Lucene search
K
PacketstormMost viewed

50773 matches found

Packet Storm
Packet Storm
added 2012/12/03 12:0 a.m.323 views

Oracle MySQL Heap Overrun

MySQL Heap Overrun tested for the latest version of mysql server on a SuSE Linux system As seen below $edx and $edi are fully controlled, the current instruction is = 0x83a6b24 : mov %edx,%edi this means we landed in a place where 4 bytes can be controlled by 4 bytes with this function pointers a...

6.5CVSS0.2AI score0.20837EPSS
Exploits2
Packet Storm
Packet Storm
added 2025/03/17 12:0 a.m.322 views

Linux DRM Race Condition / Use-After-Free

Linux has an issue where drmfileupdatepid calls getpid too late, which creates a race condition that can lead to use-after-free of a struct pid. I am sending this to security@ and to the drm-misc maintainers - based on...

7CVSS5.8AI score0.00879EPSS
Exploits4
Packet Storm
Packet Storm
added 2025/03/07 12:0 a.m.322 views

Kerberos 5-1.21.3 Privilege Escalation / Ticket Injection

Kerberos version 5-1.21.3 privilege escalation and ticket injection proof of concept exploit that demonstrates a vulnerability discovered in 2014. ============================================================================================================================================= | Title ...

8.8CVSS7.9AI score0.87448EPSS
Exploits8
Packet Storm
Packet Storm
added 2024/10/30 12:0 a.m.322 views

ABB Cylon Aspect 3.08.01 jsonProxy.php Cross Site Scripting

ABB Cylon Aspect 3.08.01 jsonProxy.php Unauthenticated Reflected XSS Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.01 Summary: ASPECT is an award-winning scalable building energy manageme...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/09/26 12:0 a.m.322 views

Restaurant POS 1.0 SQL Injection

============================================================================================================================================= | Title : Restaurant POS v1.0 SQL injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3 64 bi...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/09/19 12:0 a.m.322 views

SPIP BigUp 4.1.17 Code Injection

============================================================================================================================================= | Title : SPIP BigUp 4.1.17 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.0 64...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/06/27 12:0 a.m.322 views

SimpCMS 0.1 Cross Site Scripting

Exploit Title: SimpCMS v0.1 - Cross Site Scripting XSS Date: 26-06-2024 CVE: CVE-2024-39248 Exploit Author: Jason Jacobs 0xjasonjacobs Vendor Homepage: https://sourceforge.net/projects/simpcms/ Software Link: https://sourceforge.net/projects/simpcms/ Category: Web Application Version: 0.1...

7.4AI score0.00743EPSS
Exploits3
Packet Storm
Packet Storm
added 2024/03/01 12:0 a.m.322 views

Membership Management System 1.0 SQL Injection

Title: Membership Management System - SQL injection - Application: Hospital Management System - Date: 01.03.2024 - Bugs: SQL injection - Exploit Author: SoSPiro - Vendor Homepage: https://codeastro.com/author/nbadmin/ - Software Link:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/01/26 12:0 a.m.322 views

Vinchin Backup And Recovery 7.2 setNetworkCardInfo Command Injection

CVE ID: CVE-2024-22900 Title: Command Injection Vulnerability in Vinchin Backup and Recovery Versions 7.2 and Earlier Description: A critical security vulnerability, identified as CVE-2024-22900, has been discovered in Vinchin Backup and Recovery software, affecting versions 7.2 and earlier. The...

7.4AI score0.01883EPSS
Exploits3
Packet Storm
Packet Storm
added 2024/01/11 12:0 a.m.322 views

PHPJabbers Meeting Room Booking System 1.0 CSV Injection

Exploit Title: PHPJabbers Meeting Room Booking System v1.0 - CSV Injection Date: 19/12/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/meeting-room-booking-system/sectionDemo Version: v1.0 Test...

