Lucene search
K
PacketstormMost viewed

50738 matches found

Packet Storm
Packet Storm
added 2024/02/20 12:0 a.m.295 views

Petrol Pump Management Software 1.0 Shell Upload

Exploit Title: Petrol pump management software - File Upload Remote Code Execution RCE unauthenticated Google Dork: N/A Application: Petrol pump management software Date: 20.02.2024 Bugs: File Upload Remote Code Execution RCE unauthenticated Exploit Author: SoSPiro Vendor Homepage:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/12/04 12:0 a.m.295 views

October CMS 3.4.0 Category Cross Site Scripting

OctoberCMS v3.4.0 Category Stored Cross-Site Scripting Vulnerability Vendor: October CMS Product web page: https://www.octobercms.com Affected version: 3.4.0 Summary: OctoberCMS is a self-hosted content management system CMS based on the PHP programming language and Laravel web application...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/10/10 12:0 a.m.295 views

OpenPLC WebServer 3 Denial Of Service

Exploit Title: OpenPLC WebServer 3 - Denial of Service Date: 10.09.2023 Exploit Author: Kai Feng Vendor Homepage: https://autonomylogic.com/ Software Link: https://github.com/thiagoralves/OpenPLCv3.git Version: Version 3 and 2 Tested on: Ubuntu 20.04 import requests import sys import time import...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/09/08 12:0 a.m.295 views

Wp2Fac 1.0 Command Injection

Exploit Title: Wp2Fac v1.0 - OS Command Injection Date: 2023-08-27 Exploit Author: Ahmet Ümit BAYRAM Vendor: https://github.com/metinyesil/wp2fac Tested on: Kali Linux & Windows 11 CVE: N/A import requests def sendpostrequesthost, revshell: url = f'http://host/send.php' headers = 'User-Agent':...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/07/24 12:0 a.m.295 views

mooDating 1.2 Cross Site Scripting

Exploit Title: mooDating 1.2 - Reflected XSS Exploit Author: CraCkEr aka skalvin Date: 22/07/2023 Vendor: mooSocial Vendor Homepage: https://moodatingscript.com/ Software Link: https://demo.moodatingscript.com/home Tested on: Windows 10 Pro Impact: Manipulate the content of the site CVE:...

7.1AI score0.03678EPSS
Exploits10
Packet Storm
Packet Storm
added 2023/06/12 12:0 a.m.295 views

Anevia Flamingo XS 3.6.5 Authenticated Root Remote Code Execution

Anevia Flamingo XS 3.6.5 Authenticated Root Remote Code Execution Vendor: Ateme Product web page: https://www.ateme.com Affected version: 3.6.5 Hardware revision: 1.1 SoapLive 2.4.0 SoapSystem 1.3.1 Summary: Flamingo XL, a new modular and high-density IPTV head-end product for hospitality and...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/05/30 12:0 a.m.295 views

Pydio Cells 4.1.2 Server-Side Request Forgery

For longer running processes, Pydio Cells allows for the creation of jobs, which are run in the background. The job "remote-download" can be used to cause the backend to send a HTTP GET request to a specified URL and save the response to a new file. The response file is then available in a...

7.1AI score0.03846EPSS
Exploits4
Packet Storm
Packet Storm
added 2023/05/09 12:0 a.m.295 views

Spryker Commerce OS 1.0 SQL Injection

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Title ===== SCHUTZWERK-SA-2023-001: SQL Injection in Spryker Commerce OS Status ====== PUBLISHED Version ======= 1.0 CVE reference ============= CVE-2023-27568 Link ==== https://www.schutzwerk.com/advisories/schutzwerk-sa-2023-001/ Text-only version...

9.8CVSS7.1AI score0.03628EPSS
Exploits6
Packet Storm
Packet Storm
added 2023/05/01 12:0 a.m.295 views

Aigital Wireless-N Repeater Mini_Router.0.131229 Authentication Bypass

Exploit Title: Aigital Wireless-N Repeater - Login Bypass Exploit Author: Matteo Mandolini Date : 13/04/2023 Vendor Homepage: https://web.archive.org/web/20220625053314/https://www.aigital.com/ Version: MiniRouter.0.131229 Login bypass The device web application relies on a time-based mechanism t...

