Lucene search
K
PacketstormMost viewed

50738 matches found

Packet Storm
Packet Storm
added 2022/03/09 12:0 a.m.327 views

Printix Client 1.3.1106.0 Privilege Escalation

Exploit Title: Printix Client 1.3.1106.0 - Privilege Escalation Date: 3/2/2022 Exploit Author: Logan Latvala Vendor Homepage: https://printix.net Software Link: https://software.printix.net/client/win/1.3.1106.0/PrintixClientWindows.zip Version: = 1.3.1106.0 Tested on: Windows 7, Windows 8, Windo...

0.8AI score0.11011EPSS
Exploits4
Packet Storm
Packet Storm
added 2021/12/28 12:0 a.m.327 views

Backdoor.Win32.Visiotrol.10 Insecure Password Storage

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/f9dc0a462ada737f36efafac56f22b97.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Visiotrol.10 Vulnerability: Insecure Password Storage Description: The malware listen...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/05/10 12:0 a.m.327 views

OpenNetAdmin 18.1.1 Remote Command Execution

!/usr/bin/env ruby Exploit Title: OpenNetAdmin 8.5.14 --debug FILE version --debug FILE -h | --help exploit: Exploit the RCE vuln version: Try to fetch OpenNetAdmin version Options: Root URL base path including HTTP scheme, port and root folder Command to execute on the target --debug Display...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2021/04/24 12:0 a.m.327 views

Worm.Win32.Busan.k Insecure Transit

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/bcad7aa6cb6cb9d94377cd88acbca1c9.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Worm.Win32.Busan.k Vulnerability: Insecure Communication Protocol Description: Busan.k launches a...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/03/15 12:0 a.m.327 views

Monitoring Of Students Cyber Accounts System 1.0 Cross Site Scripting

Exploit Title: Monitoring of Students Cyber Accounts System | Stored XSS Exploit Author: Richard Jones Date: 2021-03-12 Vendor Homepage: https://www.sourcecodester.com/php/11743/monitoring-students-cyber-accounts.html Software Link:...

0.5AI score
Exploits0
Packet Storm
Packet Storm
added 2021/02/19 12:0 a.m.327 views

Backdoor.Win32.DarkKomet.bhfh Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/2e507b75c0df0fcb2f9a85f4a0c1bc04.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.DarkKomet.bhfh Vulnerability: Insecure Permissions Description: DarkKomet.bhfh create...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/02/16 12:0 a.m.327 views

Backdoor.Win32.Azbreg.aant Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/dcc1855744f2d740745f096e4f031143.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Azbreg.aant Vulnerability: Insecure Permissions Description: Azbreg.aant backdoor...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/01/15 12:0 a.m.327 views

Backdoor.Win32.Ncx.bt Remote Stack Buffer Overflow

Discovery / credits: malvuln - Malvuln.com c 2021 Original source: https://malvuln.com/advisory/ad5c01b3e6d0254adfe0898c6d16f927.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Ncx.bt Vulnerability: Remote Stack Buffer Overflow Description: The malware listens o...

0.8AI score
Exploits0
Packet Storm
Packet Storm
added 2020/12/08 12:0 a.m.327 views

Dup Scout Enterprise 10.0.18 Buffer Overflow

Dup Scout Enterprise 10.0.18 - 'onlineregistration' Remote Buffer Overflow Requires web service to be enabled. Tested on Windows 10 Pro x64 Based on: https://www.exploit-db.com/exploits/43145 and https://www.exploit-db.com/exploits/40457 Credits: Tulpa and SICKNESS for original exploits Modified:...

1AI score
Exploits0
Packet Storm
Packet Storm
added 2018/11/15 12:0 a.m.327 views

Bosch Video Management System 8.0 Denial Of Service

Exploit Title: Bosch Video Management System 8.0-Configuration Client-Denial of Service Poc Discovery by: Daniel Discovery Date: 2018-11-12 Software Name: Bosch Video Management System Software Version: 8.0 Vendor Homepage: https://www.boschsecurity.com/xc/en/products/management-software/bvms/...

Exploits0
Packet Storm
Packet Storm
added 2017/01/04 12:0 a.m.327 views

PHPMailer Sendmail Argument Injection

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'PHPMailer Sendmail Argument Injection', 'Description' = %q PHPMailer versions up to and including 5.2.19 are affected by a...

