Lucene search
K
PacketstormMost viewed

50748 matches found

Packet Storm
Packet Storm
added 2023/05/15 12:0 a.m.354 views

Screen SFT DAB 600/C Authentication Bypass / Password Change

!/usr/bin/env python3 Screen SFT DAB 600/C Authentication Bypass Password Change Exploit Vendor: DB Elettronica Telecomunicazioni SpA Product web page: https://www.screen.it | https://www.dbbroadcast.com https://www.dbbroadcast.com/products/radio/sft-dab-series-compact-air/ Affected version:...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2022/12/09 12:0 a.m.354 views

Zhuhai Suny Technology ESL Tag Forgery / Replay Attacks

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Replay attacks & Displaying arbitrary contents product: Zhuhai Suny Technology ESL Tag / ETAG-TECH protocol electronic shelf labels vulnerable version: All fixed version:...

6.5CVSS0.00714EPSS
Exploits3
Packet Storm
Packet Storm
added 2022/08/01 12:0 a.m.354 views

WordPress SeatReg 1.23.0 Open Redirect

Exploit Title: WordPress Plugin ‘SeatReg’ - Unauthenticated Open Redirect Date: 01-08-2022 Exploit Author: Mariam Tariq - HunterSherlock Vendor Homepage: https://wordpress.org/plugins/seatreg/ Version: 1.23.0 Tested on: Firefox Contact me: [email protected] Description: An Open Redirection...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/06/20 12:0 a.m.354 views

SIEMENS-SINEMA Remote Connect 3.0.1.0-01.01.00.02 Cross Site Scripting

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Reflected Cross Site Scripting product: SIEMENS-SINEMA Remote Connect vulnerable version: =V3.0.1.0-01.01.00.02 fixed version: V3.1.0 CVE number: CVE-2022-29034 impact:...

6.7AI score0.28261EPSS
Exploits3
Packet Storm
Packet Storm
added 2021/12/14 12:0 a.m.354 views

Sofico Miles RIA 2020.2 Build 127964T Cross Site Scripting

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Stored Cross Site Scripting product: Sofico Miles RIA vulnerable version: 2020.2 build 127964T fixed version: 2020.2 build 128076 or higher CVE number: CVE-2021-41557...

0.3AI score0.00771EPSS
Exploits3
Packet Storm
Packet Storm
added 2021/11/10 12:0 a.m.354 views

Employee Daily Task Management System 1.0 Cross Site Scripting

Exploit Title: Employee Daily Task Management System 1.0 - 'Name' Stored Cross-Site Scripting XSS Date: 09/11/2021 Exploit Author: Ragavender A G Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/edtms.zip Version...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/07/19 12:0 a.m.354 views

Backdoor.Win32.IRCBot.gen Remote Command Execution

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/96f5cdfa5b3416c819d76060f11dc88d.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.IRCBot.gen Vulnerability: Unauthenticated Remote Command Execution Description: The...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/04/22 12:0 a.m.354 views

Trojan-Dropper.Win32.Agent.xtp Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/360bbc9e0926488f085029948ff6c759.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan-Dropper.Win32.Agent.xtp Vulnerability: Insecure Permissions Description: The malware creates ...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/03/12 12:0 a.m.354 views

Monitoring Of Students Cyber Accounts System 1.0 SQL Injection

Exploit Title: Monitoring of Students Cyber Accounts System | 'un' SQL Injection Exploit Author: Richard Jones Date: 2021-03-12 Vendor Homepage: https://www.sourcecodester.com/php/11743/monitoring-students-cyber-accounts.html Software Link:...

0.7AI score
Exploits0
Packet Storm
Packet Storm
added 2021/02/18 12:0 a.m.354 views

Backdoor.Win32.Agent.aak Hardcoded Credentials

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/64f2fd4dbd9039e5bc054f475eaa582a.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Agent.aak Vulnerability: Weak Hardcoded Credentials Description: The HTTP backdoor...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/11/06 12:0 a.m.354 views

SmartBlog 2.0.1 Blind SQL Injection

Exploit Title: SmartBlog 2.0.1 - 'idpost' Blind SQL injection Date: 2020-11-05 Exploit Author: C0wnuts Vendor Homepage: https://github.com/smartdatasoft/smartblog Version: 2.0.1 Tested on: Linux Description : A blind SQL injection is present in the "idpost" parameter of the "details" controller. ...

