Lucene search
K
PacketstormMost viewed

50765 matches found

Packet Storm
Packet Storm
added 2022/05/11 12:0 a.m.296 views

Magento eCommerce CE 2.3.5-p2 SQL Injection

Exploit Title: Magento eCommerce CE v2.3.5-p2 - Blind SQLi Date: 2021-4-21 Exploit Author: Aydin Naserifard Vendor Homepage: https://www.adobe.com/ Software Link: https://github.com/magento/magento2/releases/tag/2.3.5-p2 Version: 2.3.5-p2 Tested on: 2.3.5-p2 POC: 1PUT...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/12/20 12:0 a.m.296 views

WordPress Popular Posts 5.3.2 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Wordpress Popular Posts Authenticated RCE', 'Description' = %q This exploit requires Metasploit to have a FQDN and the ability to run a payload w...

8.8CVSS0.1AI score0.79823EPSS
Exploits5
Packet Storm
Packet Storm
added 2021/10/13 12:0 a.m.296 views

Student Quarterly Grading System 1.0 Cross Site Scripting

Exploit Title: Student Quarterly Grading System 1.0 - 'grade' Stored Cross-Site Scripting XSS Date: 11.10.2021 Exploit Author: Hüseyin Serkan Balkanli Vendor Homepage: https://www.sourcecodester.com/php/14953/student-quarterly-grading-system-using-php-and-sqlite-free-source-code.html Software Lin...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/08/16 12:0 a.m.296 views

COMMAX Biometric Access Control System 1.0.0 Cross Site Scripting

COMMAX Biometric Access Control System 1.0.0 Cookie Reflected XSS Vendor: COMMAX Co., Ltd. Prodcut web page: https://www.commax.com Affected version: 1.0.0 Summary: Biometric access control system. Desc: The application is vulnerable to an unauthenticated reflected cross-site scripting XSS...

0.5AI score
Exploits0
Packet Storm
Packet Storm
added 2021/05/07 12:0 a.m.296 views

Sandboxie Plus 0.7.4 Unquoted Service Path

Exploit Title: Sandboxie Plus 0.7.4 - 'SbieSvc' Unquoted Service Path Discovery by: Erick Galindo Discovery Date: 2020-05-06 Vendor Homepage: https://github.com/sandboxie-plus/Sandboxie/releases/download/0.7.4/Sandboxie-Plus-x64-v0.7.4.exe Tested Version: 0.7.4 Vulnerability Type: Unquoted Servic...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2021/03/20 12:0 a.m.296 views

CMS Made Simple 2.2.15 SQL Injection

1 Summary Affected software CMS Made Simple-2.2.15 Vendor URLhttp://www.cmsmadesimple.org/ Vulnerability SQL injection 2 Vulnerability Description The affected software is vulnerable to SQL injection via the m1sortby POST parameter of the News module, reachable via the moduleinterface.php page. T...

0.5AI score
Exploits0
Packet Storm
Packet Storm
added 2021/02/26 12:0 a.m.296 views

Trojan.Win32.Hotkeychick.am Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/5ea9840970e78188f73eb1763363eeac.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan.Win32.Hotkeychick.am Vulnerability: Insecure Permissions Description: The trojan creates an...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/02/08 12:0 a.m.296 views

Trojan-Spy.Win32.SpyEyes.auqj Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/ea6ed38ab5264cd92f0d42eb020e87d8.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan-Spy.Win32.SpyEyes.auqj Vulnerability: Insecure Permissions EoP Description: SpyEyes.auqj...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/01/29 12:0 a.m.296 views

Packed.Win32.Katusha.o Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/e184abe44bec183a522d2c66bc3f90e0.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Packed.Win32.Katusha.o Ransomeware Vulnerability: Insecure Permissions EoP Description: The malware...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/01/05 12:0 a.m.296 views

House Rental And Property Listing 1.0 Cross Site Scripting

Exploit Title: House Rental and Property Listing 1.0 - Multiple Stored XSS Tested on: Windows 10 Exploit Author: Mohamed habib Smidi Craniums Date: 2020-12-28 Google Dork: N/A Vendor Homepage: https://www.sourcecodester.com/php/14649/house-rental-and-property-listing-php-full-source-code.html...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/08/11 12:0 a.m.296 views

vBulletin 5.x Remote Code Execution

!/usr/bin/env python3 vBulletin 5.x pre-auth widgettabbedContainer RCE exploit by @zenofex import argparse import requests import sys def runexploitvbloc, shellcmd: postdata = 'subWidgets0template' : 'widgetphp', 'subWidgets0configcode' : "echo shellexec'%s'; exit;" % shellcmd r =...

