Portal prior to 7.2.1 CE GA2 - Remote code execution Author: nu11secur1ty Date: 2020-01-24 Vendor: Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7961 https://github.com/nu11secur1ty/Windows10Exploits/tree/master/Undefined/CVE-2020-7961 CVE:...

7.5CVSS0.1AI score0.99783EPSS
Exploits10
Packet Storm
Packet Storm
•added 2024/10/18 12:0 a.m.•532 views

Magento / Adobe Commerce Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'CosmicSting: Magento Arbitrary File Read CVE-2024-34102 + PHP Buffer Overflow in the iconv function of glibc CVE-2024-2961', 'Description' = %q...

9.8CVSS7.6AI score0.99994EPSS
Exploits38
Packet Storm
Packet Storm
•added 2022/08/18 12:0 a.m.•532 views

Advantech iView NetworkServlet Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Advantech iView NetworkServlet Command Injection', 'Description' = %q Versions of Advantech iView software below 5.7.04.6469 are vulnerable to an...

9.8CVSS0.4AI score0.59184EPSS
Exploits4
Packet Storm
Packet Storm
•added 2021/09/28 12:0 a.m.•532 views

WordPress Popup 1.10.4 Cross Site Scripting

Exploit Title: WordPress Plugin Popup 1.10.4 - Reflected Cross-Site Scripting XSS Date: 3/28/2021 Author: 0xB9 Software Link: https://wordpress.org/plugins/popup-by-supsystic/ Version: 1.10.4 Tested on: Windows 10 CVE: CVE-2021-24275 1. Description: The plugin did not sanitize the tab parameter o...

6.1CVSS0.18165EPSS
Exploits5
Packet Storm
Packet Storm
•added 2023/10/27 12:0 a.m.•531 views

phpFox 4.8.13 PHP Object Injection

-------------------------------------------------------------- phpFox = 4.8.13 redirect PHP Object Injection Vulnerability -------------------------------------------------------------- - Software Link: https://www.phpfox.com - Affected Versions: Version 4.8.13 and prior versions. - Vulnerability...

7.1AI score0.01806EPSS
Exploits3
Packet Storm
Packet Storm
•added 2023/04/14 12:0 a.m.•531 views

Microsoft Word Remote Code Execution

Title: Microsoft Word Remote Code Execution Vulnerability Author: nu11secur1ty Date: 04.14.2023 Vendor: https://www.microsoft.com/ Software: https://www.microsoft.com/en-us/microsoft-365/word?activetab=tabs%3afaqheaderregion3 Reference:...

7.8CVSS7.8AI score0.02719EPSS
Exploits3
Packet Storm
Packet Storm
•added 2022/12/19 12:0 a.m.•531 views

Senayan Library Management System 9.2.0 Cross Site Scripting

Title: Senayan Library Management System v9.2.0 a.k.a SLIMS 9 XSS-Reflected - inserting gif - redirect to outside HTTPS server Author: nu11secur1ty Date: 12.19.2022 Vendor: https://slims.web.id/web/ Software: https://github.com/slims/slims9bulian/releases/tag/v9.2.0 Reference:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
•added 2022/09/05 12:0 a.m.•531 views

Apple macOS Remote Events Memory Corruption

!/usr/bin/env python -- coding: UTF-8 -- naval.py Apple macOS Remote Events Remote Memory Corruption Vulnerability Jeremy Brown jbrown3264/gmail ===== Intro ===== eppc Hello from AEServer Remote Apple Events is a core service and remote system administration and automation tool for Macs. It can b...

0.2AI score0.01402EPSS
Exploits2
Packet Storm
Packet Storm
•added 2021/03/26 12:0 a.m.•531 views

TP-Link Cross Site Scripting

============================================================== Unauthenticated Stored Cross-site Scripting in Multiple TP-Link Devices ============================================================== Overview ======== Title:- Unauthenticated Stored Cross-site Scripting in TP-Link Devices. CVE-ID :-...

0.01788EPSS
Exploits3
Packet Storm
Packet Storm
•added 2024/08/31 12:0 a.m.•530 views

SNMP Community Login Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'metasploit/framework/communitystringcollection' require 'metasploit/framework/loginscanner/snmp' class MetasploitModule 'SNMP Community Login Scanner',...

