Lucene search
K
PacketstormMost viewed

50738 matches found

Packet Storm
Packet Storm
added 2022/08/09 12:0 a.m.322 views

Backdoor.Win32.Guptachar.20 MVID-2022-0631 Insecure Credential Storage

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/857999d2306f257b80d1b8f6a51ae8b0.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Guptachar.20 Vulnerability: Insecure Credential Storage Description: The...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/02/04 12:0 a.m.322 views

WBCE CMS 1.5.2 Remote Code Execution

Exploit Title: WBCE CMS 1.5.2 - Remote Code Execution RCE Authenticated Date: 02/01/2022 Exploit Author: Antonio Cuomo arkantolo Vendor Homepage: https://wbce.org/ Software Link: https://wbce.org/de/downloads/ Version: 1.5.2 Tested on: Linux - PHP Version: 8.0.14 Github repo:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/10/18 12:0 a.m.322 views

Worm.Win32.Runfer.bpo Unquoted Service Path

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/ae4c226ad974c990391217f31db2a209.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Worm.Win32.Runfer.bpo Vulnerability: Insecure Service Path Description: The malware creates a servic...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2021/06/17 12:0 a.m.322 views

Disk Savvy 13.6.14 Unquoted Service Path

Exploit Title: Disk Savvy 13.6.14 - 'Multiple' Unquoted Service Path Discovery by: Brian Rodriguez Date: 16-06-2021 Vendor Homepage: https://www.disksavvy.com Software Links: https://www.disksavvy.com/setupsx64/disksavvysrvsetupv13.6.14x64.exe...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/03/09 12:0 a.m.322 views

FreeLAN 2.2 Unquoted Service Path

Exploit Title: FreeLAN 2.2 - 'FreeLAN Service' Unquoted Service Path Date: 2021-1-20 Exploit Author: Mohammed Alshehri Vendor Homepage: www.freelan.org Software Link: https://github.com/freelan-developers/freelan/releases/download/2.2/freelan-2.2.0-x86-install.exe Version: Version 2.2 Tested on:...

0.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/02/26 12:0 a.m.322 views

Trojan-Spy.Win32.SpyEyes.elr Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/025d07f4610605031e501e6745d663aa.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan-Spy.Win32.SpyEyes.elr Vulnerability: Insecure Permissions Description: The malware creates an...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/11/04 12:0 a.m.322 views

Student Attendance Management System 1.0 Code Execution / SQL Injection

Exploit Title: Student Attendance Management System 1.0 - 'username' SQL Injection / Remote Code Execution Date: 4-11-2020 Exploit Author: mosaaed Vendor Homepage: https://www.sourcecodester.com/php/14561/student-attendance-management-system-using-phpmysqli-source-code.html Software Link:...

0.6AI score
Exploits0
Packet Storm
Packet Storm
added 2020/08/11 12:0 a.m.322 views

vBulletin 5.x Remote Code Execution

!/bin/bash vBulletin widgettabbedcontainertabpanel 5.x 0day by @Zenofex Usage ./exploit Urlencode cmd CMD=echo $2|perl -MURI::Escape -ne 'chomp;print uriescape$,"\n"' Send request curl -s $1/ajax/render/widgettabbedcontainertabpanel -d...

7.5CVSS0.3AI score0.99728EPSS
Exploits27
Packet Storm
Packet Storm
added 2020/07/31 12:0 a.m.322 views

CA Unified Infrastructure Management Nimsoft 7.80 Buffer Overflow

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'CA Unified Infrastructure Management Nimsoft 7.80 - Remote Buffer Overflow', 'Description' = %q This module exploits a buffer overflow within the...

10CVSS0.9AI score0.77566EPSS
Exploits9
Packet Storm
Packet Storm
added 2019/12/05 12:0 a.m.322 views

Qualys Security Advisory - OpenBSD Authentication Bypass / Privilege Escalation

Qualys Security Advisory Authentication vulnerabilities in OpenBSD ============================================================================== Contents ============================================================================== 1. CVE-2019-19521: Authentication bypass 1.1. Analysis 1.2. Cas...

