Lucene search
K
PacketstormMost viewed

50738 matches found

Packet Storm
Packet Storm
added 2023/04/03 12:0 a.m.345 views

GLPI Cartography Shell Upload

Exploit Title: GLPI Cartography Plugin v6.0.0 - Unauthenticated Remote Code Execution RCE Date of found: 11 Jun 2022 Application: GLPI Cartography...

9.4AI score0.07746EPSS
Exploits3
Packet Storm
Packet Storm
added 2023/01/05 12:0 a.m.345 views

Linear eMerge E3-Series Access Controller Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/stopwatch' class MetasploitModule 'Linear eMerge E3-Series Access Controller Command Injection', 'Description' = %q This module exploits a command injection...

10CVSS0.9AI score0.97136EPSS
Exploits16
Packet Storm
Packet Storm
added 2022/12/09 12:0 a.m.345 views

Intel Data Center Manager 5.1 Local Privilege Escalation

RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Intel Data Center Manager Vendor URL: https://www.intel.com/content/www/us/en/developer/tools/data-center-manager-console/overview.html Type: Incorrect Use of Privileged APIs CWE-648 Date...

10CVSS0.7AI score0.99999EPSS
Exploits351
Packet Storm
Packet Storm
added 2022/09/26 12:0 a.m.345 views

WiFi Mouse 1.8.3.4 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Wifi Mouse RCE', 'Description' = %q The WiFi Mouse Mouse Server from Necta LLC contains an auth bypass as the authentication is completely...

9.8CVSS9.7AI score0.73475EPSS
Exploits5
Packet Storm
Packet Storm
added 2022/07/29 12:0 a.m.345 views

Transposh WordPress Translation 1.0.8.1 Information Disclosure

RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Transposh WordPress Translation Vendor URL: https://wordpress.org/plugins/transposh-translation-filter-for-wordpress/ Type: Exposure of Sensitive Information to an Unauthorized Actor CWE-200...

5.3AI score0.02936EPSS
Exploits4
Packet Storm
Packet Storm
added 2022/04/07 12:0 a.m.345 views

WordPress WP Downgrade Cross Site Scripting

Tittle: WordPress Plugin WP Downgrade alert/XSS/ Classification Type XSS OWASP top 10 A7: Cross-Site Scripting XSS CWE-79 wpScan: https://wpscan.com/vulnerability/85582b4f-a40a-4394-9834-0c88c5dc57ba TracWordpress: https://plugins.trac.wordpress.org/changeset/2696091...

5.2AI score0.04902EPSS
Exploits4
Packet Storm
Packet Storm
added 2021/12/09 12:0 a.m.346 views

LimeSurvey 5.2.4 Remote Code Execution

Exploit Title: LimeSurvey 5.2.4 - Remote Code Execution RCE Authenticated Google Dork: inurl:limesurvey/index.php/admin/authentication/sa/login Date: 05/12/2021 Exploit Author: Y1LD1R1M Vendor Homepage: https://www.limesurvey.org/ Software Link:...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2021/10/05 12:0 a.m.345 views

Tapatalk Plugins PHP Object Injection

Advisory: Tapatalk Plugins PHP Object Injection dH team discovered PHP Object Injection vulnerability in all Tapatalk plugins, which is allow to attackers execute PHP code, SQL injection or Denial of Service. No authorization or some extra steps need, so vulnerability considered critical. Details...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/04/30 12:0 a.m.345 views

HEUR.Trojan.Win32.Bayrob.gen Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/765698ccfb033c86eea6d293235d7ed0.txt Contact: [email protected] Media: twitter.com/malvuln Threat: HEUR.Trojan.Win32.Bayrob.gen Vulnerability: Insecure Permissions Description: The malware creates a...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/10/27 12:0 a.m.345 views

