Lucene search
K
PacketstormMost viewed

50748 matches found

Packet Storm
Packet Storm
added 2018/11/16 12:0 a.m.310 views

DomainMOD 4.11.01 Cross Site Scripting

Exploit Title: DomainMOD 4.11.01 - Cross-Site Scripting Date: 2018-11-09 Exploit Author: Dawood Ansar Vendor Homepage: domainmod https://domainmod.org/ Software Link: domainmod https://github.com/domainmod/domainmod Version: v4.09.03 to v4.11.01 CVE : CVE-2018-19136 A Reflected Cross-site scripti...

6.6AI score0.06653EPSS
Exploits5
Packet Storm
Packet Storm
added 2017/03/14 12:0 a.m.310 views

Apache Struts Jakarta Multipart Parser OGNL Injection

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Apache Struts Jakarta Multipart Parser OGNL Injection', 'Description' = %q This module exploits a remote code execution...

0.7AI score0.99999EPSS
Exploits44
Packet Storm
Packet Storm
added 2025/04/07 12:0 a.m.309 views

📄 Watcharr 1.43.0 Remote Code Execution

Watcharr versions 1.43.0 and below suffer from a remote code execution vulnerability. CVE-2024-48827 exploit by Suphawith Phusanbai Affected Watcharr version 1.43.0 and below. import argparse import requests import json import jwt from pyfiglet import Figlet f = Figletfont='slant',width=100...

8.8CVSS8.2AI score0.02716EPSS
Exploits2
Packet Storm
Packet Storm
added 2025/02/14 12:0 a.m.309 views

ABB Cylon FLXeon 9.3.4 login.js Node Timing Attack

ABB Cylon FLXeon version 9.3.4 has a timing attack vulnerability in the authentication process due to an improper comparison of password hashes in login.js and uukl.js. !/usr/bin/env python3 ABB Cylon FLXeon 9.3.4 login.js Node Timing Attack Vendor: ABB Ltd. Product web page: https://www.global.a...

7.6AI score
Exploits0
Packet Storm
Packet Storm
added 2024/09/20 12:0 a.m.309 views

Vaidya-Mitra 1.0 Cross Site Request Forgery

============================================================================================================================================= | Title : Vaidya-Mitra v 1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits | |...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/09/01 12:0 a.m.309 views

Wordpress LearnPress Current_items Authenticated SQL Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Wordpress LearnPress currentitems Authenticated SQLi', 'Description' = %q LearnPress, a learning management plugin for WordPress, prior to 3.2.6....

8.8CVSS7AI score0.49231EPSS
Exploits6
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.309 views

Microsoft Word UNC Path Injector

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework Gems for extracting files require 'zip' Project for creating files require 'rex/zip' class MetasploitModule 'Microsoft Word UNC Path Injector', 'Description' = %q This...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/07/08 12:0 a.m.309 views

WordPress Poll 2.3.6 SQL Injection

Exploit Title: WordPress Poll Plugin SQL Injection Date: 2024-07-06 Exploit Author: tmrswrr Category : Webapps Vendor Homepage: https://total-soft.com/wp-poll/ Version 2.3.6 1. Access the Admin Panel: - Navigate to the admin panel of your WordPress site. - Go to TS Poll Create Pool Use Theme and...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/04/23 12:0 a.m.309 views

GitLens Git Local Configuration Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'GitLens Git Local Configuration Exec', 'Description' = %q GitKraken GitLens before v.14.0.0 allows an untrusted workspace to execute git commands...

7.8CVSS7.8AI score0.01239EPSS
Exploits4
Packet Storm
Packet Storm
added 2024/04/18 12:0 a.m.309 views

Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Authentication Bypass

Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Authentication Bypass Vendor: Elber S.r.l. Product web page: https://www.elber.it Affected version: 1.999 Revision 1243 1.317 Revision 602 1.220 Revision 1250 1.220 Revision 12481249 1.220 Revision 597 1.217 Revision 1242 1.214 Revision 1023 1.19...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/10/12 12:0 a.m.309 views

Lost And Found Information System 1.0 Insecure Direct Object Reference

Exploit Title: Lost and Found Information System v1.0 - idor leads to Account Take over Date: 2023-12-03 Exploit Author: OR4NG.M4N Category : webapps CVE : CVE-2023-38965 Python p0c : import argparse import requests import time parser = argparse.ArgumentParserdescription='Send a POST request to t...

