Lucene search
K
PacketstormRecent

50738 matches found

Packet Storm
Packet Storm
added 2026/03/10 12:0 a.m.98 views

📄 Voyager 1.8.0 Arbitrary File Upload

Voyager version 1.8.0 has an issue where an attacker with minimal privileges any role allowed to upload images in a Rich Text Box can upload a polyglot file masquerading as an image while embedding server-side executable code...

5.8AI score
Exploits0
Packet Storm
Packet Storm
added 2026/03/10 12:0 a.m.123 views

📄 VirtualBox 7.0.16 Local Privilege Escalation / Race Condition

VirtualBox version 7.0.16 proof of concept local privilege escalation exploit that leverages a race condition vulnerability. ============================================================================================================================================= | Title : VirtualBox 7.0.16...

7.8CVSS7.1AI score0.0178EPSS
Exploits3
Packet Storm
Packet Storm
added 2026/03/10 12:0 a.m.169 views

📄 usbmuxd 1.1.1-1 Path Traversal / Arbitrary File Write

A path traversal vulnerability exists in usbmuxd, a system daemon responsible for multiplexing USB connections to mobile devices. Due to insufficient validation and sanitization of file path inputs processed through its message-handling interface, a local attacker with access to the usbmuxd UNIX...

5.7CVSS5.9AI score0.00132EPSS
Exploits1
Packet Storm
Packet Storm
added 2026/03/10 12:0 a.m.150 views

📄 Router Fingerprint / Command Injection Scanner

This Python tool is designed to automatically identify the vendor of IoT routers through HTTP fingerprinting and attempt command-injection testing using vendor-specific payloads. The scanner analyzes HTTP headers and response bodies to detect device signatures from common manufacturers such as...

5.9AI score
Exploits0
Packet Storm
Packet Storm
added 2026/03/10 12:0 a.m.106 views

📄 Universal‑Ctags V Language 6.2.1 Parser Uncontrolled Recursion

A denial of service issue has been discovered in Universal‑Ctags versions 6.2.1 and below affecting the V language parser component. ============================================================================================================================================= | Title :...

5.7AI score
Exploits0
Packet Storm
Packet Storm
added 2026/03/10 12:0 a.m.211 views

📄 ASUS Router Multi-Stage Command Injection

A multi‑stage command injection vulnerability allows an attacker to achieve remote command execution on a vulnerable ASUS router by abusing the SETROOTCERTIFICATE and APPLYAPP HTTP methods. In the first stage, a malicious shell script is uploaded to the target system disguised as a certificate fi...

9.8CVSS6.3AI score0.01031EPSS
Exploits2
Packet Storm
Packet Storm
added 2026/03/10 12:0 a.m.114 views

📄 Tutor LMS 2.6.2 Missing Authorization / Privilege Escalation

Proof of concept for a missing authorization vulnerability in the Tutor LMS WordPress plugin versions 2.6.2 and below. ============================================================================================================================================= | Title : Tutor LMS 2.6.2 Missing...

6.5CVSS5.8AI score0.00466EPSS
Exploits2
Packet Storm
Packet Storm
added 2026/03/10 12:0 a.m.255 views

📄 Vite 6.2.2 Arbitrary File Read

Proof of concept exploit for an arbitrary file read in Vite version 6.2.2. ============================================================================================================================================= | Title : Vite 6.2.2 Arbitrary File Read – PHP Exploit | | Author : indoushka | ...

7.5CVSS6.6AI score0.76736EPSS
Exploits28
Packet Storm
Packet Storm
added 2026/03/10 12:0 a.m.117 views

📄 SPIP Saisies 5.11.0 Remote Code Execution

This Metasploit module exploits an unauthenticated PHP code injection in the SPIP Saisies plugin. The anciennesvaleurs form parameter is interpolated unsanitized into a hidden field rendered with interdirescripts=false, allowing direct PHP code execution via template eval. Exploitation requires a...

9.8CVSS6.2AI score0.05126EPSS
Exploits5
Packet Storm
Packet Storm
added 2026/03/10 12:0 a.m.132 views

📄 Router Fingerprint / Command Injection Scanner

This Metasploit module targets multiple IoT routers by automatically fingerprinting the device vendor and attempting to exploit command injection vulnerabilities. The module sends an HTTP request to identify the router manufacturer by analyzing response headers and page content. Once the vendor i...

5.8AI score
Exploits0
Packet Storm
Packet Storm
added 2026/03/10 12:0 a.m.136 views

📄 Web‑Check 1 Command Injection

A command injection vulnerability was identified in the Web‑Check application's /api/screenshot endpoint. The issue stems from the backend function that spawns a Chromium screenshot process using childprocess.exec with user‑controlled input passed via the url query parameter. Because the input wa...