0.3AI score0.99714EPSS
Exploits59
Packet Storm
Packet Storm
added 2005/11/05 12:0 a.m.327 views

spymacXSS.txt

Spymac Web OS v4 blogs and notes multiple variable XSS Vendor url: http://www.spymac.com & http://arnieshwartz.spymac.com/thespymacwebos.htm Advisore: http://lostmon.blogspot.com/2005/11/ spymac-web-os-v4-blogs-and-notes.html Vendor notify :yes exploit available: yes Spymac is powered by an...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2025/04/16 12:0 a.m.326 views

📄 Hugging Face Transformers MobileViTV2 4.41.1 Remote Code Execution

Hugging Face Transformers MobileViTV2 version 4.41.1 suffers from a remote code execution vulnerability. Exploit Title: Hugging Face Transformers MobileViTV2 RCE Date: 29-11-2024 Exploit Author: The Kernel Panic Vendor Homepage: https://huggingface.co/ Software Link:...

8.8CVSS8.1AI score0.06898EPSS
Exploits4
Packet Storm
Packet Storm
added 2025/04/03 12:0 a.m.326 views

📄 Vite 6.2.2 Arbitrary File Read

Vite versions 6.2.2 and below suffer from an arbitrary file read vulnerability. Exploit Title: Vite Arbitrary File Read - CVE-2025-30208 Date: 2025-04-03 Exploit Author: Sheikh Mohammad Hasan https://github.com/4mrr0r Vendor Homepage: https://vitejs.dev/ Software Link:...

5.3CVSS5.4AI score0.76736EPSS
Exploits28
Packet Storm
Packet Storm
added 2024/09/26 12:0 a.m.326 views

PHP SPM 1.0 WYSIWYG Code Injection

============================================================================================================================================= | Title : php spm 1.0 WYSIWYG code injection vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.0 64...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/09/13 12:0 a.m.326 views

Emergency Ambulance Hiring Portal 1.0 Insecure Settings

==================================================================================================================================== | Title : Emergency Ambulance Hiring Portal 1.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/09/01 12:0 a.m.326 views

Apache Axis2 Brute Force Utility

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'metasploit/framework/loginscanner/axis2' require 'metasploit/framework/credentialcollection' class MetasploitModule 'Apache Axis2 Brute Force Utility',...

10CVSS7AI score0.89871EPSS
Exploits17
Packet Storm
Packet Storm
added 2024/09/01 12:0 a.m.326 views

VICIdial Multiple Authenticated SQL Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VICIdial Multiple Authenticated SQLi', 'Description' = %q This module exploits several authenticated SQL Inject vulnerabilities in VICIdial...

9CVSS7AI score0.03431EPSS
Exploits1
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.326 views

Apache Tomcat AJP File Read

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/proto/apachejp' class MetasploitModule 'Apache Tomcat AJP File Read', 'Description' = %q When using the Apache JServ Protocol AJP, care must be taken when...

9.8CVSS7.4AI score0.9927EPSS
Exploits45
Packet Storm
Packet Storm
added 2024/08/07 12:0 a.m.326 views

Bhojan Restaurant Management System 2.8 Insecure Direct Object Reference

==================================================================================================================================== | Title : Bhojon restaurant management system v2.8 IDOR Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/09/06 12:0 a.m.326 views

Infinity Market Classified Ads Script 1.6.2 Cross Site Scripting

==================================================================================================================================== | Title : Infinity Market Classified Ads Script 1.6.2 xss via file uploads Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro | | Vendor...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/29 12:0 a.m.326 views

iBilling CRM 4.5.0 Add Administrator / Insecure Direct Object Reference

==================================================================================================================================== | Title : iBilling CRM v4.5.0 Add Admin vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit | |...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/16 12:0 a.m.326 views

ExcessWeb And Network CMS 4.0 Database Disclosure

==================================================================================================================================== | Title : ExcessWeb & Network CMS v4.0 Database Disclosure Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefo...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/15 12:0 a.m.326 views

EI Tube YouTube API 3 SQL Injection

==================================================================================================================================== | Title : EI Tube YouTube API V3 site builder Sql Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firef...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/07/07 12:0 a.m.326 views

Apache RocketMQ 5.1.0 Arbitrary Code Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache RocketMQ update config RCE', 'Description' = %q RocketMQ versions 5.1.0 and below are vulnerable to Arbitrary Code Injection. Broker...

9.8CVSS7.1AI score0.96604EPSS
Exploits11
Packet Storm
Packet Storm
added 2023/06/30 12:0 a.m.326 views

Availability Booking Calendar 1.8 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/06/30 12:0 a.m.326 views

ApepBlack Premium Checker CMS 3.0.5 Cross Site Scripting

==================================================================================================================================== | Title : ApepBlack Premium Checker cms 3.0.5 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/06/23 12:0 a.m.326 views

Active Newspaper 2.0 HTML Injection

==================================================================================================================================== | Title : Active Newspaper v2.0 HTML inject Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 64.0.2 32-bit...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/04/19 12:0 a.m.326 views

VMware Workspace ONE Access Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VMware Workspace ONE Access CVE-2022-22960', 'Description' = %q This module exploits CVE-2022-22960 which allows the user to overwrite the...

