Lucene search
K
PacketstormMost viewed

50738 matches found

Packet Storm
Packet Storm
added 2025/03/14 12:0 a.m.328 views

General Device Manager 2.5.2.2 Buffer Overflow

General Device Manager version 2.5.2.2 remote buffer overflow exploit that provides a reverse shell. Based on a discovery made in 2024 by Ahmet Ümit Bayram. ============================================================================================================================================...

7.9AI score
Exploits0
Packet Storm
Packet Storm
added 2025/03/06 12:0 a.m.328 views

Wazuh 4.9.1 Remote Code Execution

Wazuh version 4.9.1 proof of concept remote code execution exploit with a reverse shell. ============================================================================================================================================= | Title : Wazuh v 4.9.1 PHP Code Injection Vulnerability | | Autho...

9.9CVSS8.3AI score0.92579EPSS
Exploits10
Packet Storm
Packet Storm
added 2024/10/17 12:0 a.m.328 views

SofaWiki 3.9.2 Cross Site Scripting

Exploit Title: SofaWiki 3.9.2 - Reflected XSS Authenticated via Regex Replace Preview Date: 10/17/2024 Exploit Author: Chokri Hammedi Vendor Homepage: https://www.sofawiki.com Software Link: https://www.sofawiki.com/site/files/snapshot.zip Version: 3.9.2 Tested on: Windows XP Summary: A reflected...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.328 views

Cisco IOX XE Unauthenticated OS Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco IOX XE unauthenticated OS command execution', 'Description' = %q This module leverages both CVE-2023-20198 and CVE-2023-20273 against...

10CVSS7.4AI score0.99571EPSS
Exploits27
Packet Storm
Packet Storm
added 2024/01/26 12:0 a.m.328 views

YahooPOPs 1.6 Denial Of Service

use IO::Socket; sub intro print q ,--, / /| ,;' , // // '--; ' \ | ^ ^ ^ + YahooPOPs 1.6 - SMTP - Denial of Service DoS Coded by Fernando Mengali @ e-mail: [email protected] intro; if !$ARGV0 print "\nUsage: $0 \n"; exit0; my $host = $ARGV0; my $username = $ARGV1; my $password = $ARGV2;...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/12/28 12:0 a.m.328 views

Microsoft Windows PowerShell Code Execution / Event Log Bypass

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/WINDOWSPOWERSHELLSINGLEQUOTECODEEXECEVENTLOGBYPASS.txt + twitter.com/hyp3rlinx + ISR: ApparitionSec Vendor www.microsoft.com Product Microsoft Windows PowerShell Built on the...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/09/08 12:0 a.m.328 views

Drupal 10.1.2 Web Cache Poisoning

Title: drupal-10.1.2 web-cache-poisoning-External-service-interaction Author: nu11secur1ty Date: 08/30/2023 Vendor: https://www.drupal.org/ Software: https://www.drupal.org/download Reference: https://portswigger.net/kb/issues/00300210external-service-interaction-http Description: It is possible ...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/25 12:0 a.m.328 views

Gusto Recipes Management 1.5.1 Insecure Settings

==================================================================================================================================== | Title : Gusto - Recipes Management v1.5.1 System Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser :...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/07/19 12:0 a.m.328 views

Active Super Shop CMS 2.5 HTML Injection

Document Title: =============== Active Super Shop CMS v2.5 - HTML Injection Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2278 Release Date: ============= 2023-07-04 Vulnerability Laboratory ID VL-ID: ==================================...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/07/07 12:0 a.m.328 views

DaillyTools Remote Command Execution

==================================================================================================================================== | Title : DaillyTools v1 command execution Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 64.0.2 32-bit ...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/05/26 12:0 a.m.328 views

SCM Manager 1.60 Cross Site Scripting

!/usr/bin/python3 Exploit Title: SCM Manager 1.60 - Cross-Site Scripting Stored Authenticated Google Dork: intitle:"SCM Manager" intext:1.60 Date: 05-25-2023 Exploit Author: neg0x https://github.com/n3gox/CVE-2023-33829 Vendor Homepage: https://scm-manager.org/ Software Link:...

