Lucene search
K
PacketstormMost viewed

50773 matches found

Packet Storm
Packet Storm
added 2025/02/14 12:0 a.m.352 views

Using Valgrind on Chrome

Brief script that demonstrates running valgrind and afl-fuzz on Google Chrome. This favorite code for security auditing and memory leak detection with Valgrind runs the Valgrind tool and several other tools to check for memory leaks, which can lead to resource buffer overflows and more. Exploit /...

7.3AI score
Exploits0
Packet Storm
Packet Storm
added 2025/02/04 12:0 a.m.352 views

ABB Cylon FLXeon 9.3.4 cert.js Authenticated Root Remote Code Execution

ABB Cylon FLXeon version 9.3.4 is vulnerable to authenticated remote root code execution via the /api/cert endpoint. An attacker with valid credentials can inject arbitrary system commands by manipulating the affected parameters. The issue arises due to improper input validation in cert.js, where...

10CVSS9.7AI score0.04328EPSS
Exploits18
Packet Storm
Packet Storm
added 2024/09/01 12:0 a.m.352 views

NFS Mount Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'NFS Mount Scanner', 'Description' = %q This module scans NFS mounts and their permissions. , 'Author' = '', 'References' = 'CVE', '1999-0170',...

10CVSS7AI score0.1841EPSS
Exploits2
Packet Storm
Packet Storm
added 2024/05/24 12:0 a.m.352 views

Jcow Social Network Cross Site Scripting

Exploit Title: Jcow Social Networking 14.2 3 After Send invitations you will be see alert button...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/04/17 12:0 a.m.352 views

Palo Alto OS Command Injection

CVE-2024-3400 CVE-2024-3400 Palo Alto OS Command Injection send this HTTP request: http POST /ssl-vpn/hipreport.esp HTTP/1.1 Host: 127.0.0.1 Cookie: SESSID=/../../../var/appweb/sslvpndocs/global-protect/portal/images/hellome1337.txt; Connection: close Content-Type: application/x-www-form-urlencod...

10CVSS7.4AI score0.99999EPSS
Exploits43
Packet Storm
Packet Storm
added 2024/03/11 12:0 a.m.352 views

WordPress Hide My WP SQL Injection

Exploit Title: Wordpress Plugin Hide My WP 6.2.9 - Unauthenticated SQLi Publication Date: 2023-01-11 Original Researcher: Xenofon Vassilakopoulos Exploit Author: Xenofon Vassilakopoulos Submitter: Xenofon Vassilakopoulos Vendor Homepage: https://wpwave.com/ Version: Hide My WP v6.2.8 and prior...

9.8CVSS7.4AI score0.03824EPSS
Exploits5
Packet Storm
Packet Storm
added 2024/02/21 12:0 a.m.352 views

Fuelflow 1.0 SQL Injection

Title: fuelflow-1.0-Copyright-©-2024-Project-Develop-by-Mayuri-K-Multiple-SQLi Author: nu11secur1ty Date: 02/21/24 Vendor: https://www.mayurik.com/ Software: https://www.mayurik.com/source-code/P3584/best-petrol-pump-management-software Reference: https://portswigger.net/web-security/sql-injectio...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/10/23 12:0 a.m.352 views

Moodle 4.3 Cross Site Scripting

Exploit Title: Moodle 4.3 Reflected XSS Date: 21/10/2023 Exploit Author: tmrswrr Vendor Homepage: https://moodle.org/ Software Demo: https://school.moodledemo.net/ Version: 4.3 Tested on: Linux Vulnerability Details ====================== Steps : 1. Log in to the application with the given...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/16 12:0 a.m.352 views

Event Locations CMS 1.0.1 Cross Site Scripting

==================================================================================================================================== | Title : Event Locations CMS v1.0.1 - XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 64.0.2 32-bit ...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/04/03 12:0 a.m.352 views

ChatGPT Cross Site Scripting

Exploit Title: ChatGPT OpenAI - Cross-Site Scripting XSS Vulnerability. Date: 25/03/2023 Vendor Homepage: https://openai.com/ Exploit Author: Miguel Segovia Software Link: https://chat.openai.com/chat CVE : Requested N/A Description: A reflected Cross-Site Scripting XSS vulnerability has been...

