Lucene search
K
PacketstormMost viewed

50738 matches found

Packet Storm
Packet Storm
added 2023/07/31 12:0 a.m.433 views

WordPress AN_Gradebook 5.0.1 SQL Injection

!/usr/bin/python3 Exploit Title: WordPress Plugin ANGradebook = 5.0.1 - Subscriber+ SQLi Date: 2023-07-26 Exploit Author: Lukas Kinneberg Github: https://github.com/lukinneberg/CVE-2023-2636 Vendor Homepage: https://wordpress.org/plugins/an-gradebook/ Software Link:...

8.8CVSS7.1AI score0.03246EPSS
Exploits5
Packet Storm
Packet Storm
added 2023/05/03 12:0 a.m.432 views

Databricks Platform Cluster Isolation Bypass

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Bypassing cluster isolation through insecure defaults and shared storage product: Databricks Platform vulnerable version: PaaS version as of 2023-01-26 fixed version:...

6.9AI score
Exploits0
Packet Storm
Packet Storm
added 2021/08/31 12:0 a.m.432 views

Online Leave Management System 1.0 SQL Injection

Exploit Title: OLMS - PHP by: oretnom23 v1.0 SQL-Injection-Bypass-Authentication in /leavesystem/classes/Login.php. Author: nu11secur1ty Testing and Debugging: nu11secur1ty Date: 08.31.2021 Vendor: https://www.sourcecodester.com/php/14910/online-leave-management-system-php-free-source-code.html...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/02/02 12:0 a.m.432 views

Backdoor.Win32.Xyligan.blp Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/6b9afcad282516173c0ab8a6eb91e8b4.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Xyligan.blp Vulnerability: Insecure Permissions EoP Description: Xyligan.blp creates ...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/12/23 12:0 a.m.432 views

Online Learning Management System 1.0 SQL Injection

Exploit Title: Online Learning Management System 1.0 - Authentication Bypass Exploit Author: Aakash Madaan Godsky Date: 2020-12-22 Google Dork: N/A Vendor Homepage: https://www.sourcecodester.com/php/7339/learning-management-system.html Software Link:...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2020/12/02 12:0 a.m.432 views

ILIAS Learning Management System 4.3 Server-Side Request Forgery

Exploit Title: ILIAS Learning Management System 4.3 - SSRF Date: 10-08-2020 Exploit Author: Dot/kx1z0 Vendor Homepage: https://www.ilias.de/ Software Link: https://github.com/ILIAS-eLearning/ILIAS/tree/release4-3 Version: 4.3-5.1 Tested on: Linux Description We can create portfolios, export them ...

Exploits0
Packet Storm
Packet Storm
added 2024/01/11 12:0 a.m.431 views

PHPJabbers Event Booking Calendar 4.0 Cross Site Scripting / HTML Injection

Exploit Title: PHPJabbers Event Booking Calendar v4.0 - Multiple Stored XSS Date: 19/12/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/event-booking-calendar/sectionDemo Version: v4.0 Tested o...

7.4AI score0.00414EPSS
Exploits3
Packet Storm
Packet Storm
added 2023/11/20 12:0 a.m.431 views

GaatiTrack Courier Management System 1.0 Cross Site Scripting

Exploit Title: GaatiTrack Courier Management System v1.0 - Multiple Cross-site scripting Date: 12/112023 Exploit Author: BugsBD Security Researcher Rahad Chowdhury Vendor Homepage: https://www.mayurik.com/ Software Link:...

7.5AI score0.00615EPSS
Exploits3
Packet Storm
Packet Storm
added 2022/12/27 12:0 a.m.431 views

Active Ecommerce CMS 6.4.0 Backdoor Account

==================================================================================================================================== | Title : Active ecommerce cms v6.4.0 Backdoor Account Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...

Exploits0
Packet Storm
Packet Storm
added 2021/12/03 12:0 a.m.431 views

Online Magazine Management System 1.0 SQL Injection

Exploit Title: Online Magazine Management System 1.0 - SQLi Authentication Bypass Date: 01-12-2021 Exploit Author: Mohamed habib Smidi Craniums Vendor Homepage: https://www.sourcecodester.com/php/15061/online-magazine-management-system-php-free-source-code.html Software Link:...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/10/19 12:0 a.m.431 views

