Lucene search
K
PacketstormMost viewed

50738 matches found

Packet Storm
Packet Storm
added 2022/06/30 12:0 a.m.337 views

Backdoor.Win32.Cafeini.b MVID-2022-0617 Hardcoded Credential

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/a8fc1b3f7a605dc06a319bf0e14ca68b.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Cafeini.b Vulnerability: Weak Hardcoded Credentials Description: The malwar...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/04/13 12:0 a.m.337 views

Verizon 4G LTE Network Extender 0.4.038.2131 Weak Credential Algorithm

Verizon 4G LTE Network Extender Weak Credentials Algorithm Vendor: Verizon Communications Inc. Product web page: https://www.verizon.com Affected version: GA4.38 - V0.4.038.2131 Summary: An LTE Network Extender enhances your indoor and 4G LTE data and voice coverage to provide better service for...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/04/04 12:0 a.m.337 views

ALLMediaServer 1.6 Buffer Overflow

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework Author: Hejap Zairy Date: 1.08.2022 Exploit Prof Proof and Exploit: image:https://i.imgur.com/yLrRR2t.png video:https://streamable.com/x4i50c require 'msf/core' class...

1AI score0.68733EPSS
Exploits4
Packet Storm
Packet Storm
added 2022/03/14 12:0 a.m.337 views

Baixar GLPI Project 9.4.6 SQL Injection

Exploit Title: Baixar GLPI Project 9.4.6 - SQLi Date: 10/12 Exploit Author: Joas Antonio Vendor Homepage: https://glpi-project.org/pt-br/ https://www.blueonyx.it/ Software Link: https://glpi-project.org/pt-br/baixar/ Version: GLPI - 9.4.6 Tested on: Windows/Linux CVE : CVE-2021-44617 POC1:...

0.1AI score0.02089EPSS
Exploits4
Packet Storm
Packet Storm
added 2022/02/02 12:0 a.m.337 views

PHP Unit 4.8.28 Remote Code Execution

Exploit Title: PHP Unit 4.8.28 - Remote Code Execution RCE Unauthenticated Date: 2022/01/30 Exploit Author: souzo Vendor Homepage: phpunit.de Version: 4.8.28 Tested on: Unit CVE : CVE-2017-9841 import requests from sys import argv phpfiles = "/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php",...

9.8CVSS9.1AI score0.99999EPSS
Exploits19
Packet Storm
Packet Storm
added 2022/01/25 12:0 a.m.337 views

Grandstream UCM62xx IP PBX sendPasswordEmail Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Grandstream UCM62xx IP PBX sendPasswordEmail RCE', 'Description' = %q This module exploits an unauthenticated SQL injection vulnerability...

10CVSS0.4AI score0.83926EPSS
Exploits8
Packet Storm
Packet Storm
added 2022/01/06 12:0 a.m.337 views

Backdoor.Win32.Jtram.a Insecure Credential Storage

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/596882dfba543b23ad3225d24ee5e800.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Jtram.a Vulnerability: Insecure Credential Storage Description: The malware listens o...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/06/25 12:0 a.m.337 views

Simple Client Management System 1.0 SQL Injection

Exploit Title: Simple Client Management System 1.0 - 'uemail' SQL Injection Unauthenticated Date: 24-06-2021 Exploit Author: Barış Yıldızoğlu Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/client-details.zip...

0.6AI score
Exploits0
Packet Storm
Packet Storm
added 2021/06/25 12:0 a.m.337 views

SAPSprint 7.60 Unquoted Service Path

Exploit Title: SAPSprint 7.60 - 'SAPSprint' Unquoted Service Path Discovery by: Brian Rodriguez Date: 21-06-2021 Vendor Homepage: https://brother.com/ Tested Version: 7.60 Vulnerability Type: Unquoted Service Path Tested on: Windows 10 Enterprise 64 bits Step to discover Unquoted Service Path:...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2021/02/05 12:0 a.m.337 views

LiteSpeed Web Server Enterprise 5.4.11 Command Injection

Exploit Title: LiteSpeed Web Server Enterprise 5.4.11 - Command Injection Authenticated Date: 05/20/2021 Exploit Author: cmOs - SunCSR Vendor Homepage: https://www.litespeedtech.com/ Software Link: https://www.litespeedtech.com/products Version: 5.4.11 Ubuntu/Kali Linux Step 1: Log in to the...

