Lucene search
K
PacketstormMost viewed

50748 matches found

Packet Storm
Packet Storm
added 2022/10/24 12:0 a.m.329 views

Backdoor.Win32.Delf.arh MVID-2022-0650 Authentication Bypass

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/b3b19524967d22d6eb7517b03b660b00.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Delf.arh Vulnerability: Authentication Bypass Description: The malware runs...

0.5AI score
Exploits0
Packet Storm
Packet Storm
added 2022/08/01 12:0 a.m.329 views

Webmin 1.996 Remote Code Execution

Exploit Title: Webmin 1.996 - Remote Code Execution RCE Authenticated Date: 2022-07-25 Exploit Author: Emir Polat Technical analysis: https://medium.com/@emirpolat/cve-2022-36446-webmin-1-997-7a9225af3165 Vendor Homepage: https://www.webmin.com/ Software Link: https://www.webmin.com/download.html...

9.6AI score0.96049EPSS
Exploits8
Packet Storm
Packet Storm
added 2022/03/02 12:0 a.m.329 views

Xerte 3.10.3 Directory Traversal

Exploit Title: Xerte 3.10.3 - Directory Traversal Authenticated Date: 05/03/2021 Exploit Author: Rik Lutz Vendor Homepage: https://xerte.org.uk Software Link: https://github.com/thexerteproject/xerteonlinetoolkits/archive/refs/heads/3.9.zip Version: up until 3.10.3 Tested on: Windows 10 XAMP CVE ...

0.07685EPSS
Exploits4
Packet Storm
Packet Storm
added 2021/12/16 12:0 a.m.329 views

Croogo 3.0.2 Cross Site Scripting

Exploit Title: Croogo 3.0.2 - 'Multiple' Stored Cross-Site Scripting XSS Date: 06/12/2021 Exploit Author: Enes Özeser Vendor Homepage: https://croogo.org/ Software Link: https://downloads.croogo.org/v3.0.2.zip Version: 3.0.2 Tested on: Windows 10 Home Single Language 20H2 & WampServer 3.2.3 ==...

Exploits0
Packet Storm
Packet Storm
added 2021/12/16 12:0 a.m.329 views

Croogo 3.0.2 Shell Upload

Exploit Title: Croogo 3.0.2 - Unrestricted File Upload Date: 06/12/2021 Exploit Author: Enes Özeser Vendor Homepage: https://croogo.org/ Software Link: https://downloads.croogo.org/v3.0.2.zip Version: 3.0.2 Tested on: Windows 10 Home Single Language 20H2 & WampServer 3.2.3 == 'setting-43'...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/05/03 12:0 a.m.329 views

Voting System 1.0 SQL Injection

Exploit Title: Voting System 1.0 - Time based SQLI Unauthenticated SQL injection Date: 02/05/2021 Exploit Author: Syed Sheeraz Ali Vendor Homepage: https://www.sourcecodester.com/php/12306/voting-system-using-php.html Software Link:...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/02/08 12:0 a.m.329 views

WordPress Supsystic Contact Form 1.7.5 XSS / SQL Injection

Exploit Title: WordPress Plugin Supsystic Contact Form 1.7.5 - Multiple Vulnerabilities Date: 24/07/2020 Exploit Author: Erik David Martin Vendor Homepage: https://supsystic.com/ Software Link: https://downloads.wordpress.org/plugin/contact-form-by-supsystic.1.7.5.zip Version: 1.7.5 Tested on:...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/01/05 12:0 a.m.329 views

Klog Server 2.4.1 Command Injection

Exploit Title: Klog Server 2.4.1 - Command Injection Unauthenticated Date: 22.12.2020 Exploit Author: b3kc4t Mustafa GUNDOGDU Vendor Homepage: https://www.klogserver.com/ Version: 2.4.1 Tested On: Ubuntu 18.04 CVE: 2020-35729 Description:...

10CVSS9.6AI score0.87987EPSS
Exploits8
Packet Storm
Packet Storm
added 2021/01/04 12:0 a.m.329 views

Mantis Bug Tracker 2.24.3 SQL Injection

Exploit Title: Mantis Bug Tracker 2.24.3 - 'access' SQL Injection Date: 30/12/2020 Exploit Author: EthicalHCOP Vendor Homepage: https://www.mantisbt.org/ Version: 2.24.3 CVE: CVE-2020-28413 import requests, sys, time from lxml import etree proxies = "http": "http://127.0.0.1:8080", "https":...

