Lucene search
K
PacketstormMost viewed

50748 matches found

Packet Storm
Packet Storm
added 2026/01/22 12:0 a.m.337 views

📄 libxml2 2.9.14 Remote Code Execution

libxml2 version 2.9.14 2022 proof of concept exploit for a heap buffer overflow in the xmlRegEpxFromParse function in xmlregexp.c. This version from the author is in the form of a Metasploit module...

7.5CVSS5.8AI score0.01364EPSS
Exploits3
Packet Storm
Packet Storm
added 2025/04/15 12:0 a.m.337 views

📄 GestioIP 3.5.7 Remote Command Execution

GestioIP version 3.5.7 suffers from a remote command execution vulnerability. Exploit Title: GestioIP 3.5.7 - Remote Command Execution RCE Exploit Author: m4xth0r Maximiliano Belino Author website: https://maxibelino.github.io/ Author email max.cybersecurity at belino.com GitHub disclosure link:...

9.8CVSS7.3AI score0.45109EPSS
Exploits5
Packet Storm
Packet Storm
added 2025/04/08 12:0 a.m.337 views

📄 jQuery 3.3.1 Cross Site Scripting

jQuery version 3.3.1 proof of concept exploit that demonstrates cross site scripting via improper script handling and prototype pollution. Exploit Title: jQuery Prototype Pollution & XSS Exploit CVE-2019-11358 & CVE-2020-7656 Google Dork: N/A Date: 2025-02-13 Exploit Author: xOryus Vendor Homepag...

6.1CVSS6.3AI score0.87218EPSS
Exploits5
Packet Storm
Packet Storm
added 2025/03/07 12:0 a.m.338 views

Advantech WebAccess 7.1 SQL Injection

Advantech WebAccess version 7.1 proof of concept exploit that demonstrates a SQL injection vulnerability original discovered in 2014. ============================================================================================================================================= | Title : Advantech...

7.5CVSS8.3AI score0.19243EPSS
Exploits4
Packet Storm
Packet Storm
added 2025/02/20 12:0 a.m.337 views

LTL Freight Quotes – Old Dominion Edition 4.2.10 SQL Injection

LTL Freight Quotes – Old Dominion Edition versions 4.2.10 and below suffer from an unauthenticated remote SQL injection vulnerability. CVE-2024-13489 LTL Freight Quotes – Old Dominion Edition = 4.2.10 - Unauthenticated SQL Injection Description The LTL Freight Quotes – Old Dominion Edition plugin...

7.5CVSS8.4AI score0.0073EPSS
Exploits3
Packet Storm
Packet Storm
added 2024/11/05 12:0 a.m.337 views

ABB Cylon Aspect 3.08.00 Off-By-One

ABB Cylon Aspect 3.08.00 logMix/YumLookup.php Off-by-One Error in Log Parsing Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.00 Summary: ASPECT is an award-winning scalable building energy...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/07/23 12:0 a.m.337 views

PPDB ONLINE 1.3 Administrative Page Disclosure

==================================================================================================================================== | Title : PPDB ONLINE V.1.3 HTML Form in redirect page Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/01/03 12:0 a.m.337 views

WebCalendar 1.3.0 Cross Site Scripting

Exploit Title: WebCalendar Version: 1.3.0 - Stored XSS - Reflected XSS Date: 2024-3-1 Exploit Author: tmrswrr Vendor Homepage: http://www.k5n.us/webcalendar.php Version: 1.3.0 Tested on: https://www.softaculous.com/apps/calendars/WebCalendar Stored XSS 1 Write Events Add New Events Brief...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/12/01 12:0 a.m.337 views

Kopage Website Builder 4.4.15 Cross Site Scripting

Exploit Title: Kopage Website Builder version 4.4.15 – Stored Cross-Site Scripting XSS Date: 1/12/2023 Exploit Author: tmrswrr Vendor Homepage: https://www.kopage.com/ Version: Version : 4.4.15 Tested on: https://demo.kopage.com/index.php Poc: 1 Install the system through the website and log in...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/11/27 12:0 a.m.337 views

osCommerce 4 Cross Site Scripting

Exploit Title: osCommerce 4 - Reflected XSS Exploit Author: CraCkEr Date: 13/11/2023 Vendor: osCommerce ltd. Vendor Homepage: https://www.oscommerce.com/ Software Link: https://demo.oscommerce.com/ Demo Link: https://demo.oscommerce.com/printshop/ Tested on: Windows 11 Home Impact: Manipulate the...

