Lucene search
K
PacketstormMost viewed

50738 matches found

Packet Storm
Packet Storm
added 2022/11/15 12:0 a.m.1029 views

Payara Platform Path Traversal

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Path Traversal Vulnerability product: Payara Platform vulnerable version: Enterprise: 5.45.0 Community: 6.2022.1, 5.2022.4, 4.1.2.191.38 fixed version: Enterprise: 5.45.0...

7.5CVSS0.4AI score0.52926EPSS
Exploits7
Packet Storm
Packet Storm
added 2024/03/14 12:0 a.m.1028 views

Fortinet FortiOS Out-Of-Bounds Write

CVE-2024-21762 out-of-bounds write in Fortinet FortiOS CVE-2024-21762 vulnerability Vulnerability ===== FortiGate released a version update in February, fixing multiple medium- and high-risk vulnerabilities. One of the severe-level vulnerabilities is an unauthorized out-of-bounds write...

9.8CVSS7.4AI score0.85689EPSS
Exploits20
Packet Storm
Packet Storm
added 2021/10/06 12:0 a.m.1027 views

Dahua Authentication Bypass

STX Subject: Update: Dahua Authentication bypass CVE-2021-33044, CVE-2021-33045 Attack vector: Remote Authentication: Anonymous no credentials needed Researcher: bashis 2021 Limited Disclosure: September 6, 2021 Full Disclosure: October 6, 2021 PoC: https://github.com/mcw0/DahuaConsole -=Dahua=-...

10CVSS0.3AI score0.99871EPSS
Exploits13
Packet Storm
Packet Storm
added 2020/12/04 12:0 a.m.1026 views

CCt99 Chichen Tech CMS 1.0 SQL Injection

Document Title: =============== CCt99 Chichen Tech CMS v1.0 – SQL Injection Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2259 Release Date: ============= 2020-06-14 Vulnerability Laboratory ID VL-ID: ====================================...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2023/05/17 12:0 a.m.1025 views

WordPress Core 6.2 XSS / CSRF / Directory Traversal

On May 16, 2023, the WordPress core team released WordPress 6.2.1, which contains patches for 5 vulnerabilities, including a Medium Severity Directory Traversal vulnerability, a Medium-Severity Cross-Site Scripting vulnerability, and several lower-severity vulnerabilities. These patches have been...

7.1AI score0.79527EPSS
Exploits7
Packet Storm
Packet Storm
added 2024/11/22 12:0 a.m.1022 views

CUPS IPP Attributes LAN Remote Code Execution

class MetasploitModule Msf::Exploit::Remote Rank = NormalRanking include Exploit::Remote::DNS::Common include Exploit::Remote::SocketServer include Msf::Exploit::Remote::HttpServer::HTML Accessor for IPP HTTP service attraccessor :service2 MULTICASTADDR = '224.0.0.251' Define IPP constants module...

8.6CVSS7.4AI score0.76959EPSS
Exploits17
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.1017 views

Windows Secrets Dump

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rubysmb/dcerpc/client' class MetasploitModule Rex::Proto::Kerberos::Crypto::Encryption::DESCBCCRC, 3 = Rex::Proto::Kerberos::Crypto::Encryption::DESCBCMD5, 17 =...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/07/13 12:0 a.m.1015 views

VMware vCenter Server Virtual SAN Health Check Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VMware vCenter Server Virtual SAN Health Check Plugin RCE', 'Description' = %q This module exploits Java unsafe reflection and SSRF in the VMware...

10CVSS0.5AI score0.99999EPSS
Exploits13
Packet Storm
Packet Storm
added 2021/04/02 12:0 a.m.1015 views

F5 BIG-IP 16.0.x Remote Code Execution

Exploit Title: F5 BIG-IP 16.0.x - iControl REST Remote Code Execution Unauthenticated Exploit Author: Al1ex Vendor Homepage: https://www.f5.com/products/big-ip-services Version: 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5....

9.8AI score0.99898EPSS
Exploits20
Packet Storm
Packet Storm
added 2020/05/06 12:0 a.m.1015 views

Kentico CMS 12.0.14 Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Kentico CMS Staging SyncServer Unserialize Remote Command Execution', 'Description' = %q This module exploits a vulnerability in the Kentico CMS...

