Lucene search
K
PacketstormMost viewed

50748 matches found

Packet Storm
Packet Storm
added 2021/10/18 12:0 a.m.308 views

Backdoor.Win32.LanaFTP.k Heap Corruption

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/e2660742a80433e027ee9bdedc40e190.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.LanaFTP.k Vulnerability: Heap Corruption Description: The malware listens on TCP port...

Exploits0
Packet Storm
Packet Storm
added 2021/06/17 12:0 a.m.308 views

Unified Office Total Connect Now 1.0 SQL Injection

Exploit Title: Unified Office Total Connect Now 1.0 – 'data' SQL Injection Shodan Filter: http.title:"TCN User Dashboard" Date: 06-16-2021 Exploit Author: Ajaikumar Nadar Vendor Homepage: https://unifiedoffice.com/ Software Link: https://unifiedoffice.com/voip-business-solutions/ Version: 1.0...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2020/12/08 12:0 a.m.308 views

Online Bus Booking System Project Using PHP MySQL 1.0 SQL Injection

For CVE-2020-25889: Exploit Title: online bus booking system project using PHP MySQL - SQL Injection Exploit Author: Krishna Yadav Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/14438/online-bus-booking-system-project-using-phpmysql.html Version:...

9.7AI score0.02726EPSS
Exploits2
Packet Storm
Packet Storm
added 2020/01/09 12:0 a.m.308 views

Oracle Weblogic 10.3.6.0.0 Remote Command Execution

Exploit Title: Oracle Weblogic 10.3.6.0.0 - Remote Command Execution Date: 2020-01-08 Exploit Author: Waffles & Paveway3 Vendor Homepage: https://www.oracle.com/middleware/technologies/weblogic.html Version: 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 Tested on: Windows CVE : CVE-2019-2729 SerialLogic.py...

7.5CVSS0.2AI score0.8883EPSS
Exploits11
Packet Storm
Packet Storm
added 2018/12/07 12:0 a.m.308 views

FutureNet NXR-G240 Series ShellShock Command Injection

-- coding: utf-8 -- Title: FutureNet NXR-G240 Series - "ShellShock" Remote Command Injection Date: 2018-06-12 Author: Nassim Asrir You have a Q ? Contact me at: https://www.linkedin.com/in/nassim-asrir-b73a57122/ Vendor: http://www.centurysys.co.jp/ CVE: CVE-2014-6271 Greetz to : Nadia BENCHIKHA...

10CVSS0.4AI score0.99999EPSS
Exploits131
Packet Storm
Packet Storm
added 2024/09/06 12:0 a.m.307 views

C-MOR Video Surveillance 5.2401 Path Traversal

Advisory ID: SYSS-2024-025 Product: C-MOR Video Surveillance Manufacturer: za-internet GmbH Affected Versions: 5.2401 Tested Versions: 5.2401 Vulnerability Type: Relative Path Traversal CWE-23 Risk Level: High Solution Status: Fixed Manufacturer Notification: 2024-04-05 Solution Date: 2024-07-31...

7.1CVSS7.1AI score0.01267EPSS
Exploits2
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.307 views

ManageEngine DataSecurity Plus Xnode Enumeration

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ManageEngine DataSecurity Plus Xnode Enumeration', 'Description' = %q This module exploits default admin credentials for the DataEngine Xnode...

10CVSS9.6AI score0.77477EPSS
Exploits7
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.307 views

QNAP QTS and Photo Station Local File Inclusion

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'QNAP QTS and Photo Station Local File Inclusion', 'Description' = %q This module exploits a local file inclusion in QNAP QTS and Photo Station th...

9.8CVSS7AI score0.89681EPSS
Exploits11
Packet Storm
Packet Storm
added 2024/04/02 12:0 a.m.307 views

E-Insurance 1.0 Cross Site Scripting

Exploit Title: E-INSUARANCE v1.0 - Stored Cross Site Scripting XSS Google Dork: NA Date: 28-03-2024 Exploit Author: Sandeep Vishwakarma Vendor Homepage: https://www.sourcecodester.com Software Link:https://www.sourcecodester.com/php/16995/insurance-management-system-php-mysql.html Version: v1.0...

