Lucene search
K
PacketstormMost viewed

50748 matches found

Packet Storm
Packet Storm
added 2018/09/21 12:0 a.m.305 views

Staubli Jacquard Industrial System JC6 Shellshock

Exploit Title: Staubli Jacquard Industrial System | GNU Bash Environment Variable Handling Code Injection Shellshock Date: 21.09.2018 Exploit Author: t4rkd3vilz Vendor Homepage: https://www.staubli.com Software Link: https://www.staubli.com/tr-tr/textile/textile-machinery-solutions/ Version:JC6...

10CVSS10AI score0.99999EPSS
Exploits131
Packet Storm
Packet Storm
added 2025/04/11 12:0 a.m.304 views

📄 MagnusBilling 6.x / 7.x Command Injection

MagnusBilling versions 6.x and 7.x suffer from an unauthenticated remote command injection vulnerability. Exploit Title: MagnusBilling 6.x and 7.x Unauthenticated Remote Command Injection Vulnerability Date: 2024-10-26 Exploit Author: CodeSecLab Vendor Homepage:...

9.8CVSS9.8AI score0.9425EPSS
Exploits15
Packet Storm
Packet Storm
added 2025/01/30 12:0 a.m.304 views

Quorum onQ OS 6.0.0.5.2064 Cross Site Scripting

Quorum onQ OS version 6.0.0.5.2064 suffers from a cross site scripting vulnerability. + Credits: Shahnawaz Shaikh, Security Researcher at Cybergate Defense LLC + twitter.com/striv3r Vendor https://quorum.com/about/ Product Quorum onQ OS - 6.0.0.5.2064 Vulnerability Type Reflected Cross Site...

6.3AI score0.00496EPSS
Exploits2
Packet Storm
Packet Storm
added 2024/09/12 12:0 a.m.304 views

Art Gallery Management System 1.0 PHP Code Injection

============================================================================================================================================= | Title : Art Gallery Management System 1.0 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.304 views

Joomla Account Creation And Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Joomla Account Creation and Privilege Escalation', 'Description' = %q This module creates an arbitrary account with administrative privileges in...

9.8CVSS7AI score0.97426EPSS
Exploits15
Packet Storm
Packet Storm
added 2024/05/14 12:0 a.m.304 views

TrojanSpy.Win64.EMOTET.A MVID-2024-0684 Code Execution

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/f917c77f60c3c1ac6dbbadbf366ddd30.txt Contact: [email protected] Media: twitter.com/malvuln Threat: TrojanSpy.Win64.EMOTET.A Vulnerability: Arbitrary Code Execution Description: The malware...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/04/09 12:0 a.m.304 views

Flightio.com SQL Injection

This site which has a security problem with the SQL INJECTION Vulnerability "CWE-89". We have repeatedly reported to this site that it has a security problem and has ignored our report. We want to record this security issue Exploit Title : Site Flight agency airpol the Islamic Republic of Iran SQ...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/02/09 12:0 a.m.304 views

Rail Pass Management System 1.0 SQL Injection

Exploit Title: Rail Pass Management System - 'searchdata' Time-Based SQL Injection Date: 02/10/2023 Exploit Author: Alperen Yozgat Vendor Homepage: https://phpgurukul.com/rail-pass-management-system-using-php-and-mysql/ Software Link: https://phpgurukul.com/?sdmprocessdownload=1&downloadid=17479...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/01/09 12:0 a.m.304 views

Intrasrv Simple Web Server 1.0 Denial Of Service

!/usr/bin/perl use IO::Socket; Exploit Title: Intrasrv Simple Web Server 1.0 - Denial of Service DoS Discovery by: Fernando Mengali Discovery Date: 09 january 2024 Vendor Homepage: http://www.leighb.com/intrasrv.htm Download to demo: http://www.leighb.com/intrasrv.zip Download 2 to demo:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/11/25 12:0 a.m.304 views

PyroCMS 3.0.1 Cross Site Scripting

Exploit Title: PyroCMS v3.0.1 - Stored XSS Date: 2023-11-25 Exploit Author: tmrswrr Category : Webapps Vendor Homepage: https://pyrocms.com/ Version: v3.0.1 Tested on: https://www.softaculous.com/apps/cms/PyroCMS...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/09/12 12:0 a.m.304 views

