Lucene search
K
PacketstormMost viewed

50738 matches found

Packet Storm
Packet Storm
added 2024/08/02 12:0 a.m.312 views

Appointment Scheduler 3.0 Insecure Direct Object Reference

============================================================================================================================================= | Title : Appointment Scheduler v3.0 IDOR Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3 64 bits...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/01 12:0 a.m.312 views

Oracle Database 12c Release 1 Unquoted Service Path

Exploit Title: Oracle Database 12c Release 1 - Unquoted Service Path Date: 2024-07-31 Exploit Author: Milad Karimi Ex3ptionaL Contact: [email protected] Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL MiRROR-H: https://mirror-h.org/search/hacker/49626/ Vendor Homepage:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/07/25 12:0 a.m.312 views

Online Medicine Ordering System 1.0 Insecure Settings

==================================================================================================================================== | Title : Online Medicine Ordering System v1.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/05/14 12:0 a.m.312 views

Leafpub 1.1.9 Cross Site Scripting

Leafpub 1.1.9 - Stored Cross-Site Scripting XSS Date: 2024-04-24 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://github.com/Leafpub Software Link: https://github.com/Leafpub/leafpub Version: 1.1.9 Tested on: MacOS Steps to Reproduce - Please login from this address:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/03/04 12:0 a.m.312 views

Employee Management System 1.0-2024 SQL Injection

Title: employeeakpoly-management-system-1.0-2024 Multiple-SQLi Author: nu11secur1ty Date: 03/01/2024 Vendor: https://www.sourcecodester.com/users/walterjnr1 Software: https://www.sourcecodester.com/php/16999/employee-management-system.html Reference:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/02/02 12:0 a.m.312 views

PCMan FTP Server 2.0 Buffer Overflow

Exploit Title: PCMan FTP Server 2.0 - 'pwd' Remote Buffer Overflow Date: 09/25/2023 Exploit Author: Waqas Ahmed Faroouqi ZEROXINN Vendor Homepage: http://pcman.openfoundry.org/ Software Link: https://www.exploit-db.com/apps/9fceb6fefd0f3ca1a8c36e97b6cc925d-PCMan.7z Version: 2.0 Tested on: Windows...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/12/04 12:0 a.m.312 views

GaatiTrack Courier Management System 1.0 SQL Injection

Exploit Title: GaatiTrack Courier Management System v1.0 - SQL Injection Date: 13/11/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.mayurik.com/ Software Link: https://www.mayurik.com/source-code/P0998/best-courier-management-system-project-in-php...

7.4AI score0.01092EPSS
Exploits3
Packet Storm
Packet Storm
added 2023/08/31 12:0 a.m.312 views

Islam CMS 1.0 Code Injection

==================================================================================================================================== | Title : islam cms v1.0 PHP code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/23 12:0 a.m.312 views

Forum Fire Soft Board 0.3.0 Cross Site Scripting

==================================================================================================================================== | Title : Forum Fire Soft Board v0.3.0 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit ...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/22 12:0 a.m.312 views

TSPlus 16.0.0.0 Insecure Credential Storage

Exploit Title: TSPlus 16.0.0.0 - Remote Work Insecure Credential storage Date: 2023-08-09 Exploit Author: Carlo Di Dato for Deloitte Risk Advisory Italia Vendor Homepage: https://tsplus.net/ Version: Up to 16.0.0.0 Tested on: Windows CVE : CVE-2023-31069 With TSPlus Remote Work v. 16.0.0.0 you ca...

7.1AI score0.01932EPSS
Exploits3
Packet Storm
Packet Storm
added 2023/08/21 12:0 a.m.312 views

Credit Lite 1.5.4 SQL Injection

Exploit Title: Credit Lite 1.5.4 - SQL Injection Exploit Author: CraCkEr Date: 31/07/2023 Vendor: Hobby-Tech Vendor Homepage: https://codecanyon.net/item/credit-lite-micro-credit-solutions/39554392 Software Link: https://credit-lite.appshat.xyz/ Tested on: Windows 10 Pro Impact: Database Access...

