Lucene search
K
PacketstormMost viewed

50784 matches found

Packet Storm
Packet Storm
added 2024/08/08 12:0 a.m.308 views

Journyx 11.5.4 Cross Site Scripting

KL-001-2024-009: Journyx Reflected Cross Site Scripting Title: Journyx Reflected Cross Site Scripting Advisory ID: KL-001-2024-009 Publication Date: 2024.08.07 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-009.txt 1. Vulnerability Details Affected Vendor: Journyx Affecte...

7.1AI score0.00713EPSS
Exploits2
Packet Storm
Packet Storm
added 2024/08/07 12:0 a.m.308 views

Covid-19 Directory On Vaccination System 1.0 Insecure Settings

==================================================================================================================================== | Title : Covid-19 Directory on Vaccination System v1.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/02 12:0 a.m.308 views

AccPack Buzz 1.0 SQL Injection

============================================================================================================================================= | Title : AccPack Buzz v1.0 Auth By Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits ...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/06/26 12:0 a.m.308 views

Automad 2.0.0-alpha.4 Cross Site Scripting

Exploit Title: Automad 2.0.0-alpha.4 - Stored Cross-Site Scripting XSS Date: 20-06-2024 Exploit Author: Jerry Thomas w3bn00b3r Vendor Homepage: https://automad.org Software Link: https://github.com/marcantondahmen/automad Category: Web Application Flat File CMS Version: 2.0.0-alpha.4 Tested on:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/14 12:0 a.m.308 views

EasyPX CMS 06.02.04 Cross Site Scripting

==================================================================================================================================== | Title : EasyPX CMS V06.02.04 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 64.0.2 32-bit | | Vend...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/07 12:0 a.m.308 views

mooSocial 3.1.8 Cross Site Scripting

Exploit Title: mooSocial 3.1.8 - Reflected XSS Exploit Author: CraCkEr Date: 28/07/2023 Vendor: mooSocial Vendor Homepage: https://moosocial.com/ Software Link: https://travel.moosocial.com/ Tested on: Windows 10 Pro Impact: Manipulate the content of the site CVE: CVE-2023-4173 Greetings...

7.1AI score0.03336EPSS
Exploits5
Packet Storm
Packet Storm
added 2023/08/04 12:0 a.m.308 views

Virtual Snipers DMS 1.0 SQL Injection

==================================================================================================================================== | Title : Virtual Snipers DMS v1.0 Auth by pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/07/25 12:0 a.m.308 views

WordPress Tablesome Cross Site Scripting

Tittle: WordPress Plugin Tablesome alert/XSS/ https://example.com/wp-admin/edit.php?posttype=tablesomecpt&cantracktablesomeevents=1&alert/XSS/ Classification: Type XSS OWASP top 10 A7: Cross-Site Scripting XSS CWE-79 wpScan: https://wpscan.com/vulnerability/8ef64490-30cd-4e07-9b7c-64f551944f3d...

6.1CVSS7.1AI score0.01067EPSS
Exploits3
Packet Storm
Packet Storm
added 2023/07/17 12:0 a.m.308 views

ChainCity Real Estate Investment Platform 1.0 Cross Site Scripting

Exploit Title: ChainCity Real Estate Investment Platform 1.0 - Stored XSS Exploit Author: skalvin aka CraCkEr Date: 12/07/2023 Vendor: Bug Finder Vendor Homepage: https://bugfinder.net/ Software Link: https://script.bugfinder.net/chaincity/ Tested on: Windows 10 Pro Impact: Manipulate the content...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/07/17 12:0 a.m.308 views

Finounce 1.0 Cross Site Scripting

Exploit Title: Finounce 1.0 - Stored XSS Exploit Author: CraCkEr Date: 12/07/2023 Vendor: Bug Finder Vendor Homepage: https://bugfinder.net/ Software Link: https://bugfinder.net/product/finounce-an-advance-peer-to-peer-crypto-exchange-platform/20 Tested on: Windows 10 Pro Impact: Manipulate the...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/01/02 12:0 a.m.308 views

Oracle Unified Audit Policy Bypass

Title: CVE-2021-35576 – Oracle database system Unified Audit Policy ByPass Product: Database Manufacturer: Oracle Affected Versions: 12.1.0.2, 12.2.0.1, 19c Tested Versions: 19c Risk Level: low Solution Status: Fixed Manufacturer Notification: 2021-03-17 Solution Date: 2021-10-17 Public Disclosur...