6.1CVSS7.4AI score0.00805EPSS
Exploits1
Packet Storm
Packet Storm
added 2023/09/25 12:0 a.m.337 views

Lamano LMS 0.1 Insecure Settings

==================================================================================================================================== | Title : Lamano LMS v0.1 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 69.032-bit | ...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/09/18 12:0 a.m.337 views

KPOT Stealer CMS 2.0 Directory Traversal

==================================================================================================================================== | Title : KPOT Stealer CMS v2.0 Directory Traversal Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0....

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/25 12:0 a.m.337 views

Groupoffice 3.4.21 Directory Traversal

==================================================================================================================================== | Title : Groupoffice v3.4.21 Directory Traversal Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/07/25 12:0 a.m.337 views

WordPress File Manager Advanced Shortcode 2.3.2 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Wordpress File Manager Advanced Shortcode 2.3.2 - Unauthenticated Remote Code Execution through shortcode', 'Description' = %q The Wordpress plug...

9.8CVSS7.1AI score0.3962EPSS
Exploits8
Packet Storm
Packet Storm
added 2023/07/07 12:0 a.m.337 views

DANGEROUS MAILER-CLONED 2.0 Information Disclosure

==================================================================================================================================== | Title : DANGEROUS MAILER-CLONED V2.0 information disclosure Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/06/27 12:0 a.m.337 views

Chrome Internal JavaScript Object Access Via Origin Trials

Chrome: Internal JavaScript object access via Origin Trials VULNERABILITY DETAILS 1. JSObject::DefineAccessor doesn't ensure that the receiver object is in a valid state before creating an accessor property. This allows callers to extend non-extensible objects and reconfigure non-configurable...

8.8CVSS7.1AI score0.29136EPSS
Exploits1
Packet Storm
Packet Storm
added 2023/05/01 12:0 a.m.337 views

Old Age Home Management 1.0 SQL Injection

Title: Old Age Home Management-2022-2023-1.0 SQLi-Bypass-Authentication-Account-Take-Over Author: nu11secur1ty Date: 04.29.2023 Vendor: BY ANUJ KUMAR, https://phpgurukul.com/author/anujk305/ Software: https://phpgurukul.com/old-age-home-management-system-using-php-and-mysql/googlevignette...

6.9AI score
Exploits0
Packet Storm
Packet Storm
added 2023/04/20 12:0 a.m.337 views

Serendipity 2.4.0 Shell Upload

Exploit Title: Serendipity 2.4.0 - Remote Code Execution RCE Authenticated Application: Serendipity Version: 2.4.0 Bugs: Remote Code Execution RCE Authenticated via file upload Technology: PHP Vendor URL: https://docs.s9y.org/ Software Link: https://docs.s9y.org/downloads.html Date of found:...

6.8AI score
Exploits0
Packet Storm
Packet Storm
added 2023/04/03 12:0 a.m.337 views

ManageEngine Access Manager Plus 4.3.0 Path Traversal

Exploit Title: ManageEngine Access Manager Plus 4.3.0 - File-path-traversal Author: nu11secur1ty Date: 11.22.2023 Vendor: https://www.manageengine.com/ Software: https://www.manageengine.com/privileged-session-management/download.html Reference:...

6.8AI score
Exploits0
Packet Storm
Packet Storm
added 2023/03/16 12:0 a.m.337 views

Bitbucket Environment Variable Remote Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Bitbucket Environment Variable RCE', 'Description' = %q For various versions of Bitbucket, there is an authenticated command injection...

9.8CVSS0.8AI score0.98035EPSS
Exploits3
Packet Storm
Packet Storm
added 2022/10/04 12:0 a.m.337 views

WordPress Elementor 3.6.2 Shell Upload

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Wordpress Plugin Elementor Authenticated Upload Remote Code Execution', 'Description' = %q The WordPress plugin Elementor versions 3.6.0 - 3.6.2,...

