Lucene search
K
PacketstormMost viewed

50738 matches found

Packet Storm
Packet Storm
added 2023/05/30 12:0 a.m.319 views

Papaya Medical Viewer 1.0 Cross Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Title ===== SCHUTZWERK-SA-2022-001: Cross-Site-Scripting in Papaya Medical Viewer Status ====== PUBLISHED Version ======= 1.0 CVE reference ============= CVE-2023-33255 Link ==== https://www.schutzwerk.com/advisories/SCHUTZWERK-SA-2022-001/ Text-onl...

7.1AI score0.00922EPSS
Exploits2
Packet Storm
Packet Storm
added 2022/09/14 12:0 a.m.319 views

WordPress WPGateway 3.5 Privilege Escalation

Description: Unauthenticated Privilege Escalation Affected Plugin: WPGateway Plugin Slug: wpgateway Plugin Developer: Jack Hopman/WPGateway Affected Versions: = 3.5 CVE ID: CVE-2022-3180 CVSS Score: 9.8 Critical CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Fully Patched Version: N/A...

0.7AI score0.08841EPSS
Exploits2
Packet Storm
Packet Storm
added 2022/06/06 12:0 a.m.319 views

dbus-broker-29 Memory Corruption

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Memory Corruption Vulnerabilities product: dbus-broker vulnerable version: dbus-broker-29 fixed version: dbus-broker-31 CVE number: CVE-2022-31212, CVE-2022-3121...

0.5AI score0.01749EPSS
Exploits4
Packet Storm
Packet Storm
added 2022/04/11 12:0 a.m.319 views

Telesquare TLR-2855KS6 Arbitrary File Deletion

Exploit Title: Telesquare TLR-2855KS6 - Arbitrary File Deletion Date: 7/4/2022 Exploit Author: Momen Eldawakhly Cyber Guy Vendor Homepage: http://www.telesquare.co.kr/ Version: TLR-2855KS6 Tested on: Linux Firefox CVE : CVE-2021-46419 Proof of Concept DELETE /cgi-bin/test.cgi HTTP/1.1 Host:...

0.5AI score0.71384EPSS
Exploits4
Packet Storm
Packet Storm
added 2022/04/07 12:0 a.m.319 views

binutils 2.37 Objdump Segmentation Fault

Exploit Title: binutils 2.37 - Objdump Segmentation Fault Date: 2021-11-03 Exploit Author: p3tryx Vendor Homepage: https://www.gnu.org/software/binutils/ Version: binutils 2.37 Tested on: Ubuntu 18.04 CVE : CVE-2021-43149 Payload file %223"\972\00\0083=Q333A11111111411111333333A $$$\FF$\80 1114...

6.7AI score
Exploits3
Packet Storm
Packet Storm
added 2022/01/25 12:0 a.m.319 views

H2 Database Console Remote Code Execution

Document Title =============== Unauthenticated RCE vuln in the H2 Database console: CVE-2022-23221. Product Description =============== The H2 Console Application The Console lets you access a SQL database using a browser interface. Homepage: http://www.h2database.com/html/quickstart.html Affecte...

0.1AI score0.64766EPSS
Exploits4
Packet Storm
Packet Storm
added 2021/08/16 12:0 a.m.319 views

COMMAX Smart Home Ruvie CCTV Bridge DVR Service Unauthenticated Config Write / DoS

COMMAX Smart Home Ruvie CCTV Bridge DVR Service Unauthenticated Config Write / DoS Vendor: COMMAX Co., Ltd. Prodcut web page: https://www.commax.com Affected version: n/a Summary: COMMAX Smart Home System is a smart IoT home solution for a large apartment complex that provides advanced life value...

0.8AI score
Exploits0
Packet Storm
Packet Storm
added 2021/08/11 12:0 a.m.319 views

HackTool.Win32.Hidd.b Buffer Overflow

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/665a408981294ca49be23096363eec2f.txt Contact: [email protected] Media: twitter.com/malvuln Threat: HackTool.Win32.Hidd.b Vulnerability: Remote Stack Buffer Overflow UDP Datagram Description: The...