0.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/11/05 12:0 a.m.354 views

iDS6 DSSPro Digital Signage System 6.2 Password Disclosure

iDS6 DSSPro Digital Signage System 6.2 autoSave Cookie User Password Disclosure Vendor: Guangzhou Yeroo Tech Co., Ltd. Product web page: http://www.yerootech.com Affected version: V6.2 B2014.12.12.1220 V5.6 B2017.07.12.1757 V4.3 Summary: iDS6 Software's DSSPro network digital signage management...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2019/08/26 12:0 a.m.354 views

Django CRM 0.2.1 Cross Site Request Forgery

Information -------------------- Advisory by Netsparker Name: Multiple CSRF Vulnerabilities in Django CRM 0.2.1 Affected Software: Django CRM Affected Versions: 0.2.1 Homepage: https://github.com/MicroPyramid/Django-CRM Vulnerability: Cross-site Request Forgery Severity: 8.8 High Status: Not Fixe...

1AI score0.01149EPSS
Exploits2
Packet Storm
Packet Storm
added 2018/11/16 12:0 a.m.354 views

Budabot 4.0 Denial Of Service

4.0 Tested on: 4.0 CVE: CVE-2018-19290 1. Description In modules/HELPBOTMODULE in Budabot 0.6 through 4.0, lax syntax validation allows remote attackers to perform a command injection attack against the PHP daemon with a crafted command, resulting in a denial of service or possibly unspecified...

9.7AI score0.04048EPSS
Exploits6
Packet Storm
Packet Storm
added 2017/04/04 12:0 a.m.354 views

SmartJobBoard 5.0.9 Cross Site Scripting / Information Disclosure

https://www.osisecurity.com.au/smartjobboard---cross-site-scripting-personal-information-disclosure-and-phpmailer-package.html Date: 04-Apr-2017 Product: SmartJobBoard Versions affected: v5.0.9 and below. Vulnerability: 1 Cross-site scripting vulnerabilities in the following locations and...

10AI score0.99714EPSS
Exploits59
Packet Storm
Packet Storm
added 2025/03/05 12:0 a.m.353 views

Webmin 2.202 Remote Code Execution

Webmin version 2.202 suffers from a remote code execution vulnerability. Exploit Title: Webmin RCE Leading to Privilege Escalation Google Dork: N/A Date: 05-03-2025 Exploit Author: Buğra Enis Dönmez Vendor Homepage: https://webmin.com/ Software Link: https://webmin.com/ Version: 2.202 Tested on:...

8.3AI score
Exploits0
Packet Storm
Packet Storm
added 2025/02/17 12:0 a.m.353 views

Monero 18.3.4 Denial of Service

Monero version 18.3.4 suffers from a memory exhaustion vulnerability. Hello, About an hour ago, a group appearing to be named WyRCV2 posted a note on the nostr social network, which can be found at the following link:...

7.3AI score
Exploits0
Packet Storm
Packet Storm
added 2024/09/06 12:0 a.m.353 views

SPIP 4.2.12 Code Execution

============================================================================================================================================= | Title : SPIP 4.2.12 PHP Code execution Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 129.0.1 64 bits ...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/08 12:0 a.m.353 views

Journyx 11.5.4 Unauthenticated Password Reset Bruteforce

KL-001-2024-007: Journyx Unauthenticated Password Reset Bruteforce Title: Journyx Unauthenticated Password Reset Bruteforce Advisory ID: KL-001-2024-007 Publication Date: 2024.08.07 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-007.txt 1. Vulnerability Details Affected...

