Lucene search
K
PacketstormMost viewed

50738 matches found

Packet Storm
Packet Storm
added 2024/06/26 12:0 a.m.335 views

SolarWinds Platform 2024.1 SR1 Race Condition

Exploit Title: SolarWinds Platform 2024.1 SR1 - Race Condition CVE: CVE-2024-28999 Affected Versions: SolarWinds Platform 2024.1 SR 1 and previous versions Author: Elhussain Fathy, AKA 0xSphinx import requests import urllib3 import asyncio import aiohttp...

7.5CVSS7.1AI score0.13913EPSS
Exploits4
Packet Storm
Packet Storm
added 2024/05/20 12:0 a.m.335 views

Tenant Limited 1.0 SQL Injection

Titles: TENANT-LIMITED-1.0 SQLi Author: nu11secur1ty Date: 05/20/2024 Vendor: https://mayurik.com/ Software: https://www.sourcecodester.com/php/17375/best-courier-management-system-project-php.html Reference: https://portswigger.net/web-security/sql-injection Description: The username parameter...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/04/11 12:0 a.m.335 views

Trimble TM4Web 22.2.0 Privilege Escalation / Access Code Disclosure

CVE ID: CVE-2023-27195 Description: An access control issue in Trimble TM4Web v22.2.0 allows unauthenticated attackers to access a specific crafted URL path to retrieve the last registration access code and use this access code to register a valid account. If the access code was used to create an...

7.4AI score0.01018EPSS
Exploits2
Packet Storm
Packet Storm
added 2024/03/28 12:0 a.m.335 views

FusionPBX Session Fixation

Vulnerability Name - Application is Vulnerable to Session Fixation Vulnerable URL: www.fusionpbx.com Overview of the Vulnerability Session fixation is a security vulnerability that occurs when an attacker sets or fixes a user's session identifier, manipulating the authentication process. Typicall...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/02/29 12:0 a.m.335 views

WordPress IDonate Blood Request Management System 1.8.1 Cross Site Scripting

Exploit Title: IDonate – blood request management system XSS in Recaptcha secret key and in Recaptcha Site key 3- Click on save changes. 4- While clicking on the payload text, XSS will trigger. Vulnerable Code: public function idonaterecaptchasecretkeycallback if isset...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/12/20 12:0 a.m.335 views

MOKOSmart MKGW1 Gateway Improper Session Management

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 MOKOSmart MKGW1 Gateway Improper Session Management Link: https://github.com/sbaresearch/advisories/tree/public/2022/SBA-ADV-20220120-01MOKOSmartMKGW1GatewayImproperSessionManagement Vulnerability Overview MOKOSmart MKGW1 Gateway devices with firmwa...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/09/18 12:0 a.m.335 views

KPOT Stealer CMS 2.0 Directory Traversal

==================================================================================================================================== | Title : KPOT Stealer CMS v2.0 Directory Traversal Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0....

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/09/15 12:0 a.m.335 views

Italia Mediasky CMS 2.0 Cross Site Request Forgery

==================================================================================================================================== | Title : İtalia Mediasky CMS v2.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit | |...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/25 12:0 a.m.335 views

Groupoffice 3.4.21 Directory Traversal

==================================================================================================================================== | Title : Groupoffice v3.4.21 Directory Traversal Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/24 12:0 a.m.335 views

GraceHRM 1.0.3 Directory Traversal

==================================================================================================================================== | Title : GraceHRM v1.0.3 Directory traversal Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.064-bit ...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/16 12:0 a.m.335 views

EI Tube YouTube API 3 Cross Site Scripting

==================================================================================================================================== | Title : EI Tube YouTube API V3 site builder XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/07/25 12:0 a.m.335 views

WordPress File Manager Advanced Shortcode 2.3.2 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Wordpress File Manager Advanced Shortcode 2.3.2 - Unauthenticated Remote Code Execution through shortcode', 'Description' = %q The Wordpress plug...

9.8CVSS7.1AI score0.3962EPSS
Exploits8
Packet Storm
Packet Storm
added 2023/06/27 12:0 a.m.335 views

Chrome Internal JavaScript Object Access Via Origin Trials

Chrome: Internal JavaScript object access via Origin Trials VULNERABILITY DETAILS 1. JSObject::DefineAccessor doesn't ensure that the receiver object is in a valid state before creating an accessor property. This allows callers to extend non-extensible objects and reconfigure non-configurable...

8.8CVSS7.1AI score0.29136EPSS
Exploits1
Packet Storm
Packet Storm
added 2023/06/23 12:0 a.m.335 views

PHPJabbers STIVA Blog Script 4.1 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/06/23 12:0 a.m.335 views

Smart Office Web 20.28 Information Disclosure / Insecure Direct Object Reference

Exploit Title: Smart Office Web 20.28 - Remote Information Disclosure Unauthenticated Shodan Dork:: inurl:"https://www.shodan.io/search?query=smart+office" Date: 09/Dec/2022 Exploit Author: Tejas Nitin Pingulkar https://cvewalkthrough.com/ Vendor Homepage: https://smartofficepayroll.com/ Software...

