Lucene search
K
PacketstormMost viewed

50738 matches found

Packet Storm
Packet Storm
added 2023/05/10 12:0 a.m.339 views

VOTAB Voting Quiz PHP Script 1.0 SQL Injection

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/04/21 12:0 a.m.339 views

KODExplorer 4.49 Cross Site Request Forgery / Shell Upload

Exploit Title: KodExplorer ' path = '/data/User/admin/home/' targetpath = input' Target KODExplorer path ex /var/www...

6.3AI score0.02666EPSS
Exploits6
Packet Storm
Packet Storm
added 2023/01/17 12:0 a.m.339 views

Citrix Workspace App For Linux 2212 Credential Leak

Citrix Linux client credential leak The Citrix Linux client emits its session credentials when starting a Citrix session. These credentials end up being recorded in the client's system log. Citrix do not consider this to be a security vulnerability. Software affected - Citrix Workspace App for...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/04/11 12:0 a.m.339 views

Franklin Fueling Systems Colibri Controller Module 1.8.19.8580 Local File Inclusion

Exploit Title: Franklin Fueling Systems Colibri Controller Module 1.8.19.8580 - Local File Inclusion LFI Date: 7/4/2022 Exploit Author: Momen Eldawakhly Cyber Guy Vendor Homepage: https://www.franklinfueling.com/ Version: 1.8.19.8580 Tested on: Linux Firefox CVE : CVE-2021-46417 Proof of Concept...

0.59753EPSS
Exploits7
Packet Storm
Packet Storm
added 2022/01/20 12:0 a.m.339 views

Backdoor.Win32.Wisell Remote Command Execution

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/57bda78cc5fd6a06017148bae28e8e39.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Wisell Vulnerability: Unauthenticated Remote Command Execution Description: The malwa...

Exploits0
Packet Storm
Packet Storm
added 2022/01/05 12:0 a.m.339 views

Gerapy 0.9.7 Remote Code Execution

Exploit Title: Gerapy 0.9.7 - Remote Code Execution RCE Authenticated Date: 03/01/2022 Exploit Author: Jeremiasz Pluta Vendor Homepage: https://github.com/Gerapy/Gerapy Version: All versions of Gerapy prior to 0.9.8 CVE: CVE-2021-43857 Tested on: Gerapy 0.9.6 Vulnerability: Gerapy prior to versio...

9.8CVSS9.1AI score0.55331EPSS
Exploits7
Packet Storm
Packet Storm
added 2021/11/22 12:0 a.m.339 views

Backdoor.Win32.Wollf.a Hardcoded Password

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/52d1341f73c34ba2638581469120b68a.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Wollf.a Vulnerability: Weak Hardcoded Password Description: The malware listens on TC...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/11/04 12:0 a.m.339 views

Opencart 3 Extension TMD Vendor System SQL Injection

Exploit Title: Opencart 3 Extension TMD Vendor System - Blind SQL Injection Author: Muhammad Zaki Sulistya [email protected] Date: 03-11-2021 Product: TMD Vendor System Vendor Homepage: https://www.opencartextensions.in/ Software Link:...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/11/02 12:0 a.m.339 views

Dynojet Power Core 2.3.0 Unquoted Service Path

Exploit Title: Dynojet Power Core 2.3.0 - Unquoted Service Path Exploit Author: Pedro Sousa Rodrigues https://www.0x90.zone/ / @PedroSECR Version: 2.3.0 Build 303 Date: 30.10.2021 Vendor Homepage: https://www.dynojet.com/ Software Link: https://docs.dynojet.com/Document/18762 Tested on: Windows 1...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/07/16 12:0 a.m.339 views

Linux Kernel Netfilter Heap Out-Of-Bounds Write

/ CVE-2021-22555: Turning \x00\x00 into 10000$ by Andy Nguyen theflow@ theflow@theflow:$ gcc -m32 -static -o exploit exploit.c theflow@theflow:$ ./exploit + Linux Privilege Escalation by theflow@ - 2021 + STAGE 0: Initialization Setting up namespace sandbox... Initializing sockets and message...