4CVSS0.6AI score0.01381EPSS
Exploits5
Packet Storm
Packet Storm
added 2022/11/25 12:0 a.m.308 views

Sanitization Management System 1.0 SQL Injection

Title: SMS - PHP by: oretnom23 v1.0 SQLi Author: nu11secur1ty Date: 11.25.2022 Vendor: https://github.com/oretnom23, https://www.sourcecodester.com/users/tips23 Software:...

Exploits0
Packet Storm
Packet Storm
added 2022/07/29 12:0 a.m.308 views

Transposh WordPress Translation 1.0.7 Cross Site Scripting

RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Transposh WordPress Translation Vendor URL: https://wordpress.org/plugins/transposh-translation-filter-for-wordpress/ Type: Cross-Site Scripting CWE-79 Date found: 2021-08-19 Date published:...

5.7AI score0.03644EPSS
Exploits7
Packet Storm
Packet Storm
added 2022/03/30 12:0 a.m.308 views

WordPress Cab-Fare-Calculator 1.0.3 Local File Inclusion

Exploit Title: WordPress Plugin cab-fare-calculator 1.0.3 - Local File Inclusion - Unauthenticated Google Dork: inurl:/wp-content/plugins/cab-fare-calculator/ Date: 29-03-2022 Exploit Author: Hassan Khan Yusufzai - Splint3r7 Vendor Homepage: https://wordpress.org/plugins/cab-fare-calculator/...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/01/13 12:0 a.m.308 views

Online Diagnostic Lab Management System 1.0 Cross Site Scripting

Exploit Title: Online Diagnostic Lab Management System 1.0 - Stored Cross Site Scripting XSS Date: 11/01/2022 Exploit Author: Himash Vendor Homepage: https://www.sourcecodester.com/php/15129/online-diagnostic-lab-management-system-php-free-source-code.html Software Link:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/12/14 12:0 a.m.308 views

Online Thesis Archiving System 1.0 SQL Injection / Cross Site Scripting

Exploit Title: Online Thesis Archiving System 1.0 - SQLi Authentication Bypass & Stored XSS Exploit Author: Yehia Elghaly YME Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/15083/online-thesis-archiving-system-using-phpoop-free-source-code.html...

0.7AI score
Exploits0
Packet Storm
Packet Storm
added 2021/10/18 12:0 a.m.308 views

Backdoor.Win32.LanaFTP.k Heap Corruption

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/e2660742a80433e027ee9bdedc40e190.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.LanaFTP.k Vulnerability: Heap Corruption Description: The malware listens on TCP port...

Exploits0
Packet Storm
Packet Storm
added 2021/06/24 12:0 a.m.308 views

Trojan.Win32.SecondThought.ak Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/21cd8bab6b3569f7b375a69a37e36c50.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan.Win32.SecondThought.ak Vulnerability: Insecure Permissions Description: The malware creates a...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/12/08 12:0 a.m.308 views

Online Bus Booking System Project Using PHP MySQL 1.0 SQL Injection

For CVE-2020-25889: Exploit Title: online bus booking system project using PHP MySQL - SQL Injection Exploit Author: Krishna Yadav Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/14438/online-bus-booking-system-project-using-phpmysql.html Version:...

9.7AI score0.02726EPSS
Exploits2
Packet Storm
Packet Storm
added 2020/10/14 12:0 a.m.308 views

TimeClock Software 1.01 SQL Injection

!/usr/bin/python3 Exploit Title: TimeClock Software 1.01 Authenticated Time-Based SQL Injection Date: July 21, 2020 Exploit Author: François Bibeau Co Author: Tyler Butler, http://tbutler.org, https://twitter.com/tbutler0x90 Vendor Homepage: http://timeclock-software.net/ Software Link:...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2020/07/07 12:0 a.m.308 views

F5 BIG-IP TMUI Directory Traversal / File Upload / Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'F5 BIG-IP TMUI Directory Traversal and File Upload RCE', 'Description' = %q This module exploits a directory traversal in F5's BIG-IP Traffic...