7.2AI score
Exploits0
Packet Storm
Packet Storm
added 2023/10/10 12:0 a.m.307 views

Coppermine Gallery 1.6.25 Remote Code Execution

Exploit Title: coppermine-gallery 1.6.25 RCE Application: coppermine-gallery Version: v1.6.25 Bugs: RCE Technology: PHP Vendor URL: https://coppermine-gallery.net/ Software Link: https://github.com/coppermine-gallery/cpg1.6.x/archive/refs/tags/v1.6.25.zip Date of found: 05.09.2023 Author: Mirabba...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/14 12:0 a.m.307 views

EasyPX CMS 06.02.04 Cross Site Scripting

==================================================================================================================================== | Title : EasyPX CMS V06.02.04 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 64.0.2 32-bit | | Vend...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/08 12:0 a.m.307 views

Doubleclick Admin 1 Cross Site Request Forgery

==================================================================================================================================== | Title : Doubleclick Admin v1 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 115.0.264-bit | |...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/07 12:0 a.m.307 views

mooSocial 3.1.8 Cross Site Scripting

Exploit Title: mooSocial 3.1.8 - Reflected XSS Exploit Author: CraCkEr Date: 28/07/2023 Vendor: mooSocial Vendor Homepage: https://moosocial.com/ Software Link: https://travel.moosocial.com/ Tested on: Windows 10 Pro Impact: Manipulate the content of the site CVE: CVE-2023-4173 Greetings...

7.1AI score0.03336EPSS
Exploits5
Packet Storm
Packet Storm
added 2023/05/15 12:0 a.m.307 views

Screen SFT DAB 600/C Authentication Bypass / Admin Password Change

!/usr/bin/env python3 Screen SFT DAB 600/C Authentication Bypass Admin Password Change Exploit Vendor: DB Elettronica Telecomunicazioni SpA Product web page: https://www.screen.it | https://www.dbbroadcast.com https://www.dbbroadcast.com/products/radio/sft-dab-series-compact-air/ Affected version...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/05/10 12:0 a.m.307 views

Optoma 1080PSTX Firmware C02 Authentication Bypass

Exploit Title: Optoma 1080PSTX Firmware C02 - Auth Bypass Date: 2023/05/09 Exploit Author: Anthony Cole Contact: http://twitter.com/acole76 Website: http://twitter.com/acole76 Vendor Homepage: http://optoma.com Version: Optoma 1080PSTX Firmware C02 Tested on: N/A CVE : CVE-2023-27823 Details By...

7.1AI score0.52515EPSS
Exploits3
Packet Storm
Packet Storm
added 2023/02/15 12:0 a.m.307 views

Arris Router Firmware 9.1.103 Remote Code Execution

c Exploit Title: Arris Router Firmware 9.1.103 - Remote Code Execution RCE Authenticated Date: 17/11/2022 Exploit Author: Yerodin Richards Vendor Homepage: https://www.commscope.com/ Version: 9.1.103 Tested on: TG2482A, TG2492, SBG10 CVE : CVE-2022-45701 import requests import base64 routerhost =...

0.4AI score0.45313EPSS
Exploits6
Packet Storm
Packet Storm
added 2022/11/25 12:0 a.m.307 views

Sanitization Management System 1.0 SQL Injection

Title: SMS - PHP by: oretnom23 v1.0 SQLi Author: nu11secur1ty Date: 11.25.2022 Vendor: https://github.com/oretnom23, https://www.sourcecodester.com/users/tips23 Software:...

Exploits0
Packet Storm
Packet Storm
added 2022/06/19 12:0 a.m.307 views

Zyxel Buffer Overflow / Format String / Command Injection

-- HNS-2022-02 - HN Security Advisory - https://security.humanativaspa.it/ Title: Multiple vulnerabilities in Zyxel zysh Products: Zyxel firewalls, AP controllers, and APs Author: Marco Ivaldi Date: 2022-06-07 CVE Names and Vendor CVSS Scores: CVE-2022-26531:...