7.4AI score0.00593EPSS
Exploits1
Packet Storm
Packet Storm
added 2023/12/04 12:0 a.m.322 views

PHPJabbers Appointment Scheduler 3.0 CSV Injection

Exploit Title: PHPJabbers Appointment Scheduler v3.0 - CSV Injection Date: 19/11/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/appointment-scheduler/ Version: v3.0 Tested on: Windows 10,...

7.4AI score0.01221EPSS
Exploits2
Packet Storm
Packet Storm
added 2023/08/04 12:0 a.m.322 views

Shelly PRO 4PM 0.11.0 Authentication Bypass

!/bin/bash Exploit Title: Shelly PRO 4PM v0.11.0 - Authentication Bypass Google Dork: NA Date: 2nd August 2023 Exploit Author: The Security Team exploitsecurity.io Exploit Blog: https://www.exploitsecurity.io/post/cve-2023-33383-authentication-bypass-via-an-out-of-bounds-read-vulnerability Vendor...

7.1AI score0.02462EPSS
Exploits4
Packet Storm
Packet Storm
added 2023/05/30 12:0 a.m.322 views

Pydio Cells 4.1.2 Privilege Escalation

Advisory: Pydio Cells: Unauthorised Role Assignments Pydio Cells allows users by default to create so-called external users in order to share files with them. By modifying the HTTP request sent when creating such an external user, it is possible to assign the new user arbitrary roles. By assignin...

7.1AI score0.14197EPSS
Exploits6
Packet Storm
Packet Storm
added 2023/05/26 12:0 a.m.322 views

WBCE CMS 1.6.1 Cross Site Scripting

Exploit Title: WBCE CMS 1.6.1 - Multiple Stored Cross-Site Scripting XSS Version: 1.6.1 Bugs: XSS Technology: PHP Vendor URL: https://wbce-cms.org/ Software Link: https://github.com/WBCE/WBCECMS/releases/tag/1.6.1 Date of found: 03-05-2023 Author: Mirabbas Ağalarov Tested on: Linux 2. Technical...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/05/05 12:0 a.m.322 views

File Thingie 2.5.7 Shell Upload

!/usr/bin/python Exploit Title: File Thingie 2.5.7 - Remote Code Execution RCE Google Dork: N/A Date: 27th of April, 2023 Exploit Author: Maurice Fielenbach grimlockx - Hexastrike Cybersecurity UG haftungsbeschränkt Software Link: https://github.com/leefish/filethingie Version: 2.5.7 Tested on: N...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/03/30 12:0 a.m.322 views

Uniview NVR301-04S2-P4 Cross Site Scripting

Exploit Title: Uniview NVR301-04S2-P4 - Reflected Cross-Site Scripting XSS Author: Bleron Rrustemi Discovery Date: 2022-11-15 Vendor Homepage: https://www.uniview.com/tr/Products/NVR/Easy/NVR301-04S2-P4/ Datasheet:: https://www.uniview.com/download.do?id=1761643 Device Firmware:...

6.8AI score
Exploits0
Packet Storm
Packet Storm
added 2022/08/09 12:0 a.m.322 views

Backdoor.Win32.Guptachar.20 MVID-2022-0631 Insecure Credential Storage

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/857999d2306f257b80d1b8f6a51ae8b0.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Guptachar.20 Vulnerability: Insecure Credential Storage Description: The...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/01/25 12:0 a.m.322 views

Ethercreative Logs 3.0.3 Path Traversal

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Authenticated Path Traversal product: Ethercreative Logs plugin for Craft CMS vulnerable version: =3.0.4 CVE number: CVE-2022-23409 impact: Medium homepage:...

0.13759EPSS
Exploits6
Packet Storm
Packet Storm
added 2022/01/10 12:0 a.m.322 views

Online Railway Reservation System 1.0 Remote Code Execution

Exploit Title: Online Railway Reservation System 1.0 - Remote Code Execution RCE Unauthenticated Date: 07/01/2022 Exploit Author: Zachary Asher Vendor Homepage: https://www.sourcecodester.com/php/15121/online-railway-reservation-system-phpoop-project-free-source-code.html Software Link:...

