Lucene search
K
PacketstormMost viewed

50738 matches found

Packet Storm
Packet Storm
added 2025/03/04 12:0 a.m.320 views

Atlassian JIRA Arbitrary File Read

Atlassian JIRA versions prior to 5.0.1 XML injection proof of concept exploit that lets you read an arbitrary file. ============================================================================================================================================= | Title : Atlassian JIRA before 5.0.1 P...

9.1CVSS7.2AI score0.66578EPSS
Exploits3
Packet Storm
Packet Storm
added 2024/11/22 12:0 a.m.320 views

SEH utnserver Pro 20.1.22 Cross Site Scripting

St. Pölten UAS 20241118-0 ------------------------------------------------------------------------------- title| Multiple Stored Cross-Site Scripting product| SEH utnserver Pro vulnerable version| 20.1.22 fixed version| 20.1.35 CVE number| CVE-2024-11304 impact| High homepage|...

5.1CVSS7.1AI score0.00535EPSS
Exploits1
Packet Storm
Packet Storm
added 2024/10/15 12:0 a.m.320 views

WatchGuard XTM Firebox 12.5.x Buffer Overflow

============================================================================================================================================= | Title : WatchGuard XTM Firebox 12.5.x Code Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/10/03 12:0 a.m.320 views

WordPress Bricks Builder Theme 1.9.6 Code Injection

============================================================================================================================================= | Title : WordPress Bricks Builder Theme 1.9.6 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/28 12:0 a.m.320 views

File Management System 1.0 Arbitrary File Upload

============================================================================================================================================= | Title : File Management System 1.0 Arbitrary File upload Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefo...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/02 12:0 a.m.320 views

AccPack Cop 1.0 Cross Site Request Forgery

============================================================================================================================================= | Title : AccPack Cop v1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits | | Vendo...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/12/04 12:0 a.m.320 views

PHPJabbers Appointment Scheduler 3.0 CSV Injection

Exploit Title: PHPJabbers Appointment Scheduler v3.0 - CSV Injection Date: 19/11/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/appointment-scheduler/ Version: v3.0 Tested on: Windows 10,...

7.4AI score0.01221EPSS
Exploits2
Packet Storm
Packet Storm
added 2023/07/28 12:0 a.m.320 views

Joomla Solidres 2.13.3 Cross Site Scripting

Exploit Title: Joomla Solidres 2.13.3 - Reflected XSS Exploit Author: CraCkEr Date: 28/07/2023 Vendor: Solidres Team Vendor Homepage: http://solidres.com/ Software Link: https://extensions.joomla.org/extension/vertical-markets/booking-a-reservations/solidres/ Demo: http://demo.solidres.com/joomla...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/06/09 12:0 a.m.320 views

PHP Live 3.1 Cross Site Scripting

==================================================================================================================================== | Title : PHP Live 3.1 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 69.0.332-bit | | Vendor :...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/06/05 12:0 a.m.320 views

FC Red Bull Salzburg App 5.1.9-R Improper Authorization

RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: FC Red Bull Salzburg App Vendor URL: https://play.google.com/store/apps/details?id=laola.redbull Type: Improper Authorization in Handler for Custom URL Scheme CWE-939 Date found: 2023-04-06...

7.1AI score0.00649EPSS
Exploits2
Packet Storm
Packet Storm
added 2023/05/26 12:0 a.m.320 views

WBCE CMS 1.6.1 Cross Site Scripting

Exploit Title: WBCE CMS 1.6.1 - Multiple Stored Cross-Site Scripting XSS Version: 1.6.1 Bugs: XSS Technology: PHP Vendor URL: https://wbce-cms.org/ Software Link: https://github.com/WBCE/WBCECMS/releases/tag/1.6.1 Date of found: 03-05-2023 Author: Mirabbas Ağalarov Tested on: Linux 2. Technical...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/05/11 12:0 a.m.320 views

GaanaGawaana 1.0 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/02/28 12:0 a.m.320 views

Osprey Pump Controller 1.0.1 userName Command Injection

Osprey Pump Controller 1.0.1 userName Blind Command Injection Vendor: ProPump and Controls, Inc. Product web page: https://www.propumpservice.com | https://www.pumpstationparts.com Affected version: Software Build ID 20211018, Production 10/18/2021 Mirage App: MirageAppManager, Release 1.0.1 Mira...

0.5AI score
Exploits0
Packet Storm
Packet Storm
added 2022/04/06 12:0 a.m.320 views

cmark-gfm Integer overflow

cmark-gfm: Integer overflow in table extension cmark-gfm Github's markdown parsing library is vulnerable to an out-of-bounds write when parsing markdown tables with a high number of columns due to an overflow of the 16bit columns count. Support for parsing tables in a github flavored markdown fil...

