Lucene search
K
PacketstormMost viewed

50738 matches found

Packet Storm
Packet Storm
added 2021/05/06 12:0 a.m.297 views

Schlix CMS 2.2.6-6 Remote Code Execution

Exploit Title: Schlix CMS 2.2.6-6 - Remote Code Execution Authenticated Date: 2021-05-06 Exploit Author: Eren Saraç Vendor Homepage: https://www.schlix.com/ Software Link: https://www.schlix.com/downloads/schlix-cms/schlix-cms-v2.2.6-6.zip Version: 2.2.6-6 Tested on: Windows & WampServer ==...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/03/19 12:0 a.m.297 views

BRAdmin Professional 3.75 Unquoted Service Path

Exploit Title: BRAdmin Professional 3.75 - 'BRAScheduler' Unquoted Service Path Date: 2021-03-17 Exploit Author: Metin Yunus Kandemir Vendor Homepage: https://global.brother/ Software Link:...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/01/04 12:0 a.m.297 views

BACKDOOR.WIN32.ADVERBOT Remote Stack Corruption

Discovery / credits: malvuln - Malvuln.com c 2021 Original source: http://malvuln.com/advisory/9919c1e86a750dd6d4f0d2a851af29ea.txt Contact: [email protected] Media: twitter.com/malvuln Threat: BACKDOOR.WIN32.ADVERBOT Vulnerability: Remote Stack Corruption Description: Null instruction pointer...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/09/21 12:0 a.m.297 views

ForensiTAppxService 2.2.0.4 Unquoted Service Path

Exploit Title: ForensiTAppxService 2.2.0.4 - 'ForensiTAppxService.exe' Unquoted Service Path Discovery by: Burhanettin Özgenç Discovery Date: 2020-09-15 Vendor Homepage: https://www.forensit.com/downloads.html Tested Version: 2.2.0.4 Vulnerability Type: Unquoted Service Path Tested on OS: Windows...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2020/06/07 12:0 a.m.297 views

Virtual Airlines Manager 2.6.2 SQL Injection

Exploit Title: Virtual Airlines Manager 2.6.2 - 'notam' SQL Injection Date: 2020-06-07 Exploit Author: Pankaj Kumar Thakur Vendor Homepage: http://virtualairlinesmanager.net/ Dork: inurl:notamid= Affected Version: 2.6.2 Tested on: Ubuntu CVE : N/A Vulnerable parameter -------------------...

0.5AI score
Exploits0
Packet Storm
Packet Storm
added 2020/04/03 12:0 a.m.297 views

VMware Fusion USB Arbitrator Setuid Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VMware Fusion USB Arbitrator Setuid Privilege Escalation', 'Description' = %q This exploits an improper use of setuid binaries within VMware Fusi...

7.2CVSS1.2AI score0.07254EPSS
Exploits10
Packet Storm
Packet Storm
added 2020/04/02 12:0 a.m.297 views

MicroStrategy Intelligence Server And Web 10.4 XSS / Disclosure / SSRF / Code Execution

Exploit Title: MicroStrategy Intelligence Server and Web 10.4 - multiple vulnerabilities Exploit Author: RedTimmy Security Authors blog: https://www.redtimmy.com/web-application-hacking/another-ssrf-another-rce-the-microstrategy-case/ Vendor Homepage: https://www.microstrategy.com/ Versions: 10.4...

0.2AI score0.17841EPSS
Exploits7
Packet Storm
Packet Storm
added 2019/09/04 12:0 a.m.297 views

DASAN Zhone ZNID GPON 2426A EU Cross Site Scripting

Multiple Cross-Site Scripting XSS in the web interface of DASAN Zhone ZNID GPON 2426A EU version S3.1.285 application allows a remote attacker to execute arbitrary JavaScript via manipulation of an unsanitized GET parameters. Exploit Title: Multiple Cross-Site Scripting XSS in DASAN Zhone ZNID GP...

6.4AI score0.07253EPSS
Exploits5
Packet Storm
Packet Storm
added 2019/09/02 12:0 a.m.297 views

ptrace Sudo Token Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ptrace Sudo Token Privilege Escalation', 'Description' = %q This module attempts to gain root privileges by blindly injecting into the session...

