Lucene search
K
PacketstormMost viewed

50738 matches found

Packet Storm
Packet Storm
added 2020/12/15 12:0 a.m.371 views

Solaris SunSSH 11.0 x86 libpam Remote Root

Exploit Title: Solaris SunSSH 11.0 x86 - libpam Remote Root Exploit Author: Hacker Fantastic Vendor Homepage: https://www.oracle.com/solaris/technologies/solaris11-overview.html Version: 11 Tested on: SunOS solaris 5.11 11.0 / SunSSH Solaris 10-11.0 x86 libpam remote root exploit CVE-2020-14871...

10CVSS0.5AI score0.80291EPSS
Exploits13
Packet Storm
Packet Storm
added 2020/12/15 12:0 a.m.371 views

Microsoft Windows DrawIconEx Local Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/post/file' require 'msf/core/exploit/exe' require 'msf/core/post/windows/priv' class MetasploitModule 'Microsoft Windows DrawIconEx OOB Write Local...

7.2CVSS0.5AI score0.52778EPSS
Exploits5
Packet Storm
Packet Storm
added 2020/12/08 12:0 a.m.372 views

Employee Performance Evaluation System 1.0 Cross Site Scripting

Exploit Title: Employee Performance Evaluation System 1.0 - ' Task and Description' Persistent Cross Site Scripting Date: 08/12/2020 Exploit Author: Ritesh Gohil Vendor Homepage: https://www.sourcecodester.com Software Link:...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2020/06/02 12:0 a.m.371 views

vBulletin 5.6.1 SQL Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'vBulletin /ajax/api/contentinfraction/getIndexableContent nodeid Parameter SQL Injection', 'Description' = %q This module exploits a SQL injectio...

7.5CVSS0.2AI score0.88948EPSS
Exploits13
Packet Storm
Packet Storm
added 2024/03/26 12:0 a.m.370 views

Bludit 3.13.0 Cross Site Scripting

Exploit Title: Bludit 3.13.0 - Cross Site Scripting XSS Exploit Author: Gökhan ŞENŞÜKÜR Date: 29/02/2024 Vendor Homepage: https://www.bludit.com Software Link: https://www.bludit.com/releases/bludit-3-13-0.zip Version: bludit-3-13-0 Tested on: Windows TECHNICAL DETAILS & POC...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/01/26 12:0 a.m.370 views

Vinchin Backup And Recovery 7.2 Default Root Credentials

CVE ID: CVE-2024-22902 Title: Default Root Credentials Vulnerability in Vinchin Backup & Recovery v7.2 Suggested Description: Vinchin Backup & Recovery version 7.2 has been identified as being configured with default root credentials, posing a significant security vulnerability. Additional...

7.4AI score0.01147EPSS
Exploits4
Packet Storm
Packet Storm
added 2024/01/11 12:0 a.m.370 views

PHPJabbers Cinema Booking System 1.0 Missing Rate Limiting

Exploit Title: PHPJabbers Cinema Booking System v1.0 - No Rate Limit Date: 19/12/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/cinema-booking-system/sectionDemo Version: v1.0 Tested on: Windo...

7.4AI score0.00538EPSS
Exploits2
Packet Storm
Packet Storm
added 2023/10/09 12:0 a.m.370 views

eClass IP 2.5 SQL Injection

==================================================================================================================================== | Title : eClass IP 2.5 Sql injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 69.032-bit | | Vend...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/05/24 12:0 a.m.370 views

Trend Micro OfficeScan Client 10.0 Local Privilege Escalation

Exploit Title: Trend Micro OfficeScan Client 10.0 - ACL Service LPE Date: 2023/05/04 Exploit Author: msd0pe Vendor Homepage: https://www.trendmicro.com My Github: https://github.com/msd0pe-1 Trend Micro OfficeScan Client: Versions = icacls "C:\Program Files x86\Trend Micro\OfficeScan Client"...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/04/21 12:0 a.m.370 views

Nokia OneNDS 20.9 Insecure Permissions / Privilege Escalation

=============================================================================== title: Incorrect Permission Assignment product: Nokia OneNDS 20.9 vulnerability type: Security Misconfiguration severity: High CVSS Score: 7.8 CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H found on:...

6.4AI score0.01137EPSS
Exploits3
Packet Storm
Packet Storm
added 2023/02/27 12:0 a.m.370 views

ASUS ASMB8 iKVM 1.14.51 SNMP Remote Root

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Exploit Title: ASUS ASMB8 iKVM RCE and SSH Root Access Date: 2023-02-16 Exploit Author: [email protected] for NetworkSEC NWSSA-002-2023 Vendor Homepage: https://servers.asus.com/search?q=ASMB8 Version/Model: ASMB8 iKVM...

