Lucene search
K
PacketstormMost viewed

50773 matches found

Packet Storm
Packet Storm
added 2024/08/01 12:0 a.m.291 views

Availability Calendar 5.0 Insecure Direct Object Reference

============================================================================================================================================= | Title : Availability Calendar v5.0 IDOR Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3 64 bits...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/07/31 12:0 a.m.291 views

AMPLE BILLS 1.0 Cross Site Scripting

============================================================================================================================================= | Title : AMPLE BILLS v1.0 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits | | Vendor...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/04/02 12:0 a.m.291 views

OpenCart Core 4.0.2.3 SQL Injection

Exploit Title: OpenCart Core 4.0.2.3 - 'search' SQLi Date: 2024-04-2 Exploit Author: Saud Alenazi Vendor Homepage: https://www.opencart.com/ Software Link: https://github.com/opencart/opencart/releases Version: 4.0.2.3 Tested on: XAMPP, Linux Contact: https://twitter.com/dmaral3noz Description :...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/03/19 12:0 a.m.291 views

Gibbon LMS 26.0.00 PHP Deserialization / Code Execution

Exploit Title: Gibbon LMS has a PHP Deserialization vulnerability on the v26.0.00 version Date: 22.01.2024 Exploit Author: SecondX.io Research TeamAli Maharramli,Fikrat Guliev,Islam Rzayev Vendor Homepage: https://gibbonedu.org/ Software Link: https://github.com/GibbonEdu/core Version: v26.0.00...

7.4AI score0.5132EPSS
Exploits7
Packet Storm
Packet Storm
added 2023/07/25 12:0 a.m.291 views

Joomla VirtueMart Shopping-Cart 4.0.12 Cross Site Scripting

Exploit Title: Joomla VirtueMart Shopping-Cart 4.0.12 - Reflected XSS Exploit Author: CraCkEr Date: 24/07/2023 Vendor: VirtueMart Team Vendor Homepage: https://www.virtuemart.net/ Software Link: https://demo.virtuemart.net/ Joomla Extension Link:...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/07/25 12:0 a.m.291 views

WordPress Login Configurator 2.1 Cross Site Scripting

Tittle: WordPress Plugin Login Configurator = 2.1 - Reflected Cross-Site Scripting References: CVE-2023-1893 Author: Taurus Omar Description: The plugin does not properly escape a URL parameter before outputting it to the page, leading to a reflected cross-site scripting vulnerability targeting...

7.1AI score0.00673EPSS
Exploits3
Packet Storm
Packet Storm
added 2023/07/21 12:0 a.m.291 views

RaidenFTPD 2.4.4005 Buffer Overflow

Exploit Title: RaidenFTPD 2.4.4005 - Buffer Overflow SEH Date: 18/07/2023 Exploit Author: Andre Nogueira Vendor Homepage: https://www.raidenftpd.com/en/ Software Link: http://www.raidenmaild.com/download/raidenftpd2.exe Version: RaidenFTPD 2.4.4005 Tested on: Microsoft Windows 10 Build 19045 1.-...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/06/20 12:0 a.m.291 views

NetArt Media Blog LITE 2.1 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/05/30 12:0 a.m.291 views

Wekan 6.74 Cross Site Scripting

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Stored XSS vulnerability in rename functionality product: Wekan Open-Source kanban vulnerable version: =6.74 fixed version: 6.75 or higher CVE number: CVE-2023-28485...

7.1AI score0.00965EPSS
Exploits2
Packet Storm
Packet Storm
added 2023/05/15 12:0 a.m.291 views

Screen SFT DAB 600/C Authentication Bypass / Account Creation

!/usr/bin/env python3 Screen SFT DAB 600/C Authentication Bypass Account Creation Exploit Vendor: DB Elettronica Telecomunicazioni SpA Product web page: https://www.screen.it | https://www.dbbroadcast.com https://www.dbbroadcast.com/products/radio/sft-dab-series-compact-air/ Affected version:...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/04/12 12:0 a.m.291 views

Sielco Analog FM Transmitter 2.12 Cookie Brute Force

Sielco Analog FM Transmitter 2.12 'id' Cookie Brute Force Session Hijacking Vendor: Sielco S.r.l Product web page: https://www.sielco.org Affected version: 2.12 EXC5000GX 2.12 EXC120GX 2.11 EXC300GX 2.10 EXC1600GX 2.10 EXC2000GX 2.08 EXC1600GX 2.08 EXC1000GX 2.07 EXC3000GX 2.06 EXC5000GX 1.7.7...

