Lucene search
K
PacketstormMost viewed

50748 matches found

Packet Storm
Packet Storm
added 2021/06/17 12:0 a.m.340 views

Sync Breeze 13.6.18 Sync Breeze 13.6.18 Unquoted Service Path

Exploit Title: Sync Breeze 13.6.18 - 'Multiple' Unquoted Service Path Discovery by: Brian Rodriguez Date: 16-06-2021 Vendor Homepage: https://www.syncbreeze.com/ Software Links: https://www.syncbreeze.com/setupsx64/syncbreezesrvsetupv13.6.18x64.exe...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/05/19 12:0 a.m.340 views

Backdoor.Win32.RMFdoor.c Authentication Bypass / Code Execution

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/5e2e6ca532c20ee6a59861d936df7076.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.RMFdoor.c Vulnerability: Authentication Bypass RCE Description: The malware listens o...

0.9AI score
Exploits0
Packet Storm
Packet Storm
added 2021/05/18 12:0 a.m.340 views

NetMotion Mobility Server MvcUtil Java Deserialization

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'NetMotion Mobility Server MvcUtil Java Deserialization', 'Description' = %q This module exploits an unauthenticated Java deserialization in the...

9.3CVSS0.6AI score0.77673EPSS
Exploits5
Packet Storm
Packet Storm
added 2021/03/29 12:0 a.m.340 views

Project Expense Monitoring System 1.0 Authentication Bypass

Exploit Title: Project expense Monitoring System | Create Admin Account Unauthorised Exploit Author: Richard Jones Date: 2021-03-28 Vendor Homepage: https://www.sourcecodester.com/php/14001/project-expense-monitoring-system-project-php-source-code-2020.html Software Link:...

0.5AI score
Exploits0
Packet Storm
Packet Storm
added 2021/03/19 12:0 a.m.340 views

VestaCP 0.9.8 Command Injection

Title: VestaCP 0.9.8 - 'vsftplicence' Command Injection Date: 17.03.2021 Author: Numan Türle Vendor Homepage: https://vestacp.com Software Link: https://myvestacp.com 0.9.8-26-43 Software Link: https://vestacp.com 0.9.8-26 POST /edit/server/ HTTP/1.1 Host: TARGET:8083 Connection: close...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/12/08 12:0 a.m.340 views

Student Management System Project PHP 1.0 Cross Site Scripting

For CVE-2020-25955: Exploit Title: student management system project PHP - Stored cross-site scripting Exploit Author: Krishna Yadav Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/14443/student-management-system-project-php.html Version: 1.0 Test...

5.6AI score0.00929EPSS
Exploits2
Packet Storm
Packet Storm
added 2018/12/21 12:0 a.m.340 views

GIGABYTE Driver Privilege Escalation

SecureAuth - SecureAuth Labs Advisory http://www.secureauth.com/ GIGABYTE Drivers Elevation of Privilege Vulnerabilities 1. Advisory Information Title: GIGABYTE Drivers Elevation of Privilege Vulnerabilities Advisory ID: CORE-2018-0007 Advisory URL:...

0.7AI score0.08523EPSS
Exploits8
Packet Storm
Packet Storm
added 2025/04/11 12:0 a.m.339 views

📄 Anant Addons for Elementor 1.1.5 CSRF / Arbitrary Plugin Installation

Anant Addons for Elementor versions 1.1.5 and below cross site request forgery proof of concept that allows for arbitrary plugin installation. 🛡️ Anant Addons for Elementor Anant Addons for Elementor body background-color: 111; color: 0f0; font-family: monospace;...

9.6CVSS9AI score0.00264EPSS
Exploits1
Packet Storm
Packet Storm
added 2025/04/03 12:0 a.m.339 views

📄 SAP HTTP Request Smuggling

SAPGateBreaker HTTP request smuggling proof of concept exploit that demonstrates a vulnerability in SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53, and SAP Web Dispatcher. Exploit Title: SAPGateBreaker Exploit - CVE-2022-22536 ...