6.9AI score
Exploits0
Packet Storm
Packet Storm
added 2023/02/10 12:0 a.m.295 views

WEBY 1.2.5 Cross Site Request Forgery

==================================================================================================================================== | Title : WEBY v.1.2.5 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 108.0.132-bit | | Vendor :...

0.8AI score
Exploits0
Packet Storm
Packet Storm
added 2022/12/27 12:0 a.m.295 views

Courier Deprixa 2.5 Backdoor Account

==================================================================================================================================== | Title : COURIER DEPRIXA V2.5 Backdoor Account Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2022/09/27 12:0 a.m.295 views

Online Birth Certificate Management System 1.0 Cross Site Scripting

Exploit Title: Online Birth Certificate Management System - Stored Cross-Site Scripting XSS Google Dork: N/A Date: 2022-9-27 Exploit Author: yousef alraddadi - https://twitter.com/y0usef11 Vendor Homepage:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/09/09 12:0 a.m.295 views

SACCO-2022 SQL Injection

Title: SACCO-2022 SQLi Author: nu11secur1ty Date: 08.27.2022 Vendor: https://www.mayurik.com/ Software: https://www.sourcecodester.com/php/15372/open-source-sacco-management-system-free-download.html Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/mayurik/2022/SACCO...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/06/29 12:0 a.m.295 views

Laundry Management System 1.0 SQL Injection

Exploit Title: Laundry Management System 1.0 - Authenticated SQL Injection Date: 29-06-2022 Exploit Author: syad Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/php-cilaundry.zip Version: 1.0 Tested on: Windows 1...

0.7AI score
Exploits0
Packet Storm
Packet Storm
added 2022/05/11 12:0 a.m.295 views

Magento eCommerce CE 2.3.5-p2 SQL Injection

Exploit Title: Magento eCommerce CE v2.3.5-p2 - Blind SQLi Date: 2021-4-21 Exploit Author: Aydin Naserifard Vendor Homepage: https://www.adobe.com/ Software Link: https://github.com/magento/magento2/releases/tag/2.3.5-p2 Version: 2.3.5-p2 Tested on: 2.3.5-p2 POC: 1PUT...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2022/02/02 12:0 a.m.295 views

WordPress Learnpress 4.1.4.1 Arbitrary Image Renaming

Exploit Title: WordPress Plugin Learnpress 4.1.4.1 - Arbitrary Image Renaming Date: 08-01-2022 Exploit Author: Ceylan Bozogullarindan Author Webpage: https://bozogullarindan.com Vendor Homepage: https://thimpress.com/ Software Link: https://thimpress.com/learnpress-plugin/ Version: 4.1.4.1 Tested...

4.7AI score0.03205EPSS
Exploits5
Packet Storm
Packet Storm
added 2021/12/20 12:0 a.m.295 views

WordPress Popular Posts 5.3.2 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Wordpress Popular Posts Authenticated RCE', 'Description' = %q This exploit requires Metasploit to have a FQDN and the ability to run a payload w...

8.8CVSS0.1AI score0.79823EPSS
Exploits5
Packet Storm
Packet Storm
added 2021/12/14 12:0 a.m.295 views

Zucchetti Axess CLOKI Access Control 1.64 Cross Site Request Forgery

!-- Zucchetti Axess CLOKI Access Control 1.64 CSRF Disable Access Control Vendor: Zucchetti Axess S.p.A. Product web page: https://www.axesstmc.com Affected version: 1.64 1.63 1.54 Summary: CLOKI is the pre-installed application on our terminals that provides simple to use access control manageme...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/10/13 12:0 a.m.295 views

Student Quarterly Grading System 1.0 Cross Site Scripting

Exploit Title: Student Quarterly Grading System 1.0 - 'grade' Stored Cross-Site Scripting XSS Date: 11.10.2021 Exploit Author: Hüseyin Serkan Balkanli Vendor Homepage: https://www.sourcecodester.com/php/14953/student-quarterly-grading-system-using-php-and-sqlite-free-source-code.html Software Lin...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/10/07 12:0 a.m.295 views

VMware vCenter Server Analytics (CEIP) Service File Upload

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VMware vCenter Server Analytics CEIP Service File Upload', 'Description' = %q This module exploits a file upload in VMware vCenter Server's...