6.8AI score
Exploits0
Packet Storm
Packet Storm
added 2022/12/14 12:0 a.m.291 views

SAP@ Host Agent Privilege Escalation

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Privilege Escalation Vulnerabilities UNIX Insecure File Handling product: SAP® Host Agent saposcol vulnerable version: see section "Vulnerable / tested versions" fixed...

4.9CVSS0.4AI score0.01225EPSS
Exploits3
Packet Storm
Packet Storm
added 2022/10/17 12:0 a.m.291 views

Backdoor.Win32.DarkSky.23 MVID-2022-0648 Buffer Overflow

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/1164ef21ef2af97e0339359c0dce5e7d.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.DarkSky.23 Vulnerability: Remote Stack Buffer Overflow SEH Description: The...

0.7AI score
Exploits0
Packet Storm
Packet Storm
added 2022/05/11 12:0 a.m.291 views

SAP BusinessObjects Intelligence 4.3 XML Injection

Exploit Title: SAP BusinessObjects Intelligence 4.3 - XML External Entity XXE Google Dork: N/A Date: 4/21/2022 Exploit Author: West Shepherd Vendor Homepage: https://www.sap.com/ Software Link: https://www.sap.com/ Version: 4.2 and 4.3 Tested on: Windows Server 2019 x64 CVE : CVE-2022-28213...

8.1CVSS0.3AI score0.12476EPSS
Exploits4
Packet Storm
Packet Storm
added 2022/05/11 12:0 a.m.291 views

Ruijie Reyee Mesh Router Remote Code Execution

Exploit Title: Ruijie Reyee Mesh Router - Remote Code Execution RCE Authenticated Google Dork: None Date: November 1, 2021 Exploit Author: Minh Khoa of VSEC Vendor Homepage: https://ruijienetworks.com Software Link: https://www.ruijienetworks.com/resources/products/1896-1900 Version: ReyeeOS...

0.3AI score0.34947EPSS
Exploits4
Packet Storm
Packet Storm
added 2022/04/07 12:0 a.m.291 views

minewebcms 1.15.2 Cross Site Scripting

Exploit Title: minewebcms 1.15.2 - Cross-site Scripting XSS Google Dork: NA Date: 02/20/2022 Exploit Author: Chetanya Sharma @AggressiveUser Vendor Homepage: https://mineweb.org/ Software Link: https://github.com/mineweb/minewebcms Version: 1.15.2 Tested on: KALI OS CVE : CVE-2022-1163...

6.8CVSS5.4AI score0.03506EPSS
Exploits4
Packet Storm
Packet Storm
added 2022/03/10 12:0 a.m.291 views

McAfee Safe Connect VPN Unquoted Service Path

Exploit Title: McAfee® Safe Connect VPN - Unquoted Service Path Elevation Of Privilege Date: 09/03/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.mcafee.com/ Software Link: https://www.mcafee.com/en-us/vpn/mcafee-safe-connect.html Version: 2.13 Tested: Windows 10 x64 Contact:...

0.6AI score
Exploits0
Packet Storm
Packet Storm
added 2022/03/10 12:0 a.m.291 views

Siemens S7-1200 4.5 Unauthenticated Access

Exploit Title: Unauthenticated Siemens S7-1200 CPU Start/Stop Command Date: 09/03/2022 Exploit Author: RoseSecurity Vendor Homepage: https://www.siemens.com/global/en.html Version: V4.5 and below Tested on: Siemens S7-1200 CPU: 1215C IP == PLC IP address Start Command curl -i -s -k -X $'POST' \ -...

1.2AI score
Exploits0
Packet Storm
Packet Storm
added 2022/03/02 12:0 a.m.291 views

Xerte 3.9 Remote Code Execution

Exploit Title: Xerte 3.9 - Remote Code Execution RCE Authenticated Date: 05/03/2021 Exploit Author: Rik Lutz Vendor Homepage: https://xerte.org.uk Software Link: https://github.com/thexerteproject/xerteonlinetoolkits/archive/refs/heads/3.8.5-33.zip Version: up until version 3.9 Tested on: Windows...