0.8AI score0.02736EPSS
Exploits8
Packet Storm
Packet Storm
added 2017/02/02 12:0 a.m.322 views

WordPress 4.7.0 / 4.7.1 Content Injection / Code Execution

Exploit Title: WP Content Injection Shell Exploit Date: 31 Jan' 2017 Exploit Author: Harsh Jaiswal Vendor Homepage: http://wordpress.org Version: Wordpress 4.7 - 4.7.1 Patched in 4.7.2 Tested on: Bacbox ubuntu Linux Based on:...

Exploits0
Packet Storm
Packet Storm
added 2012/12/03 12:0 a.m.322 views

Oracle MySQL Heap Overrun

MySQL Heap Overrun tested for the latest version of mysql server on a SuSE Linux system As seen below $edx and $edi are fully controlled, the current instruction is = 0x83a6b24 : mov %edx,%edi this means we landed in a place where 4 bytes can be controlled by 4 bytes with this function pointers a...

6.5CVSS0.2AI score0.20837EPSS
Exploits2
Packet Storm
Packet Storm
added 2025/03/17 12:0 a.m.321 views

Linux DRM Race Condition / Use-After-Free

Linux has an issue where drmfileupdatepid calls getpid too late, which creates a race condition that can lead to use-after-free of a struct pid. I am sending this to security@ and to the drm-misc maintainers - based on...

7CVSS5.8AI score0.00879EPSS
Exploits4
Packet Storm
Packet Storm
added 2024/10/11 12:0 a.m.321 views

Chamilo 1.11.18 Code Injection

============================================================================================================================================= | Title : Chamilo 1.11.18 Code Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.2 64 bits ...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/09/26 12:0 a.m.321 views

Restaurant POS 1.0 SQL Injection

============================================================================================================================================= | Title : Restaurant POS v1.0 SQL injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3 64 bi...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/09/01 12:0 a.m.321 views

WordPress Easy WP SMTP Password Reset

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress Easy WP SMTP Password Reset', 'Description' = %q Wordpress plugin Easy WP SMTP versions 'h00die', msf module this was an 0day , 'Licens...

7.5CVSS7.4AI score0.63407EPSS
Exploits3
Packet Storm
Packet Storm
added 2024/08/09 12:0 a.m.321 views

Xain-Hotel Management System 2.5 Insecure Settings

==================================================================================================================================== | Title : Xain-Hotel Management System v2.5 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/06/27 12:0 a.m.321 views

SimpCMS 0.1 Cross Site Scripting

Exploit Title: SimpCMS v0.1 - Cross Site Scripting XSS Date: 26-06-2024 CVE: CVE-2024-39248 Exploit Author: Jason Jacobs 0xjasonjacobs Vendor Homepage: https://sourceforge.net/projects/simpcms/ Software Link: https://sourceforge.net/projects/simpcms/ Category: Web Application Version: 0.1...

7.4AI score0.00743EPSS
Exploits3
Packet Storm
Packet Storm
added 2024/05/20 12:0 a.m.321 views

Rocket LMS 1.9 Cross Site Scripting

Title: Rocket LMS 1.9 - Persistent Cross Site Scripting XSS Date: 04/16/2024 Exploit Author: Sergio Medeiros Vendor Homepage: https://codecanyon.net/item/rocket-lms-learning-management-academy-script/33120735 Software Link: https://lms.rocket-soft.org Version: 1.9 Tested on Firefox and Chrome...

7.1AI score0.00762EPSS
Exploits4
Packet Storm
Packet Storm
added 2024/04/15 12:0 a.m.321 views

OpenClinic GA 5.247.01 Path Traversal

Exploit Title: OpenClinic GA 5.247.01 - Path Traversal Authenticated Date: 2023-08-14 Exploit Author: V. B. Vendor Homepage: https://sourceforge.net/projects/open-clinic/ Software Link: https://sourceforge.net/projects/open-clinic/ Version: OpenClinic GA 5.247.01 Tested on: Windows 10, Windows 11...