4.6CVSS0.4AI score0.78684EPSS
Exploits21
Packet Storm
Packet Storm
added 2021/05/19 12:0 a.m.339 views

Backdoor.Win32.RMFdoor.c Authentication Bypass / Code Execution

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/5e2e6ca532c20ee6a59861d936df7076.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.RMFdoor.c Vulnerability: Authentication Bypass RCE Description: The malware listens o...

0.9AI score
Exploits0
Packet Storm
Packet Storm
added 2021/05/18 12:0 a.m.339 views

NetMotion Mobility Server MvcUtil Java Deserialization

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'NetMotion Mobility Server MvcUtil Java Deserialization', 'Description' = %q This module exploits an unauthenticated Java deserialization in the...

9.3CVSS0.6AI score0.77673EPSS
Exploits5
Packet Storm
Packet Storm
added 2021/05/03 12:0 a.m.339 views

IGEL OS Secure VNC/Terminal Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'IGEL OS Secure VNC/Terminal Command Injection RCE', 'Description' = %q This module exploits a command injection vulnerability in IGEL OS Secure...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/04/07 12:0 a.m.339 views

Google Chrome 86.0.4240 V8 Remote Code Execution

/ BSD 2-Clause License Copyright c 2021, rajvardhan agarwal All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice,...

4.3CVSS0.4AI score0.99595EPSS
Exploits14
Packet Storm
Packet Storm
added 2021/03/29 12:0 a.m.339 views

Project Expense Monitoring System 1.0 Authentication Bypass

Exploit Title: Project expense Monitoring System | Create Admin Account Unauthorised Exploit Author: Richard Jones Date: 2021-03-28 Vendor Homepage: https://www.sourcecodester.com/php/14001/project-expense-monitoring-system-project-php-source-code-2020.html Software Link:...

0.5AI score
Exploits0
Packet Storm
Packet Storm
added 2025/04/11 12:0 a.m.338 views

📄 Anant Addons for Elementor 1.1.5 CSRF / Arbitrary Plugin Installation

Anant Addons for Elementor versions 1.1.5 and below cross site request forgery proof of concept that allows for arbitrary plugin installation. 🛡️ Anant Addons for Elementor Anant Addons for Elementor body background-color: 111; color: 0f0; font-family: monospace;...

9.6CVSS9AI score0.00264EPSS
Exploits1
Packet Storm
Packet Storm
added 2025/02/12 12:0 a.m.338 views

ABB Cylon FLXeon 9.3.4 Cross Site Request Forgery

ABB Cylon FLXeon version 9.3.4 suffers from a cross site request forgery vulnerability. However, exploitation is limited to specific conditions due to the server's CORS configuration. !-- ABB Cylon FLXeon 9.3.4 Limited Cross-Site Request Forgery RCE Vendor: ABB Ltd. Product web page:...

7AI score
Exploits0
Packet Storm
Packet Storm
added 2025/02/05 12:0 a.m.338 views

PHPJabbers Cinema Booking System 2.0 Cross Site Request Forgery

PHPJabbers Cinema Booking System version 2.0 suffers from a cross site request forgery vulnerability. CVE-2024-57429 A cross-site request forgery CSRF vulnerability in the pjActionUpdate function of PHPJabbers Cinema Booking System v2.0 allows remote attackers to escalate privileges by tricking a...

