Lucene search
K
PacketstormMost viewed

50738 matches found

Packet Storm
Packet Storm
added 2024/10/17 12:0 a.m.358 views

ABB Cylon Aspect 3.08.01 networkDiagAjax.php Remote Network Utility Execution

ABB Cylon Aspect 3.08.01 networkDiagAjax.php Remote Network Utility Execution Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.01 Summary: ASPECT is an award-winning scalable building energy...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/09/01 12:0 a.m.358 views

Total.js Prior To 3.2.4 Directory Traversal

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework Check and exploit Total.js Directory Traversal CVE-2019-8903 class MetasploitModule 'Total.js prior to 3.2.4 Directory Traversal', 'Description' = %q This module check a...

7.5CVSS7AI score0.72058EPSS
Exploits2
Packet Storm
Packet Storm
added 2024/03/11 12:0 a.m.358 views

WordPress Duplicator Data Exposure / Account Takeover

Exploit Title: WordPress Plugin Duplicator 1.5.7.1 - Unauthenticated Sensitive Data Exposure to Account Takeover Google Dork: inurl:"plugins/duplicator/" Date: 2023-12-04 Exploit Author: Dmitrii Ignatyev Vendor Homepage:...

7.5CVSS7.4AI score0.30894EPSS
Exploits5
Packet Storm
Packet Storm
added 2023/11/28 12:0 a.m.358 views

Loytec LINX Configurator 7.4.10 Insecure Transit / Cleartext Secrets

CVE : CVE-2023-46383, CVE-2023-46384, CVE-2023-46385 + Title : Multiple vulnerabilities in Loytec LINX Configurator + Vendor : LOYTEC electronics GmbH + Affected Products : LINX Configurator 7.4.10 + Affected Components : LINX Configurator + Discovery Date : 01-Sep-2021 + Publication date :...

7.4AI score0.01522EPSS
Exploits2
Packet Storm
Packet Storm
added 2023/08/11 12:0 a.m.358 views

Easy Password Manager 1.1 Information Disclosure

==================================================================================================================================== | Title : Easy Password Manager v1.1 unauthorized administrative access Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser :...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/10 12:0 a.m.358 views

DigaSell Digital Store PHP Script 1.0.0 SQL Injection

==================================================================================================================================== | Title : DigaSell - Digital store PHP Script V1.0.0 Blind Sql Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser :...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/06/22 12:0 a.m.358 views

Active Matrimonial CMS 1.4 HTML Injection

==================================================================================================================================== | Title : Active Matrimonial CMS v 1.4 HTML inject Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 64.0.2...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/06/02 12:0 a.m.358 views

Biig Order CMS 2 SQL Injection

================================================================================ | Title : E-commerce Biig Order CMS V2 Auth by Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : firefox 113.0.164 bits | | Vendor : https://www.vaskar.in/ | | Dork :...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/05/09 12:0 a.m.358 views

HammerSpace GDE / GFS 4.6.6-324 Authentication Bypass

Affected Product: HammerSpace Global Data Environment / Global File System - https://hammerspace.com/product Affected Versions: v4.6.6-324 and below with default installation/configuration. Vendor Notified: Yes, sometime between: 08/2022 and 10/2022, confirmed 2023-03-21 there is a fix in an...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2022/08/15 12:0 a.m.358 views

Inout RealEstate 2.1.2 SQL Injection

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

Exploits0
Packet Storm
Packet Storm
added 2022/07/19 12:0 a.m.358 views

Asus GameSDK 1.0.0.4 Unquoted Service Path

Exploit Title: Asus GameSDK v1.0.0.4 - 'GameSDK.exe' Unquoted Service Path Privilege Escalation Date: 07/14/2022 Exploit Author: Angelo Pio Amirante Version: 1.0.0.4 Tested on: Windows 10 Patched version: 1.0.5.0 CVE: CVE-2022-35899 Step to discover the unquoted service path: wmic service get...

0.1AI score0.00857EPSS
Exploits5
Packet Storm
Packet Storm
added 2021/11/22 12:0 a.m.358 views

Backdoor.Win32.Curioso.zp Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/1ae08493913b2a0c8cbcb0541da5a8bc.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Curioso.zp Vulnerability: Insecure Permissions Description: The malware creates a dir...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/08/13 12:0 a.m.358 views

PluXML 5.8.7 Cross Site Scripting

Exploit Title: XSS-Stored on PluXML 5.8.7 - latest parameter "idcontent" Author: nu11secur1ty Testing and Debugging: nu11secur1ty Date: 08.13.2021 Vendor: https://pluxml.org/ Link: https://sourceforge.net/projects/chikitsa/ CVE: CVE-2021-38603 + Exploit Source: !/usr/bin/python3 Author:...

