Lucene search
K
PacketstormMost viewed

50773 matches found

Packet Storm
Packet Storm
added 2023/08/14 12:0 a.m.299 views

BookingWizz 6.0.1 Information Disclosure

==================================================================================================================================== | Title : BookingWizz v6.0.1 sensitive information disclosure Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/06/14 12:0 a.m.299 views

Online Examination System Project 1.0 Cross Site Request Forgery

Exploit Title: Online Examination System Project 1.0 - Cross-site request forgery CSRF Google Dork: n/a Date: 09/06/2023 Exploit Author: Ramil Mustafayev kryptohaker Vendor Homepage: https://github.com/projectworldsofficial/online-examination-systen-in-php Software Link:...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/05/05 12:0 a.m.299 views

Jedox 2020.2.5 Configurable Storage Path Remote Code Execution

Exploit Title: Jedox 2020.2.5 - Remote Code Execution via Configurable Storage Path Date: 28/04/2023 Exploit Author: Team Syslifters / Christoph MAHRL, Aron MOLNAR, Patrick PIRKER and Michael WEDL Vendor Homepage: https://jedox.com Version: Jedox 2020.2 20.2.5 and older CVE : CVE-2022-47878...

7.1AI score0.35716EPSS
Exploits4
Packet Storm
Packet Storm
added 2023/05/05 12:0 a.m.299 views

Codigo Markdown Editor 1.0.1 Code Execution

Exploit Title: Codigo Markdown Editor v1.0.1 Electron - Arbitrary Code Execution Date: 2023-05-03 Exploit Author: 8bitsec Vendor Homepage: https://alfonzm.github.io/codigo/ Software Link: https://github.com/alfonzm/codigo-app Version: 1.0.1 Tested on: Mac OS 13 Release Date:...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/04/24 12:0 a.m.299 views

Multi-Vendor Online Groceries Management System 1.0 Remote Code Execution

Exploit Title: Multi-Vendor Online Groceries Management System 1.0 - Remote Code Execution RCE Date: 4/23/2023 Author: Or4nG.M4n Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

6.8AI score
Exploits0
Packet Storm
Packet Storm
added 2023/04/10 12:0 a.m.299 views

Microsoft Excel 365 MSO 2302 Build 16.0.16130.20186 Remote Code Execution

Title: Microsoft Excel RCE Vulnerability / Microsoft®365 MSO Version 2302 Build 16.0.16130.20186 64-bit Author: nu11secur1ty Date: 03.16.2023 Vendor: https://www.microsoft.com/en-us/microsoft-365/excel Software: https://www.microsoft.com/en-us/microsoft-365/excel Reference:...

7.8CVSS7.8AI score0.02532EPSS
Exploits3
Packet Storm
Packet Storm
added 2023/01/18 12:0 a.m.299 views

WordPress WPtouch 3.8.2 Open Redirection

==================================================================================================================================== | Title : WordPress -WPtouch 3.8.2 Open Redirect Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.064-b...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/11/11 12:0 a.m.299 views

CVAT 2.0 Server-Side Request Forgery

Exploit Title: CVAT 2.0 - SSRF Server Side Request Forgery Exploit Author: Emir Polat Vendor Homepage: https://github.com/opencv/cvat Version: 2.0.0 Tested On: Version 1.7.0 - Ubuntu 20.04.4 LTS GNU/Linux 5.4.0-122-generic x8664 CVE: CVE-2022-31188 Description: CVAT is an opensource interactive...

9.8CVSS0.8AI score0.47846EPSS
Exploits4
Packet Storm
Packet Storm
added 2022/09/26 12:0 a.m.299 views

WordPress Sabai Discuss 1.4.13 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2022/09/12 12:0 a.m.299 views

ETAP Safety Manager 1.0.0.32 Cross Site Scripting

ETAP Safety Manager 1.0.0.32 Remote Unauthenticated Reflected XSS Vendor: ETAP Lighting International NV Product web page: https://www.etaplighting.com Affected version: 1.0.0.32 Summary: The ETAP Safety Manager ESM is a central managing and control system that helps you to monitor, adjust and...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2022/05/11 12:0 a.m.299 views

Anuko Time Tracker 1.20.0.5640 SQL Injection

Exploit Title: Anuko Time Tracker - SQLi Authenticated Date: 2022-05-03 Exploit Author: Altelus Vendor Homepage: https://www.anuko.com/ Software Link: https://github.com/anuko/timetracker/tree/0924ef499c2b0833a20c2d180b04fa70c6484b6d Version: Anuko Time Tracker 1.20.0.5640 Tested on: Linux CVE :...