10CVSS9.2AI score0.97945EPSS
Exploits8
Packet Storm
Packet Storm
added 2025/02/05 12:0 a.m.339 views

Checkmk 2.3.0p2 / NagVis 1.9.40 Cross Site Scripting

The NagVis component within Checkmk is vulnerable to reflected cross site scripting. An attacker can craft a malicious link that will execute arbitrary JavaScript in the context of the browser once clicked. The attack can be performed on both authenticated and unauthenticated users...

6.8AI score0.00557EPSS
Exploits2
Packet Storm
Packet Storm
added 2024/09/27 12:0 a.m.339 views

Simple Chatbot Application 1.0 Insecure Settings

============================================================================================================================================= | Title : Simple Chatbot Application v1.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firef...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/09/23 12:0 a.m.339 views

Quiz Management System 1.0 Cross Site Request Forgery

============================================================================================================================================= | Title : Quiz Management System v1.0 CSRF Add user Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/03/15 12:0 a.m.339 views

Financials By Coda Authorization Bypass

Vulnerability type: Incorrect Access Control Vendor: https://www.unit4.com/ Product: Financials by Coda Product site: https://www.unit4.com/fr/products/financial-management-software Affected version: "user" : "", "password" : "", "company" : "", "newPassword" : "newpasswordfortargeteduser",...

7.4AI score0.0073EPSS
Exploits2
Packet Storm
Packet Storm
added 2024/02/12 12:0 a.m.339 views

WyreStorm Apollo VX20 Incorrect Access Control

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/WYRESTORMAPOLLOVX20INCORRECTACCESSCONTROLDOSCVE-2024-25736.txt + twitter.com/hyp3rlinx + ISR: ApparitionSec Vendor www.wyrestorm.com Product APOLLO VX20 1.3.58 Vulnerability...

7.4AI score0.04343EPSS
Exploits4
Packet Storm
Packet Storm
added 2024/01/22 12:0 a.m.339 views

EzServer 6.4.017 Denial Of Service

!/usr/bin/perl use IO::Socket; Exploit Title: EzServer 6.4.017 - Denied of Service DoS Discovery by: Fernando Mengali Discovery Date: 22 january 2024 Vendor Homepage: N/A Download to demo: https://drive.google.com/file/d/1hCYYsWsyeuoHTh3ZosNRbtIBxw0culsu/view?usp=sharing Notification vendor: No...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/01/11 12:0 a.m.339 views

PHPJabbers Restaurant Booking System 3.0 CSV Injection

Exploit Title: PHPJabbers Restaurant Booking System v3.0 - CSV Injection Date: 19/12/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/restaurant-booking-system/sectionDemo Version: v3.0 Tested o...

7.4AI score0.00556EPSS
Exploits2
Packet Storm
Packet Storm
added 2024/01/04 12:0 a.m.339 views

Easy File Sharing FTP Server 2.0 Denial Of Service

!/usr/bin/perl use Net::FTP; Exploit Title: Easy File Sharing FTP Server 2.0 - Denial of Service DoS Discovery by: Fernando Mengali Discovery Date: 04 january 2024 Download to demo: https://drive.google.com/drive/folders/1XISgBk4Zql8NzkWsrzAPOUEqbjJP4hZQ?usp=sharing Notification vendor: No report...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/15 12:0 a.m.339 views

E-Fun CMS 5.0 XML Injection

==================================================================================================================================== | Title : E-Fun CMS V5.0 XML external entity injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/06/06 12:0 a.m.339 views

WordPress WP File Manager 7.1.7 Backup Disclosure

==================================================================================================================================== | Title : WordPress - wp file manager pro 7.1.7 Backup Disclosure Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/06/02 12:0 a.m.339 views

Total CMS 1.7.4 Shell Upload

Exploit Title: Total CMS 1.7.4 - Remote Code Execution RCE on File Upload Authenticated Date: 03/06/2023 Exploit Author: tmrswrr Version: 1.7.4 Vendor home page : https://www.totalcms.co/ Tested Url : https://www.totalcms.co/demo/soccer/ PLatform : MACOSX 1 Go to this page and click edit page...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/05/10 12:0 a.m.339 views

VOTAB Voting Quiz PHP Script 1.0 SQL Injection

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/04/21 12:0 a.m.339 views

KODExplorer 4.49 Cross Site Request Forgery / Shell Upload

Exploit Title: KodExplorer ' path = '/data/User/admin/home/' targetpath = input' Target KODExplorer path ex /var/www...

