Lucene search
K
PacketstormMost viewed

50773 matches found

Packet Storm
Packet Storm
added 2021/10/18 12:0 a.m.369 views

Engineers Online Portal 1.0 SQL Injection

Exploit Title: Engineers Online Portal 1.0 is vulnerable to three types of SQL injection attacks. Author: nu11secur1ty Testing and Debugging: nu11secur1ty Date: 10.13.2021 Vendor: https://www.sourcecodester.com/users/janobe Link:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/06/03 12:0 a.m.369 views

CHIYU IoT Denial Of Service

Exploit Title: CHIYU IoT Devices - Denial of Service DoS Date: 01/06/2021 Exploit Author: sirpedrotavares Vendor Homepage: https://www.chiyu-tech.com/msg/msg88.html Software Link: https://www.chiyu-tech.com/category-hardware.html Version: BIOSENSE, Webpass, and BF-630, BF-631, and SEMAC - all...

0.4367EPSS
Exploits4
Packet Storm
Packet Storm
added 2021/05/06 12:0 a.m.369 views

Backdoor.Win32.NinjaSpy.c Code Execution

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/6eece319bc108576bd1f4a8364616264B.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.NinjaSpy.c Vulnerability: Remote Command Execution Description: The malware listens ...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2018/11/15 12:0 a.m.369 views

PHP-Proxy 5.1.0 Local File Inclusion

Exploit Title: PHP-Proxy 5.1.0 - Local File Inclusion Date: 2018-11-13 Exploit Author: Ameer Pornillos Contact: https://ethicalhackers.club Vendor Homepage: https://www.php-proxy.com/ Software Link: https://www.php-proxy.com/download/php-proxy.zip Version: 5.1.0 Category: Webapps Tested on: XAMPP...

7.5AI score0.21951EPSS
Exploits5
Packet Storm
Packet Storm
added 2024/07/22 12:0 a.m.368 views

Adobe Commerce / Magento Open Source XML Injection / User Impersonation

!/usr/bin/env ruby -W0 require 'bundler' Bundler.require:default DEBUG = false USEPROXY = false PROXYADDR = '127.0.0.1' PROXYPORT = 8080 def debugmsg puts msg.inspect if DEBUG end def randtextlength = 8 random string generator o = 'a'..'z', 'A'..'Z'.map&:toa.flatten 0...length.map orando.length...

9.8CVSS7.2AI score0.99994EPSS
Exploits26
Packet Storm
Packet Storm
added 2024/04/23 12:0 a.m.369 views

Palo Alto PAN-OS Command Execution / Arbitrary File Creation

Exploit Title: Palo Alto PAN-OS bool: ret = False uri = "/ssl-vpn/hipreport.esp" s = requests.Session r = "" headers = "User-Agent" : \ "Mozilla/5.0 Windows NT 10.0; Win64; x64 AppleWebKit/537.36 KHTML, like Gecko Chrome/118.0.0.0 Safari/537.36", Windows 10 Chrome 118.0.0.0 "Content-Type":...

10CVSS9.8AI score0.99999EPSS
Exploits43
Packet Storm
Packet Storm
added 2024/03/27 12:0 a.m.368 views

Artica Proxy Unauthenticated PHP Deserialization

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Artica Proxy Unauthenticated PHP Deserialization Vulnerability', 'Description' = %q A Command Injection vulnerability in Artica Proxy appliance...

7.4AI score0.8126EPSS
Exploits9
Packet Storm
Packet Storm
added 2024/01/29 12:0 a.m.368 views

Reprise License Manager 15.1 Privilege Escalation / File Write

Multiple Vulnerabilities in Reprise License Manager 15.1 CVE-2023-43183, CVE-2023-44031 Credit: Mohaiman Rahim...

7.4AI score0.01178EPSS
Exploits3
Packet Storm
Packet Storm
added 2023/09/25 12:0 a.m.368 views

LogoBee CMS 0.2 Cross Site Scripting

==================================================================================================================================== | Title : LogoBee CMS v0.2 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit | | Vendor :...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/04/20 12:0 a.m.368 views

Serendipity 2.4.0 Cross Site Scripting

Exploit Title: Serendipity 2.4.0 - Cross-Site Scripting XSS Author: Mirabbas Ağalarov Application: Serendipity Version: 2.4.0 Bugs: Stored XSS Technology: PHP Vendor URL: https://docs.s9y.org/ Software Link: https://docs.s9y.org/downloads.html Date of found: 13.04.2023 Tested on: Linux 2. Technic...