7.5CVSS0.4AI score0.96031EPSS
Exploits5
Packet Storm
Packet Storm
added 2023/05/01 12:0 a.m.1014 views

Adobe ColdFusion Unauthenticated Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Adobe ColdFusion Unauthenticated Remote Code Execution', 'Description' = %q This module exploits a remote unauthenticated deserialization of...

9.8CVSS6.9AI score0.97339EPSS
Exploits13
Packet Storm
Packet Storm
added 2021/08/20 12:0 a.m.1013 views

Microsoft Exchange ProxyShell Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'winrm' class MetasploitModule 'Microsoft Exchange ProxyShell RCE', 'Description' = %q This module exploit a vulnerability on Microsoft Exchange Server that allo...

10CVSS0.3AI score0.99999EPSS
Exploits18
Packet Storm
Packet Storm
added 2024/12/03 12:0 a.m.1011 views

Asterisk AMI Originate Authenticated Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Asterisk AMI Originate Authenticated RCE', 'Description' = %q On Asterisk, prior to versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk...

8.8CVSS7AI score0.04703EPSS
Exploits4
Packet Storm
Packet Storm
added 2020/06/16 12:0 a.m.1011 views

Neon LMS Shell Upload

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require "net/http" require "uri" require 'nokogiri' class MetasploitModule 'Neon LMS %q This module exploits File Manager File Upload vulnerability...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/03/29 12:0 a.m.1007 views

vsftpd 3.0.3 Denial Of Service

Exploit Title: vsftpd 3.0.3 - Remote Denial of Service Date: 22-03-2021 Exploit Author: xynmaps Vendor Homepage: https://security.appspot.com/vsftpd.html Software Link: https://security.appspot.com/downloads/vsftpd-3.0.3.tar.gz Version: 3.0.3 Tested on: Parrot Security OS 5.9.0...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/07/09 12:0 a.m.1004 views

Polkit D-Bus Authentication Bypass

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'unixcrypt' class MetasploitModule 'Polkit D-Bus Authentication Bypass', 'Description' = %q A vulnerability exists within the polkit system service that can be...

0.2AI score0.22193EPSS
Exploits37
Packet Storm
Packet Storm
added 2022/05/31 12:0 a.m.1000 views

Microsoft Office MSDT Follina Proof Of Concept

POC CVE-2022-30190 : CVE 0-day MS Offic RCE aka msdt follina Info : New Microsoft Office zero-day used in attacks to execute PowerShell Summary On the 29th of May 2022, the NaoSec team, an independent Cyber Security Research Team, discovered a malicious Office document shared on Virustotal. This...

9.3CVSS0.99374EPSS
Exploits91
Packet Storm
Packet Storm
added 2020/11/24 12:0 a.m.999 views

Apache OpenMeetings 5.0.0 Denial Of Service

Exploit Title: Apache OpenMeetings 5.0.0 - 'hostname' Denial of Service Google Dork: "Apache OpenMeetings DOS" Date: 2020-08-28 Exploit Author: SunCSR ThienNV - Sun Cyber Security Research Vendor Homepage: https://openmeetings.apache.org/ Software Link: https://openmeetings.apache.org/ Version:...

5CVSS0.1AI score0.69055EPSS
Exploits3
Packet Storm
Packet Storm
added 2022/04/19 12:0 a.m.998 views

Responsive Online Blog 1.0 SQL Injection

Exploit Title: Responsive Online Blog 1.0 - Blind Boolean-based SQLi Date: 2022-04-16 Exploit Author: Gideon Kamioka @w1ezl Vendor Homepage: https://www.sourcecodester.com/php/14194/responsive-online-blog-website-using-phpmysql.html Software Link:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2019/07/29 12:0 a.m.996 views

Redis Unauthenticated Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Redis Unauthenticated Code Execution', 'Description' = %q This module can be used to leverage the extension functionality added by Redis 4.x and...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2020/12/04 12:0 a.m.995 views

Perfex CRM 2.4.4 Cross Site Scripting

Document Title: =============== Perfex v2.4.4 CRM - Print Persistent Web Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2231 Release Date: ============= 2020-06-24 Vulnerability Laboratory ID VL-ID: ==================================== 22...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2013/07/06 12:0 a.m.995 views

phpVibe 3.1 Disclosure / Remote File Inclusion

Exploit Title: phpVibe 3.1 Multiple Vulnerability Date: 2013-05-07 Author: indoushka Software Link: http://phprevolution.com/ Category: webapps/php Version: 3.1 Price: 40€ Google dork: "Powered by phpVibe v3.1" installation Application error message :...