9.8CVSS7.1AI score0.00717EPSS
Exploits3
Packet Storm
Packet Storm
added 2024/06/06 12:0 a.m.353 views

Small CRM 1.0 SQL Injection

Exploit Title: Small CRM Developed using PHP and MySQL - SQLi Authentication Bypass Date: 05.06.2024 Exploit Author: Furkan Eren Tetik Vendor Homepage: https://phpgurukul.com/php-projects-free-downloads Software Link: https://phpgurukul.com/small-crm-php Version: 1.0 Tested on: Windows 11, Kali...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/04/15 12:0 a.m.353 views

Moodle 3.10.1 SQL Injection

Exploit Title: Moodle Authenticated Time-Based Blind SQL Injection - "sort" Parameter Google Dork: Date: 04/11/2023 Exploit Author: Julio Ángel Ferrari Aka. T0X1Cx Vendor Homepage: https://moodle.org/ Software Link: Version: 3.10.1 Tested on: Linux CVE : CVE-2021-36393 import requests import stri...

9.8CVSS7.4AI score0.52299EPSS
Exploits6
Packet Storm
Packet Storm
added 2024/04/05 12:0 a.m.353 views

DerbyNet 9.0 photo.php Cross Site Scripting

CVE ID: CVE-2024-30921 Description: A Cross-Site Scripting XSS vulnerability has been identified in DerbyNet version 9.0, specifically affecting the photo.php component. This vulnerability allows remote attackers to execute arbitrary code via crafted URLs, without requiring authentication...

7.4AI score0.0062EPSS
Exploits2
Packet Storm
Packet Storm
added 2024/02/27 12:0 a.m.353 views

Hospital Management System 1.0 SQL Injection

Exploit Title: Hospital Management System - SQL Injection Google Dork: N/A Application: Hospital Management System Date: 26.02.2024 Bugs: SQL Injection Exploit Author: SoSPiro Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/01/25 12:0 a.m.353 views

Gabriels FTP Server 1.2 Denial Of Service

!/usr/bin/perl use IO::Socket::INET; Exploit Title: Gabriels FTP Server 1.2 - Denial of Service DoS Discovery by: Fernando Mengali Discovery Date: 25 january 2024 Vendor Homepage: N/A Download to demo: https://drive.google.com/file/d/1k8QxfP6x908E-1QpRAVulKoAM9OEo1a8/view?usp=sharing Notification...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/10/27 12:0 a.m.353 views

SugarCRM 13.0.1 Shell Upload

------------------------------------------------------------------------------- SugarCRM = 13.0.1 setnoteattachment Unrestricted File Upload Vulnerability ------------------------------------------------------------------------------- - Software Link: https://www.sugarcrm.com - Affected Versions:...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/06/30 12:0 a.m.353 views

GZ Multi Hotel Booking System 1.8 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/06/23 12:0 a.m.353 views

Advanced ASP Chat 2.0 Database Disclosure

==================================================================================================================================== | Title : Advanced ASP chat 2.0 Database Disclosure Exploit | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 108.032-bit...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/05/15 12:0 a.m.353 views

RockMongo 1.1.7 Cross Site Scripting

Exploit Title: RockMongo 1.1.7 - Stored Cross-Site Scripting XSS Discovery by: Rafael Pedrero Discovery Date: 2020-09-19 Vendor Homepage: https://github.com/iwind/rockmongo/ Software Link : https://github.com/iwind/rockmongo/ Tested Version: 1.1.7 Tested on: Windows 7 and 10 Vulnerability Type:...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/04/20 12:0 a.m.353 views

Chitor-CMS 1.1.2 SQL Injection

!/usr/bin/python3 Exploit Title: Chitor-CMS v1.1.2 - Pre-Auth SQL Injection Date: 2023/04/13 ExploitAuthor: msd0pe Project: https://github.com/waqaskanju/Chitor-CMS My Github: https://github.com/msd0pe-1 Patched the 2023/04/16: 69d3442 commit description = 'Chitor-CMS 1.1.2 Pre-Auth SQL Injection...

6.8AI score
Exploits0
Packet Storm
Packet Storm
added 2022/06/21 12:0 a.m.353 views

SAP FRUN 2.00 / 3.00 Cross Site Scripting

Onapsis Security Advisory 2022-0003: Cross-Site Scripting XSS vulnerability in SAP Focused Run Real User Monitoring Impact on Business Impact depends on the victim's privileges. In most cases, a successful attack allows an attacker to hijack a session, or force the victim to perform undesired...