Dolibarr ERP / CRM 14.0.2 Cross Site Scripting / Privilege Escalation

Exploit Title: Dolibarr ERP & CRM v14.0.2 Stored XSS / Privilege Escalation Exploit Author: Oscar Gutierrez m4xp0w3r Date: October 9, 2021 Vendor Homepage: https://www.dolibarr.org/ Software Link: https://github.com/Dolibarr Tested on: Ubuntu, LAAMP Vendor: Dolibarr Version: v14.0.2 Exploit...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2021/04/08 12:0 a.m.431 views

Trojan-Downloader.Win32.Genome.qiw Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/5cddc4647fb1c59f5dc7f414ada7fad4.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan-Downloader.Win32.Genome.qiw Vulnerability: Insecure Permissions Description: Genome.qiw creat...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/12/02 12:0 a.m.431 views

EgavilanMedia User Registration And Login System With Admin Panel 1.0 XSS

Exploit Title: EgavilanMedia User Registration & Login System with Admin Panel 1.0 - Stored Cross Site Scripting Exploit Author: Soushikta Chowdhury Vendor Homepage: http://egavilanmedia.com Software Link: http://egavilanmedia.com/user-registration-and-login-system-with-admin-panel/ Version: 1.0...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2019/09/06 12:0 a.m.431 views

Pulse Secure 8.1R15.1 / 8.2 / 8.3 / 9.0 SSL VPN Remote Code Execution

!/usr/bin/python Exploit Title: Pulse Secure Post-Auth Remote Code Execution Google Dork: inurl:/dana-na/ filetype:cgi Date: 09/05/2019 Exploit Author: Justin Wagner 0xDezzy, Alyssa Herrera @AlyssaHerrera Vendor Homepage: https://pulsesecure.net Version: 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before...

6.5CVSS7.4AI score0.98617EPSS
Exploits12
Packet Storm
Packet Storm
added 2026/03/24 12:0 a.m.430 views

📄 MCPJam Inspector 1.4.2 Remote Code Execution

MCPJam Inspector versions 1.4.2 and below proof of concept remote code execution exploit. !/usr/bin/env python3 CVE-2026-23744.py for testing only import requests import argparse import json import sys import urllib3 urllib3.disablewarningsurllib3.exceptions.InsecureRequestWarning def main: parse...

9.8CVSS6.5AI score0.38374EPSS
Exploits30
Packet Storm
Packet Storm
added 2024/04/05 12:0 a.m.430 views

Visual Planning 8 Arbitrary File Read

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Title ===== SCHUTZWERK-SA-2023-006: Arbitrary File Read via XML External Entities in Visual Planning Status ====== PUBLISHED Version ======= 1.0 CVE reference ============= CVE-2023-49234 Link ====...

6.8AI score0.00227EPSS
Exploits1
Packet Storm
Packet Storm
added 2023/08/31 12:0 a.m.430 views

PHP JABBERS PHP Review Script 1.0 Cross Site Scripting

Title: PHPJABBERS-PHP Review Script-1.0 XSS-Reflected Author: nu11secur1ty Date: 08/31/2023 Vendor: https://www.phpjabbers.com/ Software: https://www.phpjabbers.com/php-review-script/ Reference: https://portswigger.net/web-security/cross-site-scripting/reflected Description: The value of the acti...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/12/01 12:0 a.m.430 views

Advanced Comment System 1.0 Remote Command Execution

Exploit Title: Advanced Comment System 1.0 - Remote Command Execution RCE Date: November 30, 2021 Exploit Author: Nicole Daniella Murillo Mejias Version: Advanced Comment System 1.0 Tested on: Linux !/usr/bin/env python3 DESCRIPTION: Commands are Base64 encoded and sent via POST requests to the...

0.5AI score
Exploits0
Packet Storm
Packet Storm
added 2021/10/18 12:0 a.m.430 views

Trojan-Proxy.Win32.Ranky.dh Unauthenticated Open Proxy

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/dcc58648868f1d5c0d7c53250f1bd5c9.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan-Proxy.Win32.Ranky.dh Vulnerability: Unauthenticated Open Proxy Description: The malware liste...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/07/26 12:0 a.m.430 views

Backdoor.Win32.Nbdd.bgz Buffer Overflow

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/6fab73bf104c6a9211b94f9559faa134.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Nbdd.bgz Vulnerability: Remote Stack Buffer Overflow Description: NetBotAttacker VIP...

0.6AI score
Exploits0
Packet Storm
Packet Storm
added 2020/12/01 12:0 a.m.430 views

WordPress EventON Calendar 3.0.5 Cross Site Scripting

Exploit Title: Wordpress Plugin EventON Calendar 3.0.5 - Reflected Cross-Site Scripting Date: 27.11.2020 Exploit Author: b3kc4t Mustafa GUNDOGDU Vendor Homepage: https://www.myeventon.com/ Version: 3.0.5 Tested on: Ubuntu 18.04 CVE : 2020-29395 Description Link:...

