Lucene search
K
PacketstormMost viewed

50748 matches found

Packet Storm
Packet Storm
added 2021/03/15 12:0 a.m.321 views

VoIPmonitor 27.6 Buffer Overflow

VoIPmonitor is vulnerable to a buffer overflow when using the live sniffer - Fixed versions: 27.6 - Enable Security Advisory: https://github.com/EnableSecurity/advisories/tree/master/ES2021-03-voipmonitor-livesniffer-buffer-overflow - VoIPmonitor Security Advisory: none, changelog references fixe...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/03/15 12:0 a.m.321 views

QNAP QVR Client 5.0.0.13230 Unquoted Service Path

Exploit Title: QNAP QVR Client 5.0.0.13230 - 'QVRService' Unquoted Service Path Discovery by: Luis Martinez Discovery Date: 2021-03-14 Vendor Homepage: https://www.qnap.com Tested Version: 5.0.0.13230 Vulnerability Type: Unquoted Service Path Tested on OS: Windows 10 Pro x64 es Step to discover...

0.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/03/08 12:0 a.m.321 views

Backdoor.Win32.GTbot.c Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/8c2acfcc60dda52db9bd9a934284b673.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.GTbot.c Vulnerability: Insecure Permissions Description: GTbot creates an insecure di...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/02/26 12:0 a.m.321 views

Online Catering Reservation System 1.0 SQL Injection

Exploit Title: Online Catering Reservation System - SQL Injection Authenticated Date: 2021-02-25 Exploit Author: [email protected] Vendor Homepage: https://www.sourcecodester.com/php/11355/online-catering-reservation.html Software Link:...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2020/12/14 12:0 a.m.321 views

System Explorer 7.0.0 Unquoted Service Path

Exploit Title: System Explorer 7.0.0 - 'SystemExplorerHelpService' Unquoted Service Path Date: 2020-10-14 Exploit Author: Mohammed Alshehri Vendor Homepage: http://systemexplorer.net/ Software Link: http://systemexplorer.net/download/SystemExplorerSetup.exe Version: Version 7.0.0 Tested on:...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2020/07/24 12:0 a.m.321 views

Newsportal 3 SQL Injection

Exploit Title: Newsportal v3 - 'uname' - SQL Injection Date: 2020-07-24 Exploit Author: gh1mau Team Members: Capt'N,muzzo,chaos689 | https://h0fclanmalaysia.wordpress.com/ Vendor Homepage: https://phpgurukul.com/news-portal-project-in-php-and-mysql/ Software Link:...

Exploits0
Packet Storm
Packet Storm
added 2019/10/14 12:0 a.m.321 views

Open-Xchange OX App Suite SSRF / XSS / Information Disclosure / Access Controls

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Dear subscribers, we're sharing our latest advisory with you and like to thank everyone who contributed in finding and solving those vulnerabilities. Feel free to join our bug bounty programs appsuite, dovecot, powerdns at HackerOne. Yours sincerely...

0.1AI score0.01162EPSS
Exploits4
Packet Storm
Packet Storm
added 2019/09/17 12:0 a.m.321 views

Google Chrome Password Disclosure

--------------------------- Packet Storm Editor's Note: To normally view passwords in Chrome, you have to go to the Properties section, click View Passwords, and you are prompted for a users password. This flaw discloses all passwords for the domain without the required authentication step...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2019/02/02 12:0 a.m.321 views

SolarWinds Serv-U FTP 15.1.6 Privilege Escalation

CVE: CVE-2018-15906 Attack type: Remote, authenticated Discovered by: Chris Moberly @ The Missing Link Security Operating Systems: Verified on Win10 and Win2016 Vulnerable version: Tested on 15.1.6 current as of August 2018. Fixed in: Serv-U 15.1.6 Hotfix 2 Description SolarWinds Serv-U FTP Serve...

