Lucene search
K
PacketstormMost viewed

50728 matches found

Packet Storm
Packet Storm
added 2023/11/14 12:0 a.m.1153 views

Cisco IOX XE Unauthenticated Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco IOX XE Unauthenticated RCE Chain', 'Description' = %q This module leverages both CVE-2023-20198 and CVE-2023-20273 against vulnerable...

10CVSS7.2AI score0.99571EPSS
Exploits27
Packet Storm
Packet Storm
added 2021/03/12 12:0 a.m.1148 views

Apache OFBiz XML-RPC Java Deserialization

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache OFBiz XML-RPC Java Deserialization', 'Description' = %q This module exploits a Java deserialization vulnerability in Apache OFBiz's...

4.3CVSS0.1AI score0.98926EPSS
Exploits16
Packet Storm
Packet Storm
added 2020/11/13 12:0 a.m.1142 views

Citrix ADC NetScaler Local File Inclusion

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Citrix ADC NetScaler - Local File Inclusion Metasploit', 'Description' = % The remote device is affected by multiple vulnerabilities. An...

5CVSS0.4AI score0.88411EPSS
Exploits6
Packet Storm
Packet Storm
added 2013/08/09 12:0 a.m.1140 views

PHPFox 3.4.1 Cross Site Scripting

PHPFox v3.4.1 XSS vulnerabilities ------------------------------------------------------------ == Description == - Software link: http://www.phpfox.com - Affected versions: version 3.4.1 and 3.5.1 is vulnerable. Other versions might be affected as well. - Vulnerability discovered by: Mehdi Dadkha...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/22 12:0 a.m.1139 views

SPIP 4.2.12 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SPIP Unauthenticated RCE via porteplume Plugin', 'Description' = %q This module exploits a Remote Code Execution vulnerability in SPIP versions u...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/09/01 12:0 a.m.1135 views

MS17-010 SMB Remote Code Execution Detection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'MS17-010 SMB RCE Detection', 'Description' = %q Uses information disclosure to determine if MS17-010 has been patched or not. Specifically, it...

9.3CVSS8.2AI score0.99693EPSS
Exploits93
Packet Storm
Packet Storm
added 2010/03/06 12:0 a.m.1129 views

Apache 2.2.14 mod_isapi Remote SYSTEM Exploit

/ Apache 2.2.14 modisapi Dangling Pointer Remote SYSTEM Exploit CVE-2010-0425 ------------------------------------------------------------------------------ Advisory: http://www.senseofsecurity.com.au/advisories/SOS-10-002 Description: pwn-isapi.cpp exploits a dangling pointer vulnerabilty in...

10CVSS0.1AI score0.94248EPSS
Exploits13
Packet Storm
Packet Storm
added 2016/11/28 12:0 a.m.1127 views

Linux Kernel Dirty COW PTRACE_POKEDATA Privilege Escalation

// // This exploit uses the pokemon exploit as a base and automatically // generates a new passwd line. The original /etc/passwd is then // backed up to /tmp/passwd.bak and overwritten with the new line. // The user will be prompted for the new password when the binary is run. // After running th...

7.2CVSS0.6AI score0.83524EPSS
Exploits81
Packet Storm
Packet Storm
added 2024/10/29 12:0 a.m.1126 views

Xerox Printers Authenticated Remote Code Execution

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Authenticated Remote Code Execution product: Multiple Xerox printers EC80xx, AltaLink, VersaLink, WorkCentre vulnerable version: see vulnerable versions below fixed...

7.2CVSS7.1AI score0.01214EPSS
Exploits2
Packet Storm
Packet Storm
added 2019/08/26 12:0 a.m.1126 views

Webmin 1.890 expired Remote Root

!/usr/bin/perl -w Webmin 1.890 based on 1.920 research 'expired' Remote Root Exploit Copyright 2019 c Todor Donev Installation on CentOS: rpm -ivh https://sourceforge.net/projects/webadmin/files/webmin/1.890/webmin-1.890-1.noarch.rpm/download Disclaimer: This or previous programs are for...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/03/28 12:0 a.m.1121 views

rConfig 3.9.4 searchField Remote Code Execution

Exploit Title: rConfig 3.9.4 - 'searchField' Unauthenticated Root Remote Code Execution Exploit Author: vikingfr Greetz : Orange Cyberdefense - team CSR-SO https://cyberdefense.orange.com Date: 2020-03-12 CVE-2019-19509 + CVE-2019-19585 + CVE-2020-10220 Exploit link :...