6.4AI score0.11696EPSS
Exploits2
Packet Storm
Packet Storm
added 2010/04/01 12:0 a.m.430 views

Magic Uploader Mini Shell Upload

======================================================================================== | Title : Magic Uploader Mini Upload Vulnerability | Author : indoushka | email : [email protected] | Home : www.iqs3cur1ty.com | Web Site : http://dl.p30vel.ir/scripts/miniuploader.zip | Tested on: windo...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/09/01 12:0 a.m.429 views

Fortinet SSL VPN Bruteforce Login Utility

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Fortinet SSL VPN Bruteforce Login Utility', 'Description' = % This module scans for Fortinet SSL VPN web login portals and performs login brute...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/04/01 12:0 a.m.429 views

ARIS: Business Process Management 10.0.21.0 Cross Site Scripting

Exploit Title: Stored Cross-Site Scripting XSS in ARIS: Business Process Management Edition Version 10.0.21.0 Exploit Author: Seid Yassin Date: 2024-03-28 Vendor: Software AG Software Link: https://aris.com/ Version: ARIS: Business Process Management Description: Discovered a file upload feature...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/09/19 12:0 a.m.429 views

Taskhub 2.8.7 SQL Injection

Exploit Title: taskhub 2.8.7 - SQL Injection Exploit Author: CraCkEr Date: 05/09/2023 Vendor: Infinitie Technologies Vendor Homepage: https://www.infinitietech.com/ Software Link: https://codecanyon.net/item/taskhub-project-management-finance-crm-tool/25685874 Demo: https://taskhub.company/auth...

7.1AI score0.00692EPSS
Exploits5
Packet Storm
Packet Storm
added 2021/07/29 12:0 a.m.429 views

CloverDX 5.9.0 Code Execution / Cross Site Request Forgery

Exploit Title: CloverDX 5.9.0 - Cross-Site Request Forgery CSRF to Remote Code Execution RCE Date: 14.04.2021 Exploit Author: niebardzo Vendor Homepage: https://www.cloverdx.com/ Software Link: https://github.com/cloverdx/cloverdx-server-docker Version: 5.9.0, 5.8.1, 5.8.0, 5.7.0, 5.6.x, 5.5.x,...

8.8CVSS0.1AI score0.04208EPSS
Exploits4
Packet Storm
Packet Storm
added 2021/02/25 12:0 a.m.429 views

Backdoor.Win32.Wollf.h Missing Authentication

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/4932471df98b0e94db076f2b1c0339bd.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Wollf.h Vulnerability: Missing Authentication Description: Wollf backdoor creates a...

Exploits0
Packet Storm
Packet Storm
added 2020/11/11 12:0 a.m.429 views

Customer Support System 1.0 SQL Injection

Title: Customer Support System 1.0 - Authentication Bypass Date: 2020-11-11 Exploit Author: Ahmed Abbas Vendor Homepage: https://www.sourcecodester.com/php/14587/customer-support-system-using-phpmysqli-source-code.html Software Link:...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2009/12/30 12:0 a.m.429 views

Netragard Security Advisory 2009-12-19

Advisory Summary ----------------------------------------------------------------------- Advisory Author : Adriel T. Desautels Researcher : Kevin Finisterre Advisory ID : NETRAGARD-20091219 Product Name : Mac OS X Java Runtime Product Version : Java for Mac OS X 10.6 Update 1 Vendor Name :...

9.3CVSS0.2AI score0.73376EPSS
Exploits24
Packet Storm
Packet Storm
added 2024/01/12 12:0 a.m.428 views

Quick TFTP Server Pro 2.1 Denial Of Service

!/usr/bin/perl use IO::Socket::INET; Exploit Title: Quick TFTP Server Pro 2.1 - Denial of Service DoS Discovery by: Fernando Mengali Discovery Date: 12 january 2024 Vendor Homepage: https://www.tallsoft.com/ Download to demo:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/12/20 12:0 a.m.428 views

TYPO3 11.5.24 Path Traversal

Exploit Title: TYPO3 11.5.24 Path Traversal Vulnerability Authenticated Date: Apr 9, 2023 Exploit Author: Saeed reza Zamanian Software Link: https://get.typo3.org/release-notes/11.5.24 Version: 11.5.24 Tested on: Kali 2022.3 CVE : CVE-2023-30451 In TYPO3 11.5.24, the filelist component allows...