0.2AI score0.04856EPSS
Exploits3
Packet Storm
Packet Storm
added 2020/06/05 12:0 a.m.329 views

Castel NextGen DVR 1.0.0 Bypass / CSRF / Disclosure

All issues are associated with Castel NextGen DVR v1.0.0 and have been resolved in v1.0.1. ------------------------------- CVE-2020-11679 Original Disclosure https://www.securitymetrics.com/blog/attackers-known-unknown-authorization-bypass Description A low privileged user can call functionality...

0.02018EPSS
Exploits3
Packet Storm
Packet Storm
added 2020/02/28 12:0 a.m.329 views

Microsoft Windows Kernel Privilege Escalation

Exploit Title: Windows Kernel Elevation of Privilege Vulnerability + PWN-OS-FAKE UPDATE Windows 10 - Local Author: nu11secur1ty Date: 2020-02-27 Vendor: Microsoft Link: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0668 CVE: 2020-0668 + Credits: Ventsislav Varbanovsk...

4.6CVSS0.6AI score0.2605EPSS
Exploits8
Packet Storm
Packet Storm
added 2019/01/14 12:0 a.m.329 views

ThinkPHP 5.x Remote Command Execution

Exploit Title: thinkphp 5.X RCE Date: 2019-1-14 Exploit Author: vrsystem Vendor Homepage: http://www.thinkphp.cn/ Software Link: http://www.thinkphp.cn/down.html Version: 5.x Tested on: windows 7/10 CVE : None https://github.com/SkyBlueEternal/thinkphp-RCE-POC-Collection...

Exploits0
Packet Storm
Packet Storm
added 2025/03/06 12:0 a.m.328 views

Wazuh 4.9.1 Remote Code Execution

Wazuh version 4.9.1 proof of concept remote code execution exploit with a reverse shell. ============================================================================================================================================= | Title : Wazuh v 4.9.1 PHP Code Injection Vulnerability | | Autho...

9.9CVSS8.3AI score0.92579EPSS
Exploits10
Packet Storm
Packet Storm
added 2024/10/17 12:0 a.m.328 views

SofaWiki 3.9.2 Cross Site Scripting

Exploit Title: SofaWiki 3.9.2 - Reflected XSS Authenticated via Regex Replace Preview Date: 10/17/2024 Exploit Author: Chokri Hammedi Vendor Homepage: https://www.sofawiki.com Software Link: https://www.sofawiki.com/site/files/snapshot.zip Version: 3.9.2 Tested on: Windows XP Summary: A reflected...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/09/01 12:0 a.m.328 views

Apache Axis2 Brute Force Utility

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'metasploit/framework/loginscanner/axis2' require 'metasploit/framework/credentialcollection' class MetasploitModule 'Apache Axis2 Brute Force Utility',...

10CVSS7AI score0.89871EPSS
Exploits17
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.328 views

Apache Tomcat AJP File Read

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/proto/apachejp' class MetasploitModule 'Apache Tomcat AJP File Read', 'Description' = %q When using the Apache JServ Protocol AJP, care must be taken when...

9.8CVSS7.4AI score0.9927EPSS
Exploits45
Packet Storm
Packet Storm
added 2024/04/04 12:0 a.m.328 views

WordPress Membership For WooCommerce Shell Upload

Exploit Title: Wordpress Plugin - Membership For WooCommerce Resultz Uploader Uploaded ?PHP...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/01/26 12:0 a.m.328 views

YahooPOPs 1.6 Denial Of Service

use IO::Socket; sub intro print q ,--, / /| ,;' , // // '--; ' \ | ^ ^ ^ + YahooPOPs 1.6 - SMTP - Denial of Service DoS Coded by Fernando Mengali @ e-mail: [email protected] intro; if !$ARGV0 print "\nUsage: $0 \n"; exit0; my $host = $ARGV0; my $username = $ARGV1; my $password = $ARGV2;...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/09/08 12:0 a.m.328 views

Drupal 10.1.2 Web Cache Poisoning

Title: drupal-10.1.2 web-cache-poisoning-External-service-interaction Author: nu11secur1ty Date: 08/30/2023 Vendor: https://www.drupal.org/ Software: https://www.drupal.org/download Reference: https://portswigger.net/kb/issues/00300210external-service-interaction-http Description: It is possible ...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/25 12:0 a.m.328 views

