Lucene search
K
PacketstormMost viewed

50738 matches found

Packet Storm
Packet Storm
added 2020/12/09 12:0 a.m.468 views

Employee Performance Evaluation System 1.0 Insecure Direct Object Reference

Exploit Title: Employee Performance Evaluation System 1.0 - Able to delete Admin user from Local account Unauthenticated Insecure Direct Object Reference IDOR Date: 09/12/2020 Exploit Author: Manish Solanki Vendor Homepage: https://www.sourcecodester.com Software Link:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/12/03 12:0 a.m.468 views

Coaster CMS 5.8.18 Cross Site Scripting

Exploit Title: Coastercms 5.8.18 - Stored XSS Exploit Author: Hardik Solanki Vendor Homepage: https://www.coastercms.org/ Software Link: https://www.coastercms.org/ Version: 5.8.18 Tested on Windows 10 XSS IMPACT: 1: Steal the cookie 2: User redirection to a malicious website Vulnerable Parameter...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2019/03/27 12:0 a.m.468 views

Oracle Weblogic Server Deserialization Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/exploit/powershell' class MetasploitModule 'Oracle Weblogic Server Deserialization RCE - Raw Object', 'Description' = %q An unauthenticated attacker wi...

7.5CVSS0.8AI score0.96032EPSS
Exploits17
Packet Storm
Packet Storm
added 2023/12/04 12:0 a.m.467 views

PHPJabbers Shuttle Booking Software 2.0 CSV Injection

Exploit Title: PHPJabbers Shuttle Booking Software v2.0 - CSV Injection Date: 19/11/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/shuttle-booking-software/ Version: v2.0 Tested on: Windows 10...

7.4AI score0.01201EPSS
Exploits2
Packet Storm
Packet Storm
added 2023/10/19 12:0 a.m.467 views

Atlassian Confluence Unauthenticated Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Atlassian Confluence Unauthenticated Remote Code Execution', 'Description' = %q This module exploits an improper input validation issue in...

10CVSS7.1AI score0.99156EPSS
Exploits39
Packet Storm
Packet Storm
added 2021/11/17 12:0 a.m.467 views

Bludit 3.13.1 Cross Site Scripting

Exploit Title: Bludit 3.13.1 - 'username' Cross Site Scripting XSS Date: 19/10/2021 Exploit Author: Vasu tamilanmkv Vendor Homepage: https://www.bludit.com Software Link: https://www.bludit.com/releases/bludit-3-13-1.zip Version: bludit-3-13-1 Tested on: kali linux CVE : CVE-2021-35323 Steps to...

4.3CVSS6.4AI score0.05621EPSS
Exploits4
Packet Storm
Packet Storm
added 2021/08/13 12:0 a.m.467 views

4images 1.8 SQL Injection

Exploit Title: 4images 1.8 - 'limitnumber' SQL Injection Authenticated Exploit Author: Andrey Stoykov Software Link: https://www.4homepages.de/download-4images Version: 1.8 Tested on: Linux Source Analysis: Line 658 - User action defined if $action == "findimages" Line 661 - Vulnerable condition...

Exploits0
Packet Storm
Packet Storm
added 2020/07/20 12:0 a.m.467 views

UBICOD Medivision Digital Signage 1.5.1 Cross Site Request Forgery

input type="hi...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/05/30 12:0 a.m.467 views

WordPress BBPress 2.5 Privilege Escalation

Exploit Title: Wordpress Plugin BBPress 2.5 - Unauthenticated Privilege Escalation Date: 2020-05-29 Exploit Author: Raphael Karger Software Link: https://codex.bbpress.org/releases/ Version: BBPress 2.5 CVE: CVE-2020-13693 import argparse import requests import bs4 import urllib3...

7.5CVSS0.3AI score0.43879EPSS
Exploits7
Packet Storm
Packet Storm
added 2023/09/19 12:0 a.m.466 views

Free And Open Source Inventory Management System 1.0 SQL Injection

Exploit Title: Free and Open Source Inventory Management System 1.0 - Unauthenticated SQL Injection Exploit Author: Sefa Ozan Date: 16/09/2023 Vendor: MAYURIK Vendor Homepage: https://mayurik.com/ Software Link:...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2022/03/09 12:0 a.m.466 views

Webmin 1.984 Remote Code Execution

Exploit Title: Webmin 1.984 - Remote Code Execution Authenticated Date: 2022-03-06 Exploit Author: faisalfs10x https://github.com/faisalfs10x Vendor Homepage: https://www.webmin.com/ Software Link: https://github.com/webmin/webmin/archive/refs/tags/1.984.zip Version: = 1.984 Tested on: Ubuntu 18...