0.2AI score0.08245EPSS
Exploits3
Packet Storm
Packet Storm
added 2018/12/07 12:0 a.m.321 views

MiniShare 1.4.1 HEAD / POST Buffer Overflow

Hi!!! playing in 2006.... I have adapted the exploit to python Not only the GET method is vulnerable to BOF CVE-2004-2271. HEAD and POST methods are also vulnerable. The difference is minimal, both are exploited in the same way. Only 1 byte difference: GET = 3, HEAD and POST = 4 length...

7.5CVSS0.6AI score0.71908EPSS
Exploits11
Packet Storm
Packet Storm
added 2017/05/31 12:0 a.m.321 views

IBM Informix Dynamic Server DLL Injection / Code Execution

Vulnerabilities Summary The following advisory describes six 6 vulnerabilities found in Informix Dynamic Server and Informix Open Admin Tool. IBM Informix Dynamic Server Exceptional, low maintenance online transaction processing OLTP data server for enterprise and workgroup computing. IBM Informi...

5CVSS0.1AI score0.95707EPSS
Exploits14
Packet Storm
Packet Storm
added 2025/11/27 12:0 a.m.320 views

📄 Flowise 3.0.4 Code Injection

Flowise versions 3.0.4 and below suffer from a remote command injection vulnerability. ============================================================================================================================================= | Title : Flowise 3.0.4 php code injection | | Author : indoushka | ...

10CVSS7.3AI score0.90183EPSS
Exploits21
Packet Storm
Packet Storm
added 2025/10/27 12:0 a.m.320 views

📄 RiteCMS 3.1.0 Remote Code Execution

RiteCMS version 3.1.0 suffers from an authenticated remote code execution vulnerability. Exploit Title: RiteCMS 3.1.0 - Authenticated Remote Code Execution RCE Date: 2025-10-26 Exploit Author: Chokri Hammedi Vendor Homepage: https://github.com/handylulu/RiteCMS Software Link:...

8.2AI score
Exploits0
Packet Storm
Packet Storm
added 2025/04/11 12:0 a.m.320 views

📄 Roundcube 1.6.6 Cross Site Scripting

Roundcube mail server versions earlier than 1.5.6 and 1.6 through 1.6.6 suffer from a persistent cross site scripting vulnerability. Exploit Title: Roundcube mail server exploit for CVE-2024-37383 Stored XSS Google Dork: Exploit Author: AmirZargham Vendor Homepage: Roundcube - Free and Open Sourc...

6.1CVSS6.5AI score0.73296EPSS
Exploits5
Packet Storm
Packet Storm
added 2025/03/04 12:0 a.m.320 views

Atlassian JIRA Arbitrary File Read

Atlassian JIRA versions prior to 5.0.1 XML injection proof of concept exploit that lets you read an arbitrary file. ============================================================================================================================================= | Title : Atlassian JIRA before 5.0.1 P...

9.1CVSS7.2AI score0.66578EPSS
Exploits3
Packet Storm
Packet Storm
added 2024/11/22 12:0 a.m.320 views

SEH utnserver Pro 20.1.22 Cross Site Scripting

St. Pölten UAS 20241118-0 ------------------------------------------------------------------------------- title| Multiple Stored Cross-Site Scripting product| SEH utnserver Pro vulnerable version| 20.1.22 fixed version| 20.1.35 CVE number| CVE-2024-11304 impact| High homepage|...

5.1CVSS7.1AI score0.00535EPSS
Exploits1
Packet Storm
Packet Storm
added 2024/10/15 12:0 a.m.320 views

WatchGuard XTM Firebox 12.5.x Buffer Overflow

============================================================================================================================================= | Title : WatchGuard XTM Firebox 12.5.x Code Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/10/03 12:0 a.m.320 views

WordPress Bricks Builder Theme 1.9.6 Code Injection

============================================================================================================================================= | Title : WordPress Bricks Builder Theme 1.9.6 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/09/11 12:0 a.m.320 views

Queuing Simple Chatbot 1.0 Shell Upload

============================================================================================================================================= | Title : Queuing Simple Chatbot 1.0 Remote File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/09/09 12:0 a.m.320 views