Exploits0
Packet Storm
Packet Storm
added 2021/03/17 12:0 a.m.994 views

CuteNews 2.1.2 Shell Upload

! /usr/bin/env python3 Exploit Title: CuteNews 2.1.2 - Avatar upload RCE Authenticated Exploit Author: Mayank Deshmukh Date: 2021-03-17 Vendor Homepage: https://cutephp.com/ Software Link: https://cutephp.com/click.php?cutenewslatest Version: 2.1.2 CVE: CVE-2019-11447 CVE Reference:...

6.5CVSS8.7AI score0.52901EPSS
Exploits10
Packet Storm
Packet Storm
added 2021/03/09 12:0 a.m.989 views

HPE Systems Insight Manager AMF Deserialization Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HPE Systems Insight Manager AMF Deserialization RCE', 'Description' = %q A remotely exploitable vulnerability exists within HPE System Insight...

7.5CVSS0.8AI score0.8189EPSS
Exploits4
Packet Storm
Packet Storm
added 2023/12/15 12:0 a.m.987 views

PKP-WAL 3.4.0-3 Remote Code Execution

--------------------------------------------------------------------------------- PKP-WAL getDeployment; 103. 104. $context = $deployment-getContext; 105. 106. $locale = $node-getAttribute'locale'; 107. if empty$locale 108. $locale = $context-getPrimaryLocale; 109. 110. 111. $coverImagelocale = ;...

5.3CVSS7.4AI score0.00618EPSS
Exploits2
Packet Storm
Packet Storm
added 2019/09/24 12:0 a.m.987 views

vBulletin 5.x Pre-Auth Remote Code Execution

!/usr/bin/python vBulletin 5.x 0day pre-auth RCE exploit This should work on all versions from 5.0.0 till 5.5.4 Google Dorks: - site:.vbulletin.net - "Powered by vBulletin Version 5.5.4" import requests import sys if lensys.argv != 2: sys.exit"Usage: %s " % sys.argv0 params =...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2006/11/03 12:0 a.m.984 views

tikiwiki-1.9.5.txt

/==========================================/ //tikiwiki version 1.9.5 CVS -Sirius- PoC // Product: Tikiwiki // URL: http://tikiwiki.org/ // RISK: critical /==========================================/ there's a critical security bug in tikiwiki version 1.9.5 CVS -Sirius- a anonymous user , can dum...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/11/16 12:0 a.m.980 views

PMB 5.6 Local File Disclosure / Directory Traversal

Exploit Title: PMB 5.6 - 'chemin' Local File Disclosure Date: 2020-10-13 Google Dork: inurl:opaccss Exploit Author: 41-trk Tarik Bakir Vendor Homepage: http://www.sigb.net Software Link: http://forge.sigb.net/redmine/projects/pmb/files Affected versions : = 5.6 Tested on: Ubuntu 18.04.1 The PMB G...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/02/02 12:0 a.m.975 views

Student Record System 4.0 SQL Injection

Exploit Title: Student Record System 4.0 - 'sid' SQL Injection Google Dork: N/A Date: 2/2/2021 Exploit Author: Jannick Tiger Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/wp-content/uploads/2019/05/schoolmanagement.zip Version: V 4.0 Tested on: Windows、XAMPP...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2019/05/14 12:0 a.m.975 views

PHP-Fusion 9.03.00 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "PHP-Fusion %q This module exploits command execution vulnerability in PHP-Fusion 9.03.00 and prior versions. It is possible to execute commands i...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2018/11/14 12:0 a.m.974 views

Atlassian Jira Authenticated Upload Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Atlassian Jira Authenticated Upload Code Execution', 'Description' = %q This module can be used to execute a payload on Atlassian Jira via the...