8.7AI score0.96977EPSS
Exploits13
Packet Storm
Packet Storm
added 2020/06/12 12:0 a.m.466 views

OX App Suite / OX Documents 7.10.3 XSS / SSRF / Improper Validation

Dear subscribers, we're sharing our latest advisory with you and like to thank everyone who contributed in finding and solving those vulnerabilities. Feel free to join our bug bounty programs for OX AppSuite, Dovecot and PowerDNS at HackerOne. Yours sincerely, Martin Heiland, Open-Xchange GmbH...

4CVSS0.4AI score0.02029EPSS
Exploits5
Packet Storm
Packet Storm
added 2020/06/09 12:0 a.m.466 views

Joomla J2 Store 3.3.11 SQL Injection

Exploit Title: Joomla J2 Store v3.3.11 - Authenticated SQL Injection Date: 17.04.2020 Exploit Author: Mehmet Kelepçe / Gais Cyber Security Vendor Homepage: https://www.j2store.org/ Software Link: https://www.j2store.org/download.html Reference:...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.465 views

Peplink Balance Routers SQL Injection

class MetasploitModule 'Peplink Balance routers SQLi', 'Description' = %q Firmware versions up to 7.0.0-build1904 of Peplink Balance routers are affected by an unauthenticated SQL injection vulnerability in the bauth cookie, successful exploitation of the vulnerability allows an attacker to...

9.8CVSS7AI score0.61577EPSS
Exploits7
Packet Storm
Packet Storm
added 2024/03/20 12:0 a.m.465 views

Simple Task List 1.0 SQL Injection

Exploit Title: Simple Task List 1.0 - 'status' SQLi Date: 2023-11-15 Exploit Author: Ersin Erenler Vendor Homepage: https://code-projects.org/simple-task-list-in-php-with-source-code Software Link: https://download-media.code-projects.org/2020/12/SimpleTaskListInPHPWithSourceCode.zip Version: 1.0...

6.5CVSS7.4AI score0.00583EPSS
Exploits3
Packet Storm
Packet Storm
added 2023/10/26 12:0 a.m.465 views

Oracle 19c / 21c Sharding Component Password Hash Exposure

Title: CVE-2023-22074 – Oracle database password hash exposure in sharding component Product: Database Manufacturer: Oracle Affected Versions: 19c,21c 19.3-19.20 and 21.3-21.11 Tested Versions: 19c Risk Level: Low Solution Status: Fixed CVE Reference: CVE-2023-22074 Base Score: 2.4 Author of...

2.4CVSS7.1AI score0.00887EPSS
Exploits2
Packet Storm
Packet Storm
added 2020/10/29 12:0 a.m.465 views

Online Examination System 1.0 Cross Site Scripting

Exploit Title: Online examination system 1.0 - 'name' Stored Cross Site Scripting Date: 29/10/2020 Exploit Author: Nikhil Kumar https://www.linkedin.com/in/nikhil-kumar-4b9443166/ Vendor Homepage: https://github.com/projectworldsofficial/online-examination-systen-in-php Software Link:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/10/29 12:0 a.m.465 views

Point Of Sales 1.0 Cross Site Scripting

Exploit Title: Point of Sales 1.0 - Stored Cross Site Scripting Date: 2020-10-22 Exploit Author: Ankita Pal Vendor Homepage: https://www.sourcecodester.com/php/14540/point-sales-phppdo-full-source-code-2020.html Software Link:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2019/10/05 12:0 a.m.465 views

Devinim Library Software 19.0504000 Open Redirection

Exploit Title : Devinim Library Software 19.0504000 Open Redirection Vulnerability Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 04/10/2019 Vendor Homepage : devinim.com.tr Software Affected Versions and Download Links : Koha 16.1104000...

0.5AI score
Exploits0
Packet Storm
Packet Storm
added 2012/03/29 12:0 a.m.465 views

boastMachine 3.1 Cross Site Request Forgery

Exploit Title: boastMachine v3.1 document.nano.submit; Greetz : Dr.WEP , JIKO , All FriendS...