Breaking Oracle Database VPD Through DDL Permissions In 19c

Title: Breaking Oracle Database VPD Virtual Private Database Through DDL Permissions in 19c Product: Database Manufacturer: Oracle Affected Versions: 19c Tested Versions: 19c Risk Level: Low Author of Advisory: Emad Al-Mousa Vulnerability Details: By design VPD security feature protects against a...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/28 12:0 a.m.320 views

File Management System 1.0 Arbitrary File Upload

============================================================================================================================================= | Title : File Management System 1.0 Arbitrary File upload Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefo...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/07/28 12:0 a.m.320 views

Joomla Solidres 2.13.3 Cross Site Scripting

Exploit Title: Joomla Solidres 2.13.3 - Reflected XSS Exploit Author: CraCkEr Date: 28/07/2023 Vendor: Solidres Team Vendor Homepage: http://solidres.com/ Software Link: https://extensions.joomla.org/extension/vertical-markets/booking-a-reservations/solidres/ Demo: http://demo.solidres.com/joomla...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/06/09 12:0 a.m.320 views

PHP Live 3.1 Cross Site Scripting

==================================================================================================================================== | Title : PHP Live 3.1 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 69.0.332-bit | | Vendor :...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/06/05 12:0 a.m.320 views

FC Red Bull Salzburg App 5.1.9-R Improper Authorization

RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: FC Red Bull Salzburg App Vendor URL: https://play.google.com/store/apps/details?id=laola.redbull Type: Improper Authorization in Handler for Custom URL Scheme CWE-939 Date found: 2023-04-06...

7.1AI score0.00649EPSS
Exploits2
Packet Storm
Packet Storm
added 2023/05/24 12:0 a.m.320 views

Smart School 1.0 SQL Injection

Exploit Title: Smart School v1.0 - SQL Injection Date: 2023-05-17 Exploit Author: Ahmet Ümit BAYRAM Vendor: https://codecanyon.net/item/smart-school-school-management-system/19426018 Demo Site: https://demo.smart-school.in Tested on: Kali Linux CVE: N/A Request POST /course/filterRecords/ HTTP/1....

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/05/11 12:0 a.m.320 views

GaanaGawaana 1.0 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/04/28 12:0 a.m.320 views

Aigital Wireless-N Repeater Mini_Router.0.131229 Remote Command Execution

Exploit Title: Aigital Wireless-N Repeater - Command Injection Exploit Author: Matteo Mandolini Date : 13/04/2023 Vendor Homepage: https://web.archive.org/web/20220625053314/https://www.aigital.com/ Version: MiniRouter.0.131229 Command Injection POST /boafrm/formSysCmd HTTP/1.1 Host: 192.168.10.2...

6.9AI score
Exploits0
Packet Storm
Packet Storm
added 2023/03/27 12:0 a.m.320 views

eXtplorer 2.1.14 Authentication Bypass / Remote Code Execution

Exploit Title: eXtplorer= 2.1.14 - Authentication Bypass & Remote Code Execution RCE Exploit Author: ErPaciocco Author Website: https://erpaciocco.github.io Vendor Homepage: https://extplorer.net/ Vendor: ============== extplorer.net Product: ================== eXtplorer = v2.1.14 eXtplorer is a...

6.8AI score
Exploits0
Packet Storm
Packet Storm
added 2023/02/28 12:0 a.m.320 views

Osprey Pump Controller 1.0.1 userName Command Injection

Osprey Pump Controller 1.0.1 userName Blind Command Injection Vendor: ProPump and Controls, Inc. Product web page: https://www.propumpservice.com | https://www.pumpstationparts.com Affected version: Software Build ID 20211018, Production 10/18/2021 Mirage App: MirageAppManager, Release 1.0.1 Mira...

0.5AI score
Exploits0
Packet Storm
Packet Storm
added 2022/01/25 12:0 a.m.320 views

H2 Database Console Remote Code Execution

Document Title =============== Unauthenticated RCE vuln in the H2 Database console: CVE-2022-23221. Product Description =============== The H2 Console Application The Console lets you access a SQL database using a browser interface. Homepage: http://www.h2database.com/html/quickstart.html Affecte...