9.8CVSS0.5AI score0.04192EPSS
Exploits3
Packet Storm
Packet Storm
added 2022/03/17 12:0 a.m.320 views

BuilderOrcus Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/cc3670f1b3e60e00b43c86d787563a44.txt Contact: [email protected] Media: twitter.com/malvuln Threat: BuilderOrcus Orcus.Administration-cracked.exe Vulnerability: Insecure Permissions Description: When...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/01/25 12:0 a.m.320 views

Ethercreative Logs 3.0.3 Path Traversal

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Authenticated Path Traversal product: Ethercreative Logs plugin for Craft CMS vulnerable version: =3.0.4 CVE number: CVE-2022-23409 impact: Medium homepage:...

0.13759EPSS
Exploits6
Packet Storm
Packet Storm
added 2022/01/20 12:0 a.m.320 views

VulturiBuilder Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/ca294b2f778abc14fef6313b3cea7155.txt Contact: [email protected] Media: twitter.com/malvuln Threat: VulturiBuilder Vulnerability: Insecure Permissions Description: The malware writes an .EXE with...

Exploits0
Packet Storm
Packet Storm
added 2022/01/13 12:0 a.m.320 views

SalonERP 3.0.1 SQL Injection

Exploit Title: SalonERP 3.0.1 - 'sql' SQL Injection Authenticated Exploit Author: Betul Denizler Vendor Homepage: https://salonerp.sourceforge.io/ Software Link: https://sourceforge.net/projects/salonerp/files/latest/download Version: SalonERP v3.0.1 Tested on: Ubuntu Mate 20.04 Vulnerable...

Exploits0
Packet Storm
Packet Storm
added 2021/08/11 12:0 a.m.320 views

Trojan-Proxy.Win32.Raznew.gen Unauthenticated Open Proxy

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/55ce4b6c2ec10838c54dca54d96801d6.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan-Proxy.Win32.Raznew.gen Vulnerability: Unauthenticated Open Proxy Description: The malware...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/07/02 12:0 a.m.320 views

WordPress Modern Events Calendar 5.16.2 Shell Upload

Exploit Title: Wordpress Plugin Modern Events Calendar 5.16.2 - Remote Code Execution Authenticated Date 01.07.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://webnus.net/modern-events-calendar/ Software Link:...

6.5CVSS7.2AI score0.88158EPSS
Exploits9
Packet Storm
Packet Storm
added 2021/04/08 12:0 a.m.320 views

Composr 10.0.36 Shell Upload

Exploit Title: Composr 10.0.36 - Remote Code Execution Date: 04/06/2021 Exploit Author: Orion Hridoy Vendor Homepage: https://compo.sr/ Software Link: https://compo.sr/download.htm Version: 10.0.36 Tested on: Windows/Linux CVE : CVE-2021-30149 A RCE on Composr CMS has been discovered by BugsBD...

9.7AI score0.10064EPSS
Exploits4
Packet Storm
Packet Storm
added 2021/03/15 12:0 a.m.320 views

QNAP QVR Client 5.0.0.13230 Unquoted Service Path

Exploit Title: QNAP QVR Client 5.0.0.13230 - 'QVRService' Unquoted Service Path Discovery by: Luis Martinez Discovery Date: 2021-03-14 Vendor Homepage: https://www.qnap.com Tested Version: 5.0.0.13230 Vulnerability Type: Unquoted Service Path Tested on OS: Windows 10 Pro x64 es Step to discover...

0.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/02/24 12:0 a.m.320 views

Softros LAN Messenger 9.6.4 Unquoted Service Path

Exploit Title: Softros LAN Messenger 9.6.4 - 'SoftrosSpellChecker' Unquoted Service Path Discovery by: Victor Mondragón Discovery Date: 23-02-2021 Vendor Homepage: https://www.softros.com/ Software Links : https://download.softros.com/SoftrosLANMessengerSetup.exe Tested Version: 9.6.4 Vulnerabili...

0.7AI score
Exploits0
Packet Storm
Packet Storm
added 2021/01/29 12:0 a.m.320 views

Online Voting System 1.0 Authorization Bypass

Exploit Title:Online Voting System | Authentication Bypass Password Change Exploit Author: Richard Jones Date: 2021-01-29 Vendor Homepage: https://www.sourcecodester.com/php/14690/online-voting-system-phpmysqli-full-source-code.html Software...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2020/12/14 12:0 a.m.320 views

System Explorer 7.0.0 Unquoted Service Path

Exploit Title: System Explorer 7.0.0 - 'SystemExplorerHelpService' Unquoted Service Path Date: 2020-10-14 Exploit Author: Mohammed Alshehri Vendor Homepage: http://systemexplorer.net/ Software Link: http://systemexplorer.net/download/SystemExplorerSetup.exe Version: Version 7.0.0 Tested on:...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2020/07/24 12:0 a.m.320 views

Newsportal 3 SQL Injection

Exploit Title: Newsportal v3 - 'uname' - SQL Injection Date: 2020-07-24 Exploit Author: gh1mau Team Members: Capt'N,muzzo,chaos689 | https://h0fclanmalaysia.wordpress.com/ Vendor Homepage: https://phpgurukul.com/news-portal-project-in-php-and-mysql/ Software Link:...