7.1AI score0.01073EPSS
Exploits4
Packet Storm
Packet Storm
added 2023/08/04 12:0 a.m.312 views

Web Portal People CMS 2.8 Open Redirection

==================================================================================================================================== | Title : Web Portal People CMS v2.8 URL redirection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/07/26 12:0 a.m.312 views

Joomla Fireboard 1.3 SQL Injection

==================================================================================================================================== | Title : Joomla com fireboard v1.3 SQL Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/06/08 12:0 a.m.312 views

NETXPERTS CMS 0.1 SQL Injection

==================================================================================================================================== | Title : NETXPERTS-CMS v0.1 Auth By Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 69.032-bit | |...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/01/23 12:0 a.m.312 views

Inout RealEstate 2.1.3 SQL Injection

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2022/09/01 12:0 a.m.312 views

Doctor's Appointment System 1.0 SQL Injection

Exploit Title: SQLi - Doctor's Appointment System v1.0 Google Dork: N/A Date: 7/13/2022 Exploit Author: Abdullah Zaid - @aznull Vendor Homepage: https://www.sourcecodester.com/hashenudara/simple-doctors-appointment-project.html Software Link:...

0.3AI score0.01793EPSS
Exploits3
Packet Storm
Packet Storm
added 2022/07/04 12:0 a.m.312 views

DouPHP 1.2 Release 20141027 SQL Injection

==================================================================================================================================== | Title : DouPHP v1.2 Release 20141027 SQL Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...

Exploits0
Packet Storm
Packet Storm
added 2022/06/20 12:0 a.m.312 views

SolarView Compact 6.00 Cross Site Scripting

Exploit Title: SolarView Compact 6.00 - 'timebegin' Cross-Site Scripting XSS Date: 2022-05-15 Exploit Author: Ahmed Alroky Author Company : AIactive Version: ver.6.00 Vendor home page : https://www.contec.com/ Authentication Required: No CVE : CVE-2022-29299 Tested on: Windows Proof Of Concept:...

0.2AI score
Exploits5
Packet Storm
Packet Storm
added 2021/10/04 12:0 a.m.312 views

College Management System 1.0 Arbitrary File Upload

Exploit Title: college management system - Arbitrary File Upload Unauthenticated Date: 01/10/2021 Exploit Author: Abdulrahman https://twitter.com/infosec90 Vendor Homepage: https://www.eedunext.com/ Software Link: https://code-projects.org/college-management-system-in-php-with-source-code/ Versio...

Exploits0
Packet Storm
Packet Storm
added 2021/08/10 12:0 a.m.312 views

Simple Library Management System 1.0 SQL Injection

Exploit Title: Simple Library Management System 1.0 - 'rollno' SQL Injection Date: 2021-08-08 Exploit Author: Halit AKAYDIN hLtAkydn Vendor Homepage: https://www.nikhilbhalerao.com/ Software Link: https://www.sourcecodester.com/php/14126/simple-library-management-system.html Version: V1 Category:...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/03/19 12:0 a.m.312 views

SOYAL Biometric Access Control System 5.0 Weak Default Credentials

SOYAL Biometric Access Control System 5.0 Weak Default Credentials Vendor: SOYAL Technology Co., Ltd Product web page: https://www.soyal.com.tw | https://www.soyal.com Affected version: AR-727 i/CM - F/W: 5.0 AR837E/EF - F/W: 4.3 AR725Ev2 - F/W: 4.3 191231 AR331/725E - F/W: 4.2 AR837E/EF - F/W: 4...

1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/03/18 12:0 a.m.312 views

VFS For Git 1.0.21014.1 Unquoted Service Path

Exploit Title: VFS for Git 1.0.21014.1 - 'GVFS.Service' Unquoted Service Path Date: 2021-2-6 Exploit Author: Mohammed Alshehri Vendor Homepage: https://vfsforgit.org/ Software Link: https://github.com/microsoft/VFSForGit/releases/download/v1.0.21014.1/SetupGVFS.1.0.21014.1.exe Version: 1.0.21014....

