Lucene search
K
PacketstormMost viewed

50738 matches found

Packet Storm
Packet Storm
added 2022/01/05 12:0 a.m.306 views

WordPress WP Visitor Statistics 4.7 SQL Injection

Exploit Title: WordPress Plugin WP Visitor Statistics 4.7 - SQL Injection Date 22/12/2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://www.plugins-market.com/ Software Link: https://downloads.wordpress.org/plugin/wp-stats-manager.4.7.zip Version: = 4.7 Tested on: Ubuntu 18.04 CV...

8.8CVSS0.5AI score0.38298EPSS
Exploits5
Packet Storm
Packet Storm
added 2021/12/14 12:0 a.m.306 views

Online Thesis Archiving System 1.0 SQL Injection / Cross Site Scripting

Exploit Title: Online Thesis Archiving System 1.0 - SQLi Authentication Bypass & Stored XSS Exploit Author: Yehia Elghaly YME Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/15083/online-thesis-archiving-system-using-phpoop-free-source-code.html...

0.7AI score
Exploits0
Packet Storm
Packet Storm
added 2021/10/04 12:0 a.m.306 views

College Management System 1.0 SQL Injection

Exploit Title: college management system - SQL Injection Authentication Bypass Date: 01/10/2021 Exploit Author: Abdulrahman https://twitter.com/infosec90 Vendor Homepage: https://www.eedunext.com/ Software Link: https://code-projects.org/college-management-system-in-php-with-source-code/ Version:...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2021/09/03 12:0 a.m.306 views

Remote Mouse 4.002 Unquoted Service Path

Exploit Title: Remote Mouse 4.002 - Unquoted Service Path Exploit Author: Salman Asad @deathflash1411, [email protected] Date: 03.09.2021 Software Link: https://www.remotemouse.net/downloads/RemoteMouse.exe Vendor Homepage: https://www.remotemouse.net/ Version: Remote Mouse 3.008 & 4.002 Tested on...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2021/03/10 12:0 a.m.306 views

Atlassian JIRA 8.11.1 User Enumeration

Title: Atlassian JIRA 8.11.1 - User Enumeration Author: Dolev Farhi Vulnerable versions: version ' print'e.g. python3 script.py https://jiratarget.com usernames.txt' sys.exit if lensys.argv 3: help server = sys.argv1 usernames = sys.argv2 randomuser = '0x00001' try: os.path.existsusernames except...

5CVSS0.4AI score0.99603EPSS
Exploits8
Packet Storm
Packet Storm
added 2021/02/10 12:0 a.m.306 views

b2evolution CMS 6.11.6 Cross Site Scripting

Exploit Title: Reflected XSS in b2evolution CMS 6.11.6 via tab3 parameter in evoadm.php CVE : CVE-2020-22839 Date: 10/02/2021 Exploit Author: Nakul Ratti, Soham Bakore Vendor Homepage: https://b2evolution.net/ Software Link: https://b2evolution.net/downloads/6-11-6-stable?download=12405 Version:...

0.05206EPSS
Exploits3
Packet Storm
Packet Storm
added 2020/12/15 12:0 a.m.306 views

Online Marriage Registration System 1.0 Remote Code Execution

Exploit Title: Online Marriage Registration System OMRS 1.0 - Remote Code Execution Authenticated Google Dork: N/A Date: 2020-14-12 Exploit Author: Andrea Bruschi - www.andreabruschi.net Vendor Homepage: https://phpgurukul.com/ Software Link:...

0.7AI score
Exploits0
Packet Storm
Packet Storm
added 2020/10/14 12:0 a.m.306 views

TimeClock Software 1.01 SQL Injection

!/usr/bin/python3 Exploit Title: TimeClock Software 1.01 Authenticated Time-Based SQL Injection Date: July 21, 2020 Exploit Author: François Bibeau Co Author: Tyler Butler, http://tbutler.org, https://twitter.com/tbutler0x90 Vendor Homepage: http://timeclock-software.net/ Software Link:...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2019/11/21 12:0 a.m.306 views

Microsoft Internet Explorer Use-After-Free

IE: Use-after-free in JScript arguments during toJSON callback There is a use-after-free issue in JSCript triggerable via Internet Explorer where the members of the 'arguments' object aren't tracked by the garbage collector during the 'toJSON' callback. Thus, during the 'toJSON' callback, it is...

