Lucene search
K
PacketstormMost viewed

50748 matches found

Packet Storm
Packet Storm
added 2025/02/28 12:0 a.m.399 views

Ollama 0.5.11 Code Execution

Ollama version 0.5.11 suffers from a code execution vulnerability. ============================================================================================================================================= | Title : Ollama 0.5.11 Code Injection Vulnerability | | Author : indoushka | | Tested o...

7.9AI score
Exploits0
Packet Storm
Packet Storm
added 2024/10/11 12:0 a.m.399 views

Openfire 4.8.0 Code Injection

============================================================================================================================================= | Title : Openfire release 4.8.0 Code Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.2 6...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/09/01 12:0 a.m.399 views

Cisco ASA Directory Traversal

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco ASA Directory Traversal', 'Description' = %q This module exploits a directory traversal vulnerability in Cisco's Adaptive Security Applianc...

7.5CVSS6.9AI score0.99903EPSS
Exploits18
Packet Storm
Packet Storm
added 2024/09/01 12:0 a.m.399 views

Samba _netr_ServerPasswordSet Uninitialized Credential State

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Samba netrServerPasswordSet Uninitialized Credential State', 'Description' = %q This module checks if a Samba target is vulnerable to an...

10CVSS7AI score0.87636EPSS
Exploits7
Packet Storm
Packet Storm
added 2024/03/28 12:0 a.m.399 views

LMS PHP 1.0 SQL Injection

Title: LMS-PHP-byoretnom23-v1.0 Multiple-SQLi Author: nu11secur1ty Date: 03/28/2024 Vendor: https://github.com/oretnom23 Software: https://www.sourcecodester.com/php/17268/computer-laboratory-management-system-using-php-and-mysql.htmlcomment-104400 Reference:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/09/02 12:0 a.m.399 views

PlayTube 3.0.1 Information Disclosure

Exploit Title: PlayTube 3.0.1 - Redirect Information Disclosure Exploit Author: CraCkEr Date: 19/08/2023 Vendor: PlayTube Vendor Homepage: https://playtubescript.com/ Software Link: https://demo.playtubescript.com/ Tested on: Windows 10 Pro Impact: Sensitive Information Leakage CVE: CVE-2023-4714...

7.1AI score0.0521EPSS
Exploits3
Packet Storm
Packet Storm
added 2022/09/05 12:0 a.m.399 views

Mobile Mouse 3.6.0.4 Remote Code Execution

Exploit Title: Mobile Mouse 3.6.0.4 Remote Code Execution Date: Aug 09, 2022 Exploit Author: Chokri Hammedi Vendor Homepage: https://mobilemouse.com/ Software Link: https://www.mobilemouse.com/downloads/setup.exe Version: 3.6.0.4 Tested on: Windows 10 Enterprise LTSC Build 17763 !/usr/bin/env...

Exploits0
Packet Storm
Packet Storm
added 2022/03/09 12:0 a.m.399 views

DEOS AG OPEN 710/810 Cross Site Scripting

Title: DEOS control systems GmbH - OPEN 710/810 EMS Cross Site Scripting Vulnerability Dork: app:"DEOS AG OPEN EMS System ics device httpd" Vendor page: https://www.deos-ag.com/en/ Exploit Author: n4pst3r Tested on: Debian POST /cgi-bin/option.cgi?function=2 HTTP/1.1 Content-Length: 83...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/11/05 12:0 a.m.399 views

Payment Terminal 2.x / 3.x Cross Site Scripting

Document Title: =============== Payment Terminal 2.x & v3.x - Multiple XSS Web Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2280 Release Date: ============= 2021-11-05 Vulnerability Laboratory ID VL-ID:...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/04/30 12:0 a.m.399 views

Backdoor.Win32.Agent.gmug Heap Corruption

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/c7763bae3376a9f2865a1a18e84c259e.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Agent.gmug Vulnerability: Heap Corruption Description: The malware listens on TCP por...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/04/21 12:0 a.m.399 views

Nagios XI 5.7.3 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Nagios XI 5.5.0-5.7.3 - Snmptrap Authenticated Remote Code Exection', 'Description' = %q This module exploits an OS command injection vulnerabili...