Exploits0
Packet Storm
Packet Storm
added 2019/06/12 12:0 a.m.320 views

Telus Actiontec T2200H WiFi Credential Disclosure

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Device Details Discovered By: Andrew Klaus [email protected] Vendor: Actiontec Telus Branded, but may work on others Model: T2200H but very likely affecting other models of theirs Affected Firmware: T2200H-31.128L.08 Device Manual:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2025/11/27 12:0 a.m.319 views

📄 Flowise 3.0.4 Code Injection

Flowise versions 3.0.4 and below suffer from a remote command injection vulnerability. ============================================================================================================================================= | Title : Flowise 3.0.4 php code injection | | Author : indoushka | ...

10CVSS7.3AI score0.90183EPSS
Exploits21
Packet Storm
Packet Storm
added 2025/03/12 12:0 a.m.319 views

VICIdial 2.14-917 Remote Command Execution

VICIdial version 2.14-917 proof of concept remote command execution exploit that takes advantage of a flaw originally found in 2024. ============================================================================================================================================= | Title : VICIdial v...

8.8CVSS7.2AI score0.75384EPSS
Exploits7
Packet Storm
Packet Storm
added 2025/02/28 12:0 a.m.319 views

Magento Adobe Commerce 2.4.4-p8 Arbitrary File Read

Magento Adobe Commerce version 2.4.4-p8 suffers from an arbitrary file read vulnerability. ============================================================================================================================================= | Title : Magento Adobe Commerce 2.4.4-p8 arbitrary file read...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2025/02/06 12:0 a.m.319 views

dhtmlxFileExplorer 8.4.6 Local File Inclusion / Traversal

dhtmlxFileExplorer version 8.4.6 suffers from a local file inclusion vulnerability in the Download Function of File Explorer. Exploit Title: dhtmlxFileExplorer 8.4.6 - Local File Inclusion in the Download Function of File Explorer Date: Feb 6, 2025 Exploit Author: Nutchaya Augkanavitayakul,...

7.1AI score0.00516EPSS
Exploits3
Packet Storm
Packet Storm
added 2025/02/06 12:0 a.m.319 views

WebFileSys 2.31.0 Directory Traversal

An issue in the relPath parameter of WebFileSys version 2.31.0 allows attackers to perform directory traversal via a crafted HTTP request. By injecting traversal payloads into the parameter, attackers can manipulate file paths and gain unauthorized access to sensitive files, potentially exposing...

7.3AI score0.01805EPSS
Exploits3
Packet Storm
Packet Storm
added 2024/09/13 12:0 a.m.319 views

Art Gallery Management System 1.0 Insecure Settings

==================================================================================================================================== | Title : Art Gallery Management System 1.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/09/11 12:0 a.m.319 views

Queuing Simple Chatbot 1.0 Shell Upload

============================================================================================================================================= | Title : Queuing Simple Chatbot 1.0 Remote File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/09/01 12:0 a.m.319 views

Cisco ASA SSL VPN Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco ASA SSL VPN Privilege Escalation Vulnerability', 'Description' = %q This module exploits a privilege escalation vulnerability for Cisco ASA...

8.5CVSS7AI score0.11456EPSS
Exploits3
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.319 views

ManageEngine ADAudit Plus Xnode Enumeration

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ManageEngine ADAudit Plus Xnode Enumeration', 'Description' = %q This module exploits default admin credentials for the DataEngine Xnode server i...

10CVSS9.6AI score0.77477EPSS
Exploits7
Packet Storm
Packet Storm
added 2024/08/15 12:0 a.m.319 views

Bhojon Restaurant Management System 2.9 Insecure Settings

==================================================================================================================================== | Title : Bhojon restaurant management system v2.9 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firef...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/04/12 12:0 a.m.319 views

Ray OS 2.6.3 Command Injection

Exploit Title: Ray OS v2.6.3 - Command Injection RCEUnauthorized Description: The Ray Project dashboard contains a CPU profiling page, and the format parameter is not validated before being inserted into a system command executed in a shell, allowing for arbitrary command execution. If the system...