7.6CVSS8.2AI score0.72626EPSS
Exploits3
Packet Storm
Packet Storm
added 2019/08/30 12:0 a.m.306 views

Ping Identity Agentless Integration Kit Cross Site Scripting

Ping Identity Agentless Integration Kit Reflected Cross-site Scripting XSS Link: https://github.com/sbaresearch/advisories/tree/public/2019/SBA-ADV-20190305-01PingIdentityAgentlessIntegrationKitReflectedXSS Vulnerability Overview Ping Identity Agentless Integration Kit before 1.5 is susceptible t...

4.3CVSS6.4AI score0.01582EPSS
Exploits2
Packet Storm
Packet Storm
added 2014/02/01 12:0 a.m.306 views

Apache Tomcat Manager Code Execution

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 /Apache.Coyote|Tomcat/ CSRFVAR = 'CSRFNONCE=' include Msf::Exploit::Remote::HttpClient include Msf::Exploit::EXE def initializeinfo =...

10CVSS8.8AI score0.78995EPSS
Exploits25
Packet Storm
Packet Storm
added 2025/04/08 12:0 a.m.305 views

📄 Pandora FMS Authenticated Command Injection

This Metasploit module exploits a command injection vulnerability in the chromium-path or phantomjs-bin directory setting at the application settings page of Pandora FMS. You need to have administrative access in the Pandora FMS web application in order to achieve remote code execution. This modu...

8.6CVSS9.7AI score0.59424EPSS
Exploits2
Packet Storm
Packet Storm
added 2025/03/26 12:0 a.m.305 views

Eramba Remote Code Execution

This Metasploit module exploits a remote code execution vulnerability in Eramba. An authenticated user can execute arbitrary commands on the server by exploiting the path parameter in the download-test-pdf endpoint. Eramba debug mode has to be enabled. Versions up to 3.19.1 are affected. This...

8.8CVSS8.5AI score0.57359EPSS
Exploits6
Packet Storm
Packet Storm
added 2025/03/13 12:0 a.m.305 views

Craft CMS 3.9.14 Remote Command Execution

Craft CMS version 3.9.14 proof of concept remote command execution exploit that leverages a vulnerability discovered in 2024. ============================================================================================================================================= | Title : Craft CMS 3.9.14...

9.3CVSS7.4AI score0.97446EPSS
Exploits9
Packet Storm
Packet Storm
added 2025/03/07 12:0 a.m.305 views

OpenPanel 0.3.4 Directory Traversal / Arbitrary File Read

OpenPanel version 0.3.4 suffers from a directory traversal vulnerability in the fix permission functionality. This can be leveraged to change permissions on files unaccessible to userland and make them accessible to attackers. Exploit Title: OpenPanel 0.3.4 - Insecure Permission Modification via...

7.2AI score0.00421EPSS
Exploits2
Packet Storm
Packet Storm
added 2024/09/01 12:0 a.m.305 views

Sentry Switched CDU Bruteforce Login Utility

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Sentry Switched CDU Bruteforce Login Utility', 'Description' = % This module scans for ServerTech's Sentry Switched CDU Cabinet Power Distributio...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/09/01 12:0 a.m.305 views

Cisco IOS HTTP Unauthorized Administrative Access

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco IOS HTTP Unauthorized Administrative Access', 'Description' = %q This module exploits a vulnerability in the Cisco IOS HTTP Server. By...

9.3CVSS7AI score0.6845EPSS
Exploits8
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.305 views

Moxa UDP Device Discovery

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Moxa UDP Device Discovery', 'Description' = %q The Moxa protocol listens on 4800/UDP and will respond to broadcast or direct traffic. The service...

9.8CVSS7AI score0.19856EPSS
Exploits4
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.305 views

Cablehaunt Cable Modem WebSocket Denial of Service

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'eventmachine' require 'faye/websocket' class MetasploitModule '"Cablehaunt" Cable Modem WebSocket DoS', 'Description' = %q There exists a buffer overflow...