0.4AI score
Exploits0
Packet Storm
Packet Storm
added 2007/02/06 12:0 a.m.465 views

geeklog-rfi.txt

GeekLog = 2. BaseView.php Remote File Include Vulnerabilities Discovered by GolDMMahmnoodali & & Contact: [email protected] URL: http://www.geeklog.net/nightly/geeklog2-cvs-nightly.tar.gz V.CODE: In : path/system/libraries/Geeklog/MVCnPHP/BaseView.php require $glConf'pathlibraries'...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/02/02 12:0 a.m.464 views

Fortra GoAnywhere MFT Unauthenticated Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Fortra GoAnywhere MFT Unauthenticated Remote Code Execution', 'Description' = %q This module exploits a vulnerability in Fortra GoAnywhere MFT th...

9.8CVSS7.4AI score0.95086EPSS
Exploits8
Packet Storm
Packet Storm
added 2021/12/08 12:0 a.m.464 views

Reprise License Manager 14.2 Remote Binary Execution

Product: Reprise License Manager 14.2 Vendor: Reprise Software CVE ID: CVE-2021-44153 Vulnerability Title: Authenticated Remote Binary Execution Severity: High Authors: Mark Staal Steenberg, Bilal El Ghoul, Gionathan Armando Reale, Andreas Fyhn Andersen, Oliver Lind Nordestgaard Date: 2021-11-25...

9.3CVSS0.2AI score0.02146EPSS
Exploits4
Packet Storm
Packet Storm
added 2021/12/06 12:0 a.m.464 views

Auerswald COMfortel 1400/2600/3600 IP 2.8F Authentication Bypass

Advisory: Auerswald COMfortel 1400/2600/3600 IP Authentication Bypass RedTeam Pentesting discovered a vulnerability in the web-based configuration management interface of the Auerswald COMfortel 1400 and 2600 IP desktop phones. The vulnerability allows accessing configuration data and settings in...

0.3AI score0.5106EPSS
Exploits4
Packet Storm
Packet Storm
added 2021/11/22 12:0 a.m.464 views

OX App Suite / Ox Documents 7.10.x XSS / Code Injection / Traversal

Product: OX App Suite, OX Documents Vendor: OX Software GmbH Internal reference: MWB-993 Vulnerability type: Cross-Site Scripting CWE-80 Vulnerable version: 7.10.5 and earlier Vulnerable component: backend Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 7.10.3-rev35,...

6.3AI score0.02435EPSS
Exploits10
Packet Storm
Packet Storm
added 2021/04/01 12:0 a.m.464 views

Trojan-Downloader.Win32.Delf.oxz Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/373b1d95ccdbbc6531dff43bbbe43534.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan-Downloader.Win32.Delf.oxz Vulnerability: Insecure Permissions Description: Win32.Delf.oxz...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/03/01 12:0 a.m.464 views

FortiLogger 4.4.2.2 Arbitrary File Upload

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'FortiLogger Arbitrary File Upload Exploit', 'Description' = %q This module exploits an unauthenticated arbitrary file upload via insecure POST...

7.5CVSS0.2AI score0.97512EPSS
Exploits8
Packet Storm
Packet Storm
added 2020/06/25 12:0 a.m.464 views

NETGEAR R6700v3 Password Reset / Remote Code Execution

tokyodrift ======= Summary This document describes a stack overflow vulnerability that was found by Pedro Ribeiro @pedrib1337 | [email protected] and Radek Domanski @RabbitPro in October 2019 and presented in the Pwn2Own Mobile 2019 competition in November 2019. The vulnerability is present in the...

Exploits0
Packet Storm
Packet Storm
added 2020/06/02 12:0 a.m.464 views

VMware vCenter Server 6.7 Authentication Bypass

Exploit Title: VMware vCenter Server 6.7 - Authentication Bypass Date: 2020-06-01 Exploit Author: Photubias Vendor Advisory: 1 https://www.vmware.com/security/advisories/VMSA-2020-0006.html Version: vCenter Server 6.7 before update 3f Tested on: vCenter Server Appliance 6.7 RTM updated from v6.0...

6.8CVSS0.9AI score0.90384EPSS
Exploits20
Packet Storm
Packet Storm
added 2017/10/06 12:0 a.m.464 views

WordPress 4.8.2 Activation Key Failed Expiry

Details ================ Software: WordPress Version: 4.8.2 Homepage: https://wordpress.org/ Advisory report: https://security.dxw.com/advisories/wordpress-signups-activation/ CVE: CVE-2017-14990 CVSS: 0 Low; AV:L/AC:H/Au:M/C:N/I:N/A:N Description ================ WordPress does not hash or expir...