7.5CVSS0.2AI score0.99728EPSS
Exploits27
Packet Storm
Packet Storm
added 2019/09/19 12:0 a.m.297 views

Western Digital My Book World II NAS 1.02.12 Hardcoded Credential

Exploit Title: Western Digital My Book World II NAS = 1.02.12 - Broken Authentication to RCE Google Dork: intitle:"My Book World Edition - MyBookWorld" Date: 19th Sep, 2019 Exploit Author: Noman Riffat, National Security Services Group NSSG Vendor Homepage: https://wd.com/ Software Link:...

9.7AI score0.07079EPSS
Exploits5
Packet Storm
Packet Storm
added 2025/03/07 12:0 a.m.295 views

WordPress Custom Contact Form 5.1.0.3 CSRF / SQL Injection

WordPress Custom Contact Form plugin version 5.1.0.3 suffers from cross site request forgery and remote SQL injection vulnerabilities. ============================================================================================================================================= | Title : WordPress...

8.4AI score
Exploits0
Packet Storm
Packet Storm
added 2025/02/04 12:0 a.m.295 views

ABB Cylon FLXeon 9.3.4 users.js Authenticated Root Remote Code Execution

ABB Cylon FLXeon version 9.3.4 is vulnerable to authenticated remote root code execution via the /api/users/password endpoint. An attacker with valid credentials can inject arbitrary system commands by manipulating the newPassword PUT parameter. The issue arises in users.js, where the new passwor...

10CVSS9.9AI score0.04328EPSS
Exploits18
Packet Storm
Packet Storm
added 2024/09/12 12:0 a.m.295 views

Emergency Ambulance Hiring Portal 1.0 PHP Code Injection

============================================================================================================================================= | Title : Emergency Ambulance Hiring Portal 1.0 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozill...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/09 12:0 a.m.295 views

Yoga Class Registration System 1.0 Cross Site Request Forgery

============================================================================================================================================= | Title : Yoga Class Registration System v1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0....

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/02/22 12:0 a.m.295 views

Dotclear 2.29 Cross Site Scripting

Exploit Title: Dotclear Version : 2.29 - Reflected XSS Date: 2024-21-02 Exploit Author: tmrswrr Vendor Homepage: https://dotclear.org/ Version : 2.29 Tested on: https://softaculous.com/demos/dotclear 1 Enter admin panel after write search button this payload : " 2...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/02/20 12:0 a.m.295 views

Petrol Pump Management Software 1.0 Shell Upload

Exploit Title: Petrol pump management software - File Upload Remote Code Execution RCE unauthenticated Google Dork: N/A Application: Petrol pump management software Date: 20.02.2024 Bugs: File Upload Remote Code Execution RCE unauthenticated Exploit Author: SoSPiro Vendor Homepage:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/10/10 12:0 a.m.295 views

OpenPLC WebServer 3 Denial Of Service

Exploit Title: OpenPLC WebServer 3 - Denial of Service Date: 10.09.2023 Exploit Author: Kai Feng Vendor Homepage: https://autonomylogic.com/ Software Link: https://github.com/thiagoralves/OpenPLCv3.git Version: Version 3 and 2 Tested on: Ubuntu 20.04 import requests import sys import time import...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/09/08 12:0 a.m.295 views

Wp2Fac 1.0 Command Injection

Exploit Title: Wp2Fac v1.0 - OS Command Injection Date: 2023-08-27 Exploit Author: Ahmet Ümit BAYRAM Vendor: https://github.com/metinyesil/wp2fac Tested on: Kali Linux & Windows 11 CVE: N/A import requests def sendpostrequesthost, revshell: url = f'http://host/send.php' headers = 'User-Agent':...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/08 12:0 a.m.295 views

EMIS WEB School CMS 1 SQL Injection

==================================================================================================================================== | Title : EMIS WEB School CMS V 1 blind SQL injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/07/24 12:0 a.m.295 views

mooDating 1.2 Cross Site Scripting

Exploit Title: mooDating 1.2 - Reflected XSS Exploit Author: CraCkEr aka skalvin Date: 22/07/2023 Vendor: mooSocial Vendor Homepage: https://moodatingscript.com/ Software Link: https://demo.moodatingscript.com/home Tested on: Windows 10 Pro Impact: Manipulate the content of the site CVE:...

