Lucene search
K
PacketstormMost viewed

50738 matches found

Packet Storm
Packet Storm
added 2021/03/09 12:0 a.m.331 views

OpenCMS 11.0.2 Cross Site Request Forgery / Open Redirection

OpenCMS v11.0.2 -------------------------------------------------------------------------------------------------------------------------------------------------- CSRF - Login page vulnerable https://vulnerablehost.com/system/login - CSRF needs valid JSESSIONID to work, maybe logged Admin user...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2020/06/02 12:0 a.m.331 views

QuickBox Pro 2.1.8 Remote Code Execution

Exploit Title: QuickBox Pro 2.1.8 - Authenticated Remote Code Execution Date: 2020-05-26 Exploit Author: s1gh Vendor Homepage: https://quickbox.io/ Vulnerability Details: https://s1gh.sh/cve-2020-13448-quickbox-authenticated-rce/ Version: = 2.1.8 Description: An authenticated low-privileged user...

8.8AI score0.17772EPSS
Exploits7
Packet Storm
Packet Storm
added 2020/04/21 12:0 a.m.331 views

Sysaid 20.1.11 b26 Remote Command Execution

Exploit Title: Sysaid 20.1.11 b26 - Remote Command Execution Google Dork: intext:"Help Desk Software by SysAid " Date: 2020-03-09 Exploit Author: Ahmed Sherif Vendor Homepage: https://www.sysaid.com/free-help-desk-software Software Link: https://www.sysaid.com/free-help-desk-software Version:...

9.7AI score0.03176EPSS
Exploits3
Packet Storm
Packet Storm
added 2025/04/11 12:0 a.m.331 views

📄 Gnuboard5 5.3.2.8 SQL Injection

Gnuboard5 versions 5.3.2.8 and below suffer from a remote SQL injection vulnerability. Exploit Title: Gnuboard5 = 5.3.2.8 SQL Injection via tableprefix Parameter Date: 2024-10-26 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/gnuboard/gnuboard5 Software Link:...

9.8CVSS9.8AI score0.05377EPSS
Exploits4
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.331 views

CrushFTP Unauthenticated Arbitrary File Read

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'CrushFTP Unauthenticated Arbitrary File Read', 'Description' = %q This module leverages an unauthenticated server-side template injection...

10CVSS7AI score0.99539EPSS
Exploits22
Packet Storm
Packet Storm
added 2024/07/01 12:0 a.m.330 views

Xhibiter NFT Marketplace 1.10.2 SQL Injection

Exploit Title: xhibiter nft marketplace SQLI Google Dork: intitle:"View - Browse, create, buy, sell, and auction NFTs" Date: 29/06/204 Exploit Author: Sohel yousef - https://www.linkedin.com/in/sohel-yousef-50a905189/ Vendor Homepage:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/03/04 12:0 a.m.330 views

Boss Mini 1.4.0 Local File Inclusion

Exploit Title: Boss Mini 1.4.0 - local file inclusion Date: 07/12/2023 Exploit Author: nltt0 https://github.com/nltt-br CVE: CVE-2023-3643 ''' / \ | | / | | / / | | \ --. | | / | |/ | ' \ / |/ / | --. \ | /\ | | | | | | | | | | \ // / /,||,|| ||, |/|// / | |/ ''' from requests import...

9.8CVSS7.4AI score0.75206EPSS
Exploits6
Packet Storm
Packet Storm
added 2024/01/19 12:0 a.m.330 views

Lepton CMS 7.0.0 Remote Code Execution

Exploit Title: LeptonCMS Version : 7.0.0 Remote Code Execution Date: 2024-1-19 Exploit Author: tmrswrr Category: Webapps Vendor Homepage: https://www.lepton-cms.com/ Version : 7.0.0 Tested on: https://www.softaculous.com/apps/cms/LEPTON 1 Login with admin cred...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/23 12:0 a.m.330 views

CrafterCMS 4.0.2 Cross Site Scripting

--------------------------------------------------------------------------- CrafterCMS = 4.0.2 Multiple Reflected Cross-Site Scripting Vulnerabilities --------------------------------------------------------------------------- - Software Link: https://craftercms.org - Affected Versions: Version...