7.1AI score0.01264EPSS
Exploits4
Packet Storm
Packet Storm
added 2023/10/11 12:0 a.m.309 views

Gaatitrack 1.0-2023 SQL Injection

Title: gaatitrack-1.0-2023 Multiple-SQLi Author: nu11secur1ty Date: 08/31/2023 Vendor: https://www.mayurik.com/ Software: https://www.mayurik.com/source-code/P0998/best-courier-management-system-project-in-php Reference: https://portswigger.net/web-security/sql-injection Description: The email...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/25 12:0 a.m.309 views

Grawlix CMS 1.1.1 Cross Site Scripting

============================================================================================================================ | Title : Grawlix Cms v1.1.1 xss Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro | | Vendor : http://getgrawlix.com/ | | Dork : Powered by Th...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/01 12:0 a.m.309 views

Uvdesk 1.1.3 Shell Upload

Exploit Title: Uvdesk v1.1.3 - File Upload Remote Code Execution RCE Authenticated Date: 28/07/2023 Exploit Author: Daniel Barros @cupc4k3d - Hakai Offensive Security Vendor Homepage: https://www.uvdesk.com Software Link: https://github.com/uvdesk/community-skeleton Version: 1.1.3 Example: python...

7.1AI score0.01091EPSS
Exploits4
Packet Storm
Packet Storm
added 2023/07/31 12:0 a.m.309 views

Copyparty 1.8.6 Cross Site Scripting

Exploit Title: copyparty v1.8.6 - Reflected Cross Site Scripting XSS Date: 23/07/2023 Exploit Author: Vartamtezidis Theodoros @TheHackyDog Vendor Homepage: https://github.com/9001/copyparty/ Software Link: https://github.com/9001/copyparty/releases/tag/v1.8.6 Version: =1.8.6 Tested on: Debian Lin...

7.1AI score0.06195EPSS
Exploits3
Packet Storm
Packet Storm
added 2023/06/21 12:0 a.m.309 views

PHP Online School 1.0 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/06/05 12:0 a.m.309 views

Enrollment System Project 1.0 Authentication Bypass / SQL Injection

Exploit Title: Enrollment System Project v1.0 - SQL Injection Authentication Bypass SQLI Date of found: 18/05/2023 Exploit Author: VIVEK CHOUDHARY @sudovivek Version: V1.0 Tested on: Windows 10 Vendor Homepage: https://www.sourcecodester.com Software Link:...

7.1AI score0.14242EPSS
Exploits5
Packet Storm
Packet Storm
added 2023/05/31 12:0 a.m.309 views

Apple Zeed ALL YOUR STYLE CMS 2.0 SQL Injection

======================================================================================== | Title : Apple Zeed ALL YOUR STYLE CMS 2.0 SQL injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 109.064-bit | | Vendor :...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/05/24 12:0 a.m.309 views

FusionInvoice 2023-1.0 Cross Site Scripting

Exploit Title: FusionInvoice 2023-1.0 - Stored XSS Cross-Site Scripting Date: 2023-05-24 Exploit Author: Andrea Intilangelo Vendor Homepage: https://www.squarepiginteractive.com Software Link: https://www.fusioninvoice.com/store Version: 2023-1.0 Tested on: Latest Version of Desktop Web Browsers...

7.1AI score0.02246EPSS
Exploits4
Packet Storm
Packet Storm
added 2023/05/03 12:0 a.m.309 views

projectSend r1605 Private File Download

Exploit Title: projectSend r1605 - Private file download Application: projectSend Version: r1605 Bugs: IDOR Technology: PHP Vendor URL: https://www.projectsend.org/ Software Link: https://www.projectsend.org/ Date of found: 24-01-2023 Author: Mirabbas Ağalarov Tested on: Linux Technical Details &...