0.5AI score
Exploits0
Packet Storm
Packet Storm
added 2021/10/13 12:0 a.m.322 views

myfactory.FMS 7.1-911 Cross Site Scripting

Advisory: Cross-Site Scripting in myfactory.FMS During a penetration test, a reflected cross-site scripting vulnerability XSS was found in the myfactory.FMS login form. If a user opens an attacker-prepared link to the application, attackers can run arbitrary JavaScript code in the user's browser...

Exploits0
Packet Storm
Packet Storm
added 2021/06/17 12:0 a.m.322 views

Disk Savvy 13.6.14 Unquoted Service Path

Exploit Title: Disk Savvy 13.6.14 - 'Multiple' Unquoted Service Path Discovery by: Brian Rodriguez Date: 16-06-2021 Vendor Homepage: https://www.disksavvy.com Software Links: https://www.disksavvy.com/setupsx64/disksavvysrvsetupv13.6.14x64.exe...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/06/02 12:0 a.m.322 views

Intel Audio Service 01.00.1080.0 Unquoted Service Path

Exploit Title: IntelR Audio Service x64 01.00.1080.0 - 'IntelAudioService' Unquoted Service Path Date: 06-01-2021 Exploit Author: Geovanni Ruiz Vendor Homepage: https://www.intel.com Software Version: 01.00.1080.0 File Version: 1.00.1080.0 Tested on: Microsoft® Windows 10 Home Single Language...

0.6AI score
Exploits0
Packet Storm
Packet Storm
added 2021/02/26 12:0 a.m.322 views

Trojan-Spy.Win32.SpyEyes.elr Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/025d07f4610605031e501e6745d663aa.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan-Spy.Win32.SpyEyes.elr Vulnerability: Insecure Permissions Description: The malware creates an...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/11/04 12:0 a.m.322 views

Student Attendance Management System 1.0 Code Execution / SQL Injection

Exploit Title: Student Attendance Management System 1.0 - 'username' SQL Injection / Remote Code Execution Date: 4-11-2020 Exploit Author: mosaaed Vendor Homepage: https://www.sourcecodester.com/php/14561/student-attendance-management-system-using-phpmysqli-source-code.html Software Link:...

0.6AI score
Exploits0
Packet Storm
Packet Storm
added 2020/07/31 12:0 a.m.322 views

CA Unified Infrastructure Management Nimsoft 7.80 Buffer Overflow

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'CA Unified Infrastructure Management Nimsoft 7.80 - Remote Buffer Overflow', 'Description' = %q This module exploits a buffer overflow within the...

10CVSS0.9AI score0.77566EPSS
Exploits9
Packet Storm
Packet Storm
added 2019/12/05 12:0 a.m.322 views

Qualys Security Advisory - OpenBSD Authentication Bypass / Privilege Escalation

Qualys Security Advisory Authentication vulnerabilities in OpenBSD ============================================================================== Contents ============================================================================== 1. CVE-2019-19521: Authentication bypass 1.1. Analysis 1.2. Cas...

0.8AI score0.02736EPSS
Exploits8
Packet Storm
Packet Storm
added 2019/03/04 12:0 a.m.322 views

1C-Bitrix Site Management Russia 2.0 Open Redirection

Exploit Title : 1C-Bitrix Site Management Russia 2.0 Open Redirection Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 05/03/2019 Vendor Homepages : 1c-bitrix.ru bitrix24.com Software Information Link : 1c-bitrix.ru/support/...

Exploits0
Packet Storm
Packet Storm
added 2025/11/27 12:0 a.m.321 views

📄 Flowise 3.0.4 Code Injection

Flowise versions 3.0.4 and below suffer from a remote command injection vulnerability. ============================================================================================================================================= | Title : Flowise 3.0.4 php code injection | | Author : indoushka | ...