10CVSS0.1AI score0.99999EPSS
Exploits60
Packet Storm
Packet Storm
added 2025/09/12 12:0 a.m.307 views

📄 Sitecore XP Post-Authentication File Upload

This Metasploit module exploits Sitecore XP with a file upload vulnerability in PowerShell extensions and a hardcoded credential vulnerability with the ServicesAPI account to gain a foothold. This module requires Metasploit: https://metasploit.com/download Current source:...

8.8CVSS7.2AI score0.39961EPSS
Exploits7
Packet Storm
Packet Storm
added 2024/09/25 12:0 a.m.307 views

PHP SPM 1.0 Code Injection

============================================================================================================================================= | Title : php spm 1.0 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.0 64 bits ...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/09/06 12:0 a.m.307 views

C-MOR Video Surveillance 5.2401 Path Traversal

Advisory ID: SYSS-2024-025 Product: C-MOR Video Surveillance Manufacturer: za-internet GmbH Affected Versions: 5.2401 Tested Versions: 5.2401 Vulnerability Type: Relative Path Traversal CWE-23 Risk Level: High Solution Status: Fixed Manufacturer Notification: 2024-04-05 Solution Date: 2024-07-31...

7.1CVSS7.1AI score0.01267EPSS
Exploits2
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.307 views

QNAP QTS and Photo Station Local File Inclusion

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'QNAP QTS and Photo Station Local File Inclusion', 'Description' = %q This module exploits a local file inclusion in QNAP QTS and Photo Station th...

9.8CVSS7AI score0.89681EPSS
Exploits11
Packet Storm
Packet Storm
added 2024/07/09 12:0 a.m.307 views

Ivanti EPM RecordGoodApp SQL Injection / Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ivanti EPM RecordGoodApp SQLi RCE', 'Description' = %q Ivanti Endpoint Manager EPM 2022 SU5 and prior are vulnerable to unauthenticated SQL...

9.6CVSS7.4AI score0.99951EPSS
Exploits5
Packet Storm
Packet Storm
added 2024/04/02 12:0 a.m.307 views

E-Insurance 1.0 Cross Site Scripting

Exploit Title: E-INSUARANCE v1.0 - Stored Cross Site Scripting XSS Google Dork: NA Date: 28-03-2024 Exploit Author: Sandeep Vishwakarma Vendor Homepage: https://www.sourcecodester.com Software Link:https://www.sourcecodester.com/php/16995/insurance-management-system-php-mysql.html Version: v1.0...

7.2AI score
Exploits0
Packet Storm
Packet Storm
added 2023/10/10 12:0 a.m.307 views

Coppermine Gallery 1.6.25 Remote Code Execution

Exploit Title: coppermine-gallery 1.6.25 RCE Application: coppermine-gallery Version: v1.6.25 Bugs: RCE Technology: PHP Vendor URL: https://coppermine-gallery.net/ Software Link: https://github.com/coppermine-gallery/cpg1.6.x/archive/refs/tags/v1.6.25.zip Date of found: 05.09.2023 Author: Mirabba...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/08 12:0 a.m.307 views

Doubleclick Admin 1 Cross Site Request Forgery

==================================================================================================================================== | Title : Doubleclick Admin v1 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 115.0.264-bit | |...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/04 12:0 a.m.307 views

Videoplay 1.3.0 Insecure Settings

====================================================================================================================================== | Title : Videoplay V1.3.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.332-b...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/05/24 12:0 a.m.307 views

Prestashop 8.0.4 CSV Injection

Exploit Title: Prestashop 8.0.4 - CSV injection Application: prestashop Version: 8.0.4 Bugs: CSV Injection Technology: PHP Vendor URL: https://prestashop.com/ Software Link: https://prestashop.com/prestashop-edition-basic/ Date of found: 14.05.2023 Author: Mirabbas Ağalarov Tested on: Windows 2...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/05/15 12:0 a.m.307 views

Screen SFT DAB 600/C Authentication Bypass / Admin Password Change

!/usr/bin/env python3 Screen SFT DAB 600/C Authentication Bypass Admin Password Change Exploit Vendor: DB Elettronica Telecomunicazioni SpA Product web page: https://www.screen.it | https://www.dbbroadcast.com https://www.dbbroadcast.com/products/radio/sft-dab-series-compact-air/ Affected version...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/05/10 12:0 a.m.307 views

Optoma 1080PSTX Firmware C02 Authentication Bypass

Exploit Title: Optoma 1080PSTX Firmware C02 - Auth Bypass Date: 2023/05/09 Exploit Author: Anthony Cole Contact: http://twitter.com/acole76 Website: http://twitter.com/acole76 Vendor Homepage: http://optoma.com Version: Optoma 1080PSTX Firmware C02 Tested on: N/A CVE : CVE-2023-27823 Details By...