Equipment Rental Script 1.0 SQL Injection

Title: Equipment Rental Script-1.0 - SQLi Author: nu11secur1ty Date: 09/12/2023 Vendor: https://www.phpjabbers.com/ Software: https://www.phpjabbers.com/equipment-rental-script/sectionDemo Reference: https://portswigger.net/web-security/sql-injection Description: The packageid parameter appears t...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/29 12:0 a.m.304 views

i-Gallery 3.4 Database Disclosure

==================================================================================================================================== | Title : i-Gallery v3.4 Database Disclosure Exploit | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 108.032-bit | |...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/16 12:0 a.m.304 views

Erim Upload 4 Database Disclosure

==================================================================================================================================== | Title : Erim Upload V4 Database Disclosure Exploit | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 108.032-bit | |...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/10 12:0 a.m.304 views

Desenvolvido C3iM CMS 2.0 Cross Site Scripting

==================================================================================================================================== | Title : Desenvolvido C3iM CMS v2.0 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 64.0.2 32-bit | ...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/07/13 12:0 a.m.304 views

BD-Schools LMS 1.0.2 Cross Site Scripting

==================================================================================================================================== | Title : BD-Schools LMS v1.0.2 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.264-bit | | Vend...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/06/16 12:0 a.m.304 views

Quickad Classified Ads CMS 10.4 SQL Injection

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/04/17 12:0 a.m.304 views

Bang Resto 1.0 Cross Site Scripting

Exploit Title: Bang Resto v1.0 - Stored Cross-Site Scripting XSS Date: 2023-04-02 Exploit Author: Rahad Chowdhury Vendor Homepage: https://www.hockeycomputindo.com/2021/05/restaurant-pos-source-code-free.html Software Link: https://github.com/mesinkasir/bangresto/archive/refs/heads/main.zip...

6.3AI score0.01926EPSS
Exploits4
Packet Storm
Packet Storm
added 2023/04/06 12:0 a.m.304 views

Responsive FileManager 9.9.5 Remote Shell Upload

Exploit Title: Responsive FileManager 9.9.5 - Remote Code Execution RCE Date: 02-Feb-2023 Exploit Author: Galoget Latorre @galoget Vendor Homepage: https://responsivefilemanager.com Software Link: https://github.com/trippo/ResponsiveFilemanager/releases/download/v9.9.5/responsivefilemanager.zip...

8.8CVSS8.8AI score0.08627EPSS
Exploits5
Packet Storm
Packet Storm
added 2022/12/14 12:0 a.m.304 views

Intelbras WiFiber 120AC inMesh 1.1-220216 Command Injection

CyberDanube Security Research 20221009-0 ------------------------------------------------------------------------------- title| Authenticated Command Injection product| Intelbras WiFiber 120AC inMesh vulnerable version| 1.1-220216 fixed version| 1-1-220826 CVE number| CVE-2022-40005 impact| High...

0.2AI score0.34785EPSS
Exploits3
Packet Storm
Packet Storm
added 2022/08/04 12:0 a.m.304 views

Backdoor.Win32.Jokerdoor MVID-2022-0628 Buffer Overflow

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/783a191e7944e1af84ec0fa96d933f30.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Jokerdoor Vulnerability: Remote Stack Buffer Overflow Description: The...

0.6AI score
Exploits0
Packet Storm
Packet Storm
added 2022/07/29 12:0 a.m.304 views

rpc.py 0.6.0 Remote Code Execution

Exploit Title: rpc.py 0.6.0 - Remote Code Execution RCE Google Dork: N/A Date: 2022-07-12 Exploit Author: Elias Hohl Vendor Homepage: https://github.com/abersheeran Software Link: https://github.com/abersheeran/rpc.py Version: v0.4.2 - v0.6.0 Tested on: Debian 11, Ubuntu 20.04 CVE : CVE-2022-3541...