6.1CVSS6.8AI score0.00475EPSS
Exploits5
Packet Storm
Packet Storm
added 2024/10/07 12:0 a.m.338 views

ABB Cylon Aspect 3.08.00 setTimeServer.php Remote Code Execution

ABB Cylon Aspect 3.08.00 setTimeServer.php Remote Code Execution Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.00 Summary: ASPECT is an award-winning scalable building energy management a...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/09/27 12:0 a.m.338 views

Simple Chatbot Application 1.0 Insecure Settings

============================================================================================================================================= | Title : Simple Chatbot Application v1.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firef...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/09/23 12:0 a.m.338 views

Quiz Management System 1.0 Cross Site Request Forgery

============================================================================================================================================= | Title : Quiz Management System v1.0 CSRF Add user Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/09/13 12:0 a.m.338 views

Men Salon Management System 2.0 PHP Code Injection

============================================================================================================================================= | Title : Men Salon Management System 2.0 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/09/10 12:0 a.m.338 views

Prison Management System 1.0 Add Administrator

============================================================================================================================================= | Title : Prison Management System v1.0 Add Admin Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.338 views

NTP.org ntpd Reserved Mode Denial of Service

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'NTP.org ntpd Reserved Mode Denial of Service', 'Description' = %q This module exploits a denial of service vulnerability within the NTP network...

6.4CVSS7.1AI score0.32288EPSS
Exploits3
Packet Storm
Packet Storm
added 2024/08/06 12:0 a.m.338 views

Korenix JetPort Series 1.2 Command Injection / Insufficient Authentication

CyberDanube Security Research 20240805-0 ------------------------------------------------------------------------------- title| Multiple Vulnerabilities in JetPort Series product| Korenix JetPort Series vulnerable version| 1.2 fixed version| None CVE number| CVE-2024-7395, CVE-2024-7396,...

9.3CVSS7.4AI score0.01382EPSS
Exploits1
Packet Storm
Packet Storm
added 2024/06/03 12:0 a.m.338 views

Dotclear 2.29 Remote Code Execution

Exploit Title: Dotclear 2.29 - Remote Code Execution RCE Discovered by: Ahmet Ümit BAYRAM Discovered Date: 26.04.2024 Vendor Homepage: https://git.dotclear.org/explore/repos Software Link: https://github.com/dotclear/dotclear/archive/refs/heads/master.zip Tested Version: v2.29 latest Tested on:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/03/15 12:0 a.m.338 views

Financials By Coda Authorization Bypass

Vulnerability type: Incorrect Access Control Vendor: https://www.unit4.com/ Product: Financials by Coda Product site: https://www.unit4.com/fr/products/financial-management-software Affected version: "user" : "", "password" : "", "company" : "", "newPassword" : "newpasswordfortargeteduser",...

7.4AI score0.0073EPSS
Exploits2
Packet Storm
Packet Storm
added 2024/02/12 12:0 a.m.338 views

WyreStorm Apollo VX20 Incorrect Access Control

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/WYRESTORMAPOLLOVX20INCORRECTACCESSCONTROLDOSCVE-2024-25736.txt + twitter.com/hyp3rlinx + ISR: ApparitionSec Vendor www.wyrestorm.com Product APOLLO VX20 1.3.58 Vulnerability...

7.4AI score0.04343EPSS
Exploits4
Packet Storm
Packet Storm
added 2023/08/28 12:0 a.m.338 views

Hesk Rtl CMS 1 Cross Site Scripting

==================================================================================================================================== | Title : Hesk Rtl CMS v1 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit | | Vendor :...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/22 12:0 a.m.338 views

OVOO Movie Portal CMS 3.3.3 SQL Injection

Exploit Title: OVOO Movie Portal CMS v3.3.3 - SQL Injection Date: 2023-08-12 Exploit Author: Ahmet Ümit BAYRAM Vendor: https://codecanyon.net/item/ovoomovie-video-streaming-cms-with-unlimited-tvseries/20180569 Tested on: Kali Linux & MacOS CVE: N/A Request POST /filtermovies/1 HTTP/2 Host:...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/11 12:0 a.m.338 views

Easy Web Portal 2.1.1 Cross Site Scripting

==================================================================================================================================== | Title : Easy Web Portal v2.1.1 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 64.0.2 32-bit | |...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/06/27 12:0 a.m.338 views

Microsoft Excel / 365 MSO Remote Code Execution

Title: Microsoft Excel Microsoft® Microsoft 365 MSO Version 2305 Build 16.0.16501.20074 32-bit Remote Code Execution Vulnerability Author: nu11secur1ty Date: 06.27.2023 Vendor: https://www.microsoft.com/ Software: https://www.microsoft.com/en-us/microsoft-365/excel Reference:...