6.9AI score
Exploits0
Packet Storm
Packet Storm
added 2022/12/15 12:0 a.m.309 views

SOUND4 IMPACT/FIRST/PULSE/Eco 2.x password Command Injection

SOUND4 IMPACT/FIRST/PULSE/Eco =2.x password Unauthenticated Command Injection Vendor: SOUND4 Ltd. Product web page: https://www.sound4.com | https://www.sound4.biz Affected version: FM/HD Radio Processing: Impact/Pulse/First Version 2: 1.1/2.15 Impact/Pulse/First Version 1: 2.1/1.69 Impact/Pulse...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2022/03/04 12:0 a.m.309 views

Backdoor.Win32.BluanWeb Remote Command Execution

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/30903ccbc6747c0da5a2775884b78defC.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.BluanWeb Vulnerability: Unauthenticated Remote Command Execution Description: The...

Exploits0
Packet Storm
Packet Storm
added 2021/07/05 12:0 a.m.309 views

Backdoor.Win32.NerTe.781 Code Execution

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/776e8bb41adf8bd95865c0b03637d8d7B.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.NerTe.781 Vulnerability: Unauthenticated Remote Command Execution Description:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/03/02 12:0 a.m.309 views

Web Based Quiz System 1.0 Cross Site Scripting

Exploit Title: Web Based Quiz System 1.0 - 'MCQ options' Persistent/Stored Cross-Site Scripting Date: 2021-03-02 Exploit Author: Praharsh Kumar Singh Vendor Homepage: https://www.sourcecodester.com Software Download Link:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/12/17 12:0 a.m.309 views

Medical Center Portal Management System 1.0 SQL Injection

Exploit Title: Medical Center Portal Management System 1.0 - 'id' SQL Injection Exploit Author: Saeed Bala Ahmed r0b0tG4nG Date: 2020-12-10 Google Dork: N/A Vendor Homepage: https://www.sourcecodester.com/php/14594/medical-center-portal-management-system.html Software Link:...

0.5AI score
Exploits0
Packet Storm
Packet Storm
added 2020/09/01 12:0 a.m.309 views

Sagemcom F@ST 5280 Privilege Escalation

privilege escalation Date: 08-31-2020 Exploit Author: Ryan Delaney Author Contact: ryan.delaney owasp org Author LinkedIn: https://www.linkedin.com/in/infosecrd/ Vendor Homepage: https://sagemcom.com/en Software Link: N/A F@ST 5280 firmware not published Version: F@ST 5280 router, F/W 1.150.61,...

0.7AI score0.03672EPSS
Exploits3
Packet Storm
Packet Storm
added 2019/12/05 12:0 a.m.309 views

NETGATE Data Backup 3.0.620 Unquoted Service Path

Exploit Title: NETGATE Data Backup 3.0.620 - 'NGDatBckpSrv' Unquoted Service Path Exploit Author : ZwX Exploit Date: 2019-12-04 Vendor Homepage : http://www.netgate.sk/ Link Software : http://www.netgate.sk/download/download.php?id=5 Tested on OS: Windows 7 Analyze PoC : ==============...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2019/11/13 12:0 a.m.309 views

Siemens Desigo PX 6.00 Denial Of Service

!/bin/bash Siemens Desigo PX V6.00 Web Remote Denial of Service Exploit Vendor: Siemens AG Vendor web page: https://www.siemens.com Product web page: https://new.siemens.com/global/en/products/buildings/automation/desigo.html Affected version: Model: PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D...

0.2AI score0.01675EPSS
Exploits5
Packet Storm
Packet Storm
added 2016/02/03 12:0 a.m.309 views

Oracle 9i XDB FTP Pass Overflow

''' Oracle 9i XDB FTP PASS Overflow win32 Ported to python from the Metasploit oracle9ixdbftppass.rb exploit Original exploit: https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/ftp/oracle9ixdbftppass.rb Description from original exploit: By passing an overly long...

2.1CVSS0.4AI score0.68548EPSS
Exploits26
Packet Storm
Packet Storm
added 2025/04/03 12:0 a.m.308 views

📄 Usermin 2.100 Username Enumeration

Usermin versions 2.100 and below suffer from a username enumeration vulnerability. Exploit Title: Usermin 2.100 - Username Enumeration Date: 10.02.2024 Exploit Author: Kjesper Vendor Homepage: https://www.webmin.com/usermin.html Software Link: https://github.com/webmin/usermin Version: = 2.100...