6.9AI score0.27166EPSS
Exploits3
Packet Storm
Packet Storm
•added 2023/08/11 12:0 a.m.•530 views

TP-Link Archer AX21 Command Injection

!/usr/bin/python3 Exploit Title: TP-Link Archer AX21 - Unauthenticated Command Injection Date: 07/25/2023 Exploit Author: Voyag3r https://github.com/Voyag3r-Security Vendor Homepage: https://www.tp-link.com/us/ Version: TP-Link Archer AX21 AX1800 firmware versions before 1.1.4 Build 20230219...

8.8CVSS7.1AI score0.99999EPSS
Exploits7
Packet Storm
Packet Storm
•added 2022/12/07 12:0 a.m.•530 views

py7zr 0.20.0 Directory Traversal

CVE-2022-44900: path traversal vulnerability in py7zr Directory traversal vulnerability in SevenZipFile.extractall function of the python library py7zr version 0.20.0 and earlier allow attackers to read arbitrary files on the local machine via malicious 7z file extraction. CVE-2022-44900...

0.3AI score0.02242EPSS
Exploits3
Packet Storm
Packet Storm
•added 2022/01/20 12:0 a.m.•530 views

VMware vCenter Server Unauthenticated Log4Shell JNDI Injection Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VMware vCenter Server Unauthenticated JNDI Injection RCE via Log4Shell', 'Description' = %q VMware vCenter Server is affected by the Log4Shell...

10CVSS1AI score0.99999EPSS
Exploits351
Packet Storm
Packet Storm
•added 2021/11/16 12:0 a.m.•530 views

Online Learning System 2.0 Remote Code Execution

Exploit Title: Online Learning System 2.0 - Remote Code Execution RCE Date: 15/11/2021 Exploit Author: djebbaranon Vendor Homepage: https://github.com/oretnom23 Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/elearningv20.zip Version: 2.0 Tested on: Kali linux...

9.2AI score0.09985EPSS
Exploits4
Packet Storm
Packet Storm
•added 2021/07/19 12:0 a.m.•530 views

WordPress LearnPress SQL Injection

Exploit Title: WordPress Plugin LearnPress /wp-admin 2. Login with a cred 3. Execute the payload POST /wordpress/wp-admin/post-new.php?posttype=lporder HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 Windows NT 10.0; Win64; x64; rv:89.0 Gecko/20100101 Firefox/89.0 Accept: application/json,...

6.5CVSS0.2AI score0.49231EPSS
Exploits6
Packet Storm
Packet Storm
•added 2021/06/04 12:0 a.m.•530 views

Cisco HyperFlex HX Data Platform Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco HyperFlex HX Data Platform Command Execution', 'Description' = %q This module exploits an unauthenticated command injection in Cisco...

10CVSS0.4AI score0.99999EPSS
Exploits6
Packet Storm
Packet Storm
•added 2019/11/05 12:0 a.m.•529 views

html5_snmp 1.11 SQL Injection

Exploit Title: html5snmp 1.11 - 'RouterID' SQL Injection Date: 2019-11-01 Exploit Author: Cakes Vendor Homepage: https://github.com/lolypop55/html5snmp Software Link: https://github.com/lolypop55/html5snmp.git Version: 1.11 Tested on: CentOS 7 CVE: N/A PoC for error, time, boolean and Union based...

Exploits0
Packet Storm
Packet Storm
•added 2017/04/26 12:0 a.m.•529 views

LightDM (Ubuntu 16.04/16.10) Privilege Escalation

Source: https://blogs.securiteam.com/index.php/archives/3134 Vulnerability Summary The following advisory describes a local privilege escalation via LightDM found in Ubuntu versions 16.10 / 16.04 LTS. Ubuntu is an open source software platform that runs everywhere from IoT devices, the smartphone...

6.9CVSS0.5AI score0.02669EPSS
Exploits5
Packet Storm
Packet Storm
•added 2025/06/23 12:0 a.m.•528 views

📄 Mobile Mouse 3.6.0.4 WebSocket Remote Code Execution

Mobile Mouse version 3.6.0.4 contains a remote code execution vulnerability through its WebSocket interface. Exploit Title: Mobile Mouse 3.6.0.4 WebSocket Remote code execution Date: 06/17/2025 Exploit Author: Chokri Hammedi Vendor Homepage: https://mobilemouse.com/ Software Link:...