0.7AI score
Exploits0
Packet Storm
Packet Storm
added 2019/02/25 12:0 a.m.297 views

Drupal 8.6.9 REST Remote Code Execution

!/usr/bin/env python3 CVE-2019-6340 Drupal = 8.6.9 REST services RCE PoC 2019 @leonjza Technical details for this exploit is available at: https://www.drupal.org/sa-core-2019-003 https://www.ambionics.io/blog/drupal8-rce https://twitter.com/jcran/status/1099206271901798400 Sample usage: $ python...

8.3AI score0.91919EPSS
Exploits22
Packet Storm
Packet Storm
added 2018/11/15 12:0 a.m.297 views

ntpd 4.2.8p10 Out-Of-Bounds Read

Exploit Title: ntpd 4.2.8p10 - Out-of-Bounds Read PoC Bug Discovery: Yihan Lian, a security researcher of Qihoo 360 GearTeam Exploit Author: Magnus Klaaborg Stubman @magnusstubman Website: https://dumpco.re/blog/cve-2018-7182 Vendor Homepage: http://www.ntp.org/ Software Link:...

5CVSS7.7AI score0.2985EPSS
Exploits5
Packet Storm
Packet Storm
added 2024/09/27 12:0 a.m.296 views

Backdoor.Win32.Benju.a MVID-2024-0700 Remote Command Execution

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/88922242e8805bfbc5981e55fdfadd71.txt Contact: [email protected] Media: x.com/malvuln Threat: Backdoor.Win32.Benju.a Vulnerability: Unauthenticated Remote Command Execution Family: Benju Typ...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/09/11 12:0 a.m.296 views

Emergency Ambulance Hiring Portal 1.0 WYSIWYG Code Injection

============================================================================================================================================= | Title : Emergency Ambulance Hiring Portal 1.0 WYSIWYG code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser :...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/07/31 12:0 a.m.296 views

Readymade Real Estate Script SQL Injection / Cross Site Scripting

x========================================================================================================================================x | Title : Readymade Real Estate Script Blind SQL & XSS Vulnerabilities | Software : Advanced Real Estate Script | Last Update : 12/07/24 | First Release:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/04/18 12:0 a.m.296 views

Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Insecure Direct Object Reference

Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Device Config Vendor: Elber S.r.l. Product web page: https://www.elber.it Affected version: 1.999 Revision 1243 1.317 Revision 602 1.220 Revision 1250 1.220 Revision 12481249 1.220 Revision 597 1.217 Revision 1242 1.214 Revision 1023 1.193 Revisi...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/02/09 12:0 a.m.296 views

Online Nurse Hiring System 1.0 SQL Injection

Exploit Title: Online Nurse Hiring System 1.0 - 'bookid' Time-Based SQL Injection Date: 03/10/2023 Exploit Author: Alperen Yozgat Vendor Homepage: https://phpgurukul.com/online-nurse-hiring-system-using-php-and-mysql Software Link: https://phpgurukul.com/?sdmprocessdownload=1&downloadid=17826...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/01/29 12:0 a.m.296 views

Xitami 2.5b4 Denial Of Service

!/usr/bin/perl use IO::Socket::INET; Exploit Title: Xitami 2.5b4 - Denial of Service DoS Discovery by: Fernando Mengali Discovery Date: 29 january 2024 Vendor Homepage: https://imatix-legacy.github.io/xitami.com/ Download to demo:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/09/05 12:0 a.m.296 views

Kingo ROOT 1.5.8 Unquoted Service Path

Exploit Title: Kingo ROOT 1.5.8 - Unquoted Service Path Date: 8/22/2023 Exploit Author: Anish Feroz ZEROXINN Vendor Homepage: https://www.kingoapp.com/ Software Link: https://www.kingoapp.com/android-root/download.htm Version: 1.5.8.3353 Tested on: Windows 10 Pro -------------Discovering Unquoted...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/14 12:0 a.m.296 views

BookingWizz 6.0.1 Information Disclosure

==================================================================================================================================== | Title : BookingWizz v6.0.1 sensitive information disclosure Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/10 12:0 a.m.296 views

