Lucene search
K
PacketstormMost viewed

50748 matches found

Packet Storm
Packet Storm
added 2024/04/12 12:0 a.m.319 views

Ray OS 2.6.3 Command Injection

Exploit Title: Ray OS v2.6.3 - Command Injection RCEUnauthorized Description: The Ray Project dashboard contains a CPU profiling page, and the format parameter is not validated before being inserted into a system command executed in a shell, allowing for arbitrary command execution. If the system...

9.8CVSS7.4AI score0.7463EPSS
Exploits15
Packet Storm
Packet Storm
added 2024/03/18 12:0 a.m.319 views

Gasmark Pro 1.0 Shell Upload

Title: GASMARK PRO-1.0 File Upload RCE Author: nu11secur1ty Date: 03/17/2024 Vendor: https://www.mayurik.com/ Software: https://www.sourcecodester.com/php/15586/gas-agency-management-system-project-php-free-download-source-code.html Reference: https://portswigger.net/web-security/file-upload...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/03/14 12:0 a.m.319 views

JetBrains TeamCity 2023.05.3 Remote Code Execution

Exploit Title: JetBrains TeamCity 2023.05.3 - Remote Code Execution RCE - Shodan Dork: http.title:TeamCity , http.favicon.hash:-1944119648 - Exploit Author: ByteHunter - Vendor: JetBrains - Email: [email protected] - vendor: JetBrains - Version: versions before 2023.05.4 - Tested on:...

9.8CVSS7.4AI score0.99979EPSS
Exploits17
Packet Storm
Packet Storm
added 2023/08/24 12:0 a.m.319 views

doorGets CMS 12 Shell Upload

==================================================================================================================================== | Title : doorGets CMS v12 Unrestricted File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/07 12:0 a.m.319 views

Web Wiz Forums 12.06 Database Disclosure

==================================================================================================================================== | Title : Web Wiz Forums 12.06 Database Disclosure Exploit | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 108.032-bit ...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/07/13 12:0 a.m.319 views

Bazaar Social Listing Shopping Web PHP Template 2.3.2 Privilege Escalation

==================================================================================================================================== | Title : Bazaar | Social Listing Shopping Web PHP Template v2.3.2 Privilege Escalation Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.P...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/06/27 12:0 a.m.319 views

Active eCommerce CMS 6.5.0 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/05/30 12:0 a.m.319 views

Papaya Medical Viewer 1.0 Cross Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Title ===== SCHUTZWERK-SA-2022-001: Cross-Site-Scripting in Papaya Medical Viewer Status ====== PUBLISHED Version ======= 1.0 CVE reference ============= CVE-2023-33255 Link ==== https://www.schutzwerk.com/advisories/SCHUTZWERK-SA-2022-001/ Text-onl...

7.1AI score0.00922EPSS
Exploits2
Packet Storm
Packet Storm
added 2022/09/14 12:0 a.m.319 views

WordPress WPGateway 3.5 Privilege Escalation

Description: Unauthenticated Privilege Escalation Affected Plugin: WPGateway Plugin Slug: wpgateway Plugin Developer: Jack Hopman/WPGateway Affected Versions: = 3.5 CVE ID: CVE-2022-3180 CVSS Score: 9.8 Critical CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Fully Patched Version: N/A...

0.7AI score0.08841EPSS
Exploits2
Packet Storm
Packet Storm
added 2022/06/06 12:0 a.m.319 views

dbus-broker-29 Memory Corruption

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Memory Corruption Vulnerabilities product: dbus-broker vulnerable version: dbus-broker-29 fixed version: dbus-broker-31 CVE number: CVE-2022-31212, CVE-2022-3121...

0.5AI score0.01749EPSS
Exploits4
Packet Storm
Packet Storm
added 2022/04/11 12:0 a.m.319 views

Telesquare TLR-2855KS6 Arbitrary File Deletion

Exploit Title: Telesquare TLR-2855KS6 - Arbitrary File Deletion Date: 7/4/2022 Exploit Author: Momen Eldawakhly Cyber Guy Vendor Homepage: http://www.telesquare.co.kr/ Version: TLR-2855KS6 Tested on: Linux Firefox CVE : CVE-2021-46419 Proof of Concept DELETE /cgi-bin/test.cgi HTTP/1.1 Host:...