7.8CVSS7.1AI score0.02748EPSS
Exploits2
Packet Storm
Packet Storm
added 2023/06/06 12:0 a.m.338 views

WordPress WP File Manager 7.1.7 Backup Disclosure

==================================================================================================================================== | Title : WordPress - wp file manager pro 7.1.7 Backup Disclosure Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/05/24 12:0 a.m.338 views

WordPress Backup Migration 1.2.8 Backup Disclosure

Exploit Title: WordPress Plugin Backup Migration 1.2.8 - Unauthenticated Database Backup Google Dork: intitle:"Index of /wp-content/plugins/backup-backup" AND inurl:"plugins/backup-backup/" Date: 2023-05-10 Exploit Author: Wadeek Vendor Homepage: https://backupbliss.com/ Software Link:...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/05/22 12:0 a.m.338 views

W3 Eden Download Manager 3.2.70 Cross Site Scripting

W3 Eden recently patched an Authenticated Stored Cross-Site Scripting vulnerability in Download Manager. On April 25, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for a stored Cross-Site Scripting XSS vulnerability in W3 Eden’s Download...

7.1AI score0.00646EPSS
Exploits2
Packet Storm
Packet Storm
added 2022/12/09 12:0 a.m.338 views

Delta Electronics DX-2100-L1-CN 1.5.0.10 Command Injection / XSS

CyberDanube Security Research 20221130-0 ------------------------------------------------------------------------------- title| Multiple Vulnerabilities product| Delta Electronics DX-2100-L1-CN vulnerable version| V1.5.0.10 fixed version| V1.5.0.12 CVE number| - impact| High homepage|...

0.7AI score
Exploits0
Packet Storm
Packet Storm
added 2022/03/02 12:0 a.m.338 views

Printix Client 1.3.1106.0 Remote Code Execution

Exploit Title: Printix Client 1.3.1106.0 - Remote Code Execution RCE Date: 3/1/2022 Exploit Author: Logan Latvala Vendor Homepage: https://printix.net Software Link: https://software.printix.net/client/win/1.3.1106.0/PrintixClientWindows.zip Version: = 1.3.1106.0 Tested on: Windows 7, Windows 8,...

0.5AI score0.18617EPSS
Exploits4
Packet Storm
Packet Storm
added 2022/02/16 12:0 a.m.338 views

Google Play Protect 22.4.25 Detection Bypass

Exploit Title: Google Play Protect 22.4.25 - Detection Bypass Date: 2022-02-14 Exploit Author: Aryan Chehreghani Contact: [email protected] Vendor Homepage: https://play.google.com Version: 22.4.25 Possibly all versions Tested on: Android 5.1.1 About - Google Play Protect : Google Play...

Exploits0
Packet Storm
Packet Storm
added 2022/02/09 12:0 a.m.338 views

Backdoor.Win32.Prexot.a Authentication Bypass

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/29bc048d58ab8038c7001ef0d5e69c9b.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Prexot.a Vulnerability: Authentication Bypass Description: The malware listens on...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2022/01/21 12:0 a.m.338 views

Backdoor.Win32.Wollf.16 Hardcoded Credential

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/204613443e555f73237ea43a2faecaa5B.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Wollf.16 Vulnerability: Weak Hardcoded Credentials Description: The malware runs wit...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/01/06 12:0 a.m.338 views

Backdoor.Win32.Jtram.a Insecure Credential Storage

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/596882dfba543b23ad3225d24ee5e800.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Jtram.a Vulnerability: Insecure Credential Storage Description: The malware listens o...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/12/15 12:0 a.m.338 views

Simple Cold Storage Management System 1.0 SQL Injection

Title: Simple Cold Storage Management System 1.0 SQL - Injection Author: nu11secur1ty Date: 12.15.2021 Vendor: https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/php/15088/simple-cold-storage-management-system-using-phpoop-source-code.html Description: The id...

