Lucene search
K
PacketstormMost viewed

50738 matches found

Packet Storm
Packet Storm
added 2025/03/07 12:0 a.m.305 views

OpenPanel 0.3.4 Directory Traversal / Arbitrary File Read

OpenPanel version 0.3.4 suffers from a directory traversal vulnerability in the fix permission functionality. This can be leveraged to change permissions on files unaccessible to userland and make them accessible to attackers. Exploit Title: OpenPanel 0.3.4 - Insecure Permission Modification via...

7.2AI score0.00421EPSS
Exploits2
Packet Storm
Packet Storm
added 2024/09/25 12:0 a.m.305 views

PHP SPM 1.0 Code Injection

============================================================================================================================================= | Title : php spm 1.0 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.0 64 bits ...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/09/01 12:0 a.m.305 views

Sentry Switched CDU Bruteforce Login Utility

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Sentry Switched CDU Bruteforce Login Utility', 'Description' = % This module scans for ServerTech's Sentry Switched CDU Cabinet Power Distributio...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.305 views

Cablehaunt Cable Modem WebSocket Denial of Service

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'eventmachine' require 'faye/websocket' class MetasploitModule '"Cablehaunt" Cable Modem WebSocket DoS', 'Description' = %q There exists a buffer overflow...

9.3CVSS7.1AI score0.22924EPSS
Exploits3
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.305 views

Siemens SIPROTEC 4 and SIPROTEC Compact EN100 Ethernet Module Denial Of Service

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Siemens SIPROTEC 4 and SIPROTEC Compact EN100 Ethernet Module - Denial of Service', 'Description' = %q This module sends a specially crafted pack...

7.8CVSS7AI score0.74497EPSS
Exploits7
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.305 views

Moxa UDP Device Discovery

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Moxa UDP Device Discovery', 'Description' = %q The Moxa protocol listens on 4800/UDP and will respond to broadcast or direct traffic. The service...

9.8CVSS7AI score0.20372EPSS
Exploits4
Packet Storm
Packet Storm
added 2024/06/13 12:0 a.m.305 views

Lost And Found Information System 1.0 SQL Injection

Exploit Title: Unauthenticated Blind Boolean-Based SQL Injection Exploit - Lost and Found Information System Exploit Author: Amit Roy Rezur / AR0x7 Date: June 07, 2024 Vendor Homepage:...

7.4AI score0.00869EPSS
Exploits2
Packet Storm
Packet Storm
added 2024/03/19 12:0 a.m.305 views

Quick.CMS 6.7 SQL Injection

Exploit Title: Quick.CMS 6.7 SQL Injection Login Bypass Google Dork: N/A Date: 02-03-2024 Exploit Author: ./H4X.Forensics - Diyar Vendor Homepage: https://www.opensolution.org Software Link: https://opensolution.org/download/home.html?sFile=Quick.Cmsv6.7-en.zip Version: 6.7 Tested on: Windows CVE...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/03/14 12:0 a.m.305 views

SolarView Compact 6.00 Command Injection

Exploit Title: SolarView Compact 6.00 - Command Injection - Shodan Dork: http.html:"solarview compact" - Exploit Author: ByteHunter - Email: [email protected] - Version: 6.00 - Tested on: 6.00 - CVE : CVE-2023-23333 import argparse import requests def vulncheckipaddress, port: url =...

9.8CVSS7.4AI score0.99273EPSS
Exploits9
Packet Storm
Packet Storm
added 2024/03/12 12:0 a.m.305 views

NorthStar C2 Agent 1.0 Cross Site Scripting / Remote Command Execution

Exploit Title: NorthStar C2 agent RCE via stored XSS Date: 2024-03-11 Exploit Author: @chebuya Software Link: https://github.com/EnginDemirbilek/NorthStarC2 Version: v1.0 Tested on: Ubuntu 20.04 LTS CVE: CVE-2024-28741 Description: NorthStar C2 applies insufficient sanitization on agent...

