Lucene search
K
PacketstormMost viewed

50773 matches found

Packet Storm
Packet Storm
added 2024/05/14 12:0 a.m.336 views

Plantronics Hub 3.25.1 Arbitrary File Read

Exploit Title: Plantronics Hub 3.25.1 – Arbitrary File Read Date: 2024-05-10 Exploit Author: Farid Zerrouk from Deloitte Belgium, Alaa Kachouh from Mastercard Vendor Homepage: https://support.hp.com/us-en/document/ish9869257-9869285-16/hpsbpy03895 Version: Plantronics Hub for Windows version 3.25...

7.4AI score0.01673EPSS
Exploits4
Packet Storm
Packet Storm
added 2024/04/22 12:0 a.m.336 views

Laravel Framework 11 Credential Disclosure

Exploit Title: Laravel Framework 11 - Credential Leakage Google Dork: N/A Date: 2024-04-19 Exploit Author: Huseein Amer Vendor Homepage: https://laravel.com/ Software Link: N/A Version: 8. - 11. REQUIRED Tested on: N/A CVE : CVE-2024-29291 Proof of concept: Go to any Laravel-based website and...

7.1AI score0.01341EPSS
Exploits3
Packet Storm
Packet Storm
added 2023/12/20 12:0 a.m.336 views

MOKOSmart MKGW1 Gateway Improper Session Management

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 MOKOSmart MKGW1 Gateway Improper Session Management Link: https://github.com/sbaresearch/advisories/tree/public/2022/SBA-ADV-20220120-01MOKOSmartMKGW1GatewayImproperSessionManagement Vulnerability Overview MOKOSmart MKGW1 Gateway devices with firmwa...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/31 12:0 a.m.336 views

InterPhoto 2.3.0 Shell Upload

==================================================================================================================================== | Title : InterPhoto 2.3.0 Persians Remote Shell Upload vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/16 12:0 a.m.336 views

EI Tube YouTube API 3 Cross Site Scripting

==================================================================================================================================== | Title : EI Tube YouTube API V3 site builder XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/07/19 12:0 a.m.336 views

Webile 1.0.1 Cross Site Scripting

Document Title: =============== Webile v1.0.1 - Multiple Cross Site Web Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2321 Release Date: ============= 2023-07-03 Vulnerability Laboratory ID VL-ID: ====================================...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/05/31 12:0 a.m.336 views

WordPress ReviewX 1.6.13 Privilege Escalation

Description: ReviewX = 1.6.13 – Arbitrary Usermeta Update to Authenticated Subscriber+ Privilege Escalation Affected Plugin: ReviewX – Multi-criteria Rating & Reviews for WooCommerce Plugin Slug: reviewx Affected Versions: = 1.6.13 CVE ID: CVE-2023-2833 CVSS Score: 8.8 High CVSS Vector:...

7.1AI score0.1748EPSS
Exploits4
Packet Storm
Packet Storm
added 2023/05/24 12:0 a.m.336 views

Gin Markdown Editor 0.7.4 Arbitrary Code Execution

Exploit Title: Gin Markdown Editor v0.7.4 Electron - Arbitrary Code Execution Date: 2023-04-24 Exploit Author: 8bitsec CVE: CVE-2023-31873 Vendor Homepage: https://github.com/mariuskueng/gin Software Link: https://github.com/mariuskueng/gin Version: 0.7.4 Tested on: Mac OS 13 Release Date:...

7.1AI score0.01349EPSS
Exploits4
Packet Storm
Packet Storm
added 2023/05/18 12:0 a.m.336 views

IBM AIX 7.2 inscout Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'invscout RPM Privilege Escalation', 'Description' = %q This module exploits a command injection vulnerability in IBM AIX invscout set-uid root...

8.4CVSS7.1AI score0.01457EPSS
Exploits3
Packet Storm
Packet Storm
added 2023/03/10 12:0 a.m.336 views

SugarCRM 12.x Remote Code Execution / Shell Upload

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'securerandom' class MetasploitModule 'SugarCRM unauthenticated Remote Code Execution RCE', 'Description' = %q This module exploits CVE-2023-22952, a Remote Code...