6.1CVSS0.01383EPSS
Exploits2
Packet Storm
Packet Storm
added 2022/04/15 12:0 a.m.353 views

Backdoor.Win32.NetCat32.10 Remote Command Execution

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/dcf16aed5ad4e0058a6cfcc7593dd9e3.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.NetCat32.10 Vulnerability: Unauthenticated Remote Command Execution Description: The...

Exploits0
Packet Storm
Packet Storm
added 2022/01/06 12:0 a.m.353 views

Backdoor.Win32.Dsklite.a Insecure Transit

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/6c9665de78ae60a8e057d2c9cdb91596B.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Dsklite.a Vulnerability: Insecure Transit Description: The malware listens on TCP...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/12/09 12:0 a.m.353 views

Kabir Alhasan Student Management System 1.0 SQL Injection

Exploit Title: Student Management System 1.0 - SQLi Authentication Bypass Date: 2020-07-06 Exploit Author: Enes Özeser Vendor Homepage: https://www.sourcecodester.com/php/14268/student-management-system.html Version: 1.0 Tested on: Windows & WampServer CVE: CVE-2020-23935 1- Go to following url...

9.8CVSS0.1AI score0.15926EPSS
Exploits6
Packet Storm
Packet Storm
added 2021/08/16 12:0 a.m.353 views

COMMAX Biometric Access Control System 1.0.0 Authentication Bypass

COMMAX Biometric Access Control System 1.0.0 Authentication Bypass Vendor: COMMAX Co., Ltd. Prodcut web page: https://www.commax.com Affected version: 1.0.0 Summary: Biometric access control system. Desc: The application suffers from an authentication bypass vulnerability. An unauthenticated...

1.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/04/21 12:0 a.m.353 views

rconfig 3.9.6 Shell Upload

Exploit Title: rconfig 3.9.6 - Arbitrary File Upload to Remote Code Execution Authenticated 2 Exploit Author: Vishwaraj Bhattrai Date: 18/04/2021 Vendor Homepage: https://www.rconfig.com/ Software Link: https://www.rconfig.com/ Vendor: rConfig Version: = v3.9.6 Tested against Server Host:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/04/21 12:0 a.m.353 views

Discourse 2.7.0 2FA Bypass

Exploit Title: Discourse 2.7.0 - Rate Limit Bypass leads to 2FA Bypass Date: 14/01/2021 Exploit Author: Mesh3l911 Vendor Homepage: https://www.discourse.org/ Software Link:https://github.com/discourse/discourse Version: Discourse 2.7.0 CVE: CVE-2021-3138 import requests username = input"\n input ...

5CVSS7.6AI score0.03073EPSS
Exploits4
Packet Storm
Packet Storm
added 2021/03/26 12:0 a.m.353 views

GetSimple CMS Custom JS 0.1 Cross Site Request Forgery / Cross Site Scripting

Exploit Title: GetSimple CMS Custom JS Plugin 0.1 - CSRF to Persistent XSS Exploit Author: Abhishek Joshi Date: March 25, 2021 Vendor Homepage: http://get-simple.info/extend/plugin/custom-js/1267 / http://get-simple.info/download Software Link:...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2021/03/18 12:0 a.m.353 views

VestaCP 0.9.8 Cross Site Scripting

Title: VestaCP 0.9.8 - 'vinterface' Add IP Stored XSS Date: 07.03.2021 Author: Numan Türle Vendor Homepage: https://vestacp.com Software Link: https://myvestacp.com alert1&vshared=on&vowner=admin&vname=&vnat=&ok=Add...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/02/09 12:0 a.m.353 views

Backdoor.Win32.NetTerrorist Authentication Bypass / Code Execution

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/5131a9b441c9f9b20228f171c327a4f5.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.NetTerrorist Vulnerability: Unauthorized Remote Command Execution Description:...

