Lucene search
K
PacketstormMost viewed

50748 matches found

Packet Storm
Packet Storm
added 2025/04/16 12:0 a.m.327 views

📄 Hugging Face Transformers MobileViTV2 4.41.1 Remote Code Execution

Hugging Face Transformers MobileViTV2 version 4.41.1 suffers from a remote code execution vulnerability. Exploit Title: Hugging Face Transformers MobileViTV2 RCE Date: 29-11-2024 Exploit Author: The Kernel Panic Vendor Homepage: https://huggingface.co/ Software Link:...

8.8CVSS8.1AI score0.06898EPSS
Exploits4
Packet Storm
Packet Storm
added 2025/04/03 12:0 a.m.327 views

📄 Vite 6.2.2 Arbitrary File Read

Vite versions 6.2.2 and below suffer from an arbitrary file read vulnerability. Exploit Title: Vite Arbitrary File Read - CVE-2025-30208 Date: 2025-04-03 Exploit Author: Sheikh Mohammad Hasan https://github.com/4mrr0r Vendor Homepage: https://vitejs.dev/ Software Link:...

5.3CVSS5.4AI score0.74998EPSS
Exploits28
Packet Storm
Packet Storm
added 2025/02/05 12:0 a.m.327 views

PHPJabbers Cinema Booking System 2.0 SQL Injection

PHPJabbers Cinema Booking System version 2.0 suffers from a remote SQL injection vulnerability. CVE-2024-57430 An SQL injection vulnerability in the pjActionGetUser function of PHPJabbers Cinema Booking System v2.0 allows attackers to manipulate database queries via the column parameter. Exploiti...

6.1CVSS8.1AI score0.00846EPSS
Exploits6
Packet Storm
Packet Storm
added 2025/01/28 12:0 a.m.327 views

ATutor 2.2.4 Cross Site Scripting

ATutor version 2.2.4 suffers from a cross site scripting vulnerability. Exploit Title: Reflected XSS - atutorv2.2.4 Date: 01/2025 Exploit Author: Andrey Stoykov Version: 2.2.4 Tested on: Ubuntu 22.04 Blog: https://msecureltd.blogspot.com/2025/01/friday-fun-pentest-series-17-reflected.html...

6.6AI score
Exploits0
Packet Storm
Packet Storm
added 2024/09/20 12:0 a.m.327 views

Taskhub 3.0.3 Insecure Settings

============================================================================================================================================= | Title : Taskhub v3.0.3 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bit...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/09/13 12:0 a.m.327 views

Emergency Ambulance Hiring Portal 1.0 Insecure Settings

==================================================================================================================================== | Title : Emergency Ambulance Hiring Portal 1.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/07 12:0 a.m.327 views

Bhojan Restaurant Management System 2.8 Insecure Direct Object Reference

==================================================================================================================================== | Title : Bhojon restaurant management system v2.8 IDOR Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/03/04 12:0 a.m.327 views

GL.iNet AR300M 3.216 Remote Code Execution

!/usr/bin/env python3 Exploit Title: GL.iNet = 3.216 Remote Code Execution via OpenVPN Client Google Dork: intitle:"GL.iNet Admin Panel" Date: XX/11/2023 Exploit Author: Michele 'cyberaz0r' Di Bonaventura Vendor Homepage: https://www.gli-net.com Software Link:...

9.8CVSS7.4AI score0.24725EPSS
Exploits4
Packet Storm
Packet Storm
added 2024/02/22 12:0 a.m.327 views

CMS Made Simple 2.2.19 Cross Site Scripting

Exploit Title: CMS Made Simple Version: 2.2.19 - Stored XSS Date: 2024-21-02 Exploit Author: tmrswrr Vendor Homepage: https://www.cmsmadesimple.org/ Version: 2.2.19 Tested on: https://www.softaculous.com/demos/CMSMadeSimple 1 log in as admin and go to Content File Manager 2 Write in New directory...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/12/11 12:0 a.m.327 views

WordPress TextMe SMS 1.9.0 Cross Site Request Forgery

Exploit Title: WP Plugins TextMe SMS history.pushState'', '', '/'; document.forms0.submit; Recommendation Upgrade to version 1.9.1...

7.2AI score0.00457EPSS
Exploits2
Packet Storm
Packet Storm
added 2023/09/18 12:0 a.m.327 views

Ivanti Avalanche MDM Buffer Overflow

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ivanti Avalanche MDM Buffer Overflow', 'Description' = %q This module exploits a buffer overflow condition in Ivanti Avalanche MDM versions befor...