7.4AI score0.78158EPSS
Exploits5
Packet Storm
Packet Storm
added 2023/08/22 12:0 a.m.305 views

FOG Forum 0.8 Cross Site Scripting

==================================================================================================================================== | Title : FOG Forum v0.8 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit | | Vendor :...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/14 12:0 a.m.305 views

E-Biz CMS 2.0 Cross Site Request Forgery

==================================================================================================================================== | Title : E-Biz CMS v2.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 69.032-bit | | Vendor :...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/04 12:0 a.m.305 views

Virtual Snipers DMS 1.0 SQL Injection

==================================================================================================================================== | Title : Virtual Snipers DMS v1.0 Auth by pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/07/20 12:0 a.m.305 views

CMS Made Simple 2.2.17 Server-Side Template Injection

Exploit Title: CmsMadeSimple v2.2.17 - session hijacking via Server-Side Template Injection SSTI Application: CmsMadeSimple Version: v2.2.17 Bugs: SSTI Technology: PHP Vendor URL: https://www.cmsmadesimple.org/ Software Link: https://www.cmsmadesimple.org/downloads/cmsms Date of found: 13-07-2023...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/06/09 12:0 a.m.305 views

Thruk Monitoring Web Interface 3.06 Path Traversal

Exploit Title: Path Traversal Vulnerability in Thruk Monitoring Web Interface ≤ 3.06 Date: 08-Jun-2023 Exploit Author: Galoget Latorre @galoget CVE: CVE-2023-34096 Galoget Latorre Vendor Homepage: https://thruk.org/ Software Link: https://github.com/sni/Thruk/archive/refs/tags/v3.06.zip Software...

7.1AI score0.62682EPSS
Exploits5
Packet Storm
Packet Storm
added 2023/06/06 12:0 a.m.305 views

WordPress Tree Page View 1.6.7 Cross Site Scripting

Exploit Title: Tree Page View Plugin 1.6.7 - Cross Site Scripting XSS Google Dork: inurl:/wp-content/plugins/cms-tree-page-view/ Date: 2023-04-24 Exploit Author: LEE SE HYOUNG hackintoanetwork Vendor Homepage: https://wordpress.org/plugins/cms-tree-page-view/ Software Link:...

7.1CVSS7.1AI score0.03995EPSS
Exploits3
Packet Storm
Packet Storm
added 2023/05/24 12:0 a.m.305 views

Prestashop 8.0.4 CSV Injection

Exploit Title: Prestashop 8.0.4 - CSV injection Application: prestashop Version: 8.0.4 Bugs: CSV Injection Technology: PHP Vendor URL: https://prestashop.com/ Software Link: https://prestashop.com/prestashop-edition-basic/ Date of found: 14.05.2023 Author: Mirabbas Ağalarov Tested on: Windows 2...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/02/28 12:0 a.m.305 views

WordPress Real Estate 7 Theme 3.3.4 Cross Site Request Forgery

==== Z://USB-00RESEARCH/WORDPRESS/ ============================================= 2023 == Report Title: WordPress Real Estate 7 Theme = 3.3.4 - Multiple Cross-Site Request Forgery CSRF Vulnerabilities Google Dork: inurl:/wp-content/themes/realestate-7/ Research Date: 2023-02-10 Researcher: FearZzZ...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/02/23 12:0 a.m.305 views

Yoga Class Registration System 1.0 SQL Injection

Exploit Title: Authenticated POST based SQL Injection when delete user on Yoga Class Registration System Google Dork: NA Date: 23/2/2023 Exploit Author: Ahmed Ismail @MrOz1l Vendor Homepage: https://www.sourcecodester.com/php/16097/yoga-class-registration-system-php-and-mysql-free-source-code.htm...

