Lucene search
K
PacketstormMost viewed

50784 matches found

Packet Storm
Packet Storm
added 2024/02/28 12:0 a.m.318 views

Saflok System 6000 Key Derivation

// Exploit Title: Saflok KDF // Date: 2023-10-29 // Exploit Author: a51199deefa2c2520cea24f746d899ce // Vendor Homepage: https://www.dormakaba.com/ // Version: System 6000 // Tested on: Dormakaba Saflok cards // CVE: N/A include include define MAGICTABLESIZE 192 define KEYLENGTH 6 define UIDLENGT...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/12/11 12:0 a.m.318 views

WordPress Contact Form To Any API 1.1.6 Cross Site Request Forgery

Exploit Title: WP Plugins Contact Form to Any API history.pushState'', '', '/'; document.forms0.submit; Recommendation Upgrade to version 1.1.7...

7.2AI score0.00465EPSS
Exploits2
Packet Storm
Packet Storm
added 2023/09/11 12:0 a.m.318 views

WordPress Slimstat Analytics 5.0.9 Cross Site Scripting / SQL Injection

Vulnerability Summary from Wordfence Intelligence Description: Slimstat Analytics = 5.0.9 – Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Affected Plugin: Slimstat Analytics Plugin Slug: wp-slimstat Affected Versions: = 5.0.9 CVE ID: CVE-2023-4597 CVSS Score: 6.4 Medium CVS...

8.8CVSS7.1AI score0.00916EPSS
Exploits4
Packet Storm
Packet Storm
added 2023/08/16 12:0 a.m.318 views

Education Time Indonesian School CRM 1.7 SQL Injection

==================================================================================================================================== | Title : Education Time Indonesian School CRM v 1.7 Sql injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozill...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/06/30 12:0 a.m.318 views

Property Listing Script 1.0 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/05/03 12:0 a.m.318 views

SoftExpert Suite 2.1.3 Local File Inclusion

Exploit Title: SoftExpert SE Suite v2.1.3 - Local File Inclusion Date: 27-04-2023 Exploit Author: Felipe Alcantara Filiplain Vendor Homepage: https://www.softexpert.com/ Version: 2.0 target=$1 u=$2 p=$3 file=$echo -n "$4"|base64 -w 0 end="\0330m\e0m" red="\e0;31m\0331m" blue="\e0;34m\0331m" echo ...

6.9AI score0.05877EPSS
Exploits5
Packet Storm
Packet Storm
added 2023/05/02 12:0 a.m.318 views

ESET Forwarder 16.0.26.0 Unquoted Service Path

Exploit Title: ESET Forwarder 16.0.26.0 - Unquoted Service Path Privilege Escalation Date: 2023-04-30 Author: Milad Karimi Ex3ptionaL Vendor Homepage: https://www.eset.com Software Link: https://www.eset.com/download/ version : 16.0.26.0 Latest Tested on: Windows 11 ESET installs as a service wit...

6.9AI score
Exploits0
Packet Storm
Packet Storm
added 2022/07/05 12:0 a.m.318 views

Ransom Lockbit 3.0 MVID-2022-0621 Code Execution

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/38745539b71cf201bb502437f891d799B.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Ransom Lockbit 3.0 Vulnerability: Code Execution Description: The ransomware apparently n...

Exploits0
Packet Storm
Packet Storm
added 2022/07/05 12:0 a.m.318 views

Advanced Testimonials Manager 5.6 SQL Injection

==================================================================================================================================== | Title : Advanced Testimonials Manager v5.6 Auth by pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...

0.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/05/31 12:0 a.m.318 views

MyBB Admin Control Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'MyBB Admin Control Code Injection RCE', 'Description' = %q This exploit module leverages an improper input validation vulnerability in MyBB prior...