8.8CVSS8.8AI score0.92943EPSS
Exploits10
Packet Storm
Packet Storm
added 2022/09/27 12:0 a.m.338 views

Food Ordering Management System 1.0 SQL Injection

Exploit Title: Food Ordering Management System - SQL Injection Google Dork: N/A Date: 2022-9-27 Exploit Author: yousef alraddadi - https://twitter.com/y0usef11 Vendor Homepage: https://www.sourcecodester.com/php/15689/food-ordering-management-system-php-and-mysql-free-source-code.html Software...

0.5AI score
Exploits0
Packet Storm
Packet Storm
added 2022/09/26 12:0 a.m.337 views

WordPress Forym 1.5.7 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/08/10 12:0 a.m.337 views

Webmin Package Updates Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Webmin Package Updates RCE', 'Description' = %q This module exploits an arbitrary command injection in Webmin versions prior to 1.997. Webmin use...

9.8CVSS9.6AI score0.96049EPSS
Exploits8
Packet Storm
Packet Storm
added 2022/06/30 12:0 a.m.337 views

Backdoor.Win32.Cafeini.b MVID-2022-0617 Hardcoded Credential

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/a8fc1b3f7a605dc06a319bf0e14ca68b.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Cafeini.b Vulnerability: Weak Hardcoded Credentials Description: The malwar...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/05/30 12:0 a.m.337 views

Ingredient Stock Management System 1.0 SQL Injection

Exploit Title: Ingredient Stock Management System v1.0 - 'id' Blind SQL Injection Date: 28/05/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/15364/ingredients-stock-management-system-phpoop-free-source-code.html...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2022/04/13 12:0 a.m.337 views

Verizon 4G LTE Network Extender 0.4.038.2131 Weak Credential Algorithm

Verizon 4G LTE Network Extender Weak Credentials Algorithm Vendor: Verizon Communications Inc. Product web page: https://www.verizon.com Affected version: GA4.38 - V0.4.038.2131 Summary: An LTE Network Extender enhances your indoor and 4G LTE data and voice coverage to provide better service for...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/04/04 12:0 a.m.337 views

ALLMediaServer 1.6 Buffer Overflow

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework Author: Hejap Zairy Date: 1.08.2022 Exploit Prof Proof and Exploit: image:https://i.imgur.com/yLrRR2t.png video:https://streamable.com/x4i50c require 'msf/core' class...

1AI score0.68733EPSS
Exploits4
Packet Storm
Packet Storm
added 2022/03/14 12:0 a.m.337 views

Baixar GLPI Project 9.4.6 SQL Injection

Exploit Title: Baixar GLPI Project 9.4.6 - SQLi Date: 10/12 Exploit Author: Joas Antonio Vendor Homepage: https://glpi-project.org/pt-br/ https://www.blueonyx.it/ Software Link: https://glpi-project.org/pt-br/baixar/ Version: GLPI - 9.4.6 Tested on: Windows/Linux CVE : CVE-2021-44617 POC1:...

0.1AI score0.02089EPSS
Exploits4
Packet Storm
Packet Storm
added 2022/02/02 12:0 a.m.337 views

PHP Unit 4.8.28 Remote Code Execution

Exploit Title: PHP Unit 4.8.28 - Remote Code Execution RCE Unauthenticated Date: 2022/01/30 Exploit Author: souzo Vendor Homepage: phpunit.de Version: 4.8.28 Tested on: Unit CVE : CVE-2017-9841 import requests from sys import argv phpfiles = "/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php",...

9.8CVSS9.1AI score0.99999EPSS
Exploits19
Packet Storm
Packet Storm
added 2021/06/25 12:0 a.m.337 views

SAPSprint 7.60 Unquoted Service Path

Exploit Title: SAPSprint 7.60 - 'SAPSprint' Unquoted Service Path Discovery by: Brian Rodriguez Date: 21-06-2021 Vendor Homepage: https://brother.com/ Tested Version: 7.60 Vulnerability Type: Unquoted Service Path Tested on: Windows 10 Enterprise 64 bits Step to discover Unquoted Service Path:...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2021/02/05 12:0 a.m.337 views

LiteSpeed Web Server Enterprise 5.4.11 Command Injection

Exploit Title: LiteSpeed Web Server Enterprise 5.4.11 - Command Injection Authenticated Date: 05/20/2021 Exploit Author: cmOs - SunCSR Vendor Homepage: https://www.litespeedtech.com/ Software Link: https://www.litespeedtech.com/products Version: 5.4.11 Ubuntu/Kali Linux Step 1: Log in to the...