Adtec Digital Products Hardcoded Credentials / Remote Root

Exploit Title: Adtec Digital Multiple Products - Default Hardcoded Credentials Remote Root Date: 2020-07-24 Exploit Author: LiquidWorm Software Link: https://www.adtecdigital.com / https://www.adtecdigital.com/support/documents-downloads Version: Multiple Adtec Digital Multiple Products - Default...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2018/02/07 12:0 a.m.345 views

Cisco ASA Crash Proof Of Concept

Cisco ASA CVE-2018-0101 Crash PoC We basically just read: https://www.nccgroup.trust/globalassets/newsroom/uk/events/2018/02/reconbrx2018-robin-hood-vs-cisco-asa.pdf @zerosum0x0, @jennamagius, @alephnaught import requests, sys headers = headers'User-Agent' = 'Open AnyConnect VPN Agent...

9.2AI score0.87397EPSS
Exploits7
Packet Storm
Packet Storm
added 2025/03/31 12:0 a.m.344 views

Litespeed Cache 6.5.0.1 Authentication Bypass

Litespeed Cache version 6.5.0.1 suffers from an authentication bypass vulnerability. Exploit Title: Litespeed unauthorized account takeover Google Dork: if applicable Date: reported on 17 September 2024 Exploit Author: Gnzls Vendor Homepage: https://www.litespeedtech.com/ Software Link:...

9.8CVSS7.5AI score0.83178EPSS
Exploits7
Packet Storm
Packet Storm
added 2024/09/18 12:0 a.m.344 views

Beauty Parlour And Saloon Management System 1.1 Insecure Settings

==================================================================================================================================== | Title : Beauty Parlour & Saloon Management System 1.1 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/06/14 12:0 a.m.344 views

AEGON LIFE 1.0 SQL Injection

Exploit Title: Life Insurance Management System- SQL injection vulnerability. Exploit Author: Aslam Anwar Mahimkar Date: 18-05-2024 Category: Web application Vendor Homepage: https://projectworlds.in/ Software Link: https://projectworlds.in/life-insurance-management-system-in-php/ Version: AEGON...

7.2AI score0.02358EPSS
Exploits5
Packet Storm
Packet Storm
added 2024/01/18 12:0 a.m.344 views

SpyCamLizard 1.230 Denial Of Service

!/usr/bin/perl use IO::Socket::INET; Exploit Title: SpyCamLizard 1.230 - Denial of Service DoS Discovery by: Fernando Mengali Discovery Date: 18 january 2024 Vendor Homepage: http://www.spycamlizard.com Download to demo:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/11/13 12:0 a.m.344 views

EnBw SENEC Legacy Storage Box Default Credentials

Advisory ID: Ph0s-2023-004 Product: EnBw - SENEC legacy storage box: V1-V3 Manufacturer: SENEC - a part of EnBw Affected Versions: Firmware: all as of 2023-06-19 Tested Versions: current Vulnerability Type: CWE-1392: Use of Default Credentials Risk Level: CVSS v3.1 Vector:...

7.4AI score
Exploits2
Packet Storm
Packet Storm
added 2023/08/11 12:0 a.m.344 views

Easy Member Pro 3.0 Insecure Direct Object Reference

==================================================================================================================================== | Title : Easy Member pro v3.0 Unauthorised Administrative Access Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/04 12:0 a.m.344 views

Webutler 3.2 Shell Upload

Exploit Title: Webutler v3.2 - Remote Code Execution RCE Application: webutler Cms Version: v3.2 Bugs: RCE Technology: PHP Vendor URL: https://webutler.de/en Software Link: http://webutler.de/download/webutlerv3.2.zip Date of found: 03.08.2023 Author: Mirabbas Ağalarov Tested on: Linux 2. Technic...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/07/28 12:0 a.m.344 views

Western Digital MyCloud Unauthenticated Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Western Digital MyCloud unauthenticated command injection', 'Description' = %q This module exploits authentication bypass CVE-2018-17153 and...