8.8CVSS0.5AI score0.07159EPSS
Exploits5
Packet Storm
Packet Storm
added 2022/03/24 12:0 a.m.299 views

Trend Micro Virtual Mobile Infrastructure 6.0.1278 Denial Of Service

Exploit Title: Trend Micro Virtual Mobile Infrastructure TMVMI version 6 - Denial of Service PoC Date: 24/03/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.trendmicro.com/ Software Link: App Store for iOS devices Version: 6.0.1278 Tested: iPhone 6 iOS 12.4.7 Vulnerability Type:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/07/12 12:0 a.m.299 views

Backdoor.Win32.Surila.j Authentication Bypass

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/b1cec4b806c71c82bbd9002bdaf21d1fB.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Surila.j Vulnerability: Authentication Bypass Description: The malware listens on...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2021/06/01 12:0 a.m.299 views

CHIYU TCP/IP Converter CRLF Injection

Exploit Title: CHIYU TCP/IP Converter devices - CRLF injection Date: May 31 2021 Exploit Author: sirpedrotavares Vendor Homepage: https://www.chiyu-tech.com/msg/msg88.html Software Link: https://www.chiyu-tech.com/category-hardware.html Version: BF-430, BF-431, and BF-450M TCP/IP Converter device...

0.1AI score0.18003EPSS
Exploits4
Packet Storm
Packet Storm
added 2021/05/03 12:0 a.m.299 views

Gadget Works Online Ordering System 1.0 SQL Injection / Code Execution

Exploit Title: Gadget works online ordering system - Authentication Bypass SQLi Date: 03/05/2021 Exploit Author: Richard Jones Vendor Homepage: https://www.sourcecodester.com/php/13093/gadget-works-online-ordering-system-phpmysqli.html Version: 1.0 Tested on: Windows 10 build 19041 + xampp 3.2.4...

0.5AI score
Exploits0
Packet Storm
Packet Storm
added 2021/01/21 12:0 a.m.299 views

Apartment Visitors Management System 1.0 SQL Injection

Exploit Title: Apartment Visitors Management System 1.0 - 'email' SQL Injection Date: 20.01.2021 Exploit Author: CANKAT ÇAKMAK Vendor Homepage: https://phpgurukul.com/apartment-visitors-management-system-using-php-and-mysql/ Software Link:...

0.8AI score
Exploits0
Packet Storm
Packet Storm
added 2021/01/08 12:0 a.m.299 views

Backdoor.Win32.Agent.dcbh Insecure Permissions / Privilege Escalation

Discovery / credits: malvuln - Malvuln.com c 2021 Original source: https://malvuln.com/advisory/bba63df41adcf2cf80c74e4a62539d44.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Agent.dcbh Vulnerability: Insecure Permissions EoP Description: Drops an executable...

0.6AI score
Exploits0
Packet Storm
Packet Storm
added 2020/11/09 12:0 a.m.299 views

Canon Inkjet Extended Survey Program 5.1.0.8 Unquoted Service Path

Exploit Title: Canon Inkjet Extended Survey Program 5.1.0.8 - 'IJPLMSVC.EXE' - Unquoted Service Path Discovery by: Carlos Roa Discovery Date: 2020-11-07 Vendor Homepage: https://www.usa.canon.com/internet/portal/us/home Tested Version: 5.1.0.8 Vulnerability Type: Unquoted Service Path Tested on O...

0.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/09/23 12:0 a.m.299 views

Online Food Ordering System 1.0 Remote Code Execution

Exploit Title: Online Food Ordering System 1.0 - Remote Code Execution Google Dork: N/A Date: 2020-09-22 Exploit Author: Eren Şimşek Vendor Homepage: https://www.sourcecodester.com/php/14460/simple-online-food-ordering-system-using-phpmysql.html Software Link:...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2020/09/22 12:0 a.m.299 views

Artica Proxy 4.30.000000 Authentication Bypass / Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Artica proxy 4.30.000000 Auth Bypass service-cmds-peform Command Injection', 'Description' = %q This module exploits an authenticated command...