7.5CVSS0.3AI score0.99999EPSS
Exploits11
Packet Storm
Packet Storm
added 2021/08/04 12:0 a.m.295 views

Riak Insecure Default Configuration / Remote Command Execution

Riak KV Insecure Default Cookie RCE ===== Intro ===== Riak is a NoSQL key-value database that is built to maximize data availability and performance, especially useful for eg. big data environments. It's built to survive data and network failures with design principles similar to DynamoDB while...

0.9AI score
Exploits0
Packet Storm
Packet Storm
added 2021/06/11 12:0 a.m.295 views

Backdoor.Win32.Zombam.gen Cross Site Scripting

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/ff6516c881dee555b0cd253408b64404.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Zombam.gen Vulnerability: Cross Site Scripting XSS Description: Zombam malware listen...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/06/09 12:0 a.m.295 views

OpenCart 3.0.3.7 Cross Site Request Forgery

Exploit Title : OpenCart 3.0.3.7 - 'Change Password' Cross-Site Request Forgery CSRF Date : 2021/08/06 Exploit Author : Mert Daş [email protected] Software Link : http://www.opencart.com/index.php?route=download/download : https://github.com/opencart Software web : www.opencart.com Tested on...

0.5AI score
Exploits0
Packet Storm
Packet Storm
added 2021/05/07 12:0 a.m.295 views

Sandboxie Plus 0.7.4 Unquoted Service Path

Exploit Title: Sandboxie Plus 0.7.4 - 'SbieSvc' Unquoted Service Path Discovery by: Erick Galindo Discovery Date: 2020-05-06 Vendor Homepage: https://github.com/sandboxie-plus/Sandboxie/releases/download/0.7.4/Sandboxie-Plus-x64-v0.7.4.exe Tested Version: 0.7.4 Vulnerability Type: Unquoted Servic...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2021/04/23 12:0 a.m.295 views

DzzOffice 2.02.1 Cross Site Scripting

Exploit Title: XSS attack app/setting in DzzOffice-2.02.1 Author: @nu11secur1ty Testing and Debugging: @nu11secur1ty, g3ck0dr1v3r Date: 04.23.2021 Vendor: http://www.dzzoffice.com/ Link: https://github.com/zyx0814/dzzoffice CVE: CVE-2021-3318 + Exploit Source: !/usr/bin/python3 Author:...

4.3CVSS6.4AI score0.02848EPSS
Exploits4
Packet Storm
Packet Storm
added 2021/03/08 12:0 a.m.295 views

Print Job Accounting 4.4.10 Unquoted Service Path

Exploit Title: Print Job Accounting 4.4.10 - 'OkiJaSvc' Unquoted Service Path Discovery by: Brian Rodriguez Date: 07-03-2021 Vendor Homepage: https://www.oki.com Software Links:...

0.6AI score
Exploits0
Packet Storm
Packet Storm
added 2021/02/26 12:0 a.m.295 views

Trojan.Win32.Hotkeychick.am Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/5ea9840970e78188f73eb1763363eeac.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan.Win32.Hotkeychick.am Vulnerability: Insecure Permissions Description: The trojan creates an...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/01/29 12:0 a.m.295 views

Packed.Win32.Katusha.o Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/e184abe44bec183a522d2c66bc3f90e0.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Packed.Win32.Katusha.o Ransomeware Vulnerability: Insecure Permissions EoP Description: The malware...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/01/05 12:0 a.m.295 views

House Rental And Property Listing 1.0 Cross Site Scripting

Exploit Title: House Rental and Property Listing 1.0 - Multiple Stored XSS Tested on: Windows 10 Exploit Author: Mohamed habib Smidi Craniums Date: 2020-12-28 Google Dork: N/A Vendor Homepage: https://www.sourcecodester.com/php/14649/house-rental-and-property-listing-php-full-source-code.html...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/10/19 12:0 a.m.295 views

HiSilicon Video Encoder Malicious Firmware Code Execution

!/usr/bin/env bash Exploit Title: HiSilicon video encoders - RCE via unauthenticated upload of malicious firmware Date: 2020-09-20 Exploit Author: Alexei Kojenov Vendor Homepage: multiple vendors Software Link: N/A Version: vendor-specific Tested on: Linux CVE: CVE-2020-24217 Vendors: URayTech,...