0.5AI score0.71384EPSS
Exploits4
Packet Storm
Packet Storm
added 2022/04/11 12:0 a.m.319 views

Razer Sila 2.0.418 Local File Inclusion

Exploit Title: Razer Sila - Local File Inclusion LFI Google Dork: N/A Date: 4/9/2022 Exploit Author: Kevin Randall Vendor Homepage: https://www2.razer.com/ap-en/desktops-and-networking/razer-sila Software Link: https://www2.razer.com/ap-en/desktops-and-networking/razer-sila Version:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/04/07 12:0 a.m.319 views

binutils 2.37 Objdump Segmentation Fault

Exploit Title: binutils 2.37 - Objdump Segmentation Fault Date: 2021-11-03 Exploit Author: p3tryx Vendor Homepage: https://www.gnu.org/software/binutils/ Version: binutils 2.37 Tested on: Ubuntu 18.04 CVE : CVE-2021-43149 Payload file %223"\972\00\0083=Q333A11111111411111333333A $$$\FF$\80 1114...

6.7AI score
Exploits3
Packet Storm
Packet Storm
added 2022/04/05 12:0 a.m.319 views

Gadget Store Management System 1.0 Shell Upload

Exploit Title: Gadget Store Management System 1.0 - Remote Code Execution RCE Unauthenticated Date: 04/04/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.campcodes.com/ Software Link: https://www.campcodes.com/projects/php/gadget-store-management-system/ Version: 1.0 Tested on:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/08/16 12:0 a.m.319 views

COMMAX Smart Home Ruvie CCTV Bridge DVR Service Unauthenticated Config Write / DoS

COMMAX Smart Home Ruvie CCTV Bridge DVR Service Unauthenticated Config Write / DoS Vendor: COMMAX Co., Ltd. Prodcut web page: https://www.commax.com Affected version: n/a Summary: COMMAX Smart Home System is a smart IoT home solution for a large apartment complex that provides advanced life value...

0.8AI score
Exploits0
Packet Storm
Packet Storm
added 2021/08/11 12:0 a.m.319 views

HackTool.Win32.Hidd.b Buffer Overflow

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/665a408981294ca49be23096363eec2f.txt Contact: [email protected] Media: twitter.com/malvuln Threat: HackTool.Win32.Hidd.b Vulnerability: Remote Stack Buffer Overflow UDP Datagram Description: The...

0.8AI score
Exploits0
Packet Storm
Packet Storm
added 2021/07/06 12:0 a.m.319 views

Exam Hall Management System 1.0 Shell Upload

Exploit Title: Exam Hall Management System 1.0 - Unrestricted File Upload Unauthenticated Date: 06/07/2021 Exploit Author: Thamer Almohammadi @Thamerz88 Vendor Homepage: https://www.sourcecodester.com Software Link:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/06/01 12:0 a.m.319 views

CHIYU IoT Cross Site Scripting

Exploit Title: CHIYU IoT devices - 'Multiple' Cross-Site Scripting XSS Date: May 31 2021 Exploit Author: sirpedrotavares Vendor Homepage: https://www.chiyu-tech.com/msg/msg88.html Software Link: https://www.chiyu-tech.com/category-hardware.html Version: BF-430, BF-431, BF-450M, BF-630, BF631-W,...

0.1AI score0.8845EPSS
Exploits6
Packet Storm
Packet Storm
added 2021/03/12 12:0 a.m.319 views

QCubed 3.1.1 Cross Site Scripting

QCube Cross-Site-Scripting ====================== | Identifier: | AIT-SA-20210215-03 | | Target: | QCubed Framework | | Vendor: | QCubed | | Version: | all versions including 3.1.1 | | CVE: | CVE-2020-24912 | | Accessibility: | Remote | | Severity: | High | | Author: | Wolfgang Hotwagner AIT...