8.8AI score0.12782EPSS
Exploits4
Packet Storm
Packet Storm
added 2022/02/11 12:0 a.m.291 views

Accounting Journal Management System 1.0 SQL Injection

Exploit Title: Accounting Journal Management System 1.0 - 'id' SQLi Authenticated Exploit Author: Alperen Ergel Contact: @alpernae IG/TW Software Homepage: https://www.sourcecodester.com/php/15155/accounting-journal-management-system-trial-balance-php-free-source-code.html Version : 1.0 Tested on...

0.5AI score
Exploits0
Packet Storm
Packet Storm
added 2022/02/10 12:0 a.m.291 views

Hospital Management Startup 1.0 SQL Injection

Title: Hospital Management Startup v1.0 remote SQL-Injections Author: nu11secur1ty Date: 02.10.2022 Vendor: https://github.com/kabirkhyrul Software: https://github.com/kabirkhyrul/HMS CVE-2022-23366 Description: The loginid and password parameters from Hospital Management Startup 1.0 appear to be...

9.8CVSS0.2AI score0.06708EPSS
Exploits4
Packet Storm
Packet Storm
added 2022/01/20 12:0 a.m.291 views

CollectorStealerBuilder Panel 2.0.0 Man-In-The-Middle

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/54530f88c8e4f4371c9418f00c256b1dB.txt Contact: [email protected] Media: twitter.com/malvuln Threat: CollectorStealerBuilder v2.0.0 Panel Vulnerability: Man-in-the-Middle MITM Description: MITM vector...

Exploits0
Packet Storm
Packet Storm
added 2022/01/18 12:0 a.m.291 views

Archeevo 5.0 Local File Inclusion

Exploit Title: Archeevo 5.0 - Local File Inclusion Google Dork: intitle:"archeevo" Date: 01/15/2021 Exploit Author: Miguel Santareno Vendor Homepage: https://www.keep.pt/ Software Link: https://www.keep.pt/produtos/archeevo-software-de-gestao-de-arquivos/ Version: 5.0 Tested on: windows 1...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/12/14 12:0 a.m.291 views

meterN 1.2.3 Remote Command Execution

!-- meterN v1.2.3 Authenticated Remote Command Execution Vulnerability Vendor: Jean-Marc Louviaux Product web page: https://www.metern.org Affected version: 1.2.3 and 0.8.3.2 Summary: meterN is a set of PHP/JS files that make a -Home energy metering & monitoring- solution. It accept any meters li...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/10/07 12:0 a.m.291 views

Online DJ Booking Management System 1.0 Cross Site Scripting

Exploit Title: Online DJ Booking Management System 1.0 - 'Multiple' Blind Cross-Site Scripting Date: 2021-10-06 Exploit Author: Yash Mahajan Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/online-dj-booking-management-system-using-php-and-mysql/ Version: V 1.0...

Exploits0
Packet Storm
Packet Storm
added 2021/08/10 12:0 a.m.291 views

WordPress Picture Gallery 1.4.2 Cross Site Scripting

Exploit Title: WordPress Plugin Picture Gallery 1.4.2 - 'Edit Content URL' Stored Cross-Site Scripting XSS Date: 2021-08-06 Exploit Author: Aryan Chehreghani Software Link: https://wordpress.org/plugins/picture-gallery/ Version: 1.4.2 Tested on: Windows 10 How to Reproduce this Vulnerability: 1...

Exploits0
Packet Storm
Packet Storm
added 2021/07/06 12:0 a.m.291 views

perfexcrm 1.10 Cross Site Scripting

Exploit Title: perfexcrm 1.10 - 'State' Stored Cross-site scripting XSS Date: 05/07/2021 Exploit Author: Alhasan Abbas exploit.msf Vendor Homepage: https://www.perfexcrm.com/ Version: 1.10 Tested on: windows 10 Vunlerable page: /clients/profile POC: ---- POST /clients/profile HTTP/1.1 Host:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/07/05 12:0 a.m.291 views

Online Voting System 1.0 SQL Injection / Remote Code Execution

Exploit Title: Online Voting System 1.0 - SQLi Authentication Bypass + Remote Code Execution RCE Exploit Author: Geiseric Original Exploit Author: deathflash1411 - https://www.exploit-db.com/exploits/50076 - https://www.exploit-db.com/exploits/50075 Date 02.07.2021 Vendor Homepage:...