7.4CVSS7.1AI score0.01304EPSS
Exploits2
Packet Storm
Packet Storm
added 2023/08/16 12:0 a.m.330 views

Evsanati Radyo 1.0 Insecure Settings

==================================================================================================================================== | Title : evsanati radyo v1.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 64.0.2...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/06/22 12:0 a.m.330 views

Acon Architecture and Construction Website CMS 1.2 Insecure Settings

==================================================================================================================================== | Title : Acon - Architecture and Construction Website CMS v1.2 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro /...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/06/13 12:0 a.m.330 views

Online Thesis Archiving System 1.0 SQL Injection

Title: OTAS - PHP by: oretnom23 v1.0 Multiple-SQLi Author: nu11secur1ty Date: 06.12.2023 Vendor: https://github.com/oretnom23 Software: https://www.sourcecodester.com/php/15083/online-thesis-archiving-system-using-phpoop-free-source-code.html Reference:...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/06/09 12:0 a.m.330 views

Codemonkey Multi Vendor Digital Product Mart 1.0 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/04/28 12:0 a.m.330 views

CreativeItem Academy Learning Management System 5.14 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

6.9AI score
Exploits0
Packet Storm
Packet Storm
added 2023/04/18 12:0 a.m.330 views

WordPress Weaver Xtreme 5.0.7 / Weaver Show Posts 1.6 Cross Site Scripting

On March 14, 2023, the Wordfence Threat Intelligence team initiated the responsible disclosure process for 2 nearly identical Cross-Site Scripting vulnerabilities in the Weaver Xtreme theme and the Weaver Show Posts plugin, which each have over 10,000 installations. The plugin developer responded...

9.4AI score0.00531EPSS
Exploits2
Packet Storm
Packet Storm
added 2023/04/12 12:0 a.m.330 views

Rocket Software Unidata udadmin_server Authentication Bypass

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Rocket Software Unidata udadminserver Authentication Bypass', 'Description' = %q This module exploits an authentication bypass vulnerability in t...

9.8CVSS9.4AI score0.62136EPSS
Exploits2
Packet Storm
Packet Storm
added 2023/02/23 12:0 a.m.330 views

Froxlor 2.0.6 Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Froxlor Log Path RCE', 'Description' = %q Froxlor v2.0.6 and below suffer from a bug that allows authenticated users to change the application lo...

8.8CVSS0.2AI score0.97653EPSS
Exploits8
Packet Storm
Packet Storm
added 2023/01/23 12:0 a.m.330 views

ERPGo SaaS 3.9 CSV Injection

Exploit Title: ERPGo SaaS 3.9 - CSV Injection Date: 18/01/2023 Exploit Author: Sajibe Kanti CVE ID: Vendor Name: RajodiyaInfotech Vendor Homepage: https://rajodiya.com/ Software Link: https://codecanyon.net/item/erpgo-saas-all-in-one-business-erp-with-project-account-hrm-crm-pos/33263426 Version:...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2022/11/21 12:0 a.m.330 views

ZTE ZXHN-H108NS Stack Buffer Overflow / Denial Of Service

Exploit Title: Router ZTE-H108NS - Stack Buffer Overflow DoS Date: 19-11-2022 Exploit Author: George Tsimpidas Vendor: https://www.zte.com.cn/global/ Firmware: H108NSV1.0.7uZRDGR2A68 Usage: python zte-exploit.py CVE: N/A Tested on: Debian 5.18.5 !/usr/bin/python3 import sys import socket from tim...