Gusto Recipes Management 1.5.1 Insecure Settings

==================================================================================================================================== | Title : Gusto - Recipes Management v1.5.1 System Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser :...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/07/07 12:0 a.m.328 views

DaillyTools Remote Command Execution

==================================================================================================================================== | Title : DaillyTools v1 command execution Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 64.0.2 32-bit ...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/06/30 12:0 a.m.328 views

Availability Booking Calendar 1.8 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/05/26 12:0 a.m.328 views

SCM Manager 1.60 Cross Site Scripting

!/usr/bin/python3 Exploit Title: SCM Manager 1.60 - Cross-Site Scripting Stored Authenticated Google Dork: intitle:"SCM Manager" intext:1.60 Date: 05-25-2023 Exploit Author: neg0x https://github.com/n3gox/CVE-2023-33829 Vendor Homepage: https://scm-manager.org/ Software Link:...

7.1AI score0.07258EPSS
Exploits7
Packet Storm
Packet Storm
added 2023/05/22 12:0 a.m.328 views

hyiplab 2.1 Default Credentials

==================================================================================================================================== | Title : hyiplab V2.1 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 108.064-bit | |...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/05/15 12:0 a.m.328 views

Online Clinic Management System 2.2 Cross Site Scripting

Exploit Title: Online Clinic Management System 2.2 - Multiple Stored Cross-Site Scripting XSS Date: 27-06-2019 Exploit Author: Rafael Pedrero Vendor Homepage: https://bigprof.com Software Download Link : https://bigprof.com/appgini/applications/online-clinic-management-system Version : 2.2...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2022/11/21 12:0 a.m.328 views

ZTE ZXHN-H108NS Authentication Bypass

Exploit Title: Router ZTE-H108NS - Authentication Bypass Date: 19-11-2022 Exploit Author: George Tsimpidas Vendor: https://www.zte.com.cn/global/ Firmware: H108NSV1.0.7uZRDGR2A68 CVE: N/A Tested on: Debian 5.18.5 Description : When specific http methods are listed within a security constraint, th...

0.6AI score
Exploits0
Packet Storm
Packet Storm
added 2022/07/19 12:0 a.m.328 views

Spryker Commerce OS Remote Command Execution

Title ===== SCHUTZWERK-SA-2022-003: Remote Command Execution in Spryker Commerce OS Status ====== PUBLISHED Version ======= 1.0 CVE reference ============= CVE-2022-28888 Link ==== https://www.schutzwerk.com/en/43/advisories/schutzwerk-sa-2022-003/ Text-only version:...

0.3AI score0.03628EPSS
Exploits5
Packet Storm
Packet Storm
added 2022/04/19 12:0 a.m.328 views

ManageEngine ADSelfService Plus 6.1 User Enumeration

Exploit Title: ManageEngine ADSelfService Plus 6.1 - User Enumeration Exploit Author: Metin Yunus Kandemir Vendor Homepage: https://www.manageengine.com/ Software Link: https://www.manageengine.com/products/self-service-password/download.html Version: ADSelfService 6.1 Build 6121 Tested Against:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/03/11 12:0 a.m.328 views

FLEX 1080/1085 Web 1.6.0 Information Disclosure

Exploit Title: FLEX 1080/1085 Web - Information Disclosure Exploit Author: Mr Empy Vendor Homepage: https://www.tem.ind.br/ Software Link: https://www.tem.ind.br/?page=prod-detalhe&id=94 Version: 1.6.0 Tested on: Linux Title: ================ FLEX 1080/1085 Web - Information Disclosure Summary:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/02/10 12:0 a.m.328 views

WordPress VeronaLabs WP Statistics 13.1.4 SQL Injection

On February 7, 2022, Security Researcher Cyku Hong from DEVCORE reported a vulnerability to us that they discovered in WP Statistics, a WordPress plugin installed on over 600,000 sites. This vulnerability made it possible for unauthenticated attackers to execute arbitrary SQL queries by appending...

0.2AI score0.5346EPSS
Exploits3
Packet Storm
Packet Storm
added 2022/01/27 12:0 a.m.328 views

WordPress Modern Events Calendar 6.1 SQL Injection

Exploit Title: WordPress Plugin Modern Events Calendar V 6.1 - SQL Injection Unauthenticated Date 26.01.2022 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://webnus.net/modern-events-calendar/ Software Link: https://downloads.wordpress.org/plugin/modern-events-calendar-lite.6.1.0.zi...