0.8AI score
Exploits0
Packet Storm
Packet Storm
added 2021/06/01 12:0 a.m.319 views

CHIYU IoT Cross Site Scripting

Exploit Title: CHIYU IoT devices - 'Multiple' Cross-Site Scripting XSS Date: May 31 2021 Exploit Author: sirpedrotavares Vendor Homepage: https://www.chiyu-tech.com/msg/msg88.html Software Link: https://www.chiyu-tech.com/category-hardware.html Version: BF-430, BF-431, BF-450M, BF-630, BF631-W,...

0.1AI score0.8845EPSS
Exploits6
Packet Storm
Packet Storm
added 2021/03/29 12:0 a.m.319 views

Health Center Patient Record Management System 1.0 Cross Site Scripting

Exploit Title: Health Center Patient Record Management System | 'address' param Stored Cross Site Scripting Exploit Author: Richard Jones Date: 2021-03-29 Vendor Homepage: https://www.sourcecodester.com/php/11058/health-center-patient-record-management-system.html Software Link:...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2021/03/12 12:0 a.m.319 views

QCubed 3.1.1 Cross Site Scripting

QCube Cross-Site-Scripting ====================== | Identifier: | AIT-SA-20210215-03 | | Target: | QCubed Framework | | Vendor: | QCubed | | Version: | all versions including 3.1.1 | | CVE: | CVE-2020-24912 | | Accessibility: | Remote | | Severity: | High | | Author: | Wolfgang Hotwagner AIT...

7.5CVSS8AI score0.43266EPSS
Exploits6
Packet Storm
Packet Storm
added 2020/10/01 12:0 a.m.319 views

SpinetiX Fusion Digital Signage 3.4.8 Path Traversal

SpinetiX Fusion Digital Signage 3.4.8 File Backup/Delete Path Traversal Vendor: SpinetiX AG Product web page: https://www.spinetix.com Affected version: = 3.4.8 1.0.36274 Summary: At SpinetiX we inspire businesses to unlock the potential of their story. We believe in the power of digital signage ...

Exploits0
Packet Storm
Packet Storm
added 2020/05/29 12:0 a.m.319 views

PanaceaSoft Shell Upload

Exploit Title: PanaceaSoft products Arbitrary File Upload/RCE Google Dork: NA Date: 25/5/2020 Exploit Author: syfi Vendor Homepage: http://www.panacea-soft.com/ Software Link: http://www.panacea-soft.com/ Version: latest Tested on: Ubuntu CVE : NA Vulnerability Description: PanaceaSoft products...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2019/11/01 12:0 a.m.319 views

ownCloud 10.3.0 Stable Cross Site Request Forgery

Exploit Title: ownCloud 10.3.0 stable - Cross-Site Request Forgery Date: 2019-10-31 Exploit Author: Ozer Goker Vendor Homepage: https://owncloud.org Software Link: https://owncloud.org/download/ Version: 10.3 CVE: N/A Introduction Your personal cloud collaboration platform With over 50 million...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2019/09/06 12:0 a.m.319 views

Facebook Messenger Denial Of Service

Facebook Messenger Remote Denial of Service Vulnerability Report by Social Engineering Neo. Affected Platforms: - Android ≤9 IOS ≤11 Messenger Messenger Lite Tested On: - Android 6 & 7 IOS 11 Messenger build 228.1.0.10.116 Messenger Lite build 65.0.1.18.236 Class: - Denial of Service. Summary: -...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2019/08/30 12:0 a.m.319 views

Sentrifugo 3.2 Cross Site Scripting

Exploit Title: Sentrifugo 3.2 - Persistent Cross-Site Scripting Google Dork: N/A Date: 8/29/2019 Exploit Author: creosote Vendor Homepage: http://www.sentrifugo.com/ Version: 3.2 Tested on: Ubuntu 18.04 CVE : CVE-2019-15814 Multiple Stored XSS vulnerabilities were found in Sentrifugo 3.2. In most...