7.2CVSS0.5AI score0.77677EPSS
Exploits9
Packet Storm
Packet Storm
added 2022/04/19 12:0 a.m.318 views

Backdoor.Win32.Psychward.03.a Weak Hardcoded Password

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/4b9a42ca1e65cf0a7febbe18f397ef24.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Psychward.03.a Vulnerability: Weak Hardcoded Password Description: The malware listen...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2022/04/07 12:0 a.m.318 views

WordPress UpdraftPlus Cross Site Scripting

Tittle: WordPress Plugin UpdraftPlus confirm1 Classification Type XSS OWASP top 10 A7: Cross-Site Scripting XSS CWE-79 wpScan: https://wpscan.com/vulnerability/7337543f-4c2c-4365-aebf-3423e9d2f872...

0.07355EPSS
Exploits4
Packet Storm
Packet Storm
added 2021/12/03 12:0 a.m.318 views

Backdoor.Win32.WinShell.50 Hardcoded Password

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/8170928cd3e0f1a79b9d40ae19a4d217.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.WinShell.50 Vulnerability: Weak Hardcoded Password Description: The malware listens o...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/10/26 12:0 a.m.318 views

PHP Melody 3.0 Cross Site Scripting

Document Title: =============== PHP Melody v3.0 - Editor Persistent XSS Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2291 Bulletin: https://www.phpsugar.com/blog/2021/09/php-melody-3-0-vulnerability-report-fix/ Release Date: ===========...

Exploits0
Packet Storm
Packet Storm
added 2021/10/14 12:0 a.m.318 views

SolarWinds Kiwi CatTools 3.11.8 Unquoted Service Path

Exploit Title: SolarWinds Kiwi CatTools 3.11.8 - Unquoted Service Path Exploit Author: Mert DAŞ Version: 3.11.8 Date: 14.10.2021 Vendor Homepage: https://www.solarwinds.com/ Tested on: Windows 10 Step to discover Unquoted Service Path : -------------------------------------- C:\Users\Mertsc qc...

0.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/08/11 12:0 a.m.318 views

Backdoor.Win32.IRCBot.gen Hardcoded Credential

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/bcfc89ca07bd0ad7b9396a0815c9fc39.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.IRCBot.gen Vulnerability: Hardcoded Weak Password Description: The malware listens on...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/05/03 12:0 a.m.318 views

GitLab Community Edition (CE) 13.10.3 User Enumeration

Exploit Title: GitLab Community Edition CE 13.10.3 - User Enumeration Date: 4/29/2021 Exploit Author: @4D0niiS https://github.com/4D0niiS Vendor Homepage: https://gitlab.com/ Version: 13.10.3 Tested on: Kali Linux 2021.1 !/bin/bash Colors RED='\03338;5;196m' GREEN='\e38;5;47m' NC='\0330m'...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/03/08 12:0 a.m.318 views

Hotel And Lodge Management System 1.0 Shell Upload

Exploit Title: Hotel and Lodge Management System 1.0 - Remote Code Execution Unauthenticated Date: 07-03-2021 Exploit Author: Christian Vierschilling Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/13707/hotel-and-lodge-management-system.html...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/10/26 12:0 a.m.318 views

Online Health Care System 1.0 Cross Site Scripting

Exploit Title: Online Health Care System 1.0 - Multiple Cross Site Scripting Stored Google Dork: N/A Date: 2020/10/24 Exploit Author: Akıner Kısa Vendor Homepage: https://www.sourcecodester.com/php/14526/online-health-care-system-php-full-source-code-2020.html Software Link:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/07/14 12:0 a.m.318 views

Verint Impact 360 15.1 Script Insertion / HTML Injection

!-- Exploit Title: Verint Impact 360 Open iFrame Date: 7-13-2020 Exploit Author: Ryan Delaney Author Contact: [email protected] Author LinkedIn: https://www.linkedin.com/in/infosecrd/ Vendor Homepage: https://www.verint.com/ Software Link:...

0.2AI score0.00843EPSS
Exploits1
Packet Storm
Packet Storm
added 2020/06/22 12:0 a.m.318 views

Mereo 1.9.4 Denial Of Service

!/usr/bin/python ''' Exploit Title: Mereo 1.9.4 - Remote HTTP Server Denial of Service Date: 06-2020 Exploit Author: Saeed reza Zamanian Vendor Homepage: https://sourceforge.net/projects/mereo/ Software Link: https://sourceforge.net/projects/mereo/files/ Version: 1.9.4 Tested on: Windows 7 ,...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2017/12/06 12:0 a.m.318 views

Microsoft Office Equation Editor Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft Office CVE-2017-11882', 'Description' = %q Module exploits a flaw in how the Equation Editor that allows an attacker to execute arbitra...