6.3AI score0.02666EPSS
Exploits6
Packet Storm
Packet Storm
added 2022/04/11 12:0 a.m.339 views

Franklin Fueling Systems Colibri Controller Module 1.8.19.8580 Local File Inclusion

Exploit Title: Franklin Fueling Systems Colibri Controller Module 1.8.19.8580 - Local File Inclusion LFI Date: 7/4/2022 Exploit Author: Momen Eldawakhly Cyber Guy Vendor Homepage: https://www.franklinfueling.com/ Version: 1.8.19.8580 Tested on: Linux Firefox CVE : CVE-2021-46417 Proof of Concept...

0.59753EPSS
Exploits7
Packet Storm
Packet Storm
added 2022/02/16 12:0 a.m.339 views

Google Play Protect 22.4.25 Detection Bypass

Exploit Title: Google Play Protect 22.4.25 - Detection Bypass Date: 2022-02-14 Exploit Author: Aryan Chehreghani Contact: [email protected] Vendor Homepage: https://play.google.com Version: 22.4.25 Possibly all versions Tested on: Android 5.1.1 About - Google Play Protect : Google Play...

Exploits0
Packet Storm
Packet Storm
added 2022/02/09 12:0 a.m.339 views

Backdoor.Win32.Prexot.a Authentication Bypass

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/29bc048d58ab8038c7001ef0d5e69c9b.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Prexot.a Vulnerability: Authentication Bypass Description: The malware listens on...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2022/01/20 12:0 a.m.339 views

Backdoor.Win32.Wisell Remote Command Execution

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/57bda78cc5fd6a06017148bae28e8e39.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Wisell Vulnerability: Unauthenticated Remote Command Execution Description: The malwa...

Exploits0
Packet Storm
Packet Storm
added 2022/01/06 12:0 a.m.339 views

Backdoor.Win32.Jtram.a Insecure Credential Storage

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/596882dfba543b23ad3225d24ee5e800.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Jtram.a Vulnerability: Insecure Credential Storage Description: The malware listens o...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/11/04 12:0 a.m.339 views

Opencart 3 Extension TMD Vendor System SQL Injection

Exploit Title: Opencart 3 Extension TMD Vendor System - Blind SQL Injection Author: Muhammad Zaki Sulistya [email protected] Date: 03-11-2021 Product: TMD Vendor System Vendor Homepage: https://www.opencartextensions.in/ Software Link:...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/11/02 12:0 a.m.339 views

Dynojet Power Core 2.3.0 Unquoted Service Path

Exploit Title: Dynojet Power Core 2.3.0 - Unquoted Service Path Exploit Author: Pedro Sousa Rodrigues https://www.0x90.zone/ / @PedroSECR Version: 2.3.0 Build 303 Date: 30.10.2021 Vendor Homepage: https://www.dynojet.com/ Software Link: https://docs.dynojet.com/Document/18762 Tested on: Windows 1...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/05/03 12:0 a.m.339 views

IGEL OS Secure VNC/Terminal Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'IGEL OS Secure VNC/Terminal Command Injection RCE', 'Description' = %q This module exploits a command injection vulnerability in IGEL OS Secure...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2020/12/17 12:0 a.m.339 views