9.3CVSS7.1AI score0.22924EPSS
Exploits3
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.305 views

Siemens SIPROTEC 4 and SIPROTEC Compact EN100 Ethernet Module Denial Of Service

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Siemens SIPROTEC 4 and SIPROTEC Compact EN100 Ethernet Module - Denial of Service', 'Description' = %q This module sends a specially crafted pack...

7.8CVSS7AI score0.74497EPSS
Exploits7
Packet Storm
Packet Storm
added 2024/06/13 12:0 a.m.305 views

Lost And Found Information System 1.0 SQL Injection

Exploit Title: Unauthenticated Blind Boolean-Based SQL Injection Exploit - Lost and Found Information System Exploit Author: Amit Roy Rezur / AR0x7 Date: June 07, 2024 Vendor Homepage:...

7.4AI score0.00869EPSS
Exploits2
Packet Storm
Packet Storm
added 2024/03/19 12:0 a.m.305 views

Quick.CMS 6.7 SQL Injection

Exploit Title: Quick.CMS 6.7 SQL Injection Login Bypass Google Dork: N/A Date: 02-03-2024 Exploit Author: ./H4X.Forensics - Diyar Vendor Homepage: https://www.opensolution.org Software Link: https://opensolution.org/download/home.html?sFile=Quick.Cmsv6.7-en.zip Version: 6.7 Tested on: Windows CVE...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/03/12 12:0 a.m.305 views

NorthStar C2 Agent 1.0 Cross Site Scripting / Remote Command Execution

Exploit Title: NorthStar C2 agent RCE via stored XSS Date: 2024-03-11 Exploit Author: @chebuya Software Link: https://github.com/EnginDemirbilek/NorthStarC2 Version: v1.0 Tested on: Ubuntu 20.04 LTS CVE: CVE-2024-28741 Description: NorthStar C2 applies insufficient sanitization on agent...

7.4AI score0.78158EPSS
Exploits5
Packet Storm
Packet Storm
added 2023/08/28 12:0 a.m.305 views

SPA-Cart eCommerce CMS 1.9.0.3 Cross Site Scripting

Exploit Title: SPA-Cart eCommerce CMS 1.9.0.3 - Reflected XSS Exploit Author: CraCkEr Date: 20/08/2023 Vendor: SPA-Cart Vendor Homepage: https://spa-cart.com/ Software Link: https://demo.spa-cart.com/ Tested on: Windows 10 Pro Impact: Manipulate the content of the site CVE: CVE-2023-4547 CWE:...

7.1AI score0.48533EPSS
Exploits4
Packet Storm
Packet Storm
added 2023/08/22 12:0 a.m.305 views

FOG Forum 0.8 Cross Site Scripting

==================================================================================================================================== | Title : FOG Forum v0.8 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit | | Vendor :...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/14 12:0 a.m.305 views

E-Biz CMS 2.0 Cross Site Request Forgery

==================================================================================================================================== | Title : E-Biz CMS v2.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 69.032-bit | | Vendor :...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/04 12:0 a.m.305 views

Virtual Snipers DMS 1.0 SQL Injection

==================================================================================================================================== | Title : Virtual Snipers DMS v1.0 Auth by pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/07/26 12:0 a.m.305 views

Joomla Jomestate 4.0 SQL Injection

==================================================================================================================================== | Title : Joomla com jomestate v4.0 Sql injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/07/20 12:0 a.m.305 views

CMS Made Simple 2.2.17 Server-Side Template Injection

Exploit Title: CmsMadeSimple v2.2.17 - session hijacking via Server-Side Template Injection SSTI Application: CmsMadeSimple Version: v2.2.17 Bugs: SSTI Technology: PHP Vendor URL: https://www.cmsmadesimple.org/ Software Link: https://www.cmsmadesimple.org/downloads/cmsms Date of found: 13-07-2023...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/07/14 12:0 a.m.305 views

Blogator 0.93 Cross Site Scripting

==================================================================================================================================== | Title : Blogator script v 0.93 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.264-bit | |...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/06/09 12:0 a.m.305 views

Thruk Monitoring Web Interface 3.06 Path Traversal

Exploit Title: Path Traversal Vulnerability in Thruk Monitoring Web Interface ≤ 3.06 Date: 08-Jun-2023 Exploit Author: Galoget Latorre @galoget CVE: CVE-2023-34096 Galoget Latorre Vendor Homepage: https://thruk.org/ Software Link: https://github.com/sni/Thruk/archive/refs/tags/v3.06.zip Software...