0.5AI score
Exploits0
Packet Storm
Packet Storm
added 2020/10/26 12:0 a.m.337 views

Genexis Platinum-4410 Cross Site Scripting

Exploit Title: Persistent XSS in SSID Date: 10/24/2020 Exploit Author: Amal Mohandas Vendor Homepage: https://genexis.co.in/product/ont/ Version: Platinum-4410 Software version - P4410-V2-1.28 Tested on: Windows 10 Vulnerability Details ====================== Genexis Platinum-4410 Home Gateway...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/03/28 12:0 a.m.337 views

Micro Focus Vibe 4.0.6 HTML Injection

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2019-046 Product: Micro Focus Vibe formerly Novelle Vibe Manufacturer: Micro Focus International plc Affected Versions: 4.0.6 Tested Versions: 4.0.6 Vulnerability Type: HTML Injection CWE-79 Risk Level: Low Solution Status: Fixed...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2020/03/24 12:0 a.m.337 views

WordPress WPForms 1.5.9 Cross Site Scripting

Exploit Title: Wordpress Plugin WPForms 1.5.9 - Persistent Cross-Site Scripting Date: 2020-02-18 Vendor Homepage: https://wpforms.com Vendor Changelog: https://wordpress.org/plugins/wpforms-lite/developers Exploit Author: Jinson Varghese Behanan Author Advisory:...

5.5AI score0.04428EPSS
Exploits6
Packet Storm
Packet Storm
added 2019/11/29 12:0 a.m.337 views

WordPress Plainview Activity Monitor 20161228 Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Wordpress Plainview Activity Monitor RCE', 'Description' = %q Plainview Activity Monitor Wordpress plugin is vulnerable to OS command injection...

9CVSS0.8AI score0.7699EPSS
Exploits11
Packet Storm
Packet Storm
added 2018/12/21 12:0 a.m.337 views

GIGABYTE Driver Privilege Escalation

SecureAuth - SecureAuth Labs Advisory http://www.secureauth.com/ GIGABYTE Drivers Elevation of Privilege Vulnerabilities 1. Advisory Information Title: GIGABYTE Drivers Elevation of Privilege Vulnerabilities Advisory ID: CORE-2018-0007 Advisory URL:...

0.7AI score0.08523EPSS
Exploits8
Packet Storm
Packet Storm
added 2018/12/11 12:0 a.m.337 views

WordPress Wysija-Newsletters 2.10.2 Database Disclosure

Exploit Title : WordPress Wysija-Newsletters 2.10.2 Database Backup Disclosure Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 08/12/2018 Vendor Homepage : mailpoet.com wordpress.org/plugins/wysija-newsletters/ Software Download Link :...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2018/11/20 12:0 a.m.337 views

Richfaces 3.x Remote Code Execution

Original report+advisories: TITLE: ==================== Unauthenticated Remote Code execution in WebApps using Richfaces 3.X all versions. RESUME ==================== RichFaces Framework 3.X through 3.3.4 all versions is vulnerable to Expression Language EL Injection via UserResource resource,...

9.5AI score0.74171EPSS
Exploits6
Packet Storm
Packet Storm
added 2025/04/15 12:0 a.m.336 views

📄 GestioIP 3.5.7 Remote Command Execution

GestioIP version 3.5.7 suffers from a remote command execution vulnerability. Exploit Title: GestioIP 3.5.7 - Remote Command Execution RCE Exploit Author: m4xth0r Maximiliano Belino Author website: https://maxibelino.github.io/ Author email max.cybersecurity at belino.com GitHub disclosure link:...