0.6AI score
Exploits0
Packet Storm
Packet Storm
added 2021/01/28 12:0 a.m.353 views

jQuery UI 1.12.1 Denial Of Service

Exploit Title: jQuery UI 1.12.1 - Denial of Service DoS Date: 20 Jan, 2021 Exploit Author: Rafael Cintra Lopes Vendor Homepage: https://jqueryui.com/ Software Link: https://jqueryui.com/download/ Version: DoS - jQuery UI 1.12.1 DoS - jQuery UI 1.12.1 Exploit PoC by Rafael Cintra Lopes function...

0.2AI score
Exploits4
Packet Storm
Packet Storm
added 2020/11/26 12:0 a.m.353 views

BigBlueButton 2.2.29 E-mail Validation Bypass

Title: BigBlueButton E-mail Validation Bypass Google Dork: N/A Date: 24.11.2020 Author: Seccops https://seccops.com Vendor Homepage: bigbluebutton.org Version: 2.2.29 and previous versions CVE: CVE-2020-29043 === Summary === An issue was discovered in BigBlueButton through 2.2.29. When at attacke...

0.01433EPSS
Exploits2
Packet Storm
Packet Storm
added 2020/10/12 12:0 a.m.353 views

DynPG 4.9.1 Cross Site Scripting

Exploit Title: DynPG 4.9.1 - Persistent Cross-Site Scripting Authenticated Date: 2020-10-09 Exploit Author: Enes Özeser Vendor Homepage: https://dynpg.org/ Version: 4.9.1 Tested on: Windows & XAMPP == Tutorial alert"XSS"; == HTTP Request alert"XSS";...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/07/16 12:0 a.m.353 views

Online Course Registration 1.0 Remote Code Execution

Exploit Title: Online Course Registration 1.0 - Unauthenticated Remote Code Execution Exploit Author: Bobby Cooke Credit to BKpatron for similar Auth Bypass on admin page - exploit-db.com/exploits/48559 Date: 2020-07-15 Vendor Homepage: Vendor Homepage:...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2019/12/12 12:0 a.m.353 views

Windows Defender Antivirus 4.18.1908.7-0 File Extension Spoofing

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: File Extension Spoofing product: Windows Defender Antivirus vulnerable version: 4.18.1908.7-0 fixed version: Virus Definition Update of 2019/09/30 CVE number: - impact:...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2019/10/31 12:0 a.m.353 views

Carel pCOWeb HVAC Modbus Interface Authentication Bypass

Advisory: Unauthenticated Access to Modbus Interface in Carel pCOWeb HVAC As part of it's features, the Carel pCOWeb card exposes a Modbus interface to the network. By design, Modbus does not provide authentication, allowing to control the affected system. Details ======= Product: HVAC units usin...

5CVSS1AI score0.01035EPSS
Exploits1
Packet Storm
Packet Storm
added 2019/04/20 12:0 a.m.353 views

OpenDocMan Document Management System 1.3.5 Database Disclosure

Exploit Title : OpenDocMan Document Management System 1.3.5 Database Disclosure Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 20/04/2019 Vendor Homepage : opendocman.com Software Download Link : opendocman.com/free-download/...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2025/02/14 12:0 a.m.352 views

Using Valgrind on Chrome

Brief script that demonstrates running valgrind and afl-fuzz on Google Chrome. This favorite code for security auditing and memory leak detection with Valgrind runs the Valgrind tool and several other tools to check for memory leaks, which can lead to resource buffer overflows and more. Exploit /...

7.3AI score
Exploits0
Packet Storm
Packet Storm
added 2024/09/01 12:0 a.m.352 views

NFS Mount Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'NFS Mount Scanner', 'Description' = %q This module scans NFS mounts and their permissions. , 'Author' = '', 'References' = 'CVE', '1999-0170',...

10CVSS7AI score0.1841EPSS
Exploits2
Packet Storm
Packet Storm
added 2024/07/24 12:0 a.m.352 views

UBM CMS 1.2 Insecure Direct Object Reference

==================================================================================================================================== | Title : UBM CMS v1.2 IDOR Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.1 64 bits | | Vendor :...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/05/24 12:0 a.m.352 views

Jcow Social Network Cross Site Scripting

Exploit Title: Jcow Social Networking 14.2 3 After Send invitations you will be see alert button...

7.4AI score
Exploits0
Total number of security vulnerabilities5000