Lucene search
K
PacketstormMost viewed

50738 matches found

Packet Storm
Packet Storm
added 2020/10/16 12:0 a.m.303 views

Employee Management System 1.0 Cross Site Scripting

Exploit Title: Employee Management System 1.0 - Stored Cross Site Scripting Date: 2020-10-16 Exploit Author: Ankita Pal Vendor Homepage: https://www.sourcecodester.com/php/14432/employee-management-system-using-php.html Software Link:...

Exploits0
Packet Storm
Packet Storm
added 2019/11/29 12:0 a.m.303 views

OwnCloud 8.1.8 Username Disclosure

OwnCloud version 8.1.8 stable are vulnerable to recovery all username login list. PoC: 1. Create an account in OwnCloud 2. Intercept connection with Burp 3. Share a file, typing anything --------------------------------------------------------- 4. Burp will capture this request GET...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2018/11/15 12:0 a.m.303 views

iServiceOnline 1.0 SQL Injection

Exploit Title: iServiceOnline 1.0 - 'r' SQL Injection Dork: N/A Date: 2018-11-12 Exploit Author: Ihsan Sencan Vendor Homepage: https://sourceforge.net/projects/iserviceonline/ Software Link: https://netcologne.dl.sourceforge.net/project/iserviceonline/iServiceEng.zip Version: 1.0 Category: Webapp...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2025/04/15 12:0 a.m.302 views

📄 Adapt Authoring Tool 0.11.3 Remote Command Execution

Adapt Authoring Tool version 0.11.3 suffers from a remote command execution vulnerability. Exploit Title: Adapt Authoring Tool 0.11.3 - Remote Command Execution RCE Date: 2024-11-24 Exploit Author: Eui Chul Chung Vendor Homepage: https://www.adaptlearning.org/ Software Link:...

9.8CVSS7.1AI score0.01526EPSS
Exploits2
Packet Storm
Packet Storm
added 2025/04/07 12:0 a.m.302 views

📄 Palo Alto Networks Expedition 1.2.90.1 Privilege Escalation

Palo Alto Networks Expedition version 1.2.90.1 proof of concept exploit that allows for an administrative password reset. - Exploit Title: PoC for Admin Account Password Reset of Palo Alto Networks Expedition tool - Shodan Dork: html:"expedition project" - FOFA Dork: "expedition project" &&...

9.8CVSS10AI score0.91783EPSS
Exploits9
Packet Storm
Packet Storm
added 2024/09/27 12:0 a.m.302 views

Simple College Website 1.0 Shell Upload

============================================================================================================================================= | Title : Simple College Website 1.0 code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 129.0...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/09/12 12:0 a.m.302 views

Art Gallery Management System 1.0 PHP Code Injection

============================================================================================================================================= | Title : Art Gallery Management System 1.0 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/20 12:0 a.m.302 views

Simple Machines Forum 2.1.4 Code Injection

Exploit Title: Authenticated Code Injection - smfv2.1.4 Date: 8/2024 Exploit Author: Andrey Stoykov Version: 2.1.4 Tested on: Ubuntu 22.04 Blog: https://msecureltd.blogspot.com/2024/06/friday-fun-pentest-series-7-smfv214.html Code Injection Authenticated: Steps to Reproduce: 1. Login as admin 2...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/04/18 12:0 a.m.302 views

Elber Wayber Analog/Digital Audio STL 4.00 Insecure Direct Object Reference

Elber Wayber Analog/Digital Audio STL 4.00 Device Config Vendor: Elber S.r.l. Product web page: https://www.elber.it Affected version: Version 3.0.0 Revision 1553 Firmware Ver. 4.00 Rev. 1501 Version 3.0.0 Revision 1542 Firmware Ver. 4.00 Rev. 1516 Version 3.0.0 Revision 1530 Firmware Ver. 4.00...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/04/05 12:0 a.m.302 views

DerbyNet 9.0 inc/kisosks.inc Cross Site Scripting

CVE ID: CVE-2024-30926 Description: A Cross-Site Scripting XSS vulnerability has been identified in DerbyNet version 9.0, affecting the ./inc/kiosks.inc component. This vulnerability permits remote attackers to execute arbitrary code by exploiting the addressforcurrentkiosk function. The issue...