8.2AI score
Exploits0
Packet Storm
Packet Storm
•added 2024/09/01 12:0 a.m.•528 views

SMTP User Enumeration Utility

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SMTP User Enumeration Utility', 'Description' = %q The SMTP service has two internal commands that allow the enumeration of users: VRFY confirmin...

7.1AI score
Exploits2
Packet Storm
Packet Storm
•added 2022/04/21 12:0 a.m.•528 views

ManageEngine ADSelfService Plus Custom Script Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ManageEngine ADSelfService Plus Custom Script Execution', 'Description' = %q This module exploits the "custom script" feature of ADSelfService...

0.5AI score0.70479EPSS
Exploits4
Packet Storm
Packet Storm
•added 2021/04/13 12:0 a.m.•528 views

Simple Student Information System 1.0 SQL Injection

Exploit Title: Simple Student Information System 1.0 - SQL Injection Authentication Bypass Date: 13 April 2021 Exploit Author: Galuh Muhammad Iman Akbar GaluhID Vendor Homepage: https://www.sourcecodester.com/php/11400/simple-student-information-system-ajax-live-search.html Software Link:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
•added 2020/12/03 12:0 a.m.•528 views

Sony BRAVIA Digital Signage 1.7.8 Unauthenticated Remote File Inclusion

Sony BRAVIA Digital Signage 1.7.8 Unauthenticated Remote File Inclusion Vendor: Sony Electronics Inc. Product web page: https://pro-bravia.sony.net https://pro-bravia.sony.net/resources/software/bravia-signage/ https://pro.sony/ueUS/products/display-software Affected version: =1.7.8 Summary: Sony...

0.6AI score
Exploits0
Packet Storm
Packet Storm
•added 2020/07/29 12:0 a.m.•528 views

Cisco Adaptive Security Appliance Software 9.7 Arbitrary File Deletion

Exploit Title: Cisco Adaptive Security Appliance Software 9.7 - Unauthenticated Arbitrary File Deletion Google Dork: inurl:/+CSCOE+/ Date: 2020-08-27 Exploit Author: 0xmmnbassel Vendor Homepage: https://www.cisco.com/c/en/us/products/security/asa-firepower-services/index.htmlmodels Version: Cisco...

7.5CVSS0.9AI score0.99992EPSS
Exploits26
Packet Storm
Packet Storm
•added 2021/11/05 12:0 a.m.•527 views

Backdoor.Win32.Jokerdoor Buffer Overflow

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/6ec85a641656f63f4de853468509d3e3.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Jokerdoor Vulnerability: Remote Stack Buffer Overflow Description: The malware listen...

7.1AI score
Exploits0
Packet Storm
Packet Storm
•added 2021/05/24 12:0 a.m.•527 views

Schlix CMS 2.2.6-6 Shell Upload / Directory Traversal

Exploit Title: Schlix CMS 2.2.6-6 - Arbitary File Upload And Directory Traversal Leads To RCE Authenticated Date: 21.05.2021 Exploit Author: Emir Polat Vendor Homepage: https://www.schlix.com/ Software Link: https://www.schlix.com/html/schlix-cms-downloads.html Version: 2.2.6-6 Tested On: Ubuntu...

7.4AI score
Exploits0
Packet Storm
Packet Storm
•added 2020/12/03 12:0 a.m.•527 views

Sony BRAVIA Digital Signage 1.7.8 Insecure Direct Object Reference

Sony BRAVIA Digital Signage 1.7.8 Client-Side Protection Bypass / IDOR Vendor: Sony Electronics Inc. Product web page: https://pro-bravia.sony.net https://pro-bravia.sony.net/resources/software/bravia-signage/ https://pro.sony/ueUS/products/display-software Affected version: =1.7.8 Summary: Sony'...

7.4AI score
Exploits0
Packet Storm
Packet Storm
•added 2024/11/14 12:0 a.m.•526 views

Siemens Energy Omnivise T3000 8.2 SP3 Privilege Escalation / File Download

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple vulnerabilities product: Siemens Energy Omnivise T3000 vulnerable version: =8.2 SP3 fixed version: see solution section CVE number: CVE-2024-38876, CVE-2024-3887...