9CVSS0.1AI score0.99683EPSS
Exploits20
Packet Storm
Packet Storm
added 2021/06/03 12:0 a.m.1120 views

Microsoft RDP Remote Code Execution

!/usr/bin/python import socket from OpenSSL import from struct import pack, unpack from sys import argv, exit class x224ConnectionRequestPacket: def initself: total of 8 bytes self.rdpNegReq = pack ' 1110 E CDT - 0000 0 for class 0 and 1 0, dest-ref , 2 bytes fuzzable 0, src-ref , 2 bytes fuzzabl...

10CVSS10AI score0.99999EPSS
Exploits123
Packet Storm
Packet Storm
added 2024/09/27 12:0 a.m.1111 views

Linux OverlayFS Local Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Local Privilege Escalation via CVE-2023-0386', 'Description' = %q This exploit targets the Linux kernel bug in OverlayFS. A flaw was found in the...

7.8CVSS7.2AI score0.0788EPSS
Exploits14
Packet Storm
Packet Storm
added 2015/03/15 12:0 a.m.1110 views

Comsenz SupeSite CMS 7.0 SQL Injection

Comsenz SupeSite 7.0 CMS SQL Injection Security Vulnerabilities Exploit Title: Comsenz SupeSite CMS SQL Injection Security Vulnerabilities Product: SupeSite CMS Content Management System Vendor: Comsenz Vulnerable Versions: 6.0.1UC 7.0 Tested Version: 7.0 Advisory Publication: March 14, 2015 Late...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2020/11/25 12:0 a.m.1110 views

Kong Gateway Admin API Remote Code Execution

frozenstringliteral: true This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Kong Gateway Admin API Remote Code Execution', 'Description' = ' This module uses the Kong admin API to create a route...

0.5AI score
Exploits0
Packet Storm
Packet Storm
added 2020/12/22 12:0 a.m.1107 views

Linux TIOCSPGRP Broken Locking

Linux: Broken locking in TIOCSPGRP leads to corrupted tty-pgrp refcount tiocspgrp, the handler for the TIOCSPGRP ioctl, has the following signature: static int tiocspgrpstruct ttystruct tty, struct ttystruct realtty, pidt user p It receives two ttystruct pointers because, for PTY pairs, userspace...

7.2CVSS8.7AI score0.01129EPSS
Exploits2
Packet Storm
Packet Storm
added 2021/03/08 12:0 a.m.1102 views

VMware vCenter Server File Upload / Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VMware vCenter Server Unauthenticated OVA File Upload RCE', 'Description' = %q This module exploits an unauthenticated OVA file upload and path...

10CVSS0.3AI score0.9957EPSS
Exploits47
Packet Storm
Packet Storm
added 2020/06/03 12:0 a.m.1100 views

JSC JIT Out-Of-Bounds Access

JSC: JIT: Incorrect Common Subexpression Elimination for ArithNegate, leading to OOB accesses The DFG and FTL JIT compilers incorrectly replace Checked with Unchecked ArithNegate operations and vice versa during Common Subexpression Elimination. This can then be exploited to cause out-of-bounds...

0.2AI score0.08207EPSS
Exploits2
Packet Storm
Packet Storm
added 2006/02/20 12:0 a.m.1100 views

RUNCMS1.3a-sql.tyxt

refrence: http://www.runcms.org/public/modules/forum/viewtopic.php?topicid=4003&forum=18 http://hamid.ir/security/ ----------------------------------------------- RUNCMS 1.3a SQL injection Runcms Includes most things a webmaster would expect from a cms: downloads, links, tutorials section, polls,...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2015/06/10 12:0 a.m.1096 views

ProFTPD 1.3.5 Mod_Copy Command Execution

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'ProFTPD 1.3.5 ModCopy Command Execution', 'Description' = %q This module exploits the SITE CPFR/CPTO commands in ProFTPD version...