8.8CVSS0.3AI score0.80274EPSS
Exploits4
Packet Storm
Packet Storm
added 2022/08/11 12:0 a.m.336 views

Intelbras ATA 200 Cross Site Scripting

Exploit Title: Intelbras ATA 200 Authenticated Stored XSS Date: 17/01/2022 Exploit Author: Leonardo Goncalves Vendor Homepage: https://www.intelbras.com/pt-br/adaptador-ip-para-telefones-analogicos-ata-200 Version: Firmware 74.19.10.21 1 Log in the equipment via your web browser 2 Go to Managemen...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/07/29 12:0 a.m.336 views

Dingtian-DT-R002 3.1.276A Authentication Bypass

Exploit Title: Dingtian-DT-R002 3.1.276A - Authentication Bypass Google Dork: NA Date: 13th July 2022 Exploit Author: Victor Hanna Trustwave SpiderLabs Author Github Page: https://9lyph.github.io/CVE-2022-29593/ Vendor Homepage: https://www.dingtian-tech.com/enus/relay4.html Software Link:...

5.9CVSS0.5AI score0.10436EPSS
Exploits5
Packet Storm
Packet Storm
added 2022/05/19 12:0 a.m.336 views

SAP Application Server ABAP / ABAP Platform Code Injection / SQL Injection / Missing Authorization

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Critical Vulnerabilities product: SAP® Application Server ABAP and ABAP® Platform Different Software Components vulnerable version: see section "Vulnerable /...

9.9CVSS0.5AI score0.05641EPSS
Exploits9
Packet Storm
Packet Storm
added 2022/04/08 12:0 a.m.336 views

E-Commerce Website 1.0 Shell Upload

Ecommerce Website Unrestricted File Upload + RCE Author: D4rkP0w4r Note = Create account, don't need login client or admin Description = Create account upload web shell at Customer Image Step to Reproduct Register - upload web shell at Customer Image - clicked Register button Exploit Upload web...

9.7AI score0.03333EPSS
Exploits3
Packet Storm
Packet Storm
added 2022/03/17 12:0 a.m.336 views

BuilderTorCTPHPRAT.b Cross Site Scripting

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/838f67d7a4b6824ec59892057aab3bb7C.txt Contact: [email protected] Media: twitter.com/malvuln Threat: BuilderTorCTPHPRAT.b Vulnerability: Remote Persistent XSS Family: TorCTPHPRAT Type: WebUI MD5:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/03/14 12:0 a.m.336 views

Automatic Question Paper Generator System 1.0 Insecure Direct Object Reference

Exploit Title: Automatic Question Paper Generator System 1.0 - Authentication Bypass Date: 2022-04-03 Exploit Author: Mr Empy Software Link: https://www.sourcecodester.com/php/15190/automatic-question-paper-generator-system-phpoop-free-source-code.html Version: 1.0 Tested on: Linux !/usr/bin/env...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2021/10/04 12:0 a.m.336 views

Local Offices Contact Directory Site SQL Injection

https://www.sourcecodester.com/php/14973/local-offices-contact-directory-site-using-php-and-sqlite-free-source-code.html Vendor: href Description: The search parameter appears to be vulnerable to time-based blind SQL injection attacks, on the web app "Local Offices Contact Directories Site" by...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/08/12 12:0 a.m.336 views

Atlassian Crowd pdkinstall Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Atlassian Crowd pdkinstall Unauthenticated Plugin Upload RCE', 'Description' = %q This module can be used to upload a plugin on Atlassian Cloud v...

9.8CVSS0.6AI score0.95355EPSS
Exploits6
Packet Storm
Packet Storm
added 2021/02/12 12:0 a.m.336 views

PDFCOMPLETE Corporate Edition 4.1.45 Unquoted Service Path

Exploit Title: PDFCOMPLETE Corporate Edition 4.1.45 - 'pdfcDispatcher' Unquoted Service Path Discovery by: Ismael Nava Discovery Date: 02-11-2020 Vendor Homepage: https://www.pdfcomplete.com/cms/dpl/tabid/111/Default.aspx?r=du2vH8r Software Links : https://pdf-complete.informer.com/download/ Test...