0.5AI score
Exploits0
Packet Storm
Packet Storm
added 2022/10/17 12:0 a.m.330 views

Spring Cloud Gateway 3.1.0 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Spring Cloud Gateway Remote Code Execution', 'Description' = %q This module exploits an unauthenticated remote code execution vulnerability in...

10CVSS0.2AI score0.98253EPSS
Exploits54
Packet Storm
Packet Storm
added 2022/08/15 12:0 a.m.330 views

Inout SiteSearch 2.0.1 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2022/07/06 12:0 a.m.330 views

Magnolia CMS 6.2.19 Cross Site Scripting

Exploit Title: Magnolia CMS = 6.2.19 - Stored Cross-Site Scripting XSS Date: 08/05/2022 Exploit Author: Giulio Garzia 'Ozozuz' Vendor Homepage: https://www.magnolia-cms.com/ Software Link:...

6.3AI score0.50539EPSS
Exploits3
Packet Storm
Packet Storm
added 2021/06/04 12:0 a.m.330 views

HealthForYou 1.11.1 / HealthCoach 2.9.2 Account Takeover

Trovent Security Advisory 2104-02 Account takeover with only email address possible Overview Advisory ID: TRSA-2104-02 Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2104-02 Affected product: HealthForYou & Sanitas HealthCoach mobile and web...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/03/25 12:0 a.m.330 views

Dolibarr ERP/CRM 11.0.4 Bypass / Code Execution

Exploit Title: Dolibarr ERP/CRM 11.0.4 - File Upload Restrictions Bypass Authenticated RCE Date: 16/06/2020 Exploit Author: Andrea Gonzalez Vendor Homepage: https://www.dolibarr.org/ Software Link: https://github.com/Dolibarr/dolibarr Version: Prior to 11.0.5 Tested on: Debian 9.12 CVE :...

6.5CVSS0.27482EPSS
Exploits4
Packet Storm
Packet Storm
added 2020/12/14 12:0 a.m.330 views

Rukovoditel 2.6.1 Cross Site Request Forgery

Exploit Title: Rukovoditel 2.6.1 - Cross-Site Request Forgery Change password Date: 2020-12-14 Exploit Author: KeopssGroup0day,Inc Vendor Homepage: https://www.rukovoditel.net/ Software Link: https://www.rukovoditel.net/download.php Version: v2.6.1 Tested on: Kali Linux...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2020/10/28 12:0 a.m.330 views

Online Library Management System 1.0 Shell Upload

Exploit Title: Online Library Management System 1.0 - Arbitrary File Upload Date: 22-10-2020 Exploit Author: Jyotsna Adhana Vendor Homepage: https://www.sourcecodester.com/php/14545/online-library-management-system-phpmysqli-full-source-code-2020.html Software Link:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/10/16 12:0 a.m.330 views

aaPanel 6.6.6 Privilege Escalation

Exploit Title: aaPanel 6.6.6 - Authenticated Privilege Escalation Google Dork: Date: 04.05.2020 Exploit Author: Ünsal Furkan Harani Zemarkhos Vendor Homepage: https://www.aapanel.com/ Software Link: https://github.com/aaPanel/aaPanel Version: 6.6.6 REQUIRED Tested on: Linux ubuntu 4.4.0-131-gener...

9CVSS0.7AI score0.0597EPSS
Exploits5
Packet Storm
Packet Storm
added 2020/08/31 12:0 a.m.330 views

BlazeDVD 7.0 Professional Buffer Overflow

Title: BlazeDVD 7.0 Professional - '.plf' Local Buffer Overflow SEH,ASLR,DEP Author: emalp Date: 2020-08-31 Vendor Homepage: http://www.blazevideo.com/ Software Link: http://www.blazevideo.com/download/BlazeDVDProSetup.exe Version: 7.0.0.0 Tested on: Windows 7 Home Basic Run this file bfile.plf...