7.8CVSS0.3AI score0.05805EPSS
Exploits4
Packet Storm
Packet Storm
added 2022/04/12 12:0 a.m.307 views

Explore CMS 1.0 SQL Injection

Exploit Title: explore CMS - Boolean Based SQL Injection Date: 19/03/2022 Exploit Author: Sajibe Kanti Vendor Name : EXPLORE IT Vendor Homepage: https://exploreit.com.bd CVE: On Request POC SQL Injection SQL injection is a web security vulnerability that allows an attacker to interfere with the...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2022/03/30 12:0 a.m.307 views

WordPress Cab-Fare-Calculator 1.0.3 Local File Inclusion

Exploit Title: WordPress Plugin cab-fare-calculator 1.0.3 - Local File Inclusion - Unauthenticated Google Dork: inurl:/wp-content/plugins/cab-fare-calculator/ Date: 29-03-2022 Exploit Author: Hassan Khan Yusufzai - Splint3r7 Vendor Homepage: https://wordpress.org/plugins/cab-fare-calculator/...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/01/13 12:0 a.m.307 views

Online Diagnostic Lab Management System 1.0 Cross Site Scripting

Exploit Title: Online Diagnostic Lab Management System 1.0 - Stored Cross Site Scripting XSS Date: 11/01/2022 Exploit Author: Himash Vendor Homepage: https://www.sourcecodester.com/php/15129/online-diagnostic-lab-management-system-php-free-source-code.html Software Link:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/01/12 12:0 a.m.307 views

WordPress Frontend Uploader 1.3.2 Cross Site Scripting

Exploit Title: WordPress Plugin Frontend Uploader 1.3.2 - Stored Cross Site Scripting XSS Unauthenticated Date: 10/01/2022 Exploit Author: Veshraj Ghimire Vendor Homepage: https://wordpress.org/plugins/frontend-uploader/ Software Link: https://plugins.trac.wordpress.org/browser/frontend-uploader/...

6.1CVSS6.3AI score0.26379EPSS
Exploits6
Packet Storm
Packet Storm
added 2021/12/14 12:0 a.m.307 views

Online Thesis Archiving System 1.0 SQL Injection / Cross Site Scripting

Exploit Title: Online Thesis Archiving System 1.0 - SQLi Authentication Bypass & Stored XSS Exploit Author: Yehia Elghaly YME Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/15083/online-thesis-archiving-system-using-phpoop-free-source-code.html...

0.7AI score
Exploits0
Packet Storm
Packet Storm
added 2021/10/04 12:0 a.m.307 views

College Management System 1.0 SQL Injection

Exploit Title: college management system - SQL Injection Authentication Bypass Date: 01/10/2021 Exploit Author: Abdulrahman https://twitter.com/infosec90 Vendor Homepage: https://www.eedunext.com/ Software Link: https://code-projects.org/college-management-system-in-php-with-source-code/ Version:...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2021/08/12 12:0 a.m.307 views

Xiaomi 10.2.4.g Information Disclosure

Exploit Title: Xiaomi browser 10.2.4.g - Browser Search History Disclosure Date: 27-Dec-2018 Exploit Author: Vishwaraj101 Vendor Homepage: https://www.mi.com/us Software Link: https://www.apkmirror.com/apk/xiaomi-inc/mi-browse/mi-browse-10-2-4-release/ Version: 10.2.4.g Tested on: Tested in Andro...

5.3CVSS5.4AI score0.10009EPSS
Exploits4
Packet Storm
Packet Storm
added 2021/06/24 12:0 a.m.307 views

Trojan.Win32.SecondThought.ak Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/21cd8bab6b3569f7b375a69a37e36c50.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan.Win32.SecondThought.ak Vulnerability: Insecure Permissions Description: The malware creates a...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/03/10 12:0 a.m.307 views

Atlassian JIRA 8.11.1 User Enumeration

Title: Atlassian JIRA 8.11.1 - User Enumeration Author: Dolev Farhi Vulnerable versions: version ' print'e.g. python3 script.py https://jiratarget.com usernames.txt' sys.exit if lensys.argv 3: help server = sys.argv1 usernames = sys.argv2 randomuser = '0x00001' try: os.path.existsusernames except...