5.2AI score0.01095EPSS
Exploits2
Packet Storm
Packet Storm
added 2021/07/19 12:0 a.m.358 views

Backdoor.Win32.Agent.bjev Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/ca40998b5d62ee7f936537ff3de7993d.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Agent.bjev Vulnerability: Insecure Permissions Description: The malware creates a dir...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/04/30 12:0 a.m.358 views

Backdoor.Win32.Agent.oj Code Execution

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/c1e92e04cdb432d83ea2610ef226d4cdB.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Agent.oj Vulnerability: Unauthenticated Remote Command Execution Description: The...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/04/30 12:0 a.m.358 views

Backdoor.Win32.Agent.oj Buffer Overflow

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/c1e92e04cdb432d83ea2610ef226d4cd.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Agent.oj Vulnerability: Remote Stack Buffer Overflow Description: The malware listens...

0.6AI score
Exploits0
Packet Storm
Packet Storm
added 2021/03/04 12:0 a.m.358 views

Online Ordering System 1.0 Shell Upload

Exploit Title: Online Ordering System 1.0 - Arbitrary File Upload to Remote Code Execution Date: 04/03/2021 Exploit Author: Suraj Bhosale Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/5125/online-ordering-system-using-phpmysql.html Version: 1.0...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2025/07/08 12:0 a.m.357 views

📄 MikroTik RouterOS Cross Site Scripting

A reflected cross site scripting vulnerability exists in MikroTik RouterOS versions prior to version 7, specifically in the UserManager web interface. This flaw can be exploited by unauthenticated attackers, allowing JavaScript injection via a specially crafted URL without requiring a valid login...

6.6AI score
Exploits0
Packet Storm
Packet Storm
added 2025/02/28 12:0 a.m.357 views

Firefox 135.0.1 Download Stresser

Firefox version 135.0.1 appears to suffer from a download looping issue that allows a malicious site to constantly download files to a user's browser. Exploit Title: Firefox 135.0.1 bypass Download protections PoC Date: 2025-02-28 Exploit Author: Emiliano Febbi Vendor Homepage:...

7AI score
Exploits0
Packet Storm
Packet Storm
added 2024/10/07 12:0 a.m.357 views

Netis MW5360 Code Injection

============================================================================================================================================= | Title : Netis MW5360 Code Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.2 64 bits | |...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/09/11 12:0 a.m.357 views

Profiling System 1.0 Shell Upload

============================================================================================================================================= | Title : Profiling System 1.0 code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 129.0.1 64...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.357 views

DoliWamp jqueryFileTree.php Traversal Gather Credentials

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "DoliWamp 'jqueryFileTree.php' Traversal Gather Credentials", 'Description' = %q This module will extract user credentials from DoliWamp - a WAMP...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/02/12 12:0 a.m.357 views

Windows Defender Detection Mitigation Bypass

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: https://hyp3rlinx.altervista.org/advisories/MICROSOFTWINDOWSDEFENDERTROJAN.WIN32.POWESSERE.GMITIGATIONBYPASSPART2.txt + twitter.com/hyp3rlinx + ISR: ApparitionSec Vendor www.microsoft.com Product Windows Defender...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/01/11 12:0 a.m.357 views

PHPJabbers Restaurant Booking System 3.0 Cross Site Scripting / HTML Injection

Exploit Title: PHPJabbers Restaurant Booking System v3.0 - Reflected XSS Date: 19/12/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/restaurant-booking-system/sectionDemo Version: v3.0 Tested o...

7.4AI score0.00385EPSS
Exploits4
Packet Storm
Packet Storm
added 2023/06/19 12:0 a.m.357 views

RentEquip Multipurpose Rental 1.0 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/04/03 12:0 a.m.357 views

MyBB 1.8.32 Remote Code Execution

Exploit Title: MyBB 1.8.32 - Chained LFI Remote Code Execution RCE Authenticated Date: 2023-01-19 Exploit Author: lUc1f3r11 https://github.com/FDlucifer Vendor Homepage: https://mybb.com/ Software Link: https://github.com/mybb/mybb/releases/tag/mybb1832 Version: MyBB 1.8.32 Tested on: Linux CVE :...

6.8AI score
Exploits0
Packet Storm
Packet Storm
added 2023/01/05 12:0 a.m.357 views

Oracle Database Vault Metadata Exposure

Title: CVE-2021-2175 – Oracle Database Vault Metadata Exposure Vulnerability Product: Database Manufacturer: Oracle Affected Versions: 12.1.0.2, 12.2.0.1, 18c, 19c Tested Versions: 19c Risk Level: low Solution Status: Fixed CVE Reference: CVE-2021-2175 Author of Advisory: Emad Al-Mousa Overview:...