9CVSS1.1AI score0.93967EPSS
Exploits8
Packet Storm
Packet Storm
added 2020/08/20 12:0 a.m.299 views

Joomla Adagency 6.1.2 Cross Site Scripting

Exploit Title: Joomla! Adagency V 6.1.2 Cross Site Scripting Date: 24.07.2020 Author: Vincent666 ibn Winnie Software Link: https://adagency.ijoomla.com/ Tested on: Windows 10 Web Browser: Mozilla Firefox Blog : https://pentest-vincent.blogspot.com/...

Exploits0
Packet Storm
Packet Storm
added 2019/11/04 12:0 a.m.299 views

Microsoft Office365 Protection Bypass / Remote Code Execution

Exploit Title: Microsoft Office365 Remote Code Execution Vulnerability Date: 2/11/19 Exploit Author: Social Engineering Neo - @EngineeringNeo Vendor Homepage: https://microsoft.com Software Link: https://office.com Version: Office365/ProPlus build 16.0.11727.20222, 16.0.11901.20170,...

Exploits0
Packet Storm
Packet Storm
added 2019/06/10 12:0 a.m.299 views

Wampserver 3.1.8 Cross Site Request Forgery

Affected product: WampServer 3.1.4-3.1.8 Offiical description: "WampServer is a Windows web development environment. It allows you to create web applications with Apache2, PHP and a MySQL database. Alongside, PhpMyAdmin allows you to manage easily your databases." Official website:...

6.8CVSS0.3AI score0.03267EPSS
Exploits6
Packet Storm
Packet Storm
added 2019/02/02 12:0 a.m.299 views

SureMDM Local / Remote File Inclusion

Exploit Title: SureMDM LFI/RFI Prior to 2018-11 Patch Google Dork: inurl:/api/DownloadUrlResponse.ashx Date: 2019-02-01 Exploit Author: Digital Interruption Vendor Homepage: https://www.42gears.com/ Software Link: https://www.42gears.com/products/suremdm-home/ Version: Versions prior to the...

7.2AI score0.01562EPSS
Exploits6
Packet Storm
Packet Storm
added 2018/11/15 12:0 a.m.299 views

Galaxy Forces MMORPG 0.5.8 SQL Injection

Exploit Title: Galaxy Forces MMORPG 0.5.8 - 'type' SQL Injection Dork: N/A Date: 2018-11-14 Exploit Author: Ihsan Sencan Vendor Homepage: http://galaxy.alyx.pl/ Software Link: https://excellmedia.dl.sourceforge.net/project/galaxyforces/galaxy/0.5.8/galaxy-0.5.8.7z Version: 0.5.8 Category: Webapps...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2025/02/03 12:0 a.m.298 views

ABB Cylon FLXeon 9.3.4 cmds.js Authenticated Root Remote Code Execution

ABB Cylon FLXeon version 9.3.4 is vulnerable to authenticated root command execution via the cmds API. An authenticated attacker can execute arbitrary system commands with root privileges. !/usr/bin/env python3 ABB Cylon FLXeon 9.3.4 cmds.js Authenticated Root Remote Code Execution Vendor: ABB Lt...

10CVSS9.9AI score0.04328EPSS
Exploits18
Packet Storm
Packet Storm
added 2024/09/30 12:0 a.m.298 views

BlackBerry CylanceOPTICS Uninstall Password Bypass

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Uninstall Password Bypass product: BlackBerry CylanceOPTICS Windows Installer Package vulnerable version: CylanceOPTICS 3.3 MR2 CylanceOPTICS 3.2 MR5 fixed version:...

