Lucene search
K
PacketstormMost viewed

50765 matches found

Packet Storm
Packet Storm
added 2021/10/26 12:0 a.m.359 views

Simplephpscripts Simple CMS 2.1 Cross Site Scripting

Document Title: =============== Simplephpscripts Simple CMS v2.1 - Persistent Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2302 Release Date: ============= 2021-10-19 Vulnerability Laboratory ID VL-ID: ==================================...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/10/04 12:0 a.m.359 views

Open Game Panel Remote Code Execution

Exploit Title: Open Game Panel - Remote Code Execution RCE Authenticated Google Dork: intext:"Open Game Panel 2021" Date: 08/14/2021 Exploit Author: prey Vendor Homepage: https://www.opengamepanel.org/ Software Link: https://github.com/OpenGamePanel/OGP-Website Version: before 14 Aug patch...

0.01311EPSS
Exploits4
Packet Storm
Packet Storm
added 2021/07/19 12:0 a.m.359 views

Backdoor.Win32.Agent.bjev Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/ca40998b5d62ee7f936537ff3de7993d.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Agent.bjev Vulnerability: Insecure Permissions Description: The malware creates a dir...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/04/30 12:0 a.m.359 views

Backdoor.Win32.Agent.oj Code Execution

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/c1e92e04cdb432d83ea2610ef226d4cdB.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Agent.oj Vulnerability: Unauthenticated Remote Command Execution Description: The...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/04/30 12:0 a.m.359 views

Backdoor.Win32.Agent.oj Buffer Overflow

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/c1e92e04cdb432d83ea2610ef226d4cd.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Agent.oj Vulnerability: Remote Stack Buffer Overflow Description: The malware listens...

0.6AI score
Exploits0
Packet Storm
Packet Storm
added 2021/03/04 12:0 a.m.359 views

Online Ordering System 1.0 Shell Upload

Exploit Title: Online Ordering System 1.0 - Arbitrary File Upload to Remote Code Execution Date: 04/03/2021 Exploit Author: Suraj Bhosale Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/5125/online-ordering-system-using-phpmysql.html Version: 1.0...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/02/24 12:0 a.m.359 views

Backdoor.Win32.Delf.adag Hardcoded Credentials / Traversal

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/0e997ab441cd8c35010dd8db98aae2c2.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Delf.adag Vulnerability: Weak Hardcoded Credentials Description: The backdoor runs an...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2025/07/08 12:0 a.m.358 views

📄 MikroTik RouterOS Cross Site Scripting

A reflected cross site scripting vulnerability exists in MikroTik RouterOS versions prior to version 7, specifically in the UserManager web interface. This flaw can be exploited by unauthenticated attackers, allowing JavaScript injection via a specially crafted URL without requiring a valid login...

6.6AI score
Exploits0
Packet Storm
Packet Storm
added 2024/11/21 12:0 a.m.358 views

Ivanti EPM Agent Portal Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/proto/msnrtp/client' class MetasploitModule 'Ivanti EPM Agent Portal Command Execution', 'Description' = %q This module leverages an unauthenticated RCE in...

9.8CVSS7.4AI score0.12904EPSS
Exploits5
Packet Storm
Packet Storm
added 2024/10/17 12:0 a.m.358 views

ABB Cylon Aspect 3.08.01 networkDiagAjax.php Remote Network Utility Execution

ABB Cylon Aspect 3.08.01 networkDiagAjax.php Remote Network Utility Execution Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.01 Summary: ASPECT is an award-winning scalable building energy...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/09/11 12:0 a.m.358 views

Profiling System 1.0 Shell Upload

============================================================================================================================================= | Title : Profiling System 1.0 code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 129.0.1 64...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/03/11 12:0 a.m.358 views

WordPress Duplicator Data Exposure / Account Takeover

Exploit Title: WordPress Plugin Duplicator 1.5.7.1 - Unauthenticated Sensitive Data Exposure to Account Takeover Google Dork: inurl:"plugins/duplicator/" Date: 2023-12-04 Exploit Author: Dmitrii Ignatyev Vendor Homepage:...