6.8AI score
Exploits0
Packet Storm
Packet Storm
added 2023/03/02 12:0 a.m.352 views

Lucee Authenticated Scheduled Job Code Execution

class MetasploitModule 'Lucee Authenticated Scheduled Job Code Execution', 'Description' = %q This module can be used to execute a payload on Lucee servers that have an exposed administrative web interface. It's possible for an administrator to create a scheduled job that queries a remote...

0.9AI score
Exploits0
Packet Storm
Packet Storm
added 2022/06/06 12:0 a.m.352 views

Poly EagleEye Director II 2.2.1.1 Command Injection / Authentication Bypass

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Critical Vulnerabilities product: Poly EagleEye Director II vulnerable version: 2.2.1.1 Jul 1, 2021 fixed version: 2.2.2.1 or higher CVE number: CVE-2022-26479,...

0.6AI score0.22337EPSS
Exploits4
Packet Storm
Packet Storm
added 2021/11/02 12:0 a.m.352 views

Ericsson Network Location MPS GMPC21 Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ericsson Network Location MPS - Privilege Escalation Meow Variant', 'Description' = %q This module exploits privilege escalation vulnerability in...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/10/18 12:0 a.m.352 views

Trojan-Proxy.Win32.Ranky.z Unauthenticated Open Proxy

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/e312385f64e6b8fd667b4f9b5ea1ff70.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan-Proxy.Win32.Ranky.z Vulnerability: Unauthenticated Open Proxy Description: The malware listen...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/07/20 12:0 a.m.352 views

Webmin 1.973 Cross Site Request Forgery

Exploit Title: Webmin 1.973 - 'run.cgi' Cross-Site Request Forgery CSRF Date: 24/04/2021 Exploit Author: Mesh3l911 & Z0ldyck Vendor Homepage: https://www.webmin.com Repo Link: https://github.com/Mesh3l911/CVE-2021-31761 Version: Webmin 1.973 Tested on: All versions POC By \0331;m...

6.8CVSS0.7AI score0.33569EPSS
Exploits6
Packet Storm
Packet Storm
added 2021/07/19 12:0 a.m.352 views

Trojan-Spy.Win32.SpyEyes.abdb Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/9185538b01ad700603f38fb0eb8b6e3b.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan-Spy.Win32.SpyEyes.abdb Vulnerability: Insecure Permissions Description: The malware creates a...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/05/19 12:0 a.m.352 views

Backdoor.Win32.Psychward.ds Weak Hardcoded Password

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/9e22514c9b0e74c7fcb07b7c091f6123.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Psychward.ds Vulnerability: Weak Hardcoded Password Description: The malware listens ...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/05/07 12:0 a.m.352 views

Voting System 1.0 Shell Upload

Exploit Title: Voting System 1.0 - Remote Code Execution Unauthenticated Date: 07/05/2021 Exploit Author: secure77 Vendor Homepage: https://www.sourcecodester.com/php/12306/voting-system-using-php.html Software Link:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/05/07 12:0 a.m.352 views

WifiHotSpot 1.0.0.0 Unquoted Service Path

Exploit Title: WifiHotSpot 1.0.0.0 - 'WifiHotSpotService.exe' Unquoted Service Path Discovery by: Erick Galindo Discovery Date: 2020-05-06 Vendor Homepage: https://www.gearboxcomputers.com/downloads/wifihotspot.exe Tested Version: 1.0.0.0 Vulnerability Type: Unquoted Service Path Tested on OS:...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2020/12/07 12:0 a.m.352 views