7.1AI score0.52515EPSS
Exploits3
Packet Storm
Packet Storm
added 2023/02/15 12:0 a.m.307 views

Arris Router Firmware 9.1.103 Remote Code Execution

c Exploit Title: Arris Router Firmware 9.1.103 - Remote Code Execution RCE Authenticated Date: 17/11/2022 Exploit Author: Yerodin Richards Vendor Homepage: https://www.commscope.com/ Version: 9.1.103 Tested on: TG2482A, TG2492, SBG10 CVE : CVE-2022-45701 import requests import base64 routerhost =...

0.4AI score0.45313EPSS
Exploits6
Packet Storm
Packet Storm
added 2022/09/22 12:0 a.m.307 views

Multix 2.4 Cross Site Request Forgery

Exploit Title: Multix - Multipurpose Website CMS with Codeigniter Cross Site Request Forgery Exploit Author: th3d1gger Vendor Homepage: https://codecanyon.net Software Link: https://codecanyon.net/item/multix-multipurpose-website-cms-with-codeigniter/23537596 Version: Version 2.4 Tested on Ubuntu...

0.8AI score
Exploits0
Packet Storm
Packet Storm
added 2022/06/19 12:0 a.m.307 views

Zyxel Buffer Overflow / Format String / Command Injection

-- HNS-2022-02 - HN Security Advisory - https://security.humanativaspa.it/ Title: Multiple vulnerabilities in Zyxel zysh Products: Zyxel firewalls, AP controllers, and APs Author: Marco Ivaldi Date: 2022-06-07 CVE Names and Vendor CVSS Scores: CVE-2022-26531:...

7.8CVSS0.3AI score0.05805EPSS
Exploits4
Packet Storm
Packet Storm
added 2022/04/12 12:0 a.m.307 views

Explore CMS 1.0 SQL Injection

Exploit Title: explore CMS - Boolean Based SQL Injection Date: 19/03/2022 Exploit Author: Sajibe Kanti Vendor Name : EXPLORE IT Vendor Homepage: https://exploreit.com.bd CVE: On Request POC SQL Injection SQL injection is a web security vulnerability that allows an attacker to interfere with the...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2022/01/12 12:0 a.m.307 views

WordPress Frontend Uploader 1.3.2 Cross Site Scripting

Exploit Title: WordPress Plugin Frontend Uploader 1.3.2 - Stored Cross Site Scripting XSS Unauthenticated Date: 10/01/2022 Exploit Author: Veshraj Ghimire Vendor Homepage: https://wordpress.org/plugins/frontend-uploader/ Software Link: https://plugins.trac.wordpress.org/browser/frontend-uploader/...

6.1CVSS6.3AI score0.26379EPSS
Exploits6
Packet Storm
Packet Storm
added 2021/10/04 12:0 a.m.307 views

College Management System 1.0 SQL Injection

Exploit Title: college management system - SQL Injection Authentication Bypass Date: 01/10/2021 Exploit Author: Abdulrahman https://twitter.com/infosec90 Vendor Homepage: https://www.eedunext.com/ Software Link: https://code-projects.org/college-management-system-in-php-with-source-code/ Version:...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2021/08/12 12:0 a.m.307 views

Xiaomi 10.2.4.g Information Disclosure

Exploit Title: Xiaomi browser 10.2.4.g - Browser Search History Disclosure Date: 27-Dec-2018 Exploit Author: Vishwaraj101 Vendor Homepage: https://www.mi.com/us Software Link: https://www.apkmirror.com/apk/xiaomi-inc/mi-browse/mi-browse-10-2-4-release/ Version: 10.2.4.g Tested on: Tested in Andro...