7.8CVSS8.7AI score0.37171EPSS
Exploits8
Packet Storm
Packet Storm
added 2023/04/12 12:0 a.m.326 views

WordPress Limit Login Attempts 1.7.1 Cross Site Scripting

On January 26, 2023, the Wordfence team responsibly disclosed an unauthenticated stored Cross-Site Scripting vulnerability in Limit Login Attempts, a WordPress plugin installed on over 600,000 sites that provides site owners with the ability to block IP addresses that have made repeated failed...

6.7AI score0.00789EPSS
Exploits3
Packet Storm
Packet Storm
added 2023/03/30 12:0 a.m.326 views

Human Resource Management System 1.0 SQL Injection

Exploit Title: Human Resource Management System - SQL Injection unauthenticated Date: 08-11-2022 Exploit Author: Matthijs van der Vaart eMVee Vendor Homepage: https://www.sourcecodester.com/php/15740/human-resource-management-system-project-php-and-mysql-free-source-code.html Software Link:...

6.8AI score
Exploits0
Packet Storm
Packet Storm
added 2023/01/20 12:0 a.m.326 views

Solaris 10 dtprintinfo / libXm / libXpm Security Issues

-- HNS-2022-01 - HN Security Advisory - https://security.humanativaspa.it/ Title: Multiple vulnerabilities in Solaris dtprintinfo and libXm/libXpm Products: Common Desktop Environment 1.6, Motif 2.1, X.Org libXpm Date: 2023-01-18 Oracle vulnerability tracking numbers: S1597707 - Arbitrary printer...

7.5CVSS0.3AI score0.08052EPSS
Exploits2
Packet Storm
Packet Storm
added 2022/07/04 12:0 a.m.326 views

Stock Management System 2020 SQL Injection

Title: Stock-Management-System-2020 SQLi Author: nu11secur1ty Date: 07.02.2022 Vendor: https://github.com/Dav-ee Software: https://github.com/Dav-ee/Stock-Management-System Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/Kiprono-Davies/2022/Stock-Management-System-20...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2022/02/08 12:0 a.m.326 views

Wing FTP Server 4.3.8 Remote Code Execution

Exploit Title: Wing FTP Server 4.3.8 - Remote Code Execution RCE Authenticated Date: 02/06/2022 Exploit Author: notcos Credit: Credit goes to the initial discoverer of this exploit, Alex Haynes. Vendor Homepage: https://www.wftpserver.com/ Software Link:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/02/04 12:0 a.m.326 views

WAGO 750-8xxx PLC Denial Of Service / User Enumeration

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Denial of service & User Enumeration product: WAGO 750-8xxx PLC vulnerable version: Firmware 20 Patch 1 v03.08.08 fixed version: Firmware 20 Patch 1 v03.08.08 CVE number:...

7.5CVSS7.6AI score0.02649EPSS
Exploits4
Packet Storm
Packet Storm
added 2022/01/27 12:0 a.m.326 views

WordPress Modern Events Calendar 6.1 SQL Injection

Exploit Title: WordPress Plugin Modern Events Calendar V 6.1 - SQL Injection Unauthenticated Date 26.01.2022 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://webnus.net/modern-events-calendar/ Software Link: https://downloads.wordpress.org/plugin/modern-events-calendar-lite.6.1.0.zi...

9.8CVSS0.1AI score0.73413EPSS
Exploits7
Packet Storm
Packet Storm
added 2021/12/15 12:0 a.m.326 views

Oliver Library Server 5 Arbitrary File Download

Exploit Title: Oliver Library Server v5 - Arbitrary File Download Date: 14/12/2021 Exploit Authors: Mandeep Singh, Ishaan Vij, Luke Blues, CTRL Group Vendor Homepage: https://www.softlinkint.com/product/oliver/ Product: Oliver Server v5 Version: /oliver/FileServlet?source=serverFile&fileName= 2...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/11/01 12:0 a.m.326 views

Trojan.Win32.Delf.bna Information Disclosure

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/6bf08611410e3ef7df67d781a2e8efed.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan.Win32.Delf.bna Vulnerability: Information Disclosure Description: The malware listens on TCP...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/10/14 12:0 a.m.326 views

Yellowfin Cross Site Scripting / Insecure Direct Object Reference

YELLOWFIN 9.6.1 MULTIPLE VULNERABILITIES ---------------------------------------------------- Vulnerability: ============== Stored Cross-Site Scripting Affected Products and Versions: =============================== Yellowfin 9.6.1 CVEID: ====== CVE-2021-36387 CVSSv3.1 Score: =============== 5.4...