10CVSS8.7AI score0.96803EPSS
Exploits21
Packet Storm
Packet Storm
added 2024/09/17 12:0 a.m.1095 views

Microsoft Windows TOCTOU Local Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows Kernel Time of Check Time of Use LPE in AuthzBasepCopyoutInternalSecurityAttributes', 'Description' = %q CVE-2024-30088 is a Windows Kern...

7.8CVSS6.9AI score0.68202EPSS
Exploits7
Packet Storm
Packet Storm
added 2014/07/30 12:0 a.m.1095 views

Joomla Kunena Forum 3.0.5 SQL Injection

Kunena forum extension for Joomla multiple SQL injection vulnerabilities Class: Input Validation Error CVE: N/A Remote: Yes Local: No Published: 02/07/2014 Credit: Raymond Rizk of Dionach [email protected] Vendor: Kunena Vulnerable: Kunena v3.0.5 Solution Status: Fixed by Vendor Kunena Forum is...

0.8AI score
Exploits0
Packet Storm
Packet Storm
added 2009/07/25 12:0 a.m.1095 views

XZero Community Classifieds 4.97.8 XSS

-----------------------------I AM MUSLIM !!------------------------------ ============================================================================== / \ | | | | / \ | | | | / \ | | | | / \ | || | / \ | | | | / \ | | IN THE NAME OF // \ || || // \ || ||...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2024/09/30 12:0 a.m.1092 views

VegaBird Vooki 5.2.9 DLL Hijacking

==================================== CVE ID: CVE-2024-45874 Author: Iulian Florea Vendor: VegaBird Product: Vooki - Dynamic Web Application & REST API Vulnerability Scanner DAST Tool Vulnerability Type: DLL Hijacking ==================================== ==================================== Summar...

7.4AI score0.00716EPSS
Exploits1
Packet Storm
Packet Storm
added 2023/07/11 12:0 a.m.1091 views

SmarterTools SmarterMail Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SmarterTools SmarterMail less than build 6985 - .NET Deserialization Remote Code Execution', 'Description' = %q This module exploits a...

10CVSS7.1AI score0.83317EPSS
Exploits7
Packet Storm
Packet Storm
added 2023/04/03 12:0 a.m.1089 views

XCMS 1.83 Remote Command Execution

Exploit Title: XCMS v1.83 - Remote Command Execution RCE Author: Onurcan Email: [email protected] Site: ihteam.net Script Download : http://www.xcms.it Date: 26/12/2022 The xcms's footerthat is in "/dati/generali/footer.dtb" is included in each page of the xcms. Taking "home.php" for example...

6.8AI score
Exploits0
Packet Storm
Packet Storm
added 2020/12/04 12:0 a.m.1089 views

VestaCP 0.9.8-26 Cross Site Scripting

Document Title: =============== VestaCP v0.9.8-26 - period Cross Site Web Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2239 Release Date: ============= 2020-11-24 Vulnerability Laboratory ID VL-ID: ====================================...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/09/01 12:0 a.m.1088 views

Dahua DVR Authentication Bypass Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule %qDahua DVR Auth Bypass Scanner, 'Description' = %qScans for Dahua-based DVRs and then grabs settings. Optionally resets a user's password and...

7.5CVSS7AI score0.70713EPSS
Exploits6
Packet Storm
Packet Storm
added 2020/11/18 12:0 a.m.1083 views

WordPress Fancy Product Designer For WooCommerce 4.5.1 File Upload

About Fancy Product Designer for WooCommerce Fancy Product Designer for WooCommerce is a WordPress plugin which allows users to design custom products in a vendor's WooCommerce store. It is sold through the third-party marketplace "Envato Market" and boasts over 15,000 sales. Unrestricted File...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/09/03 12:0 a.m.1082 views

SPIP 4.2.9 Code Execution

============================================================================================================================================= | Title : SPIP 4.2.9 PHP Code execution Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 129.0.1 64 bits |...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2013/10/07 12:0 a.m.1082 views

Opolis.eu Secure Mail Blind SQL Injection / XSS / CSRF / DoS

========================================================================================================================================================================= OPOLIS.EU SECURE MAIL Blind SQLInjection / Cross site scripting / CSRF / Apacche httpd Remote D.O.S /PHP hangs on parsing...