7.1AI score0.03678EPSS
Exploits10
Packet Storm
Packet Storm
added 2023/06/12 12:0 a.m.295 views

Anevia Flamingo XS 3.6.5 Authenticated Root Remote Code Execution

Anevia Flamingo XS 3.6.5 Authenticated Root Remote Code Execution Vendor: Ateme Product web page: https://www.ateme.com Affected version: 3.6.5 Hardware revision: 1.1 SoapLive 2.4.0 SoapSystem 1.3.1 Summary: Flamingo XL, a new modular and high-density IPTV head-end product for hospitality and...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/05/30 12:0 a.m.295 views

Pydio Cells 4.1.2 Server-Side Request Forgery

For longer running processes, Pydio Cells allows for the creation of jobs, which are run in the background. The job "remote-download" can be used to cause the backend to send a HTTP GET request to a specified URL and save the response to a new file. The response file is then available in a...

7.1AI score0.03846EPSS
Exploits4
Packet Storm
Packet Storm
added 2023/05/26 12:0 a.m.295 views

Ulicms 2023.1 Create Administrator

Exploit Title: Ulicms 2023.1 - create admin user via mass assignment Application: Ulicms Version: 2023.1-sniffing-vicuna Bugs: create admin user via mass assignment Technology: PHP Vendor URL: https://en.ulicms.de/ Software Link:...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/05/09 12:0 a.m.295 views

Spryker Commerce OS 1.0 SQL Injection

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Title ===== SCHUTZWERK-SA-2023-001: SQL Injection in Spryker Commerce OS Status ====== PUBLISHED Version ======= 1.0 CVE reference ============= CVE-2023-27568 Link ==== https://www.schutzwerk.com/advisories/schutzwerk-sa-2023-001/ Text-only version...

9.8CVSS7.1AI score0.03628EPSS
Exploits6
Packet Storm
Packet Storm
added 2023/04/12 12:0 a.m.295 views

Sielco Radio Link 2.06 Improper Access Control

!-- This will set/modify user1 p...

6.8AI score
Exploits0
Packet Storm
Packet Storm
added 2023/04/10 12:0 a.m.295 views

pfsenseCE 2.6.0 Protection Bypass

!/usr/bin/python3 Exploit Title: pfsenseCE v2.6.0 - Anti-brute force protection bypass Google Dork: intitle:"pfSense - Login" Date: 2023-04-07 Exploit Author: FabDotNET Fabien MAISONNETTE Vendor Homepage: https://www.pfsense.org/ Software Link:...

9.8CVSS9.4AI score0.09844EPSS
Exploits5
Packet Storm
Packet Storm
added 2022/09/07 12:0 a.m.295 views

Trojan.Win32.Autoit.fhj MVID-2022-0637 Insecure Permissions

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/d871836f77076eeed87eb0078c1911c7.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan.Win32.Autoit.fhj Vulnerability: Insecure Permissions Description: The malware write...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/06/29 12:0 a.m.295 views

Laundry Management System 1.0 SQL Injection

Exploit Title: Laundry Management System 1.0 - Authenticated SQL Injection Date: 29-06-2022 Exploit Author: syad Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/php-cilaundry.zip Version: 1.0 Tested on: Windows 1...

0.7AI score
Exploits0
Packet Storm
Packet Storm
added 2022/02/02 12:0 a.m.295 views

WordPress Learnpress 4.1.4.1 Arbitrary Image Renaming

Exploit Title: WordPress Plugin Learnpress 4.1.4.1 - Arbitrary Image Renaming Date: 08-01-2022 Exploit Author: Ceylan Bozogullarindan Author Webpage: https://bozogullarindan.com Vendor Homepage: https://thimpress.com/ Software Link: https://thimpress.com/learnpress-plugin/ Version: 4.1.4.1 Tested...