9.8CVSS7.3AI score0.45109EPSS
Exploits5
Packet Storm
Packet Storm
added 2024/10/17 12:0 a.m.336 views

SofaWiki 3.9.2 Cross Site Scripting

Exploit Title: SofaWiki 3.9.2 - Stored XSS Authenticated Date: 10/17/2024 Exploit Author: Chokri Hammedi Vendor Homepage: https://www.sofawiki.com Software Link: https://www.sofawiki.com/site/files/snapshot.zip Version: 3.9.2 Tested on: Windows XP Summary: A stored XSS exists in SofaWiki's Open...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/09/23 12:0 a.m.336 views

Quiz Management System 1.0 Cross Site Request Forgery

============================================================================================================================================= | Title : Quiz Management System v1.0 CSRF Add user Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/09/13 12:0 a.m.336 views

Men Salon Management System 2.0 PHP Code Injection

============================================================================================================================================= | Title : Men Salon Management System 2.0 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/09/05 12:0 a.m.336 views

ASIS 3.2.0 SQL Injection

============================================================================================================================================ | Title : ASIS | Aplikasi Sistem Sekolah using CodeIgniter 3 - SQL Injection Authentication Bypass | | Author : checkgue | | Tested on : windows 10 Home /...

9.8CVSS7.1AI score0.36297EPSS
Exploits3
Packet Storm
Packet Storm
added 2024/06/06 12:0 a.m.336 views

Small CRM 1.0 Cross Site Scripting

Exploit Title: Small CRM Developed using PHP and MySQL - Cross-Site Scripting Reflected Date: 05.06.2024 Exploit Author: Furkan Eren Tetik Vendor Homepage: https://phpgurukul.com/php-projects-free-downloads Software Link: https://phpgurukul.com/small-crm-php Version: 1.0 Tested on: Windows 11, Ka...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/05/14 12:0 a.m.336 views

Plantronics Hub 3.25.1 Arbitrary File Read

Exploit Title: Plantronics Hub 3.25.1 – Arbitrary File Read Date: 2024-05-10 Exploit Author: Farid Zerrouk from Deloitte Belgium, Alaa Kachouh from Mastercard Vendor Homepage: https://support.hp.com/us-en/document/ish9869257-9869285-16/hpsbpy03895 Version: Plantronics Hub for Windows version 3.25...

7.4AI score0.01673EPSS
Exploits4
Packet Storm
Packet Storm
added 2024/04/22 12:0 a.m.336 views

Laravel Framework 11 Credential Disclosure

Exploit Title: Laravel Framework 11 - Credential Leakage Google Dork: N/A Date: 2024-04-19 Exploit Author: Huseein Amer Vendor Homepage: https://laravel.com/ Software Link: N/A Version: 8. - 11. REQUIRED Tested on: N/A CVE : CVE-2024-29291 Proof of concept: Go to any Laravel-based website and...

7.1AI score0.01341EPSS
Exploits3
Packet Storm
Packet Storm
added 2024/01/03 12:0 a.m.336 views

WebCalendar 1.3.0 Cross Site Scripting

Exploit Title: WebCalendar Version: 1.3.0 - Stored XSS - Reflected XSS Date: 2024-3-1 Exploit Author: tmrswrr Vendor Homepage: http://www.k5n.us/webcalendar.php Version: 1.3.0 Tested on: https://www.softaculous.com/apps/calendars/WebCalendar Stored XSS 1 Write Events Add New Events Brief...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/12/20 12:0 a.m.336 views

MOKOSmart MKGW1 Gateway Improper Session Management

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 MOKOSmart MKGW1 Gateway Improper Session Management Link: https://github.com/sbaresearch/advisories/tree/public/2022/SBA-ADV-20220120-01MOKOSmartMKGW1GatewayImproperSessionManagement Vulnerability Overview MOKOSmart MKGW1 Gateway devices with firmwa...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/12/01 12:0 a.m.336 views

Kopage Website Builder 4.4.15 Cross Site Scripting

Exploit Title: Kopage Website Builder version 4.4.15 – Stored Cross-Site Scripting XSS Date: 1/12/2023 Exploit Author: tmrswrr Vendor Homepage: https://www.kopage.com/ Version: Version : 4.4.15 Tested on: https://demo.kopage.com/index.php Poc: 1 Install the system through the website and log in...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/11/27 12:0 a.m.336 views

osCommerce 4 Cross Site Scripting

Exploit Title: osCommerce 4 - Reflected XSS Exploit Author: CraCkEr Date: 13/11/2023 Vendor: osCommerce ltd. Vendor Homepage: https://www.oscommerce.com/ Software Link: https://demo.oscommerce.com/ Demo Link: https://demo.oscommerce.com/printshop/ Tested on: Windows 11 Home Impact: Manipulate the...