7.8CVSS0.98945EPSS
Exploits17
Packet Storm
Packet Storm
added 2018/11/12 12:0 a.m.1081 views

Advanced Comment System 1.0 SQL Injection

...

0.1AI score0.04185EPSS
Exploits5
Packet Storm
Packet Storm
added 2021/02/03 12:0 a.m.1080 views

Car Rental Project 2.0 Shell Upload

Exploit Title: Car Rental Project 2.0 - Arbitrary File Upload to Remote Code Execution Date: 3/2/2021 Exploit Author: Jannick Tiger Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/car-rental-project-php-mysql-free-download/ Version : V 2.0 Vulnerability Type:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2019/01/10 12:0 a.m.1080 views

Cisco VoIP Script Insertion / Weak Passwords / Undocumented Functionality

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Vulnerabilities product: Cisco VoIP Phones, e.g. models 88XX vulnerable version: See list of vulnerable devices/firmwares below fixed version: 12.5.1 MN CVE...

0.3AI score0.01501EPSS
Exploits2
Packet Storm
Packet Storm
added 2020/12/04 12:0 a.m.1078 views

Zabbix 5.0.0 Cross Site Scripting

Exploit Title: Zabbix 5.0.0 - Stored XSS via URL Widget Iframe Date: 8/11/2020 Exploit Author: Shwetabh Vishnoi Vendor Homepage: https://www.zabbix.com/ Software Link: https://www.zabbix.com/download Affected Version: Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before...

4.3CVSS6.6AI score0.32304EPSS
Exploits2
Packet Storm
Packet Storm
added 2022/01/17 12:0 a.m.1077 views

HTTP Protocol Stack Denial Of Service / Remote Code Execution

!/usr/bin/python Author @nu11secur1ty CVE-2022-21907 from colorama import init, Fore, Back, Style initconvert=True import requests import time printFore.RED +"Please input your host...\n" printStyle.RESETALL printFore.YELLOW host = input printStyle.RESETALL printFore.BLUE +"Sending an especially...

10CVSS0.4AI score0.9279EPSS
Exploits21
Packet Storm
Packet Storm
added 2020/09/14 12:0 a.m.1059 views

Microsoft Windows Finger Security Bypass / C2 Channel

Title: Windows TCPIP Finger Command - C2 Channel and Bypassing Security Software + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/WindowsTCPIPFingerCommandC2ChannelandBypassingSecuritySoftware.txt + twitter.com/hyp3rlinx +...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/05/10 12:0 a.m.1058 views

Zyxel Chained Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'socket' require 'digest/md5' class MetasploitModule 'Zyxel chained RCE using LFI and weak password derivation algorithm', 'Description' = %q This module exploit...

7.5CVSS7.1AI score0.57778EPSS
Exploits2
Packet Storm
Packet Storm
added 2021/07/17 12:0 a.m.1056 views

PEEL Shopping 9.3.0 SQL Injection

Exploit Title: PEEL Shopping 9.3.0 - 'id' Time-based SQL Injection Date: 2021-07-10 Exploit Author: faisalfs10x https://github.com/faisalfs10x Vendor Homepage: https://www.peel.fr Software Link: https://sourceforge.net/projects/peel-shopping/files/peel-shopping930.zip/download Version: prior to...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2020/11/16 12:0 a.m.1053 views

Artworks Gallery 1.0 Shell Upload

Artworks Gallery - Arbitrary File Upload - RCE Authenticated - Edit Profile Exploit Title: Artworks Gallery - Arbitrary File Upload - RCE Authenticated - Edit Profile Date: November 17th, 2020 Exploit Author: Shahrukh Iqbal Mirza @shahrukhiqbal24 Vendor Homepage: Source Code & Projects...

0.1AI score0.11894EPSS
Exploits5
Packet Storm
Packet Storm
added 2023/01/31 12:0 a.m.1052 views

mRemoteNG 1.76.20 Privilege Escalation

mRemoteNG mRemoteNG v1.76.20 Privilege Escalation Detailed Information ------------------------------------------------------------------------------------------------------------------------------------------------------------------------ Product Name: mRemoteNG Vendor Home Page:...