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2021/03/15 12:0 a.m.312 views

VoIPmonitor 27.5 Missing Memory Protections

VoIPmonitor static builds are compiled without any standard memory corruption protection - Fixed versions: N/A - Enable Security Advisory: https://github.com/EnableSecurity/advisories/tree/master/ES2021-04-voipmonitor-staticbuild-memory-corruption-protection - VoIPmonitor Security Advisory: none ...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2021/03/12 12:0 a.m.312 views

QCubed 3.1.1 SQL Injection

QCubed SQL Injection ================== | Identifier: | AIT-SA-20210215-02 | | Target: | QCubed Framework | | Vendor: | QCubed | | Version: | all versions including 3.1.1 | | CVE: | CVE-2020-24913 | | Accessibility: | Remote | | Severity: | Critical | | Author: | Wolfgang Hotwagner AIT Austrian...

7.5CVSS9.6AI score0.43266EPSS
Exploits5
Packet Storm
Packet Storm
added 2019/10/09 12:0 a.m.312 views

DeviceViewer 3.12.0.1 Local Buffer Overflow

Exploit Title: Sricam DeviceViewer 3.12.0.1 - 'add user' Local Buffer Overflow DEP Bypass Date: 08/10/2019 Exploit Author: Alessandro Magnosi Vendor Homepage: http://www.sricam.com/ Software Link: http://download.sricam.com/Manual/DeviceViewer.exe Version: v3.12.0.1 Exploit type: Local Tested on:...

0.5AI score
Exploits0
Packet Storm
Packet Storm
added 2025/03/17 12:0 a.m.311 views

Linux watch_queue Filter Out-Of-Bounds Write

The Linux watchqueue filter suffers from an out of bounds write vulnerability amongst other issues that are also noted. This bug report is about things in the watchqueue subsystem, which is only enabled under CONFIGWATCHQUEUE. That seems to be disabled e.g. on Debian, but Ubuntu and Fedora enable...

7.8CVSS7AI score0.06197EPSS
Exploits10
Packet Storm
Packet Storm
added 2025/03/12 12:0 a.m.311 views

vBulletin 4.5 Add Administrator

vBulletin version 4.5 proof of concept add administrator exploit that leverages a vulnerability from 2013. ============================================================================================================================================= | Title : vBulletin 4.5 create new administrator...

7.5CVSS7AI score0.51887EPSS
Exploits7
Packet Storm
Packet Storm
added 2024/11/13 12:0 a.m.311 views

TX Text Control .NET Server For ASP.NET Arbitrary File Read / Write

Hej, Let's keep it short ... ===== Intro ===== A "sudo make me a sandwich" security issue has been identified in the TX Text Control .NET Server for ASP.NET1. According to the vendor2, "the most powerful, MS Word compatible document editor that runs in all browsers". Likely all versions are...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/07 12:0 a.m.311 views

AccPack Buzz 1.0 Insecure Direct Object Reference

============================================================================================================================================= | Title : AccPack Buzz v1.0 IDOR Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits | | Vend...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/06/10 12:0 a.m.311 views

FengOffice 3.11.1.2 SQL Injection

Exploit Title: FengOffice - Blind SQL Injection Date: 06/2024 Exploit Author: Andrey Stoykov Version: 3.11.1.2 Tested on: Ubuntu 22.04 Blog: https://msecureltd.blogspot.com/2024/05/friday-fun-pentest-series-6.html Steps to Reproduce: 1. Login to application 2. Click on "Workspaces" 3. Copy full U...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/06/03 12:0 a.m.311 views

Serendipity 2.5.0 Remote Code Execution

Exploit Title: Serendipity 2.5.0 - Remote Code Execution RCE Discovered by: Ahmet Ümit BAYRAM Discovered Date: 26.04.2024 Vendor Homepage: https://docs.s9y.org/ Software Link:https://www.s9y.org/latest Tested Version: v2.5.0 latest Tested on: MacOS import requests import time import random import...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/02/21 12:0 a.m.311 views

OpenOLAT 18.1.5 Cross Site Scripting / Privilege Escalation

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Stored Cross-Site Scripting Vulnerabilities product: OpenOLAT Frentix GmbH vulnerable version: = 18.1.4 and = 18.1.5 fixed version: 18.1.6 / 18.2 CVE number:...