7.1CVSS7.1AI score0.00193EPSS
Exploits1
Packet Storm
Packet Storm
added 2024/09/27 12:0 a.m.298 views

Backdoor.Win32.Benju.a MVID-2024-0700 Remote Command Execution

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/88922242e8805bfbc5981e55fdfadd71.txt Contact: [email protected] Media: x.com/malvuln Threat: Backdoor.Win32.Benju.a Vulnerability: Unauthenticated Remote Command Execution Family: Benju Typ...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/09/20 12:0 a.m.298 views

Teacher Subject Allocation Management System 1.0 Cross Site Scripting

==================================================================================================================================== | Title : Teacher Subject Allocation Management System 1.0 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/26 12:0 a.m.298 views

SPIP 4.2.11 Code Execution

============================================================================================================================================= | Title : SPIP 4.2.11 PHP Code execution Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 129.0.1 64 bits ...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/07/30 12:0 a.m.298 views

AccPack Khanepani 1.0 SQL Injection

============================================================================================================================================= | Title : AccPack Khanepani v1.0 Auth By Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/04/01 12:0 a.m.298 views

WordPress Gutenberg 18.0.0 Cross Site Scripting

Exploit Title: Wordpress Gutenberg Plugin Version 18.0.0 Stored XSS Date: 2024-3-29 Exploit Author: tmrswrr Category: Webapps Vendor Homepage: https://wordpress.org/plugins/gutenberg/ Version 18.0.0 1 Go to Gutenberg Plugin edit page :...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/02/09 12:0 a.m.298 views

Online Nurse Hiring System 1.0 SQL Injection

Exploit Title: Online Nurse Hiring System 1.0 - 'bookid' Time-Based SQL Injection Date: 03/10/2023 Exploit Author: Alperen Yozgat Vendor Homepage: https://phpgurukul.com/online-nurse-hiring-system-using-php-and-mysql Software Link: https://phpgurukul.com/?sdmprocessdownload=1&downloadid=17826...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/12/04 12:0 a.m.298 views

PHPJabbers Appointment Scheduler 3.0 HTML Injection

Exploit Title: PHPJabbers Appointment Scheduler v3.0 - Multiple HTML Injection Date: 19/11/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/appointment-scheduler/ Version: v3.0 Tested on: Window...

7.4AI score0.00465EPSS
Exploits2
Packet Storm
Packet Storm
added 2023/09/14 12:0 a.m.298 views

ImgHosting 1.3 Cross Site Scripting

==================================================================================================================================== | Title : ImgHosting v1.3 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 65.032-bit | | Vendor :...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/10 12:0 a.m.298 views

DMIS:CRI LMS 2.0 SQL Injection

==================================================================================================================================== | Title : DMIS:CRI LMS V2.0 SQL Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 67.0.164-bit | ...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/07/20 12:0 a.m.298 views

TP-Link TL-WR740N Directory Traversal

Exploit Title: TP-Link TL-WR740N - Authenticated Directory Transversal Date: 13/7/2023 Exploit Author: Anish Feroz Zeroxinn Vendor Homepage: http://www.tp-link.com Version: TP-Link TL-WR740n 3.12.11 Build 110915 Rel.40896n Tested on: TP-Link TL-WR740N...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/06/19 12:0 a.m.298 views

Polycom BToE Connector 4.4.0.0 Buffer Overflow / Man-In-The-Middle

Microsoft® Lync™ Better Together over Ethernet BToE feature on Polycom® VVX® business media. phones enables you to control phone activity from your computer using your Lync client. The BToE feature enables you to place, answer, and hold audio and video calls from your Polycom VVX phone and your...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/05/15 12:0 a.m.298 views

Epson Stylus SX510W Denial Of Service

Exploit Title: Epson Stylus SX510W Printer Remote Power Off - Denial of Service PoC Discovery by: Rafael Pedrero Discovery Date: 2020-05-16 Vendor Homepage: https://www.epson.es/ Software Link : https://www.epson.es/products/printers/inkjet-printers/for-home/epson-stylus-sx510w Tested Version:...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/05/15 12:0 a.m.298 views

TinyWebGallery 2.5 Cross Site Scripting

Exploit Title: TinyWebGallery v2.5 - Stored Cross-Site Scripting XSS Application: TinyWebGallery Version: v2.5 Bugs: Stored Xss Technology: PHP Vendor URL: http://www.tinywebgallery.com/ Software Link: https://www.tinywebgallery.com/download.php?tinywebgallery=latest Date of found: 07-05-2023...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/04/03 12:0 a.m.298 views

Roxy WI 6.1.1.0 Remote Code Execution

ADVISORY INFORMATION Exploit Title: Roxy WI v6.1.1.0 - Unauthenticated Remote Code Execution RCE via sslcert Upload Date of found: 21 July 2022 Application: Roxy WI .oastify.com;...