DMIS:CRI LMS 2.0 SQL Injection

==================================================================================================================================== | Title : DMIS:CRI LMS V2.0 SQL Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 67.0.164-bit | ...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/01 12:0 a.m.296 views

General Device Manager 2.5.2.2 Buffer Overflow

Exploit Title: General Device Manager 2.5.2.2 - Buffer Overflow SEH Date: 30.07.2023 Software Link: https://download.xm030.cn/d/MDAwMDA2NTQ= Software Link 2: https://www.maxiguvenlik.com/uploads/importfiles/GeneralDeviceManager.zip Exploit Author: Ahmet Ümit BAYRAM Tested Version: 2.5.2.2 Tested...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/06/19 12:0 a.m.296 views

Multirent Multivendor Equipment Rental 1.0 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/05/31 12:0 a.m.296 views

Microsoft GamingServicesNet 12.77.3001.0 Unquoted Service Path

Exploit Title: Microsoft GamingServicesNet 12.77.3001.0 - 'GamingServicesNet' Unquoted Service Path Exploit Author: tmrswrr Exploit Date: 2023-05.17 Vendor : https://www.microsoft.com/store/productId/9MWPM2CQNLHN Version : 12.77.3001.0 Tested on OS: Windows 10 Enterprise Step to discover Unquoted...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/04/12 12:0 a.m.296 views

Google Chrome Browser 111.0.5563.64 AXPlatformNodeCocoa Denial Of Service

Google Chrome Browser 111.0.5563.64 AXPlatformNodeCocoa Fatal OOM/Crash macOS Vendor: Google LLC Product web page: https://www.google.com Affected version: 111.0.5563.64 Official Build x8664 110.0.5481.100 Official Build x8664 108.0.5359.124 Official Build x8664 108.0.5359.98 Official Build x8664...

6.8AI score
Exploits0
Packet Storm
Packet Storm
added 2022/06/06 12:0 a.m.296 views

Reolink E1 Zoom Camera 3.0.0.716 Private Key Disclosure

RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Reolink E1 Zoom Camera Vendor URL: https://reolink.com/product/e1-zoom/ Type: Exposure of Sensitive Information to an Unauthorized Actor CWE-200 Date found: 2021-08-26 Date published:...

5.8AI score0.05994EPSS
Exploits4
Packet Storm
Packet Storm
added 2022/05/11 12:0 a.m.296 views

MyBB 1.8.29 Remote Code Execution

Exploit Title: MyBB 1.8.29 - Remote Code Execution RCE Authenticated Date: 2022-05-08 Exploit Author: Altelus Vendor Homepage: https://mybb.com/ Software Link: https://github.com/mybb/mybb/releases/tag/mybb1829 Version: MyBB 1.8.29 Tested on: Linux CVE : CVE-2022-24734 An RCE can be obtained on...

7.2CVSS7AI score0.77677EPSS
Exploits9
Packet Storm
Packet Storm
added 2022/02/21 12:0 a.m.296 views

Simple Real Estate Portal System 1.0 SQL Injection

Title: Simple Real Estate Portal System v1.0 remote SQL-Injections Author: nu11secur1ty Date: 02.20.2022 Vendor: https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/php/15184/simple-real-estate-portal-system-phpoop-free-source-code.html Description: The id paramet...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/11/15 12:0 a.m.296 views

PHP Laravel 8.70.1 Cross Site Request Forgery / Cross Site Scripting

Exploit Title: PHP Laravel 8.70.1 - Cross Site Scripting XSS to Cross Site Request Forgery CSRF Date: 14/11/2021 Exploit Author: Hosein Vita Vendor Homepage: https://laravel.com/ Software Link: https://laravel.com/docs/4.2 Version: Laravel Framework 8.70.1 Tested on: Windows/Linux Description: We...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/10/01 12:0 a.m.296 views

Drupal MiniorangeSAML 8.x-2.22 Privilege Escalation

Exploit Title: Drupal Module MiniorangeSAML 8.x-2.22 - Privilege escalation via XML Signature Wrapping Date: 09/07/2021 Exploit Author: Cristian 'void' Giustini Vendor Homepage: https://www.miniorange.com/ Software Link: https://www.drupal.org/project/miniorangesaml Version: 8.x-2.22 REQUIRED...