10CVSS7.1AI score0.95174EPSS
Exploits7
Packet Storm
Packet Storm
added 2023/07/21 12:0 a.m.344 views

Wifi Soft Unibox Administration 3.0 / 3.1 SQL Injection

Exploit Title: Wifi Soft Unibox Administration 3.0 & 3.1 Login Page - Sql Injection Google Dork: intext:"Unibox Administration 3.1", intext:"Unibox 3.0" Date: 07/2023 Exploit Author: Ansh Jain @sudoark Author Contact : [email protected] Vendor Homepage: https://www.wifi-soft.com/ Software Link:...

7.1AI score0.02084EPSS
Exploits4
Packet Storm
Packet Storm
added 2023/07/20 12:0 a.m.344 views

Backdrop CMS 1.25.1 Cross Site Scripting

Exploit Title: Backdrop Cms v1.25.1 - Stored Cross-Site Scripting XSS Application: Backdrop Cms Version: v1.25.1 Bugs: Stored Xss Technology: PHP Vendor URL: https://backdropcms.org/ Software Link: https://github.com/backdrop/backdrop/releases/download/1.25.1/backdrop.zip Date of found: 12-07-202...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/07/12 12:0 a.m.344 views

Architect HTML And Site Builder 2.2.3 File Upload

==================================================================================================================================== | Title : Architect - HTML and Site Builder V 2.2.3 Remote File Upload vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser :...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/02/15 12:0 a.m.344 views

Korenix JetWave Command Injection / Denial Of Service

CyberDanube Security Research 20230213-0 ------------------------------------------------------------------------------- title| Multiple Vulnerabilities product| JetWave4221 HP-E, JetWave 2212G, JetWave 2212X/2212S, | JetWave 2211C, JetWave 2411/2111, JetWave 2411L/2111L, | JetWave 2414/2114,...

Exploits0
Packet Storm
Packet Storm
added 2022/09/23 12:0 a.m.344 views

WordPress WP-UserOnline 2.88.0 Cross Site Scripting

Exploit Title: Wordpress Plugin WP-UserOnline 2.88.0 - Stored Cross Site Scripting XSS Google Dork: inurl:/wp-content/plugins/wp-useronline/ Date: 2022-08-24 Exploit Author: UnD3sc0n0c1d0 Vendor Homepage: https://github.com/lesterchan/wp-useronline Software Link:...

5.5CVSS5.3AI score0.05094EPSS
Exploits6
Packet Storm
Packet Storm
added 2022/07/18 12:0 a.m.344 views

Backdoor.Win32.HoneyPot.a MVID-2022-0622 Weak Hardcoded Password

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/e3bb503f9b02cf57341695f30e31128f.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.HoneyPot.a Vulnerability: Weak Hardcoded Password Description: The malware...

Exploits0
Packet Storm
Packet Storm
added 2022/01/10 12:0 a.m.344 views

Online Examination System Project 1.0 SQL Injection

Title: Online Examination System Project 1.0 SQL - Injections Author: nu11secur1ty Date: 01.10.2022 Vendor: https://projectworlds.in/free-projects/php-projects/ Software: https://projectworlds.in/free-projects/php-projects/online-examination/ Description: The eid parameter in account.php from...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/04/19 12:0 a.m.344 views

Trojan.Win32.Agent.hsm Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/c58d5aecd223ac95ae5fab6dcd69e953.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan.Win32.Agent.hsm Vulnerability: Insecure Permissions Description: Agent.hsm creates an insecur...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/02/22 12:0 a.m.344 views

Trojan.Win32.Pincav.cmfl Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/9d296ebd6b4f79457fcc61e38dcce61e.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan.Win32.Pincav.cmfl Vulnerability: Insecure Permissions Description: The trojan creates an...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/02/03 12:0 a.m.344 views

Sudo 1.9.5p1 Buffer Overflow / Privilege Escalation

Exploit Title: Sudo 1.9.5p1 - 'Baron Samedit ' Heap-Based Buffer Overflow Privilege Escalation 1 Date: 2021-02-02 Exploit Author: West Shepherd Version: Sudo legacy versions from 1.8.2 to 1.8.31p2, stable versions from 1.9.0 to 1.9.5p1. Tested on: Ubuntu 20.04.1 LTS Sudo version 1.8.31 CVE :...