0.17399EPSS
Exploits6
Packet Storm
Packet Storm
added 2022/09/20 12:0 a.m.370 views

Trojan.Ransom.Ryuk.A MVID-2022-0640 Code Execution

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/5ac0f050f93f86e69026faea1fbb4450.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan.Ransom.Ryuk.A Vulnerability: Arbitrary Code Execution Description: The ransomware...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/08/08 12:0 a.m.370 views

ManageEngine ADAudit Plus Path Traversal / XML Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ManageEngine ADAudit Plus CVE-2022-28219', 'Description' = %q This module exploits CVE-2022-28219, which is a pair of vulnerabilities in...

9.8CVSS0.2AI score0.97011EPSS
Exploits6
Packet Storm
Packet Storm
added 2022/04/11 12:0 a.m.370 views

WordPress LayerSlider Cross Site Scripting

Tittle: WordPress Plugin LayerSlider 5. Exit 6. Save Project 7. XSS will trigger when accessing the project again for example there seem to be other place when its triggered as well, like in the Project's settings POC2 via file,json 1. Add new post & Create Blank Project 2. Import Projects 3. Loa...

5.2AI score0.02691EPSS
Exploits4
Packet Storm
Packet Storm
added 2021/11/02 12:0 a.m.370 views

Codiad 2.8.4 Shell Upload

Exploit Title: Codiad 2.8.4 - Remote Code Execution Authenticated 4 Author: P4p4M4n3 Vendor Homepage: http://codiad.com/ Software Links : https://github.com/Codiad/Codiad/releases Type: WebApp ------------------------------------- Proof of Concept: 1- login on codiad 2- go to...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/10/07 12:0 a.m.370 views

Google SLO-Generator 2.0.0 Code Execution

Exploit Title: Google SLO-Generator 2.0.0 - Code Execution Date: 2021-09-28 Exploit Author: Kiran Ghimire Software Link: https://github.com/google/slo-generator/releases Version: = 2.0.0 Tested on: Linux CVE: CVE-2021-22557 Introduction: Is a tool to compute and export Service Level Objectives...

6.4AI score0.0158EPSS
Exploits4
Packet Storm
Packet Storm
added 2021/10/05 12:0 a.m.370 views

HEUR.Trojan.Win32.Generic Unquoted Service Path

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/2e4b6c5bd907995f6fd40c5eeab5c6e9.txt Contact: [email protected] Media: twitter.com/malvuln Threat: HEUR.Trojan.Win32.Generic Vulnerability: Insecure Service Path Description: The malware creates a...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2021/04/30 12:0 a.m.370 views

Backdoor.Win32.Agent.ggw Authentication Bypass

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/509e3d4839688c6173980dfba22ebd55.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Agent.ggw Vulnerability: Authentication Bypass Description: The malware runs a built-...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2021/04/22 12:0 a.m.370 views

Backdoor.Win32.DarkKomet.artr Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/d2ee6046fd47de321d1310dccacca92b.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.DarkKomet.artr Vulnerability: Insecure Permissions Description: The malware creates a...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/04/22 12:0 a.m.370 views

HEUR.Trojan.Win32.Generic Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/1a98a0a769e7351ba16e1b91e9f26692.txt Contact: [email protected] Media: twitter.com/malvuln Threat: HEUR.Trojan.Win32.Generic Vulnerability: Insecure Permissions Description: The malware creates an...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/01/14 12:0 a.m.370 views

Backdoor.Win32.Ketch.a Remote Stack Buffer Overflow

Discovery / credits: malvuln - Malvuln.com c 2021 Original source: https://malvuln.com/advisory/1149c42fd8cf3ca7d00ef55a6337befe.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Ketch.a Vulnerability: Remote SEH Stack Buffer Overflow Description: Ketch makes HTTP...

1.3AI score
Exploits0
Packet Storm
Packet Storm
added 2020/12/19 12:0 a.m.370 views

Spiceworks 7.5 HTTP Header Injection

Exploit Title: Spiceworks 7.5 - HTTP Header Injection Google Dork: inurl:/prousers/login Discovered Date: 15/09/2020 Exploit Author: Ramikan Vendor Homepage: https://www.spiceworks.com Affected Version: 7.5.7.0 may be others. Tested On Version: 7.5.7.0 CVE : CVE-2020-25901 Vulnerability: Host...