7.1AI score0.07258EPSS
Exploits7
Packet Storm
Packet Storm
added 2023/04/20 12:0 a.m.328 views

Franklin Fueling Systems TS-550 Hash Disclosure / Default Credentials

Exploit Title: Franklin Fueling Systems TS-550 - Default Password Date: 4/16/2023 Exploit Author: parsa rezaie khiabanloo Vendor Homepage: Franklin Fueling Systems http://www.franklinfueling.com/ Version: TS-550 Tested on: Linux/Androidtermux Step 1 : attacker can using these dorks and access to...

6.8AI score
Exploits0
Packet Storm
Packet Storm
added 2022/10/24 12:0 a.m.328 views

Backdoor.Win32.Delf.arh MVID-2022-0650 Authentication Bypass

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/b3b19524967d22d6eb7517b03b660b00.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Delf.arh Vulnerability: Authentication Bypass Description: The malware runs...

0.5AI score
Exploits0
Packet Storm
Packet Storm
added 2022/07/19 12:0 a.m.328 views

Spryker Commerce OS Remote Command Execution

Title ===== SCHUTZWERK-SA-2022-003: Remote Command Execution in Spryker Commerce OS Status ====== PUBLISHED Version ======= 1.0 CVE reference ============= CVE-2022-28888 Link ==== https://www.schutzwerk.com/en/43/advisories/schutzwerk-sa-2022-003/ Text-only version:...

0.3AI score0.03628EPSS
Exploits5
Packet Storm
Packet Storm
added 2022/04/19 12:0 a.m.328 views

ManageEngine ADSelfService Plus 6.1 User Enumeration

Exploit Title: ManageEngine ADSelfService Plus 6.1 - User Enumeration Exploit Author: Metin Yunus Kandemir Vendor Homepage: https://www.manageengine.com/ Software Link: https://www.manageengine.com/products/self-service-password/download.html Version: ADSelfService 6.1 Build 6121 Tested Against:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/03/11 12:0 a.m.328 views

FLEX 1080/1085 Web 1.6.0 Information Disclosure

Exploit Title: FLEX 1080/1085 Web - Information Disclosure Exploit Author: Mr Empy Vendor Homepage: https://www.tem.ind.br/ Software Link: https://www.tem.ind.br/?page=prod-detalhe&id=94 Version: 1.6.0 Tested on: Linux Title: ================ FLEX 1080/1085 Web - Information Disclosure Summary:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/02/10 12:0 a.m.328 views

WordPress VeronaLabs WP Statistics 13.1.4 SQL Injection

On February 7, 2022, Security Researcher Cyku Hong from DEVCORE reported a vulnerability to us that they discovered in WP Statistics, a WordPress plugin installed on over 600,000 sites. This vulnerability made it possible for unauthenticated attackers to execute arbitrary SQL queries by appending...

0.2AI score0.5346EPSS
Exploits3
Packet Storm
Packet Storm
added 2021/12/16 12:0 a.m.328 views

Croogo 3.0.2 Cross Site Scripting

Exploit Title: Croogo 3.0.2 - 'Multiple' Stored Cross-Site Scripting XSS Date: 06/12/2021 Exploit Author: Enes Özeser Vendor Homepage: https://croogo.org/ Software Link: https://downloads.croogo.org/v3.0.2.zip Version: 3.0.2 Tested on: Windows 10 Home Single Language 20H2 & WampServer 3.2.3 ==...

Exploits0
Packet Storm
Packet Storm
added 2021/12/16 12:0 a.m.328 views

Croogo 3.0.2 Shell Upload

Exploit Title: Croogo 3.0.2 - Unrestricted File Upload Date: 06/12/2021 Exploit Author: Enes Özeser Vendor Homepage: https://croogo.org/ Software Link: https://downloads.croogo.org/v3.0.2.zip Version: 3.0.2 Tested on: Windows 10 Home Single Language 20H2 & WampServer 3.2.3 == 'setting-43'...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/07/08 12:0 a.m.328 views

Online Covid Vaccination Scheduler System 1.0 Shell Upload

Exploit Title: Online Covid Vaccination Scheduler System 1.0 - Arbitrary File Upload to Remote Code Execution Unauthenticated Date: 2021-07-07 Exploit Author: faisalfs10x Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2021/07/05 12:0 a.m.328 views

Virus.Win32.Shodi.e Heap Corruption

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/37d4a5ba123dd32f1e2c4ba0be14e77cC.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Virus.Win32.Shodi.e Vulnerability: Heap Corruption Description: The virus listens on TCP port 7352...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/03/12 12:0 a.m.329 views

QCubed 3.1.1 PHP Object Injection

QCubed PHP Object Injection =========================== | Identifier: | AIT-SA-20210215-01 | | Target: | QCubed Framework | | Vendor: | QCubed | | Version: | all versions including 3.1.1 | | CVE: | CVE-2020-24914 | | Accessibility: | Remote | | Severity: | Critical | | Author: | Wolfgang Hotwagne...