0.7AI score
Exploits0
Packet Storm
Packet Storm
added 2019/07/12 12:0 a.m.330 views

SNMPc Enterprise Edition 9 / 10 Mapping Filename Buffer Overflow

!/usr/bin/python -- coding: utf-8 -- -------------------------------------------------------------------- Exploit: SNMPc Enterprise Edition 9 & 10 Mapping File Name BOF Date: 11 July 2019 Exploit Author: @xerubus | mogozobo.com Vendor Homepage: https://www.castlerock.com/ Software Linke:...

0.2AI score0.03887EPSS
Exploits5
Packet Storm
Packet Storm
added 2019/04/20 12:0 a.m.330 views

Zikula Core CMS 2.0.13 Database Disclosure

Exploit Title : Zikula Core CMS 2.0.13 Database Disclosure Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 20/04/2019 Vendor Homepage : ziku.la Software Download Link : github.com/zikula/core/releases/download/2.0.13/2.0.zip Software Information Link :...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2026/01/22 12:0 a.m.329 views

📄 libxml2 2.9.14 Remote Code Execution

libxml2 version 2.9.14 2022 proof of concept exploit for a heap buffer overflow in the xmlRegEpxFromParse function in xmlregexp.c. This version from the author is in the form of a Metasploit module...

7.5CVSS5.8AI score0.01375EPSS
Exploits3
Packet Storm
Packet Storm
added 2024/09/19 12:0 a.m.329 views

Nipah Virus Testing Management System 1.0 Insecure Settings

==================================================================================================================================== | Title : Nipah virus NiV – Testing Management System 1.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozill...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.329 views

NETGEAR Administrator Password Disclosure

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'NETGEAR Administrator Password Disclosure', 'Description' = %q This module will collect the password for the admin user. The exploit will not...

8.1CVSS7.2AI score0.89294EPSS
Exploits7
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.329 views

Cisco IOX XE Unauthenticated OS Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco IOX XE unauthenticated OS command execution', 'Description' = %q This module leverages both CVE-2023-20198 and CVE-2023-20273 against...

10CVSS7.4AI score0.99571EPSS
Exploits27
Packet Storm
Packet Storm
added 2024/06/03 12:0 a.m.329 views

CMSimple 5.15 Remote Shell Upload

Exploit Title: CMSimple 5.15 - Remote Command Execution Date: 04/28/2024 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.cmsimple.org Software Link: https://www.cmsimple.org/downloadscmsimple50/CMSimple5-15.zip Version: latest Tested on: MacOS Log in to SimpleCMS. Go to Settings CM...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/03/18 12:0 a.m.329 views

Nokia BMC Log Scanner 13 Command Injection

Exploit Title: Nokia BMC Log Scanner Remote Code Execution Google Dork: N/A Date: November 29, 2023 Exploit Author: Carlos Andres Gonzalez, Matthew Gregory Vendor Homepage: https://www.nokia.com/ Software Link: N/A Version: 13 Tested on: Linux CVE : CVE-2022-45899 Description The BMC Log Scanner...

7.4AI score0.00826EPSS
Exploits3
Packet Storm
Packet Storm
added 2023/12/28 12:0 a.m.329 views

Microsoft Windows PowerShell Code Execution / Event Log Bypass

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/WINDOWSPOWERSHELLSINGLEQUOTECODEEXECEVENTLOGBYPASS.txt + twitter.com/hyp3rlinx + ISR: ApparitionSec Vendor www.microsoft.com Product Microsoft Windows PowerShell Built on the...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/07/19 12:0 a.m.329 views

Active Super Shop CMS 2.5 HTML Injection

Document Title: =============== Active Super Shop CMS v2.5 - HTML Injection Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2278 Release Date: ============= 2023-07-04 Vulnerability Laboratory ID VL-ID: ==================================...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/07/17 12:0 a.m.329 views