7.4AI score0.00511EPSS
Exploits2
Packet Storm
Packet Storm
added 2024/02/09 12:0 a.m.302 views

Rail Pass Management System 1.0 SQL Injection

Exploit Title: Rail Pass Management System - 'searchdata' Time-Based SQL Injection Date: 02/10/2023 Exploit Author: Alperen Yozgat Vendor Homepage: https://phpgurukul.com/rail-pass-management-system-using-php-and-mysql/ Software Link: https://phpgurukul.com/?sdmprocessdownload=1&downloadid=17479...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/10/20 12:0 a.m.302 views

VIMESA VHF/FM Transmitter Blue Plus 9.7.1 Denial Of Service

VIMESA VHF/FM Transmitter Blue Plus 9.7.1 doreboot Remote Denial Of Service Vendor: Video Medios, S.A. VIMESA Product web page: https://www.vimesa.es Affected version: img:v9.7.1 Html:v2.4 RS485:v2.5 Summary: The transmitter Blue Plus is designed with all the latest technologies, such as high...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/10/02 12:0 a.m.302 views

Electrolink FM/DAB/TV Transmitter Vertical Privilege Escalation

Electrolink FM/DAB/TV Transmitter Vertical Privilege Escalation Vendor: Electrolink s.r.l. Product web page: https://www.electrolink.com Affected version: 10W, 100W, 250W, Compact DAB Transmitter 500W, 1kW, 2kW Medium DAB Transmitter 2.5kW, 3kW, 4kW, 5kW High Power DAB Transmitter 100W, 500W, 1kW...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/29 12:0 a.m.302 views

Grawlix 1.5.1 Cross Site Scripting

Title: grawlix-1.5.1 XSS-Reflected Author: nu11secur1ty Date: 08/29/2023 Vendor: https://getgrawlix.com/ Software: Reference: https://portswigger.net/web-security/cross-site-scripting Description: The value of the ref request parameter is copied into the value of an HTML tag attribute which is...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/16 12:0 a.m.302 views

E-partenaire LMS 1.0.0 Cross Site Scripting

==================================================================================================================================== | Title : E-partenaire LMS v1.0.0 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 68.032-bit | | Vend...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/07/12 12:0 a.m.302 views

WordPress User Registration 3.0.2 Arbitrary File Upload

Description: User Registration = 3.0.2 – Authenticated Subscriber+ Arbitrary File Upload Affected Plugin: User Registration – Custom Registration Form, Login Form And User Profile For WordPress Plugin Slug: user-registration Affected Versions: = 3.0.2 CVE ID: CVE-2023-3342 CVSS Score: 9.9 Critica...

7.1AI score0.01454EPSS
Exploits2
Packet Storm
Packet Storm
added 2023/06/16 12:0 a.m.302 views

Quickad Classified Ads CMS 10.4 SQL Injection

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/06/06 12:0 a.m.302 views

WordPress Getwid Gutenberg Blocks 1.8.3 Improper Authorization / SSRF

On April 6, 2023, the Wordfence Threat Intelligence team initiated the responsible disclosure process for two vulnerabilities in Getwid – Gutenberg Blocks, a plugin installed on over 50,000 WordPress sites. The plugin’s developers responded immediately, and we sent over the full disclosure the sa...

7.1AI score0.00606EPSS
Exploits2
Packet Storm
Packet Storm
added 2023/02/28 12:0 a.m.302 views

Osprey Pump Controller 1.0.1 eventFileSelected Command Injection

Osprey Pump Controller 1.0.1 eventFileSelected Command Injection Vendor: ProPump and Controls, Inc. Product web page: https://www.propumpservice.com | https://www.pumpstationparts.com Affected version: Software Build ID 20211018, Production 10/18/2021 Mirage App: MirageAppManager, Release 1.0.1...

0.5AI score
Exploits0
Packet Storm
Packet Storm
added 2023/01/13 12:0 a.m.302 views

WordPress Slider Revolution 4.1.2 Directory Traversal

==================================================================================================================================== | Title : WordPress - Slider Revolution 4.1.2 Directory Traversal Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...