9.3CVSS6AI score0.19976EPSS
Exploits4
Packet Storm
Packet Storm
added 2026/03/10 12:0 a.m.125 views

📄 WatchGuard IKEv2 Detection Scanner

This Metasploit module checks for potential vulnerability to CVE-2022-23176 in WatchGuard Firmware IKEv2 service by analyzing malformed IKESAINIT responses. ============================================================================================================================================...

9CVSS7.5AI score0.13318EPSS
Exploits1
Packet Storm
Packet Storm
added 2026/03/10 12:0 a.m.161 views

📄 Vivotek Camera Firmware OS 0125c Command Injection

Vivotek Camera Firmware OS versions 0100a through 0125c suffer from a command injection vulnerability. The issue resides in the CGI binary uploadmap.cgi, which operates under the Boa Webserver environment. The vulnerability occurs because the application improperly processes the POSTFILENAME...

10CVSS6AI score0.21219EPSS
Exploits1
Packet Storm
Packet Storm
added 2026/03/10 12:0 a.m.139 views

📄 Vertex AI Experiments 1.132.x Predictable Bucket Naming

A vulnerability identified as CVE-2026-2473 affected Google Cloud Vertex AI, specifically the Vertex AI Experiments component, in versions 1.21.0 through 1.132.x fixed in 1.133.0 and later. The issue stemmed from predictable Cloud Storage bucket naming patterns, enabling a class of attack known a...

7.7CVSS5.8AI score0.00438EPSS
Exploits1
Packet Storm
Packet Storm
added 2026/03/10 12:0 a.m.113 views

📄 GLib Memory Exhaustion

The gbase64decode function in the GLib library fails to enforce input size limits, allowing attackers to input extremely large Base64-encrypted data, resulting in uncontrolled memory allocation. This vulnerability can be exploited by providing a specially crafted, but syntactically correct, Base6...

5.4CVSS5.8AI score0.00325EPSS
Exploits1
Packet Storm
Packet Storm
added 2026/03/10 12:0 a.m.151 views

📄 WBCE CMS 1.6.5 LFI / Config Disclosure / Cross Site Scripting

The WBCE CMS frontend loader includes template files without sanitization. This allows local file inclusion, reading configuration files, and persistent cross site scripting via crafted templates. Version 1.6.5 is affected...

5.3AI score
Exploits0
Packet Storm
Packet Storm
added 2026/03/10 12:0 a.m.97 views

📄 Vvveb CMS 1.0.5 Insecure Direct Object Reference

A one liner of details for how to leverage the insecure direct object reference vulnerability in Vvveb CMS version 1.0.5. The research later discovered this also affects version 1.0.7.3...

7.2CVSS5.8AI score0.01347EPSS
Exploits6
Packet Storm
Packet Storm
added 2026/03/09 12:0 a.m.177 views

📄 Ubuntu 25.10 Containerd Insecure Directory Permissions

This proof of concept exploit demonstrates and detects CVE-2024-25621, a security vulnerability in containerd caused by insecure permissions on critical runtime and data directories. Affected versions may expose container metadata and runtime artifacts due to directories being readable or writabl...

7.8CVSS5.8AI score0.00151EPSS
Exploits1
Packet Storm
Packet Storm
added 2026/03/09 12:0 a.m.104 views

📄 OpenBabel 3.1.1 Heap Buffer Overflow

This project is a local exploitation research and crash detection framework designed to evaluate memory-safety weaknesses in Open Babel version 3.1.1 under controlled laboratory conditions...

5.8AI score
Exploits0
Packet Storm
Packet Storm
added 2026/03/09 12:0 a.m.171 views

📄 F5 BIG-IP TMUI Unauthenticated Remote Code Execution

This Metasploit module exploits a directory traversal vulnerability in the F5 BIG-IP TMUI interface that allows unauthenticated attackers to execute arbitrary system commands via tmshCmd.jsp...

10CVSS6AI score0.99999EPSS
Exploits60
Packet Storm
Packet Storm
added 2026/03/09 12:0 a.m.130 views

📄 Ipswitch WhatsUp Gold 1.0.0.24 Directory Traversal

Proof of concept exploit for a 2011 finding where Ipswitch WhatsUp Gold version 1.0.0.24 had a directory traversal in the included TFTP server. ============================================================================================================================================= | Title :...

7.8CVSS5.8AI score0.57601EPSS
Exploits4
Packet Storm
Packet Storm
added 2026/03/09 12:0 a.m.115 views

📄 tracker-extract 3.8.2 / tracker-miners 3.x Crash

Proof of concept exploit for tracker-extract version 3.8.2 and tracker-miners version 3.x that demonstrates a crash when parsing oversized or malformed frames from MP3/APEv2 tags...

5.8AI score0.00209EPSS
Exploits2
Packet Storm
Packet Storm
added 2026/03/09 12:0 a.m.123 views

📄 dr_libs 0.14.4 Heap Buffer Overflow

A heap buffer overflow exists in the function drwavreadsmpltometadataobj when processing WAV files with a crafted smpl chunk. The vulnerability arises due to a mismatch between sampleLoopCount validation in pass 1 and unconditional processing in pass 2, allowing 36 bytes of attacker-controlled da...