7.1AI score0.62682EPSS
Exploits5
Packet Storm
Packet Storm
added 2023/06/06 12:0 a.m.305 views

WordPress Tree Page View 1.6.7 Cross Site Scripting

Exploit Title: Tree Page View Plugin 1.6.7 - Cross Site Scripting XSS Google Dork: inurl:/wp-content/plugins/cms-tree-page-view/ Date: 2023-04-24 Exploit Author: LEE SE HYOUNG hackintoanetwork Vendor Homepage: https://wordpress.org/plugins/cms-tree-page-view/ Software Link:...

7.1CVSS7.1AI score0.03995EPSS
Exploits3
Packet Storm
Packet Storm
added 2023/04/12 12:0 a.m.305 views

Rocket Software Unidata 8.2.4 Build 3003 Buffer Overflow

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule The amount of padding required to overwrite the return addr 'offset' = 0x2b8, This returns to "mov rdi, rsp / call system", which means the...

9.8CVSS9.4AI score0.61102EPSS
Exploits2
Packet Storm
Packet Storm
added 2023/02/23 12:0 a.m.305 views

Yoga Class Registration System 1.0 SQL Injection

Exploit Title: Authenticated POST based SQL Injection when delete user on Yoga Class Registration System Google Dork: NA Date: 23/2/2023 Exploit Author: Ahmed Ismail @MrOz1l Vendor Homepage: https://www.sourcecodester.com/php/16097/yoga-class-registration-system-php-and-mysql-free-source-code.htm...

0.2AI score0.00541EPSS
Exploits2
Packet Storm
Packet Storm
added 2022/11/04 12:0 a.m.305 views

Senayan Library Management System 9.5.0 SQL Injection

Title: Senayan Library Management System v9.5.0 a.k.a SLIMS 9 BULIAN SQLi Author: nu11secur1ty Date: 11.03.2022 Vendor: https://slims.web.id/web/ Software: https://github.com/slims/slims9bulian/releases Reference:...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2022/05/30 12:0 a.m.305 views

Fast Food Ordering System 1.0 SQL Injection

Title: Fast Food Ordering System 1.0 SQLi Author: nu11secur1ty Date: 05.30.2022 Vendor: https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/php/15366/fast-food-ordering-system-phpoop-free-source-code.html Reference:...

0.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/03/16 12:0 a.m.305 views

Pluck CMS 4.7.16 Shell Upload

Exploit Title: Pluck CMS 4.7.16 - Remote Code Execution RCE Authenticated Date: 13.03.2022 Exploit Author: Ashish Koli Shikari Vendor Homepage: https://github.com/pluck-cms/pluck Version: 4.7.16 Tested on Ubuntu 20.04.3 LTS CVE: CVE-2022-26965 Usage : python3 exploit.py Example: python3 exploit.p...

0.1AI score0.37716EPSS
Exploits4
Packet Storm
Packet Storm
added 2021/12/17 12:0 a.m.305 views

Backdoor.Win32.BNLite Buffer Overflow

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/9cec5a23887f0c73148ab3ea147a6fa4.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.BNLite Vulnerability: Remote Heap Based Buffer Overflow Description: The malware...

0.7AI score
Exploits0
Packet Storm
Packet Storm
added 2021/08/25 12:0 a.m.305 views

WordPress Mail Masta 1.0 Local File Inclusion

Exploit Title: WordPress Plugin Mail Masta 1.0 - Local File Inclusion 2 Date: 2021-08-24 Exploit Author: Matheus Alexandre Xcatolin Software Link: https://downloads.wordpress.org/plugin/mail-masta.zip Version: 1.0 WordPress Plugin Mail Masta is prone to a local file inclusion vulnerability becaus...