Dolibarr ERP-CRM 12.0.3 Remote Code Execution

Exploit Title: Dolibarr ERP-CRM 12.0.3 - Remote Code Execution Authenticated Date: 2020.12.17 Exploit Author: Yilmaz Degirmenci Vendor Homepage: https://github.com/Dolibarr/dolibarr Software Link: https://sourceforge.net/projects/dolibarr/ Version: 12.0.3 Tested on: Kali Linux 2020.2 Vulnerabilit...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/09/25 12:0 a.m.339 views

BigTree CMS 4.4.10 Remote Code Execution

Exploit Title: BigTree CMS 4.4.10 - Remote Code Execution Google Dork: " BigTree CMS " Date: 2020-25-09 Exploit Author: SunCSR ThienNV and HoaVT - Sun Cyber Security Research Vendor Homepage: https://www.bigtreecms.org/ Software Link: https://www.bigtreecms.org/ Version: 4.4.10 Tested on: Windows...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2025/04/15 12:0 a.m.338 views

📄 GestioIP 3.5.7 Remote Command Execution

GestioIP version 3.5.7 suffers from a remote command execution vulnerability. Exploit Title: GestioIP 3.5.7 - Remote Command Execution RCE Exploit Author: m4xth0r Maximiliano Belino Author website: https://maxibelino.github.io/ Author email max.cybersecurity at belino.com GitHub disclosure link:...

9.8CVSS7.3AI score0.45109EPSS
Exploits5
Packet Storm
Packet Storm
added 2025/02/05 12:0 a.m.338 views

PHPJabbers Cinema Booking System 2.0 Cross Site Request Forgery

PHPJabbers Cinema Booking System version 2.0 suffers from a cross site request forgery vulnerability. CVE-2024-57429 A cross-site request forgery CSRF vulnerability in the pjActionUpdate function of PHPJabbers Cinema Booking System v2.0 allows remote attackers to escalate privileges by tricking a...

6.1CVSS6.8AI score0.00475EPSS
Exploits5
Packet Storm
Packet Storm
added 2024/10/07 12:0 a.m.338 views

ABB Cylon Aspect 3.08.00 setTimeServer.php Remote Code Execution

ABB Cylon Aspect 3.08.00 setTimeServer.php Remote Code Execution Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.00 Summary: ASPECT is an award-winning scalable building energy management a...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/09/13 12:0 a.m.338 views

Men Salon Management System 2.0 PHP Code Injection

============================================================================================================================================= | Title : Men Salon Management System 2.0 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/09/10 12:0 a.m.338 views

Prison Management System 1.0 Add Administrator

============================================================================================================================================= | Title : Prison Management System v1.0 Add Admin Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/06 12:0 a.m.338 views

Korenix JetPort Series 1.2 Command Injection / Insufficient Authentication

CyberDanube Security Research 20240805-0 ------------------------------------------------------------------------------- title| Multiple Vulnerabilities in JetPort Series product| Korenix JetPort Series vulnerable version| 1.2 fixed version| None CVE number| CVE-2024-7395, CVE-2024-7396,...

9.3CVSS7.4AI score0.01382EPSS
Exploits1
Packet Storm
Packet Storm
added 2024/06/26 12:0 a.m.338 views

SolarWinds Platform 2024.1 SR1 Race Condition

Exploit Title: SolarWinds Platform 2024.1 SR1 - Race Condition CVE: CVE-2024-28999 Affected Versions: SolarWinds Platform 2024.1 SR 1 and previous versions Author: Elhussain Fathy, AKA 0xSphinx import requests import urllib3 import asyncio import aiohttp...