0.5AI score
Exploits0
Packet Storm
Packet Storm
added 2020/10/16 12:0 a.m.336 views

Alumni Management System 1.0 SQL Injection

Exploit Title: Alumni Management System 1.0 - Authentication Bypass Date: 2020-10-16 Exploit Author: Ankita Pal Vendor Homepage: https://www.sourcecodester.com/php/14524/alumni-management-system-using-phpmysql-source-code.html Software Link:...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2020/10/16 12:0 a.m.336 views

Employee Management System 1.0 SQL Injection

Exploit Title: Employee Management System 1.0 - Authentication Bypass Date: 2020-10-16 Exploit Author: Ankita Pal Vendor Homepage: https://www.sourcecodester.com/php/14432/employee-management-system-using-php.html Software Link:...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2020/01/23 12:0 a.m.336 views

qdPM 9.1 Remote Code Execution

Exploit Title: qdPM 9.1 - Remote Code Execution Google Dork: intitle:qdPM 9.1. Copyright © 2020 qdpm.net Date: 2020-01-22 Exploit Author: Rishal Dwivedi Loginsoft Vendor Homepage: http://qdpm.net/ Software Link: http://qdpm.net/download-qdpm-free-project-management Version: =1.9.1 Tested on:...

8.7AI score0.83235EPSS
Exploits16
Packet Storm
Packet Storm
added 2019/08/26 12:0 a.m.336 views

Joomla FireBoard 1.1.3 SQL Injection

Exploit Title : Joomla 1.5.26 ComFireBoard Components 1.1.3 SQL Injection Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 24/08/2019 Vendor Homepage : fireboard.bestofjoomla.com Software Information Link : infosolutionsgoa.com/cms/fireboard-forum-joomla.html...

0.4AI score
Exploits0
Packet Storm
Packet Storm
added 2019/03/05 12:0 a.m.336 views

elFinder 2.1.47 Command Injection

!/usr/bin/python ''' Exploit Title: elFinder SecSignal.php;echo SecSignal.jpg' def usage: if lensys.argv != 2: print "Usage: python exploit.py URL" sys.exit0 def uploadurl, payload: files = 'upload': payload, open'SecSignal.jpg', 'rb' data = "reqid" : "1693222c439f4", "cmd" : "upload", "target" :...

7.5CVSS9.5AI score0.96633EPSS
Exploits11
Packet Storm
Packet Storm
added 2018/11/15 12:0 a.m.336 views

DoceboLMS 1.2 Shell Upload / SQL Injection

Exploit Title: DoceboLMS 1.2 - SQL Injection Dork: N/A Date: 2018-11-12 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.spaghettilearning.com/ Software Link:...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2017/09/12 12:0 a.m.336 views

Hikvision IP Camera Access Bypass

Access control bypass in Hikvision IP Cameras Full disclosure Sep 12, 2017 Synopsis: --------------- Many Hikvision IP cameras contain a backdoor that allows unauthenticated impersonation of any configured user account. The vulnerability has been present in Hikvision products since at least 2014...

0.8AI score
Exploits0
Packet Storm
Packet Storm
added 2024/09/13 12:0 a.m.335 views

Bus Pass Management System 1.0 Insecure Settings

==================================================================================================================================== | Title : Bus Pass Management System 1.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.0...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/09/10 12:0 a.m.335 views

Apartment Visitor Management System 1.0 SQL Injection / Code Execution

============================================================================================================================================= | Title : Apartment Visitor Management System 1.0 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser :...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.335 views

BIND TSIG Query Denial of Service

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'BIND TSIG Query Denial of Service', 'Description' = %q A defect in the rendering of messages into packets can cause named to exit with an asserti...