8.8AI score0.99945EPSS
Exploits33
Packet Storm
Packet Storm
added 2016/07/25 12:0 a.m.318 views

PHP File Vault 0.9 Directory Traversal / File Read

PHP File Vault version 0.9 , remote directory traversal and read file vulnerabilty ================================================================================== Discovered by NA, NAattutanota.com ====================================== Description =========== A very small PHP website...

0.5AI score
Exploits0
Packet Storm
Packet Storm
added 2011/06/19 12:0 a.m.318 views

sxVideo 2.1.0 SQL Injection

Exploit Title: sxVideo v2.1.0 Sql Ýnjection Vulnerability Google Dork: Powered By sxVideo v2.1.0 Date: 19/06/2011 Author: HeRoTuRK- http://by-heroturk.blogspot.com/ Demo :http://www.huntvideo.net/index.php?p=View&id=1128 Version: v2.1.0 Tested on: Windows 7 Greetz; F0RTYS3V3N - Lazmania61 -...

0.6AI score
Exploits0
Packet Storm
Packet Storm
added 2009/03/26 12:0 a.m.318 views

PHPizabi 0.848b C1 HFP1-3 File Upload

date"U"-300 43. 44. fnc"laneMakeToken", "file", $GET"id", array 45. "user.username" = me"username", 46. "file" = "system/cache/temp/".$filename, 47. ; 48. PHPizabi is prone to a vulnerability that lets remote attackers to upload and execute arbitrary script code. The uploaded file is saved into...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2025/04/10 12:0 a.m.317 views

📄 Typecho 1.3.0 Race Condition

Typecho versions 1.3.0 and below suffer from a race condition vulnerability. // Exploit Title: Typecho = 1.3.0 Race Condition // Google Dork: intext:"Powered by Typecho" inurl:/index.php // Date: 18/08/2024 // Exploit Author: Michele 'cyberaz0r' Di Bonaventura // Vendor Homepage:...

6.5CVSS6.6AI score0.01445EPSS
Exploits5
Packet Storm
Packet Storm
added 2024/10/18 12:0 a.m.317 views

ABB Cylon Aspect 3.08.01 databaseFileDelete.php Command Injection

ABB Cylon Aspect 3.08.01 databaseFileDelete.php Remote Code Execution Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.01 Summary: ASPECT is an award-winning scalable building energy...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/10/11 12:0 a.m.317 views

Craft CMS 4.4.14 Code Injection

============================================================================================================================================= | Title : Craft CMS 4.4.14 Code Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.2 64 bits...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/10/07 12:0 a.m.317 views

ABB Cylon Aspect 3.08.00 syslogSwitch.php Remote Code Execution

ABB Cylon Aspect 3.08.00 syslogSwitch.php Remote Code Execution Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.00 Summary: ASPECT is an award-winning scalable building energy management an...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/09/06 12:0 a.m.317 views

C-MOR Video Surveillance 5.2401 / 6.00PL01 SQL Injection

Advisory ID: SYSS-2024-023 Product: C-MOR Video Surveillance Manufacturer: za-internet GmbH Affected Versions: 5.2401, 6.00PL01 Tested Versions: 5.2401, 6.00PL01 Vulnerability Type: SQL Injection CWE-89 Risk Level: High Solution Status: Open Manufacturer Notification: 2024-04-05 Solution Date: -...