7.4AI score0.01161EPSS
Exploits3
Packet Storm
Packet Storm
added 2023/09/25 12:0 a.m.428 views

OPNsense 23.1.11_1 / 23.7.3 / 23.7.4 Cross Site Scripting / Privilege Escalation

Advisory X41-2023-001: Two Vulnerabilities in OPNsense =========================================================== Highest Severity Rating: High Confirmed Affected Versions: 23.1.111, 23.7.3, 23.7.4 Confirmed Patched Versions: Commit 484753b2abe3fd0fcdb73d8bf00c3fc3709eb8b7 Vendor: Deciso B.V. /...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/04/27 12:0 a.m.428 views

ChurchCRM 4.5.3 SQL Injection

Exploit Title: ChurchCRM 4.5.3 - Authenticated SQL Injection Date: 27-04-2023 Exploit Author: Iyaad Luqman K Software Link: https://github.com/ChurchCRM/CRM/releases Vendor Homepage: http://churchcrm.io/ Version: 4.5.3 Tested on: Windows, Linux CVE: CVE-2023-24685 ChurchCRM v4.5.3 and below was...

7.2CVSS6.8AI score0.01023EPSS
Exploits3
Packet Storm
Packet Storm
added 2023/04/26 12:0 a.m.428 views

PaperCut NG/MG 22.0.4 Authentication Bypass

Exploit Title: PaperCut NG/MG 22.0.4 - Authentication Bypass Date: 21 April 2023 Exploit Author: MaanVader Vendor Homepage: https://www.papercut.com/ Version: 8.0 or later Tested on: 22.0.4 CVE: CVE-2023-27350 import requests from bs4 import BeautifulSoup import re def vulnversion: ip = input"Ent...

6.2AI score0.99999EPSS
Exploits24
Packet Storm
Packet Storm
added 2022/02/11 12:0 a.m.428 views

SIEMENS-SINEMA Remote Connect 1.0 SP3 HF1 Open Redirection

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Open Redirect in Login Page product: SIEMENS-SINEMA Remote Connect vulnerable version: V1.0 SP3 HF1 fixed version: V2.0 has been out since April, 2019 CVE number:...

6.3AI score0.05265EPSS
Exploits2
Packet Storm
Packet Storm
added 2021/12/03 12:0 a.m.428 views

Backdoor.Win32.Vernet.axt Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/f529d60abbdafccce3dc5e5ffd6cdfa6.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Vernet.axt Vulnerability: Insecure Permissions Description: The malware writes an .EX...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/10/19 12:0 a.m.428 views

Online Motorcycle (Bike) Rental System 1.0 SQL Injection

Exploit Title: Online Motorcycle Bike Rental System 1.0 - Blind Time-Based SQL Injection Unauthenticated Exploit Author: Chase ComardelleCASO Date: October 18, 2021 Vendor Homepage: https://www.sourcecodester.com/php/14989/online-motorcycle-bike-rental-system-phpoop-source-code.html Software Link...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/10/08 12:0 a.m.428 views

django-unicorn 0.35.3 Cross Site Scripting

Exploit Title: django-unicorn 0.35.3 - Stored Cross-Site Scripting XSS Date: 10/7/21 Exploit Author: Raven Security Associates, Inc. ravensecurity.net Software Link: https://pypi.org/project/django-unicorn/ Version: = 0.35.3 CVE: CVE-2021-42053 django-unicorn = 0.35.3 suffers from a stored XSS...

5.6AI score0.02524EPSS
Exploits4
Packet Storm
Packet Storm
added 2020/10/26 12:0 a.m.428 views

InoERP 0.7.2 Remote Code Execution

!/usr/bin/python -- coding: UTF-8 -- Exploit Title: InoERP 0.7.2 Unauthenticated Remote Code Execution Date: March 14, 2020 Exploit Author: Lyhin's Lab Detailed Bug Description: https://lyhinslab.org/index.php/2020/03/14/inoerp-ab-rce/ Software Link: https://github.com/inoerp/inoERP Version: 0.7....

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2018/10/05 12:0 a.m.428 views

Windows Net-NTLMv2 Reflection DCOM/RPC

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/post/windows/reflectivedllinjection' class MetasploitModule 'Windows Net-NTLMv2 Reflection DCOM/RPC', 'Description' = %q Module utilizes the Net-NTLMv2...