0.3AI score0.40302EPSS
Exploits5
Packet Storm
Packet Storm
added 2019/10/18 12:0 a.m.295 views

Sangoma SBC 2.3.23-119-GA Unauthenticated User Creation

Introduction Description A remotely exploitable vulnerability exists in the 2.3.23-119-GA version of Sangoma SBC that would allow an unauthenticated user to create a privileged user on the system using the web application login interface. Vulnerability Type - Argument Injection or Modification...

0.2AI score0.02604EPSS
Exploits3
Packet Storm
Packet Storm
added 2019/07/12 12:0 a.m.295 views

Jenkins Dependency Graph View 0.13 Cross Site Scripting

Exploit Title: Persistent XSS - Dependency Graph View Pluginv0.13 Vendor Homepage: https://wiki.jenkins.io/display/JENKINS/Dependency+Graph+View+Plugin Exploit Author: Ishaq Mohammed Contact: https://twitter.com/securityprince Website: https://about.me/security-prince Category: webapps Platform:...

5.5AI score0.03885EPSS
Exploits5
Packet Storm
Packet Storm
added 2025/02/04 12:0 a.m.294 views

ABB Cylon FLXeon 9.3.4 users.js Authenticated Root Remote Code Execution

ABB Cylon FLXeon version 9.3.4 is vulnerable to authenticated remote root code execution via the /api/users/password endpoint. An attacker with valid credentials can inject arbitrary system commands by manipulating the newPassword PUT parameter. The issue arises in users.js, where the new passwor...

10CVSS9.9AI score0.04328EPSS
Exploits18
Packet Storm
Packet Storm
added 2025/02/03 12:0 a.m.294 views

ABB Cylon FLXeon 9.3.4 login.js Unauthenticated Root Remote Code Execution

ABB Cylon FLXeon version 9.3.4 suffers from an unauthenticated remote code execution vulnerability with root privileges. Input passed through the login.js script for the password JSON parameter allows out-of-band command injection. !/usr/bin/env python3 ABB Cylon FLXeon 9.3.4 login.js...

10CVSS10AI score0.04328EPSS
Exploits18
Packet Storm
Packet Storm
added 2024/09/04 12:0 a.m.294 views

Backdoor.Win32.Optix.02.b MVID-2024-0690 Hardcoded Credential

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/706ddc06ebbdde43e4e97de4d5af3b19.txt Contact: [email protected] Media: x.com/malvuln Threat: Backdoor.Win32.Optix.02.b Vulnerability: Weak Hardcoded Credentials Description: Optix listens o...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.294 views

Squid Proxy Range Header Denial of Service

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Squid Proxy Range Header DoS', 'Description' = %q The range handler in The Squid Caching Proxy Server 3.0-4.1.4 and 5.0.1-5.0.5 suffers from...

6.5CVSS7AI score0.95785EPSS
Exploits2
Packet Storm
Packet Storm
added 2024/05/03 12:0 a.m.294 views

SOPlanning 1.52.00 SQL Injection

Exploit Title: SOPlanning v1.52.00 'projets.php' SQLi Application: SOPlanning Version: 1.52.00 Date: 4/22/24 Exploit Author: Joseph McPeters Liquidsky Vendor Homepage: https://www.soplanning.org/en/ Software Link: https://sourceforge.net/projects/soplanning/ Tested on: Linux CVE: Not yet assigned...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/03/05 12:0 a.m.294 views

WordPress Neon Text 1.1 Cross Site Scripting

Exploit Title: Wordpress Plugin Neon Text = 1.1 - Stored Cross Site Scripting XSS Date: 2023-11-15 Exploit Author: Eren Car Vendor Homepage: https://www.eralion.com/ Software Link: https://downloads.wordpress.org/plugin/neon-text.zip Category: Web Application Version: 1.0 Tested on: Debian /...