0.2AI score0.00541EPSS
Exploits2
Packet Storm
Packet Storm
added 2022/11/04 12:0 a.m.305 views

Senayan Library Management System 9.5.0 SQL Injection

Title: Senayan Library Management System v9.5.0 a.k.a SLIMS 9 BULIAN SQLi Author: nu11secur1ty Date: 11.03.2022 Vendor: https://slims.web.id/web/ Software: https://github.com/slims/slims9bulian/releases Reference:...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2022/06/20 12:0 a.m.305 views

Old Age Home Management System 1.0 SQL Injection

Exploit Title: Old Age Home Management System 1.0 - SQLi Authentication Bypass Date: 12/06/2022 Exploit Author: twseptian Vendor Homepage: https://phpgurukul.com/old-age-home-management-system-using-php-and-mysql/ Software Link: https://phpgurukul.com/projects/Old-Age-Home-MS-using-PHP.zip Versio...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2022/04/20 12:0 a.m.305 views

Online Restaurant Table Reservation System 1.0 SQL Injection

Exploit Title: Online Restaurant Table Reservation System v1.0 Exploit Author: segf0lt Date: April 20, 2022 Vendor Homepage: https://www.sourcecodester.com/php/15286/online-restaurant-table-reservation-system-phpoop-free-source-code.html Software Link:...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2022/03/16 12:0 a.m.305 views

Pluck CMS 4.7.16 Shell Upload

Exploit Title: Pluck CMS 4.7.16 - Remote Code Execution RCE Authenticated Date: 13.03.2022 Exploit Author: Ashish Koli Shikari Vendor Homepage: https://github.com/pluck-cms/pluck Version: 4.7.16 Tested on Ubuntu 20.04.3 LTS CVE: CVE-2022-26965 Usage : python3 exploit.py Example: python3 exploit.p...

0.1AI score0.37716EPSS
Exploits4
Packet Storm
Packet Storm
added 2021/12/17 12:0 a.m.305 views

Backdoor.Win32.BNLite Buffer Overflow

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/9cec5a23887f0c73148ab3ea147a6fa4.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.BNLite Vulnerability: Remote Heap Based Buffer Overflow Description: The malware...

0.7AI score
Exploits0
Packet Storm
Packet Storm
added 2021/12/14 12:0 a.m.305 views

Online Thesis Archiving System 1.0 SQL Injection / Cross Site Scripting

Exploit Title: Online Thesis Archiving System 1.0 - SQLi Authentication Bypass & Stored XSS Exploit Author: Yehia Elghaly YME Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/15083/online-thesis-archiving-system-using-phpoop-free-source-code.html...

0.7AI score
Exploits0
Packet Storm
Packet Storm
added 2021/09/03 12:0 a.m.305 views

Remote Mouse 4.002 Unquoted Service Path

Exploit Title: Remote Mouse 4.002 - Unquoted Service Path Exploit Author: Salman Asad @deathflash1411, [email protected] Date: 03.09.2021 Software Link: https://www.remotemouse.net/downloads/RemoteMouse.exe Vendor Homepage: https://www.remotemouse.net/ Version: Remote Mouse 3.008 & 4.002 Tested on...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2021/08/25 12:0 a.m.305 views

WordPress Mail Masta 1.0 Local File Inclusion

Exploit Title: WordPress Plugin Mail Masta 1.0 - Local File Inclusion 2 Date: 2021-08-24 Exploit Author: Matheus Alexandre Xcatolin Software Link: https://downloads.wordpress.org/plugin/mail-masta.zip Version: 1.0 WordPress Plugin Mail Masta is prone to a local file inclusion vulnerability becaus...

Exploits0
Packet Storm
Packet Storm
added 2021/05/17 12:0 a.m.305 views

Advanced Guestbook 2.4.4 Cross Site Scripting

Exploit Title: Advanced Guestbook 2.4.4 - 'Smilies' Persistent Cross-Site Scripting XSS Date: 17/08/2021 Exploit Author: Abdulkadir AYDOGAN Vendor Homepage: https://www.ampps.com/apps/guestbooks/AdvancedGuestbook Software Link: https://www.ampps.com/apps/guestbooks/AdvancedGuestbook Version: 2.4....

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2020/06/22 12:0 a.m.305 views

Trend Micro Web Security (Virtual Appliance) Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Trend Micro Web Security Virtual Appliance Remote Code Execution', 'Description' = %q This module exploits multiple vulnerabilities together in...