1AI score0.99295EPSS
Exploits81
Packet Storm
Packet Storm
added 2021/01/14 12:0 a.m.344 views

Backdoor.Win32.Ketch.i Remote Stack Buffer Overflow

Discovery / credits: malvuln - Malvuln.com c 2021 Original source: https://malvuln.com/advisory/ee314e1b913a09ec86c63d7186d8f0b8.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Ketch.i Vulnerability: SEH Remote Stack Buffer Overflow Description: Ketch makes HTTP...

1.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/10/28 12:0 a.m.344 views

aptdaemon File Existence Disclosure

Exploit Title: File Existence Disclosure in aptdaemon " sys.exit0 FILETOCHECK = sys.argv1 bus = dbus.SystemBus aptdbusobject = bus.getobject"org.debian.apt", "/org/debian/apt" aptdbusi...

4.9CVSS5.4AI score0.004EPSS
Exploits3
Packet Storm
Packet Storm
added 2020/10/01 12:0 a.m.344 views

SpinetiX Fusion Digital Signage 3.4.8 Database Backup Disclosure

SpinetiX Fusion Digital Signage 3.4.8 Database Backup Disclosure Vendor: SpinetiX AG Product web page: https://www.spinetix.com Affected version: = 3.4.8 1.0.36274 Summary: At SpinetiX we inspire businesses to unlock the potential of their story. We believe in the power of digital signage as a...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/11/22 12:0 a.m.343 views

fronsetia 1.1 Cross Site Scripting

Exploit Title: Reflected XSS - fronsetiav1.1 Date: 11/2024 Exploit Author: Andrey Stoykov Version: 1.1 Tested on: Debian 12 Blog: https://msecureltd.blogspot.com/2024/11/friday-fun-pentest-series-14-reflected.html Reflected XSS 1 - "showoperations.jsp" Steps to Reproduce: 1. Visit main page of th...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/09/01 12:0 a.m.343 views

Intel AMT Digest Authentication Bypass Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Intel AMT Digest Authentication Bypass Scanner', 'Description' = %q This module scans for Intel Active Management Technology endpoints and attemp...

10CVSS7.2AI score0.92189EPSS
Exploits7
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.343 views

Postfixadmin Protected Alias Deletion

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Postfixadmin Protected Alias Deletion Vulnerability', 'Description' = %q Postfixadmin installations between 2.91 and 3.0.1 do not check if an adm...

3.5CVSS7AI score0.14953EPSS
Exploits2
Packet Storm
Packet Storm
added 2024/07/25 12:0 a.m.343 views

Online Discussion Forum Site 1.0 Insecure Settings

==================================================================================================================================== | Title : Online Discussion Forum Site v1.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/06/19 12:0 a.m.343 views

Bagisto 2.1.2 Client-Side Template Injection

Exploit Title: Bagisto 2.1.2 Client-Side Template InjectionCSTI VueJS Date: 06/18/2024 Exploit Author: tmrswrr Vendor Homepage: https://forums.bagisto.com/ Version: 2.1.2 Tested on: https://demo.bagisto.com/ https://demo.bagisto.com/bagisto-common/search?query=77 49...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/03/19 12:0 a.m.343 views

WordPress File Upload Cross Site Scripting

Exploit Title: WordPress File Upload 4.23.3 Stored XSS CVE 2023-4811 Date: 18 December 2023 Exploit Author: Faiyaz Ahmad Vendor Homepage: https://wordpress.com/ Version: 4.23.3 CVE : CVE 2023-4811 Proof Of Concept: 1. Login to the wordpress account 2. Add the following shortcode to a post in "Fil...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/03/13 12:0 a.m.343 views

MSMS-PHP 1.0 Shell Upload

Title: MSMS-PHP by: oretnom23 v1.0 File Upload - RCE browser using Author: nu11secur1ty Date: 03/13/2024 Vendor: https://github.com/oretnom23 Software: https://www.sourcecodester.com/php/14924/online-mobile-store-management-system-using-php-free-source-code.html Reference:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/03/07 12:0 a.m.343 views

GliNet 4.x Authentication Bypass

DZONERZY Security Research GLiNet: Router Authentication Bypass ======================================================================== Contents ======================================================================== 1. Overview 2. Detailed Description 3. Exploit 4. Timeline...