0.1AI score0.0508EPSS
Exploits3
Packet Storm
Packet Storm
added 2020/12/18 12:0 a.m.370 views

WordPress Yet Another Stars Rating PHP Object Injection

class MetasploitModule 'WordPress PHP Object Injection in Yet Another Stars Rating plugin %q This module exploits Wordpress PHP Object Injection in Yet Another Stars Rating plugin = 5.5.2, so the exploit only works for Wordpress versions 'Paul Dannewitz', Vulnerability Discovery 'gx1 ', Exploit...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2020/11/26 12:0 a.m.370 views

libupnp 1.6.18 Denial Of Service

Exploit Title: libupnp 1.6.18 - Stack-based buffer overflow DoS Date: 2020-08-20 Exploit Author: Patrik Lantz Vendor Homepage: https://pupnp.sourceforge.io/ Software Link: https://sourceforge.net/projects/pupnp/files/pupnp/libUPnP%201.6.6/libupnp-1.6.6.tar.bz2/download Version: = 1.6.6 Tested on:...

10CVSS6.9AI score0.82807EPSS
Exploits6
Packet Storm
Packet Storm
added 2020/08/31 12:0 a.m.370 views

CMS Made Simple 2.2.14 Shell Upload

!/usr/bin/python3 -- coding: utf-8 -- Exploit Title: CMS Made Simple 2.2.14 - Arbitrary File Upload Authenticated Google Dork: N/A Date: 2020-08-31 Exploit Author: Luis Noriega @nogagmx Vendor Homepage: https://www.cmsmadesimple.org/ Software Link:...

Exploits0
Packet Storm
Packet Storm
added 2020/07/15 12:0 a.m.370 views

Zyxel Armor X1 WAP6806 Directory Traversal

Exploit Title: Zyxel Armor X1 WAP6806 - Directory Traversal Date: 2020-06-19 Exploit Author: Rajivarnan R Vendor Homepage: https://www.zyxel.com/ Software http://www.zyxelguard.com/WAP6806.asp Version: V1.00ABAL.6C0 CVE: 2020-14461 Tested on: Linux Mint / Windows 10 Vulnerabilities Discovered Dat...

5CVSS0.3AI score0.09537EPSS
Exploits3
Packet Storm
Packet Storm
added 2025/08/07 12:0 a.m.369 views

📄 Microsoft SharePoint Server ToolPane Unauthenticated Remote Code Execution

This Metasploit module exploits the authentication bypass vulnerabilities CVE-2025-49706 and CVE-2025-53771, and an unsafe deserialization vulnerability CVE-2025-49704, to achieve unauthenticated RCE against a vulnerable Microsoft SharePoint Server. The vulnerability CVE-2025-53770 was disclosed ...

9.8CVSS7.8AI score0.99982EPSS
Exploits41
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.369 views

SAP Internet Graphics Server (IGS) XMLCHART XXE

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SAP Internet Graphics Server IGS XMLCHART XXE', 'Description' = %q This module exploits CVE-2018-2392 and CVE-2018-2393, two XXE vulnerabilities...

7.5CVSS7AI score0.40591EPSS
Exploits2
Packet Storm
Packet Storm
added 2024/02/05 12:0 a.m.369 views

MISP 2.4.171 Cross Site Scripting

Exploit Title: MISP 2.4.171 Stored XSS CVE-2023-37307 Authenticated Date: 8th October 2023 Exploit Author: Mücahit Çeri Vendor Homepage: https://www.circl.lu/ Software Link: https://github.com/MISP/MISP Version: 2.4.171 Tested on: Ubuntu 20.04 CVE : CVE-2023-37307 Exploit: Logged in as low...

5.4CVSS7.4AI score0.00502EPSS
Exploits3
Packet Storm
Packet Storm
added 2024/01/11 12:0 a.m.369 views

PHPJabbers Event Ticketing System 1.0 Cross Site Scripting / HTML Injection

Exploit Title: PHPJabbers Event Ticketing System v1.0 - Multiple HTML Injection Date: 19/12/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/event-ticketing-system/sectionDemo Version: v1.0 Test...

7.4AI score0.00425EPSS
Exploits3
Packet Storm
Packet Storm
added 2024/01/11 12:0 a.m.369 views

PHPJabbers Event Ticketing System 1.0 Missing Rate Limiting

Exploit Title: PHPJabbers Event Ticketing System v1.0 - No Rate Limit Date: 19/12/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/meeting-room-booking-system/sectionDemo Version: v1.0 Tested on...