4CVSS0.01654EPSS
Exploits6
Packet Storm
Packet Storm
added 2022/08/31 12:0 a.m.357 views

Zyxel Firewall SUID Binary Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Zyxel Firewall SUID Binary Privilege Escalation', 'Description' = %q This module exploits CVE-2022-30526, a local privilege escalation...

10CVSS0.8AI score0.99938EPSS
Exploits28
Packet Storm
Packet Storm
added 2022/01/06 12:0 a.m.357 views

Backdoor.Win32.Jtram.a Man-In-The-Middle

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/596882dfba543b23ad3225d24ee5e800B.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Jtram.a Vulnerability: Port Bounce Scan Description: The malware listens on TCP port...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/12/21 12:0 a.m.357 views

Aver EVC300 Firmware 00.10.16.36 Hardcoded Secrets

Firmware for Aver EVC300 multipoint video conferencing system v00.10.16.36 and others as well as firmware for several other devices manufactured by Aver, potentially all multipoint video conferencing systems contains multiple advanced features that are not well documented: 1. The web admin server...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/12/10 12:0 a.m.357 views

Free School Management Software 1.0 Cross Site Scripting

Exploit Title: Free School Management Software 1.0 - 'multiple' Stored Cross-Site Scripting XSS Exploit Author: fuzzyap1 Date: 7-12-2021 Category: Web application Vendor Homepage: https://www.sourcecodester.com/php/15073/free-school-management-software.html Software Link:...

Exploits0
Packet Storm
Packet Storm
added 2021/12/08 12:0 a.m.357 views

Reprise License Manager 14.2 Session Hijacking

Product: Reprise License Manager 14.2 Vendor: Reprise Software CVE ID: CVE-2021-44151 Vulnerability Title: Unauthenticated Session Hijacking Severity: Medium/High Authors: Mark Staal Steenberg, Bilal El Ghoul, Gionathan Armando Reale, Andreas Fyhn Andersen, Oliver Lind Nordestgaard Date: 2021-11-...

0.4AI score0.02529EPSS
Exploits2
Packet Storm
Packet Storm
added 2021/12/06 12:0 a.m.357 views

Auerswald COMpact 8.0B Privilege Escalation

Advisory: Auerswald COMpact Privilege Escalation RedTeam Pentesting discovered a vulnerability in the web-based management interface of the Auerswald COMpact 5500R PBX which allows low-privileged users to access passwords of administrative user accounts. Details ======= Product: COMpact 4000,...

1.5AI score0.02028EPSS
Exploits4
Packet Storm
Packet Storm
added 2021/03/19 12:0 a.m.357 views

SOYAL 701Server 9.0.1 Insecure Permissions

SOYAL 701Server 9.0.1 Insecure Permissions Vendor: SOYAL Technology Co., Ltd Product web page: https://www.soyal.com.tw | https://www.soyal.com Affected version: 9.0.1 190322 8.0.6 181227 Summary: 701 Server is the program used to set up and configure LAN and IP based access control systems, from...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/03/16 12:0 a.m.357 views

GeoGebra 3D Calculator 5.0.511.0 Denial Of Service

Exploit Title: GeoGebra 3D Calculator 5.0.511.0 - Denial of Service PoC Date: 2021-03-15 Author: Brian Rodríguez Software Site: https://www.geogebra.org/download Download Link:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/02/26 12:0 a.m.357 views

Nagios XI 5.7.5 Remote Code Execution

nagios-xi-5.7.5-bugs Bugs reported to Nagios XI CVE-2021-25296 Code Location /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php Code snippet php if !empty$pluginoutputlen $diskwmicommand .= " --forcetruncateoutput " . $pluginoutputlen; $servicewmicommand .= "...

9CVSS0.1AI score0.97714EPSS
Exploits10
Packet Storm
Packet Storm
added 2020/12/14 12:0 a.m.357 views

Macally WIFISD2-2A82 2.000.010 Privilege Escalation

Exploit Title: Macally WIFISD2-2A82 2.000.010 - Guest to Root Privilege Escalation Date: 03.12.2020 Exploit Author: Maximilian Barz and Daniel Schwendner Vendor Homepage: https://us.macally.com/products/wifisd2 Version: 2.000.010 Tested on: Kali Linux 5.7.0-kali1-amd64 CVE : CVE-2020-29669...

1AI score0.04866EPSS
Exploits4
Packet Storm
Packet Storm
added 2020/10/28 12:0 a.m.357 views

Prey 1.9.6 Unquoted Service Path

Exploit Title: Prey 1.9.6 - "CronService" Unquoted Service Path Discovery by: Ömer Tuygun Discovery Date:16.10.2020 Vendor Homepage: https://preyproject.com/ Software Link: https://preyproject.com/download/ Tested Version: 1.9.6 Vulnerability Type: Unquoted Service Path Tested on OS: Windows 10 P...