0.5AI score
Exploits0
Packet Storm
Packet Storm
added 2021/03/19 12:0 a.m.292 views

Profiling System For Human Resource Management 1.0 Remote Code Execution

Exploit Title: Profiling System for Human Resource Management 1.0 - Remote Code Execution Unauthenticated Date: 19-03-2021 Exploit Author: Christian Vierschilling Vendor Homepage: https://www.sourcecodester.com Software Link:...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2020/11/06 12:0 a.m.291 views

Asterisk 17.6.0 / 17.5.1 Denial Of Service

Asterisk crash due to INVITE flood over TCP - Fixed versions: 13.37.1, 16.14.1, 17.8.1, 18.0.1 - Enable Security Advisory: https://github.com/EnableSecurity/advisories/tree/master/ES2020-02-asterisk-tcp-invite-crash - Asterisk Security Advisory:...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2020/07/27 12:0 a.m.291 views

Bio Star 2.8.2 Local File Inclusion

Exploit Title: Bio Star 2.8.2 - Local File Inclusion Authors: SITE Team Rian Saaty, Bashaer AlHarthy, Safeyah Alhazmi Google Dork: N/A Date of Exploit Release: 2020-07-13 Exploit Author: SITE Team Vendor Homepage: https://www.supremainc.com/en/main.asp Software Link:...

5CVSS7.8AI score0.50734EPSS
Exploits4
Packet Storm
Packet Storm
added 2020/05/04 12:0 a.m.291 views

BoltWire 6.03 Local File Inclusion

Exploit Title: BoltWire 6.03 - Local File Inclusion Date: 2020-05-02 Exploit Author: Andrey Stoykov Vendor Homepage: https://www.boltwire.com/ Software Link: https://www.boltwire.com/downloads/go&v=6&r=03 Version: 6.03 Tested on: Ubuntu 20.04 LAMP LFI: Steps to Reproduce: 1 Using HTTP GET request...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/04/06 12:0 a.m.291 views

SMBv3 Compression Buffer Overflow

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SMBv3 Compression Buffer Overflow', 'Description' = %q A vulnerability exists within the Microsoft Server Message Block 3.1.1 SMBv3 protocol that...

7.5CVSS1.1AI score0.9981EPSS
Exploits125
Packet Storm
Packet Storm
added 2019/11/12 12:0 a.m.291 views

Pulse Secure VPN Arbitrary Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Pulse Secure VPN Arbitrary Command Execution', 'Description' = %q This module exploits a post-auth command injection in the Pulse Secure VPN serv...

6.5CVSS0.3AI score0.98617EPSS
Exploits12
Packet Storm
Packet Storm
added 2019/09/06 12:0 a.m.291 views

Microsoft Windows 10 UAC Protection Bypass Via Windows Store

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows 10 UAC Protection Bypass Via Windows Store WSReset.exe', 'Description' = %q This module exploits a flaw in the WSReset.exe Windows Store...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2019/09/03 12:0 a.m.291 views

Cisco M1070 Content Security Management Appliance IronPort Header Injection

!/usr/bin/perl -w Cisco M1070 Content Security Management Appliance IronPort Remote Header 'Host' Injection Copyright 2019 c Todor Donev Disclaimer: This or previous programs are for Educational purpose ONLY. Do not use it without permission. The usual disclaimer applies, especially the fact that...

0.4AI score
Exploits0
Packet Storm
Packet Storm
added 2019/08/25 12:0 a.m.291 views

LSoft ListServ Cross Site Scripting

Exploit Title: LSoft ListServ 2. http://127.0.0.1/scripts/wa.exe?OK= References: 1. http://www.lsoft.com/manuals/16.5/LISTSERV16.5-2018aWhatsNew.pdf 2. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15501...