7.5CVSS7.1AI score0.13913EPSS
Exploits4
Packet Storm
Packet Storm
added 2024/06/03 12:0 a.m.338 views

Dotclear 2.29 Remote Code Execution

Exploit Title: Dotclear 2.29 - Remote Code Execution RCE Discovered by: Ahmet Ümit BAYRAM Discovered Date: 26.04.2024 Vendor Homepage: https://git.dotclear.org/explore/repos Software Link: https://github.com/dotclear/dotclear/archive/refs/heads/master.zip Tested Version: v2.29 latest Tested on:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/28 12:0 a.m.338 views

Hesk Rtl CMS 1 Cross Site Scripting

==================================================================================================================================== | Title : Hesk Rtl CMS v1 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit | | Vendor :...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/22 12:0 a.m.338 views

OVOO Movie Portal CMS 3.3.3 SQL Injection

Exploit Title: OVOO Movie Portal CMS v3.3.3 - SQL Injection Date: 2023-08-12 Exploit Author: Ahmet Ümit BAYRAM Vendor: https://codecanyon.net/item/ovoomovie-video-streaming-cms-with-unlimited-tvseries/20180569 Tested on: Kali Linux & MacOS CVE: N/A Request POST /filtermovies/1 HTTP/2 Host:...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/11 12:0 a.m.338 views

Easy Web Portal 2.1.1 Cross Site Scripting

==================================================================================================================================== | Title : Easy Web Portal v2.1.1 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 64.0.2 32-bit | |...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/07/25 12:0 a.m.338 views

WordPress File Manager Advanced Shortcode 2.3.2 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Wordpress File Manager Advanced Shortcode 2.3.2 - Unauthenticated Remote Code Execution through shortcode', 'Description' = %q The Wordpress plug...

9.8CVSS7.1AI score0.3962EPSS
Exploits8
Packet Storm
Packet Storm
added 2023/05/22 12:0 a.m.338 views

W3 Eden Download Manager 3.2.70 Cross Site Scripting

W3 Eden recently patched an Authenticated Stored Cross-Site Scripting vulnerability in Download Manager. On April 25, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for a stored Cross-Site Scripting XSS vulnerability in W3 Eden’s Download...

7.1AI score0.00646EPSS
Exploits2
Packet Storm
Packet Storm
added 2023/04/03 12:0 a.m.338 views

ManageEngine Access Manager Plus 4.3.0 Path Traversal

Exploit Title: ManageEngine Access Manager Plus 4.3.0 - File-path-traversal Author: nu11secur1ty Date: 11.22.2023 Vendor: https://www.manageengine.com/ Software: https://www.manageengine.com/privileged-session-management/download.html Reference:...

6.8AI score
Exploits0
Packet Storm
Packet Storm
added 2022/12/09 12:0 a.m.338 views

Delta Electronics DX-2100-L1-CN 1.5.0.10 Command Injection / XSS

CyberDanube Security Research 20221130-0 ------------------------------------------------------------------------------- title| Multiple Vulnerabilities product| Delta Electronics DX-2100-L1-CN vulnerable version| V1.5.0.10 fixed version| V1.5.0.12 CVE number| - impact| High homepage|...

0.7AI score
Exploits0
Packet Storm
Packet Storm
added 2022/03/02 12:0 a.m.338 views

Printix Client 1.3.1106.0 Remote Code Execution

Exploit Title: Printix Client 1.3.1106.0 - Remote Code Execution RCE Date: 3/1/2022 Exploit Author: Logan Latvala Vendor Homepage: https://printix.net Software Link: https://software.printix.net/client/win/1.3.1106.0/PrintixClientWindows.zip Version: = 1.3.1106.0 Tested on: Windows 7, Windows 8,...

0.5AI score0.18617EPSS
Exploits4
Packet Storm
Packet Storm
added 2022/01/21 12:0 a.m.338 views

Backdoor.Win32.Wollf.16 Hardcoded Credential

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/204613443e555f73237ea43a2faecaa5B.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Wollf.16 Vulnerability: Weak Hardcoded Credentials Description: The malware runs wit...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/12/15 12:0 a.m.338 views

Simple Cold Storage Management System 1.0 SQL Injection

Title: Simple Cold Storage Management System 1.0 SQL - Injection Author: nu11secur1ty Date: 12.15.2021 Vendor: https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/php/15088/simple-cold-storage-management-system-using-phpoop-source-code.html Description: The id...

0.4AI score
Exploits0
Total number of security vulnerabilities5000