0.1AI score0.64766EPSS
Exploits4
Packet Storm
Packet Storm
added 2022/01/13 12:0 a.m.320 views

SalonERP 3.0.1 SQL Injection

Exploit Title: SalonERP 3.0.1 - 'sql' SQL Injection Authenticated Exploit Author: Betul Denizler Vendor Homepage: https://salonerp.sourceforge.io/ Software Link: https://sourceforge.net/projects/salonerp/files/latest/download Version: SalonERP v3.0.1 Tested on: Ubuntu Mate 20.04 Vulnerable...

Exploits0
Packet Storm
Packet Storm
added 2021/08/11 12:0 a.m.320 views

Trojan-Proxy.Win32.Raznew.gen Unauthenticated Open Proxy

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/55ce4b6c2ec10838c54dca54d96801d6.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan-Proxy.Win32.Raznew.gen Vulnerability: Unauthenticated Open Proxy Description: The malware...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/07/02 12:0 a.m.320 views

WordPress Modern Events Calendar 5.16.2 Shell Upload

Exploit Title: Wordpress Plugin Modern Events Calendar 5.16.2 - Remote Code Execution Authenticated Date 01.07.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://webnus.net/modern-events-calendar/ Software Link:...

6.5CVSS7.2AI score0.88158EPSS
Exploits9
Packet Storm
Packet Storm
added 2021/04/08 12:0 a.m.320 views

Composr 10.0.36 Shell Upload

Exploit Title: Composr 10.0.36 - Remote Code Execution Date: 04/06/2021 Exploit Author: Orion Hridoy Vendor Homepage: https://compo.sr/ Software Link: https://compo.sr/download.htm Version: 10.0.36 Tested on: Windows/Linux CVE : CVE-2021-30149 A RCE on Composr CMS has been discovered by BugsBD...

9.7AI score0.10064EPSS
Exploits4
Packet Storm
Packet Storm
added 2021/03/29 12:0 a.m.320 views

Health Center Patient Record Management System 1.0 Cross Site Scripting

Exploit Title: Health Center Patient Record Management System | 'address' param Stored Cross Site Scripting Exploit Author: Richard Jones Date: 2021-03-29 Vendor Homepage: https://www.sourcecodester.com/php/11058/health-center-patient-record-management-system.html Software Link:...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2021/02/24 12:0 a.m.320 views

Softros LAN Messenger 9.6.4 Unquoted Service Path

Exploit Title: Softros LAN Messenger 9.6.4 - 'SoftrosSpellChecker' Unquoted Service Path Discovery by: Victor Mondragón Discovery Date: 23-02-2021 Vendor Homepage: https://www.softros.com/ Software Links : https://download.softros.com/SoftrosLANMessengerSetup.exe Tested Version: 9.6.4 Vulnerabili...

0.7AI score
Exploits0
Packet Storm
Packet Storm
added 2021/01/29 12:0 a.m.320 views

Online Voting System 1.0 Authorization Bypass

Exploit Title:Online Voting System | Authentication Bypass Password Change Exploit Author: Richard Jones Date: 2021-01-29 Vendor Homepage: https://www.sourcecodester.com/php/14690/online-voting-system-phpmysqli-full-source-code.html Software...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2020/07/31 12:0 a.m.320 views

FreeBSD ip6_setpktopt Use-After-Free Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'FreeBSD ip6setpktopt Use-After-Free Privilege Escalation', 'Description' = %q This module exploits a race and use-after-free vulnerability in the...

6.8CVSS0.8AI score0.32978EPSS
Exploits4
Packet Storm
Packet Storm
added 2019/11/01 12:0 a.m.320 views

ownCloud 10.3.0 Stable Cross Site Request Forgery

Exploit Title: ownCloud 10.3.0 stable - Cross-Site Request Forgery Date: 2019-10-31 Exploit Author: Ozer Goker Vendor Homepage: https://owncloud.org Software Link: https://owncloud.org/download/ Version: 10.3 CVE: N/A Introduction Your personal cloud collaboration platform With over 50 million...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2019/06/12 12:0 a.m.320 views