5CVSS0.4AI score0.99603EPSS
Exploits8
Packet Storm
Packet Storm
added 2020/12/31 12:0 a.m.307 views

qdPM 9.1 PHP Object Injection

-------------------------------------------------------------- qdPM getParameter'format'; 299. $filename = $request-getParameter'filename'; 300. 301. $export = unserialize$request-getParameter'export'; User input passed through the "export" request parameter is not properly sanitized before being...

0.1AI score0.02502EPSS
Exploits2
Packet Storm
Packet Storm
added 2020/11/05 12:0 a.m.307 views

iDS6 DSSPro Digital Signage System 6.2 CAPTCHA Security Bypass

iDS6 DSSPro Digital Signage System 6.2 CAPTCHA Security Bypass Vendor: Guangzhou Yeroo Tech Co., Ltd. Product web page: http://www.yerootech.com Affected version: V6.2 B2014.12.12.1220 V5.6 B2017.07.12.1757 V4.3 Summary: iDS6 Software's DSSPro network digital signage management system is a...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/07/07 12:0 a.m.307 views

F5 BIG-IP TMUI Directory Traversal / File Upload / Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'F5 BIG-IP TMUI Directory Traversal and File Upload RCE', 'Description' = %q This module exploits a directory traversal in F5's BIG-IP Traffic...

10CVSS0.1AI score0.99999EPSS
Exploits60
Packet Storm
Packet Storm
added 2019/11/21 12:0 a.m.307 views

Microsoft Internet Explorer Use-After-Free

IE: Use-after-free in JScript arguments during toJSON callback There is a use-after-free issue in JSCript triggerable via Internet Explorer where the members of the 'arguments' object aren't tracked by the garbage collector during the 'toJSON' callback. Thus, during the 'toJSON' callback, it is...

7.6CVSS8.2AI score0.72626EPSS
Exploits3
Packet Storm
Packet Storm
added 2019/01/16 12:0 a.m.307 views

Microsoft Windows Net-NTLMv2 Reflection DCOM/RPC Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/post/windows/reflectivedllinjection' class MetasploitModule 'Windows Net-NTLMv2 Reflection DCOM/RPC Juicy', 'Description' = %q This module utilizes the...

7.2CVSS0.6AI score0.87042EPSS
Exploits23
Packet Storm
Packet Storm
added 2018/11/16 12:0 a.m.307 views

Easy Outlook Express Recovery 2.0 Denial Of Service

Exploit Title: Easy Outlook Express Recovery 2.0 - Denial of Service PoC Dork: N/A Date: 2018-11-15 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.munsoft.com/EasyOutlookExpressRecovery/ Software Link:...

0.6AI score
Exploits0
Packet Storm
Packet Storm
added 2007/06/20 12:0 a.m.307 views

yabb-lfi.txt

Local File Include Vulnerabilities Problem: Local File Include Vulnerabilities Product: YaBB 1,640,000 clients 2. Local File Include I found many bugs like it in this board.Bugs relate one special variable for user$language, you can edit this variable in your profile. Examples, where I found bugs...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2025/09/12 12:0 a.m.306 views

📄 Sitecore XP Post-Authentication File Upload

This Metasploit module exploits Sitecore XP with a file upload vulnerability in PowerShell extensions and a hardcoded credential vulnerability with the ServicesAPI account to gain a foothold. This module requires Metasploit: https://metasploit.com/download Current source:...

8.8CVSS7.2AI score0.38428EPSS
Exploits7
Packet Storm
Packet Storm
added 2024/09/25 12:0 a.m.306 views

PHP SPM 1.0 Code Injection

============================================================================================================================================= | Title : php spm 1.0 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.0 64 bits ...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/09/01 12:0 a.m.306 views

Sentry Switched CDU Bruteforce Login Utility

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Sentry Switched CDU Bruteforce Login Utility', 'Description' = % This module scans for ServerTech's Sentry Switched CDU Cabinet Power Distributio...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.306 views

Siemens SIPROTEC 4 and SIPROTEC Compact EN100 Ethernet Module Denial Of Service

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Siemens SIPROTEC 4 and SIPROTEC Compact EN100 Ethernet Module - Denial of Service', 'Description' = %q This module sends a specially crafted pack...