10CVSS7.3AI score0.90183EPSS
Exploits21
Packet Storm
Packet Storm
added 2025/03/04 12:0 a.m.321 views

Atlassian JIRA Arbitrary File Read

Atlassian JIRA versions prior to 5.0.1 XML injection proof of concept exploit that lets you read an arbitrary file. ============================================================================================================================================= | Title : Atlassian JIRA before 5.0.1 P...

9.1CVSS7.2AI score0.66578EPSS
Exploits3
Packet Storm
Packet Storm
added 2024/10/11 12:0 a.m.321 views

Chamilo 1.11.18 Code Injection

============================================================================================================================================= | Title : Chamilo 1.11.18 Code Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.2 64 bits ...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/09/13 12:0 a.m.321 views

Art Gallery Management System 1.0 Insecure Settings

==================================================================================================================================== | Title : Art Gallery Management System 1.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/09/01 12:0 a.m.321 views

Cisco ASA SSL VPN Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco ASA SSL VPN Privilege Escalation Vulnerability', 'Description' = %q This module exploits a privilege escalation vulnerability for Cisco ASA...

8.5CVSS7AI score0.11456EPSS
Exploits3
Packet Storm
Packet Storm
added 2024/09/01 12:0 a.m.321 views

WordPress Easy WP SMTP Password Reset

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress Easy WP SMTP Password Reset', 'Description' = %q Wordpress plugin Easy WP SMTP versions 'h00die', msf module this was an 0day , 'Licens...

7.5CVSS7.4AI score0.63407EPSS
Exploits3
Packet Storm
Packet Storm
added 2024/08/28 12:0 a.m.321 views

File Management System 1.0 Arbitrary File Upload

============================================================================================================================================= | Title : File Management System 1.0 Arbitrary File upload Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefo...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/09 12:0 a.m.321 views

Xain-Hotel Management System 2.5 Insecure Settings

==================================================================================================================================== | Title : Xain-Hotel Management System v2.5 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/02 12:0 a.m.321 views

AccPack Cop 1.0 Cross Site Request Forgery

============================================================================================================================================= | Title : AccPack Cop v1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits | | Vendo...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/05/20 12:0 a.m.321 views

Rocket LMS 1.9 Cross Site Scripting

Title: Rocket LMS 1.9 - Persistent Cross Site Scripting XSS Date: 04/16/2024 Exploit Author: Sergio Medeiros Vendor Homepage: https://codecanyon.net/item/rocket-lms-learning-management-academy-script/33120735 Software Link: https://lms.rocket-soft.org Version: 1.9 Tested on Firefox and Chrome...

7.1AI score0.00762EPSS
Exploits4
Packet Storm
Packet Storm
added 2024/04/15 12:0 a.m.321 views

OpenClinic GA 5.247.01 Path Traversal

Exploit Title: OpenClinic GA 5.247.01 - Path Traversal Authenticated Date: 2023-08-14 Exploit Author: V. B. Vendor Homepage: https://sourceforge.net/projects/open-clinic/ Software Link: https://sourceforge.net/projects/open-clinic/ Version: OpenClinic GA 5.247.01 Tested on: Windows 10, Windows 11...

7.4AI score0.0338EPSS
Exploits4
Packet Storm
Packet Storm
added 2024/02/27 12:0 a.m.321 views

Hospital Management System 1.0 Cross Site Scripting

Exploit Title: Hospital Management System - Stord XSS Google Dork: N/A Application: Hospital Management System Date: 27.02.2024 Bugs: Stord XSS Exploit Author: SoSPiro Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/02/19 12:0 a.m.321 views

Microsoft Windows Defender / Detection Bypass Part 3

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: https://hyp3rlinx.altervista.org/advisories/MICROSOFTWINDOWSDEFENDERTROJAN.WIN32.POWESSERE.GMITIGATIONBYPASSPART3.txt + twitter.com/hyp3rlinx + ISR: ApparitionSec Vendor www.microsoft.com Product Windows Defender...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/01/11 12:0 a.m.321 views

PHPJabbers Night Club Booking Software 1.0 CSV Injection

Exploit Title: PHPJabbers Night Club Booking Software v1.0 - CSV Injection Date: 19/12/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/night-club-booking-software/sectionDemo Version: v1.0 Test...