9.8CVSS7.1AI score0.98919EPSS
Exploits7
Packet Storm
Packet Storm
added 2023/07/12 12:0 a.m.327 views

Atom CMS 2.0 Directory Traversal

==================================================================================================================================== | Title : AtomCMS 2.0 Directory traversal Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit |...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/07/07 12:0 a.m.327 views

Apache RocketMQ 5.1.0 Arbitrary Code Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache RocketMQ update config RCE', 'Description' = %q RocketMQ versions 5.1.0 and below are vulnerable to Arbitrary Code Injection. Broker...

9.8CVSS7.1AI score0.96604EPSS
Exploits11
Packet Storm
Packet Storm
added 2023/06/30 12:0 a.m.327 views

ApepBlack Premium Checker CMS 3.0.5 Cross Site Scripting

==================================================================================================================================== | Title : ApepBlack Premium Checker cms 3.0.5 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/06/23 12:0 a.m.327 views

Active Newspaper 2.0 HTML Injection

==================================================================================================================================== | Title : Active Newspaper v2.0 HTML inject Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 64.0.2 32-bit...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/06/07 12:0 a.m.327 views

Magento eCommerce 2.4.0 Information Disclosure

==================================================================================================================================== | Title : Magento eCommerce v 2.4.0 sensitive information disclosure Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser :...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/03/07 12:0 a.m.327 views

Arris DG3450 AR01.02.056.18_041520_711.NCS.10 XSS / Missing Authentication

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Vulnerabilities product: Arris DG3450 Cable Gateway vulnerable version: AR01.02.056.18041520711.NCS.10 fixed version: - CVE number: CVE-2023-27571, CVE-2023-2757...

0.9AI score0.009EPSS
Exploits4
Packet Storm
Packet Storm
added 2023/01/20 12:0 a.m.327 views

Solaris 10 dtprintinfo / libXm / libXpm Security Issues

-- HNS-2022-01 - HN Security Advisory - https://security.humanativaspa.it/ Title: Multiple vulnerabilities in Solaris dtprintinfo and libXm/libXpm Products: Common Desktop Environment 1.6, Motif 2.1, X.Org libXpm Date: 2023-01-18 Oracle vulnerability tracking numbers: S1597707 - Arbitrary printer...

7.5CVSS0.3AI score0.08052EPSS
Exploits2
Packet Storm
Packet Storm
added 2022/10/24 12:0 a.m.327 views

Pega Platform 8.7.3 Remote Code Execution

Exploit Title: Pega Platform 8.1.0 and higher Remote Code Execution Google Dork: N/A Date: 20 Oct 2022 Exploit Author: Marcin Wolak using MOGWAI LABS JMX Exploitation Toolkit Vendor Homepage: www.pega.com Software Link: Not Available Version: 8.1.0 on-premise and higher, up to 8.7.3 Tested on: Re...

9.8CVSS9.7AI score0.09477EPSS
Exploits5
Packet Storm
Packet Storm
added 2022/09/19 12:0 a.m.327 views

OpenCart 3.x Newsletter Custom Popup 4.0 SQL Injection

Exploit Title: OpenCart v3.x So Newsletter Custom Popup Module - Blind SQL Injection Date: 18/09/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.opencart.com/ Software Link:...

Exploits0
Packet Storm
Packet Storm
added 2022/07/04 12:0 a.m.327 views

Stock Management System 2020 SQL Injection

Title: Stock-Management-System-2020 SQLi Author: nu11secur1ty Date: 07.02.2022 Vendor: https://github.com/Dav-ee Software: https://github.com/Dav-ee/Stock-Management-System Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/Kiprono-Davies/2022/Stock-Management-System-20...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2022/04/12 12:0 a.m.327 views

Easy!Appointments Information Disclosure

!/usr/bin/env ruby Exploit Title: Easy!Appointments 1.4.3 - Unauthenticated PII events disclosure Exploit author: noraj Alexandre ZANNI for ACCEIS https://www.acceis.fr Author website: https://pwn.by/noraj/ Exploit source: https://github.com/Acceis/exploit-CVE-2022-0482 Date: 2022-04-11 Vendor...

9.1CVSS9.3AI score0.38133EPSS
Exploits7
Packet Storm
Packet Storm
added 2022/04/07 12:0 a.m.327 views

ICEHRM 31.0.0.0S Cross Site Request Forgery

Exploit Title: ICEHRM 31.0.0.0S - Cross-site Request Forgery CSRF to Account Deletion Date: 29/03/2022 Exploit Author: Devansh Bordia Vendor Homepage: https://icehrm.com/ Software Link: https://github.com/gamonoid/icehrm/releases/tag/v31.0.0.OS Version: 31.0.0.OS Tested on: Windows 10 CVE:...