0.5AI score
Exploits0
Packet Storm
Packet Storm
added 2020/10/26 12:0 a.m.337 views

Genexis Platinum-4410 Cross Site Scripting

Exploit Title: Persistent XSS in SSID Date: 10/24/2020 Exploit Author: Amal Mohandas Vendor Homepage: https://genexis.co.in/product/ont/ Version: Platinum-4410 Software version - P4410-V2-1.28 Tested on: Windows 10 Vulnerability Details ====================== Genexis Platinum-4410 Home Gateway...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/10/15 12:0 a.m.337 views

Zoo Management System 1.0 SQL Injection

Exploit Title: Zoo Management System 1.0 - Authentication Bypass Date: 02/10/2020 Exploit Author: Jyotsna Adhana Vendor Homepage: https://phpgurukul.com/zoo-management-system-using-php-and-mysql/ Software Link: https://phpgurukul.com/?smdprocessdownload=1&downloadid=12723 Version: 1.0 Tested On:...

0.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/03/28 12:0 a.m.337 views

Micro Focus Vibe 4.0.6 HTML Injection

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2019-046 Product: Micro Focus Vibe formerly Novelle Vibe Manufacturer: Micro Focus International plc Affected Versions: 4.0.6 Tested Versions: 4.0.6 Vulnerability Type: HTML Injection CWE-79 Risk Level: Low Solution Status: Fixed...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2020/03/24 12:0 a.m.337 views

WordPress WPForms 1.5.9 Cross Site Scripting

Exploit Title: Wordpress Plugin WPForms 1.5.9 - Persistent Cross-Site Scripting Date: 2020-02-18 Vendor Homepage: https://wpforms.com Vendor Changelog: https://wordpress.org/plugins/wpforms-lite/developers Exploit Author: Jinson Varghese Behanan Author Advisory:...

5.5AI score0.04428EPSS
Exploits6
Packet Storm
Packet Storm
added 2019/11/29 12:0 a.m.337 views

WordPress Plainview Activity Monitor 20161228 Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Wordpress Plainview Activity Monitor RCE', 'Description' = %q Plainview Activity Monitor Wordpress plugin is vulnerable to OS command injection...

9CVSS0.8AI score0.7699EPSS
Exploits11
Packet Storm
Packet Storm
added 2018/12/21 12:0 a.m.337 views

GIGABYTE Driver Privilege Escalation

SecureAuth - SecureAuth Labs Advisory http://www.secureauth.com/ GIGABYTE Drivers Elevation of Privilege Vulnerabilities 1. Advisory Information Title: GIGABYTE Drivers Elevation of Privilege Vulnerabilities Advisory ID: CORE-2018-0007 Advisory URL:...

0.7AI score0.08523EPSS
Exploits8
Packet Storm
Packet Storm
added 2018/11/20 12:0 a.m.337 views

Richfaces 3.x Remote Code Execution

Original report+advisories: TITLE: ==================== Unauthenticated Remote Code execution in WebApps using Richfaces 3.X all versions. RESUME ==================== RichFaces Framework 3.X through 3.3.4 all versions is vulnerable to Expression Language EL Injection via UserResource resource,...

9.5AI score0.74171EPSS
Exploits6
Packet Storm
Packet Storm
added 2025/12/03 12:0 a.m.336 views

📄 EduplusCampus 3.0.1 Insecure Direct Object Reference

A critical insecure direct object reference vulnerability was identified in the EduplusCampus student portal version 3.0.1. This vulnerability allows an authenticated user to access the sensitive personal and financial records of other students by modifying the recno parameter in the API request...