Savsoft Quiz 5 Cross Site Scripting

Exploit Title: Savsoft Quiz 5 - 'Skype ID' Stored XSS Exploit Author: Dipak Panchalth3.d1p4k Vendor Homepage: https://savsoftquiz.com Software Link: https://github.com/savsofts/savsoftquizv5 Version: 5 Tested on Windows 10 Attack Vector: This vulnerability can results attacker to inject the XSS...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2003/07/06 12:0 a.m.352 views

ccbill.txt

Date: Thu, 03 Jul 2003 12:46:39 -0400 From: Dayne Jordan Subject: Another overflow exploit for Apache? RESOLVED Greetings again, We found that this exploit was NOT a result of an Apache exploit. After waiting for the culprits to attempt their mischeif again, we were waiting and watched as they...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2025/02/06 12:0 a.m.351 views

dhtmlxFileExplorer 8.4.6 Directory Traversal

dhtmlxFileExplorer version 8.4.6 is susceptible to a path traversal attack, enabling unauthorized access to system files. Exploit Title: dhtmlxFileExplorer 8.4.6 - Access Sensitive Floder via Directory Traversal in DHX File Exlploer Date: Feb 6, 2025 Exploit Author: Nutchaya Augkanavitayakul,...

7.3AI score0.00739EPSS
Exploits3
Packet Storm
Packet Storm
added 2024/08/09 12:0 a.m.351 views

Employee Management System 1.0 Cross Site Request Forgery

============================================================================================================================================= | Title : Employee Management System v1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3 64...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/05/20 12:0 a.m.351 views

Backdrop CMS 1.27.1 Remote Command Execution

Exploit Title: Backdrop CMS 1.27.1 - Remote Command Execution RCE Date: 04/27/2024 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://backdropcms.org/ Software Link: https://github.com/backdrop/backdrop/releases/download/1.27.1/backdrop.zip Version: latest Tested on: MacOS import os impor...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/02/05 12:0 a.m.351 views

WordPress Simple URLs Cross Site Scripting

Exploit Title: simple urls alertorigin...

6.1CVSS7.4AI score0.01726EPSS
Exploits6
Packet Storm
Packet Storm
added 2023/08/31 12:0 a.m.351 views

Innovins CMS 4.7 SQL Injection

==================================================================================================================================== | Title : Innovins CMS v4.7 Sql Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit |...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/07/07 12:0 a.m.351 views

CakePHP Test Suite 2.7.0 Cross Site Scripting

==================================================================================================================================== | Title : CakePHP Test Suite v2.7.0 Xss Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.264-bit | |...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/06/30 12:0 a.m.351 views

Event Booking Calendar 1.8 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/06/27 12:0 a.m.351 views

Microsoft 365 MSO 2305 Build 16.0.16501.20074 Remote Code Execution

Title: Microsoft 365 MSO Version 2305 Build 16.0.16501.20074 64-bit Remote Code Execution Vulnerability Author: nu11secur1ty Date: 04.17.2023 Vendor: https://www.microsoft.com/ Software: https://www.microsoft.com/en-us/microsoft-365/ Reference:...

7.8CVSS7.1AI score0.03011EPSS
Exploits4
Packet Storm
Packet Storm
added 2023/06/23 12:0 a.m.351 views

PHPJabbers Knowledge Base Builder 3.0 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/05/24 12:0 a.m.351 views

eScan Management Console 14.0.1400.2281 SQL Injection

Exploit Title: eScan Management Console 14.0.1400.2281 - SQL Injection Authenticated Date: 16/05/2023 Exploit Author: Sahil Ojha Vendor Homepage: https://www.escanav.com Software Link: https://cl.escanav.com/ewconsole.dll Version: 14.0.1400.2281 Tested on: Windows CVE : CVE-2023-31702 Step of...

7.1AI score0.04312EPSS
Exploits5
Packet Storm
Packet Storm
added 2023/05/24 12:0 a.m.351 views

GetSimple CMS 3.3.16 Shell Upload

Exploit Title: GetSimple CMS v3.3.16 - Remote Code Execution RCE Data: 18/5/2023 Exploit Author : Youssef Muhammad Vendor: Get-simple Software Link: Version app: 3.3.16 Tested on: linux CVE: CVE-2022-41544 import sys import hashlib import re import requests from xml.etree import ElementTree from...

9.8CVSS7.1AI score0.09442EPSS
Exploits12
Packet Storm
Packet Storm
added 2023/04/06 12:0 a.m.351 views

pdfkit 0.8.7.2 Command Injection

!/usr/bin/env python3 Exploit Title: pdfkit v0.8.7.2 - Command Injection Date: 02/23/2023 Exploit Author: UNICORD NicPWNs & Dev-Yeoj Vendor Homepage: https://pdfkit.org/ Software Link: https://github.com/pdfkit/pdfkit Version: 0.0.0-0.8.7.2 Tested on: pdfkit 0.8.6 CVE: CVE-2022–25765 Source:...