0.4AI score
Exploits0
Packet Storm
Packet Storm
added 2019/07/06 12:0 a.m.357 views

Huawei HG530 Cross Site Request Forgery

Multiple CSRF reboot and restore Vulnerability =========================== The Huawei HG530 suffers from multiple CSRF vulnerability allows local attackers to reboot the device or to restore to factory Configuration. ================== The vulnerability is located in form POST data parameter in...

0.7AI score
Exploits0
Packet Storm
Packet Storm
added 2018/11/16 12:0 a.m.357 views

Warranty Tracking System 11.06.3 SQL Injection

Exploit Title: Warranty Tracking System 11.06.3 - 'txtCustomerCode' SQL Injection Dork: N/A Date: 2018-11-14 Exploit Author: Ihsan Sencan Vendor Homepage: http://warrantytrack.org/ Software Link: https://kent.dl.sourceforge.net/project/warrantytrack/warrantytrack%20Rel.11.06.3.zip Version: 11.06....

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2024/10/14 12:0 a.m.356 views

TOTOLINK 9.x Command Injection

============================================================================================================================================= | Title : TOTOLINK 9.x Code Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.2 64 bits | |...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/10/03 12:0 a.m.356 views

ViciDial 2.0.5 Cross Site Request Forgery

============================================================================================================================================= | Title : ViciDial Call Center - astguiclient - thirtieth public release 2.0.5 CSRF Add ADmin Vulnerability | | Author : indoushka | | Tested on : windows ...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/07/04 12:0 a.m.356 views

Zyxel parse_config.py Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Zyxel parseconfig.py Command Injection', 'Description' = %q This module exploits vulnerabilities in multiple Zyxel devices including the VPN, USG...

8.8CVSS7.1AI score0.1014EPSS
Exploits2
Packet Storm
Packet Storm
added 2024/06/24 12:0 a.m.356 views

Carbon Forum 5.9.0 Cross Site Request Forgery / SQL Injection

Title = Carbon Forum 5.9.0 - Multiple Exploits - Author = bRpsd [email protected] - Date Release = 22 June, 2024 - Vendor = Carbon Forum https://www.94cb.com/ Download = https://github.com/lincanbin/Carbon-Forum Vulnerable Versions = 5.9.0 = Tested Version = 5.9.0 on xampp Server. Vulnerability 1 :...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/03/11 12:0 a.m.356 views

Sitecore 8.2 Remote Code Execution

!/usr/bin/env python3 Exploit Title: Sitecore - Remote Code Execution v8.2 Exploit Author: abhishek morla Google Dork: N/A Date: 2024-01-08 Vendor Homepage: https://www.sitecore.com/ Software Link: https://dev.sitecore.net/ Version: 10.3 Tested on: windows64bit / mozila firefox CVE : CVE-2023-358...

9.8CVSS7.4AI score0.86685EPSS
Exploits7
Packet Storm
Packet Storm
added 2023/10/26 12:0 a.m.356 views

TEM Opera Plus FM Family Transmitter 35.45 Cross Site Request Forgery

CSRF Change Forward Power: -------------------------...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/10/16 12:0 a.m.356 views

ChurchCRM 4.5.4 SQL Injection

Exploit Title: ChurchCRM 4.5.4 - Authenticated Blind SQL Injection via the ENtyid Date: 03-05-2023 Exploit Author: Arvandy Blog Post: https://github.com/arvandy/CVE/blob/main/CVE-2023-29842/CVE-2023-29842.md Software Link: https://github.com/ChurchCRM/CRM/releases Vendor Homepage:...

8.8CVSS7.1AI score0.01318EPSS
Exploits3
Packet Storm
Packet Storm
added 2023/08/08 12:0 a.m.356 views

eHato CMS 1.0 Open Redirection

==================================================================================================================================== | Title : eHato CMS 1.0 Open Redirect Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 69.032-bit | | Vend...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/06/23 12:0 a.m.356 views

Adapt Inventory Management System 1.0.0 SQL Injection

==================================================================================================================================== | Title : Adapt Inventory Management System 1.0.0 Auth By Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/04/20 12:0 a.m.356 views

Lilac-Reloaded For Nagios 2.0.8 Remote Code Execution

!/usr/bin/env python """ Exploit Title: Lilac-Reloaded for Nagios 2.0.8 - Remote Code Execution RCE Google Dork: N/A Date: 2023-04-13 Exploit Author: max / Zoltan Padanyi Vendor Homepage: https://exchange.nagios.org/directory/Addons/Configuration/Lilac-2DReloaded/visit Software Link:...

6.8AI score
Exploits0
Total number of security vulnerabilities5000