10CVSS9.4AI score0.90387EPSS
Exploits15
Packet Storm
Packet Storm
added 2023/03/22 12:0 a.m.298 views

Python CGI Documentation Cross Site Scripting

Is there low hanging fruit for the following observation? The documentation of the python cgi module is vulnerable to XSS cross site scripting https://docs.python.org/3/library/cgi.html form = cgi.FieldStorage print"name:", form"name".value print"addr:", form"addr".value First result on google fo...

6.8AI score
Exploits0
Packet Storm
Packet Storm
added 2022/09/28 12:0 a.m.298 views

Mobile Mouse Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Mobile Mouse RCE', 'Description' = %q This module utilizes the Mobile Mouse Server by RPA Technologies, Inc protocol to deploy a payload and run ...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/06/28 12:0 a.m.298 views

AnyDesk 7.0.9 Arbitrary File Write / Denial Of Service

Exploit Title: AnyDesk allow arbitrary file write by symbolic link attack lead to denial-of-service attack on local machine Google Dork: if applicable Date: 24/5/2022 Exploit Author: Erwin Chan Vendor Homepage: https://anydesk.com/en Software Link: https://anydesk.com/en Version: 7.0.9 Tested on:...

0.7AI score
Exploits0
Packet Storm
Packet Storm
added 2022/02/21 12:0 a.m.298 views

Simple Real Estate Portal System 1.0 SQL Injection

Title: Simple Real Estate Portal System v1.0 remote SQL-Injections Author: nu11secur1ty Date: 02.20.2022 Vendor: https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/php/15184/simple-real-estate-portal-system-phpoop-free-source-code.html Description: The id paramet...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2022/02/04 12:0 a.m.298 views

Voltage SecureMail Server Business Logic Bypass

Security Advisory ======================================================================= title: Business Logic Bypass - Mail Relay Post-authenticated product: Voltage SecureMail Server vulnerable version: Voltage SecureMail Server v7.3.0.1 fixed version: Voltage SecureMail Server v7.3.0.1 CVE...

0.2AI score0.00857EPSS
Exploits2
Packet Storm
Packet Storm
added 2021/11/15 12:0 a.m.298 views

PHP Laravel 8.70.1 Cross Site Request Forgery / Cross Site Scripting

Exploit Title: PHP Laravel 8.70.1 - Cross Site Scripting XSS to Cross Site Request Forgery CSRF Date: 14/11/2021 Exploit Author: Hosein Vita Vendor Homepage: https://laravel.com/ Software Link: https://laravel.com/docs/4.2 Version: Laravel Framework 8.70.1 Tested on: Windows/Linux Description: We...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/09/30 12:0 a.m.298 views

PlaceOS 1.2109.1 Open Redirection

Exploit Title: PlaceOS 1.2109.1 - Open Redirection Date: 29-09-2021 Exploit Author: Hamza Khedr @ Accenture Austalia AARO Team Vendor Homepage: https://place.technology/ Software Link: https://github.com/PlaceOS Version: 1.29.10 Tested on: Ubuntu 20.04 CVE: CVE-2021-41826 PoC:...

6.4AI score0.11872EPSS
Exploits3
Packet Storm
Packet Storm
added 2021/07/30 12:0 a.m.298 views

Pi-Hole Remove Commands Linux Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Pi-Hole Remove Commands Linux Priv Esc', 'Description' = %q Pi-Hole versions 3.0 - 5.3 allows for command line input to the removecustomcname,...

7.8CVSS0.8AI score0.01863EPSS
Exploits4
Packet Storm
Packet Storm
added 2021/07/01 12:0 a.m.298 views

Online Voting System 1.0 Remote Code Execution

Exploit Title: Online Voting System 1.0 - Remote Code Execution Authenticated Exploit Author: deathflash1411 Date 30.06.2021 Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/4808/voting-system-php.html Version 1.0 Tested on: Ubuntu 20.04 Proof of...

0.2AI score
Exploits0
Total number of security vulnerabilities5000