7.4AI score0.00614EPSS
Exploits2
Packet Storm
Packet Storm
added 2023/09/14 12:0 a.m.369 views

Night Club Booking Software 1.0 Cross Site Scripting

Title: Night Club Booking Software-1.0 XSS-Reflected Author: nu11secur1ty Date: 09/09/2023 Vendor: https://www.phpjabbers.com/ Software: https://www.phpjabbers.com/night-club-booking-software/sectionDemo Reference: https://portswigger.net/web-security/cross-site-scripting/reflected Description: T...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/05/26 12:0 a.m.369 views

Seagate Central Storage 2015.0916 User Creation / Command Execution

Exploit Title: Seagate Central Storage 2015.0916 - Unauthenticated Remote Command Execution Metasploit Date: Dec 9 2019 Exploit Author: Ege Balci Vendor Homepage: https://www.seagate.com/de/de/support/external-hard-drives/network-storage/seagate-central/ Version: 2015.0916 CVE : 2020-6627 This...

9.8CVSS7.1AI score0.12453EPSS
Exploits4
Packet Storm
Packet Storm
added 2023/05/11 12:0 a.m.370 views

Textpattern 4.8.8 Session Token Disclosure

Title: textpattern-4.8.8 Session token in URL Vulnerability Author: nu11secur1ty Date: 05.10.2023 Vendor: https://textpattern.com/ Software: https://github.com/textpattern/textpattern/releases/tag/4.8.8 Reference: https://portswigger.net/kb/issues/00500700session-token-in-url,...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/04/18 12:0 a.m.369 views

SecurePoint UTM 12.x Memory Leak

RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: SecurePoint UTM Vendor URL: https://www.securepoint.de/en/for-companies/firewall-vpn Type: Use of Uninitialized Variable CWE-457 Date found: 2023-01-05 Date published: 2023-04-12 CVSSv3 Scor...

6.6AI score0.04074EPSS
Exploits4
Packet Storm
Packet Storm
added 2023/03/23 12:0 a.m.370 views

Monitorr 1.7.6m / 1.7.7d Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Monitorr unauthenticated Remote Code Execution RCE', 'Description' = %q This module exploits an arbitrary file upload vulnerability and achieving...

9.8CVSS9.4AI score0.85785EPSS
Exploits8
Packet Storm
Packet Storm
added 2023/01/20 12:0 a.m.369 views

wolfSSL WOLFSSL_CALLBACKS Heap Buffer Over-Read

wolfSSL before 5.5.2: Heap-buffer over-read with WOLFSSLCALLBACKS ==================================================================== INFO ======= The CVE project has assigned the id CVE-2022-42905 to this issue. Severity: 9.1 CRITICAL Affected version: before 5.5.2 End of embargo: Ended October...

9.1CVSS0.01959EPSS
Exploits2
Packet Storm
Packet Storm
added 2022/09/28 12:0 a.m.369 views

Netfilter nft_set_elem_init Heap Overflow Privilege Escalation

frozenstringliteral: true This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Netfilter nftseteleminit Heap Overflow Privilege Escalation', 'Description' = %q An issue was discovered in the Linux...

7.8CVSS1.2AI score0.05451EPSS
Exploits10
Packet Storm
Packet Storm
added 2022/08/19 12:0 a.m.369 views

FLIR AX8 1.46.16 Traversal / Access Control / Command Injection / XSS

FLIR AX8 vulnerabilities. Product description: The FLIR AX8 is a thermal sensor with imaging capabilities, combining thermal and visual cameras that provides continuous temperature monitoring and alarming for critical electrical and mechanical equipment. Affected products: All FLIR AX8 thermal...

9.8CVSS0.6AI score0.99618EPSS
Exploits13
Packet Storm
Packet Storm
added 2022/07/11 12:0 a.m.369 views

Mutt mutt_decode_uuencoded() Memory Disclosure

mutt: muttdecodeuuencoded can read the past the of the input line In muttdecodeuuencoded, the line length is read from the untrusted uuencoded part without validation. This could result in including private memory in replys, for example fragments of other messages, passphrases or keys. Reproduce...

5.3CVSS5.5AI score0.01711EPSS
Exploits2
Packet Storm
Packet Storm
added 2022/04/07 12:0 a.m.369 views

WordPress Loco Translate Cross Site Scripting

Tittle: WordPress Plugin Loco Translate ' 7. Save 8. Replicated POC2 via example.po 1. Got to Plugin Loco Translate 2. Enter Plugins Options Any Plugin 3. Upload PO options 3. Load example.po Example.po msgid "" msgstr "" "Project-Id-Version: xss-tester\n" "Report-Msgid-Bugs-To: \n"...