4.7AI score0.03205EPSS
Exploits5
Packet Storm
Packet Storm
added 2021/12/14 12:0 a.m.295 views

Zucchetti Axess CLOKI Access Control 1.64 Cross Site Request Forgery

!-- Zucchetti Axess CLOKI Access Control 1.64 CSRF Disable Access Control Vendor: Zucchetti Axess S.p.A. Product web page: https://www.axesstmc.com Affected version: 1.64 1.63 1.54 Summary: CLOKI is the pre-installed application on our terminals that provides simple to use access control manageme...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/10/07 12:0 a.m.295 views

VMware vCenter Server Analytics (CEIP) Service File Upload

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VMware vCenter Server Analytics CEIP Service File Upload', 'Description' = %q This module exploits a file upload in VMware vCenter Server's...

7.5CVSS0.3AI score0.99999EPSS
Exploits11
Packet Storm
Packet Storm
added 2021/10/06 12:0 a.m.295 views

G Data EndpointProtection Enterprise 17.08.2021 Privilege Escalation

DATA Anti-Virus: Abusing OpenSSL to get local admin Metadata =================================================== Release Date: 05-Oct-2021 Author: Florian Bogner @ https://bee-itsecurity.at Affected product: G Data’s Security Client “EndpointProtection Enterprise” Fixed in: all versions after...

0.9AI score
Exploits0
Packet Storm
Packet Storm
added 2021/08/04 12:0 a.m.295 views

Riak Insecure Default Configuration / Remote Command Execution

Riak KV Insecure Default Cookie RCE ===== Intro ===== Riak is a NoSQL key-value database that is built to maximize data availability and performance, especially useful for eg. big data environments. It's built to survive data and network failures with design principles similar to DynamoDB while...

0.9AI score
Exploits0
Packet Storm
Packet Storm
added 2021/06/11 12:0 a.m.295 views

Backdoor.Win32.Zombam.gen Cross Site Scripting

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/ff6516c881dee555b0cd253408b64404.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Zombam.gen Vulnerability: Cross Site Scripting XSS Description: Zombam malware listen...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/06/09 12:0 a.m.295 views

OpenCart 3.0.3.7 Cross Site Request Forgery

Exploit Title : OpenCart 3.0.3.7 - 'Change Password' Cross-Site Request Forgery CSRF Date : 2021/08/06 Exploit Author : Mert Daş [email protected] Software Link : http://www.opencart.com/index.php?route=download/download : https://github.com/opencart Software web : www.opencart.com Tested on...

0.5AI score
Exploits0
Packet Storm
Packet Storm
added 2021/04/23 12:0 a.m.295 views

DzzOffice 2.02.1 Cross Site Scripting

Exploit Title: XSS attack app/setting in DzzOffice-2.02.1 Author: @nu11secur1ty Testing and Debugging: @nu11secur1ty, g3ck0dr1v3r Date: 04.23.2021 Vendor: http://www.dzzoffice.com/ Link: https://github.com/zyx0814/dzzoffice CVE: CVE-2021-3318 + Exploit Source: !/usr/bin/python3 Author:...

4.3CVSS6.4AI score0.02848EPSS
Exploits4
Packet Storm
Packet Storm
added 2021/03/08 12:0 a.m.295 views

Print Job Accounting 4.4.10 Unquoted Service Path

Exploit Title: Print Job Accounting 4.4.10 - 'OkiJaSvc' Unquoted Service Path Discovery by: Brian Rodriguez Date: 07-03-2021 Vendor Homepage: https://www.oki.com Software Links:...

0.6AI score
Exploits0
Packet Storm
Packet Storm
added 2020/10/19 12:0 a.m.295 views

HiSilicon Video Encoder Malicious Firmware Code Execution

!/usr/bin/env bash Exploit Title: HiSilicon video encoders - RCE via unauthenticated upload of malicious firmware Date: 2020-09-20 Exploit Author: Alexei Kojenov Vendor Homepage: multiple vendors Software Link: N/A Version: vendor-specific Tested on: Linux CVE: CVE-2020-24217 Vendors: URayTech,...