9.8CVSS0.1AI score0.728EPSS
Exploits7
Packet Storm
Packet Storm
added 2021/12/28 12:0 a.m.328 views

Backdoor.Win32.Visiotrol.10 Insecure Password Storage

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/f9dc0a462ada737f36efafac56f22b97.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Visiotrol.10 Vulnerability: Insecure Password Storage Description: The malware listen...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/07/08 12:0 a.m.328 views

Online Covid Vaccination Scheduler System 1.0 Shell Upload

Exploit Title: Online Covid Vaccination Scheduler System 1.0 - Arbitrary File Upload to Remote Code Execution Unauthenticated Date: 2021-07-07 Exploit Author: faisalfs10x Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2021/07/05 12:0 a.m.328 views

Virus.Win32.Shodi.e Heap Corruption

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/37d4a5ba123dd32f1e2c4ba0be14e77cC.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Virus.Win32.Shodi.e Vulnerability: Heap Corruption Description: The virus listens on TCP port 7352...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/03/15 12:0 a.m.328 views

Monitoring Of Students Cyber Accounts System 1.0 Cross Site Scripting

Exploit Title: Monitoring of Students Cyber Accounts System | Stored XSS Exploit Author: Richard Jones Date: 2021-03-12 Vendor Homepage: https://www.sourcecodester.com/php/11743/monitoring-students-cyber-accounts.html Software Link:...

0.5AI score
Exploits0
Packet Storm
Packet Storm
added 2021/03/12 12:0 a.m.329 views

QCubed 3.1.1 PHP Object Injection

QCubed PHP Object Injection =========================== | Identifier: | AIT-SA-20210215-01 | | Target: | QCubed Framework | | Vendor: | QCubed | | Version: | all versions including 3.1.1 | | CVE: | CVE-2020-24914 | | Accessibility: | Remote | | Severity: | Critical | | Author: | Wolfgang Hotwagne...

7.5CVSS9.6AI score0.05554EPSS
Exploits3
Packet Storm
Packet Storm
added 2021/02/19 12:0 a.m.328 views

Backdoor.Win32.DarkKomet.bhfh Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/2e507b75c0df0fcb2f9a85f4a0c1bc04.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.DarkKomet.bhfh Vulnerability: Insecure Permissions Description: DarkKomet.bhfh create...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/02/16 12:0 a.m.328 views

Backdoor.Win32.Azbreg.aant Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/dcc1855744f2d740745f096e4f031143.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Azbreg.aant Vulnerability: Insecure Permissions Description: Azbreg.aant backdoor...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/12/08 12:0 a.m.328 views

Dup Scout Enterprise 10.0.18 Buffer Overflow

Dup Scout Enterprise 10.0.18 - 'onlineregistration' Remote Buffer Overflow Requires web service to be enabled. Tested on Windows 10 Pro x64 Based on: https://www.exploit-db.com/exploits/43145 and https://www.exploit-db.com/exploits/40457 Credits: Tulpa and SICKNESS for original exploits Modified:...

1AI score
Exploits0
Packet Storm
Packet Storm
added 2020/11/03 12:0 a.m.328 views

Processwire CMS 2.4.0 Local File Inclusion

Exploit Title: Local File Inclusion Processwire CMS 2.4.0 Vulnerability Type: Unauthenticated LFI Date: 03.11.2020 Exploit Author: Y1LD1R1M Type: WEBAPPS Platform: PHP Vendor Homepage: https://processwire.com/ Version: 2.4.0 Tested on: Kali Linux Description Local File Inclusion in Processwire CM...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/05/20 12:0 a.m.328 views

OpenEDX Ironwood 2.5 Remote Code Execution

Exploit Title: OpenEDX platform Ironwood 2.5 - Remote Code Execution Google Dork: N/A Date: 2020-05-20 Exploit Author: Daniel Monzón stark0de Vendor Homepage: https://open.edx.org/ Software Link: https://github.com/edx/edx-platform Version: Ironwood 2.5 Tested on: Debian x64 CVE : CVE-2020-13144...