7.5CVSS7.1AI score0.59407EPSS
Exploits5
Packet Storm
Packet Storm
added 2023/05/24 12:0 a.m.336 views

Webkul Qloapps 1.5.2 Cross Site Scripting

Exploit Title: Webkul Qloapps 1.5.2 - Cross-Site Scripting XSS Date: 15 May 2023 Exploit Author: Astik Rawat ahrixia Vendor Homepage: https://qloapps.com/ Software Link: https://github.com/webkul/hotelcommerce Version: 1.5.2 Tested on: Kali Linux 2022.4 CVE : CVE-2023-30256 Description: A Cross...

6.1CVSS7.1AI score0.08731EPSS
Exploits5
Packet Storm
Packet Storm
added 2023/05/18 12:0 a.m.335 views

IBM AIX 7.2 inscout Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'invscout RPM Privilege Escalation', 'Description' = %q This module exploits a command injection vulnerability in IBM AIX invscout set-uid root...

8.4CVSS7.1AI score0.01457EPSS
Exploits3
Packet Storm
Packet Storm
added 2023/05/11 12:0 a.m.335 views

GaanaGawaana 1.0 SQL Injection

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/04/24 12:0 a.m.335 views

Chitor CMS 1.1.2 SQL Injection

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

6.8AI score
Exploits0
Packet Storm
Packet Storm
added 2023/04/20 12:0 a.m.335 views

ProjeQtOr Project Management System 10.3.2 Shell Upload

Exploit Title: ProjeQtOr Project Management System 10.3.2 -Remote Code Execution RCE Application: ProjeQtOr Project Management System Version: 10.3.2 Bugs: Remote Code Execution RCE Authenticated via file upload Technology: PHP Vendor URL: https://www.projeqtor.org Software Link:...

6.8AI score
Exploits0
Packet Storm
Packet Storm
added 2023/03/10 12:0 a.m.335 views

SugarCRM 12.x Remote Code Execution / Shell Upload

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'securerandom' class MetasploitModule 'SugarCRM unauthenticated Remote Code Execution RCE', 'Description' = %q This module exploits CVE-2023-22952, a Remote Code...

8.8CVSS0.3AI score0.80274EPSS
Exploits4
Packet Storm
Packet Storm
added 2023/01/04 12:0 a.m.335 views

Nexxt Router Firmware 42.103.1.5095 Remote Code Execution

Exploit Title: Nexxt Router Firmware 42.103.1.5095 - Remote Code Execution RCE Authenticated Date: 19/10/2022 Exploit Author: Yerodin Richards Vendor Homepage: https://www.nexxtsolutions.com/ Version: 42.103.1.5095 Tested on: ARN02304U8 CVE : CVE-2022-44149 import requests import base64 routerhos...

9AI score0.64354EPSS
Exploits5
Packet Storm
Packet Storm
added 2022/07/29 12:0 a.m.335 views

Dingtian-DT-R002 3.1.276A Authentication Bypass

Exploit Title: Dingtian-DT-R002 3.1.276A - Authentication Bypass Google Dork: NA Date: 13th July 2022 Exploit Author: Victor Hanna Trustwave SpiderLabs Author Github Page: https://9lyph.github.io/CVE-2022-29593/ Vendor Homepage: https://www.dingtian-tech.com/enus/relay4.html Software Link:...

5.9CVSS0.5AI score0.10436EPSS
Exploits5
Packet Storm
Packet Storm
added 2022/07/21 12:0 a.m.335 views

Dr. Fone 4.0.8 Unquoted Service Path

Exploit Title: Dr. Fone v4.0.8- 'netupdater32.exe' Unquoted Service Path Discovery Date: 2022-05-07 Discovery by: Esant1490 Vendor Homepage: https://drfone.wondershare.net Software Link : https://download.wondershare.net/drfonefull4008.exe Tested Version: 4.0.8 Tested on OS: Windows 10 Pro x64 en...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2022/07/18 12:0 a.m.335 views

Property Listing Script 3.1 SQL Injection

┌┌────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An Unimaginable...

0.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/04/19 12:0 a.m.335 views

WordPress Popup Maker 1.16.5 Cross Site Scripting

Exploit Title: WordPress Plugin Popup Maker Popup Settings Triggers Add New Cookie Add Cookie Time overwrite the default '1 month' with XSS payload Click 'Add' what triggers the XSS payload Payload examples: alert'XSS';...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/04/08 12:0 a.m.335 views

E-Commerce Website 1.0 Shell Upload

Ecommerce Website Unrestricted File Upload + RCE Author: D4rkP0w4r Note = Create account, don't need login client or admin Description = Create account upload web shell at Customer Image Step to Reproduct Register - upload web shell at Customer Image - clicked Register button Exploit Upload web...