0.6AI score0.0057EPSS
Exploits4
Packet Storm
Packet Storm
added 2022/03/09 12:0 a.m.327 views

Printix Client 1.3.1106.0 Privilege Escalation

Exploit Title: Printix Client 1.3.1106.0 - Privilege Escalation Date: 3/2/2022 Exploit Author: Logan Latvala Vendor Homepage: https://printix.net Software Link: https://software.printix.net/client/win/1.3.1106.0/PrintixClientWindows.zip Version: = 1.3.1106.0 Tested on: Windows 7, Windows 8, Windo...

0.8AI score0.11011EPSS
Exploits4
Packet Storm
Packet Storm
added 2022/02/08 12:0 a.m.327 views

Wing FTP Server 4.3.8 Remote Code Execution

Exploit Title: Wing FTP Server 4.3.8 - Remote Code Execution RCE Authenticated Date: 02/06/2022 Exploit Author: notcos Credit: Credit goes to the initial discoverer of this exploit, Alex Haynes. Vendor Homepage: https://www.wftpserver.com/ Software Link:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/12/15 12:0 a.m.327 views

Oliver Library Server 5 Arbitrary File Download

Exploit Title: Oliver Library Server v5 - Arbitrary File Download Date: 14/12/2021 Exploit Authors: Mandeep Singh, Ishaan Vij, Luke Blues, CTRL Group Vendor Homepage: https://www.softlinkint.com/product/oliver/ Product: Oliver Server v5 Version: /oliver/FileServlet?source=serverFile&fileName= 2...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/11/02 12:0 a.m.327 views

WordPress Pie Register 3.7.1.4 Authentication Bypass / Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/zip' class MetasploitModule 'WordPress Plugin Pie Register Auth Bypass to RCE', 'Description' = %q This module uses an authentication bypass vulnerability i...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/11/01 12:0 a.m.327 views

Trojan.Win32.Delf.bna Information Disclosure

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/6bf08611410e3ef7df67d781a2e8efed.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan.Win32.Delf.bna Vulnerability: Information Disclosure Description: The malware listens on TCP...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/10/18 12:0 a.m.327 views

Company's Recruitment Management System 1.0 Cross Site Request Forgery

Exploit Title: Company's Recruitment Management System 1.0 - 'Add New user' Cross-Site Request Forgery CSRF Date: 18-10-2021 Exploit Author: Aniket Anil Deshmane Vendor Homepage: https://www.sourcecodester.com/php/14959/companys-recruitment-management-system-php-and-sqlite-free-source-code.html...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2021/05/10 12:0 a.m.327 views

OpenNetAdmin 18.1.1 Remote Command Execution

!/usr/bin/env ruby Exploit Title: OpenNetAdmin 8.5.14 --debug FILE version --debug FILE -h | --help exploit: Exploit the RCE vuln version: Try to fetch OpenNetAdmin version Options: Root URL base path including HTTP scheme, port and root folder Command to execute on the target --debug Display...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2021/04/24 12:0 a.m.327 views

Worm.Win32.Busan.k Insecure Transit

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/bcad7aa6cb6cb9d94377cd88acbca1c9.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Worm.Win32.Busan.k Vulnerability: Insecure Communication Protocol Description: Busan.k launches a...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/02/26 12:0 a.m.327 views

Backdoor.Win32.Azbreg.amw Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/5eb58198721d4ded363e41e243e685cc.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Azbreg.amw Vulnerability: Insecure Permissions Description: The backdoor creates an...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/01/15 12:0 a.m.327 views

Backdoor.Win32.Ncx.bt Remote Stack Buffer Overflow

Discovery / credits: malvuln - Malvuln.com c 2021 Original source: https://malvuln.com/advisory/ad5c01b3e6d0254adfe0898c6d16f927.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Ncx.bt Vulnerability: Remote Stack Buffer Overflow Description: The malware listens o...

0.8AI score
Exploits0
Packet Storm
Packet Storm
added 2020/04/03 12:0 a.m.327 views

DotNetNuke Cookie Deserialization Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/exploit/powershell' require 'openssl' require 'set' class MetasploitModule activetimeout payload handler is normally set up and started here but has be...