0.3AI score0.10963EPSS
Exploits7
Packet Storm
Packet Storm
added 2019/09/13 12:0 a.m.328 views

phpMyAdmin 4.9.0.1 Cross Site Request Forgery

============================================= MGC ALERT 2019-003 - Original release date: June 13, 2019 - Last revised: September 13, 2019 - Discovered by: Manuel Garcia Cardenas - Severity: 4,3/10 CVSS Base Score - CVE-ID: CVE-2019-12922 ============================================= I...

0.9AI score0.10182EPSS
Exploits5
Packet Storm
Packet Storm
added 2019/09/10 12:0 a.m.328 views

WordPress Photo Gallery 1.5.34 SQL Injection

Exploit Title: WordPress Plugin Photo Gallery by 10Web Add new and in add galleries / Gallery groups. GET request going with parameter albumid is vulnerable to Time Based Blind SQL injection. Following is the POC, 1...

7.5CVSS0.5AI score0.25438EPSS
Exploits4
Packet Storm
Packet Storm
added 2019/07/12 12:0 a.m.328 views

Sitecore 9.0 Rev 171002 Cross Site Scripting

Exploit Title: Stored Cross Site Scripting XSS in Sitecore 9.0 rev 171002 Date: July 11, 2019 Exploit Author: Owais Mehtab Vendor Homepage: http://www.sitecore.net/en Version: 9.0 rev. 171002 Tested on: Sitecore Experience Platform 8.1 Update-3 i.e.; 8.1 rev. 160519 CVE : CVE-2019-13493 Vendor...

5.6AI score0.01581EPSS
Exploits5
Packet Storm
Packet Storm
added 2019/07/01 12:0 a.m.328 views

EA Origin Template Injection Remote Code Execution

Exploit Title: EA Origin 10.5.36 Template Injection Remote Code Execution Date: 04/19/2019 Exploit Author: Dominik Penner @zer0pwn Vendor Homepage: https://www.origin.com Software Link: https://www.origin.com/can/en-us/store/download Version: 10.5.36 and below Tested on: Windows 10 CVE :...

6.8CVSS0.2AI score0.23129EPSS
Exploits7
Packet Storm
Packet Storm
added 2018/11/15 12:0 a.m.328 views

Bosch Video Management System 8.0 Denial Of Service

Exploit Title: Bosch Video Management System 8.0-Configuration Client-Denial of Service Poc Discovery by: Daniel Discovery Date: 2018-11-12 Software Name: Bosch Video Management System Software Version: 8.0 Vendor Homepage: https://www.boschsecurity.com/xc/en/products/management-software/bvms/...

Exploits0
Packet Storm
Packet Storm
added 2018/10/27 12:0 a.m.328 views

Shell In A Box 2.2.0 Denial Of Service

Product: Shell In A Box aka shellinabox, shellinaboxd "Shell In A Box implements a web server that can export arbitrary command line tools to a web based terminal emulator. This emulator is accessible to any JavaScript and CSS enabled web browser and does not require any additional browser plugin...

7.6AI score0.05986EPSS
Exploits3
Packet Storm
Packet Storm
added 2017/10/27 12:0 a.m.328 views

DameWare Remote Controller 12.0.0.520 Remote Code Execution

Exploit Title: Dameware Remote Controller RCE Date: 3-04-2016 Exploit Author: Securifera Vendor Homepage: http://www.dameware.com/products/mini-remote-control/product-overview.aspx Version: 12.0.0.520 Website:...

10CVSS9.2AI score0.51215EPSS
Exploits4
Packet Storm
Packet Storm
added 2017/01/04 12:0 a.m.328 views

PHPMailer Sendmail Argument Injection

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'PHPMailer Sendmail Argument Injection', 'Description' = %q PHPMailer versions up to and including 5.2.19 are affected by a...

0.3AI score0.99714EPSS
Exploits59
Packet Storm
Packet Storm
added 2025/04/16 12:0 a.m.327 views

📄 Hugging Face Transformers MobileViTV2 4.41.1 Remote Code Execution

Hugging Face Transformers MobileViTV2 version 4.41.1 suffers from a remote code execution vulnerability. Exploit Title: Hugging Face Transformers MobileViTV2 RCE Date: 29-11-2024 Exploit Author: The Kernel Panic Vendor Homepage: https://huggingface.co/ Software Link:...

8.8CVSS8.1AI score0.06898EPSS
Exploits4
Total number of security vulnerabilities5000