6.8AI score
Exploits0
Packet Storm
Packet Storm
added 2022/08/12 12:0 a.m.368 views

Readymade Job Portal Script SQL Injection

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2022/04/04 12:0 a.m.368 views

Barco Control Room Management Suite Directory Traversal

I. SUMMARY Title: CVE-2022-2623 Barco Control Room Management Suite File Path Traversal Vulnerability Product: Barco Control Room Management Suite before 2.9 build 0275 and all prior versions Vulnerability Type: File Path Traversal Credit by/Researcher: Murat Aydemir from Accenture Cyber Security...

8.2AI score0.15028EPSS
Exploits3
Packet Storm
Packet Storm
added 2022/02/17 12:0 a.m.368 views

MartFury Marketplace Cross Site Scripting

Document Title: =============== MartFury Marketplace - Cross Site Scripting Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2282 Release Date: ============= 2022-02-17 Vulnerability Laboratory ID VL-ID: ====================================...

Exploits0
Packet Storm
Packet Storm
added 2022/01/17 12:0 a.m.368 views

Win32.MarsStealer Web Panel Cross Site Scripting

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/8abb41f6e7010d70c90f65fd9a740faaB.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Win32.MarsStealer Web Panel Vulnerability: Unauthenticated Remote Persistent XSS Description: The...

Exploits0
Packet Storm
Packet Storm
added 2021/11/09 12:0 a.m.368 views

Google Assistant Authentication Bypass

0011 Vendor: Google Status: fixed Reported: Nov 25, 2019 Disclosed: Oct 10, 2021 685 days Auth Bypass in Google Assistant Summary: Webpage can execute Google Assistant commands without any permissions Steps to reproduce: Generate the TTS audio files using the Google Cloud TTS API, using the text...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/10/21 12:0 a.m.368 views

Small CRM 3.0 Cross Site Scripting

Exploit Title: Small CRM 3.0 - 'description' Stored Cross-Site Scripting XSS Date: 20/10/2021 Exploit Author: Ghuliev Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/small-crm-php/ Version: 3.0 Tested on: Server: Ubuntu When a user or admin creates a ticket, we can...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/04/19 12:0 a.m.368 views

Trojan-Dropper.Win32.Agent.bjtzcp Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/2992b86d03c3922ed45fa09ef105f018.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan-Dropper.Win32.Agent.bjtzcp Vulnerability: Insecure Permissions Description: Agent.bjtzcp...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/03/31 12:0 a.m.368 views

DD-WRT 45723 Buffer Overflow

Exploit Title: DD-WRT 45723 - UPNP Buffer Overflow PoC Date: 24.03.2021 Exploit Author: Selim Enes 'Enesdex' Karaduman Vendor Homepage: https://dd-wrt.com/ Software Link: https://download1.dd-wrt.com/dd-wrtv2/downloads/betas/2021/ Version: 45723 or prior Tested on: TP-Link Archer C7...

0.7AI score
Exploits0
Packet Storm
Packet Storm
added 2021/01/06 12:0 a.m.368 views

WordPress Litespeed Cache 3.6 Cross Site Scripting

Exploit Title: WordPress Plugin litespeed-cache 3.6 - 'serverip' Cross-Site Scripting Date: 20-12-2020 Software Link: https://downloads.wordpress.org/plugin/litespeed-cache.3.6.zip Version: litespeed-cache Tested on: Windows 10 x64 Description: A Stored Cross-site scripting XSS was discovered in...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/06/29 12:0 a.m.368 views

Bolt CMS 3.7.0 Authenticated Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Bolt CMS 3.7.0 - Authenticated Remote Code Execution', 'Description' = %q This module exploits multiple vulnerabilities in Bolt CMS version 3.7.0...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2025/04/16 12:0 a.m.367 views

📄 phpMyFAQ 3.1.7 Cross Site Scripting

phpMyFAQ version 3.1.7 suffers from a cross site scripting vulnerability. Exploit Title: phpMyFAQ 3.1.7 - Reflected Cross-Site Scripting XSS Date: 2024-10-26 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/thorsten/phpMyFAQ Software Link: https://github.com/thorsten/phpMyFAQ Versio...