ProjeQtOr Project Management System 10.4.1 Cross Site Scripting

Exploit Title: ProjeQtOr Project Management System V10.4.1 - Multiple XSS Version: V10.4.1 Bugs: Multiple XSS Technology: PHP Vendor URL: https://www.projeqtor.org Software Link: https://sourceforge.net/projects/projectorria/files/projeqtorV10.4.1.zip/download Date of found: 09.07.2023 Author:...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/07/13 12:0 a.m.329 views

BBook 5.7 Shell Upload

==================================================================================================================================== | Title : BBook - BookStore Script System with website v5.7 Unrestricted File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro ...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/06/30 12:0 a.m.329 views

GZ E Learning Platform 1.8 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/06/30 12:0 a.m.329 views

Advanced Testimonials Manager 5.5 Add Administrator

==================================================================================================================================== | Title : Advanced Testimonials Manager v5.5 Reinstall Add Admin Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/06/23 12:0 a.m.329 views

PHPJabbers Forum Script 3.0 Persistent Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/04/20 12:0 a.m.329 views

Franklin Fueling Systems TS-550 Hash Disclosure / Default Credentials

Exploit Title: Franklin Fueling Systems TS-550 - Default Password Date: 4/16/2023 Exploit Author: parsa rezaie khiabanloo Vendor Homepage: Franklin Fueling Systems http://www.franklinfueling.com/ Version: TS-550 Tested on: Linux/Androidtermux Step 1 : attacker can using these dorks and access to...

6.8AI score
Exploits0
Packet Storm
Packet Storm
added 2023/02/14 12:0 a.m.329 views

Cisco RV Series Authentication Bypass / Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco RV Series Authentication Bypass and Command Injection', 'Description' = %q This module exploits two vulnerabilities, a session ID directory...

10CVSS1.1AI score0.80031EPSS
Exploits3
Packet Storm
Packet Storm
added 2023/02/07 12:0 a.m.329 views

101news By Mayuri K 1.0 SQL Injection

Title: 101news-by-Mayuri-K-1.0 Multiple-SQLi Author: nu11secur1ty Date: 02.02.2023 Vendor: https://mayurik.com/ Software: https://mayurik.com/source-code/P4030/news-portal-project-in-php Reference: https://portswigger.net/web-security/sql-injection Description: The comment parameter appears to be...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2022/12/05 12:0 a.m.329 views

Drupal H5P Module 2.0.0 Zip Slip Traversal

------------------------------------------------------------------ Drupal H5P Module statIndex$i'name'; 892. 893. if pregmatch'/^.|/./', $fileName !== 0 894. continue; // Skip any file or folder starting with a . or 894. This regex check should be enough to prevent path traversal attacks through...

Exploits0
Packet Storm
Packet Storm
added 2022/11/14 12:0 a.m.329 views

Backdoor.Win32.RemServ.d MVID-2022-0655 Remote Command Execution

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/05a082d441d9cf365749c0e1eb904c85.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.RemServ.d Vulnerability: Unauthenticated Remote Command Execution Family:...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2022/10/24 12:0 a.m.329 views

Backdoor.Win32.Delf.arh MVID-2022-0650 Authentication Bypass

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/b3b19524967d22d6eb7517b03b660b00.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Delf.arh Vulnerability: Authentication Bypass Description: The malware runs...

0.5AI score
Exploits0
Packet Storm
Packet Storm
added 2022/09/21 12:0 a.m.329 views

WiFiMouse 1.8.3.4 Remote Code Execution

Exploit Title: WiFiMouse 1.8.3.4 - Remote Code Execution RCE Date: 15-08-2022 Author: Febin Vendor Homepage: http://necta.us/ Software Link: http://wifimouse.necta.us/download Version: 1.8.3.4 Tested on: Windows 10 !/bin/bash printf " WiFiMouse / MouseServer 1.8.3.4 Exploit by FEBIN " printf "...

7.4AI score
Exploits0
Total number of security vulnerabilities5000