0.2AI score0.01764EPSS
Exploits3
Packet Storm
Packet Storm
added 2024/10/01 12:0 a.m.463 views

VICIdial Authenticated Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VICIdial Authenticated Remote Code Execution', 'Description' = %q An attacker with authenticated access to VICIdial as an "agent" can execute...

9.8CVSS7AI score0.80023EPSS
Exploits12
Packet Storm
Packet Storm
added 2024/09/01 12:0 a.m.463 views

HTTP Open Proxy Detection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HTTP Open Proxy Detection', 'Description' = %q Checks if an HTTP proxy is open. False positive are avoided verifying the HTTP return code and...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/07 12:0 a.m.463 views

Codoforum 5.2.1 File Upload

==================================================================================================================================== | Title : Codoforum v5.2.1 Arbitrary file upload Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 64.0.2...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/05/08 12:0 a.m.463 views

Found Information System 1.0 SQL Injection

Title: Found Information System 1.0 Multiple-SQLi Author: nu11secur1ty Date: 05.07.2023 Vendor: https://github.com/oretnom23 Software: https://www.sourcecodester.com/php/16525/lost-and-found-information-system-using-php-and-mysql-db-source-code-free-download.html Reference:...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2022/08/09 12:0 a.m.463 views

Matrimonial PHP Script 1.0 SQL Injection

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

0.7AI score
Exploits0
Packet Storm
Packet Storm
added 2021/11/05 12:0 a.m.463 views

Pentaho Business Analytics / Pentaho Business Server 9.1 Filename Bypass

Product: Pentaho Business Analytics / Pentaho Business Server Vendor / Manufacturer: Hitachi Vantara Affected Versions: = 9.1 Vulnerability Type: Bypass of Filename Extension Restrictions Solution Status: Fix Released on public GitHub repository Manufacturer Notification: June 2021 Public...

7.3AI score0.02248EPSS
Exploits3
Packet Storm
Packet Storm
added 2021/04/26 12:0 a.m.463 views

Hasura GraphQL 1.3.3 Remote Code Execution

Exploit Title: Hasura GraphQL 1.3.3 - Remote Code Execution Software: Hasura GraphQL Software Link: https://github.com/hasura/graphql-engine Version: 1.3.3 Exploit Author: Dolev Farhi Date: 4/23/2021 Tested on: Ubuntu import requests import sys HASURASCHEME = 'http' HASURAHOST = '192.34.57.144'...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2020/07/27 12:0 a.m.463 views

Socket.io-file 2.0.31 Arbitrary File Upload

Exploit Title: Socket.io-file 2.0.31 - Arbitrary File Upload Date: 2020-07-02 Exploit Author: Cr0wTom Vendor Homepage: https://www.npmjs.com/package/socket.io-file Software Link: https://www.npmjs.com/package/socket.io-file/v/2.0.31 Version: = v2.0.31 Tested on: node v10.19.0, Socket.io-file...

Exploits0
Packet Storm
Packet Storm
added 2020/06/04 12:0 a.m.463 views

Cayin Content Management Server 11.0 Root Remote Command Injection

Cayin Content Management Server 11.0 Root Remote Command Injection Vendor: CAYIN Technology Co., Ltd. Product web page: https://www.cayintech.com Affected version: CMS-SE v11.0 Build 19179 CMS-SE v11.0 Build 19025 CMS-SE v11.0 Build 18325 CMS Station CMS-SE-LXC CMS-60 v11.0 Build 19025 CMS-40 v9....

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2019/06/05 12:0 a.m.464 views

Zimbra XML Injection / Server-Side Request Forgery

coding=utf8 import requests import sys from requests.packages.urllib3.exceptions import InsecureRequestWarning requests.packages.urllib3.disablewarningsInsecureRequestWarning baseurl=sys.argv1 baseurl=baseurl.rstrip"/" upload file name and content modify by k8gege Connect "shell.jsp" using K8fly...

5CVSS0.9AI score0.80906EPSS
Exploits10
Packet Storm
Packet Storm
added 2024/10/25 12:0 a.m.462 views

Lawo AG vsm LTC Time Sync Path Traversal

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Unauthenticated Path Traversal Vulnerability product: Lawo AG - vsm LTC Time Sync vTimeSync vulnerable version: 4.5.6.0 fixed version: 4.5.6.0 CVE number: CVE-2024-6049...