5.6AI score0.01581EPSS
Exploits5
Packet Storm
Packet Storm
added 2018/12/06 12:0 a.m.319 views

Chamilo 1.11.6 Cross Site Scripting

Multiple Cross-site Scripting Vulnerabilities in Chamilo 1.11.6 Information -------------------- Advisory by Netsparker Name: Multiple Cross-site Scripting Vulnerabilities in Chamilo 1.11.6 Affected Software: Chamilo Affected Versions: 1.11.6 Homepage: https://chamilo.org/en/ Vulnerability:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2025/10/27 12:0 a.m.318 views

📄 RiteCMS 3.1.0 Remote Code Execution

RiteCMS version 3.1.0 suffers from an authenticated remote code execution vulnerability. Exploit Title: RiteCMS 3.1.0 - Authenticated Remote Code Execution RCE Date: 2025-10-26 Exploit Author: Chokri Hammedi Vendor Homepage: https://github.com/handylulu/RiteCMS Software Link:...

8.2AI score
Exploits0
Packet Storm
Packet Storm
added 2025/04/07 12:0 a.m.318 views

📄 Apache Tomcat Remote Code Execution

Apache Tomcat has a path equivalence remote code execution vulnerability. Versions prior to 11.0.3, 10.1.35, and 9.0.98 are affected. Exploit Title: Apache Tomcat Path Equivalence - Remote Code Execution Exploit Author: Al Baradi Joy CVE: CVE-2025-24813 Date: 2025-04-06 Vendor Homepage:...

9.8CVSS9.5AI score0.99945EPSS
Exploits46
Packet Storm
Packet Storm
added 2024/09/20 12:0 a.m.318 views

Transport Management System 1.0 SQL Injection

============================================================================================================================================= | Title : Transport Management System 1.0 Sql INjection injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.318 views

Java RMI Registry Interfaces Enumeration

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/java/serialization' class MetasploitModule 'Java RMI Registry Interfaces Enumeration', 'Description' = %q This module gathers information from an RMI endpoi...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/09 12:0 a.m.318 views

Exam Form Submission 1.0 Arbitrary File Upload

============================================================================================================================================= | Title : Exam Form Submission v1.0 Remote File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/06/06 12:0 a.m.318 views

Trojan.Win32.DarkGateLoader MVID-2024-0685 Code Execution

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/afe012ed0d96abfe869b9e26ea375824.txt Contact: [email protected] Media: x.com/malvuln Threat: Trojan.Win32.DarkGateLoader multi variants Vulnerability: Arbitrary Code Execution Description:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/02/28 12:0 a.m.318 views

Saflok System 6000 Key Derivation

// Exploit Title: Saflok KDF // Date: 2023-10-29 // Exploit Author: a51199deefa2c2520cea24f746d899ce // Vendor Homepage: https://www.dormakaba.com/ // Version: System 6000 // Tested on: Dormakaba Saflok cards // CVE: N/A include include define MAGICTABLESIZE 192 define KEYLENGTH 6 define UIDLENGT...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/09/11 12:0 a.m.318 views

WordPress Slimstat Analytics 5.0.9 Cross Site Scripting / SQL Injection

Vulnerability Summary from Wordfence Intelligence Description: Slimstat Analytics = 5.0.9 – Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Affected Plugin: Slimstat Analytics Plugin Slug: wp-slimstat Affected Versions: = 5.0.9 CVE ID: CVE-2023-4597 CVSS Score: 6.4 Medium CVS...

8.8CVSS7.1AI score0.00916EPSS
Exploits4
Packet Storm
Packet Storm
added 2023/08/16 12:0 a.m.318 views

Education Time Indonesian School CRM 1.7 SQL Injection

==================================================================================================================================== | Title : Education Time Indonesian School CRM v 1.7 Sql injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozill...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/07/13 12:0 a.m.318 views

Vaidya-Mitra 1.0 SQL Injection

Title: Vaidya-Mitra 1.0 Multiple - SQLi Author: nu11secur1ty Date: 07.12.2023 Vendor: https://mayurik.com/ Software: free: https://www.sourcecodester.com/php/16720/free-hospital-management-system-small-practices.html, https://mayurik.com/source-code/P5890/best-hospital-management-system-in-php...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/07/13 12:0 a.m.318 views

Bloly 1.3 Add Administrator

==================================================================================================================================== | Title : Bloly v1.3 Add admin Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.264-bit | | Vendor :...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/06/30 12:0 a.m.318 views

Property Listing Script 1.0 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/02/15 12:0 a.m.318 views

GitLab GitHub Repo Import Deserialization Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'GitLab GitHub Repo Import Deserialization RCE', 'Description' = %q An authenticated user can import a repository from GitHub into GitLab. If a us...