7.5CVSS9.6AI score0.05554EPSS
Exploits3
Packet Storm
Packet Storm
added 2020/11/03 12:0 a.m.328 views

Processwire CMS 2.4.0 Local File Inclusion

Exploit Title: Local File Inclusion Processwire CMS 2.4.0 Vulnerability Type: Unauthenticated LFI Date: 03.11.2020 Exploit Author: Y1LD1R1M Type: WEBAPPS Platform: PHP Vendor Homepage: https://processwire.com/ Version: 2.4.0 Tested on: Kali Linux Description Local File Inclusion in Processwire CM...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/05/20 12:0 a.m.328 views

OpenEDX Ironwood 2.5 Remote Code Execution

Exploit Title: OpenEDX platform Ironwood 2.5 - Remote Code Execution Google Dork: N/A Date: 2020-05-20 Exploit Author: Daniel Monzón stark0de Vendor Homepage: https://open.edx.org/ Software Link: https://github.com/edx/edx-platform Version: Ironwood 2.5 Tested on: Debian x64 CVE : CVE-2020-13144...

0.3AI score0.10963EPSS
Exploits7
Packet Storm
Packet Storm
added 2019/09/10 12:0 a.m.328 views

WordPress Photo Gallery 1.5.34 SQL Injection

Exploit Title: WordPress Plugin Photo Gallery by 10Web Add new and in add galleries / Gallery groups. GET request going with parameter albumid is vulnerable to Time Based Blind SQL injection. Following is the POC, 1...

7.5CVSS0.5AI score0.25438EPSS
Exploits4
Packet Storm
Packet Storm
added 2019/07/12 12:0 a.m.328 views

Sitecore 9.0 Rev 171002 Cross Site Scripting

Exploit Title: Stored Cross Site Scripting XSS in Sitecore 9.0 rev 171002 Date: July 11, 2019 Exploit Author: Owais Mehtab Vendor Homepage: http://www.sitecore.net/en Version: 9.0 rev. 171002 Tested on: Sitecore Experience Platform 8.1 Update-3 i.e.; 8.1 rev. 160519 CVE : CVE-2019-13493 Vendor...

5.6AI score0.01581EPSS
Exploits5
Packet Storm
Packet Storm
added 2019/07/01 12:0 a.m.328 views

EA Origin Template Injection Remote Code Execution

Exploit Title: EA Origin 10.5.36 Template Injection Remote Code Execution Date: 04/19/2019 Exploit Author: Dominik Penner @zer0pwn Vendor Homepage: https://www.origin.com Software Link: https://www.origin.com/can/en-us/store/download Version: 10.5.36 and below Tested on: Windows 10 CVE :...

6.8CVSS0.2AI score0.23129EPSS
Exploits7
Packet Storm
Packet Storm
added 2018/10/27 12:0 a.m.328 views

Shell In A Box 2.2.0 Denial Of Service

Product: Shell In A Box aka shellinabox, shellinaboxd "Shell In A Box implements a web server that can export arbitrary command line tools to a web based terminal emulator. This emulator is accessible to any JavaScript and CSS enabled web browser and does not require any additional browser plugin...

7.6AI score0.05986EPSS
Exploits3
Packet Storm
Packet Storm
added 2017/10/27 12:0 a.m.328 views

DameWare Remote Controller 12.0.0.520 Remote Code Execution

Exploit Title: Dameware Remote Controller RCE Date: 3-04-2016 Exploit Author: Securifera Vendor Homepage: http://www.dameware.com/products/mini-remote-control/product-overview.aspx Version: 12.0.0.520 Website:...

10CVSS9.2AI score0.51215EPSS
Exploits4
Packet Storm
Packet Storm
added 2025/03/14 12:0 a.m.327 views

Fortra FileCatalyst Workflow 5.1.6 Build 135 SQL Injection

Fortra FileCatalyst Workflow version 5.1.6 build 135 remote SQL injection exploit. ============================================================================================================================================= | Title : Fortra FileCatalyst Workflow v5.1.6 Build 135 PHP Code Injecti...