8.1CVSS7.1AI score0.01306EPSS
Exploits2
Packet Storm
Packet Storm
added 2024/08/16 12:0 a.m.317 views

Build Your Own Botnet 2.0.0 Remote Code Execution

Exploit Title: BYOB Build Your Own Botnet v2.0.0 Unauthenticated RCE Remote Code Execution Date: 2024-08-14 Exploit Author: @chebuya Software Link: https://github.com/malwaredllc/byob Version: v2.0.0 Tested on: Ubuntu 22.04 LTS, Python 3.10.12, change numpy==1.17.3-numpy CVE: CVE-2024-?????,...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/06 12:0 a.m.317 views

Blog Site 1.0 Cross Site Scripting

============================================================================================================================================= | Title : Blog Site 1.0 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits | | Vendor :...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/06/24 12:0 a.m.317 views

Student Attendance Management System 1.0 SQL Injection

Titles: Student Attendance Management System-1.0 Bypass Authentication SQLi Author: nu11secur1ty Date: 06/22/2024 Vendor: https://github.com/oretnom23 Software: https://www.sourcecodester.com/php/14561/student-attendance-management-system-using-phpmysqli-source-code.html Reference:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/03/04 12:0 a.m.317 views

BoidCMS 2.0.1 Cross Site Scripting

Exploit Title: Multiple XSS Issues in boidcmsv2.0.1 Date: 3/2024 Exploit Author: Andrey Stoykov Version: 2.0.1 Tested on: Ubuntu 22.04 Blog: http://msecureltd.blogspot.com XSS via SVG File Upload Steps to Reproduce: 1. Login with admin user 2. Visit "Media" page 3. Upload xss.svg 4. Click "View"...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/01/22 12:0 a.m.317 views

xbtitFM 4.1.18 SQL Injection / Shell Upload / Traversal

Exploit Title: xbtitFM 4.1.18 Multiple Vulnerabilities Date: 22-01-2024 Exploit Author: Who cares anyway Vendor Homepage: https://xbtitfm.eu Affected versions: 4.1.18 and prior CVE : Who cares anyway Description: The SQLi and the path traversal are unauthenticated, they don't require any user...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/01/11 12:0 a.m.317 views

PHPJabbers Night Club Booking Software 1.0 Missing Rate Limiting

Exploit Title: PHPJabbers Night Club Booking Software v1.0 - No Rate Limit Date: 19/12/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/night-club-booking-software/sectionDemo Version: v1.0 Test...

7.4AI score0.00358EPSS
Exploits2
Packet Storm
Packet Storm
added 2023/12/28 12:0 a.m.317 views

Lot Reservation Management System 1.0 File Disclosure

Exploit Title: Lot Reservation Management System Unauthenticated File Disclosure Vulnerability Google Dork: N/A Date: 10th December 2023 Exploit Author: Elijah Mandila Syoyi Vendor Homepage: https://www.sourcecodester.com/php/14530/lot-reservation-management-system-using-phpmysqli-source-code.htm...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/10/16 12:0 a.m.317 views

WordPress WP ERP 1.12.2 SQL Injection

Exploit Title: WP Plugins WP ERP = 1.12.2 - SQL Injection Date: 15-10-2023 Exploit Author: Arvandy Software Link: https://wordpress.org/plugins/erp/ Vendor Homepage: https://wperp.com/ Version: 1.12.2 Tested on: Windows, Linux CVE: CVE-2023-2744 Product Description WP ERP is the first full-fledge...

7.2CVSS7.1AI score0.02632EPSS
Exploits5
Packet Storm
Packet Storm
added 2023/08/28 12:0 a.m.317 views

Gusto Recipes Management 1.5.1 Cross Site Scripting

==================================================================================================================================== | Title : Gusto - Recipes Management v1.5.1 System XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/07/27 12:0 a.m.317 views

Buzzy News Viral Lists Polls And Videos 2.5.1 Insecure Settings

====================================================================================================================================== | Title : Buzzy - News Viral Lists Polls and Videos V 2.5.1 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro /...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/06/13 12:0 a.m.317 views

phpAnalyzer 2.0.4 Insecure Settings

==================================================================================================================================== | Title : phpAnalyzer v2.0.4 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.232-b...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/05/03 12:0 a.m.317 views

PHPJabbers Simple CMS 5.0 SQL Injection

Exploit Title: PHPJabbers Simple CMS 5.0 - SQL Injection Date: 2023-04-29 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.phpjabbers.com/faq.php Software Link: https://www.phpjabbers.com/simple-cms/ Version: 5.0 Tested on: Kali Linux Request GET...