9.7AI score0.03333EPSS
Exploits3
Packet Storm
Packet Storm
added 2021/10/26 12:0 a.m.335 views

WordPress Filterable Portfolio Gallery 1.0 Cross Site Scripting

Exploit Title: WordPress Plugin Filterable Portfolio Gallery 1.0 - 'title' Stored Cross-Site Scripting XSS Date: 10/25/2021 Exploit Author: Murat DEMIRCI @butterflyhunt3r Vendor Homepage: http://www.filterable-portfolio.com/ Software Link: https://wordpress.org/plugins/fg-gallery/ Version: 1.0...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/10/04 12:0 a.m.335 views

Local Offices Contact Directory Site SQL Injection

https://www.sourcecodester.com/php/14973/local-offices-contact-directory-site-using-php-and-sqlite-free-source-code.html Vendor: href Description: The search parameter appears to be vulnerable to time-based blind SQL injection attacks, on the web app "Local Offices Contact Directories Site" by...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/09/07 12:0 a.m.335 views

WordPress Survey And Poll 1.5.7.3 SQL Injection

Exploit Title: WordPress Plugin Survey & Poll 1.5.7.3 - 'sssparams' SQL Injection 2 Date: 2021-09-07 Exploit Author: Mohin Paramasivam Shad0wQu35t Vendor Homepage: http://modalsurvey.pantherius.com/ Software Link: https://downloads.wordpress.org/plugin/wp-survey-and-poll.zip Version: 1.5.7.3 Test...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2021/02/14 12:0 a.m.335 views

TestLink 1.9.20 Shell Upload

Exploit Title: TestLink 1.9.20 - Unrestricted File Upload Authenticated Date: 14th February 2021 Exploit Author: snovvcrash Original Research by: Ackcent AppSec Team Original Research: https://ackcent.com/testlink-1-9-20-unrestricted-file-upload-and-sql-injection/ Vendor Homepage:...

6.5CVSS8.8AI score0.15858EPSS
Exploits3
Packet Storm
Packet Storm
added 2021/02/12 12:0 a.m.335 views

PDFCOMPLETE Corporate Edition 4.1.45 Unquoted Service Path

Exploit Title: PDFCOMPLETE Corporate Edition 4.1.45 - 'pdfcDispatcher' Unquoted Service Path Discovery by: Ismael Nava Discovery Date: 02-11-2020 Vendor Homepage: https://www.pdfcomplete.com/cms/dpl/tabid/111/Default.aspx?r=du2vH8r Software Links : https://pdf-complete.informer.com/download/ Test...

0.5AI score
Exploits0
Packet Storm
Packet Storm
added 2020/11/04 12:0 a.m.335 views

School Log Management System 1.0 Code Execution / SQL Injection

Exploit Title: School Log Management System 1.0 - 'username' SQL Injection / Remote Code Execution Date: 4-11-2020 Exploit Author: mosaaed Vendor Homepage: https://www.sourcecodester.com/php/14562/school-log-management-system-using-phpmysqli-source-code.html Software Link:...

0.5AI score
Exploits0
Packet Storm
Packet Storm
added 2020/09/28 12:0 a.m.335 views

Microsoft Windows Update Orchestrator Unchecked ScheduleWork Call

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/post/common' require 'msf/core/post/file' require 'msf/core/post/windows/priv' require 'msf/core/exploit/exe' require 'msf/core/post/windows/registry'...

6.8CVSS0.39967EPSS
Exploits5
Packet Storm
Packet Storm
added 2020/05/15 12:0 a.m.335 views

vBulletin 5.6.1 SQL Injection

Exploit Title: vBulletin 5.6.1 - 'nodeId' SQL Injection Date: 2020-05-15 Exploit Author: Photubias Vendor Advisory: 1 https://forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcementsaa/4440032-vbulletin-5-6-1-security-patch-level-1 Version: vBulletin v5.6.x prior to Patch Level 1...

7.5CVSS0.3AI score0.88948EPSS
Exploits13
Packet Storm
Packet Storm
added 2018/11/15 12:0 a.m.335 views

AMPPS 2.7 Denial Of Service

Exploit Title: AMPPS 2.7 - Denial of Service PoC Dork: N/A Date: 2018-11-12 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.ampps.com/ Software Link: https://kent.dl.sourceforge.net/project/ampps/2.7/Ampps-2.7-setup.exe Version: 2.7 Category: Dos Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2018/04/30 12:0 a.m.335 views

Nagios XI 5.x Chained Remote Root

Exploit Title: Nagios XI 5.2.6-9, 5.3, 5.4 Chained Remote Root Date: 4/17/2018 Exploit Authors: Benny Husted, Jared Arave, Cale Smith Contact: https://twitter.com/iotennui || https://twitter.com/BennyHusted || https://twitter.com/0xC413 Vendor Homepage: https://www.nagios.com/ Software Link:...