9.8CVSS8.2AI score0.90067EPSS
Exploits5
Packet Storm
Packet Storm
added 2025/02/05 12:0 a.m.327 views

PHPJabbers Cinema Booking System 2.0 SQL Injection

PHPJabbers Cinema Booking System version 2.0 suffers from a remote SQL injection vulnerability. CVE-2024-57430 An SQL injection vulnerability in the pjActionGetUser function of PHPJabbers Cinema Booking System v2.0 allows attackers to manipulate database queries via the column parameter. Exploiti...

6.1CVSS8.1AI score0.00811EPSS
Exploits6
Packet Storm
Packet Storm
added 2025/01/28 12:0 a.m.327 views

ATutor 2.2.4 Cross Site Scripting

ATutor version 2.2.4 suffers from a cross site scripting vulnerability. Exploit Title: Reflected XSS - atutorv2.2.4 Date: 01/2025 Exploit Author: Andrey Stoykov Version: 2.2.4 Tested on: Ubuntu 22.04 Blog: https://msecureltd.blogspot.com/2025/01/friday-fun-pentest-series-17-reflected.html...

6.6AI score
Exploits0
Packet Storm
Packet Storm
added 2024/09/20 12:0 a.m.327 views

Taskhub 3.0.3 Insecure Settings

============================================================================================================================================= | Title : Taskhub v3.0.3 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bit...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/09/19 12:0 a.m.327 views

Nipah Virus Testing Management System 1.0 Insecure Settings

==================================================================================================================================== | Title : Nipah virus NiV – Testing Management System 1.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozill...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/04/04 12:0 a.m.327 views

WordPress Membership For WooCommerce Shell Upload

Exploit Title: Wordpress Plugin - Membership For WooCommerce Resultz Uploader Uploaded ?PHP...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/03/04 12:0 a.m.327 views

GL.iNet AR300M 3.216 Remote Code Execution

!/usr/bin/env python3 Exploit Title: GL.iNet = 3.216 Remote Code Execution via OpenVPN Client Google Dork: intitle:"GL.iNet Admin Panel" Date: XX/11/2023 Exploit Author: Michele 'cyberaz0r' Di Bonaventura Vendor Homepage: https://www.gli-net.com Software Link:...

9.8CVSS7.4AI score0.24725EPSS
Exploits4
Packet Storm
Packet Storm
added 2024/02/22 12:0 a.m.327 views

CMS Made Simple 2.2.19 Cross Site Scripting

Exploit Title: CMS Made Simple Version: 2.2.19 - Stored XSS Date: 2024-21-02 Exploit Author: tmrswrr Vendor Homepage: https://www.cmsmadesimple.org/ Version: 2.2.19 Tested on: https://www.softaculous.com/demos/CMSMadeSimple 1 log in as admin and go to Content File Manager 2 Write in New directory...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/12/11 12:0 a.m.327 views

WordPress TextMe SMS 1.9.0 Cross Site Request Forgery

Exploit Title: WP Plugins TextMe SMS history.pushState'', '', '/'; document.forms0.submit; Recommendation Upgrade to version 1.9.1...

7.2AI score0.00457EPSS
Exploits2
Packet Storm
Packet Storm
added 2023/09/18 12:0 a.m.327 views

Ivanti Avalanche MDM Buffer Overflow

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ivanti Avalanche MDM Buffer Overflow', 'Description' = %q This module exploits a buffer overflow condition in Ivanti Avalanche MDM versions befor...

9.8CVSS7.1AI score0.98919EPSS
Exploits7
Packet Storm
Packet Storm
added 2023/07/12 12:0 a.m.327 views

Atom CMS 2.0 Directory Traversal

==================================================================================================================================== | Title : AtomCMS 2.0 Directory traversal Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit |...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/06/07 12:0 a.m.327 views

Magento eCommerce 2.4.0 Information Disclosure

==================================================================================================================================== | Title : Magento eCommerce v 2.4.0 sensitive information disclosure Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser :...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/05/15 12:0 a.m.327 views

Online Clinic Management System 2.2 Cross Site Scripting

Exploit Title: Online Clinic Management System 2.2 - Multiple Stored Cross-Site Scripting XSS Date: 27-06-2019 Exploit Author: Rafael Pedrero Vendor Homepage: https://bigprof.com Software Download Link : https://bigprof.com/appgini/applications/online-clinic-management-system Version : 2.2...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/03/07 12:0 a.m.327 views

Arris DG3450 AR01.02.056.18_041520_711.NCS.10 XSS / Missing Authentication

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Vulnerabilities product: Arris DG3450 Cable Gateway vulnerable version: AR01.02.056.18041520711.NCS.10 fixed version: - CVE number: CVE-2023-27571, CVE-2023-2757...