9.9CVSS9.6AI score0.86194EPSS
Exploits5
Packet Storm
Packet Storm
added 2022/07/05 12:0 a.m.318 views

Ransom Lockbit 3.0 MVID-2022-0621 Code Execution

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/38745539b71cf201bb502437f891d799B.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Ransom Lockbit 3.0 Vulnerability: Code Execution Description: The ransomware apparently n...

Exploits0
Packet Storm
Packet Storm
added 2022/07/05 12:0 a.m.318 views

Advanced Testimonials Manager 5.6 SQL Injection

==================================================================================================================================== | Title : Advanced Testimonials Manager v5.6 Auth by pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...

0.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/04/11 12:0 a.m.318 views

Razer Sila 2.0.418 Local File Inclusion

Exploit Title: Razer Sila - Local File Inclusion LFI Google Dork: N/A Date: 4/9/2022 Exploit Author: Kevin Randall Vendor Homepage: https://www2.razer.com/ap-en/desktops-and-networking/razer-sila Software Link: https://www2.razer.com/ap-en/desktops-and-networking/razer-sila Version:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/04/05 12:0 a.m.318 views

Gadget Store Management System 1.0 Shell Upload

Exploit Title: Gadget Store Management System 1.0 - Remote Code Execution RCE Unauthenticated Date: 04/04/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.campcodes.com/ Software Link: https://www.campcodes.com/projects/php/gadget-store-management-system/ Version: 1.0 Tested on:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/10/26 12:0 a.m.318 views

PHP Melody 3.0 Cross Site Scripting

Document Title: =============== PHP Melody v3.0 - Editor Persistent XSS Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2291 Bulletin: https://www.phpsugar.com/blog/2021/09/php-melody-3-0-vulnerability-report-fix/ Release Date: ===========...

Exploits0
Packet Storm
Packet Storm
added 2021/10/14 12:0 a.m.318 views

SolarWinds Kiwi CatTools 3.11.8 Unquoted Service Path

Exploit Title: SolarWinds Kiwi CatTools 3.11.8 - Unquoted Service Path Exploit Author: Mert DAŞ Version: 3.11.8 Date: 14.10.2021 Vendor Homepage: https://www.solarwinds.com/ Tested on: Windows 10 Step to discover Unquoted Service Path : -------------------------------------- C:\Users\Mertsc qc...

0.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/08/11 12:0 a.m.318 views

Backdoor.Win32.IRCBot.gen Hardcoded Credential

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/bcfc89ca07bd0ad7b9396a0815c9fc39.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.IRCBot.gen Vulnerability: Hardcoded Weak Password Description: The malware listens on...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/07/06 12:0 a.m.318 views

Exam Hall Management System 1.0 Shell Upload

Exploit Title: Exam Hall Management System 1.0 - Unrestricted File Upload Unauthenticated Date: 06/07/2021 Exploit Author: Thamer Almohammadi @Thamerz88 Vendor Homepage: https://www.sourcecodester.com Software Link:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/03/08 12:0 a.m.318 views

Hotel And Lodge Management System 1.0 Shell Upload

Exploit Title: Hotel and Lodge Management System 1.0 - Remote Code Execution Unauthenticated Date: 07-03-2021 Exploit Author: Christian Vierschilling Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/13707/hotel-and-lodge-management-system.html...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/02/12 12:0 a.m.318 views

SolarWinds Serv-U FTP Server 15.2.1 Cross Site Scripting

Title: Stored XSS Product: SolarWinds Serv-U FTP Server Vendor Homepage: https://www.solarwinds.com/ Vulnerable Version: 15.2.1 and lower Fixed Version: 15.2.2 CVE Number: CVE-2020-28001 Author: Jack Misiura from The Missing Link Website: https://www.themissinglink.com.au Timeline: 2020-10-30...

3.5CVSS5.6AI score0.03789EPSS
Exploits2
Packet Storm
Packet Storm
added 2021/02/08 12:0 a.m.318 views

Unibox Cross Site Request Forgery

===================================================== Authenticated XSRF leads to complete Account Takeover ===================================================== . contents:: Table Of Content Overview ======== Title:- Authenticated XSRF leads to complete account takeover in all UNIBOX WiFi Hotspo...