6.5CVSS0.60966EPSS
Exploits4
Packet Storm
Packet Storm
added 2020/06/23 12:0 a.m.399 views

Responsive Online Blog 1.0 SQL Injection

Exploit Title: Responsive Online Blog 1.0 - 'id' SQL Injection Date: 2020-06-23 Exploit Author: Eren Şimşek Vendor Homepage: https://www.sourcecodester.com/php/14194/responsive-online-blog-website-using-phpmysql.html Software Link:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2019/11/30 12:0 a.m.399 views

Max Secure Anti Virus Plus 19.0.4.020 Insecure Permissions

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MAX-SECURE-PLUS-ANTIVIRUS-INSECURE-PERMISSIONS.txt + ISR: ApparitionSec Vendorwww.maxpcsecure.com Affected Product Code Base Max Secure Anti Virus Plus - 19.0.4.020 File hash:...

0.00463EPSS
Exploits2
Packet Storm
Packet Storm
added 2017/01/27 12:0 a.m.399 views

Haraka Remote Command Execution

!/usr/bin/python Exploit Title: Harakiri ShortDescription: Haraka comes with a plugin for processing attachments. Versions before 2.8.9 can be vulnerable to command injection Exploit Author: xychix xychix at hotmail.com / mark at outflank.nl Date: 26 January 2017 Category: Remote Code Execution...

0.1AI score0.13377EPSS
Exploits4
Packet Storm
Packet Storm
added 2012/11/26 12:0 a.m.399 views

Incomedia WebSite X5 Evolution 9.0.4.1748 XSS / Bypass

========================================= Vulnerable Software: Incomedia WebSite X5 Evolution alert1; Fix: Open imsearch.php and find: =============VULNERABLE CODE============== search@$GET'search', @$GET'page'; ? ==========END OF VULNERABLE CODE========== REPLACE WITH: ==============FIXED...

0.7AI score
Exploits0
Packet Storm
Packet Storm
added 2025/04/14 12:0 a.m.398 views

📄 CrushFTP 9.x / 10.8.4 / 11.3.1 Server-Side Request Forgery / Directory Traversal

CrushFTP versions 9.x, 10.x through 10.8.4, and 11.x through 11.3.1 suffer from server-side request forgery and directory traversal vulnerabilities. !-- Exploit Title: Server-Side Request Forgery SSRF in CrushFTP 10.7.1 and 11.1.0 as well as legacy 9.x Date: 2024-10-20 Exploit Author: Rafael...

5CVSS7AI score0.12119EPSS
Exploits3
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.398 views

GitLab Tags RSS Feed Email Disclosure

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'GitLab Tags RSS feed email disclosure', 'Description' = %q An issue has been discovered in GitLab affecting all versions before 16.6.6, 16.7 prio...

5.3CVSS7AI score0.04392EPSS
Exploits3
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.398 views

Microsoft Windows 7 / Server 2008 R2 SMB Client Infinite Loop

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft Windows 7 / Server 2008 R2 SMB Client Infinite Loop', 'Description' = %q This module exploits a denial of service flaw in the Microsoft...

9.3CVSS7.4AI score0.30879EPSS
Exploits3
Packet Storm
Packet Storm
added 2024/08/26 12:0 a.m.398 views

Invesalius 3.1 Remote Code Execution

Exploit Title: Invesalius 3.1 - Remote Code Execution RCE Discovered By: Riccardo Degli Esposti partywave, Alessio Romano sfoffo Exploit Author: Riccardo Degli Esposti partywave, Alessio Romano sfoffo Vendor Homepage: https://invesalius.github.io/ Software Link:...

7.1AI score0.02655EPSS
Exploits5
Packet Storm
Packet Storm
added 2024/07/11 12:0 a.m.398 views

LumisXP 16.1.x Cross Site Scripting

===== Tempest Security Intelligence - ADV-6/2024 ========================== LumisXP v15.0.x to v16.1.x Author: Rodolfo Tavares Tempest Security Intelligence - Recife, Pernambuco - Brazil ===== Table of Contents================================================== Overview Detailed description Timeli...

7.1AI score0.0081EPSS
Exploits1
Packet Storm
Packet Storm
added 2023/12/13 12:0 a.m.398 views

One Identity Password Manager Kiosk Escape Privilege Escalation

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Kiosk Escape Privilege Escalation product: One Identity Password Manager Secure Password Extension vulnerable version: 5.13.1 fixed version: 5.13.1 CVE number:...