9.8CVSS9.4AI score0.38924EPSS
Exploits11
Packet Storm
Packet Storm
added 2022/07/06 12:0 a.m.351 views

EQS Integrity Line Cross Site Scripting / Information Disclosure

EQS Integrity Line: Multiple Vulnerabilities Name Multiple Vulnerabilities in EQS Integrity Line Systems Affected EQS Integrity Line through 2022-07-01 Severity High Impact CVSSv2 High 8.8/10, score: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Vendor EQS Group AG https://www.eqs.com/ Advisory...

6.4AI score0.01459EPSS
Exploits3
Packet Storm
Packet Storm
added 2022/06/27 12:0 a.m.351 views

WordPress Simple Page Transition 1.4.1 Cross Site Scripting

Exploit Title: WordPress Plugin ‘Simple Page Transition’ - Stored Cross Site Scripting Date: 27-06-2022 Exploit Author: Mariam Tariq - HunterSherlock Vendor Homepage: https://wordpress.org/plugins/simple-page-transition/ Version: 1.4.1 Tested on: Firefox Contact me: [email protected]...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/05/23 12:0 a.m.351 views

m1k1o's Blog 1.3 Remote Code Execution

Exploit Title: m1k1o's Blog v.10 - Remote Code Execution RCE Authenticated Date: 2022-01-06 Exploit Author: Malte V Vendor Homepage: https://github.com/m1k1o/blog Software Link: https://github.com/m1k1o/blog/archive/refs/tags/v1.3.zip Version: 1.3 and below Tested on: Linux CVE : CVE-2022-23626...

8.8CVSS8.8AI score0.09874EPSS
Exploits4
Packet Storm
Packet Storm
added 2022/01/12 12:0 a.m.351 views

Crestron HD-MD4X2-4K-E 1.0.0.2159 Credential Disclosure

Advisory: Credential Disclosure in Web Interface of Crestron Device When the administrative web interface of the Crestron HDMI switcher is accessed unauthenticated, user credentials are disclosed which are valid to authenticate to the web interface. Details ======= Product: Crestron HD-MD4X2-4K-E...

9.7AI score0.75711EPSS
Exploits5
Packet Storm
Packet Storm
added 2021/11/08 12:0 a.m.351 views

Trojan.Win32.Servstar.poa Unquoted Service Path

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/7588da376f496aa678cdfca4e404f38a.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan.Win32.Servstar.poa Vulnerability: Insecure Service Path Description: The malware creates a...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/07/26 12:0 a.m.351 views

XOS Shop 1.0.9 Arbitrary File Deletion

Exploit Title: XOS Shop 1.0.9 - 'Multiple' Arbitrary File Deletion Authenticated Date: 2021-07-25 Exploit Author: faisalfs10x https://github.com/faisalfs10x Vendor Homepage: https://xos-shop.com Software Link: https://github.com/XOS-Shop/xosshopsystem/releases/tag/v1.0.9 Version: 1.0.9 Tested on:...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2021/06/11 12:0 a.m.351 views

OpenEMR 5.0.0 Remote Shell Upload

Exploit Title: OpenEMR 5.0.0 - Remote Code Execution Authenticated Date 10.06.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://www.open-emr.org/ Software Link: https://sourceforge.net/projects/openemr/files/OpenEMR%20Current/5.0.0/openemr-5.0.0.zip/download Version: 5.0.0 Teste...

6.5CVSS8.8AI score0.15188EPSS
Exploits4
Packet Storm
Packet Storm
added 2021/05/13 12:0 a.m.351 views

Microsoft Internet Explorer 8/11 Use-After-Free

Exploit Title: Microsoft Internet Explorer 8/11 and WPAD service 'Jscript.dll' - Use-After-Free Date: 2021-05-04 Exploit Author: deadlock Forrest Orr Vendor Homepage: https://www.microsoft.com/ Software Link: https://www.microsoft.com/en-gb/download/internet-explorer.aspx Versions: IE 8-11 64-bit...