0.3AI score0.40302EPSS
Exploits5
Packet Storm
Packet Storm
added 2019/10/18 12:0 a.m.295 views

Sangoma SBC 2.3.23-119-GA Unauthenticated User Creation

Introduction Description A remotely exploitable vulnerability exists in the 2.3.23-119-GA version of Sangoma SBC that would allow an unauthenticated user to create a privileged user on the system using the web application login interface. Vulnerability Type - Argument Injection or Modification...

0.2AI score0.02604EPSS
Exploits3
Packet Storm
Packet Storm
added 2019/07/12 12:0 a.m.295 views

Jenkins Dependency Graph View 0.13 Cross Site Scripting

Exploit Title: Persistent XSS - Dependency Graph View Pluginv0.13 Vendor Homepage: https://wiki.jenkins.io/display/JENKINS/Dependency+Graph+View+Plugin Exploit Author: Ishaq Mohammed Contact: https://twitter.com/securityprince Website: https://about.me/security-prince Category: webapps Platform:...

5.5AI score0.03885EPSS
Exploits5
Packet Storm
Packet Storm
added 2010/05/19 12:0 a.m.295 views

Joomla JComments 2.10.0 Cross Site Scripting

Vulnerability ID: HTB22368 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinjcommentsjoomla.html Product: JComments Vendor: JoomlaTune .com Vulnerable Version: 2.1.0.0 07/08/2009 and Probably Prior Versions Vendor Notification: 04 May 2010 Vulnerability Type: XSS Cross Site Scripting...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2026/02/25 12:0 a.m.294 views

📄 Frigate NVR 0.16.3 Remote Command Execution

This Python exploit targets a critical configuration manipulation vulnerability in Frigate NVR versions up to 0.16.3 both authenticated and unauthenticated paths. By injecting a malicious go2rtc stream and a fake camera entry, it triggers arbitrary command execution as the Frigate process during...

9.1CVSS5.9AI score0.02874EPSS
Exploits8
Packet Storm
Packet Storm
added 2025/04/07 12:0 a.m.294 views

📄 WordPress Backup and Staging 1.21.16 Shell Upload

WordPress Backup and Staging plugin versions 1.21.16 and below suffer from a remote shell upload vulnerability. Exploit Title: WordPress Backup and Staging Plugin ≤ 1.21.16 - Arbitrary File Upload to RCE Original Author: Patchstack hypothetical Exploit Author: Al Baradi Joy Exploit Date: April 5,...

9.8CVSS9.4AI score0.93709EPSS
Exploits7
Packet Storm
Packet Storm
added 2025/02/03 12:0 a.m.294 views

ABB Cylon FLXeon 9.3.4 login.js Unauthenticated Root Remote Code Execution

ABB Cylon FLXeon version 9.3.4 suffers from an unauthenticated remote code execution vulnerability with root privileges. Input passed through the login.js script for the password JSON parameter allows out-of-band command injection. !/usr/bin/env python3 ABB Cylon FLXeon 9.3.4 login.js...

10CVSS10AI score0.04328EPSS
Exploits18
Packet Storm
Packet Storm
added 2024/09/04 12:0 a.m.294 views

Backdoor.Win32.Optix.02.b MVID-2024-0690 Hardcoded Credential

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/706ddc06ebbdde43e4e97de4d5af3b19.txt Contact: [email protected] Media: x.com/malvuln Threat: Backdoor.Win32.Optix.02.b Vulnerability: Weak Hardcoded Credentials Description: Optix listens o...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/09/01 12:0 a.m.294 views

Cisco SSL VPN Bruteforce Login Utility

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco SSL VPN Bruteforce Login Utility', 'Description' = % This module scans for Cisco SSL VPN web login portals and performs login brute force t...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/09/01 12:0 a.m.294 views

WordPress REST API Content Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress REST API Content Injection', 'Description' = %q This module exploits a content injection vulnerability in WordPress versions 4.7 and...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.294 views

Squid Proxy Range Header Denial of Service

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Squid Proxy Range Header DoS', 'Description' = %q The range handler in The Squid Caching Proxy Server 3.0-4.1.4 and 5.0.1-5.0.5 suffers from...

6.5CVSS7AI score0.95785EPSS
Exploits2
Total number of security vulnerabilities5000