7.5CVSS7.4AI score0.30894EPSS
Exploits5
Packet Storm
Packet Storm
added 2023/08/11 12:0 a.m.358 views

Easy Password Manager 1.1 Information Disclosure

==================================================================================================================================== | Title : Easy Password Manager v1.1 unauthorized administrative access Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser :...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/10 12:0 a.m.358 views

DigaSell Digital Store PHP Script 1.0.0 SQL Injection

==================================================================================================================================== | Title : DigaSell - Digital store PHP Script V1.0.0 Blind Sql Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser :...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/06/22 12:0 a.m.358 views

Active Matrimonial CMS 1.4 HTML Injection

==================================================================================================================================== | Title : Active Matrimonial CMS v 1.4 HTML inject Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 64.0.2...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/06/19 12:0 a.m.358 views

RentEquip Multipurpose Rental 1.0 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/06/02 12:0 a.m.358 views

Biig Order CMS 2 SQL Injection

================================================================================ | Title : E-commerce Biig Order CMS V2 Auth by Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : firefox 113.0.164 bits | | Vendor : https://www.vaskar.in/ | | Dork :...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/05/09 12:0 a.m.358 views

HammerSpace GDE / GFS 4.6.6-324 Authentication Bypass

Affected Product: HammerSpace Global Data Environment / Global File System - https://hammerspace.com/product Affected Versions: v4.6.6-324 and below with default installation/configuration. Vendor Notified: Yes, sometime between: 08/2022 and 10/2022, confirmed 2023-03-21 there is a fix in an...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2022/08/15 12:0 a.m.358 views

Inout RealEstate 2.1.2 SQL Injection

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

Exploits0
Packet Storm
Packet Storm
added 2022/01/06 12:0 a.m.358 views

Backdoor.Win32.Jtram.a Man-In-The-Middle

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/596882dfba543b23ad3225d24ee5e800B.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Jtram.a Vulnerability: Port Bounce Scan Description: The malware listens on TCP port...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/12/06 12:0 a.m.358 views

Auerswald COMpact 8.0B Privilege Escalation

Advisory: Auerswald COMpact Privilege Escalation RedTeam Pentesting discovered a vulnerability in the web-based management interface of the Auerswald COMpact 5500R PBX which allows low-privileged users to access passwords of administrative user accounts. Details ======= Product: COMpact 4000,...

1.5AI score0.02028EPSS
Exploits4
Packet Storm
Packet Storm
added 2021/08/13 12:0 a.m.358 views

PluXML 5.8.7 Cross Site Scripting

Exploit Title: XSS-Stored on PluXML 5.8.7 - latest parameter "idcontent" Author: nu11secur1ty Testing and Debugging: nu11secur1ty Date: 08.13.2021 Vendor: https://pluxml.org/ Link: https://sourceforge.net/projects/chikitsa/ CVE: CVE-2021-38603 + Exploit Source: !/usr/bin/python3 Author:...

5.2AI score0.01095EPSS
Exploits2
Packet Storm
Packet Storm
added 2021/03/19 12:0 a.m.358 views

SOYAL 701Server 9.0.1 Insecure Permissions

SOYAL 701Server 9.0.1 Insecure Permissions Vendor: SOYAL Technology Co., Ltd Product web page: https://www.soyal.com.tw | https://www.soyal.com Affected version: 9.0.1 190322 8.0.6 181227 Summary: 701 Server is the program used to set up and configure LAN and IP based access control systems, from...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/03/16 12:0 a.m.358 views

GeoGebra 3D Calculator 5.0.511.0 Denial Of Service

Exploit Title: GeoGebra 3D Calculator 5.0.511.0 - Denial of Service PoC Date: 2021-03-15 Author: Brian Rodríguez Software Site: https://www.geogebra.org/download Download Link:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2025/10/07 12:0 a.m.357 views

📄 Malicious Windows Script Host Script File

This Metasploit module creates a Windows Script Host WSH Windows Script File .wsf. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Malicious Windows Script Host Script File .wsf', 'Description'...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2025/02/28 12:0 a.m.357 views

Firefox 135.0.1 Download Stresser

Firefox version 135.0.1 appears to suffer from a download looping issue that allows a malicious site to constantly download files to a user's browser. Exploit Title: Firefox 135.0.1 bypass Download protections PoC Date: 2025-02-28 Exploit Author: Emiliano Febbi Vendor Homepage:...