6.5CVSS0.5AI score0.94789EPSS
Exploits10
Packet Storm
Packet Storm
added 2018/11/15 12:0 a.m.327 views

BiP Messenger Denial Of Service

BiP Messenger - Remote Denial of Service Crash PoC My + Discovered by: KnocKout Contact : [email protected] HomePage : http://cyber-warrior.org Software info |Application : BiP Messenger |Affected Version : Latest version as of 15.11.2018 |Developer web page: http://www.turkcell.com.tr,...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2005/11/05 12:0 a.m.327 views

spymacXSS.txt

Spymac Web OS v4 blogs and notes multiple variable XSS Vendor url: http://www.spymac.com & http://arnieshwartz.spymac.com/thespymacwebos.htm Advisore: http://lostmon.blogspot.com/2005/11/ spymac-web-os-v4-blogs-and-notes.html Vendor notify :yes exploit available: yes Spymac is powered by an...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/09/26 12:0 a.m.326 views

PHP SPM 1.0 WYSIWYG Code Injection

============================================================================================================================================= | Title : php spm 1.0 WYSIWYG code injection vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.0 64...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/09/01 12:0 a.m.326 views

VICIdial Multiple Authenticated SQL Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VICIdial Multiple Authenticated SQLi', 'Description' = %q This module exploits several authenticated SQL Inject vulnerabilities in VICIdial...

9CVSS7AI score0.03431EPSS
Exploits1
Packet Storm
Packet Storm
added 2024/01/17 12:0 a.m.326 views

Easy File Sharing FTP 3.6 Denial Of Service

!/usr/bin/perl use Net::FTP; Exploit Title: Easy File Sharing FTP Server 3.6 - Denial of Service DoS Discovery by: Fernando Mengali Discovery Date: 17 january 2024 Vendor Homepage: N/A Download to demo: Notification vendor: No reported Tested Version: Easy File Sharing FTP Server 3.6 Tested on:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/12/04 12:0 a.m.326 views

R Radio Network FM Transmitter 1.07 system.cgi Password Disclosure

R Radio Network FM Transmitter 1.07 system.cgi Password Disclosure Vendor: R Radio Network Product web page: http://www.pktc.ac.th Affected version: 1.07 Summary: R Radio FM Transmitter that includes FM Exciter and FM Amplifier parameter setup. Desc: The transmitter suffers from an improper acces...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/11/13 12:0 a.m.326 views

Maxima Max Pro Power 1.0 486A BLE Traffic Replay

Exploit Title: Maxima Max Pro Power - BLE Traffic Replay Unauthenticated Date: 13-Nov-2023 Exploit Author: Alok kumar [email protected], Cyberpwn Technologies Pvt. Ltd. Vendor Homepage: https://www.maximawatches.com Product Link: https://www.maximawatches.com/products/max-pro-power Firmware...

7.4AI score0.00511EPSS
Exploits4
Packet Storm
Packet Storm
added 2023/09/06 12:0 a.m.326 views

Infinity Market Classified Ads Script 1.6.2 Cross Site Scripting

==================================================================================================================================== | Title : Infinity Market Classified Ads Script 1.6.2 xss via file uploads Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro | | Vendor...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/29 12:0 a.m.326 views

iBilling CRM 4.5.0 Add Administrator / Insecure Direct Object Reference

==================================================================================================================================== | Title : iBilling CRM v4.5.0 Add Admin vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit | |...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/16 12:0 a.m.326 views

ExcessWeb And Network CMS 4.0 Database Disclosure

==================================================================================================================================== | Title : ExcessWeb & Network CMS v4.0 Database Disclosure Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefo...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/15 12:0 a.m.326 views

EI Tube YouTube API 3 SQL Injection

==================================================================================================================================== | Title : EI Tube YouTube API V3 site builder Sql Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firef...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/06/06 12:0 a.m.326 views

Expert Job Portal Management System 1.0 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/04/19 12:0 a.m.326 views

VMware Workspace ONE Access Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VMware Workspace ONE Access CVE-2022-22960', 'Description' = %q This module exploits CVE-2022-22960 which allows the user to overwrite the...

7.8CVSS8.7AI score0.37171EPSS
Exploits8
Packet Storm
Packet Storm
added 2023/04/12 12:0 a.m.326 views

WordPress Limit Login Attempts 1.7.1 Cross Site Scripting

On January 26, 2023, the Wordfence team responsibly disclosed an unauthenticated stored Cross-Site Scripting vulnerability in Limit Login Attempts, a WordPress plugin installed on over 600,000 sites that provides site owners with the ability to block IP addresses that have made repeated failed...

6.7AI score0.00789EPSS
Exploits3
Packet Storm
Packet Storm
added 2023/03/30 12:0 a.m.326 views

Human Resource Management System 1.0 SQL Injection

Exploit Title: Human Resource Management System - SQL Injection unauthenticated Date: 08-11-2022 Exploit Author: Matthijs van der Vaart eMVee Vendor Homepage: https://www.sourcecodester.com/php/15740/human-resource-management-system-project-php-and-mysql-free-source-code.html Software Link:...

6.8AI score
Exploits0
Packet Storm
Packet Storm
added 2023/01/25 12:0 a.m.326 views

Inout Music 5.1.1 SQL Injection

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

7.4AI score
Exploits0
Total number of security vulnerabilities5000