7.5CVSS7.1AI score0.04325EPSS
Exploits1
Packet Storm
Packet Storm
added 2024/08/02 12:0 a.m.462 views

Tourism Management System 2.0 Cross Site Scripting

Exploit Title: Tourism Management System v2.0 - Cross Site Scripting XSS Date: 13 July 2024 Exploit Author: Sampath kumar kadajari Vendor Homepage: https://phpgurukul.com/tourism-management-system-free-download/ Software Link: https://phpgurukul.com/?sdmprocessdownload=1&downloadid=7204 Version:...

7.4AI score0.00508EPSS
Exploits3
Packet Storm
Packet Storm
added 2024/07/11 12:0 a.m.462 views

LumisXP 16.1.x Hardcoded Credentials / IDOR

===== Tempest Security Intelligence - ADV-6/2024 ========================== LumisXP v15.0.x to v16.1.x Author: Rodolfo Tavares Tempest Security Intelligence - Recife, Pernambuco - Brazil ===== Table of Contents================================================== Overview Detailed description Timeli...

7.1AI score0.00678EPSS
Exploits1
Packet Storm
Packet Storm
added 2023/10/26 12:0 a.m.462 views

WordPress AI ChatBot 4.8.9 SQL Injection / Traversal / File Deletion

Vulnerability Details and Technical Analysis The AI ChatBot plugin provides website owners with a plug and play chat solution that can be expanded upon with customizable FAQs and custom text responses. It provides website users with an interface that allows them to look up order information, leav...

9.8CVSS6.6AI score0.06888EPSS
Exploits4
Packet Storm
Packet Storm
added 2023/10/04 12:0 a.m.462 views

Progress Software WS_FTP Unauthenticated Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Progress Software WSFTP Unauthenticated Remote Code Execution', 'Description' = %q This module exploits an unsafe .NET deserialization...

10CVSS7.1AI score0.9015EPSS
Exploits5
Packet Storm
Packet Storm
added 2022/12/27 12:0 a.m.462 views

Enlightenment 0.25.3 Privilege Escalation

Title: Enlightenment Version: 0.25.3 LPE Author: nu11secur1ty Date: 12.26.2022 Vendor: https://www.enlightenment.org/ Software: https://www.enlightenment.org/download Reference: https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2022-37706 Description: The Enlightenment Version: 0.25.3 is...

0.7AI score0.05486EPSS
Exploits15
Packet Storm
Packet Storm
added 2022/08/01 12:0 a.m.462 views

Omnia MPX 1.5.0+r1 Path Traversal

Exploit Title: Omnia MPX 1.5.0+r1 - Path Traversal Date: 24/7/2022 Exploit Author: Momen Eldawakhly Cyber Guy Vendor Homepage: https://www.telosalliance.com/ Software Link: https://support.telosalliance.com/article/934ixoaz3l-mpx-node-release-notes-and-update-instructions Version: 1.5.0+r1 Tested...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2021/10/28 12:0 a.m.462 views

Backdoor.Win32.Hupigon.acio Unquoted Service Path

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/21f324a6a62d8125bc83b8d1865e17f9.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Hupigon.acio Vulnerability: Insecure Service Path Description: The malware creates a...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2021/03/26 12:0 a.m.462 views

Moodle Atto Editor Cross Site Scripting

Exploit Title: Moodle Atto Editor Cross Site Scripting Date: 26.03.2021 Author: Vincent666 ibn Winnie Software Link: https://moodle.org/plugins/editoratto Tested on: Windows 10 Web Browser: Mozilla Firefox Google Dorks: inurl:/lib/editor/atto/plugins/managefiles/ or calendar/view.php?view=month M...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/06/23 12:0 a.m.462 views

LanSpy 2.0.1.159 Stack Buffer Overflow

""" Exploit title: LanSpy v.2.0.1.159 - Stack Buffer Overflow Exploit Author: Paolo Stagno aka VoidSec - [email protected] - https://voidsec.com Vendor Homepage: https://lizardsystems.com/ Download: https://www.exploit-db.com/apps/70a780b78ee7dbbbbc99852259f75d53-lanspysetup2.0.1.159.exe Versio...

1.2AI score
Exploits0
Total number of security vulnerabilities5000