9.3AI score0.64172EPSS
Exploits12
Packet Storm
Packet Storm
added 2017/09/12 12:0 a.m.335 views

Hikvision IP Camera Access Bypass

Access control bypass in Hikvision IP Cameras Full disclosure Sep 12, 2017 Synopsis: --------------- Many Hikvision IP cameras contain a backdoor that allows unauthenticated impersonation of any configured user account. The vulnerability has been present in Hikvision products since at least 2014...

0.8AI score
Exploits0
Packet Storm
Packet Storm
added 2025/03/03 12:0 a.m.334 views

InvokeAI 5.0 Code Injection

InvokeAI version 5.0 suffers from a remote code execution vulnerability. ============================================================================================================================================= | Title : InvokeAI v5.0 PHP Code Injection Vulnerability | | Author : indoushka | ...

8AI score0.05342EPSS
Exploits5
Packet Storm
Packet Storm
added 2024/10/16 12:0 a.m.334 views

ABB Cylon Aspect 3.08.01 mapConfigurationDownload.php Configuration Download

ABB Cylon Aspect 3.08.01 mapConfigurationDownload.php Config Download Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.01 Summary: ASPECT is an award-winning scalable building energy...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/10/04 12:0 a.m.334 views

MD-Pro 1.0.76 Shell Upload / SQL Injection

Exploit Title: MD-Pro 1.0.76. SQL injection + shell upload Google Dork: intext: Powered by MD-Pro Date: 2024-08-30 Exploit Author: Emiliano Febbi Vendor Homepage: https://www.opensourcecms.com/wp-content/uploads/MDPro-website-description.png Software Link: https://www.opensourcecms.com/mdpro/...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/09/13 12:0 a.m.334 views

Bus Pass Management System 1.0 Insecure Settings

==================================================================================================================================== | Title : Bus Pass Management System 1.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.0...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/09/10 12:0 a.m.334 views

Apartment Visitor Management System 1.0 SQL Injection / Code Execution

============================================================================================================================================= | Title : Apartment Visitor Management System 1.0 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser :...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.334 views

Jetty WEB-INF File Disclosure

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Jetty WEB-INF File Disclosure', 'Description' = %q Jetty suffers from a vulnerability where certain encoded URIs and ambiguous paths can access...

5.3CVSS7AI score0.99298EPSS
Exploits11
Packet Storm
Packet Storm
added 2024/08/26 12:0 a.m.334 views

Simple College Website 1.0 SQL Injection / Code Execution

============================================================================================================================================= | Title : Simple College Website 1.0 WYSIWYG Settings Management Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/07/22 12:0 a.m.334 views

Clenix 1.0 Insecure Direct Object Reference

==================================================================================================================================== | Title : Clenix v1.0 IDOR Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.1 64 bits | | Vendor :...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/02/12 12:0 a.m.334 views

SCHLIX 2.2.8-1 Denial Of Service

Exploit Title: SCHLIX v2.2.8-1 Regular Expression Denial of Service Date: 02/10/2024 Exploit Author: Diyar Saadi Vendor Homepage: https://www.schlix.com Software Link: https://www.schlix.com/html/schlix-cms-downloads.html Version: v2.2.8-1 Tested on: Windows 11 + XAMPP Description SCHLIX v2.2.8-1...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/10/02 12:0 a.m.334 views

Electrolink FM/DAB/TV Transmitter (login.htm/mail.htm) Credential Disclosure

Electrolink FM/DAB/TV Transmitter login.htm/mail.htm Credentials Disclosure Vendor: Electrolink s.r.l. Product web page: https://www.electrolink.com Affected version: 10W, 100W, 250W, Compact DAB Transmitter 500W, 1kW, 2kW Medium DAB Transmitter 2.5kW, 3kW, 4kW, 5kW High Power DAB Transmitter 100...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/09/18 12:0 a.m.334 views

KPK CMS 1.0 SQL Injection

==================================================================================================================================== | Title : KPK CMS v1.0 Auth by pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 74.032-bit | | Vendor...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/09/06 12:0 a.m.334 views

Cinema Booking System 1.0 Cross Site Scripting

Title: Cinema Booking System-1.0 XSS-Reflected Author: nu11secur1ty Date: 09/05/2023 Vendor: https://www.phpjabbers.com/ Software: https://www.phpjabbers.com/car-rental-script/ Reference: https://portswigger.net/web-security/sql-injection Description: The name of an arbitrarily supplied URL...

7.1AI score
Exploits0
Total number of security vulnerabilities5000