Telus Actiontec T2200H WiFi Credential Disclosure

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Device Details Discovered By: Andrew Klaus [email protected] Vendor: Actiontec Telus Branded, but may work on others Model: T2200H but very likely affecting other models of theirs Affected Firmware: T2200H-31.128L.08 Device Manual:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2026/02/02 12:0 a.m.319 views

📄 glFusion 1.3.0 Blind SQL Injection

A critical blind SQL injection vulnerability exists in glFusion CMS version 1.3.0, affecting the Media Gallery search functionality. The vulnerability allows unauthenticated remote attackers to execute arbitrary SQL commands and potentially compromise the entire database. This issue is older...

6.2AI score
Exploits0
Packet Storm
Packet Storm
added 2025/03/12 12:0 a.m.319 views

VICIdial 2.14-917 Remote Command Execution

VICIdial version 2.14-917 proof of concept remote command execution exploit that takes advantage of a flaw originally found in 2024. ============================================================================================================================================= | Title : VICIdial v...

8.8CVSS7.2AI score0.75384EPSS
Exploits7
Packet Storm
Packet Storm
added 2025/02/28 12:0 a.m.319 views

Magento Adobe Commerce 2.4.4-p8 Arbitrary File Read

Magento Adobe Commerce version 2.4.4-p8 suffers from an arbitrary file read vulnerability. ============================================================================================================================================= | Title : Magento Adobe Commerce 2.4.4-p8 arbitrary file read...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2025/02/06 12:0 a.m.319 views

dhtmlxFileExplorer 8.4.6 Local File Inclusion / Traversal

dhtmlxFileExplorer version 8.4.6 suffers from a local file inclusion vulnerability in the Download Function of File Explorer. Exploit Title: dhtmlxFileExplorer 8.4.6 - Local File Inclusion in the Download Function of File Explorer Date: Feb 6, 2025 Exploit Author: Nutchaya Augkanavitayakul,...

7.1AI score0.00516EPSS
Exploits3
Packet Storm
Packet Storm
added 2025/02/06 12:0 a.m.319 views

WebFileSys 2.31.0 Directory Traversal

An issue in the relPath parameter of WebFileSys version 2.31.0 allows attackers to perform directory traversal via a crafted HTTP request. By injecting traversal payloads into the parameter, attackers can manipulate file paths and gain unauthorized access to sensitive files, potentially exposing...

7.3AI score0.01805EPSS
Exploits3
Packet Storm
Packet Storm
added 2024/09/01 12:0 a.m.319 views

Cisco ASA SSL VPN Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco ASA SSL VPN Privilege Escalation Vulnerability', 'Description' = %q This module exploits a privilege escalation vulnerability for Cisco ASA...

8.5CVSS7AI score0.11456EPSS
Exploits3
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.319 views

ManageEngine ADAudit Plus Xnode Enumeration

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ManageEngine ADAudit Plus Xnode Enumeration', 'Description' = %q This module exploits default admin credentials for the DataEngine Xnode server i...

10CVSS9.6AI score0.77477EPSS
Exploits7
Packet Storm
Packet Storm
added 2024/08/15 12:0 a.m.319 views

Bhojon Restaurant Management System 2.9 Insecure Settings

==================================================================================================================================== | Title : Bhojon restaurant management system v2.9 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firef...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/06/06 12:0 a.m.319 views

Trojan.Win32.DarkGateLoader MVID-2024-0685 Code Execution

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/afe012ed0d96abfe869b9e26ea375824.txt Contact: [email protected] Media: x.com/malvuln Threat: Trojan.Win32.DarkGateLoader multi variants Vulnerability: Arbitrary Code Execution Description:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/04/12 12:0 a.m.319 views

Ray OS 2.6.3 Command Injection

Exploit Title: Ray OS v2.6.3 - Command Injection RCEUnauthorized Description: The Ray Project dashboard contains a CPU profiling page, and the format parameter is not validated before being inserted into a system command executed in a shell, allowing for arbitrary command execution. If the system...

9.8CVSS7.4AI score0.7463EPSS
Exploits15
Total number of security vulnerabilities5000