9.8CVSS7.4AI score0.11452EPSS
Exploits3
Packet Storm
Packet Storm
•added 2024/09/24 12:0 a.m.•526 views

Apple iOS 17.2.1 Screen Time Passcode Retrieval / Mitigation Bypass

Document Title: =============== Apple iOS 17.2.1 - Screen Time Passcode Retrieval Mitigation Bypass Release Date: ============= 2024-09-24 Affected Products: ==================== Vendor: Apple Inc. Product: Apple iOS 17.2.1 possibly all 18.0 excluding 18.0 References: ==================== VIDEO...

7.4AI score
Exploits0
Packet Storm
Packet Storm
•added 2021/11/01 12:0 a.m.•526 views

My Movie Collection Sinatra App Login Cross Site Scripting

Document Title: =============== My Movie Collection Sinatra App - Login XSS Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2293 Release Date: ============= 2021-11-01 Vulnerability Laboratory ID VL-ID: ==================================...

0.2AI score
Exploits0
Packet Storm
Packet Storm
•added 2021/04/06 12:0 a.m.•526 views

OpenBSD OpenSMTPD 6.6 Remote Code Execution

Exploit Title: OpenBSD OpenSMTPD Remote Code Execution Vulnerability Date: 05/04/2021 Exploit Author: Tobias Marcotto Tested on: Kali Linux x64 Version: 6.6 Description: smtpmailaddr in smtpsession.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute...

10CVSS0.2AI score0.98946EPSS
Exploits27
Packet Storm
Packet Storm
•added 2021/02/09 12:0 a.m.•526 views

Discord Probot Arbitrary File Upload

Exploit Title: Discord Probot - Unrestricted File Upload Google Dork: N/A Date: 2021-02-08 Exploit Author: ThelastVvV Vendor Homepage:probot.io Version:Version 2021 Tested on: Debian 5.7.10-1parrot2 CVE:CVE-2021-26918 About: Probot is a discord very customizable multipurpose bot for welcome image...

0.1AI score0.02585EPSS
Exploits2
Packet Storm
Packet Storm
•added 2020/12/10 12:0 a.m.•526 views

Library Management System 2.0 SQL Injection

Exploit Title: Library Management System 2.0 - Auth Bypass SQL Injection Date: 2020-12-09 Exploit Author: Manish Solanki Vendor Homepage: https://www.sourcecodester.com/php/6849/library-management-system.html Software Link:...

0.1AI score
Exploits0
Packet Storm
Packet Storm
•added 2019/12/12 12:0 a.m.•526 views

OpenNetAdmin 18.1.1 Command Injection

class MetasploitModule 'OpenNetAdmin Ping Command Injection', 'Description' = %q This module exploits a command injection in OpenNetAdmin between 8.5.14 and 18.1.1. , 'Author' = 'mattpascoe', Vulnerability discovery 'Onur ER ' Metasploit module , 'References' = 'EDB', '47691' , 'DisclosureDate' =...

0.2AI score
Exploits0
Packet Storm
Packet Storm
•added 2019/06/21 12:0 a.m.•526 views

EA Origin Remote Code Execution

Exploit Title: EA Origin 10.5.38 Remote Code Execution Date: 05/22/2019 Exploit Author: Dominik Penner @zer0pwn Vendor Homepage: https://www.origin.com Software Link: https://www.origin.com/can/en-us/store/download Version: 10.5.38 and below Tested on: Windows 7, Windows 8, Windows 10 CVE :...

9.3CVSS0.2AI score0.71776EPSS
Exploits14
Packet Storm
Packet Storm
•added 2023/05/31 12:0 a.m.•525 views

Qualcomm Adreno/KGSL Unchecked Cast / Type Confusion

Qualcomm Adreno/KGSL: unchecked cast of vma-vmfile-privatedata in kgslsetupdmabufuseraddr Tested on a Pixel 4 flame, on the latest update from 2023-02, which self-reports as SPL 2022-10-05, since I don't yet have any newer device with KGSL here - but as far as I can tell from the sources, it shou...