7.4AI score0.00477EPSS
Exploits2
Packet Storm
Packet Storm
added 2023/08/22 12:0 a.m.321 views

TSPlus 16.0.0.0 Insecure Permissions

Exploit Title: TSplus 16.0.0.0 - Remote Work Insecure Files and Folders Permissions Date: 2023-08-09 Exploit Author: Carlo Di Dato for Deloitte Risk Advisory Italia Vendor Homepage: https://tsplus.net/ Version: Up to 16.0.0.0 Tested on: Windows CVE : CVE-2023-31068 With TSPlus Remote Work v...

7.1AI score0.02849EPSS
Exploits3
Packet Storm
Packet Storm
added 2023/06/30 12:0 a.m.321 views

NodCMS 3.4.1 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/06/27 12:0 a.m.321 views

Apache Druid JNDI Injection Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Druid JNDI Injection RCE', 'Description' = %q This module is designed to exploit the JNDI injection vulnerability in Druid. The...

8.8CVSS7.1AI score0.95302EPSS
Exploits8
Packet Storm
Packet Storm
added 2023/06/15 12:0 a.m.321 views

projectSend r1605 CSV Injection

Exploit Title: projectSend r1605 - CSV injection Version: r1605 Bugs: CSV Injection Technology: PHP Vendor URL: https://www.projectsend.org/ Software Link: https://www.projectsend.org/ Date of found: 11-06-2023 Author: Mirabbas Ağalarov Tested on: Windows 2. Technical Details & POC...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/06/05 12:0 a.m.321 views

FC Red Bull Salzburg App 5.1.9-R Improper Authorization

RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: FC Red Bull Salzburg App Vendor URL: https://play.google.com/store/apps/details?id=laola.redbull Type: Improper Authorization in Handler for Custom URL Scheme CWE-939 Date found: 2023-04-06...

7.1AI score0.00649EPSS
Exploits2
Packet Storm
Packet Storm
added 2023/05/11 12:0 a.m.321 views

GaanaGawaana 1.0 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/05/05 12:0 a.m.321 views

Jedox 2020.2.5 Database Credential Disclosure

Exploit Title: Jedox 2020.2.5 - Disclosure of Database Credentials via Improper Access Controls Date: 28/04/2023 Exploit Author: Team Syslifters / Christoph MAHRL, Aron MOLNAR, Patrick PIRKER and Michael WEDL Vendor Homepage: https://jedox.com Version: Jedox 2020.2 20.2.5 and older CVE :...

7.1AI score0.21127EPSS
Exploits8
Packet Storm
Packet Storm
added 2022/08/03 12:0 a.m.321 views

Multi-Language Hotel Management 2022 1.0 SQL Injection

Title: Multi-Language-Hotel-Management-2022 1.0 SQLi Author: nu11secur1ty Date: 08.03.2022 Vendor: https://www.nikhilbhalerao.com/ Software: https://github.com/nu11secur1ty/CVE-nu11secur1ty/blob/main/vendors/Nikhil%20Bhalerao/2022/Multi-Language-Hotel-Management-2022/Docs/sparkz.zip Reference:...

Exploits0
Packet Storm
Packet Storm
added 2022/04/06 12:0 a.m.321 views

cmark-gfm Integer overflow

cmark-gfm: Integer overflow in table extension cmark-gfm Github's markdown parsing library is vulnerable to an out-of-bounds write when parsing markdown tables with a high number of columns due to an overflow of the 16bit columns count. Support for parsing tables in a github flavored markdown fil...

9.8CVSS0.5AI score0.04192EPSS
Exploits3
Total number of security vulnerabilities5000