Exploits0
Packet Storm
Packet Storm
added 2022/11/11 12:0 a.m.302 views

IOTransfer 4 Unquoted Service Path

Exploit Title: IOTransfer V4 - Unquoted Service Path Exploit Author: BLAY ABU SAFIAN Inveteck Global Discovery Date: 2022-28-07 Vendor Homepage: http://www.iobit.com/en/index.php Software Link: https://iotransfer.itopvpn.com/download/ Tested Version: V4 Vulnerability Type: Unquoted Service Path...

0.6AI score0.01058EPSS
Exploits4
Packet Storm
Packet Storm
added 2022/09/23 12:0 a.m.302 views

WordPress 3dady Real-Time Web Stats 1.0 Cross Site Scripting

Exploit Title: Wordpress Plugin 3dady real-time web stats 1.0 - Stored Cross Site Scripting XSS Google Dork: inurl:/wp-content/plugins/3dady-real-time-web-stats/ Date: 2022-08-24 Exploit Author: UnD3sc0n0c1d0 Vendor Homepage: https://profiles.wordpress.org/3dady/ Software Link:...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2022/06/27 12:0 a.m.302 views

Library Management System With QR Code 1.0 Cross Site Scripting

Title: Library Management System with QR code Attendance 1.0 Stored Cross-Site Scripting Author: Ashish Kumar https://www.linkedin.com/in/ashish-kumar-0b65a3184 Date: 27.06.2022 Vendor: https://www.sourcecodester.com/users/kingbhob02 Software:...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/11/15 12:0 a.m.302 views

Simple Subscription Website 1.0 SQL Injection

Exploit Title: Simple Subscription Website 1.0 - SQLi Authentication Bypass Exploit Author: Daniel Haro Dirox Vendor Homepage: https://www.sourcecodester.com/php/15013/simple-subscription-website-admin-panel-php-and-sqlite-source-code.html Software Link:...

7.5CVSS9.2AI score0.04729EPSS
Exploits4
Packet Storm
Packet Storm
added 2021/08/20 12:0 a.m.302 views

Online Traffic Offense Management System 1.0 SQL Injection

Exploit Title: Online Traffic Offense Management System 1.0 - 'id' SQL Injection Authenticated Date: 19/08/2021 Exploit Author: Justin White Vendor Homepage: https://www.sourcecodester.com Software Link:...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2021/08/20 12:0 a.m.302 views

NetModule Router Software Password Handling / Session Fixation

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Vulnerabilities in NetModule Router Software product: NetModule Router Software NRSW vulnerable version: Before 4.3.0.113, 4.4.0.111, 4.5.0.105 fixed version:...

8.2AI score0.01529EPSS
Exploits5
Packet Storm
Packet Storm
added 2021/07/15 12:0 a.m.302 views

osCommerce 2.3.4.1 Remote Code Execution

Exploit Title: osCommerce 2.3.4.1 - Remote Code Execution 2 Vulnerability: Remote Command Execution when /install directory wasn't removed by the admin Exploit: Exploiting the install.php finish process by injecting php payload into the dbdatabase parameter & read the system command output from...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2021/06/01 12:0 a.m.302 views

ProjeQtOr Project Management 9.1.4 Shell Upload

Exploit Title: ProjeQtOr Project Management 9.1.4 - Remote Code Execution Date: 29.05.2021 Exploit Author: Temel Demir Vendor Homepage: https://www.projeqtor.org Software Link: https://sourceforge.net/projects/projectorria/files/projeqtorV9.1.4.zip Version: v9.1.4 Tested on: Laragon @WIN10...

Exploits0
Packet Storm
Packet Storm
added 2021/04/25 12:0 a.m.302 views

Windows 10 Wi-Fi Drivers For Intel Wireless Adapters 22.30.0 Privilege Escalation

Hi @ll, the executable installers version 22.30.0 Latest, published 2/23/2021, for the "Windows® 10 Wi-Fi Drivers for Intel® Wireless Adapters", and , available from are SURPRISE! vulnerable: they allow arbitrary code execution WITH local escalation of privilege. CVSS 3.0 score: 8.2 High CVSS 3.0...