6.1CVSS7.4AI score0.00805EPSS
Exploits1
Packet Storm
Packet Storm
added 2023/09/25 12:0 a.m.336 views

Lamano LMS 0.1 Insecure Settings

==================================================================================================================================== | Title : Lamano LMS v0.1 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 69.032-bit | ...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/31 12:0 a.m.336 views

InterPhoto 2.3.0 Shell Upload

==================================================================================================================================== | Title : InterPhoto 2.3.0 Persians Remote Shell Upload vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/16 12:0 a.m.336 views

EI Tube YouTube API 3 Cross Site Scripting

==================================================================================================================================== | Title : EI Tube YouTube API V3 site builder XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/07/19 12:0 a.m.336 views

Webile 1.0.1 Cross Site Scripting

Document Title: =============== Webile v1.0.1 - Multiple Cross Site Web Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2321 Release Date: ============= 2023-07-03 Vulnerability Laboratory ID VL-ID: ====================================...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/07/07 12:0 a.m.336 views

DANGEROUS MAILER-CLONED 2.0 Information Disclosure

==================================================================================================================================== | Title : DANGEROUS MAILER-CLONED V2.0 information disclosure Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/05/31 12:0 a.m.336 views

WordPress ReviewX 1.6.13 Privilege Escalation

Description: ReviewX = 1.6.13 – Arbitrary Usermeta Update to Authenticated Subscriber+ Privilege Escalation Affected Plugin: ReviewX – Multi-criteria Rating & Reviews for WooCommerce Plugin Slug: reviewx Affected Versions: = 1.6.13 CVE ID: CVE-2023-2833 CVSS Score: 8.8 High CVSS Vector:...

7.1AI score0.1748EPSS
Exploits4
Packet Storm
Packet Storm
added 2023/05/24 12:0 a.m.336 views

Gin Markdown Editor 0.7.4 Arbitrary Code Execution

Exploit Title: Gin Markdown Editor v0.7.4 Electron - Arbitrary Code Execution Date: 2023-04-24 Exploit Author: 8bitsec CVE: CVE-2023-31873 Vendor Homepage: https://github.com/mariuskueng/gin Software Link: https://github.com/mariuskueng/gin Version: 0.7.4 Tested on: Mac OS 13 Release Date:...

7.1AI score0.01349EPSS
Exploits4
Packet Storm
Packet Storm
added 2023/03/16 12:0 a.m.336 views

Bitbucket Environment Variable Remote Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Bitbucket Environment Variable RCE', 'Description' = %q For various versions of Bitbucket, there is an authenticated command injection...

9.8CVSS0.8AI score0.98035EPSS
Exploits3
Packet Storm
Packet Storm
added 2022/10/04 12:0 a.m.336 views

WordPress Elementor 3.6.2 Shell Upload

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Wordpress Plugin Elementor Authenticated Upload Remote Code Execution', 'Description' = %q The WordPress plugin Elementor versions 3.6.0 - 3.6.2,...

8.8CVSS8.8AI score0.92943EPSS
Exploits10
Packet Storm
Packet Storm
added 2022/09/27 12:0 a.m.337 views

Food Ordering Management System 1.0 SQL Injection

Exploit Title: Food Ordering Management System - SQL Injection Google Dork: N/A Date: 2022-9-27 Exploit Author: yousef alraddadi - https://twitter.com/y0usef11 Vendor Homepage: https://www.sourcecodester.com/php/15689/food-ordering-management-system-php-and-mysql-free-source-code.html Software...