7AI score
Exploits0
Packet Storm
Packet Storm
added 2024/10/07 12:0 a.m.357 views

Netis MW5360 Code Injection

============================================================================================================================================= | Title : Netis MW5360 Code Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.2 64 bits | |...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.357 views

DoliWamp jqueryFileTree.php Traversal Gather Credentials

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "DoliWamp 'jqueryFileTree.php' Traversal Gather Credentials", 'Description' = %q This module will extract user credentials from DoliWamp - a WAMP...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/02/12 12:0 a.m.357 views

Windows Defender Detection Mitigation Bypass

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: https://hyp3rlinx.altervista.org/advisories/MICROSOFTWINDOWSDEFENDERTROJAN.WIN32.POWESSERE.GMITIGATIONBYPASSPART2.txt + twitter.com/hyp3rlinx + ISR: ApparitionSec Vendor www.microsoft.com Product Windows Defender...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/01/11 12:0 a.m.357 views

PHPJabbers Restaurant Booking System 3.0 Cross Site Scripting / HTML Injection

Exploit Title: PHPJabbers Restaurant Booking System v3.0 - Reflected XSS Date: 19/12/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/restaurant-booking-system/sectionDemo Version: v3.0 Tested o...

7.4AI score0.00385EPSS
Exploits4
Packet Storm
Packet Storm
added 2023/04/03 12:0 a.m.357 views

MyBB 1.8.32 Remote Code Execution

Exploit Title: MyBB 1.8.32 - Chained LFI Remote Code Execution RCE Authenticated Date: 2023-01-19 Exploit Author: lUc1f3r11 https://github.com/FDlucifer Vendor Homepage: https://mybb.com/ Software Link: https://github.com/mybb/mybb/releases/tag/mybb1832 Version: MyBB 1.8.32 Tested on: Linux CVE :...

6.8AI score
Exploits0
Packet Storm
Packet Storm
added 2023/01/05 12:0 a.m.357 views

Oracle Database Vault Metadata Exposure

Title: CVE-2021-2175 – Oracle Database Vault Metadata Exposure Vulnerability Product: Database Manufacturer: Oracle Affected Versions: 12.1.0.2, 12.2.0.1, 18c, 19c Tested Versions: 19c Risk Level: low Solution Status: Fixed CVE Reference: CVE-2021-2175 Author of Advisory: Emad Al-Mousa Overview:...

4CVSS0.01654EPSS
Exploits6
Packet Storm
Packet Storm
added 2022/09/09 12:0 a.m.357 views

mbDrive Lite WiFi Flash Disk 1.4.0 Cross Site Scripting

Exploit Title: mbDrive Lite - WiFi flash disk 1.4.0 Reflected XSS Date: Sep 8, 2022 Exploit Author: Chokri Hammedi Vendor Homepage: https://apps.apple.com/us/developer/haw-yuan-yang/id291212805 Software Link: https://apps.apple.com/us/app/mbdrive-lite-wifi-flash-disk/id343254033 Version: 1.4.0...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2022/08/31 12:0 a.m.357 views

Zyxel Firewall SUID Binary Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Zyxel Firewall SUID Binary Privilege Escalation', 'Description' = %q This module exploits CVE-2022-30526, a local privilege escalation...

10CVSS0.8AI score0.99938EPSS
Exploits28
Packet Storm
Packet Storm
added 2022/04/15 12:0 a.m.357 views

Backdoor.Win32.Prorat.cwx Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/2d81bf2c55c81778533b55fb444d4dc6.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Prorat.cwx Vulnerability: Insecure Permissions Description: The malware writes a ".EX...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/02/10 12:0 a.m.357 views

WordPress 5.9 Cross Site Scripting

Document Title: =============== Wordpress = 5.9 Cross-Site Scripting Reflected Authenticated Credits & Authors: ================== Taurus Omar [email protected] Disclosure Type: ================ Independent Security Research Release Date: ============= 2022-31-01 Vulnerability Disclosure...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2022/01/13 12:0 a.m.357 views

SonicWall SMA 100 Series Authenticated Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SonicWall SMA 100 Series Authenticated Command Injection', 'Description' = %q This module exploits an authenticated command injection vulnerabili...

9.8CVSS0.8AI score0.99912EPSS
Exploits8
Packet Storm
Packet Storm
added 2021/12/21 12:0 a.m.357 views

Aver EVC300 Firmware 00.10.16.36 Hardcoded Secrets

Firmware for Aver EVC300 multipoint video conferencing system v00.10.16.36 and others as well as firmware for several other devices manufactured by Aver, potentially all multipoint video conferencing systems contains multiple advanced features that are not well documented: 1. The web admin server...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/12/10 12:0 a.m.357 views

Free School Management Software 1.0 Cross Site Scripting

Exploit Title: Free School Management Software 1.0 - 'multiple' Stored Cross-Site Scripting XSS Exploit Author: fuzzyap1 Date: 7-12-2021 Category: Web application Vendor Homepage: https://www.sourcecodester.com/php/15073/free-school-management-software.html Software Link:...