0.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/06/25 12:0 a.m.338 views

Simple Client Management System 1.0 SQL Injection

Exploit Title: Simple Client Management System 1.0 - 'uemail' SQL Injection Unauthenticated Date: 24-06-2021 Exploit Author: Barış Yıldızoğlu Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/client-details.zip...

0.6AI score
Exploits0
Packet Storm
Packet Storm
added 2020/12/17 12:0 a.m.338 views

Dolibarr ERP-CRM 12.0.3 Remote Code Execution

Exploit Title: Dolibarr ERP-CRM 12.0.3 - Remote Code Execution Authenticated Date: 2020.12.17 Exploit Author: Yilmaz Degirmenci Vendor Homepage: https://github.com/Dolibarr/dolibarr Software Link: https://sourceforge.net/projects/dolibarr/ Version: 12.0.3 Tested on: Kali Linux 2020.2 Vulnerabilit...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/09/25 12:0 a.m.338 views

BigTree CMS 4.4.10 Remote Code Execution

Exploit Title: BigTree CMS 4.4.10 - Remote Code Execution Google Dork: " BigTree CMS " Date: 2020-25-09 Exploit Author: SunCSR ThienNV and HoaVT - Sun Cyber Security Research Vendor Homepage: https://www.bigtreecms.org/ Software Link: https://www.bigtreecms.org/ Version: 4.4.10 Tested on: Windows...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/07/23 12:0 a.m.338 views

Online Book Store 1.0 Code Execution

!/usr/bin/env python3 Exploit Title: Online Book Store 1.0 - Unauthenticated Remote Code Execution modified by cesgami Google Dork: N/A Date: 2020-01-07 2020-22-07 Exploit Author: Tib3rius Vendor Homepage: https://projectworlds.in/free-projects/php-projects/online-book-store-project-in-php/...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2019/05/17 12:0 a.m.338 views

GAT-Ship Web Module 1.30 Information Disclosure

GAT-Ship Web Module 1.30 - Unauthenticated Information Disclosure Vulnerability It is possible in versions 1.30 and below for unauthenticated attackers to query the GAT-Ship Web Module for system information via a crafted request: PoC:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2018/12/11 12:0 a.m.338 views

WordPress Wysija-Newsletters 2.10.2 Database Disclosure

Exploit Title : WordPress Wysija-Newsletters 2.10.2 Database Backup Disclosure Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 08/12/2018 Vendor Homepage : mailpoet.com wordpress.org/plugins/wysija-newsletters/ Software Download Link :...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2025/04/08 12:0 a.m.337 views

📄 jQuery 3.3.1 Cross Site Scripting

jQuery version 3.3.1 proof of concept exploit that demonstrates cross site scripting via improper script handling and prototype pollution. Exploit Title: jQuery Prototype Pollution & XSS Exploit CVE-2019-11358 & CVE-2020-7656 Google Dork: N/A Date: 2025-02-13 Exploit Author: xOryus Vendor Homepag...

6.1CVSS6.3AI score0.87218EPSS
Exploits5
Packet Storm
Packet Storm
added 2025/02/20 12:0 a.m.337 views

LTL Freight Quotes – Old Dominion Edition 4.2.10 SQL Injection

LTL Freight Quotes – Old Dominion Edition versions 4.2.10 and below suffer from an unauthenticated remote SQL injection vulnerability. CVE-2024-13489 LTL Freight Quotes – Old Dominion Edition = 4.2.10 - Unauthenticated SQL Injection Description The LTL Freight Quotes – Old Dominion Edition plugin...

7.5CVSS8.4AI score0.0073EPSS
Exploits3
Total number of security vulnerabilities5000