7.5CVSS8AI score0.43266EPSS
Exploits6
Packet Storm
Packet Storm
added 2021/02/08 12:0 a.m.319 views

Unibox Cross Site Request Forgery

===================================================== Authenticated XSRF leads to complete Account Takeover ===================================================== . contents:: Table Of Content Overview ======== Title:- Authenticated XSRF leads to complete account takeover in all UNIBOX WiFi Hotspo...

0.6AI score
Exploits0
Packet Storm
Packet Storm
added 2020/12/02 12:0 a.m.319 views

Online Voting System Project In PHP Cross Site Scripting

Exploit Title: Online Voting System Project in PHP - 'username' Persistent Cross-Site Scripting Date: 27-11-2020 Exploit Author: Sagar Banwa Vendor Homepage: https://projectworlds.in/ Software Link: https://projectworlds.in/free-projects/php-projects/online-voting-system-project-in-php-2/ Tested...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/10/01 12:0 a.m.319 views

SpinetiX Fusion Digital Signage 3.4.8 Path Traversal

SpinetiX Fusion Digital Signage 3.4.8 File Backup/Delete Path Traversal Vendor: SpinetiX AG Product web page: https://www.spinetix.com Affected version: = 3.4.8 1.0.36274 Summary: At SpinetiX we inspire businesses to unlock the potential of their story. We believe in the power of digital signage ...

Exploits0
Packet Storm
Packet Storm
added 2020/05/29 12:0 a.m.319 views

PanaceaSoft Shell Upload

Exploit Title: PanaceaSoft products Arbitrary File Upload/RCE Google Dork: NA Date: 25/5/2020 Exploit Author: syfi Vendor Homepage: http://www.panacea-soft.com/ Software Link: http://www.panacea-soft.com/ Version: latest Tested on: Ubuntu CVE : NA Vulnerability Description: PanaceaSoft products...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2019/09/06 12:0 a.m.319 views

Facebook Messenger Denial Of Service

Facebook Messenger Remote Denial of Service Vulnerability Report by Social Engineering Neo. Affected Platforms: - Android ≤9 IOS ≤11 Messenger Messenger Lite Tested On: - Android 6 & 7 IOS 11 Messenger build 228.1.0.10.116 Messenger Lite build 65.0.1.18.236 Class: - Denial of Service. Summary: -...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2019/08/30 12:0 a.m.319 views

Sentrifugo 3.2 Cross Site Scripting

Exploit Title: Sentrifugo 3.2 - Persistent Cross-Site Scripting Google Dork: N/A Date: 8/29/2019 Exploit Author: creosote Vendor Homepage: http://www.sentrifugo.com/ Version: 3.2 Tested on: Ubuntu 18.04 CVE : CVE-2019-15814 Multiple Stored XSS vulnerabilities were found in Sentrifugo 3.2. In most...

5.6AI score0.01581EPSS
Exploits5
Packet Storm
Packet Storm
added 2019/01/24 12:0 a.m.319 views

Cisco RV320 Unauthenticated Configuration Export

Advisory: Cisco RV320 Unauthenticated Configuration Export RedTeam Pentesting discovered that the configuration of a Cisco RV320 router may be exported without authentication through the device's web interface. Details ======= Product: Cisco RV320 Dual Gigabit WAN VPN Router, possibly others...

0.5AI score0.99876EPSS
Exploits19
Packet Storm
Packet Storm
added 2018/12/06 12:0 a.m.319 views

Chamilo 1.11.6 Cross Site Scripting

Multiple Cross-site Scripting Vulnerabilities in Chamilo 1.11.6 Information -------------------- Advisory by Netsparker Name: Multiple Cross-site Scripting Vulnerabilities in Chamilo 1.11.6 Affected Software: Chamilo Affected Versions: 1.11.6 Homepage: https://chamilo.org/en/ Vulnerability:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2025/04/07 12:0 a.m.318 views

📄 Apache Tomcat Remote Code Execution

Apache Tomcat has a path equivalence remote code execution vulnerability. Versions prior to 11.0.3, 10.1.35, and 9.0.98 are affected. Exploit Title: Apache Tomcat Path Equivalence - Remote Code Execution Exploit Author: Al Baradi Joy CVE: CVE-2025-24813 Date: 2025-04-06 Vendor Homepage:...