7.5CVSS0.3AI score0.89661EPSS
Exploits9
Packet Storm
Packet Storm
added 2018/11/15 12:0 a.m.305 views

Pedidos 1.0 SQL Injection

Exploit Title: Pedidos 1.0 - SQL Injection Dork: N/A Date: 2018-11-12 Exploit Author: Ihsan Sencan Vendor Homepage: http://obedalvarado.pw/ Software Link: https://netcologne.dl.sourceforge.net/project/sistema-web-de-pedidos-php/pedidos.zip Version: 1.0 Category: Webapps Tested on:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2007/06/20 12:0 a.m.305 views

yabb-lfi.txt

Local File Include Vulnerabilities Problem: Local File Include Vulnerabilities Product: YaBB 1,640,000 clients 2. Local File Include I found many bugs like it in this board.Bugs relate one special variable for user$language, you can edit this variable in your profile. Examples, where I found bugs...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2025/04/11 12:0 a.m.304 views

📄 MagnusBilling 6.x / 7.x Command Injection

MagnusBilling versions 6.x and 7.x suffer from an unauthenticated remote command injection vulnerability. Exploit Title: MagnusBilling 6.x and 7.x Unauthenticated Remote Command Injection Vulnerability Date: 2024-10-26 Exploit Author: CodeSecLab Vendor Homepage:...

9.8CVSS9.8AI score0.9425EPSS
Exploits15
Packet Storm
Packet Storm
added 2025/03/26 12:0 a.m.304 views

Eramba Remote Code Execution

This Metasploit module exploits a remote code execution vulnerability in Eramba. An authenticated user can execute arbitrary commands on the server by exploiting the path parameter in the download-test-pdf endpoint. Eramba debug mode has to be enabled. Versions up to 3.19.1 are affected. This...

8.8CVSS8.5AI score0.57359EPSS
Exploits6
Packet Storm
Packet Storm
added 2025/01/30 12:0 a.m.304 views

Quorum onQ OS 6.0.0.5.2064 Cross Site Scripting

Quorum onQ OS version 6.0.0.5.2064 suffers from a cross site scripting vulnerability. + Credits: Shahnawaz Shaikh, Security Researcher at Cybergate Defense LLC + twitter.com/striv3r Vendor https://quorum.com/about/ Product Quorum onQ OS - 6.0.0.5.2064 Vulnerability Type Reflected Cross Site...

6.3AI score0.00496EPSS
Exploits2
Packet Storm
Packet Storm
added 2024/09/01 12:0 a.m.304 views

Cisco IOS HTTP Unauthorized Administrative Access

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco IOS HTTP Unauthorized Administrative Access', 'Description' = %q This module exploits a vulnerability in the Cisco IOS HTTP Server. By...

9.3CVSS7AI score0.6845EPSS
Exploits8
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.304 views

Joomla Account Creation And Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Joomla Account Creation and Privilege Escalation', 'Description' = %q This module creates an arbitrary account with administrative privileges in...

9.8CVSS7AI score0.97426EPSS
Exploits15
Packet Storm
Packet Storm
added 2024/05/14 12:0 a.m.304 views

TrojanSpy.Win64.EMOTET.A MVID-2024-0684 Code Execution

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/f917c77f60c3c1ac6dbbadbf366ddd30.txt Contact: [email protected] Media: twitter.com/malvuln Threat: TrojanSpy.Win64.EMOTET.A Vulnerability: Arbitrary Code Execution Description: The malware...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/01/09 12:0 a.m.304 views

Intrasrv Simple Web Server 1.0 Denial Of Service

!/usr/bin/perl use IO::Socket; Exploit Title: Intrasrv Simple Web Server 1.0 - Denial of Service DoS Discovery by: Fernando Mengali Discovery Date: 09 january 2024 Vendor Homepage: http://www.leighb.com/intrasrv.htm Download to demo: http://www.leighb.com/intrasrv.zip Download 2 to demo:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/11/25 12:0 a.m.304 views