9.8CVSS9.6AI score0.45862EPSS
Exploits7
Packet Storm
Packet Storm
added 2022/07/21 12:0 a.m.304 views

OctoBot WebInterface 0.4.3 Remote Code Execution

Exploit Title: OctoBot WebInterface 0.4.3 - Remote Code Execution RCE Date: 9/2/2021 Exploit Author: Samy Younsi, Thomas Knudsen Vendor Homepage: https://www.octobot.online/ Software Link: https://github.com/Drakkar-Software/OctoBot Version: 0.4.0beta3 - 0.4.3 Tested on: Linux Ubuntu, CentOs CVE ...

0.1AI score0.12077EPSS
Exploits4
Packet Storm
Packet Storm
added 2022/04/14 12:0 a.m.304 views

REDCap Cross Site Scripting

Exploit Title: REDCap var target = document.location.host; var csrftoken = csrftoken; var userId = ''; // Replace with your user ID. function privesc var xhr = new XMLHttpRequest; xhr.open"POST", "https://" + target + "/index.php?route=ControlCenterController:saveNewAdminPriv", true;...

9.2AI score0.04657EPSS
Exploits5
Packet Storm
Packet Storm
added 2022/03/24 12:0 a.m.304 views

Microfinance Management System 1.0 SQL Injection

Title: Microfinance Management System 1.0 SQLi To Rce Author: Hejap Zairy Date: 24.07.2022 Vendor: https://www.sourcecodester.com/php/14822/microfinance-management-system.html Software: https://www.sourcecodester.com/sites/default/files/download/oretnom23/mims0.zip Reference:...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2022/03/17 12:0 a.m.304 views

BuilderPandoraRat.b Insecure Credential Storage

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/ae4a409d217bbd538009fbbb5457e754.txt Contact: [email protected] Media: twitter.com/malvuln Threat: BuilderPandoraRat.b - Pandora Rat 2.2 Beta.exe Vulnerability: Insecure Credential Storage Descriptio...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/03/14 12:0 a.m.304 views

Hades RAT Web Panel Insecure Credential Storage

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/c4cc1317aea42f7dd4a1b786c5278a24.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Hades RAT - Web Panel Vulnerability: Insecure Credential Storage Family: Hades Type: WebUI MD5:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/02/28 12:0 a.m.304 views

Axis IP Camera Shell Upload

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Axis IP Camera Application Upload', 'Description' = %q This module exploits the "Apps" feature in Axis IP cameras. The feature allows third party...

0.5AI score
Exploits0
Packet Storm
Packet Storm
added 2021/05/13 12:0 a.m.304 views

ScadaBR 1.0 / 1.1CE Linux Shell Upload

!/usr/bin/python Exploit Title: Authenticated Arbitrary File Upload Remote Code Execution Google Dork: N/A Date: 04/21 Exploit Author: Fellipe Oliveira Vendor Homepage: https://www.scadabr.com.br/ Software Link: Version: ScadaBR 1.0, ScadaBR 1.1CE and ScadaBR 1.0 for Linux Tested on:...

8.8AI score0.39096EPSS
Exploits8
Packet Storm
Packet Storm
added 2021/03/01 12:0 a.m.304 views

Covid-19 Contact Tracing System 1.0 Code Execution

Exploit Title: Covid-19 Contact Tracing System 1.0 - Remote Code Execution Unauthenticated Date: 28-02-2021 Exploit Author: Christian Vierschilling Vendor Homepage: https://www.sourcecodester.com Software Link:...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/02/16 12:0 a.m.304 views

Backdoor.Win32.Indexer.a Denial Of Service

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/2b576e7551afe1c7575dc680396f1b5bB.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Indexer.a Vulnerability: Remote Denial Of Service Description: Indexer.a runs an FTP...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/02/08 12:0 a.m.304 views

WordPress Supsystic Pricing Table 1.8.7 SQL Injection / Cross Site Scripting

Exploit Title: WordPress Plugin Supsystic Pricing Table 1.8.7 - Multiple Vulnerabilities Date: 24/07/2020 Exploit Author: Erik David Martin Vendor Homepage: https://supsystic.com/ Software Link: https://downloads.wordpress.org/plugin/pricing-table-by-supsystic.1.8.7.zip Version: 1.8.7 and 1.8.6...