9.8CVSS9.5AI score0.99945EPSS
Exploits46
Packet Storm
Packet Storm
added 2025/01/22 12:0 a.m.318 views

MacOS CoreAudio Framework Sandbox Escape

MacOS suffers from a sandbox escape vulnerability due to a type confusion issue in coreaudiod/CoreAudio Framework. The com.apple.audio.audiohald Mach service on MacOS is hosted by the coreaudiod process. This process exposes the Hardware Abstraction Layer HAL of the CoreAudio framework, which...

7.8CVSS8.3AI score0.00333EPSS
Exploits2
Packet Storm
Packet Storm
added 2024/09/20 12:0 a.m.318 views

Transport Management System 1.0 SQL Injection

============================================================================================================================================= | Title : Transport Management System 1.0 Sql INjection injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.318 views

Java RMI Registry Interfaces Enumeration

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/java/serialization' class MetasploitModule 'Java RMI Registry Interfaces Enumeration', 'Description' = %q This module gathers information from an RMI endpoi...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.318 views

Samba read_nttrans_ea_list Integer Overflow

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/struct2' class MetasploitModule 'Samba readnttransealist Integer Overflow', 'Description' = %q Integer overflow in the readnttransealist function in nttrans...

5CVSS7AI score0.69008EPSS
Exploits7
Packet Storm
Packet Storm
added 2024/08/09 12:0 a.m.318 views

Exam Form Submission 1.0 Arbitrary File Upload

============================================================================================================================================= | Title : Exam Form Submission v1.0 Remote File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/07/01 12:0 a.m.318 views

WordPress WPCode Lite 2.1.14 Cross Site Scripting

Exploit Title: Wordpress WPCode Lite Version 2.1.14 Stored XSS Date: 2024-06-30 Exploit Author: tmrswrr Category : Webapps Vendor Homepage: https://wpcode.com/?utmsource=wprepo&utmmedium=link&utmcampaign=liteplugin Version 2.1.14 Steps to Execute the Payload: 1. Access the Admin Panel: - Navigate...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/02/28 12:0 a.m.318 views

Saflok System 6000 Key Derivation

// Exploit Title: Saflok KDF // Date: 2023-10-29 // Exploit Author: a51199deefa2c2520cea24f746d899ce // Vendor Homepage: https://www.dormakaba.com/ // Version: System 6000 // Tested on: Dormakaba Saflok cards // CVE: N/A include include define MAGICTABLESIZE 192 define KEYLENGTH 6 define UIDLENGT...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/09/11 12:0 a.m.318 views

WordPress Slimstat Analytics 5.0.9 Cross Site Scripting / SQL Injection

Vulnerability Summary from Wordfence Intelligence Description: Slimstat Analytics = 5.0.9 – Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Affected Plugin: Slimstat Analytics Plugin Slug: wp-slimstat Affected Versions: = 5.0.9 CVE ID: CVE-2023-4597 CVSS Score: 6.4 Medium CVS...

8.8CVSS7.1AI score0.00916EPSS
Exploits4
Packet Storm
Packet Storm
added 2023/08/16 12:0 a.m.318 views

Education Time Indonesian School CRM 1.7 SQL Injection

==================================================================================================================================== | Title : Education Time Indonesian School CRM v 1.7 Sql injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozill...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/07/13 12:0 a.m.318 views

Vaidya-Mitra 1.0 SQL Injection

Title: Vaidya-Mitra 1.0 Multiple - SQLi Author: nu11secur1ty Date: 07.12.2023 Vendor: https://mayurik.com/ Software: free: https://www.sourcecodester.com/php/16720/free-hospital-management-system-small-practices.html, https://mayurik.com/source-code/P5890/best-hospital-management-system-in-php...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/07/13 12:0 a.m.318 views