7.4AI score0.01013EPSS
Exploits1
Packet Storm
Packet Storm
added 2023/08/10 12:0 a.m.398 views

WordPress WP Project Manager 2.6.4 Privilege Escalation

Description: WP Project Manager = 2.6.4 – Arbitrary Usermeta Update to Authenticated Subscriber+ Privilege Escalation Affected Plugin: WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts Plugin Slug: wedevs-project-manager Affected Versions: =...

7.1AI score0.00689EPSS
Exploits1
Packet Storm
Packet Storm
added 2022/08/01 12:0 a.m.398 views

Crime Reporting System 1.0 SQL Injection

Exploit Title: Crime Reporting System - Blind SQL Injection on Login email parameter Date: 31/07/2022 Exploit Author: saitamang Vendor Homepage: code-projects.org Software Link:...

Exploits0
Packet Storm
Packet Storm
added 2022/03/07 12:0 a.m.398 views

Loki RAT (Relapse) SQL Injection

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/aabb54951546132e70a8e9f02bf8b5baB.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Loki RAT Relapse Vulnerability: SQL Injection Description: The LokiRAT WebUI panel for...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/11/08 12:0 a.m.398 views

Money Transfer Management System 1.0 SQL Injection

Exploit Title: Money Transfer Management System 1.0 - Authentication Bypass Date: 2021-11-07 Exploit Author: Aryan Chehreghani Vendor Homepage: https://www.sourcecodester.com Software Link:...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/11/05 12:0 a.m.398 views

10-Strike Network Inventory Explorer Pro 9.31 Unquoted Service Path

Exploit Title: 10-Strike Network Inventory Explorer Pro 9.31 - 'srvInventoryWebServer' Unquoted Service Path Discovery by: Brian Rodriguez Date: 04-11-2021 Vendor Homepage: https://www.10-strike.com/ Software Link: https://www.10-strike.com/networkinventoryexplorer/network-inventory-pro-setup.exe...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/10/19 12:0 a.m.398 views

WordPress Enfold Theme 4.8.3 Cross Site Scripting

Exploit Title: WordPress Theme Enfold 4.8.3 - Reflected Cross-Site Scripting XSS Google Dork: "inurl:avia-element-paging" Date: 18/10/2021 Exploit Author: Francisco Díaz-Pache Alonso, Sergio Corral Cristo and David Álvarez Robles Vendor Homepage: https://kriesi.at/ Version: Enfold This URL must...

4.3CVSS6.3AI score0.02959EPSS
Exploits5
Packet Storm
Packet Storm
added 2021/04/01 12:0 a.m.398 views

Latrix 0.6.0 SQL Injection

Exploit Title: Latrix 0.6.0 – 'txtaccesscode' SQL Injection Date: 03/30/2021 Exploit Author: cptsticky Vendor Homepage: https://sourceforge.net/projects/latrix Software Link: https://sourceforge.net/projects/latrix/files/latest/download Version: 0.6.0 Tested on: Ubuntu 20.04 POST...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2020/12/02 12:0 a.m.398 views

NewsLister Cross Site Scripting

Exploit Title: NewsLister - Authenticated Persistent Cross-Site Scripting Date: 2020-11-27 Exploit Author: Emre Aslan Vendor Homepage: https://www.netartmedia.net/newslister.html Tested on: Windows & XAMPP == PoC HTTP Request == GET /admin/index.php?page=add HTTP/1.1 Host: 127.0.0.1:8080...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/11/05 12:0 a.m.398 views

Trend Micro IMSVA CSRF / XML Injection / SSRF / File Disclosure

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Vulnerabilities product: Trend Micro InterScan Messaging Security Virtual Appliance IMSVA vulnerable version: 9.1.0 Critical Patch Build 2025 fixed version: 9.1....