7.4AI score0.00561EPSS
Exploits4
Packet Storm
Packet Storm
added 2023/08/07 12:0 a.m.311 views

Database Compilation 1.2 Cross Site Scripting

==================================================================================================================================== | Title : Database compilation CMS v1.2 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 65.0.232-bit ...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/06/01 12:0 a.m.311 views

Flexense HTTP Server 10.6.24 Buffer Overflow / Denial Of Service

Exploit Title: Flexense HTTP Server 10.6.24 - Buffer Overflow DoS Metasploit Date: 2018-03-09 Exploit Author: Ege Balci Vendor Homepage: https://www.flexense.com/downloads.html Version: 'Flexense HTTP Server Denial Of Service', 'Description' = %q This module triggers a Denial of Service...

7.5CVSS7.1AI score0.76544EPSS
Exploits6
Packet Storm
Packet Storm
added 2023/05/29 12:0 a.m.311 views

e-Biz Technocrats Pvt.Ltd SQL Injection

Exploit Title: Sql Injection on one site credentials can be use on other sites - Google Dork:" Designed and Developed by e-Biz Technocrats Pvt.Ltd " - Date: 05/11/2023 - Exploit Author: K1LL3rB4LL - Tested on: Mac, Windows, Linux Description: The vulnerability found is an SQL injection. You may r...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/05/24 12:0 a.m.311 views

Best POS Management System 1.0 Shell Upload

Exploit Title: Best POS Management System v1.0 - Unauthenticated Remote Code Execution Google Dork: NA Date: 15/5/2023 Exploit Author: Mesut Cetin Vendor Homepage: https://www.sourcecodester.com/php/16127/best-pos-management-system-php.html Software Link:...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/05/24 12:0 a.m.311 views

Roxy WI 6.1.0.0 Remote Command Execution

Exploit Title: Roxy WI v6.1.0.0 - Unauthenticated Remote Code Execution RCE via subprocessexecute Exploit Author: Iyaad Luqman K Application: Roxy WI = v6.1.0.0 Vendor Homepage: https://roxy-wi.org Software Link: https://github.com/hap-wi/roxy-wi.git Tested on: Ubuntu 22.04 CVE : CVE-2022-31137 P...

10CVSS7.1AI score0.90387EPSS
Exploits15
Packet Storm
Packet Storm
added 2023/05/01 12:0 a.m.311 views

Chitor CMS 1.1.2 SQL Injection

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

6.9AI score
Exploits0
Packet Storm
Packet Storm
added 2023/04/03 12:0 a.m.311 views

WordPress Paid Memberships Pro 2.9.8 SQL Injection

!/usr/bin/env python Exploit Title: Paid Memberships Pro v2.9.8 WordPress Plugin - Unauthenticated SQL Injection Exploit Author: r3nt0n CVE: CVE-2023-23488 Date: 2023/01/24 Vulnerability discovered by Joshua Martinelle Vendor Homepage: https://www.paidmembershipspro.com Software Link:...

9.8CVSS9.4AI score0.9246EPSS
Exploits6
Packet Storm
Packet Storm
added 2022/06/30 12:0 a.m.311 views

Backdoor.Win32.EvilGoat.b MVID-2022-0619 Hardcoded Credential

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/20daf01e941f966b21a7ae431faefc65.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.EvilGoat.b Vulnerability: Weak Hardcoded Credentials Description: The malwa...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/04/14 12:0 a.m.311 views

Online Car Wash Booking System 1.0 Blind SQL Injection

Exploit Title: Online Car Wash Booking System 1.0 - Unauthenticated blind SQL Injection Exploit Author: segf0lt Date: April 14, 2022 Vendor Homepage: https://www.sourcecodester.com/php/15274/online-car-wash-booking-system-phpoop-free-source-code.html Software Link:...