7.8CVSS7AI score0.74497EPSS
Exploits7
Packet Storm
Packet Storm
added 2024/07/09 12:0 a.m.306 views

Ivanti EPM RecordGoodApp SQL Injection / Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ivanti EPM RecordGoodApp SQLi RCE', 'Description' = %q Ivanti Endpoint Manager EPM 2022 SU5 and prior are vulnerable to unauthenticated SQL...

9.6CVSS7.4AI score0.99951EPSS
Exploits5
Packet Storm
Packet Storm
added 2024/05/03 12:0 a.m.306 views

SOPlanning 1.52.00 Cross Site Request Forgery

/ !-- Update the following field to change the admins password to the...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/04/16 12:0 a.m.306 views

Backdoor.Win32.Dumador.c MVID-2024-0679 Buffer Overflow

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/6cc630843cabf23621375830df474bc5.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Dumador.c Vulnerability: Remote Stack Buffer Overflow SEH Description: The...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/01/11 12:0 a.m.306 views

PHPJabbers Cleaning Business Software 1.0 Missing Rate Limiting

Exploit Title: PHPJabbers Cleaning Business Software v1.0 - No Rate Limit Date: 19/12/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/cleaning-business-software/sectionDemo Version: v1.0 Tested...

7.4AI score0.00425EPSS
Exploits3
Packet Storm
Packet Storm
added 2023/08/04 12:0 a.m.306 views

Videoplay 1.3.0 Insecure Settings

====================================================================================================================================== | Title : Videoplay V1.3.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.332-b...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/07/14 12:0 a.m.306 views

Bazaar Social Listing Shopping Web PHP Template 2.3.2 Cross Site Scripting

==================================================================================================================================== | Title : Bazaar Social Listing Shopping Web PHP Template v2.3.2 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser :...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/06/16 12:0 a.m.306 views

QuickJob Portal 6.1 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/06/15 12:0 a.m.306 views

QUICKAD CMS 7.3 Cross Site Request Forgery

==================================================================================================================================== | Title : QUICKAD CMS 7.3 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.332-bit | | Vendor :...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/05/24 12:0 a.m.306 views

thrsrossi Millhouse-Project 1.414 Shell Upload

sdsdsds ------WebKitFormBoundaryzlHN0BEvvaJsDgh8 Content-Disposition: form-data; name="files"; filename="" Content-Type: application/octet-stream ------WebKitFormBoundaryzlHN0BEvvaJsDgh8 Content-Disposition: form-data; name="category" 1 ------WebKitFormBoundaryzlHN0BEvvaJsDgh8 Content-Disposition...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/05/24 12:0 a.m.306 views

Prestashop 8.0.4 CSV Injection

Exploit Title: Prestashop 8.0.4 - CSV injection Application: prestashop Version: 8.0.4 Bugs: CSV Injection Technology: PHP Vendor URL: https://prestashop.com/ Software Link: https://prestashop.com/prestashop-edition-basic/ Date of found: 14.05.2023 Author: Mirabbas Ağalarov Tested on: Windows 2...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/02/28 12:0 a.m.306 views

Osprey Pump Controller 1.0.1 Predictable Session Token / Session Hijacking

Osprey Pump Controller 1.0.1 Predictable Session Token / Session Hijack Vendor: ProPump and Controls, Inc. Product web page: https://www.propumpservice.com | https://www.pumpstationparts.com Affected version: Software Build ID 20211018, Production 10/18/2021 Mirage App: MirageAppManager, Release...

0.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/02/28 12:0 a.m.306 views

WordPress Real Estate 7 Theme 3.3.4 Cross Site Request Forgery

==== Z://USB-00RESEARCH/WORDPRESS/ ============================================= 2023 == Report Title: WordPress Real Estate 7 Theme = 3.3.4 - Multiple Cross-Site Request Forgery CSRF Vulnerabilities Google Dork: inurl:/wp-content/themes/realestate-7/ Research Date: 2023-02-10 Researcher: FearZzZ...

7.4AI score
Exploits0
Total number of security vulnerabilities5000