7.2CVSS0.4AI score0.87042EPSS
Exploits23
Packet Storm
Packet Storm
added 2024/10/22 12:0 a.m.427 views

ABB Cylon Aspect 3.08.01 persistenceManagerAjax.php Command Injection

ABB Cylon Aspect 3.08.01 persistenceManagerAjax.php Remote Code Execution Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.01 Summary: ASPECT is an award-winning scalable building energy...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/01/26 12:0 a.m.427 views

Vinchin Backup And Recovery 7.2 Default MySQL Credentials

CVE ID: CVE-2024-22901 Title: Default MYSQL Credentials Vulnerability in Vinchin Backup & Recovery v7.2 Description: A critical security issue, identified as CVE-2024-22901, has been discovered in Vinchin Backup & Recovery version 7.2. The software has been found to use default MYSQL credentials,...

9.8CVSS7.4AI score0.03051EPSS
Exploits3
Packet Storm
Packet Storm
added 2023/09/08 12:0 a.m.427 views

TECHView LA5570 Wireless Gateway 1.0.19_T53 Traversal / Privilege Escalation

Exploit Title: Techview LA-5570 Wireless Gateway Home Automation Controller - Multiple Vulnerabilities Google Dork: N/A Date: 25/08/2023 Exploit Author: The Security Team exploitsecurity.io Vendor Homepage: https://www.jaycar.com.au/wireless-gateway-home-automation-controller/p/LA5570 Software...

7.5CVSS7.1AI score0.02548EPSS
Exploits6
Packet Storm
Packet Storm
added 2023/03/30 12:0 a.m.427 views

Covenant 0.5 Remote Code Execution

Exploit Title: Covenant v0.5 - Remote Code Execution RCE Exploit Author: xThaz Author website: https://xthaz.fr/ Date: 2022-09-11 Vendor Homepage: https://cobbr.io/Covenant.html Software Link: https://github.com/cobbr/Covenant Version: v0.1.3 - v0.5 Tested on: Windows 11 compiled covenant Windows...

6.8AI score
Exploits0
Packet Storm
Packet Storm
added 2023/02/09 12:0 a.m.427 views

CKSource CKEditor5 35.4.0 Cross Site Scripting

Exploit Title: Cross Site Scripting in CKSource's CKEditor5 35.4.0 Google Dork: N/A Date: February 09, 2023 Exploit Author: Manish Pathak Vendor Homepage: https://cksource.com/ Software Link: https://ckeditor.com/ckeditor-5/download/ Version: 35.4.0 Tested on: Linux / Web CVE : CVE-2022-48110...

6.8AI score0.02097EPSS
Exploits4
Packet Storm
Packet Storm
added 2021/12/06 12:0 a.m.427 views

Auerswald COMpact 8.0B Backdoors

Advisory: Auerswald COMpact Multiple Backdoors RedTeam Pentesting discovered several backdoors in the firmware for the Auerswald COMpact 5500R PBX. These backdoors allow attackers who are able to access the web-based management application full administrative access to the device. Details =======...

0.5AI score0.71979EPSS
Exploits6
Packet Storm
Packet Storm
added 2021/10/22 12:0 a.m.427 views

Online Course Registration 1.0 SQL Injection

Exploit Title: Online Course Registration 1.0 - Blind Boolean-Based SQL Injection Authenticated Exploit Author: Sam Ferguson @AffineSecurity and Drew Jones @qhum7sec Date: 2021-10-21 Vendor Homepage: https://www.sourcecodester.com/php/14251/online-course-registration.html Software Link:...

6.8AI score
Exploits0
Packet Storm
Packet Storm
added 2021/07/21 12:0 a.m.427 views

News Portal Project 3.1 SQL Injection

Exploit Title: News Portal Project - Multiple time-based SQL Injection Date: 2021-07-10 Exploit Author: faisalfs10x https://github.com/faisalfs10x Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/news-portal-project-in-php-and-mysql/ Version: 3.1 Tested on: Windows 10...

0.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/04/15 12:0 a.m.427 views

Nagios XI Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Nagios XI Prior to 5.8.0 - Plugins Filename Authenticated Remote Code Exection', 'Description' = %q This module exploits a command injection...

9CVSS0.1AI score0.81915EPSS
Exploits7
Packet Storm
Packet Storm
added 2019/10/15 12:0 a.m.427 views

OpenProject 10.0.1 / 9.0.3 Cross Site Scripting

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Reflected XSS vulnerability product: OpenProject vulnerable version: = 9.0.3, =10.0.1 fixed version: 9.0.4, 10.0.2 CVE number: CVE-2019-17092 impact: medium homepage:...

4.3CVSS0.01659EPSS
Exploits1
Total number of security vulnerabilities5000