Exploits0
Packet Storm
Packet Storm
added 2021/02/05 12:0 a.m.304 views

PhreeBooks 5.2.3 Remote Code Execution

Exploit Title: PhreeBooks 5.2.3 - Remote Code Execution Date: 22 Jan 2021 Exploit Author: Kr0ff Vendor Homepage: https://www.phreesoft.com/ Software Link: https://sourceforge.net/projects/phreebooks/ Version: 5.2.3 Tested on: Windows Server 2016 !/usr/bin/env python3 ''' DESCRIPTION: - PhreeBooks...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/12/16 12:0 a.m.304 views

Grav CMS 1.6.30 Cross Site Scripting

Exploit Title: Grav CMS 1.6.30 Admin Plugin 1.9.18 - 'Page Title' Persistent Cross-Site Scripting Date: 13-12-2020 Exploit Author: Sagar Banwa Vendor Homepage: https://getgrav.org/ Software Link: https://getgrav.org/downloads Version: Grav v1.6.30 - Admin v1.9.18 Tested on: Windows 10/Kali Linux...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/11/05 12:0 a.m.304 views

iDS6 DSSPro Digital Signage System 6.2 Cross Site Request Forgery

iDS6 DSSPro Digital Signage System 6.2 Cross-Site Request Forgery CSRF Vendor: Guangzhou Yeroo Tech Co., Ltd. Product web page: http://www.yerootech.com Affected version: V6.2 B2014.12.12.1220 V5.6 B2017.07.12.1757 V4.3 Summary: iDS6 Software's DSSPro network digital signage management system is ...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/10/16 12:0 a.m.304 views

Employee Management System 1.0 Cross Site Scripting

Exploit Title: Employee Management System 1.0 - Stored Cross Site Scripting Date: 2020-10-16 Exploit Author: Ankita Pal Vendor Homepage: https://www.sourcecodester.com/php/14432/employee-management-system-using-php.html Software Link:...

Exploits0
Packet Storm
Packet Storm
added 2019/11/29 12:0 a.m.304 views

OwnCloud 8.1.8 Username Disclosure

OwnCloud version 8.1.8 stable are vulnerable to recovery all username login list. PoC: 1. Create an account in OwnCloud 2. Intercept connection with Burp 3. Share a file, typing anything --------------------------------------------------------- 4. Burp will capture this request GET...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2018/11/05 12:0 a.m.304 views

CMS Made Simple 2.2.7 Remote Code Execution

Exploit Title: CMS Made Simple 2.2.7 - Remote Code Execution Date: 04-11-2018 Exploit Author: Lucian Ioan Nitescu Contact: https://twitter.com/LucianNitescu Webiste: https://nitesculucian.github.io Vendor Homepage: https://www.cmsmadesimple.org/ Software Link:...

6.5CVSS0.12178EPSS
Exploits5
Packet Storm
Packet Storm
added 2008/02/20 12:0 a.m.304 views

joomlaastats-sql.txt

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Joomla Component astatsPRO Remote SQL Injection Vulnerability -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- bug found by ka0x D.O.M TEAM 2008 we are: ka0x, an0de, xarnuz http://www.domlabs.org/ contact:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2025/04/07 12:0 a.m.303 views

📄 Palo Alto Networks Expedition 1.2.90.1 Privilege Escalation

Palo Alto Networks Expedition version 1.2.90.1 proof of concept exploit that allows for an administrative password reset. - Exploit Title: PoC for Admin Account Password Reset of Palo Alto Networks Expedition tool - Shodan Dork: html:"expedition project" - FOFA Dork: "expedition project" &&...

9.8CVSS10AI score0.91783EPSS
Exploits9
Packet Storm
Packet Storm
added 2025/03/06 12:0 a.m.303 views

Plikli CMS 4.1.5 SQL Injection

Plikli CMS version 4.1.5 suffers from a remote SQL injection vulnerability. Exploit Title: Plikli CMS 4.1.5 - 'randkey' SQL Injection Discovered by: Ahmet Ümit BAYRAM Discovered Date: 05.03.2024 Vendor Homepage: https://github.com/kkumar326/plikli Software Link:...