7.4AI score0.0338EPSS
Exploits4
Packet Storm
Packet Storm
added 2024/02/27 12:0 a.m.321 views

Hospital Management System 1.0 Cross Site Scripting

Exploit Title: Hospital Management System - Stord XSS Google Dork: N/A Application: Hospital Management System Date: 27.02.2024 Bugs: Stord XSS Exploit Author: SoSPiro Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/02/19 12:0 a.m.321 views

Microsoft Windows Defender / Detection Bypass Part 3

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: https://hyp3rlinx.altervista.org/advisories/MICROSOFTWINDOWSDEFENDERTROJAN.WIN32.POWESSERE.GMITIGATIONBYPASSPART3.txt + twitter.com/hyp3rlinx + ISR: ApparitionSec Vendor www.microsoft.com Product Windows Defender...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/01/26 12:0 a.m.321 views

Vinchin Backup And Recovery 7.2 setNetworkCardInfo Command Injection

CVE ID: CVE-2024-22900 Title: Command Injection Vulnerability in Vinchin Backup and Recovery Versions 7.2 and Earlier Description: A critical security vulnerability, identified as CVE-2024-22900, has been discovered in Vinchin Backup and Recovery software, affecting versions 7.2 and earlier. The...

7.4AI score0.01883EPSS
Exploits3
Packet Storm
Packet Storm
added 2024/01/11 12:0 a.m.321 views

PHPJabbers Night Club Booking Software 1.0 CSV Injection

Exploit Title: PHPJabbers Night Club Booking Software v1.0 - CSV Injection Date: 19/12/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/night-club-booking-software/sectionDemo Version: v1.0 Test...

7.4AI score0.00477EPSS
Exploits2
Packet Storm
Packet Storm
added 2023/08/22 12:0 a.m.321 views

TSPlus 16.0.0.0 Insecure Permissions

Exploit Title: TSplus 16.0.0.0 - Remote Work Insecure Files and Folders Permissions Date: 2023-08-09 Exploit Author: Carlo Di Dato for Deloitte Risk Advisory Italia Vendor Homepage: https://tsplus.net/ Version: Up to 16.0.0.0 Tested on: Windows CVE : CVE-2023-31068 With TSPlus Remote Work v...

7.1AI score0.02849EPSS
Exploits3
Packet Storm
Packet Storm
added 2023/06/30 12:0 a.m.321 views

NodCMS 3.4.1 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/06/15 12:0 a.m.321 views

projectSend r1605 CSV Injection

Exploit Title: projectSend r1605 - CSV injection Version: r1605 Bugs: CSV Injection Technology: PHP Vendor URL: https://www.projectsend.org/ Software Link: https://www.projectsend.org/ Date of found: 11-06-2023 Author: Mirabbas Ağalarov Tested on: Windows 2. Technical Details & POC...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/05/05 12:0 a.m.321 views

Jedox 2020.2.5 Database Credential Disclosure

Exploit Title: Jedox 2020.2.5 - Disclosure of Database Credentials via Improper Access Controls Date: 28/04/2023 Exploit Author: Team Syslifters / Christoph MAHRL, Aron MOLNAR, Patrick PIRKER and Michael WEDL Vendor Homepage: https://jedox.com Version: Jedox 2020.2 20.2.5 and older CVE :...

7.1AI score0.21127EPSS
Exploits8
Packet Storm
Packet Storm
added 2023/03/30 12:0 a.m.321 views

Uniview NVR301-04S2-P4 Cross Site Scripting

Exploit Title: Uniview NVR301-04S2-P4 - Reflected Cross-Site Scripting XSS Author: Bleron Rrustemi Discovery Date: 2022-11-15 Vendor Homepage: https://www.uniview.com/tr/Products/NVR/Easy/NVR301-04S2-P4/ Datasheet:: https://www.uniview.com/download.do?id=1761643 Device Firmware:...

6.8AI score
Exploits0
Packet Storm
Packet Storm
added 2022/08/03 12:0 a.m.321 views

Multi-Language Hotel Management 2022 1.0 SQL Injection

Title: Multi-Language-Hotel-Management-2022 1.0 SQLi Author: nu11secur1ty Date: 08.03.2022 Vendor: https://www.nikhilbhalerao.com/ Software: https://github.com/nu11secur1ty/CVE-nu11secur1ty/blob/main/vendors/Nikhil%20Bhalerao/2022/Multi-Language-Hotel-Management-2022/Docs/sparkz.zip Reference:...