6.3AI score0.08182EPSS
Exploits5
Packet Storm
Packet Storm
added 2024/12/02 12:0 a.m.290 views

Nvidia GeForce 11.0.1.163 Unquoted Service Path

Exploit Title: Nvidia GeForce v11.0.1.163 - Unquoted Service Path Date: 2024-11-25 Exploit Author: Milad Karimi Ex3ptionaL Contact: [email protected] t.me/Ci3c0 Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL MiRROR-H: https://mirror-h.org/search/hacker/49626/ Vendor Homepage:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/09/26 12:0 a.m.290 views

Responsive Binary mlm 3.2.0 SQL Injection

==================================================================================================================================== | Title : Responsive Binary mlm 3.2.0 Auth By PAss Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.0 64 bits...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/09/18 12:0 a.m.290 views

Online Bus Ticket Booking Website 1.0 SQL Injection

============================================================================================================================================= | Title : online bus ticket booking Website v1.0 Auth By PAss Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/09/13 12:0 a.m.290 views

Webpay E-Commerce 1.0 Cross Site Scripting

============================================================================================================================================= | Title : Webpay E-Commerce v1.0 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits | |...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/09/10 12:0 a.m.290 views

Online Marriage Registration System 1.0 Shell Upload

============================================================================================================================================= | Title : Online Marriage Registration System 1.0 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser :...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.290 views

SuiteCRM Authenticated SQL Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SuiteCRM authenticated SQL injection in export functionality', 'Description' = %q This module exploits an authenticated SQL injection in SuiteCRM...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.290 views

Jenkins cli Ampersand Replacement Arbitrary File Read

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Jenkins cli Ampersand Replacement Arbitrary File Read', 'Description' = %q This module utilizes the Jenkins cli protocol to run the help command...

9.8CVSS7.2AI score0.99999EPSS
Exploits46
Packet Storm
Packet Storm
added 2024/08/07 12:0 a.m.290 views

AccPack Cop 1.0 Insecure Direct Object Reference

============================================================================================================================================= | Title : AccPack Cop v1.0 IDOR Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits | | Vendo...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/06/17 12:0 a.m.290 views

SPA-CART CMS 1.9.0.6 Username Enumeration / Business Logic Flaw

Exploit Title: Business Logic Flaw and Username Enumeration in spa-cartcmsv1.9.0.6 Date: 6/2024 Exploit Author: Andrey Stoykov Version: 1.9.0.6 Tested on: Ubuntu 22.04 Blog: https://msecureltd.blogspot.com/2024/04/friday-fun-pentest-series-5-spa.html Description - It was found that the applicatio...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/03/28 12:0 a.m.290 views

Event Management 1.0 SQL Injection

Exploit Title: Event Management - SQL Injection Application: Event Management Date: 19.02.2024 Bugs: SQL Injection Exploit Author: SoSPiro Vendor Homepage: https://github.com/PuneethReddyHC Software Link: https://github.com/PuneethReddyHC/event-management Version:1.0 Attack Type: Remote Tested on...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/02/09 12:0 a.m.290 views

WordPress Augmented-Reality Remote Code Execution

Exploit Title: Wordpress Augmented-Reality - Remote Code Execution Unauthenticated Date: 2023-09-20 Author: Milad Karimi Ex3ptionaL Category : webapps Tested on: windows 10 , firefox import requests as req import json import sys import random import uuid import urllib.parse import urllib3 from...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/02/02 12:0 a.m.290 views

Grocy 4.0.2 Cross Site Request Forgery

Exploit Title: Grocy history.pushState'','', '/'; document.forms0.submit; If a user is logged into the Grocy Webapp at time of execution, a new user will be created in the app with the following credentials Username: hacker Password: test Note: In order for this to work, the target must hav...

8.8CVSS7.4AI score0.00375EPSS
Exploits4
Packet Storm
Packet Storm
added 2024/01/11 12:0 a.m.290 views

PHPJabbers Car Park Booking System 3.0 Missing Rate Limiting

Exploit Title: PHPJabbers Car Park Booking System v3.0 - Missing Rate Limiting Date: 19/12/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/car-park-booking/sectionDemo Version: v3.0 Tested on:...

7.4AI score0.00461EPSS
Exploits3
Total number of security vulnerabilities5000