5.3CVSS6.7AI score0.02621EPSS
Exploits5
Packet Storm
Packet Storm
added 2025/03/11 12:0 a.m.308 views

Apache NiFi 1.17.0 Remote Code Execution

Apache NiFi version 1.17.0 proof of concept remote code execution exploit that takes advantage of a flaw discovered in 2023. ============================================================================================================================================= | Title : Apache NiFi 1.17.0 R...

8.8CVSS7.8AI score0.63633EPSS
Exploits9
Packet Storm
Packet Storm
added 2024/09/01 12:0 a.m.308 views

Apache Tomcat User Enumeration

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Tomcat User Enumeration', 'Description' = %q This module enumerates Apache Tomcat's usernames via malformed requests to jsecuritycheck,...

4.3CVSS7AI score0.9444EPSS
Exploits4
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.308 views

VMWare Web Login Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VMWare Web Login Scanner', 'Description' = 'This module attempts to authenticate to the VMWare HTTP service for VmWare Server, ESX, and ESXI',...

7.2AI score0.53618EPSS
Exploits41
Packet Storm
Packet Storm
added 2024/08/08 12:0 a.m.308 views

Journyx 11.5.4 Cross Site Scripting

KL-001-2024-009: Journyx Reflected Cross Site Scripting Title: Journyx Reflected Cross Site Scripting Advisory ID: KL-001-2024-009 Publication Date: 2024.08.07 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-009.txt 1. Vulnerability Details Affected Vendor: Journyx Affecte...

7.1AI score0.00713EPSS
Exploits2
Packet Storm
Packet Storm
added 2024/08/07 12:0 a.m.308 views

Covid-19 Directory On Vaccination System 1.0 Insecure Settings

==================================================================================================================================== | Title : Covid-19 Directory on Vaccination System v1.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/02 12:0 a.m.308 views

AccPack Buzz 1.0 SQL Injection

============================================================================================================================================= | Title : AccPack Buzz v1.0 Auth By Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits ...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/06/26 12:0 a.m.308 views

Automad 2.0.0-alpha.4 Cross Site Scripting

Exploit Title: Automad 2.0.0-alpha.4 - Stored Cross-Site Scripting XSS Date: 20-06-2024 Exploit Author: Jerry Thomas w3bn00b3r Vendor Homepage: https://automad.org Software Link: https://github.com/marcantondahmen/automad Category: Web Application Flat File CMS Version: 2.0.0-alpha.4 Tested on:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/03/19 12:0 a.m.308 views

SurveyJS Survey Creator 1.9.132 Cross Site Scripting

Details: Cross Site Scripting vulnerability in Survey JS Survey Creator v.1.9.132 and before allows an attacker to execute arbitrary code via the input field parameters of the creator survey section. ------------------------------------------ Vulnerability Type Cross Site Scripting XSS...

7.4AI score0.00508EPSS
Exploits2
Packet Storm
Packet Storm
added 2024/03/14 12:0 a.m.308 views

SolarView Compact 6.00 Command Injection

Exploit Title: SolarView Compact 6.00 - Command Injection - Shodan Dork: http.html:"solarview compact" - Exploit Author: ByteHunter - Email: [email protected] - Version: 6.00 - Tested on: 6.00 - CVE : CVE-2023-23333 import argparse import requests def vulncheckipaddress, port: url =...

9.8CVSS7.4AI score0.99273EPSS
Exploits9
Packet Storm
Packet Storm
added 2023/08/04 12:0 a.m.308 views

Intelliants Subrion CMS 4.2.1 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Intelliants Subrion CMS 4.2.1 - Authenticated File Upload Bypass to RCE', 'Description' = %q This module exploits an authenticated file upload...