9.8CVSS7.4AI score0.7463EPSS
Exploits15
Packet Storm
Packet Storm
added 2024/03/18 12:0 a.m.319 views

Gasmark Pro 1.0 Shell Upload

Title: GASMARK PRO-1.0 File Upload RCE Author: nu11secur1ty Date: 03/17/2024 Vendor: https://www.mayurik.com/ Software: https://www.sourcecodester.com/php/15586/gas-agency-management-system-project-php-free-download-source-code.html Reference: https://portswigger.net/web-security/file-upload...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/03/14 12:0 a.m.319 views

JetBrains TeamCity 2023.05.3 Remote Code Execution

Exploit Title: JetBrains TeamCity 2023.05.3 - Remote Code Execution RCE - Shodan Dork: http.title:TeamCity , http.favicon.hash:-1944119648 - Exploit Author: ByteHunter - Vendor: JetBrains - Email: [email protected] - vendor: JetBrains - Version: versions before 2023.05.4 - Tested on:...

9.8CVSS7.4AI score0.99979EPSS
Exploits17
Packet Storm
Packet Storm
added 2023/08/24 12:0 a.m.319 views

doorGets CMS 12 Shell Upload

==================================================================================================================================== | Title : doorGets CMS v12 Unrestricted File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/07 12:0 a.m.319 views

Web Wiz Forums 12.06 Database Disclosure

==================================================================================================================================== | Title : Web Wiz Forums 12.06 Database Disclosure Exploit | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 108.032-bit ...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/07/13 12:0 a.m.319 views

Bazaar Social Listing Shopping Web PHP Template 2.3.2 Privilege Escalation

==================================================================================================================================== | Title : Bazaar | Social Listing Shopping Web PHP Template v2.3.2 Privilege Escalation Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.P...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/06/27 12:0 a.m.319 views

Active eCommerce CMS 6.5.0 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/06/27 12:0 a.m.319 views

Apache Druid JNDI Injection Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Druid JNDI Injection RCE', 'Description' = %q This module is designed to exploit the JNDI injection vulnerability in Druid. The...

8.8CVSS7.1AI score0.95302EPSS
Exploits8
Packet Storm
Packet Storm
added 2023/05/30 12:0 a.m.319 views

Papaya Medical Viewer 1.0 Cross Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Title ===== SCHUTZWERK-SA-2022-001: Cross-Site-Scripting in Papaya Medical Viewer Status ====== PUBLISHED Version ======= 1.0 CVE reference ============= CVE-2023-33255 Link ==== https://www.schutzwerk.com/advisories/SCHUTZWERK-SA-2022-001/ Text-onl...

7.1AI score0.00922EPSS
Exploits2
Packet Storm
Packet Storm
added 2023/05/24 12:0 a.m.319 views

Smart School 1.0 SQL Injection

Exploit Title: Smart School v1.0 - SQL Injection Date: 2023-05-17 Exploit Author: Ahmet Ümit BAYRAM Vendor: https://codecanyon.net/item/smart-school-school-management-system/19426018 Demo Site: https://demo.smart-school.in Tested on: Kali Linux CVE: N/A Request POST /course/filterRecords/ HTTP/1....

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/04/28 12:0 a.m.319 views

Aigital Wireless-N Repeater Mini_Router.0.131229 Remote Command Execution

Exploit Title: Aigital Wireless-N Repeater - Command Injection Exploit Author: Matteo Mandolini Date : 13/04/2023 Vendor Homepage: https://web.archive.org/web/20220625053314/https://www.aigital.com/ Version: MiniRouter.0.131229 Command Injection POST /boafrm/formSysCmd HTTP/1.1 Host: 192.168.10.2...

6.9AI score
Exploits0
Packet Storm
Packet Storm
added 2023/03/27 12:0 a.m.319 views

eXtplorer 2.1.14 Authentication Bypass / Remote Code Execution

Exploit Title: eXtplorer= 2.1.14 - Authentication Bypass & Remote Code Execution RCE Exploit Author: ErPaciocco Author Website: https://erpaciocco.github.io Vendor Homepage: https://extplorer.net/ Vendor: ============== extplorer.net Product: ================== eXtplorer = v2.1.14 eXtplorer is a...

6.8AI score
Exploits0
Packet Storm
Packet Storm
added 2022/09/14 12:0 a.m.319 views

WordPress WPGateway 3.5 Privilege Escalation

Description: Unauthenticated Privilege Escalation Affected Plugin: WPGateway Plugin Slug: wpgateway Plugin Developer: Jack Hopman/WPGateway Affected Versions: = 3.5 CVE ID: CVE-2022-3180 CVSS Score: 9.8 Critical CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Fully Patched Version: N/A...

0.7AI score0.08841EPSS
Exploits2
Total number of security vulnerabilities5000