1.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/08/16 12:0 a.m.296 views

COMMAX Biometric Access Control System 1.0.0 Cross Site Scripting

COMMAX Biometric Access Control System 1.0.0 Cookie Reflected XSS Vendor: COMMAX Co., Ltd. Prodcut web page: https://www.commax.com Affected version: 1.0.0 Summary: Biometric access control system. Desc: The application is vulnerable to an unauthenticated reflected cross-site scripting XSS...

0.5AI score
Exploits0
Packet Storm
Packet Storm
added 2021/03/20 12:0 a.m.296 views

CMS Made Simple 2.2.15 SQL Injection

1 Summary Affected software CMS Made Simple-2.2.15 Vendor URLhttp://www.cmsmadesimple.org/ Vulnerability SQL injection 2 Vulnerability Description The affected software is vulnerable to SQL injection via the m1sortby POST parameter of the News module, reachable via the moduleinterface.php page. T...

0.5AI score
Exploits0
Packet Storm
Packet Storm
added 2021/02/08 12:0 a.m.296 views

Trojan-Spy.Win32.SpyEyes.auqj Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/ea6ed38ab5264cd92f0d42eb020e87d8.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan-Spy.Win32.SpyEyes.auqj Vulnerability: Insecure Permissions EoP Description: SpyEyes.auqj...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/08/11 12:0 a.m.296 views

vBulletin 5.x Remote Code Execution

!/usr/bin/env python3 vBulletin 5.x pre-auth widgettabbedContainer RCE exploit by @zenofex import argparse import requests import sys def runexploitvbloc, shellcmd: postdata = 'subWidgets0template' : 'widgetphp', 'subWidgets0configcode' : "echo shellexec'%s'; exit;" % shellcmd r =...

7.5CVSS0.2AI score0.99728EPSS
Exploits27
Packet Storm
Packet Storm
added 2020/07/14 12:0 a.m.296 views

Verint Impact 360 15.1 Open Redirect

!-- Exploit Title: Verint Impact 360 onLogin open redirect Date: 7-13-2020 Exploit Author: Ryan Delaney Author Contact: [email protected] Author LinkedIn: https://www.linkedin.com/in/infosecrd/ Vendor Homepage: https://www.verint.com/ Software Link:...

0.5AI score0.00862EPSS
Exploits2
Packet Storm
Packet Storm
added 2019/09/19 12:0 a.m.297 views

Western Digital My Book World II NAS 1.02.12 Hardcoded Credential

Exploit Title: Western Digital My Book World II NAS = 1.02.12 - Broken Authentication to RCE Google Dork: intitle:"My Book World Edition - MyBookWorld" Date: 19th Sep, 2019 Exploit Author: Noman Riffat, National Security Services Group NSSG Vendor Homepage: https://wd.com/ Software Link:...

9.7AI score0.07079EPSS
Exploits5
Packet Storm
Packet Storm
added 2019/04/14 12:0 a.m.296 views

MailCarrier 2.51 USER Buffer Overflow

!/usr/bin/python Exploit Title: MailCarrier 2.51 - Remote Buffer Overflow in "USER" commandPOP3 Date: 14/04/2019 Exploit Author: Dino Covotsos - Telspace Systems Vendor Homepage: https://www.tabslab.com/ Version: 2.51 Software Link: N.A Contact: [email protected] Twitter: @telspacesystems...

1.1AI score
Exploits0
Packet Storm
Packet Storm
added 2025/03/12 12:0 a.m.295 views

asteval 1.06 Arbitrary Code Execution / Sandbox Escape

An attacker who can pass input to the asteval library, when this is used with numpy functions in the symbol table the default setting, can bypass restrictions and execute arbitrary code as the user who ran the python process. Versions 1.06 and below are affected. CVE pending Sandboxing Python is...

8.1AI score
Exploits0
Packet Storm
Packet Storm
added 2025/03/07 12:0 a.m.295 views

WordPress Custom Contact Form 5.1.0.3 CSRF / SQL Injection

WordPress Custom Contact Form plugin version 5.1.0.3 suffers from cross site request forgery and remote SQL injection vulnerabilities. ============================================================================================================================================= | Title : WordPress...