Exploits0
Packet Storm
Packet Storm
added 2022/05/11 12:0 a.m.321 views

ExifTool 12.23 Arbitrary Code Execution

Exploit Title: ExifTool 12.23 - Arbitrary Code Execution Date: 04/30/2022 Exploit Author: UNICORD NicPWNs & Dev-Yeoj Vendor Homepage: https://exiftool.org/ Software Link: https://github.com/exiftool/exiftool/archive/refs/tags/12.23.zip Version: 7.44-12.23 Tested on: ExifTool 12.23 Debian CVE:...

7.8CVSS0.3AI score0.99981EPSS
Exploits39
Packet Storm
Packet Storm
added 2022/01/21 12:0 a.m.321 views

Backdoor.Win32.Wollf.16 Authentication Bypass

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/204613443e555f73237ea43a2faecaa5.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Wollf.16 Vulnerability: Authentication Bypass Description: The malware listens on TCP...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2022/01/10 12:0 a.m.321 views

Online Railway Reservation System 1.0 Remote Code Execution

Exploit Title: Online Railway Reservation System 1.0 - Remote Code Execution RCE Unauthenticated Date: 07/01/2022 Exploit Author: Zachary Asher Vendor Homepage: https://www.sourcecodester.com/php/15121/online-railway-reservation-system-phpoop-project-free-source-code.html Software Link:...

0.5AI score
Exploits0
Packet Storm
Packet Storm
added 2021/10/13 12:0 a.m.321 views

myfactory.FMS 7.1-911 Cross Site Scripting

Advisory: Cross-Site Scripting in myfactory.FMS During a penetration test, a reflected cross-site scripting vulnerability XSS was found in the myfactory.FMS login form. If a user opens an attacker-prepared link to the application, attackers can run arbitrary JavaScript code in the user's browser...

Exploits0
Packet Storm
Packet Storm
added 2021/09/30 12:0 a.m.321 views

Cmsimple 5.4 Remote Code Execution

Exploit Title: Cmsimple 5.4 - Remote Code Execution RCE Authenticated Date: 29.09.2021 Exploit Author: pussycat0x Vendor Homepage: https://www.cmsimple.org/ Version: 5.4 Tested on: ubuntu-20.04.1 import argparse from bs4 import BeautifulSoup from argparse import ArgumentParser import requests...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/07/21 12:0 a.m.321 views

Sage X3 Administration Service Authentication Bypass / Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Sage X3 Administration Service Authentication Bypass Command Execution', 'Description' = %q This module leverages an authentication bypass exploi...

1AI score0.70268EPSS
Exploits7
Packet Storm
Packet Storm
added 2021/07/01 12:0 a.m.321 views

WordPress XCloner 4.2.12 Remote Code Execution

Exploit Title: Wordpress Plugin XCloner 4.2.12 - Remote Code Execution Authenticated Date 30.06.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://www.xcloner.com/ Software Link: https://downloads.wordpress.org/plugin/xcloner-backup-and-restore.4.2.12.zip Version: 4.2.1 - 4.2.12...

6.5CVSS8.8AI score0.24937EPSS
Exploits5
Packet Storm
Packet Storm
added 2021/06/02 12:0 a.m.321 views

Intel Audio Service 01.00.1080.0 Unquoted Service Path

Exploit Title: IntelR Audio Service x64 01.00.1080.0 - 'IntelAudioService' Unquoted Service Path Date: 06-01-2021 Exploit Author: Geovanni Ruiz Vendor Homepage: https://www.intel.com Software Version: 01.00.1080.0 File Version: 1.00.1080.0 Tested on: Microsoft® Windows 10 Home Single Language...

0.6AI score
Exploits0
Packet Storm
Packet Storm
added 2021/04/21 12:0 a.m.321 views

GravCMS 1.10.7 Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'GravCMS Remote Command Execution', 'Description' = %q This module exploits arbitrary config write/update vulnerability to achieve remote code...