7.2CVSS7.1AI score0.64261EPSS
Exploits10
Packet Storm
Packet Storm
added 2023/08/04 12:0 a.m.308 views

Coupons CMS 5.00 Open Redirect

==================================================================================================================================== | Title : Coupons CMS v5.00 URL redirection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 64.0.2 32-bit...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/07/25 12:0 a.m.308 views

WordPress Tablesome Cross Site Scripting

Tittle: WordPress Plugin Tablesome alert/XSS/ https://example.com/wp-admin/edit.php?posttype=tablesomecpt&cantracktablesomeevents=1&alert/XSS/ Classification: Type XSS OWASP top 10 A7: Cross-Site Scripting XSS CWE-79 wpScan: https://wpscan.com/vulnerability/8ef64490-30cd-4e07-9b7c-64f551944f3d...

6.1CVSS7.1AI score0.01067EPSS
Exploits3
Packet Storm
Packet Storm
added 2023/07/17 12:0 a.m.308 views

ChainCity Real Estate Investment Platform 1.0 Cross Site Scripting

Exploit Title: ChainCity Real Estate Investment Platform 1.0 - Stored XSS Exploit Author: skalvin aka CraCkEr Date: 12/07/2023 Vendor: Bug Finder Vendor Homepage: https://bugfinder.net/ Software Link: https://script.bugfinder.net/chaincity/ Tested on: Windows 10 Pro Impact: Manipulate the content...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/07/17 12:0 a.m.308 views

Finounce 1.0 Cross Site Scripting

Exploit Title: Finounce 1.0 - Stored XSS Exploit Author: CraCkEr Date: 12/07/2023 Vendor: Bug Finder Vendor Homepage: https://bugfinder.net/ Software Link: https://bugfinder.net/product/finounce-an-advance-peer-to-peer-crypto-exchange-platform/20 Tested on: Windows 10 Pro Impact: Manipulate the...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/05/24 12:0 a.m.308 views

Hubstaff 1.6.14-61e5e22e DLL Hijacking

Exploit Title: Hubstaff 1.6.14-61e5e22e - 'wow64log' DLL Search Order Hijacking Date: 14/05/2023 Exploit Author: Ahsan Azad Vendor Homepage: https://hubstaff.com/ Software Link: https://app.hubstaff.com/download Version: 1.6.13, 1.6.14 Tested On: 64-bit operating system, x64-based processor...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/01/02 12:0 a.m.308 views

Oracle Unified Audit Policy Bypass

Title: CVE-2021-35576 – Oracle database system Unified Audit Policy ByPass Product: Database Manufacturer: Oracle Affected Versions: 12.1.0.2, 12.2.0.1, 19c Tested Versions: 19c Risk Level: low Solution Status: Fixed Manufacturer Notification: 2021-03-17 Solution Date: 2021-10-17 Public Disclosur...

4CVSS0.6AI score0.01381EPSS
Exploits5
Packet Storm
Packet Storm
added 2022/11/21 12:0 a.m.308 views

Trojan.Win32.Platinum.gen MVID-2022-0657 Code Execution

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/71a76adeadc7b51218d265771fc2b0d1.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan.Win32.Platinum.gen Vulnerability: Arbitrary Code Execution Description: The malware...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/07/29 12:0 a.m.308 views

Transposh WordPress Translation 1.0.7 Cross Site Scripting

RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Transposh WordPress Translation Vendor URL: https://wordpress.org/plugins/transposh-translation-filter-for-wordpress/ Type: Cross-Site Scripting CWE-79 Date found: 2021-08-19 Date published:...

5.7AI score0.03508EPSS
Exploits7
Packet Storm
Packet Storm
added 2021/12/20 12:0 a.m.308 views

Signup PHP Portal 2.1 Shell Upload

-- Exploit Title: Signup Php Portal Arbitrary File Upload Google Dork: N/A Date: 19/12/2021 Exploit Author: Sohel Yousef - [email protected] Software Link: https://codecanyon.net/item/signup-php-portal/23066564 Software Demo :https://ocsolutions.co.in/signupcustomscript/customerregister.php...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/10/18 12:0 a.m.308 views

Backdoor.Win32.LanaFTP.k Heap Corruption

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/e2660742a80433e027ee9bdedc40e190.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.LanaFTP.k Vulnerability: Heap Corruption Description: The malware listens on TCP port...

Exploits0
Total number of security vulnerabilities5000