Exploits0
Packet Storm
Packet Storm
added 2021/07/19 12:0 a.m.305 views

Backdoor.Win32.IRCBot.gen Weak Hardcoded Password

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/9b12ff6b8b025e7fb0a171abad41c79c.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.IRCBot.gen Vulnerability: Weak Hardcoded Password Description: The malware listens on...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/05/17 12:0 a.m.305 views

Advanced Guestbook 2.4.4 Cross Site Scripting

Exploit Title: Advanced Guestbook 2.4.4 - 'Smilies' Persistent Cross-Site Scripting XSS Date: 17/08/2021 Exploit Author: Abdulkadir AYDOGAN Vendor Homepage: https://www.ampps.com/apps/guestbooks/AdvancedGuestbook Software Link: https://www.ampps.com/apps/guestbooks/AdvancedGuestbook Version: 2.4....

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2021/03/15 12:0 a.m.305 views

Trojan.Win32.Scar.dxir Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/68ed9d6e4f3e917ab4b91689e2890754.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan.Win32.Scar.dxir Vulnerability: Insecure Permissions Description: Scar.dxir creates a insecure...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/03/01 12:0 a.m.305 views

Online Catering Reservation System 1.0 Code Execution

Exploit Title: Online Catering Reservation System 1.0 - Unauthenticated Remote Code Execution Date: 28-02-2021 Exploit Author: Christian Vierschilling Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/11355/online-catering-reservation.html Version:...

Exploits0
Packet Storm
Packet Storm
added 2021/01/29 12:0 a.m.305 views

Backdoor.Win32.Mhtserv.b Missing Authentication

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/0ba104d752eb63194c356c309196c710.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Mhtserv.b Vulnerability: Missing Authentication Description: Mhtserv.b listens on TCP...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2020/07/14 12:0 a.m.305 views

Apartment Visitors Management System Project 1.0 SQL Injection

Exploit Title: Apartment Visitors Management System Project 1.0 - Authentication Bypass Date: 2020-07-14 Exploit Author: gh1mau Team Members: Capt'N,muzzo,chaos689 | https://h0fclanmalaysia.wordpress.com/ Vendor Homepage:...

0.9AI score
Exploits0
Packet Storm
Packet Storm
added 2020/06/22 12:0 a.m.305 views

Trend Micro Web Security (Virtual Appliance) Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Trend Micro Web Security Virtual Appliance Remote Code Execution', 'Description' = %q This module exploits multiple vulnerabilities together in...

7.5CVSS0.3AI score0.89661EPSS
Exploits9
Packet Storm
Packet Storm
added 2019/09/23 12:0 a.m.305 views

Piwigo 2.9.5 Cross Site Scripting / SQL Injection / Command Execution

/ / / / / / / / / / / / / / / / / / / / / \ / // / // / / / / / / / // / / / /,/// // /// // GulfTech Research and Development Piwigo = 2.9.5 Multiple Vulnerabilities Released Date: 2019-09-22 Last Modified: 2019-09-22 Company Info: Piwigo.org Version Info: Vulnerable Piwigo = 2.9.5 -- Table...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2018/11/15 12:0 a.m.305 views

Pedidos 1.0 SQL Injection

Exploit Title: Pedidos 1.0 - SQL Injection Dork: N/A Date: 2018-11-12 Exploit Author: Ihsan Sencan Vendor Homepage: http://obedalvarado.pw/ Software Link: https://netcologne.dl.sourceforge.net/project/sistema-web-de-pedidos-php/pedidos.zip Version: 1.0 Category: Webapps Tested on:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2018/09/21 12:0 a.m.305 views

Staubli Jacquard Industrial System JC6 Shellshock

Exploit Title: Staubli Jacquard Industrial System | GNU Bash Environment Variable Handling Code Injection Shellshock Date: 21.09.2018 Exploit Author: t4rkd3vilz Vendor Homepage: https://www.staubli.com Software Link: https://www.staubli.com/tr-tr/textile/textile-machinery-solutions/ Version:JC6...

10CVSS10AI score0.99999EPSS
Exploits131
Packet Storm
Packet Storm
added 2025/04/11 12:0 a.m.304 views

📄 MagnusBilling 6.x / 7.x Command Injection

MagnusBilling versions 6.x and 7.x suffer from an unauthenticated remote command injection vulnerability. Exploit Title: MagnusBilling 6.x and 7.x Unauthenticated Remote Command Injection Vulnerability Date: 2024-10-26 Exploit Author: CodeSecLab Vendor Homepage:...

9.8CVSS9.8AI score0.9425EPSS
Exploits15
Total number of security vulnerabilities5000