0.7AI score0.00368EPSS
Exploits1
Packet Storm
Packet Storm
added 2021/04/09 12:0 a.m.1046 views

Google Chrome SimplfiedLowering Integer Overflow

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Google Chrome versions before 87.0.4280.88 integer overflow during SimplfiedLowering phase', 'Description' = %q This module exploits an issue in...

4.3CVSS0.9AI score0.99595EPSS
Exploits14
Packet Storm
Packet Storm
added 2020/10/07 12:0 a.m.1043 views

Liman 0.7 Cross Site Request Forgery

Exploit Title: Liman v0.7 - Cross-Site Request Forgery CSRF Date: 27-03-2018 Exploit Author: George Tsimpidas Software Link : https://github.com/salihciftci/liman/releases/tag/v0.7 Version: 0.7 Tested on: 18.04.5 LTS Bionic Beaver Category: Webapp 1. Description:- There is no CSRF protection in...

0.6AI score
Exploits0
Packet Storm
Packet Storm
added 2019/09/04 12:0 a.m.1042 views

Cisco Device Hardcoded Credentials / GNU glibc / BusyBox

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple vulnerabilities product: Cisco RV340, Cisco RV340W, Cisco RV345, Cisco RV345P, Cisco RV260, Cisco RV260P, Cisco RV260W, Cisco 160, Cisco 160W vulnerable version:...

7.8CVSS0.5AI score0.89557EPSS
Exploits46
Packet Storm
Packet Storm
added 2024/11/01 12:0 a.m.1041 views

Ping Identity PingIDM 7.5.0 Query Filter Injection

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Query Filter Injection product: Ping Identity PingIDM formerly known as ForgeRock Identity Management vulnerable version: v7.0.0 - v7.5.0 and older unsupported versions...

2.7CVSS7.1AI score0.00671EPSS
Exploits1
Packet Storm
Packet Storm
added 2024/07/17 12:0 a.m.1037 views

XenForo 2.2.15 Cross Site Request Forgery

------------------------------------------------------------------------------- XenForo = 2.2.15 Widget::actionSave Cross-Site Request Forgery Vulnerability ------------------------------------------------------------------------------- - Software Link: https://xenforo.com - Affected Versions:...

7.1AI score0.07409EPSS
Exploits3
Packet Storm
Packet Storm
added 2016/03/15 12:0 a.m.1033 views

OpenSSH 7.2p1 xauth Command Injection / Bypass

Author: Ref: https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3115 Version: 0.2 Date: Mar 3rd, 2016 Tag: openssh xauth command injection may lead to forced-command and /bin/false bypass Overview -------- Name: openssh Vendor: OpenBSD References: http://www.openssh.com/1 Version: 7.2p1 2...

5.5CVSS0.6AI score0.37016EPSS
Exploits13
Packet Storm
Packet Storm
added 2019/08/28 12:0 a.m.1030 views

Joomla JomEstate 4.1 SQL Injection

Exploit Title : Joomla 2.5.28 ComJomEstate Real Estate Components 4.1 SQL Injection Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 29/08/2019 Vendor Homepage : comdev.eu/jomestate Joomla Affected Versions : Joomla 1.5.18 Joomla 1.5.26 - Joomla 1.6 - Joomla 1.7...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2018/04/17 12:0 a.m.1030 views

Drupalgeddon2 Drupal Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Drupalgeddon2', 'Description' = %q CVE-2018-7600 / SA-CORE-2018-002 Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before...

0.1AI score0.99993EPSS
Exploits46
Packet Storm
Packet Storm
added 2022/11/15 12:0 a.m.1029 views

Payara Platform Path Traversal

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Path Traversal Vulnerability product: Payara Platform vulnerable version: Enterprise: 5.45.0 Community: 6.2022.1, 5.2022.4, 4.1.2.191.38 fixed version: Enterprise: 5.45.0...

7.5CVSS0.4AI score0.52926EPSS
Exploits7
Total number of security vulnerabilities5000