6.4CVSS7.4AI score0.00524EPSS
Exploits4
Packet Storm
Packet Storm
added 2023/10/10 12:0 a.m.294 views

Microsoft Windows 11 apds.dll DLL Hijacking

--------------------------------------------------------- Title: Microsoft Windows 11 - 'apds.dll' DLL hijacking Forced Date: 2023-09-01 Author: Moein Shahabi Vendor: https://www.microsoft.com Version: Windows 11 Pro 10.0.22621 Tested on: Windows 11x64 eng...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/31 12:0 a.m.294 views

Invasor Diagonal CMS 1.0 Cross Site Scripting

==================================================================================================================================== | Title : Invasor Diagonal CMS 1.0 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit | |...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/22 12:0 a.m.294 views

Color Prediction Game 1.0 SQL Injection

Exploit Title: Color Prediction Game v1.0 - SQL Injection Date: 2023-08-12 Exploit Author: Ahmet Ümit BAYRAM Vendor: https://www.codester.com/items/44411/color-prediction-game-php-script Tested on: Kali Linux & MacOS CVE: N/A Request POST /loginNow.php HTTP/1.1 Host: localhost Cookie:...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/16 12:0 a.m.294 views

EMH CMS 0.1 Cross Site Scripting

==================================================================================================================================== | Title : EMH CMS v0.1 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.364-bit | | Vendor :...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/08 12:0 a.m.294 views

EMIS WEB School CMS 1 SQL Injection

==================================================================================================================================== | Title : EMIS WEB School CMS V 1 blind SQL injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/07/14 12:0 a.m.294 views

Bigware Shop 2.3 Cross Site Scripting

==================================================================================================================================== | Title : Bigware Shop v2.3 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.264-bit | | Vendor :...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/06/22 12:0 a.m.294 views

HiSecOS 04.0.01 Privilege Escalation

Exploit Title: HiSecOS 04.0.01 - Privilege Escalation Google Dork: HiSecOS Web Server Vulnerability Allows User Role Privilege Escalation Date: 21.06.2023 Exploit Author: dreizehnutters Vendor Homepage:...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/05/26 12:0 a.m.294 views

Ulicms 2023.1 Create Administrator

Exploit Title: Ulicms 2023.1 - create admin user via mass assignment Application: Ulicms Version: 2023.1-sniffing-vicuna Bugs: create admin user via mass assignment Technology: PHP Vendor URL: https://en.ulicms.de/ Software Link:...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/05/03 12:0 a.m.294 views

PHPJabbers Simple CMS 5.0 Cross Site Scripting

Exploit Title: PHPJabbers Simple CMS V5.0 - Stored Cross-Site Scripting XSS Date: 2023-04-29 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.phpjabbers.com/faq.php Software Link: https://www.phpjabbers.com/simple-cms/ Version: 5.0 Tested on: Kali Linux Steps to Reproduce - Please...

6.9AI score
Exploits0
Packet Storm
Packet Storm
added 2023/04/12 12:0 a.m.294 views

Sielco Radio Link 2.06 Improper Access Control

!-- This will set/modify user1 p...

6.8AI score
Exploits0
Packet Storm
Packet Storm
added 2023/04/10 12:0 a.m.294 views

pfsenseCE 2.6.0 Protection Bypass

!/usr/bin/python3 Exploit Title: pfsenseCE v2.6.0 - Anti-brute force protection bypass Google Dork: intitle:"pfSense - Login" Date: 2023-04-07 Exploit Author: FabDotNET Fabien MAISONNETTE Vendor Homepage: https://www.pfsense.org/ Software Link:...

9.8CVSS9.4AI score0.09844EPSS
Exploits5
Packet Storm
Packet Storm
added 2023/03/27 12:0 a.m.294 views

WebTareas 2.4 SQL Injection

Exploit Title: WebTareas 2.4 - SQL Injection Unauthorised Date: 15/10/2022 Exploit Author: Hubert Wojciechowski Contact Author: [email protected] Vendor Homepage: https://sourceforge.net/projects/webtareas/ Software Link: https://sourceforge.net/projects/webtareas/ Version: 2.4 Testeted on:...

9.8CVSS9.4AI score0.05452EPSS
Exploits5
Total number of security vulnerabilities5000