9.8CVSS7.5AI score0.04381EPSS
Exploits2
Packet Storm
Packet Storm
added 2025/02/10 12:0 a.m.367 views

ABB Cylon Aspect 3.08.02 PHP Session Fixation

ABB Cylon Aspect version 3.08.02 is vulnerable to session fixation, allowing an attacker to set a predefined PHPSESSID value. An attacker can leverage an unauthenticated reflected cross site scripting vulnerability in jsonProxy.php to inject a crafted request, forcing the victim to adopt a fixate...

9.3CVSS6.2AI score0.00436EPSS
Exploits4
Packet Storm
Packet Storm
added 2024/10/23 12:0 a.m.367 views

ABB Cylon Aspect 3.08.01 throttledLog.php Unauthenticated Log Disclosure

ABB Cylon Aspect 3.08.01 throttledLog.php Unauthenticated Log Disclosure Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.01 Summary: ASPECT is an award-winning scalable building energy...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/05/21 12:0 a.m.367 views

CHAOS 5.0.8 Cross Site Scripting / Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Chaos RAT XSS to RCE', 'Description' = %q CHAOS v5.0.8 is a free and open-source Remote Administration Tool that allows generated binaries to...

7.4AI score0.80454EPSS
Exploits7
Packet Storm
Packet Storm
added 2024/05/14 12:0 a.m.368 views

Apache mod_proxy_cluster Cross Site Scripting

import requests import argparse from bs4 import BeautifulSoup from urllib.parse import urlparse, parseqs, urlencode, urlunparse from requests.exceptions import RequestException class Colors: RED = '\03391m' GREEN = '\0331;49;92m' RESET = '\0330m' def getclustermanagerurlbaseurl, path:...

7.4AI score0.02242EPSS
Exploits5
Packet Storm
Packet Storm
added 2024/03/28 12:0 a.m.367 views

Circontrol Raption Buffer Overflow / Command Injection

Circontrol EV Charger vulnerabilities. 1. CVE-2020-8006 Pre-Auth Stack Based Buffer Overflow CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 10 The server in Circontrol Raption through 5.11.2 has a pre-authentication stack-based buffer overflow that can be exploited to gain run-time control of the...

7.4AI score0.01756EPSS
Exploits1
Packet Storm
Packet Storm
added 2024/03/05 12:0 a.m.367 views

Solar-Log 200 PM+ 3.6.0 Cross Site Scripting

Exploit Title: Stored XSS in Solar-Log 200 3.6.0 web panel Date: 10-30-23 Exploit Author: Vincent McRae, Mesut Cetin - Redteamer IT Security Vendor Homepage: https://www.solar-log.com/en/ Version: Solar-Log 200 PM+ 3.6.0 Build 99 - 15.10.2019 Tested on: Proprietary devices:...

5.4CVSS7.4AI score0.00557EPSS
Exploits4
Packet Storm
Packet Storm
added 2024/02/13 12:0 a.m.367 views

XoopsCore25 2.5.11 Cross Site Scripting

Title: XoopsCore25-2.5.11-XSS-Reflected Author: nu11secur1ty Date: 02/12/2024 Vendor: https://xoops.org/ Software: https://github.com/XOOPS/XoopsCore25/releases/tag/v2.5.11 Reference: https://portswigger.net/kb/issues/00200300cross-site-scripting-reflected Description: The value of the yname...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/11/28 12:0 a.m.367 views

etcd-browser 87ae63d75260 Directory Traversal

An issue was discovered in server.js in etcd-browser 87ae63d75260. By supplying a /../../../ Directory Traversal input to the URL's GET request while connecting to the remote server port specified during setup, an attacker can retrieve local operating system files from the remote system...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/07/13 12:0 a.m.367 views

pfSense Restore RRD Data Command Injection

class MetasploitModule 'pfSense Restore RRD Data Command Injection', 'Description' = %q This module exploits an authenticated command injection vulnerabilty in the "restorerrddata" function of pfSense prior to version 2.7.0 which allows an authenticated attacker with the "WebCfg - Diagnostics:...