8.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/09/30 12:0 a.m.295 views

BlackBerry CylanceOPTICS Uninstall Password Bypass

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Uninstall Password Bypass product: BlackBerry CylanceOPTICS Windows Installer Package vulnerable version: CylanceOPTICS 3.3 MR2 CylanceOPTICS 3.2 MR5 fixed version:...

7.1CVSS7.1AI score0.00193EPSS
Exploits1
Packet Storm
Packet Storm
added 2024/09/10 12:0 a.m.295 views

Passion Responsive Blogging 1.0 SQL Injection

============================================================================================================================================= | Title : Passion Responsive Blogging 1.0 SQL injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/20 12:0 a.m.295 views

Hospital Management System 1.0 Code Injection

============================================================================================================================================= | Title : Hospital Management System 1.0WYSIWYG code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/09 12:0 a.m.295 views

Yoga Class Registration System 1.0 Cross Site Request Forgery

============================================================================================================================================= | Title : Yoga Class Registration System v1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0....

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/07/30 12:0 a.m.295 views

AccPack Khanepani 1.0 SQL Injection

============================================================================================================================================= | Title : AccPack Khanepani v1.0 Auth By Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/06/19 12:0 a.m.295 views

User Registration And Management System 3.2 SQL Injection

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ .:. Exploit Title User Registration & Management System - SQLi .:. Google Dorks .:. inurl:loginsystem/index.php .:. Date: June 18, 2024 .:. Exploit Author: bRpsd .:. Contact: cyatlive.no .:. Vendor - https://phpgurukul.com/ .:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/04/08 12:0 a.m.295 views

AnyDesk 7.0.15 Unquoted Service Path

Exploit Title: AnyDesk 7.0.15 - Unquoted Service Path Privilege Escalation Date: 2024-04-01 Exploit Author: Milad Karimi Ex3ptionaL Contact: [email protected] Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL Vendor Homepage: http://anydesk.com Software Link: http://anydesk.com/download...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/04/01 12:0 a.m.295 views

WordPress Gutenberg 18.0.0 Cross Site Scripting

Exploit Title: Wordpress Gutenberg Plugin Version 18.0.0 Stored XSS Date: 2024-3-29 Exploit Author: tmrswrr Category: Webapps Vendor Homepage: https://wordpress.org/plugins/gutenberg/ Version 18.0.0 1 Go to Gutenberg Plugin edit page :...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/02/22 12:0 a.m.295 views

Dotclear 2.29 Cross Site Scripting

Exploit Title: Dotclear Version : 2.29 - Reflected XSS Date: 2024-21-02 Exploit Author: tmrswrr Vendor Homepage: https://dotclear.org/ Version : 2.29 Tested on: https://softaculous.com/demos/dotclear 1 Enter admin panel after write search button this payload : " 2...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/02/20 12:0 a.m.295 views

Petrol Pump Management Software 1.0 Shell Upload

Exploit Title: Petrol pump management software - File Upload Remote Code Execution RCE unauthenticated Google Dork: N/A Application: Petrol pump management software Date: 20.02.2024 Bugs: File Upload Remote Code Execution RCE unauthenticated Exploit Author: SoSPiro Vendor Homepage:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/12/04 12:0 a.m.295 views

October CMS 3.4.0 Category Cross Site Scripting

OctoberCMS v3.4.0 Category Stored Cross-Site Scripting Vulnerability Vendor: October CMS Product web page: https://www.octobercms.com Affected version: 3.4.0 Summary: OctoberCMS is a self-hosted content management system CMS based on the PHP programming language and Laravel web application...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/10/10 12:0 a.m.295 views

OpenPLC WebServer 3 Denial Of Service

Exploit Title: OpenPLC WebServer 3 - Denial of Service Date: 10.09.2023 Exploit Author: Kai Feng Vendor Homepage: https://autonomylogic.com/ Software Link: https://github.com/thiagoralves/OpenPLCv3.git Version: Version 3 and 2 Tested on: Ubuntu 20.04 import requests import sys import time import...

7.1AI score
Exploits0
Total number of security vulnerabilities5000