0.4AI score0.80467EPSS
Exploits12
Packet Storm
Packet Storm
added 2021/03/15 12:0 a.m.321 views

VoIPmonitor 27.6 Buffer Overflow

VoIPmonitor is vulnerable to a buffer overflow when using the live sniffer - Fixed versions: 27.6 - Enable Security Advisory: https://github.com/EnableSecurity/advisories/tree/master/ES2021-03-voipmonitor-livesniffer-buffer-overflow - VoIPmonitor Security Advisory: none, changelog references fixe...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/03/08 12:0 a.m.321 views

Backdoor.Win32.GTbot.c Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/8c2acfcc60dda52db9bd9a934284b673.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.GTbot.c Vulnerability: Insecure Permissions Description: GTbot creates an insecure di...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/02/26 12:0 a.m.321 views

Online Catering Reservation System 1.0 SQL Injection

Exploit Title: Online Catering Reservation System - SQL Injection Authenticated Date: 2021-02-25 Exploit Author: [email protected] Vendor Homepage: https://www.sourcecodester.com/php/11355/online-catering-reservation.html Software Link:...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2019/10/14 12:0 a.m.321 views

Open-Xchange OX App Suite SSRF / XSS / Information Disclosure / Access Controls

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Dear subscribers, we're sharing our latest advisory with you and like to thank everyone who contributed in finding and solving those vulnerabilities. Feel free to join our bug bounty programs appsuite, dovecot, powerdns at HackerOne. Yours sincerely...

0.1AI score0.01162EPSS
Exploits4
Packet Storm
Packet Storm
added 2019/09/17 12:0 a.m.321 views

Google Chrome Password Disclosure

--------------------------- Packet Storm Editor's Note: To normally view passwords in Chrome, you have to go to the Properties section, click View Passwords, and you are prompted for a users password. This flaw discloses all passwords for the domain without the required authentication step...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2019/03/04 12:0 a.m.321 views

1C-Bitrix Site Management Russia 2.0 Open Redirection

Exploit Title : 1C-Bitrix Site Management Russia 2.0 Open Redirection Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 05/03/2019 Vendor Homepages : 1c-bitrix.ru bitrix24.com Software Information Link : 1c-bitrix.ru/support/...

Exploits0
Packet Storm
Packet Storm
added 2019/02/02 12:0 a.m.321 views

SolarWinds Serv-U FTP 15.1.6 Privilege Escalation

CVE: CVE-2018-15906 Attack type: Remote, authenticated Discovered by: Chris Moberly @ The Missing Link Security Operating Systems: Verified on Win10 and Win2016 Vulnerable version: Tested on 15.1.6 current as of August 2018. Fixed in: Serv-U 15.1.6 Hotfix 2 Description SolarWinds Serv-U FTP Serve...

0.2AI score0.08245EPSS
Exploits3
Packet Storm
Packet Storm
added 2018/12/07 12:0 a.m.321 views

MiniShare 1.4.1 HEAD / POST Buffer Overflow

Hi!!! playing in 2006.... I have adapted the exploit to python Not only the GET method is vulnerable to BOF CVE-2004-2271. HEAD and POST methods are also vulnerable. The difference is minimal, both are exploited in the same way. Only 1 byte difference: GET = 3, HEAD and POST = 4 length...

7.5CVSS0.6AI score0.71908EPSS
Exploits11
Packet Storm
Packet Storm
added 2017/05/31 12:0 a.m.321 views

IBM Informix Dynamic Server DLL Injection / Code Execution

Vulnerabilities Summary The following advisory describes six 6 vulnerabilities found in Informix Dynamic Server and Informix Open Admin Tool. IBM Informix Dynamic Server Exceptional, low maintenance online transaction processing OLTP data server for enterprise and workgroup computing. IBM Informi...

5CVSS0.1AI score0.95707EPSS
Exploits14
Packet Storm
Packet Storm
added 2015/09/01 12:0 a.m.323 views

NibbleBlog 4.0.3 Shell Upload

NibbleBlog 4.0.3: Code Execution Security Advisory – Curesec Research Team 1. Introduction Affected Product: NibbleBlog 4.0.3 Fixed in: not fixed Fixed Version Link: n/a Vendor Contact: Website: http://www.nibbleblog.com/ Vulnerability Type: Code Execution Remote Exploitable: Yes Reported to...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2025/04/11 12:0 a.m.320 views

📄 Roundcube 1.6.6 Cross Site Scripting

Roundcube mail server versions earlier than 1.5.6 and 1.6 through 1.6.6 suffer from a persistent cross site scripting vulnerability. Exploit Title: Roundcube mail server exploit for CVE-2024-37383 Stored XSS Google Dork: Exploit Author: AmirZargham Vendor Homepage: Roundcube - Free and Open Sourc...

6.1CVSS6.5AI score0.73296EPSS
Exploits5
Total number of security vulnerabilities5000