0.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/03/28 12:0 a.m.302 views

Id Card Generator 1.0 Cross Site Scripting

Exploit Title: Id Card Generator | Cross Site Scripting 'download.php' Exploit Author: Richard Jones Date: 2021-03-28 Vendor Homepage: https://www.sourcecodester.com/php/12040/id-generator-php.html Software Link:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/02/16 12:0 a.m.302 views

Backdoor.Win32.Cabrotor.21 Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/af7001c2d6284a1295638576bc138cb2.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Cabrotor.21 Vulnerability: Insecure Permissions Description: Cabrotor.21 backdoor...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/02/08 12:0 a.m.302 views

SmartFoxServer 2X 2.17.0 Remote Code Execution

SmartFoxServer 2X 2.17.0 God Mode Console Remote Code Execution Vendor: gotoAndPlay Product web page: https://www.smartfoxserver.com Affected version: Server: 2.17.0 Remote Admin: 3.2.6 SmartFoxServer 2X, Pro, Basic Summary: SmartFoxServer SFS is a comprehensive SDK for rapidly developing...

8.9AI score0.02609EPSS
Exploits3
Packet Storm
Packet Storm
added 2020/10/28 12:0 a.m.302 views

IP Watcher 3.0.0.30 Unquoted Service Path

Exploit Title: IP Watcher v3.0.0.30 - 'PACService.exe' Unquoted Service Path Date: 2020-8-25 Exploit Author: Mohammed Alshehri Vendor Homepage: https://www.gearboxcomputers.com/ Software Link: https://www.gearboxcomputers.com/files/IPWatcherSetup.exe Version: 3.0.0.30 Tested on: Microsoft Windows...

0.5AI score
Exploits0
Packet Storm
Packet Storm
added 2020/10/19 12:0 a.m.302 views

Online Student's Management System 1.0 Shell Upload

Exploit Title: Online Student's Management System 1.0 - Remote Code Execution Authenticated Google Dork: N/A Date: 2020/10/18 Exploit Author: Akıner Kısa Vendor Homepage: https://www.sourcecodester.com/php/14490/online-students-management-system-php-full-source-code-2020.html Software Link:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2019/10/15 12:0 a.m.302 views

Podman / Varlink Remote Code Execution

!/usr/bin/python -- coding: UTF-8 -- pickletime.py Podman + Varlink Insecure Config Remote Exploit Jeremy Brown jbrown3264/gmail @ Oct 2019 ------- Details ------- Podman is container engine / platform similar to Docker supported by RedHat and Fedora with Varlink being a protocol to exchange...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2019/09/04 12:0 a.m.302 views

WordPress Spryng Payments WooCommerce 1.6.7 Cross Site Scripting

Class Input Validation Error Remote Yes Credit Ricardo Sanchez Vulnerable Spryng payments woocommerce 1.6.7 Spryng payments woocommerce is prone to a reflected cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2018/11/16 12:0 a.m.302 views

Mumsoft Easy Software 2.0 Denial Of Service

Exploit Title: Mumsoft Easy Software 2.0 - Denial of Service PoC Dork: N/A Date: 2018-11-15 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.munsoft.com/EasyRARRecovery/ Software Link:...

Exploits0
Packet Storm
Packet Storm
added 2018/11/05 12:0 a.m.302 views

PCManFTPD 2.0.7 Server APPE Command Buffer Overflow

!/usr/bin/python Exploit Title: PCManFTPD 2.0.7 Server APPE Command - Buffer Overflow Exploit Date: 30/10/2018 Exploit Author: DC - Telspace Systems Vendor Homepage: http://pcman.openfoundry.org/ Contact: [email protected] Version: 2.0.7 Tested on: Windows XP Prof SP3 ENG x86 CVE:...

0.6AI score0.04461EPSS
Exploits2
Packet Storm
Packet Storm
added 2018/11/05 12:0 a.m.302 views

CMS Made Simple 2.2.7 Remote Code Execution

Exploit Title: CMS Made Simple 2.2.7 - Remote Code Execution Date: 04-11-2018 Exploit Author: Lucian Ioan Nitescu Contact: https://twitter.com/LucianNitescu Webiste: https://nitesculucian.github.io Vendor Homepage: https://www.cmsmadesimple.org/ Software Link:...

