Lucene search
K
PacketstormRecent

50738 matches found

Packet Storm
Packet Storm
added 2023/06/02 12:0 a.m.747 views

KesionCMS ASP 9.5 Add Administrator

==================================================================================================================================== | Title : KesionCMS ASP v9.5 Reinstall Add Admin Exploit | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 105.0.32-bit |...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/06/02 12:0 a.m.358 views

Biig Order CMS 2 SQL Injection

================================================================================ | Title : E-commerce Biig Order CMS V2 Auth by Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : firefox 113.0.164 bits | | Vendor : https://www.vaskar.in/ | | Dork :...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/06/01 12:0 a.m.565 views

Acelle Email Marketing 3.0.15 Arbitrary File Upload

==================================================================================================================================== | Title : Acelle Email Marketing v3.0.15 unrestricted file uploads Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozill...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/06/01 12:0 a.m.311 views

Flexense HTTP Server 10.6.24 Buffer Overflow / Denial Of Service

Exploit Title: Flexense HTTP Server 10.6.24 - Buffer Overflow DoS Metasploit Date: 2018-03-09 Exploit Author: Ege Balci Vendor Homepage: https://www.flexense.com/downloads.html Version: 'Flexense HTTP Server Denial Of Service', 'Description' = %q This module triggers a Denial of Service...

7.5CVSS7.1AI score0.76544EPSS
Exploits6
Packet Storm
Packet Storm
added 2023/06/01 12:0 a.m.371 views

Online Security Guards Hiring System 1.0 Cross Site Scripting

Exploit Title: Online Security Guards Hiring System 1.0 – REFLECTED XSS Google Dork : NA Date: 23-01-2023 Exploit Author : AFFAN AHMED Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/projects/Online-Security-Guard-Hiring-SystemPHP.zip Version: 1.0 Tested on: Windows ...

6.1CVSS7.1AI score0.06169EPSS
Exploits4
Packet Storm
Packet Storm
added 2023/06/01 12:0 a.m.342 views

Rukovoditel 3.3.1 CSV Injection

Exploit Title: Rukovoditel 3.3.1 - CSV injection Version: 3.3.1 Bugs: CSV Injection Technology: PHP Vendor URL: https://www.rukovoditel.net/ Software Link: https://www.rukovoditel.net/download.php Date of found: 27-05-2023 Author: Mirabbas Ağalarov Tested on: Linux 2. Technical Details & POC...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/06/01 12:0 a.m.404 views

Bumsys Business Management System 1.0.3-beta Shell Upload

Exploit Title: - unilogies/bumsys v1.0.3-beta - Unrestricted File Upload Google Dork : NA Date: 19-01-2023 Exploit Author: AFFAN AHMED Vendor Homepage: https://github.com/unilogies/bumsys Software Link: https://github.com/unilogies/bumsys/archive/refs/tags/v1.0.3-beta.zip Version: 1.0.3-beta Test...

8.8CVSS7.1AI score0.05748EPSS
Exploits5
Packet Storm
Packet Storm
added 2023/06/01 12:0 a.m.371 views

Menorah Restaurant 1.0.0 Insecure Settings

==================================================================================================================================== | Title : Menorah Restaurant - Restaurant Food Ordering System Reinstall script Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro /...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/06/01 12:0 a.m.456 views

Faculty Evaluation System 1.0 Shell Upload

Exploit Title: Faculty Evaluation System 1.0 - Unauthenticated File Upload Date: 5/29/2023 Author: Alex Gan Vendor Homepage: https://www.sourcecodester.com/php/14635/faculty-evaluation-system-using-phpmysqli-source-code.html Software Link:...

7.2CVSS7.1AI score0.14507EPSS
Exploits4
Packet Storm
Packet Storm
added 2023/06/01 12:0 a.m.390 views

STARFACE 7.3.0.10 Broken Authentication

Advisory: STARFACE: Authentication with Password Hash Possible RedTeam Pentesting discovered that the web interface of STARFACE as well as its REST API allows authentication using the SHA512 hash of the password instead of the cleartext password. While storing password hashes instead of cleartext...