0.7AI score
Exploits0
Packet Storm
Packet Storm
added 2021/04/01 12:0 a.m.972 views

SaltStack Salt API Unauthenticated Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SaltStack Salt API Unauthenticated RCE through wheelasync client', 'Description' = %q This module leverages an authentication bypass and director...

7.5CVSS0.5AI score0.92312EPSS
Exploits6
Packet Storm
Packet Storm
added 2020/11/27 12:0 a.m.972 views

ZTE Blade Vantage Z839 Emode.APK android.uid.system Privilege Escalation

ZTE Blade Vantage Z839 Emode.APK android.uid.system LPE exploit =============================================================== ZTE Blade Vantage Z839 Android handsets running 7.1.1 contain an engineering mode that utilizes "Android Secret Codes" for accessing hidden engineering functionality. Su...

7.2CVSS0.8AI score0.20089EPSS
Exploits9
Packet Storm
Packet Storm
added 2020/11/12 12:0 a.m.971 views

SaltStack Salt REST API Arbitrary Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SaltStack Salt REST API Arbitrary Command Execution', 'Description' = %q This module exploits an authentication bypass and command injection in...

0.7AI score0.99585EPSS
Exploits5
Packet Storm
Packet Storm
added 2005/08/07 12:0 a.m.971 views

UltimatePHPBoard.txt

Ultimate PHP Board UPB Security Advisory By : Morinex e-mail : morinexatmarocmafia com date : 13-05-2k5 shoutz : w00pie.nl Target : Ultimate PHP Board UPB Vulnerable Versions: v. 1.8 until v 1.9.6 URL : http://www.myupb.com - http://www.myupb.com/forum/ Tested Localhost , Myupb.com. UPB is a...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/11/19 12:0 a.m.969 views

Fortinet FortiOS 6.0.4 Password Modification

Exploit Title: Fortinet FortiOS 6.0.4 - Unauthenticated SSL VPN User Password Modification Google Dork: intitle:"Please Login" "Use FTM Push" Date: 15/11/2020 Exploit Author: Ricardo Longatto Details: This exploit allow change users password from SSLVPN web portal Vendor Homepage:...

5CVSS0.81691EPSS
Exploits2
Packet Storm
Packet Storm
added 2019/07/02 12:0 a.m.966 views

Apache Tomcat CGIServlet enableCmdLineArguments Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Tomcat CGIServlet enableCmdLineArguments Vulnerability', 'Description' = %q This module exploits a vulnerability in Apache Tomcat's...

9.3CVSS0.99652EPSS
Exploits9
Packet Storm
Packet Storm
added 2020/09/10 12:0 a.m.965 views

Mobile Shop System 1.0 SQL Injection

Title: Mobile Shop System v1.0 - SQLi lead to authentication bypass Exploit Author: Moaaz Taha 0xStorm Date: 2020-09-08 Vendor Homepage: https://www.sourcecodester.com/php/14412/mobile-shop-system-php-mysql.html Software Link:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/01/26 12:0 a.m.963 views

CloudLinux CageFS 7.1.1-1 Token Disclosure

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 CloudLinux CageFS Token Disclosure Link: https://github.com/sbaresearch/advisories/tree/public/2020/SBA-ADV-20200707-01CloudLinuxCageFSTokenDisclosure Vulnerability Overview CloudLinux CageFS 7.1.1-1 or below passes the authentication token as a...

7.4AI score0.00474EPSS
Exploits2
Packet Storm
Packet Storm
added 2022/01/24 12:0 a.m.963 views

UniFi Network Application Unauthenticated Log4Shell Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'UniFi Network Application Unauthenticated JNDI Injection RCE via Log4Shell', 'Description' = %q The Ubiquiti UniFi Network Application versions...

10CVSS0.4AI score0.99999EPSS
Exploits349
Packet Storm
Packet Storm
added 2024/07/04 12:0 a.m.962 views

Toshiba Multi-Function Printers 40 Vulnerabilities

Hello, Please find a text-only version below sent to security mailing lists. The complete version on "40 vulnerabilities in Toshiba Multi-Function Printers" is posted here: https://pierrekim.github.io/blog/2024-06-27-toshiba-mfp-40-vulnerabilities.html The text version is also posted here:...