6.5CVSS6.8AI score0.00302EPSS
Exploits3
Packet Storm
Packet Storm
added 2024/10/17 12:0 a.m.336 views

SofaWiki 3.9.2 Cross Site Scripting

Exploit Title: SofaWiki 3.9.2 - Stored XSS Authenticated Date: 10/17/2024 Exploit Author: Chokri Hammedi Vendor Homepage: https://www.sofawiki.com Software Link: https://www.sofawiki.com/site/files/snapshot.zip Version: 3.9.2 Tested on: Windows XP Summary: A stored XSS exists in SofaWiki's Open...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/09/24 12:0 a.m.336 views

Elaine's Realtime CRM Automation 6.18.17 Cross Site Scripting

Exploit Title: Reflected XSS in Elaine's Realtime CRM Automation v6.18.17 Date: 09/2024 Exploit Author: Haythem Arfaoui CBTW Team Vendor Homepage: https://www.elaine.io/ Software Link: https://www.elaine.io/en/products/elaine-marketing-automation/ Version: 6.18.17 and below Tested on: Windows,...

7.4AI score0.01084EPSS
Exploits3
Packet Storm
Packet Storm
added 2024/09/05 12:0 a.m.336 views

ASIS 3.2.0 SQL Injection

============================================================================================================================================ | Title : ASIS | Aplikasi Sistem Sekolah using CodeIgniter 3 - SQL Injection Authentication Bypass | | Author : checkgue | | Tested on : windows 10 Home /...

9.8CVSS7.1AI score0.36297EPSS
Exploits3
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.336 views

Jetty WEB-INF File Disclosure

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Jetty WEB-INF File Disclosure', 'Description' = %q Jetty suffers from a vulnerability where certain encoded URIs and ambiguous paths can access...

5.3CVSS7AI score0.99298EPSS
Exploits11
Packet Storm
Packet Storm
added 2024/06/06 12:0 a.m.336 views

Small CRM 1.0 Cross Site Scripting

Exploit Title: Small CRM Developed using PHP and MySQL - Cross-Site Scripting Reflected Date: 05.06.2024 Exploit Author: Furkan Eren Tetik Vendor Homepage: https://phpgurukul.com/php-projects-free-downloads Software Link: https://phpgurukul.com/small-crm-php Version: 1.0 Tested on: Windows 11, Ka...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/05/14 12:0 a.m.336 views

Plantronics Hub 3.25.1 Arbitrary File Read

Exploit Title: Plantronics Hub 3.25.1 – Arbitrary File Read Date: 2024-05-10 Exploit Author: Farid Zerrouk from Deloitte Belgium, Alaa Kachouh from Mastercard Vendor Homepage: https://support.hp.com/us-en/document/ish9869257-9869285-16/hpsbpy03895 Version: Plantronics Hub for Windows version 3.25...

7.4AI score0.01673EPSS
Exploits4
Packet Storm
Packet Storm
added 2024/04/22 12:0 a.m.336 views

Laravel Framework 11 Credential Disclosure

Exploit Title: Laravel Framework 11 - Credential Leakage Google Dork: N/A Date: 2024-04-19 Exploit Author: Huseein Amer Vendor Homepage: https://laravel.com/ Software Link: N/A Version: 8. - 11. REQUIRED Tested on: N/A CVE : CVE-2024-29291 Proof of concept: Go to any Laravel-based website and...

7.1AI score0.01341EPSS
Exploits3
Packet Storm
Packet Storm
added 2024/02/29 12:0 a.m.336 views

WordPress IDonate Blood Request Management System 1.8.1 Cross Site Scripting

Exploit Title: IDonate – blood request management system XSS in Recaptcha secret key and in Recaptcha Site key 3- Click on save changes. 4- While clicking on the payload text, XSS will trigger. Vulnerable Code: public function idonaterecaptchasecretkeycallback if isset...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/12/20 12:0 a.m.336 views

MOKOSmart MKGW1 Gateway Improper Session Management

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 MOKOSmart MKGW1 Gateway Improper Session Management Link: https://github.com/sbaresearch/advisories/tree/public/2022/SBA-ADV-20220120-01MOKOSmartMKGW1GatewayImproperSessionManagement Vulnerability Overview MOKOSmart MKGW1 Gateway devices with firmwa...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/31 12:0 a.m.336 views

InterPhoto 2.3.0 Shell Upload

==================================================================================================================================== | Title : InterPhoto 2.3.0 Persians Remote Shell Upload vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...

7.1AI score
Exploits0
Total number of security vulnerabilities5000