0.3AI score0.17884EPSS
Exploits7
Packet Storm
Packet Storm
added 2020/06/04 12:0 a.m.398 views

Oriol Espinal CMS 1.0 SQL Injection

Exploit Title: Oriol Espinal CMS 1.0 - 'id' SQL Injection Google Dork: inurl:/eotoolsshare/ Date: 2020-06-03 Exploit Author: TSAR Vendor Homepage: http://www.oriolespinal.es/eowd Software Link: http://www.oriolespinal.es/eotools Version: ALL VERSION UP TO LATEST Tested on: MACOS 10.11.2 CVE : NOt...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2024/06/24 12:0 a.m.397 views

Netis MW5360 Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Netis router MW5360 unauthenticated RCE.', 'Description' = %q Netis router MW5360 has a command injection vulnerability via the password paramete...

9.8CVSS7.1AI score0.70779EPSS
Exploits4
Packet Storm
Packet Storm
added 2024/03/14 12:0 a.m.397 views

Checkmk Agent 2.0.0 / 2.1.0 / 2.2.0 Local Privilege Escalation

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Local Privilege Escalation via writable files product: Checkmk Agent vulnerable version: 2.0.0, 2.1.0, 2.2.0 fixed version: 2.1.0p40, 2.2.0p23, 2.3.0b1, 2.4.0b1 CVE numbe...

8.8CVSS7.4AI score0.00342EPSS
Exploits5
Packet Storm
Packet Storm
added 2023/12/22 12:0 a.m.397 views

GilaCMS 1.15.4 SQL Injection

Description: GilaCMS widget and use wiget area filter to perform search Sample payload: http://targeturl/cm/listrows/widget?page=1&area=dashboard'%20UNION%20ALL%20SELECT%20NULL,NULL,NULL,NULL,@@version,NULL--%20 Attack Vector 2: After login into admin portal, go to edit...

7.4AI score0.00662EPSS
Exploits5
Packet Storm
Packet Storm
added 2023/08/11 12:0 a.m.397 views

DigaSell Digital Store PHP Script 1.0.0 Cross Site Scripting

==================================================================================================================================== | Title : DigaSell - Digital store PHP Script V1.0.0 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/05/25 12:0 a.m.397 views

WordPress Beautiful Cookie Consent Banner 2.10.1 Cross Site Scripting

Description: Beautiful Cookie Consent Banner = 2.10.1 - Unauthenticated Stored Cross-Site Scripting Affected Plugin:Beautiful Cookie Consent Banner Plugin Slug: beautiful-and-responsive-cookie-consent Affected Versions: = 2.10.1 CVE ID: Not Assigned CVSS Score: 7.2 High CVSS Vector:...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/05/24 12:0 a.m.397 views

Apache Superset 2.0.0 Authentication Bypass

Exploit Title: Apache Superset 2.0.0 - Authentication Bypass Date: 10 May 2023 Exploit Author: MaanVader Vendor Homepage: https://superset.apache.org/ Version: Apache Superset= 1.4.1 b'thisISaSECRET1234', deployment template b'YOUROWNRANDOMGENERATEDSECRETKEY', documentation b'TESTNONDEVSECRET'...

9.8CVSS7.1AI score0.97405EPSS
Exploits20
Packet Storm
Packet Storm
added 2023/04/26 12:0 a.m.397 views

Mars Stealer 8.3 Account Takeover

Exploit Title: Mars Stealer 8.3 - Admin Account Takeover Product: Mars Stelaer Technology: PHP Version: 8.3 Google Dork: N/A Date: 20.04.2023 Tested on: Linux Author: Sköll - twitter.com/skoll import argparse import requests parser = argparse.ArgumentParserdescription='Mars Stealer Account Takeov...

6.8AI score
Exploits0
Packet Storm
Packet Storm
added 2022/02/28 12:0 a.m.397 views

Win32k ConsoleControl Offset Confusion / Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Win32k ConsoleControl Offset Confusion', 'Description' = %q A vulnerability exists within win32k that can be leveraged by an attacker to escalate...

7.8CVSS1.1AI score0.80968EPSS
Exploits41
Packet Storm
Packet Storm
added 2021/11/23 12:0 a.m.397 views

Webrun 3.6.0.42 SQL Injection

Exploit Title: Webrun 3.6.0.42 - 'P0' SQL Injection Google Dork: intitle:"Webrun 3.6.0.42" Date: 23/11/2021 Exploit Author: Vinicius Alves Vendor Homepage: https://softwell.com.br/ Version: 3.6.0.42 Tested on: Kali Linux 2021.3 =-=-=-= Description =-=-=-= Webrun version 3.6.0.42 is vulnerable to...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/11/15 12:0 a.m.397 views

Talariax sendQuick Alertplus Server Admin 4.3 SQL Injection

Dear Full Disclosure Team, We are writing to submit a full disclosure for the following vulnerability discovered for product Talariax sendQuick Alertplus server admin version 4.3. This is an updated reference for https://seclists.org/fulldisclosure/2021/Oct/1...