0.9AI score0.009EPSS
Exploits4
Packet Storm
Packet Storm
added 2022/12/05 12:0 a.m.327 views

Drupal H5P Module 2.0.0 Zip Slip Traversal

------------------------------------------------------------------ Drupal H5P Module statIndex$i'name'; 892. 893. if pregmatch'/^.|/./', $fileName !== 0 894. continue; // Skip any file or folder starting with a . or 894. This regex check should be enough to prevent path traversal attacks through...

Exploits0
Packet Storm
Packet Storm
added 2022/11/21 12:0 a.m.327 views

ZTE ZXHN-H108NS Authentication Bypass

Exploit Title: Router ZTE-H108NS - Authentication Bypass Date: 19-11-2022 Exploit Author: George Tsimpidas Vendor: https://www.zte.com.cn/global/ Firmware: H108NSV1.0.7uZRDGR2A68 CVE: N/A Tested on: Debian 5.18.5 Description : When specific http methods are listed within a security constraint, th...

0.6AI score
Exploits0
Packet Storm
Packet Storm
added 2022/10/24 12:0 a.m.327 views

Pega Platform 8.7.3 Remote Code Execution

Exploit Title: Pega Platform 8.1.0 and higher Remote Code Execution Google Dork: N/A Date: 20 Oct 2022 Exploit Author: Marcin Wolak using MOGWAI LABS JMX Exploitation Toolkit Vendor Homepage: www.pega.com Software Link: Not Available Version: 8.1.0 on-premise and higher, up to 8.7.3 Tested on: Re...

9.8CVSS9.7AI score0.09477EPSS
Exploits5
Packet Storm
Packet Storm
added 2022/09/19 12:0 a.m.327 views

OpenCart 3.x Newsletter Custom Popup 4.0 SQL Injection

Exploit Title: OpenCart v3.x So Newsletter Custom Popup Module - Blind SQL Injection Date: 18/09/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.opencart.com/ Software Link:...

Exploits0
Packet Storm
Packet Storm
added 2022/08/01 12:0 a.m.327 views

Webmin 1.996 Remote Code Execution

Exploit Title: Webmin 1.996 - Remote Code Execution RCE Authenticated Date: 2022-07-25 Exploit Author: Emir Polat Technical analysis: https://medium.com/@emirpolat/cve-2022-36446-webmin-1-997-7a9225af3165 Vendor Homepage: https://www.webmin.com/ Software Link: https://www.webmin.com/download.html...

9.6AI score0.96049EPSS
Exploits8
Packet Storm
Packet Storm
added 2022/04/12 12:0 a.m.327 views

Easy!Appointments Information Disclosure

!/usr/bin/env ruby Exploit Title: Easy!Appointments 1.4.3 - Unauthenticated PII events disclosure Exploit author: noraj Alexandre ZANNI for ACCEIS https://www.acceis.fr Author website: https://pwn.by/noraj/ Exploit source: https://github.com/Acceis/exploit-CVE-2022-0482 Date: 2022-04-11 Vendor...

9.1CVSS9.3AI score0.38133EPSS
Exploits7
Packet Storm
Packet Storm
added 2022/04/07 12:0 a.m.327 views

ICEHRM 31.0.0.0S Cross Site Request Forgery

Exploit Title: ICEHRM 31.0.0.0S - Cross-site Request Forgery CSRF to Account Deletion Date: 29/03/2022 Exploit Author: Devansh Bordia Vendor Homepage: https://icehrm.com/ Software Link: https://github.com/gamonoid/icehrm/releases/tag/v31.0.0.OS Version: 31.0.0.OS Tested on: Windows 10 CVE:...

0.6AI score0.0057EPSS
Exploits4
Total number of security vulnerabilities5000