7.1AI score0.04421EPSS
Exploits4
Packet Storm
Packet Storm
added 2023/05/31 12:0 a.m.296 views

Microsoft GamingServicesNet 12.77.3001.0 Unquoted Service Path

Exploit Title: Microsoft GamingServicesNet 12.77.3001.0 - 'GamingServicesNet' Unquoted Service Path Exploit Author: tmrswrr Exploit Date: 2023-05.17 Vendor : https://www.microsoft.com/store/productId/9MWPM2CQNLHN Version : 12.77.3001.0 Tested on OS: Windows 10 Enterprise Step to discover Unquoted...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/05/31 12:0 a.m.336 views

WordPress ReviewX 1.6.13 Privilege Escalation

Description: ReviewX = 1.6.13 – Arbitrary Usermeta Update to Authenticated Subscriber+ Privilege Escalation Affected Plugin: ReviewX – Multi-criteria Rating & Reviews for WooCommerce Plugin Slug: reviewx Affected Versions: = 1.6.13 CVE ID: CVE-2023-2833 CVSS Score: 8.8 High CVSS Vector:...

7.1AI score0.1748EPSS
Exploits4
Packet Storm
Packet Storm
added 2023/05/31 12:0 a.m.264 views

Vaskar Courier 3.2.0 Insecure Settings

================================================================================ | Title : Vaskar Courier Version 3.2.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : firefox 113.0.164 bits | | Vendor : https://www.vaskar.in/ | | Dork : "Design...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/05/31 12:0 a.m.899 views

Qualcomm Adreno/KGSL Data Leakage

Qualcomm Adreno/KGSL: pages can be freed to page pool while having GPU references on !CONFIGQCOMKGSLUSESHMEM Tested on a Pixel 4 again with a slightly outdated version of KGSL. I ordered a Pixel 5a but don't have it yet... On KGSL builds where CONFIGQCOMKGSLUSESHMEM is not set or on older KGSL...

8.4CVSS7.1AI score0.0018EPSS
Exploits2
Packet Storm
Packet Storm
added 2023/05/31 12:0 a.m.523 views

Qualcomm Adreno/KGSL Unchecked Cast / Type Confusion

Qualcomm Adreno/KGSL: unchecked cast of vma-vmfile-privatedata in kgslsetupdmabufuseraddr Tested on a Pixel 4 flame, on the latest update from 2023-02, which self-reports as SPL 2022-10-05, since I don't yet have any newer device with KGSL here - but as far as I can tell from the sources, it shou...

8.4CVSS7.1AI score0.0018EPSS
Exploits2
Packet Storm
Packet Storm
added 2023/05/31 12:0 a.m.310 views

Lost And Found Information System 1.0 Broken Access Control / Privilege Escalation

Vulnerability: Broken Access Control Author: Akash Pandey CVE: CVE-2023-3018 Source: https://www.sourcecodester.com/php/16525/lost-and-found-information-system-using-php-and-mysql-db-source-code-free-download.html Steps to re-produce: 1. Go to https://site.com/admin/?page=user/list as staff user...

7.1AI score0.00735EPSS
Exploits3
Packet Storm
Packet Storm
added 2023/05/31 12:0 a.m.309 views

Apple Zeed ALL YOUR STYLE CMS 2.0 SQL Injection

======================================================================================== | Title : Apple Zeed ALL YOUR STYLE CMS 2.0 SQL injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 109.064-bit | | Vendor :...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/05/30 12:0 a.m.331 views

Pydio Cells 4.1.2 Cross Site Scripting

Advisory: Pydio Cells: Cross-Site Scripting via File Download Pydio Cells implements the download of files using presigned URLs which are generated using the Amazon AWS SDK for JavaScript 1. The secrets used to sign these URLs are hardcoded and exposed through the JavaScript files of the web...

7.1AI score0.02937EPSS
Exploits4
Packet Storm
Packet Storm
added 2023/05/30 12:0 a.m.295 views

Pydio Cells 4.1.2 Server-Side Request Forgery

For longer running processes, Pydio Cells allows for the creation of jobs, which are run in the background. The job "remote-download" can be used to cause the backend to send a HTTP GET request to a specified URL and save the response to a new file. The response file is then available in a...

7.1AI score0.03846EPSS
Exploits4
Packet Storm
Packet Storm
added 2023/05/30 12:0 a.m.565 views

Serenity / StartSharp Software File Upload / XSS / User Enumeration / Reusable Tokens

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Vulnerabilities product: Serenity and StartSharp Software vulnerable version: 6.7.1 fixed version: 6.7.1 or higher CVE number: CVE-2023-31285, CVE-2023-31286,...