PyroCMS 3.0.1 Cross Site Scripting

Exploit Title: PyroCMS v3.0.1 - Stored XSS Date: 2023-11-25 Exploit Author: tmrswrr Category : Webapps Vendor Homepage: https://pyrocms.com/ Version: v3.0.1 Tested on: https://www.softaculous.com/apps/cms/PyroCMS...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/09/12 12:0 a.m.304 views

Equipment Rental Script 1.0 SQL Injection

Title: Equipment Rental Script-1.0 - SQLi Author: nu11secur1ty Date: 09/12/2023 Vendor: https://www.phpjabbers.com/ Software: https://www.phpjabbers.com/equipment-rental-script/sectionDemo Reference: https://portswigger.net/web-security/sql-injection Description: The packageid parameter appears t...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/29 12:0 a.m.304 views

i-Gallery 3.4 Database Disclosure

==================================================================================================================================== | Title : i-Gallery v3.4 Database Disclosure Exploit | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 108.032-bit | |...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/28 12:0 a.m.304 views

SPA-Cart eCommerce CMS 1.9.0.3 Cross Site Scripting

Exploit Title: SPA-Cart eCommerce CMS 1.9.0.3 - Reflected XSS Exploit Author: CraCkEr Date: 20/08/2023 Vendor: SPA-Cart Vendor Homepage: https://spa-cart.com/ Software Link: https://demo.spa-cart.com/ Tested on: Windows 10 Pro Impact: Manipulate the content of the site CVE: CVE-2023-4547 CWE:...

7.1AI score0.48533EPSS
Exploits4
Packet Storm
Packet Storm
added 2023/08/16 12:0 a.m.304 views

Erim Upload 4 Database Disclosure

==================================================================================================================================== | Title : Erim Upload V4 Database Disclosure Exploit | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 108.032-bit | |...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/10 12:0 a.m.304 views

Desenvolvido C3iM CMS 2.0 Cross Site Scripting

==================================================================================================================================== | Title : Desenvolvido C3iM CMS v2.0 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 64.0.2 32-bit | ...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/07/26 12:0 a.m.304 views

Joomla Jomestate 4.0 SQL Injection

==================================================================================================================================== | Title : Joomla com jomestate v4.0 Sql injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/07/14 12:0 a.m.304 views

Blogator 0.93 Cross Site Scripting

==================================================================================================================================== | Title : Blogator script v 0.93 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.264-bit | |...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/06/15 12:0 a.m.304 views

QUICKAD CMS 7.3 Cross Site Request Forgery

==================================================================================================================================== | Title : QUICKAD CMS 7.3 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.332-bit | | Vendor :...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/04/17 12:0 a.m.304 views

Bang Resto 1.0 Cross Site Scripting

Exploit Title: Bang Resto v1.0 - Stored Cross-Site Scripting XSS Date: 2023-04-02 Exploit Author: Rahad Chowdhury Vendor Homepage: https://www.hockeycomputindo.com/2021/05/restaurant-pos-source-code-free.html Software Link: https://github.com/mesinkasir/bangresto/archive/refs/heads/main.zip...

6.3AI score0.01926EPSS
Exploits4
Packet Storm
Packet Storm
added 2023/04/12 12:0 a.m.304 views

Rocket Software Unidata 8.2.4 Build 3003 Buffer Overflow

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule The amount of padding required to overwrite the return addr 'offset' = 0x2b8, This returns to "mov rdi, rsp / call system", which means the...

9.8CVSS9.4AI score0.61102EPSS
Exploits2
Packet Storm
Packet Storm
added 2023/04/06 12:0 a.m.304 views

Responsive FileManager 9.9.5 Remote Shell Upload

Exploit Title: Responsive FileManager 9.9.5 - Remote Code Execution RCE Date: 02-Feb-2023 Exploit Author: Galoget Latorre @galoget Vendor Homepage: https://responsivefilemanager.com Software Link: https://github.com/trippo/ResponsiveFilemanager/releases/download/v9.9.5/responsivefilemanager.zip...

8.8CVSS8.8AI score0.08627EPSS
Exploits5
Total number of security vulnerabilities5000