8.8CVSS7.1AI score0.90655EPSS
Exploits4
Packet Storm
Packet Storm
added 2023/07/11 12:0 a.m.367 views

ILIAS eLearning Platform XSS / Remote Code Execution

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple high risk vulnerabilities product: ILIAS eLearning platform vulnerable version: see section "Vulnerable version" below fixed version: see section "Solution" belo...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/06/30 12:0 a.m.367 views

Anonymous Feedback Script 2.1 Cross Site Scripting

==================================================================================================================================== | Title : Anonymous Feedback Script V2.1 xss Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro | | Vendor :...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/01/20 12:0 a.m.367 views

ASKEY RTF3505VW-N1 Privilege Escalation

Exploit Title: ASKEY RTF3505VW-N1 - Privilege escalation Date: 07-12-2022 Exploit Author: Leonardo Nicolas Servalli Vendor Homepage: www.askey.com Platform: ASKEY router devices RTF3505VW-N1 Tested on: Firmware BRSVg000R3505VMN1001s327 Vulnerability analysis:...

0.8AI score
Exploits0
Packet Storm
Packet Storm
added 2022/09/23 12:0 a.m.367 views

Feehi CMS 2.1.1 Remote Code Execution

Exploit Title: Feehi CMS 2.1.1 - Remote Code Execution RCE Authenticated Date: 22-08-2022 Exploit Author: yuyudhn Vendor Homepage: https://feehi.com/ Software Link: https://github.com/liufee/cms Version: 2.1.1 REQUIRED Tested on: Linux, Docker CVE : CVE-2022-34140 Proof of Concept: 1. Login using...

5.4CVSS5.5AI score0.03574EPSS
Exploits7
Packet Storm
Packet Storm
added 2022/09/20 12:0 a.m.367 views

Backdoor.Win32.Hellza.120 MVID-2022-0641 Remote Command Execution

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/2cbd0fcf4d5fd5fb6c8014390efb0b21.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Hellza.120 Vulnerability: Unauthorized Remote Command Execution Description...

Exploits0
Packet Storm
Packet Storm
added 2022/04/19 12:0 a.m.367 views

Backdoor.Win32.Hupigon.haqj Unquoted Service Path

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/d9542df20f8df457747451dd9e16d1c0.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Hupigon.haqj Vulnerability: Insecure Service Path Description: The malware creates a...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2021/12/15 12:0 a.m.367 views

SAP Netweaver IUUC_RECON_RC_COUNT_TABLE_BIG ABAP Code Injection

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Remote ABAP Code Injection in SAP IUUCRECONRCCOUNTTABLEBIG product: SAP Netweaver vulnerable version: SAP DMIS 20111731 SP 0013 fixed version: see solution section below...

9.1CVSS0.4AI score0.02011EPSS
Exploits5
Packet Storm
Packet Storm
added 2021/05/07 12:0 a.m.367 views

Voting System 1.0 SQL Injection

Exploit Title: Voting System 1.0 - Authentication Bypass SQLI Date: 06/05/2021 Exploit Author: secure77 Vendor Homepage: https://www.sourcecodester.com/php/12306/voting-system-using-php.html Software Link:...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2021/01/11 12:0 a.m.367 views

Coturn 4.5.1.x Access Control Bypass

Loopback access control bypass in coturn by using 0.0.0.0, ::1 or :: as the peer address - Fixed version: 4.5.2 - Enable Security Advisory: https://github.com/EnableSecurity/advisories/tree/master/ES2021-01-coturn-access-control-bypass - Coturn Security Advisory:...

0.6AI score0.01282EPSS
Exploits3
Packet Storm
Packet Storm
added 2021/01/08 12:0 a.m.367 views

Cockpit CMS Remote Code Execution

Cockpit CMS 0.6.1 - Remote Code Execution Product: Cockpit CMS https://getcockpit.com Version: Cockpit CMS = 0.6.1...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2020/01/13 12:0 a.m.367 views

Hospital Management System 4.0 Cross Site Scripting

Exploit Title: Hospital Management System 4.0 Multiple Reflected XSS Google Dork: N/A Date: 1/2/2020 Exploit Author: FULLSHADE Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/hospital-management-system-in-php/ Version: v4.0 Tested on: Windows CVE : CVE-2020-5193...