Exploits0
Packet Storm
Packet Storm
added 2021/12/08 12:0 a.m.357 views

Reprise License Manager 14.2 Session Hijacking

Product: Reprise License Manager 14.2 Vendor: Reprise Software CVE ID: CVE-2021-44151 Vulnerability Title: Unauthenticated Session Hijacking Severity: Medium/High Authors: Mark Staal Steenberg, Bilal El Ghoul, Gionathan Armando Reale, Andreas Fyhn Andersen, Oliver Lind Nordestgaard Date: 2021-11-...

0.4AI score0.02529EPSS
Exploits2
Packet Storm
Packet Storm
added 2021/07/26 12:0 a.m.357 views

Backdoor.Win32.PsyRat.b Code Execution

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/5817183894cb513239f6aef28895130c.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.PsyRat.b Vulnerability: Unauthenticated Remote Command Execution Description: The...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/03/15 12:0 a.m.357 views

Online News Portal 1.0 Cross Site Scripting

Exploit Title: Online News Portal | Stored Cross-Site Scripting Exploit Author: Richard Jones Date: 2021-03-15 Vendor Homepage: https://www.sourcecodester.com/php/14741/online-news-portal-using-phpmysqli-free-download-source-code.html Software Link:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/02/26 12:0 a.m.357 views

Nagios XI 5.7.5 Remote Code Execution

nagios-xi-5.7.5-bugs Bugs reported to Nagios XI CVE-2021-25296 Code Location /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php Code snippet php if !empty$pluginoutputlen $diskwmicommand .= " --forcetruncateoutput " . $pluginoutputlen; $servicewmicommand .= "...

9CVSS0.1AI score0.97714EPSS
Exploits10
Packet Storm
Packet Storm
added 2020/12/14 12:0 a.m.357 views

Macally WIFISD2-2A82 2.000.010 Privilege Escalation

Exploit Title: Macally WIFISD2-2A82 2.000.010 - Guest to Root Privilege Escalation Date: 03.12.2020 Exploit Author: Maximilian Barz and Daniel Schwendner Vendor Homepage: https://us.macally.com/products/wifisd2 Version: 2.000.010 Tested on: Kali Linux 5.7.0-kali1-amd64 CVE : CVE-2020-29669...

1AI score0.04866EPSS
Exploits4
Packet Storm
Packet Storm
added 2020/10/28 12:0 a.m.357 views

Prey 1.9.6 Unquoted Service Path

Exploit Title: Prey 1.9.6 - "CronService" Unquoted Service Path Discovery by: Ömer Tuygun Discovery Date:16.10.2020 Vendor Homepage: https://preyproject.com/ Software Link: https://preyproject.com/download/ Tested Version: 1.9.6 Vulnerability Type: Unquoted Service Path Tested on OS: Windows 10 P...

0.4AI score
Exploits0
Packet Storm
Packet Storm
added 2019/07/06 12:0 a.m.357 views

Huawei HG530 Cross Site Request Forgery

Multiple CSRF reboot and restore Vulnerability =========================== The Huawei HG530 suffers from multiple CSRF vulnerability allows local attackers to reboot the device or to restore to factory Configuration. ================== The vulnerability is located in form POST data parameter in...

0.7AI score
Exploits0
Packet Storm
Packet Storm
added 2018/11/16 12:0 a.m.357 views

Warranty Tracking System 11.06.3 SQL Injection

Exploit Title: Warranty Tracking System 11.06.3 - 'txtCustomerCode' SQL Injection Dork: N/A Date: 2018-11-14 Exploit Author: Ihsan Sencan Vendor Homepage: http://warrantytrack.org/ Software Link: https://kent.dl.sourceforge.net/project/warrantytrack/warrantytrack%20Rel.11.06.3.zip Version: 11.06....

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2024/10/14 12:0 a.m.356 views

TOTOLINK 9.x Command Injection

============================================================================================================================================= | Title : TOTOLINK 9.x Code Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.2 64 bits | |...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/10/03 12:0 a.m.356 views

ViciDial 2.0.5 Cross Site Request Forgery

============================================================================================================================================= | Title : ViciDial Call Center - astguiclient - thirtieth public release 2.0.5 CSRF Add ADmin Vulnerability | | Author : indoushka | | Tested on : windows ...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/07/04 12:0 a.m.356 views

Zyxel parse_config.py Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Zyxel parseconfig.py Command Injection', 'Description' = %q This module exploits vulnerabilities in multiple Zyxel devices including the VPN, USG...

8.8CVSS7.1AI score0.1014EPSS
Exploits2
Total number of security vulnerabilities5000