7.8CVSS7.1AI score0.89482EPSS
Exploits7
Packet Storm
Packet Storm
added 2024/08/26 12:0 a.m.335 views

Simple College Website 1.0 SQL Injection / Code Execution

============================================================================================================================================= | Title : Simple College Website 1.0 WYSIWYG Settings Management Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/05/20 12:0 a.m.335 views

Tenant Limited 1.0 SQL Injection

Titles: TENANT-LIMITED-1.0 SQLi Author: nu11secur1ty Date: 05/20/2024 Vendor: https://mayurik.com/ Software: https://www.sourcecodester.com/php/17375/best-courier-management-system-project-php.html Reference: https://portswigger.net/web-security/sql-injection Description: The username parameter...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/04/11 12:0 a.m.335 views

Trimble TM4Web 22.2.0 Privilege Escalation / Access Code Disclosure

CVE ID: CVE-2023-27195 Description: An access control issue in Trimble TM4Web v22.2.0 allows unauthenticated attackers to access a specific crafted URL path to retrieve the last registration access code and use this access code to register a valid account. If the access code was used to create an...

7.4AI score0.01018EPSS
Exploits2
Packet Storm
Packet Storm
added 2024/03/28 12:0 a.m.335 views

FusionPBX Session Fixation

Vulnerability Name - Application is Vulnerable to Session Fixation Vulnerable URL: www.fusionpbx.com Overview of the Vulnerability Session fixation is a security vulnerability that occurs when an attacker sets or fixes a user's session identifier, manipulating the authentication process. Typicall...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/02/12 12:0 a.m.335 views

SCHLIX 2.2.8-1 Denial Of Service

Exploit Title: SCHLIX v2.2.8-1 Regular Expression Denial of Service Date: 02/10/2024 Exploit Author: Diyar Saadi Vendor Homepage: https://www.schlix.com Software Link: https://www.schlix.com/html/schlix-cms-downloads.html Version: v2.2.8-1 Tested on: Windows 11 + XAMPP Description SCHLIX v2.2.8-1...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/10/02 12:0 a.m.335 views

Electrolink FM/DAB/TV Transmitter (login.htm/mail.htm) Credential Disclosure

Electrolink FM/DAB/TV Transmitter login.htm/mail.htm Credentials Disclosure Vendor: Electrolink s.r.l. Product web page: https://www.electrolink.com Affected version: 10W, 100W, 250W, Compact DAB Transmitter 500W, 1kW, 2kW Medium DAB Transmitter 2.5kW, 3kW, 4kW, 5kW High Power DAB Transmitter 100...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/09/18 12:0 a.m.335 views

KPK CMS 1.0 SQL Injection

==================================================================================================================================== | Title : KPK CMS v1.0 Auth by pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 74.032-bit | | Vendor...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/09/15 12:0 a.m.335 views

Italia Mediasky CMS 2.0 Cross Site Request Forgery

==================================================================================================================================== | Title : İtalia Mediasky CMS v2.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit | |...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/09/06 12:0 a.m.335 views

Cinema Booking System 1.0 Cross Site Scripting

Title: Cinema Booking System-1.0 XSS-Reflected Author: nu11secur1ty Date: 09/05/2023 Vendor: https://www.phpjabbers.com/ Software: https://www.phpjabbers.com/car-rental-script/ Reference: https://portswigger.net/web-security/sql-injection Description: The name of an arbitrarily supplied URL...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/24 12:0 a.m.335 views

GraceHRM 1.0.3 Directory Traversal

==================================================================================================================================== | Title : GraceHRM v1.0.3 Directory traversal Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.064-bit ...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/06/23 12:0 a.m.335 views

PHPJabbers STIVA Blog Script 4.1 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/06/23 12:0 a.m.335 views

Smart Office Web 20.28 Information Disclosure / Insecure Direct Object Reference

Exploit Title: Smart Office Web 20.28 - Remote Information Disclosure Unauthenticated Shodan Dork:: inurl:"https://www.shodan.io/search?query=smart+office" Date: 09/Dec/2022 Exploit Author: Tejas Nitin Pingulkar https://cvewalkthrough.com/ Vendor Homepage: https://smartofficepayroll.com/ Software...