6.5CVSS0.12178EPSS
Exploits5
Packet Storm
Packet Storm
added 2006/08/27 12:0 a.m.302 views

peoplebook10.txt

--------------------------------------------------------------------------- Peoplebook Mambo Component = v1.0 Remote File Include Vulnerabilities --------------------------------------------------------------------------- Author : Matdhule Date : August, 14th 2006 Location : Indonesia, Jakarta...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2025/11/12 12:0 a.m.301 views

📄 Windows Server Update Service Deserialization Remote Code Execution

This Metasploit module exploits a deserialization vulnerability in the legacy serialization mechanism in Windows Server Update Services WSUS. The vulnerability allows an unauthenticated attacker to create a specially crafted event, which triggers an unsafe deserialization upon server...

9.8CVSS9.7AI score0.99962EPSS
Exploits24
Packet Storm
Packet Storm
added 2025/08/22 12:0 a.m.301 views

📄 Student Result Management System 2.0 SQL Injection / Local File Inclusion

Student Result Management System version 2.0 suffers from unauthenticated remote SQL injection and local file inclusion vulnerabilities. Exploit Title: Student Result Management System v2.0 Unauthenticated SQL Injection / Local File Inclusion Date: 2025-08-22 Exploit Author: Mehmet Can Kadıoğlu...

8.6AI score
Exploits0
Packet Storm
Packet Storm
added 2024/10/30 12:0 a.m.301 views

ABB Cylon Aspect 3.08.01 jsonProxy.php Servlet Inclusion Authentication Bypass

ABB Cylon Aspect 3.08.01 jsonProxy.php Servlet Inclusion Authentication Bypass Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.01 Summary: ASPECT is an award-winning scalable building energ...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/09/13 12:0 a.m.301 views

Car Washing Management System 1.0 Insecure Settings

==================================================================================================================================== | Title : Car Washing Management System 1.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.301 views

Netlogon Weak Cryptographic Authentication

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'windowserror' class MetasploitModule 'Netlogon Weak Cryptographic Authentication', 'Description' = %q A vulnerability exists within the Netlogon authentication...

10CVSS7.7AI score0.99512EPSS
Exploits75
Packet Storm
Packet Storm
added 2024/04/03 12:0 a.m.301 views

ESET NOD32 Antivirus 17.0.16.0 Unquoted Service Path

Exploit Title: ESET NOD32 Antivirus 17.0.16.0 - Unquoted Service Path Exploit Author: Milad Karimi Ex3ptionaL Exploit Date: 2024-04-01 Vendor : https://www.eset.com Version : 17.0.16.0 Tested on OS: Microsoft Windows 10 pro x64 C:\wmic service get name,displayname,pathname,startmode |findstr /i...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/01/11 12:0 a.m.301 views

PHPJabbers Shared Asset Booking System 1.0 Cross Site Scripting

Exploit Title: PHPJabbers Shared Asset Booking System v1.0 - Multiple Stored XSS Date: 19/12/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/shared-asset-booking-system/sectionDemo Version: v1....

7.4AI score0.0039EPSS
Exploits2
Packet Storm
Packet Storm
added 2023/11/13 12:0 a.m.301 views

LOYTEC Electronics Insecure Transit / Insecure Permissions / Unauthenticated Access

CVE : CVE-2023-46380, CVE-2023-46381, CVE-2023-46382 + Title : Multiple vulnerabilities in Loytec LWEB-802, L-INX Automation Servers, L-IOB I/O Controllers, L-VIS Touch Panels + Vendor : LOYTEC electronics GmbH + Affected Products : LINX-212 firmware 6.2.4, LVIS-3ME12-A1 firmware 6.2.2, LIOB-586...

6.9AI score0.07381EPSS
Exploits2
Packet Storm
Packet Storm
added 2023/09/12 12:0 a.m.301 views

Kaledo RD CMS 1.0 SQL Injection

==================================================================================================================================== | Title : Kalédo RD CMS va1.0 SQL Injection vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/28 12:0 a.m.301 views

HighPlus CMS 0.1.3 SQL Injection

==================================================================================================================================== | Title : HighPlus CMS v0.1.3 Auth By pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit ...

7.1AI score
Exploits0
Total number of security vulnerabilities5000