Bloly 1.3 Add Administrator

==================================================================================================================================== | Title : Bloly v1.3 Add admin Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.264-bit | | Vendor :...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/06/30 12:0 a.m.318 views

Property Listing Script 1.0 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/05/02 12:0 a.m.318 views

ESET Forwarder 16.0.26.0 Unquoted Service Path

Exploit Title: ESET Forwarder 16.0.26.0 - Unquoted Service Path Privilege Escalation Date: 2023-04-30 Author: Milad Karimi Ex3ptionaL Vendor Homepage: https://www.eset.com Software Link: https://www.eset.com/download/ version : 16.0.26.0 Latest Tested on: Windows 11 ESET installs as a service wit...

6.9AI score
Exploits0
Packet Storm
Packet Storm
added 2023/02/15 12:0 a.m.318 views

GitLab GitHub Repo Import Deserialization Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'GitLab GitHub Repo Import Deserialization RCE', 'Description' = %q An authenticated user can import a repository from GitHub into GitLab. If a us...

9.9CVSS9.6AI score0.86194EPSS
Exploits5
Packet Storm
Packet Storm
added 2022/07/05 12:0 a.m.318 views

Advanced Testimonials Manager 5.6 SQL Injection

==================================================================================================================================== | Title : Advanced Testimonials Manager v5.6 Auth by pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...

0.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/07/05 12:0 a.m.318 views

Ransom Lockbit 3.0 MVID-2022-0621 Code Execution

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/38745539b71cf201bb502437f891d799B.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Ransom Lockbit 3.0 Vulnerability: Code Execution Description: The ransomware apparently n...

Exploits0
Packet Storm
Packet Storm
added 2021/10/26 12:0 a.m.318 views

PHP Melody 3.0 Cross Site Scripting

Document Title: =============== PHP Melody v3.0 - Editor Persistent XSS Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2291 Bulletin: https://www.phpsugar.com/blog/2021/09/php-melody-3-0-vulnerability-report-fix/ Release Date: ===========...

Exploits0
Packet Storm
Packet Storm
added 2021/10/14 12:0 a.m.318 views

SolarWinds Kiwi CatTools 3.11.8 Unquoted Service Path

Exploit Title: SolarWinds Kiwi CatTools 3.11.8 - Unquoted Service Path Exploit Author: Mert DAŞ Version: 3.11.8 Date: 14.10.2021 Vendor Homepage: https://www.solarwinds.com/ Tested on: Windows 10 Step to discover Unquoted Service Path : -------------------------------------- C:\Users\Mertsc qc...

0.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/09/02 12:0 a.m.318 views

Backdoor.Win32.MoonPie.40 Remote Command Execution

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/Backdoor.Win32.MoonPie.40.9dbb6d56bc9a7813305883acd0f9a355C.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.MoonPie.40 Vulnerability: Unauthenticated Remote Command...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/08/11 12:0 a.m.318 views

Backdoor.Win32.IRCBot.gen Hardcoded Credential

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/bcfc89ca07bd0ad7b9396a0815c9fc39.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.IRCBot.gen Vulnerability: Hardcoded Weak Password Description: The malware listens on...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/03/08 12:0 a.m.318 views

Hotel And Lodge Management System 1.0 Shell Upload

Exploit Title: Hotel and Lodge Management System 1.0 - Remote Code Execution Unauthenticated Date: 07-03-2021 Exploit Author: Christian Vierschilling Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/13707/hotel-and-lodge-management-system.html...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/02/12 12:0 a.m.318 views

SolarWinds Serv-U FTP Server 15.2.1 Cross Site Scripting

Title: Stored XSS Product: SolarWinds Serv-U FTP Server Vendor Homepage: https://www.solarwinds.com/ Vulnerable Version: 15.2.1 and lower Fixed Version: 15.2.2 CVE Number: CVE-2020-28001 Author: Jack Misiura from The Missing Link Website: https://www.themissinglink.com.au Timeline: 2020-10-30...

3.5CVSS5.6AI score0.03789EPSS
Exploits2
Total number of security vulnerabilities5000