9.8CVSS7.2AI score0.26811EPSS
Exploits2
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.960 views

Hikvision IP Camera Unauthenticated Password Change Via Improper Authentication Logic

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Hikvision IP Camera Unauthenticated Password Change Via Improper Authentication Logic', 'Description' = %q Many Hikvision IP cameras contain...

10CVSS7AI score0.99998EPSS
Exploits11
Packet Storm
Packet Storm
added 2020/12/04 12:0 a.m.959 views

IDT PC Audio 1.0.6499.0 Unquoted Service Path

Exploit Title: IDT PC Audio 1.0.6499.0 - 'STacSV' Unquoted Service Path Discovery by: Diego Cañada Software link: https://www.pconlife.com/download/otherfile/20566/90674cffc8658c4f2bf58d43bb9b7ccb/ Discovery Date: 2020-12-03 Tested Version: 1.0.6499.0 Vulnerability Type: Unquoted Service Path...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2022/11/30 12:0 a.m.957 views

Microsoft Exchange ProxyNotShell Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft Exchange ProxyNotShell RCE', 'Description' = %q This module chains two vulnerabilities on Microsoft Exchange Server that, when combined...

8.8CVSS0.6AI score0.99964EPSS
Exploits16
Packet Storm
Packet Storm
added 2020/11/18 12:0 a.m.957 views

Zerologon Netlogon Privilege Escalation

Exploit Title: ZeroLogon - Netlogon Elevation of Privilege Date: 2020-10-04 Exploit Author: West Shepherd Vendor Homepage: https://www.microsoft.com Version: Microsoft Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2 Tested on: Microsof...

9.3CVSS0.7AI score0.99512EPSS
Exploits75
Packet Storm
Packet Storm
added 2020/11/11 12:0 a.m.954 views

Microsoft Windows Local Spooler Bypass

Windows: Local Spooler CVE-2020-1337 Bypass One way of exploiting this on Windows 10 2004 is to understand that FileNormalizedNameInformation will fail if the new path after the mount point is not under the root directory of the server. For example the admin$ share points to c:\windows. If you se...

7.2CVSS9AI score0.14179EPSS
Exploits10
Packet Storm
Packet Storm
added 2023/01/10 12:0 a.m.948 views

Tiki Wiki CMS Groupware 25.0 Cross Site Request Forgery

------------------------------------------------------------------------------ Tiki Wiki CMS Groupware = 25.0 Two Cross-Site Request Forgery Vulnerabilities ------------------------------------------------------------------------------ - Software Link: https://tiki.org - Affected Versions: Versio...

0.1AI score0.00315EPSS
Exploits2
Packet Storm
Packet Storm
added 2020/12/04 12:0 a.m.948 views

CMS Made Simple 2.2.15 Cross Site Scripting

Exploit Title: CMS Made Simple 2.2.15 - Stored Cross-Site Scripting via SVG File Upload Authenticated Date: 04/12/2020 Exploit Author: Eshan Singh Vendor Homepage: https://www.cmsmadesimple.org/ Software Link: https://www.cmsmadesimple.org/downloads Version: cmsms v2.2.15 Tested on: Windows/Kali...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/06/24 12:0 a.m.943 views

TP-Link TL-WR841N Command Injection

Exploit Title: TP-Link TL-WR841N - Command Injection Date: 2020-12-13 Exploit Author: Koh You Liang Vendor Homepage: https://www.tp-link.com/ Software Link: https://static.tp-link.com/TL-WR841NJPV13161028.zip Version: TL-WR841N 0.9.1 4.0 Tested on: Windows 10 CVE : CVE-2020-35575 import requests...

7.5CVSS9.7AI score0.07643EPSS
Exploits3
Packet Storm
Packet Storm
added 2020/11/16 12:0 a.m.942 views

SIGE 3.4.1 / 3.5.3 Pro Cross Site Scripting / Remote File Inclusion

Document Title: =============== SIGE Joomla 3.4.1 & 3.5.3 Pro - Multiple Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2265 Release Date: ============= 2020-11-11 Vulnerability Laboratory ID VL-ID: ====================================...

0.2AI score
Exploits0
Total number of security vulnerabilities5000