6.4AI score0.03053EPSS
Exploits2
Packet Storm
Packet Storm
added 2021/09/24 12:0 a.m.326 views

OpenVPN Monitor 1.1.3 Command Injection

COMPASS SECURITY ADVISORY https://www.compass-security.com/research/advisories/ Product: openvpn-monitor Vendor: https://github.com/furlongm/openvpn-monitor CSNC ID: CSNC-2021-010 CVE ID: CVE-2021-31605 Subject: OpenVPN Management Socket Command Injection Severity: High Effect: Denial of Service...

7.5AI score0.03314EPSS
Exploits6
Packet Storm
Packet Storm
added 2021/06/15 12:0 a.m.327 views

SAP Netweaver JAVA 7.50 Missing Authorization

Onapsis Security Advisory 2021-0013: CVE-2020-26829 - Missing Authentication Check In SAP NetWeaver AS JAVA P2P Cluster communication Impact on Business A malicious unauthenticated user could abuse the lack of authentication check on SAP Java P2P cluster communication, in order to connect to the...

9CVSS0.4AI score0.04708EPSS
Exploits1
Packet Storm
Packet Storm
added 2021/06/11 12:0 a.m.326 views

NetSetManPro 4.7.2 Privilege Escalation

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Affected Products NetSetManPro 4.7.2 other/older releases have not been tested References https://www.secuvera.de/advisories/secuvera-SA-2021-01.txt used for updates CVE-2021-34546 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34546 Summar...

0.6AI score0.00693EPSS
Exploits3
Packet Storm
Packet Storm
added 2021/03/19 12:0 a.m.326 views

SOYAL Biometric Access Control System 5.0 Cross Site Request Forgery

SOYAL Biometric Access Control System 5.0 CSRF Change Admin Password Vendor: SOYAL Technology Co., Ltd Product web page: https://www.soyal.com.tw | https://www.soyal.com Affected version: AR-727 i/CM - F/W: 5.0 AR837E/EF - F/W: 4.3 AR725Ev2 - F/W: 4.3 191231 AR331/725E - F/W: 4.2 AR837E/EF - F/W:...

Exploits0
Packet Storm
Packet Storm
added 2021/03/15 12:0 a.m.326 views

Trojan-Dropper.Win32.Delf.xk Denial Of Service

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/869c813722be90cf1b3708051103ce14.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan-Dropper.Win32.Delf.xk Vulnerability: Remote Invalid Pointer Write DOS Description:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/02/26 12:0 a.m.326 views

Backdoor.Win32.Azbreg.amw Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/5eb58198721d4ded363e41e243e685cc.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Azbreg.amw Vulnerability: Insecure Permissions Description: The backdoor creates an...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/01/04 12:0 a.m.326 views

BACKDOOR.WIN32.REMOTEMANIPULATOR Insecure Permissions

Discovery / credits: malvuln - Malvuln.com c 2021 Original source: http://malvuln.com/advisory/82183b3d85311a39fb80ae07357594e5.txt Contact: [email protected] Media: twitter.com/malvuln Threat: BACKDOOR.WIN32.REMOTEMANIPULATOR Vulnerability: Insecure Permissions Description: Creates a dir...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/04/03 12:0 a.m.326 views

DotNetNuke Cookie Deserialization Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/exploit/powershell' require 'openssl' require 'set' class MetasploitModule activetimeout payload handler is normally set up and started here but has be...

6.5CVSS0.5AI score0.94789EPSS
Exploits10
Packet Storm
Packet Storm
added 2019/11/30 12:0 a.m.326 views

Xinet Elegant 6 Asset Library Web Interface 6.1.655 SQL Injection

Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/NAPC-XINET-ELEGANT-6-ASSET-LIBRARY-WEB-INTERFACE-PRE-AUTH-SQL-INJECTION.txt + ISR: ApparitionSec Vendor www.napc.com Product Xinet Elegant 6 Asset Library Web Interface v6.1.655 Web based...

0.4AI score0.07941EPSS
Exploits3
Packet Storm
Packet Storm
added 2019/02/20 12:0 a.m.326 views

Nuuo Central Management Server 2.4 Authenticated Arbitrary File Upload

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Nuuo Central Management Server Authenticated Arbitrary File Upload", 'Description' = %q The COMMITCONFIG verb is used by a CMS client to upload a...

7.5CVSS0.1AI score0.15312EPSS
Exploits3
Packet Storm
Packet Storm
added 2018/11/15 12:0 a.m.326 views

BiP Messenger Denial Of Service

BiP Messenger - Remote Denial of Service Crash PoC My + Discovered by: KnocKout Contact : [email protected] HomePage : http://cyber-warrior.org Software info |Application : BiP Messenger |Affected Version : Latest version as of 15.11.2018 |Developer web page: http://www.turkcell.com.tr,...

0.2AI score
Exploits0
Total number of security vulnerabilities5000