8.4CVSS7.1AI score0.0018EPSS
Exploits2
Packet Storm
Packet Storm
•added 2021/07/23 12:0 a.m.•525 views

Microsoft SharePoint Server 2019 Remote Code Execution

Exploit Title: Microsoft SharePoint Server 2019 - Remote Code Execution 2 Google Dork: inurl:quicklinks.aspx Date: 2020-08-14 Exploit Author: West Shepherd Vendor Homepage: https://www.microsoft.com Version: SharePoint Enterprise Server 2013 Service Pack 1, SharePoint Enterprise Server 2016 ,...

6.8CVSS8AI score0.94243EPSS
Exploits10
Packet Storm
Packet Storm
•added 2021/04/15 12:0 a.m.•525 views

Horde Groupware Webmail 5.2.22 Cross Site Scripting

Exploit Title: Horde Groupware Webmail 5.2.22 - Stored XSS Author: Alex Birnberg Testing and Debugging: Ventsislav Varbanovski @nu11secur1ty Date: 04.14.2021 Vendor: https://www.horde.org/apps/webmail Link: https://github.com/horde/webmail/releases CVE: CVE-2021-26929 + Exploit Source:...

4.3CVSS6.2AI score0.04944EPSS
Exploits7
Packet Storm
Packet Storm
•added 2020/12/01 12:0 a.m.•525 views

eClass LMS 2.6 Shell Upload

...

7.4AI score
Exploits0
Packet Storm
Packet Storm
•added 2020/11/13 12:0 a.m.•525 views

HorizontCMS 1.0.0-beta Shell Upload

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HorizontCMS Arbitrary PHP File Upload', 'Description' = %q This module exploits an arbitrary file upload vulnerability in HorizontCMS 1.0.0-beta ...

6.5CVSS0.2AI score0.18461EPSS
Exploits4
Packet Storm
Packet Storm
•added 2020/10/19 12:0 a.m.•525 views

TinyMCE 5 HTML Injection

Exploit Title: iframe Injection\Html Injection TinyMCE 5 HTML WYSIWYG Date:18.10.2020 Author: Vincent666 ibn Winnie Software Link: https://www.tiny.cloud/features/ Tested on: Windows 10 Web Browser: Mozilla Firefox Blog : https://pentest-vincent.blogspot.com/ PoC:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
•added 2023/08/16 12:0 a.m.•524 views

AudioCodes VoIP Phones Hardcoded Key

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2022-054 Product: AudioCodes VoIP Phones Manufacturer: AudioCodes Ltd. Affected Versions: Firmware Versions = 3.4.8.M4 Tested Versions: Firmware Version 3.4.4.1000 Vulnerability Type: Use of Hard-coded Cryptographic Key CWE-321 Ris...

7.1AI score0.01131EPSS
Exploits2
Packet Storm
Packet Storm
•added 2021/11/27 12:0 a.m.•524 views

Backdoor.Win32.Coredoor.10.a Man-In-The-Middle

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/4d10cd3fa86239ade05d2b741892b1e5B.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Coredoor.10.a Vulnerability: Port Bounce Scan Description: The malware listens on TC...

7.1AI score
Exploits0
Packet Storm
Packet Storm
•added 2021/03/26 12:0 a.m.•524 views

Backdoor.Win32.Kwak.12 Denial Of Service

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/c25393545e5ead3a35996ef9a887bd34C.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Kwak.12 Vulnerability: Remote Denial of Service Description: The backdoor runs an FT...

7.4AI score
Exploits0
Packet Storm
Packet Storm
•added 2020/09/09 12:0 a.m.•524 views

Audio Playback Recorder 3.2.2 Local Buffer Overflow

Exploit Title: Audio Playback Recorder 3.2.2 - Local Buffer Overflow SEH Date: 2020-09-08 Author: Felipe Winsnes Software Link: https://archive.org/download/tucows288670AudioPlaybackRecorder/AudioRec.exe Version: 3.2.2 Tested on: Windows 7 x86 Blog: https://whitecr0wz.github.io/ Proof of the...

0.5AI score
Exploits0
Packet Storm
Packet Storm
•added 2017/10/04 12:0 a.m.•524 views

Apache Tomcat JSP Upload Bypass / Remote Code Execution

When running on Windows with HTTP PUTs enabled e.g. via setting the readonly initialisation parameter of the Default to false it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the...

6.8CVSS0.1AI score0.99607EPSS
Exploits18
Total number of security vulnerabilities5000