6.9AI score
Exploits0
Packet Storm
Packet Storm
added 2023/04/17 12:0 a.m.317 views

AspEmail 5.6.0.2 Weak Permissions / Local Privilege Escalation

Exploit Title: AspEmail 5.6.0.2 - Local Privilege Escalation Vulnerability Category: Weak Services Permission - Binary Permission Vulnerability Date: 13/04/2023 Exploit Author: Zer0FauLT [email protected] Vendor Homepage: https://www.aspemail.com Software Link:...

6.8AI score
Exploits0
Packet Storm
Packet Storm
added 2023/04/06 12:0 a.m.317 views

Dompdf 1.2.1 Remote Code Execution

!/usr/bin/python3 Exploit Title: Dompdf 1.2.1 - Remote Code Execution RCE Date: 16 February 2023 Exploit Author: Ravindu Wickramasinghe @rvizx9 Vendor Homepage: https://dompdf.github.io/ Software Link: https://github.com/dompdf/dompdf Version: 1.2.1 Tested on: Kali linux CVE : CVE-2022-28368 Gith...

9.8CVSS9.4AI score0.82438EPSS
Exploits8
Packet Storm
Packet Storm
added 2023/03/31 12:0 a.m.317 views

Online Pizza Ordering 1.0 SQL Injection

Title: Online-Pizza-Ordering-1.0-Multiple-SQLi Author: nu11secur1ty Date: 03.31.2023 Vendor: https://github.com/oretnom23 Software: https://www.sourcecodester.com/php/16166/online-pizza-ordering-system-php-free-source-code.html Reference: https://portswigger.net/web-security/sql-injection...

6.8AI score
Exploits0
Packet Storm
Packet Storm
added 2023/03/28 12:0 a.m.317 views

Online Shopping System Advanced 1.0 XSS / SQL Injection / Code Execution

Exploit Title: Online shopping system advanced 1.0 - Multiple Vulnerabilities Discovery by: Rafael Pedrero Discovery Date: 2020-09-24 Vendor Homepage: https://github.com/PuneethReddyHC/online-shopping-system-advanced Software Link :...

6.8AI score
Exploits0
Packet Storm
Packet Storm
added 2023/03/28 12:0 a.m.317 views

SuperMailer 11.20 Buffer Overflow / Denial Of Service

Exploit Title: SuperMailer v11.20 - Buffer overflow DoS Exploit Author: Rafael Pedrero Discovery Date: 2021-02-07 Vendor Homepage: https://int.supermailer.de/downloadnewslettersoftware.htm Software Link : https://int.supermailer.de/smintsw.zip / https://int.supermailer.de/smintswx64.zip Tested...

6.8AI score
Exploits0
Packet Storm
Packet Storm
added 2023/02/23 12:0 a.m.317 views

Device Manager Express 7.8.20002.47752 SQL Injection / XSS / Code Execution / Traversal

Product Name: Device Manager Express Vendor Homepage: https://www.audiocodes.com Software Link: https://www.audiocodes.com/solutions-products/products/management-products-solutions/device-manager Version: = 7.8.20002.47752 Tested on: Windows 10 / Server 2019 Default credentials: admin/admin...

1.1AI score0.43187EPSS
Exploits9
Packet Storm
Packet Storm
added 2022/10/19 12:0 a.m.317 views

Zimbra Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Zimbra sudo + postfix privilege escalation', 'Description' = %q This module exploits a vulnerable sudo configuration that permits the zimbra user...

0.7AI score0.00695EPSS
Exploits4
Packet Storm
Packet Storm
added 2021/09/01 12:0 a.m.317 views

Confluence Server 7.12.4 OGNL Injection Remote Code Execution

Exploit Title: Confluence Server 7.12.4 - 'OGNL injection' Remote Code Execution RCE Unauthenticated Date: 01/09/2021 Exploit Author: h3v0x Vendor Homepage: https://www.atlassian.com/ Software Link: https://www.atlassian.com/software/confluence/download-archives Version: All 7.12.x versions befor...

8.7AI score0.99999EPSS
Exploits45
Total number of security vulnerabilities5000