7.6CVSS8.1AI score0.86863EPSS
Exploits17
Packet Storm
Packet Storm
added 2021/05/07 12:0 a.m.351 views

macOS Gatekeeper Check Bypass

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'macOS Gatekeeper check bypass', 'Description' = %q This module serves an OSX app as a zip that contains no Info.plist, which bypasses gatekeeper ...

0.68531EPSS
Exploits5
Packet Storm
Packet Storm
added 2021/05/06 12:0 a.m.351 views

Backdoor.Win32.Floder.gqe Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/0629e3b2ab8a973a3e37e4e97cb9cfea.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Floder.gqe Vulnerability: Insecure Permissions Description: The malware creates an...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/02/19 12:0 a.m.351 views

Beauty Parlour Management System 1.0 Cross Site Scripting

Exploit Title: Beauty Parlour Management System 1.0 - 'Add Services' Cross-Site Scripting Date: 19/2/2021 Exploit Author: Thinkland Security Team Vendor Homepage: https://phpgurukul.com/beauty-parlour-management-system-using-php-and-mysql/ Software Link:...

Exploits0
Packet Storm
Packet Storm
added 2021/01/05 12:0 a.m.351 views

SpamTitan 7.07 Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SpamTitan Unauthenticated RCE', 'Description' = %q TitanHQ SpamTitan Gateway is an anti-spam appliance that protects against unwanted emails and...

10CVSS9.7AI score0.73668EPSS
Exploits5
Packet Storm
Packet Storm
added 2020/12/26 12:0 a.m.351 views

URVE Software Build 24.03.2020 Missing Authorization

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2020-041 Product: URVE Software Manufacturer: Eveo Sp. z o.o. Affected Versions: Build "24.03.2020" Tested Versions: Build "24.03.2020" Vulnerability Type: Missing Authorization CWE-862 Risk Level: High Solution Status: Open...

8.5CVSS0.02834EPSS
Exploits2
Packet Storm
Packet Storm
added 2020/10/12 12:0 a.m.351 views

openMAINT 1.1-2.4.2 Arbitrary File Upload

Exploit Title: openMAINT 1.1-2.4.2 - Arbitrary File Upload Dork: N/A Date: 2020-08-19 Exploit Author: mrb3n Vendor Homepage: https://www.openmaint.org/en Software Link: https://sourceforge.net/projects/openmaint/files/1.1/openmaint-1.1-2.4.2.zip/download Version: 1.1-2.4.2 Category: Webapps Teste...

Exploits0
Packet Storm
Packet Storm
added 2025/04/08 12:0 a.m.350 views

📄 Sony XAV-AX5500 1.13 Code Execution

Sony XAV-AX5500 version 1.13 suffers from a firmware update validation vulnerability that allows for code execution. Exploit Title: Sony XAV-AX5500 Firmware Update Validation Remote Code Execution Date: 11-Feb-2025 Exploit Author: lkushinada Vendor Homepage:...

6.8CVSS7.4AI score0.01761EPSS
Exploits2
Packet Storm
Packet Storm
added 2024/05/09 12:0 a.m.350 views

POMS PHP 1.0 SQL Injection / Shell Upload

Titles: POMS-PHP-by oretnom23 -v1.0-FU-SQLi-RCE-HAT.TRICK 1. SQLi Bypass Authentication 2. File Upload 3. RCE Latest update from the vendor: 5 hours 32 minutes ago Author: nu11secur1ty Date: 05/07/2024 Vendor: https://github.com/oretnom23 Software:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/04/02 12:0 a.m.350 views

Online Hotel Booking In PHP 1.0 SQL Injection

Exploit Title: Online Hotel Booking In PHP 1.0 - Blind SQL Injection Unauthenticated Google Dork: n/a Date: 04/02/2024 Exploit Author: Gian Paris C. Agsam Vendor Homepage: https://github.com/projectworldsofficial Software Link: https://projectworlds.in/wp-content/uploads/2019/06/hotel-booking.zip...

7.4AI score
Exploits0
Total number of security vulnerabilities5000