8.5AI score
Exploits0
Packet Storm
Packet Storm
added 2024/11/04 12:0 a.m.303 views

Sysax Multi Server 6.99 SSH Denial Of Service

Exploit Title: Sysax Multi Server 6.99 - SSH Denial of Service Date: 2024-11-03 Exploit Author: Yehia Elghaly Mrvar0x Vendor Homepage: https://www.sysax.com/ Software Link: https://www.sysax.com/download/sysaxservsetup.msi Version: Sysax Multi Server 6.99 Tested on: Windows 10 x64 Steps -- Compil...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/09/16 12:0 a.m.303 views

GYM Management System 1.0 Insecure Settings

==================================================================================================================================== | Title : GYM Management System 1.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.0 64...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/09/13 12:0 a.m.303 views

Car Washing Management System 1.0 Insecure Settings

==================================================================================================================================== | Title : Car Washing Management System 1.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/20 12:0 a.m.303 views

Simple Machines Forum 2.1.4 Code Injection

Exploit Title: Authenticated Code Injection - smfv2.1.4 Date: 8/2024 Exploit Author: Andrey Stoykov Version: 2.1.4 Tested on: Ubuntu 22.04 Blog: https://msecureltd.blogspot.com/2024/06/friday-fun-pentest-series-7-smfv214.html Code Injection Authenticated: Steps to Reproduce: 1. Login as admin 2...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/05 12:0 a.m.303 views

Online Shopping Portal Project 2.0 SQL Injection

x========================================================================================================================================x | Title : Online Shopping Portal Project 2.0 SQL Vulnerabilities | Software : Online Shopping Portal Project | Create By :...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/04/05 12:0 a.m.303 views

DerbyNet 9.0 inc/kisosks.inc Cross Site Scripting

CVE ID: CVE-2024-30926 Description: A Cross-Site Scripting XSS vulnerability has been identified in DerbyNet version 9.0, affecting the ./inc/kiosks.inc component. This vulnerability permits remote attackers to execute arbitrary code by exploiting the addressforcurrentkiosk function. The issue...

7.4AI score0.00511EPSS
Exploits2
Packet Storm
Packet Storm
added 2024/04/03 12:0 a.m.303 views

ESET NOD32 Antivirus 17.0.16.0 Unquoted Service Path

Exploit Title: ESET NOD32 Antivirus 17.0.16.0 - Unquoted Service Path Exploit Author: Milad Karimi Ex3ptionaL Exploit Date: 2024-04-01 Vendor : https://www.eset.com Version : 17.0.16.0 Tested on OS: Microsoft Windows 10 pro x64 C:\wmic service get name,displayname,pathname,startmode |findstr /i...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/01/31 12:0 a.m.303 views

Solar FTP Server 2.1.1 Denial Of Service

!/usr/bin/python Exploit Title: Solar FTP Server 2.1.1 PASV Command - Denial of Service DoS Discovery by: Fernando Mengali Discovery Date: 31 january 2024 Vendor Homepage: N/A Download to demo: Notification vendor: No reported Tested Version: Solar FTP Server 2.1.1 Tested on: Window XP Profession...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/01/03 12:0 a.m.303 views

minaliC 2.0.0 Denial Of Service

!/usr/bin/perl use Socket; Exploit Title: minaliC 2.0.0 - Denial of Service DoS Discovery by: Fernando Mengali Discovery Date: 03 january 2024 Vendor Homepage: http://minalic.sourceforge.net/ Download to demo: https://drive.google.com/file/d/1WoDbps6up2s5Xa40YXDSABRU9J17yRQd/view?usp=sharing...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/22 12:0 a.m.303 views

Inosoft VisiWin 7 2022-2.1 Insecure Permissions / Privilege Escalation

Exploit Title: Inosoft VisiWin 7 2022-2.1 - Insecure Folders Permissions Privilege Escalation Date: 2023-08-09 Exploit Author: Carlo Di Dato for Deloitte Risk Advisory Italia Vendor Homepage: https://www.inosoft.com/ Version: Up to 2022-2.1 Runtime RT7.3 RC3 20221209.5 Tested on: Windows CVE:...

7.1AI score0.00823EPSS
Exploits4
Total number of security vulnerabilities5000