6.4AI score0.00923EPSS
Exploits2
Packet Storm
Packet Storm
added 2019/08/31 12:0 a.m.367 views

Confluence Server Local File Disclosure

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 This email refers to the advisory found at https://confluence.atlassian.com/x/uAsvOg . CVE ID: CVE-2019-3394. Product: Confluence Server. Affected Confluence Server product versions: 6.1.0 = 6.1.0 but less than 6.6.16 or who have downloaded and...

8.8AI score0.11406EPSS
Exploits1
Packet Storm
Packet Storm
added 2019/08/19 12:0 a.m.367 views

FortiOS 5.6.7 / 6.0.4 Credential Disclosure

Exploit Title: FortiOS Leak file - Reading login/passwords in clear text. Google Dork: intext:"Please Login" inurl:"/remote/login" Date: 17/08/2019 Exploit Author: Carlos E. Vieira Vendor Homepage: https://www.fortinet.com/ Software Link: https://www.fortinet.com/products/fortigate/fortios.html...

5CVSS10AI score0.99999EPSS
Exploits22
Packet Storm
Packet Storm
added 2025/02/06 12:0 a.m.366 views

Gleamtech FileVista 9.2.0.0 Directory Traversal

A security vulnerability in FileVista version 9.2.0.0 allows an authenticated admin user to upload malicious files via directory traversal, bypassing security controls. Exploit Title: Gleamtech FileVista 9.2.0.0 - Directory Traversal Leading to Unrestricted File Upload Date: Feb 6, 2025 Exploit...

7.2AI score0.03206EPSS
Exploits3
Packet Storm
Packet Storm
added 2024/09/18 12:0 a.m.366 views

Online Exam System 1.0 Insecure Settings

==================================================================================================================================== | Title : Online Exam System 1.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.0 64 bits...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/09/12 12:0 a.m.366 views

3DSecure 2.0 3DS Method Authentication Cross Site Scripting

Product: 3DSecure 2.0 Manufacturer: Redsys Affected Versions: 3DSecure 2.0 3DS Method Authentication Tested Versions: 3DSecure 2.0 3DS Method Authentication Vulnerability Type: Cross-Site Scripting XSS Risk Level: Medium Solution Status: Not yet fixed Manufacturer Notification: 2024-01-17 Solutio...

7.4AI score
Exploits1
Packet Storm
Packet Storm
added 2024/03/28 12:0 a.m.366 views

Dell Security Management Server Privilege Escalation

Exploit Title: title Dell Security Management Server versions prior to 11.9.0 Exploit Author: author Amirhossein Bahramizadeh CVE : if applicable CVE-2023-32479 Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server versions prior to 11.9.0 contain privilege...

7.8CVSS7.4AI score0.00087EPSS
Exploits3
Packet Storm
Packet Storm
added 2024/02/02 12:0 a.m.366 views

Typora 1.7.4 Command Injection

Exploit Title: Typora v1.7.4 - OS Command Injection Discovered by: Ahmet Ümit BAYRAM Discovered Date: 13.09.2023 Vendor Homepage: http://www.typora.io Software Link: https://download.typora.io/windows/typora-setup-ia32.exe Tested Version: v1.7.4 latest Tested on: Windows 2019 Server 64bit Steps t...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/07/25 12:0 a.m.366 views

WordPress PrePost SEO 3.0 Cross Site Scripting

Tittle: WordPress Plugin PrePost SEO " 2. Save and see XSS exploit. Classification: Type XSS OWASP top 10 A7: Cross-Site Scripting XSS CWE-79 wpScan: https://wpscan.com/vulnerability/4889ad5a-c8c4-4958-b176-64560490497b...

4.8CVSS7.1AI score0.0061EPSS
Exploits3
Packet Storm
Packet Storm
added 2023/06/30 12:0 a.m.366 views

Car Listing Script 1.8 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

7.1AI score
Exploits0
Total number of security vulnerabilities5000