8.7AI score0.01478EPSS
Exploits3
Packet Storm
Packet Storm
added 2021/11/08 12:0 a.m.397 views

HEUR.Backdoor.Win32.Denis.gen Denial Of Service

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/1a4d58e281103fea2a4ccbfab93f74d2.txt Contact: [email protected] Media: twitter.com/malvuln Threat: HEUR.Backdoor.Win32.Denis.gen Vulnerability: Remote Denial of Service UDP Datagram Description: The...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/07/28 12:0 a.m.397 views

TripSpark VEO Transportation SQL Injection

Exploit Title: TripSpark VEO Transportation - 'editOEN' Blind SQL Injection Google Dork: inhtml:"Student Busing Information" Date: 07/27/2021 Exploit Author: Sedric Louissaint @LKn0w Vendor Homepage: https://www.tripspark.com Software Document Link:...

0.5AI score
Exploits0
Packet Storm
Packet Storm
added 2021/06/10 12:0 a.m.397 views

Student Result Management System 1.0 SQL Injection

Exploit Title: Student Result Management System 1.0 - 'class' SQL Injection Date: 09.09.2020 Exploit Author: Riadh Benlamine rbn0x00 Vendor Homepage : https://projectworlds.in Software Page: https://projectworlds.in/free-projects/php-projects/student-result-management-system-project-in-php/...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/04/01 12:0 a.m.397 views

School Registration And Fee System 1.0 SQL Injection

Exploit Title: School Registration and Fee System | 'username ' Blind SQL Injection Exploit Author: Richard Jones Date: 01-04-2021 Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/10932/school-registration-and-fee-system.html Version: 1.0 Tested O...

Exploits0
Packet Storm
Packet Storm
added 2021/01/13 12:0 a.m.397 views

Backdoor.Win32.Kurbadur.a Remote Stack Buffer Overflow

Discovery / credits: malvuln - Malvuln.com c 2021 Original source: https://malvuln.com/advisory/821d3d5a9b15dc3388fe17f233cce296.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Kurbadur.a Vulnerability: Remote Stack Buffer Overflow Description: The malware liste...

0.9AI score
Exploits0
Packet Storm
Packet Storm
added 2020/06/09 12:0 a.m.397 views

WebUntis 2020.12.1 Cross Site Scripting

I. VULNERABILITY ------------------------- WebUntis 2020.12.1 - Authenticated Cross Site Scripting II. BACKGROUND ------------------------- WebUntis is a tool for schools and universities to deliver electronic timetables to their students. Depending from the activated modules it does also contain...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2025/03/13 12:0 a.m.396 views

Cyber Panel 2.3.x Remote Command Execution

Cyber Panel version 2.3.x proof of concept remote command execution exploit that leverages three vulnerabilities discovered in 2024. ============================================================================================================================================= | Title : Cyber Panel...

10CVSS10AI score0.94878EPSS
Exploits14
Packet Storm
Packet Storm
added 2024/02/05 12:0 a.m.396 views

GYM MS 1.0 Cross Site Scripting

Exploit Title: GYM MS - GYM Management System - Cross Site Scripting Stored Date: 29/09/2023 Vendor Homepage: https://phpgurukul.com/gym-management-system-using-php-and-mysql/ Software Link: https://phpgurukul.com/projects/GYM-Management-System-using-PHP.zip Version: 1.0 Last Update: 31 August 20...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/01/12 12:0 a.m.396 views

Copyright Loan Management System 2024 1.0 SQL Injection

Title: Copyright © Loan Management System 2024-1.0 Multiple-SQLi Author: nu11secur1ty Date: 01/12/2024 Vendor: https://twitter.com/razormist Software: https://www.sourcecodester.com/php/15529/loan-management-system-oop-php-mysqlijquery-free-source-code.html Reference:...

7.4AI score
Exploits0
Total number of security vulnerabilities5000