7.4AI score0.00764EPSS
Exploits3
Packet Storm
Packet Storm
added 2024/01/19 12:0 a.m.343 views

Firefox 121 / Chrome 120 Denial Of Service

Minor firefox DoS - semi silently polluting /Downloads with files part 2 Tested on: firefox 121 and chrome 120 on GNU/linux Date: Thu Jan 18 08:38:28 AM UTC 2024 This is barely a DoS, but since it might affect Chrome too we decided to disclose it. If firefox user visits a specially crafted page,...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/01/11 12:0 a.m.343 views

PHPJabbers Cleaning Business Software 1.0 CSV Injection

Exploit Title: PHPJabbers Cleaning Business Software v1.0 - CSV Injection Date: 19/12/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/cleaning-business-software/sectionDemo Version: v1.0 Tested...

7.4AI score0.00466EPSS
Exploits2
Packet Storm
Packet Storm
added 2023/08/16 12:0 a.m.343 views

Hyip Rio 2.1 Cross Site Scripting / File Upload

Exploit Title: Hyip Rio 2.1 - Arbitrary File Upload Exploit Author: CraCkEr Date: 30/07/2023 Vendor: tdevs Vendor Homepage: https://tdevs.co/ Software Link: https://hyiprio-feature.tdevs.co/ Tested on: Windows 10 Pro Impact: Allows User to upload files to the web server CVE: CVE-2023-4382...

7.1AI score0.01131EPSS
Exploits4
Packet Storm
Packet Storm
added 2023/08/10 12:0 a.m.343 views

Discussion On Kontackt 1.18 Cross Site Scripting

==================================================================================================================================== | Title : Discussion on Kontackt - The Exclusive PHP Social Network Platform v1.18 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pr...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/02 12:0 a.m.343 views

Courier Deprixa Pro Integrated Web System 3.2.5 Cross Site Request Forgery

==================================================================================================================================== | Title : Courier Deprixa Pro - Integrated Web System v3.2.5 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/01 12:0 a.m.343 views

Codoforum 3.4 Arbitrary File Upload

==================================================================================================================================== | Title : Codoforum v3.4 Arbitrary file upload Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 64.0.2...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/07/25 12:0 a.m.343 views

WordPress SEO Alert 1.59 Cross Site Scripting

Tittle: WordPress Plugin SEO ALert 3. Save to get the XSS trigger. Classification: Type XSS OWASP top 10 A7: Cross-Site Scripting XSS CWE-79 wpScan: https://wpscan.com/vulnerability/0af475ba-5c02-4f62-876d-6235a745bbd6...

7.1AI score0.00472EPSS
Exploits3
Packet Storm
Packet Storm
added 2023/07/21 12:0 a.m.343 views

Listplace Directory Listing Platform 3.0 File Upload / Cross Site Scripting

Exploit Title: Listplace Directory Listing Platform 3.0 - Arbitrary File Upload Exploit Author: CraCkEr Date: 12/07/2023 Vendor: Bug Finder Vendor Homepage: https://bugfinder.net/ Software Link: https://bugfinder.net/product/listplace-a-complete-directory-listing-platform/22 Tested on: Windows 10...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/06/23 12:0 a.m.343 views

PHPJabbers Forum Script 3.0 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2022/09/22 12:0 a.m.343 views

Bitbucket Git Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Bitbucket Git Command Injection', 'Description' = %q Various versions of Bitbucket Server and Data Center are vulnerable to an unauthenticated...

8.8CVSS0.4AI score0.99174EPSS
Exploits24
Total number of security vulnerabilities5000