0.5AI score
Exploits0
Packet Storm
Packet Storm
added 2022/08/11 12:0 a.m.336 views

Intelbras ATA 200 Cross Site Scripting

Exploit Title: Intelbras ATA 200 Authenticated Stored XSS Date: 17/01/2022 Exploit Author: Leonardo Goncalves Vendor Homepage: https://www.intelbras.com/pt-br/adaptador-ip-para-telefones-analogicos-ata-200 Version: Firmware 74.19.10.21 1 Log in the equipment via your web browser 2 Go to Managemen...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/05/30 12:0 a.m.336 views

Ingredient Stock Management System 1.0 SQL Injection

Exploit Title: Ingredient Stock Management System v1.0 - 'id' Blind SQL Injection Date: 28/05/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/15364/ingredients-stock-management-system-phpoop-free-source-code.html...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2022/05/19 12:0 a.m.336 views

SAP Application Server ABAP / ABAP Platform Code Injection / SQL Injection / Missing Authorization

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Critical Vulnerabilities product: SAP® Application Server ABAP and ABAP® Platform Different Software Components vulnerable version: see section "Vulnerable /...

9.9CVSS0.5AI score0.05641EPSS
Exploits9
Packet Storm
Packet Storm
added 2022/03/17 12:0 a.m.336 views

BuilderTorCTPHPRAT.b Cross Site Scripting

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/838f67d7a4b6824ec59892057aab3bb7C.txt Contact: [email protected] Media: twitter.com/malvuln Threat: BuilderTorCTPHPRAT.b Vulnerability: Remote Persistent XSS Family: TorCTPHPRAT Type: WebUI MD5:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/10/26 12:0 a.m.336 views

Isshue Shopping Cart 3.5 Cross Site Scripting

Document Title: =============== Isshue Shopping Cart v3.5 - Cross Site Web Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2284 Release Date: ============= 2021-10-22 Vulnerability Laboratory ID VL-ID: ====================================...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/08/12 12:0 a.m.336 views

Atlassian Crowd pdkinstall Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Atlassian Crowd pdkinstall Unauthenticated Plugin Upload RCE', 'Description' = %q This module can be used to upload a plugin on Atlassian Cloud v...

9.8CVSS0.6AI score0.95355EPSS
Exploits6
Packet Storm
Packet Storm
added 2020/08/06 12:0 a.m.336 views

Docker Privileged Container Escape

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework POC modified from https://blog.trailofbits.com/2019/07/19/understanding-docker-container-escapes/ class MetasploitModule 'Docker Privileged Container Escape',...

0.9AI score
Exploits0
Packet Storm
Packet Storm
added 2019/08/26 12:0 a.m.336 views

Joomla FireBoard 1.1.3 SQL Injection

Exploit Title : Joomla 1.5.26 ComFireBoard Components 1.1.3 SQL Injection Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 24/08/2019 Vendor Homepage : fireboard.bestofjoomla.com Software Information Link : infosolutionsgoa.com/cms/fireboard-forum-joomla.html...

0.4AI score
Exploits0
Packet Storm
Packet Storm
added 2018/11/15 12:0 a.m.336 views

DoceboLMS 1.2 Shell Upload / SQL Injection

Exploit Title: DoceboLMS 1.2 - SQL Injection Dork: N/A Date: 2018-11-12 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.spaghettilearning.com/ Software Link:...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2025/12/03 12:0 a.m.335 views

📄 EduplusCampus 3.0.1 Insecure Direct Object Reference

A critical insecure direct object reference vulnerability was identified in the EduplusCampus student portal version 3.0.1. This vulnerability allows an authenticated user to access the sensitive personal and financial records of other students by modifying the recno parameter in the API request...

6.5CVSS6.8AI score0.00302EPSS
Exploits3
Packet Storm
Packet Storm
added 2025/04/08 12:0 a.m.335 views

📄 jQuery 3.3.1 Cross Site Scripting

jQuery version 3.3.1 proof of concept exploit that demonstrates cross site scripting via improper script handling and prototype pollution. Exploit Title: jQuery Prototype Pollution & XSS Exploit CVE-2019-11358 & CVE-2020-7656 Google Dork: N/A Date: 2025-02-13 Exploit Author: xOryus Vendor Homepag...

6.1CVSS6.3AI score0.87218EPSS
Exploits5
Total number of security vulnerabilities5000