7.8CVSS7.1AI score0.01011EPSS
Exploits1
Packet Storm
Packet Storm
added 2023/05/30 12:0 a.m.319 views

Papaya Medical Viewer 1.0 Cross Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Title ===== SCHUTZWERK-SA-2022-001: Cross-Site-Scripting in Papaya Medical Viewer Status ====== PUBLISHED Version ======= 1.0 CVE reference ============= CVE-2023-33255 Link ==== https://www.schutzwerk.com/advisories/SCHUTZWERK-SA-2022-001/ Text-onl...

7.1AI score0.00922EPSS
Exploits2
Packet Storm
Packet Storm
added 2023/05/30 12:0 a.m.384 views

PrinterLogic Build 1.0.757 XSS / SQL Injection / Authentication Bypass

PrinterLogic SaaS, multiple vulnerabilities =========================================================== PrinterLogic's Enterprise Print Management software allows IT professionals to simplify printer driver management and empower end users. -- https://www.printerlogic.com/ Background...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/05/30 12:0 a.m.315 views

Argon Dashboard 2 SQL Injection

==================================================================================================================================== | Title : Argon Dashboard 2 Auth By Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 109.064-bit | |...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/05/30 12:0 a.m.216 views

Thai Auto Web 1.2 Missing Authentication

==================================================================================================================================== | Title : Thai Auto Web 1.2 Unauthorized administrative access Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/05/30 12:0 a.m.291 views

Wekan 6.74 Cross Site Scripting

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Stored XSS vulnerability in rename functionality product: Wekan Open-Source kanban vulnerable version: =6.74 fixed version: 6.75 or higher CVE number: CVE-2023-28485...

7.1AI score0.00965EPSS
Exploits2
Packet Storm
Packet Storm
added 2023/05/30 12:0 a.m.322 views

Pydio Cells 4.1.2 Privilege Escalation

Advisory: Pydio Cells: Unauthorised Role Assignments Pydio Cells allows users by default to create so-called external users in order to share files with them. By modifying the HTTP request sent when creating such an external user, it is possible to assign the new user arbitrary roles. By assignin...

7.1AI score0.14197EPSS
Exploits6
Packet Storm
Packet Storm
added 2023/05/30 12:0 a.m.246 views

Code-Bakers 1.0 Missing Authentication

==================================================================================================================================== | Title : Code-Bakers v1.0 Unauthorized administrative access Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/05/29 12:0 a.m.283 views

Jobs Portal 3.6 Insecure Settings

==================================================================================================================================== | Title : Jobs Portal V 3.6 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 103.064-bit...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/05/29 12:0 a.m.324 views

Camaleon CMS 2.7.0 Server-Side Template Injection

Exploit Title: Camaleon CMS v2.7.0 - Server-Side Template Injection SSTI Exploit Author: PARAG BAGUL CVE: CVE-2023-30145 Description Camaleon CMS v2.7.0 was discovered to contain a Server-Side Template Injection SSTI vulnerability via the formats parameter. Affected Component All versions below...

7.1AI score0.46136EPSS
Exploits6
Packet Storm
Packet Storm
added 2023/05/29 12:0 a.m.276 views

New MVC Shop 1.0 SQL Injection / Missing Attributes

Title: new-mvc-shop-1.0 - SQLi + SameSite attribute weak security PHPSESSID Hijacking Author: nu11secur1ty Date: 05.29.2023 Vendor: https://chikoiquan.tanhongit.com/ Software: https://github.com/tanhongit/new-mvc-shop/releases/tag/v1.0 Reference: https://portswigger.net/web-security/sql-injection...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/05/29 12:0 a.m.293 views

Simple Customer Relationship Management CRM 2023 1.0 SQL Injection

Title: SCRMS-2023-05-27-1.0-Multiple-SQLi Author: nu11secur1ty Date: 05.27.2023 Vendor: https://github.com/oretnom23 Software: https://www.sourcecodester.com/php/15895/simple-customer-relationship-management-crm-system-using-php-free-source-coude.html Reference:...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/05/29 12:0 a.m.311 views

e-Biz Technocrats Pvt.Ltd SQL Injection

Exploit Title: Sql Injection on one site credentials can be use on other sites - Google Dork:" Designed and Developed by e-Biz Technocrats Pvt.Ltd " - Date: 05/11/2023 - Exploit Author: K1LL3rB4LL - Tested on: Mac, Windows, Linux Description: The vulnerability found is an SQL injection. You may r...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/05/26 12:0 a.m.320 views