0.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/04/11 12:0 a.m.311 views

MiniTool Partition Wizard 12.0 Unquoted Service Path

Exploit Title: MiniTool Partition Wizard - Unquoted Service Path Date: 08/04/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.minitool.com/ Software Link: https://www.minitool.com/download-center/ Version: 12.0 Tested: Windows 10 PoC : C:\Users\saudhsc qc MTSchedulerService SC...

0.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/04/04 12:0 a.m.311 views

Backdoor.Win32.Jokerdoor Hardcoded Credential

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/a6437375fff871dff97dc91c8fd6259f.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Jokerdoor Vulnerability: Weak Hardcoded Credentials Family: Jokerdoor Type: PE32 MD5:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/03/24 12:0 a.m.311 views

Sports Complex Booking System 1.0 SQL Injection

Title: Sports Complex Booking System 1.0 Blind SQLi To Rce Author: Hejap Zairy Date: 24.07.2022 Vendor: https://www.sourcecodester.com/php/15236/online-sports-complex-booking-system-phpmysql-free-source-code.html Software:...

0.5AI score
Exploits0
Packet Storm
Packet Storm
added 2021/11/02 12:0 a.m.311 views

i3 International Annexxus Cameras Ax-n 5.2.0 Application Logic Flaw

i3 International Annexxus Cameras Ax-n 5.2.0 Application Logic Flaw Vendor: i3 International Inc. Product web page: https://www.i3international.com Affected version: V5.2.0 build 150317 Ax46 V5.0.9 build 151106 Ax68 V5.0.9 build 150615 Ax78 Summary: The Annexxus camera 6MP provides 4 simultaneous...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/10/18 12:0 a.m.311 views

Company's Recruitment Management System 1.0 Cross Site Scripting

Exploit Title: Company's Recruitment Management System 1.0. - 'title' Stored Cross-Site Scripting XSS Date: 17-10-2021 Exploit Author: Aniket Deshmane Vendor Homepage: https://www.sourcecodester.com/php/14959/companys-recruitment-management-system-php-and-sqlite-free-source-code.html Software Lin...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/10/18 12:0 a.m.311 views

Backdoor.Win32.LanFiltrator.11.b Code Execution

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/9f87546e667e5af59a8580ddf7fd43c7.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.LanFiltrator.11.b Vulnerability: Unauthenticated Remote Command Execution Description...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/10/18 12:0 a.m.311 views

Mitsubishi Electric / INEA SmartRTU Source Code Disclosure

Exploit Title: Mitsubishi Electric & INEA SmartRTU - Source Code Disclosure Date: 2021-17-10 Exploit Author: Hamit CİBO Vendor Homepage: https://www.inea.si Software Link: https://www.inea.si/telemetrija-in-m2m-produkti/mertu/ Version: ME RTU Tested on: Windows CVE : CVE-2018-16060 PoC Request GE...

0.5AI score0.19612EPSS
Exploits4
Packet Storm
Packet Storm
added 2021/10/01 12:0 a.m.311 views

Exam Form Submission System 1.0 SQL Injection

Exploit Title: Exam Form Submission System 1.0 - SQL Injection Authentication Bypass Date: 30-09-2021 Exploit Author: Nitin Sharma Vidvansh Vendor Homepage: https://code-projects.org Product link: https://code-projects.org/exam-form-submission-in-php-with-source-code/ Version: 1.0 Tested on: XAMP...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/05/19 12:0 a.m.311 views

Backdoor.Win32.Psychward.c Code Execution

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/f60a8d71a822e0e485f22ada8f26c31e.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Psychward.c Vulnerability: Unauthenticated Remote Command Execution Description: The...

7.4AI score
Exploits0
Total number of security vulnerabilities5000