5.3CVSS5.4AI score0.10009EPSS
Exploits4
Packet Storm
Packet Storm
added 2021/03/10 12:0 a.m.307 views

Atlassian JIRA 8.11.1 User Enumeration

Title: Atlassian JIRA 8.11.1 - User Enumeration Author: Dolev Farhi Vulnerable versions: version ' print'e.g. python3 script.py https://jiratarget.com usernames.txt' sys.exit if lensys.argv 3: help server = sys.argv1 usernames = sys.argv2 randomuser = '0x00001' try: os.path.existsusernames except...

5CVSS0.4AI score0.99603EPSS
Exploits8
Packet Storm
Packet Storm
added 2020/12/31 12:0 a.m.307 views

qdPM 9.1 PHP Object Injection

-------------------------------------------------------------- qdPM getParameter'format'; 299. $filename = $request-getParameter'filename'; 300. 301. $export = unserialize$request-getParameter'export'; User input passed through the "export" request parameter is not properly sanitized before being...

0.1AI score0.02502EPSS
Exploits2
Packet Storm
Packet Storm
added 2020/11/05 12:0 a.m.307 views

iDS6 DSSPro Digital Signage System 6.2 CAPTCHA Security Bypass

iDS6 DSSPro Digital Signage System 6.2 CAPTCHA Security Bypass Vendor: Guangzhou Yeroo Tech Co., Ltd. Product web page: http://www.yerootech.com Affected version: V6.2 B2014.12.12.1220 V5.6 B2017.07.12.1757 V4.3 Summary: iDS6 Software's DSSPro network digital signage management system is a...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2019/11/21 12:0 a.m.307 views

Microsoft Internet Explorer Use-After-Free

IE: Use-after-free in JScript arguments during toJSON callback There is a use-after-free issue in JSCript triggerable via Internet Explorer where the members of the 'arguments' object aren't tracked by the garbage collector during the 'toJSON' callback. Thus, during the 'toJSON' callback, it is...

7.6CVSS8.2AI score0.72626EPSS
Exploits3
Packet Storm
Packet Storm
added 2019/01/16 12:0 a.m.307 views

Microsoft Windows Net-NTLMv2 Reflection DCOM/RPC Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/post/windows/reflectivedllinjection' class MetasploitModule 'Windows Net-NTLMv2 Reflection DCOM/RPC Juicy', 'Description' = %q This module utilizes the...

7.2CVSS0.6AI score0.87042EPSS
Exploits23
Packet Storm
Packet Storm
added 2018/11/16 12:0 a.m.307 views

Easy Outlook Express Recovery 2.0 Denial Of Service

Exploit Title: Easy Outlook Express Recovery 2.0 - Denial of Service PoC Dork: N/A Date: 2018-11-15 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.munsoft.com/EasyOutlookExpressRecovery/ Software Link:...

0.6AI score
Exploits0
Packet Storm
Packet Storm
added 2025/04/08 12:0 a.m.306 views

📄 Pandora FMS Authenticated Command Injection

This Metasploit module exploits a command injection vulnerability in the chromium-path or phantomjs-bin directory setting at the application settings page of Pandora FMS. You need to have administrative access in the Pandora FMS web application in order to achieve remote code execution. This modu...

8.6CVSS9.7AI score0.59424EPSS
Exploits2
Packet Storm
Packet Storm
added 2024/09/16 12:0 a.m.306 views

GYM Management System 1.0 Insecure Settings

==================================================================================================================================== | Title : GYM Management System 1.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.0 64...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.306 views

Siemens SIPROTEC 4 and SIPROTEC Compact EN100 Ethernet Module Denial Of Service

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Siemens SIPROTEC 4 and SIPROTEC Compact EN100 Ethernet Module - Denial of Service', 'Description' = %q This module sends a specially crafted pack...

7.8CVSS7AI score0.74497EPSS
Exploits7
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.306 views

Cablehaunt Cable Modem WebSocket Denial of Service

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'eventmachine' require 'faye/websocket' class MetasploitModule '"Cablehaunt" Cable Modem WebSocket DoS', 'Description' = %q There exists a buffer overflow...

9.3CVSS7.1AI score0.22924EPSS
Exploits3
Total number of security vulnerabilities5000