WBCE CMS 1.6.1 Cross Site Scripting

Exploit Title: WBCE CMS 1.6.1 - Multiple Stored Cross-Site Scripting XSS Version: 1.6.1 Bugs: XSS Technology: PHP Vendor URL: https://wbce-cms.org/ Software Link: https://github.com/WBCE/WBCECMS/releases/tag/1.6.1 Date of found: 03-05-2023 Author: Mirabbas Ağalarov Tested on: Linux 2. Technical...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/05/26 12:0 a.m.1543 views

Laravel 10.11 Database Disclosure / Information Disclosure

==================================================================================================================================== | Title : Laravel 10.11 Information Disclosure MySQL Credential Disclosure Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser ...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/05/26 12:0 a.m.369 views

Seagate Central Storage 2015.0916 User Creation / Command Execution

Exploit Title: Seagate Central Storage 2015.0916 - Unauthenticated Remote Command Execution Metasploit Date: Dec 9 2019 Exploit Author: Ege Balci Vendor Homepage: https://www.seagate.com/de/de/support/external-hard-drives/network-storage/seagate-central/ Version: 2015.0916 CVE : 2020-6627 This...

9.8CVSS7.1AI score0.12453EPSS
Exploits4
Packet Storm
Packet Storm
added 2023/05/26 12:0 a.m.347 views

Zenphoto 1.6 Cross Site Scripting

Exploit Title: Zenphoto 1.6 - Multiple stored XSS Application: Zenphoto-1.6 xss poc Version: 1.6 Bugs: XSS Technology: PHP Vendor URL: https://www.zenphoto.org/news/zenphoto-1.6/ Software Link: https://github.com/zenphoto/zenphoto/archive/v1.6.zip Date of found: 01-05-2023 Author: Mirabbas Ağalar...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/05/26 12:0 a.m.328 views

SCM Manager 1.60 Cross Site Scripting

!/usr/bin/python3 Exploit Title: SCM Manager 1.60 - Cross-Site Scripting Stored Authenticated Google Dork: intitle:"SCM Manager" intext:1.60 Date: 05-25-2023 Exploit Author: neg0x https://github.com/n3gox/CVE-2023-33829 Vendor Homepage: https://scm-manager.org/ Software Link:...

7.1AI score0.07258EPSS
Exploits7
Packet Storm
Packet Storm
added 2023/05/26 12:0 a.m.295 views

Ulicms 2023.1 Create Administrator

Exploit Title: Ulicms 2023.1 - create admin user via mass assignment Application: Ulicms Version: 2023.1-sniffing-vicuna Bugs: create admin user via mass assignment Technology: PHP Vendor URL: https://en.ulicms.de/ Software Link:...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/05/25 12:0 a.m.2323 views

Service Provider Management System 1.0 SQL Injection

Exploit Title: Service Provider Management System v1.0 - SQL Injection Date: 2023-05-23 Exploit Author: Ashik Kunjumon Vendor Homepage: https://www.sourcecodester.com/users/lewa Software Link:...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/05/25 12:0 a.m.407 views

2023 Online Course Registration 1.0 SQL Injection

Title: 2023-Online-Course-Registration-1.0-Bypass-login-SQLi-RCE-password-changing Author: nu11secur1ty Date: 05.25.2023 Vendor: https://github.com/nikhilkeshava Software: https://github.com/nikhilkeshava/online-course-registration- Reference: https://portswigger.net/web-security/sql-injection,...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/05/25 12:0 a.m.292 views

WFTPD 3.25 Credential Disclosure

Exploit Title: WFTPD 3.25 - Unprotected Credential Storage Date: 04/01/2023 Exploit Author: golem445 Vendor Homepage: https://www.texis.com/ Tested on: Windows 10 CVE: CVE-2023-33263 Description: Usernames and hashes are stored in an openly viewable wftpd.ini configuration file within the host...