0.6AI score
Exploits0
Packet Storm
Packet Storm
added 2020/12/02 12:0 a.m.318 views

Online Voting System Project In PHP Cross Site Scripting

Exploit Title: Online Voting System Project in PHP - 'username' Persistent Cross-Site Scripting Date: 27-11-2020 Exploit Author: Sagar Banwa Vendor Homepage: https://projectworlds.in/ Software Link: https://projectworlds.in/free-projects/php-projects/online-voting-system-project-in-php-2/ Tested...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/10/26 12:0 a.m.318 views

Online Health Care System 1.0 Cross Site Scripting

Exploit Title: Online Health Care System 1.0 - Multiple Cross Site Scripting Stored Google Dork: N/A Date: 2020/10/24 Exploit Author: Akıner Kısa Vendor Homepage: https://www.sourcecodester.com/php/14526/online-health-care-system-php-full-source-code-2020.html Software Link:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/07/14 12:0 a.m.318 views

Verint Impact 360 15.1 Script Insertion / HTML Injection

!-- Exploit Title: Verint Impact 360 Open iFrame Date: 7-13-2020 Exploit Author: Ryan Delaney Author Contact: [email protected] Author LinkedIn: https://www.linkedin.com/in/infosecrd/ Vendor Homepage: https://www.verint.com/ Software Link:...

0.2AI score0.00843EPSS
Exploits1
Packet Storm
Packet Storm
added 2020/06/22 12:0 a.m.318 views

Mereo 1.9.4 Denial Of Service

!/usr/bin/python ''' Exploit Title: Mereo 1.9.4 - Remote HTTP Server Denial of Service Date: 06-2020 Exploit Author: Saeed reza Zamanian Vendor Homepage: https://sourceforge.net/projects/mereo/ Software Link: https://sourceforge.net/projects/mereo/files/ Version: 1.9.4 Tested on: Windows 7 ,...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2019/09/03 12:0 a.m.318 views

Cisco Email Security Virtual Appliance C100V IronPort Header Injection

!/usr/bin/perl -w Cisco Email Security Virtual Appliance C100V IronPort Remote Header 'Host' Injection Copyright 2019 c Todor Donev Disclaimer: This or previous programs are for Educational purpose ONLY. Do not use it without permission. The usual disclaimer applies, especially the fact that Todo...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2019/08/12 12:0 a.m.318 views

VxWorks 6.8 Integer Underflow

Exploit Title: VxWorks TCP Urgent pointer = 0 integer underflow vulnerability Discovered By: Armis Security PoC Author: Zhou Yu twitter: @504137480 Vendor Homepage: https://www.windriver.com Tested on: VxWorks 6.8 CVE: CVE-2019-12255 More Details:...

0.8AI score0.7525EPSS
Exploits5
Packet Storm
Packet Storm
added 2019/01/24 12:0 a.m.318 views

Cisco RV320 Unauthenticated Configuration Export

Advisory: Cisco RV320 Unauthenticated Configuration Export RedTeam Pentesting discovered that the configuration of a Cisco RV320 router may be exported without authentication through the device's web interface. Details ======= Product: Cisco RV320 Dual Gigabit WAN VPN Router, possibly others...

0.5AI score0.99876EPSS
Exploits19
Packet Storm
Packet Storm
added 2018/05/04 12:0 a.m.318 views

GPON Router Authentication Bypass / Comand Injection

!/bin/bash echo "+ Sending the Commanda| " We send the commands with two modes backtick and semicolon ; because different models trigger on different devices curl -k -d "XWebPageName=diag&diagaction=ping&wanconlist=0&desthost=$2;$2&ipv=0" $1/GponForm/diagForm?images/ 2/dev/null 1/dev/null echo "+...

1.3AI score0.9995EPSS
Exploits10
Packet Storm
Packet Storm
added 2016/07/25 12:0 a.m.318 views

PHP File Vault 0.9 Directory Traversal / File Read

PHP File Vault version 0.9 , remote directory traversal and read file vulnerabilty ================================================================================== Discovered by NA, NAattutanota.com ====================================== Description =========== A very small PHP website...

0.5AI score
Exploits0
Total number of security vulnerabilities5000