5.5AI score0.03932EPSS
Exploits4
Packet Storm
Packet Storm
added 2021/10/18 12:0 a.m.369 views

Engineers Online Portal 1.0 SQL Injection

Exploit Title: Engineers Online Portal 1.0 is vulnerable to three types of SQL injection attacks. Author: nu11secur1ty Testing and Debugging: nu11secur1ty Date: 10.13.2021 Vendor: https://www.sourcecodester.com/users/janobe Link:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/06/03 12:0 a.m.369 views

CHIYU IoT Denial Of Service

Exploit Title: CHIYU IoT Devices - Denial of Service DoS Date: 01/06/2021 Exploit Author: sirpedrotavares Vendor Homepage: https://www.chiyu-tech.com/msg/msg88.html Software Link: https://www.chiyu-tech.com/category-hardware.html Version: BIOSENSE, Webpass, and BF-630, BF-631, and SEMAC - all...

0.4367EPSS
Exploits4
Packet Storm
Packet Storm
added 2021/05/06 12:0 a.m.369 views

Backdoor.Win32.NinjaSpy.c Code Execution

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/6eece319bc108576bd1f4a8364616264B.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.NinjaSpy.c Vulnerability: Remote Command Execution Description: The malware listens ...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/03/12 12:0 a.m.369 views

Monitoring System (Dashboard) 1.0 Shell Upload

Exploit Title: Monitoring System Dashboard | Authenticated Arbitrary File Upload to Remote Code Execution Exploit Author: Richard Jones Date: 2021-01-26 Vendor Homepage: https://www.sourcecodester.com/php/11741/monitoring-system-dashboard.html Software Link:...

Exploits0
Packet Storm
Packet Storm
added 2020/12/02 12:0 a.m.369 views

Ksix Zigbee Devices Playback Protection Bypass

Exploit Title: Ksix Zigbee Devices - Playback Protection Bypass PoC Date: 2020-11-15 Exploit Author: Alejandro Vazquez Vazquez Vendor Homepage: https://www.ksixmobile.com/ Firmware Version: Gateway Zigbee Module - v1.0.3, Gateway Main Module - v1.1.2, Door Sensor - v1.0.7, PIR Motion Sensor -...

0.6AI score
Exploits0
Packet Storm
Packet Storm
added 2020/10/28 12:0 a.m.369 views

PackageKit File Existence Disclosure

Exploit Title: File Existence Disclosure in PackageKit " sys.exit0 FILETOCHECK = sys.argv1 bus = dbus.SystemBus aptdbusobject = bus.getobject"org.freedesktop.PackageKit", "/org/freedesktop/PackageKit" aptdbusinterface = dbus.Interfaceaptdbusobject, "org.freedeskt...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2018/11/15 12:0 a.m.369 views

PHP-Proxy 5.1.0 Local File Inclusion

Exploit Title: PHP-Proxy 5.1.0 - Local File Inclusion Date: 2018-11-13 Exploit Author: Ameer Pornillos Contact: https://ethicalhackers.club Vendor Homepage: https://www.php-proxy.com/ Software Link: https://www.php-proxy.com/download/php-proxy.zip Version: 5.1.0 Category: Webapps Tested on: XAMPP...

7.5AI score0.21951EPSS
Exploits5
Packet Storm
Packet Storm
added 2024/07/22 12:0 a.m.368 views

Adobe Commerce / Magento Open Source XML Injection / User Impersonation

!/usr/bin/env ruby -W0 require 'bundler' Bundler.require:default DEBUG = false USEPROXY = false PROXYADDR = '127.0.0.1' PROXYPORT = 8080 def debugmsg puts msg.inspect if DEBUG end def randtextlength = 8 random string generator o = 'a'..'z', 'A'..'Z'.map&:toa.flatten 0...length.map orando.length...

9.8CVSS7.2AI score0.99994EPSS
Exploits26
Packet Storm
Packet Storm
added 2024/05/09 12:0 a.m.368 views

Panel Amadey.d.c MVID-2024-0680 Cross Site Scripting

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/50467c891bf7de34d2d65fa93ab8b558.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Panel Amadey.d.c Vulnerability: Cross Site Scripting XSS Family: Amadey Type: Web Panel MD...

7.4AI score
Exploits0
Total number of security vulnerabilities5000