7.1AI score0.00861EPSS
Exploits1
Packet Storm
Packet Storm
added 2023/05/25 12:0 a.m.397 views

WordPress Beautiful Cookie Consent Banner 2.10.1 Cross Site Scripting

Description: Beautiful Cookie Consent Banner = 2.10.1 - Unauthenticated Stored Cross-Site Scripting Affected Plugin:Beautiful Cookie Consent Banner Plugin Slug: beautiful-and-responsive-cookie-consent Affected Versions: = 2.10.1 CVE ID: Not Assigned CVSS Score: 7.2 High CVSS Vector:...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/05/24 12:0 a.m.350 views

eScan Management Console 14.0.1400.2281 SQL Injection

Exploit Title: eScan Management Console 14.0.1400.2281 - SQL Injection Authenticated Date: 16/05/2023 Exploit Author: Sahil Ojha Vendor Homepage: https://www.escanav.com Software Link: https://cl.escanav.com/ewconsole.dll Version: 14.0.1400.2281 Tested on: Windows CVE : CVE-2023-31702 Step of...

7.1AI score0.04312EPSS
Exploits5
Packet Storm
Packet Storm
added 2023/05/24 12:0 a.m.281 views

Quicklancer 1.0 SQL Injection

Exploit Title: Quicklancer v1.0 - SQL Injection Date: 2023-05-17 Exploit Author: Ahmet Ümit BAYRAM Vendor: https://codecanyon.net/item/quicklancer-freelance-marketplace-php-script/39087135 Demo Site: https://quicklancer.bylancer.com Tested on: Kali Linux CVE: N/A Request POST /php/user-ajax.php...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/05/24 12:0 a.m.266 views

Esg 2.5 Cross Site Scripting

=========================================================================================== | Title : Esg 2.5 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 103.064-bit | | Vendor : https://www.creatop.com.tw/esg | | Dork : Powered b...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/05/24 12:0 a.m.308 views

Hubstaff 1.6.14-61e5e22e DLL Hijacking

Exploit Title: Hubstaff 1.6.14-61e5e22e - 'wow64log' DLL Search Order Hijacking Date: 14/05/2023 Exploit Author: Ahsan Azad Vendor Homepage: https://hubstaff.com/ Software Link: https://app.hubstaff.com/download Version: 1.6.13, 1.6.14 Tested On: 64-bit operating system, x64-based processor...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/05/24 12:0 a.m.298 views

Apple Zeed ALL YOUR STYLE CMS 1.00 SQL Injection

======================================================================================== | Title : Apple Zeed ALL YOUR STYLE CMS 1.00 Auth By Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 109.064-bit | | Vendor :...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/05/24 12:0 a.m.370 views

Trend Micro OfficeScan Client 10.0 Local Privilege Escalation

Exploit Title: Trend Micro OfficeScan Client 10.0 - ACL Service LPE Date: 2023/05/04 Exploit Author: msd0pe Vendor Homepage: https://www.trendmicro.com My Github: https://github.com/msd0pe-1 Trend Micro OfficeScan Client: Versions = icacls "C:\Program Files x86\Trend Micro\OfficeScan Client"...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/05/24 12:0 a.m.309 views

FusionInvoice 2023-1.0 Cross Site Scripting

Exploit Title: FusionInvoice 2023-1.0 - Stored XSS Cross-Site Scripting Date: 2023-05-24 Exploit Author: Andrea Intilangelo Vendor Homepage: https://www.squarepiginteractive.com Software Link: https://www.fusioninvoice.com/store Version: 2023-1.0 Tested on: Latest Version of Desktop Web Browsers...

7.1AI score0.02246EPSS
Exploits4
Packet Storm
Packet Storm
added 2023/05/24 12:0 a.m.380 views

PaperCut NG/MG 22.0.4 Remote Code Execution

Exploit Title: PaperCut NG/MG 22.0.4 - Remote Code Execution RCE Date: 13 May 2023 Exploit Author: Mohin Paramasivam Shad0wQu35t and MaanVader Vendor Homepage: https://www.papercut.com/ Version: 8.0 or later Tested on: 22.0.4 CVE: CVE-2023-27350 import requests import argparse Grouppayload =...

9.8CVSS7.1AI score0.99999EPSS
Exploits24
Total number of security vulnerabilities50738