7.5CVSS7.1AI score0.59407EPSS
Exploits5
Packet Storm
Packet Storm
added 2023/06/07 12:0 a.m.335 views

PaperCut PaperCutNG Authentication Bypass

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'cgi' class MetasploitModule 'PaperCut PaperCutNG Authentication Bypass', 'Description' = %q This module leverages an authentication bypass in PaperCut NG. If...

9.8CVSS7.1AI score0.99999EPSS
Exploits24
Packet Storm
Packet Storm
added 2023/05/24 12:0 a.m.336 views

Webkul Qloapps 1.5.2 Cross Site Scripting

Exploit Title: Webkul Qloapps 1.5.2 - Cross-Site Scripting XSS Date: 15 May 2023 Exploit Author: Astik Rawat ahrixia Vendor Homepage: https://qloapps.com/ Software Link: https://github.com/webkul/hotelcommerce Version: 1.5.2 Tested on: Kali Linux 2022.4 CVE : CVE-2023-30256 Description: A Cross...

6.1CVSS7.1AI score0.08731EPSS
Exploits5
Packet Storm
Packet Storm
added 2023/05/17 12:0 a.m.335 views

SEO Friendly Blog CMS 1.0 Cross Site Scripting

Title: SEO-friendly-blog-CMS-system-in-PHP-with-MYSQL-database-1.0-2023 XSS-Reflected Vulnerability Author: nu11secur1ty Date: 05.17.2023 Vendor: https://technosmarter.com/ Software: https://github.com/technosmarter/SEO-friendly-blog-CMS-system-in-PHP-with-MYSQL-database Reference XSS:...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/05/11 12:0 a.m.335 views

GaanaGawaana 1.0 SQL Injection

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/04/24 12:0 a.m.335 views

Chitor CMS 1.1.2 SQL Injection

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

6.8AI score
Exploits0
Packet Storm
Packet Storm
added 2023/04/20 12:0 a.m.335 views

ProjeQtOr Project Management System 10.3.2 Shell Upload

Exploit Title: ProjeQtOr Project Management System 10.3.2 -Remote Code Execution RCE Application: ProjeQtOr Project Management System Version: 10.3.2 Bugs: Remote Code Execution RCE Authenticated via file upload Technology: PHP Vendor URL: https://www.projeqtor.org Software Link:...

6.8AI score
Exploits0
Packet Storm
Packet Storm
added 2023/01/04 12:0 a.m.335 views

Nexxt Router Firmware 42.103.1.5095 Remote Code Execution

Exploit Title: Nexxt Router Firmware 42.103.1.5095 - Remote Code Execution RCE Authenticated Date: 19/10/2022 Exploit Author: Yerodin Richards Vendor Homepage: https://www.nexxtsolutions.com/ Version: 42.103.1.5095 Tested on: ARN02304U8 CVE : CVE-2022-44149 import requests import base64 routerhos...

9AI score0.64354EPSS
Exploits5
Packet Storm
Packet Storm
added 2022/10/10 12:0 a.m.335 views

Online Shopping System Advanced 1.0 SQL Injection

The online-shopping-system-advanced-1.0 suffers from multiple SQLi The attacker can steal all information from the database of this system. Status: CRITICAL + Exploit: MYSQL Parameter: cid POST Type: boolean-based blind Title: OR boolean-based blind - WHERE or HAVING clause NOT Payload:...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2022/07/21 12:0 a.m.335 views

Dr. Fone 4.0.8 Unquoted Service Path

Exploit Title: Dr. Fone v4.0.8- 'netupdater32.exe' Unquoted Service Path Discovery Date: 2022-05-07 Discovery by: Esant1490 Vendor Homepage: https://drfone.wondershare.net Software Link : https://download.wondershare.net/drfonefull4008.exe Tested Version: 4.0.8 Tested on OS: Windows 10 Pro x64 en...

0.1AI score
Exploits0
Total number of security vulnerabilities5000