6.1AI score
Exploits0
Packet Storm
Packet Storm
added 2026/03/09 12:0 a.m.142 views

📄 DOMPurify 3.13 Cross Site Scripting

A mutation cross site scripting vulnerability exists in DOMPurify versions 3.1.3 and below when the SAFEFORXML configuration is enabled. ============================================================================================================================================= | Title : DOMPurif...

5.3AI score
Exploits0
Packet Storm
Packet Storm
added 2026/03/09 12:0 a.m.169 views

📄 Splunk Enterprise 9.1.5 / 9.2.2 Remote Code Execution

This PHP script is a proof of concept exploit for CVE-2024-36985, an authenticated Remote Code Execution vulnerability affecting Splunk instances where the splunkarchiver app is installed and enabled. It is a conversion of a Metasploit module into PHP...

8.8CVSS5.9AI score0.06517EPSS
Exploits6
Packet Storm
Packet Storm
added 2026/03/09 12:0 a.m.172 views

📄 tpAdmin 1.3.12 Shell Upload

tpAdmin versions 1.3.12 and below suffer from a remote shell upload vulnerability due to improper validation of file uploads within the preview.php component under /admin/lib/webuploader/0.1.5/server/...

9.8CVSS7.1AI score0.00554EPSS
Exploits3
Packet Storm
Packet Storm
added 2026/03/09 12:0 a.m.150 views

📄 ThreatFire System Monitor 4.7.0.53 Kernel‑Mode Arbitrary Process Termination

This Metasploit module terminates the Windows Defender process MsMpEng.exe by sending a specific IOCTL to the TfSysMon driver. ============================================================================================================================================= | Title : ThreatFire System...

7.8CVSS5.8AI score0.0013EPSS
Exploits1
Packet Storm
Packet Storm
added 2026/03/09 12:0 a.m.119 views

📄 Jinja 2 1.4.0 Tactical RMM SSTI Detection

This proof of concept script detects potential server-side template injection vulnerabilities in web applications using template engines such as Jinja. The script sends a dynamically generated mathematical expression within a template payload to a target URL parameter. If the server evaluates the...

5.8AI score
Exploits0
Packet Storm
Packet Storm
added 2026/03/09 12:0 a.m.106 views

📄 libbiosig 3.9.2 Buffer Overflow

A specially crafted Intan CLP file can trigger a heap buffer overflow in applications that parse the CLP format without properly validating the HeadLen field. The vulnerable parser allocates memory based on the value of HeadLen but continues reading additional data from the file without enforcing...

6.5AI score
Exploits0
Packet Storm
Packet Storm
added 2026/03/06 12:0 a.m.172 views

📄 Splunk Enterprise 9.1.5 / 9.2.2 Remote Code Execution

Proof of concept exploit for a critical authenticated remote code execution vulnerability that affects multiple versions of Splunk Enterprise when the splunkarchiver application is enabled...

8.8CVSS6.3AI score0.06517EPSS
Exploits6
Packet Storm
Packet Storm
added 2026/03/06 12:0 a.m.135 views

📄 MajorDoMo Remote Code Execution

A critical vulnerability in the MajorDoMo web console allows unauthenticated remote attackers to execute arbitrary system commands on the target server. By sending crafted requests to the /admin.php endpoint with manipulated console parameters, an attacker can inject and execute PHP code remotely...

9.8CVSS6.2AI score0.06996EPSS
Exploits4
Packet Storm
Packet Storm
added 2026/03/06 12:0 a.m.275 views

📄 OpenEXR Integer Overflow

Proof of concept exploit for a potential integer overflow condition when processing specially crafted multi‑part DeepScanLine EXR files with OpenEXR. The program generates a malicious .exr file containing 86 parts, where each pixel is assigned 50,000,000 samples. When these values are summed...

8.4CVSS5.9AI score0.00201EPSS
Exploits2
Packet Storm
Packet Storm
added 2026/03/06 12:0 a.m.150 views

📄 c3p0 Insecure Deserialization

A critical vulnerability in c3p0 prior to version 0.12.0 allows attackers to achieve remote code execution through insecure handling of the userOverridesAsString property in several ConnectionPoolDataSource implementations...

6.3AI score
Exploits0
Packet Storm
Packet Storm
added 2026/03/06 12:0 a.m.159 views

📄 pypdf Memory Exhaustion / Denial of Service

pypdf versions prior to 6.7.3 were vulnerable to a denial of service condition caused by uncontrolled memory allocation during decompression of XFA streams. An attacker could craft a malicious PDF file containing a highly compressed stream using /FlateDecode...

8.7CVSS5.8AI score0.00348EPSS
Exploits1
Packet Storm
Packet Storm
added 2026/03/06 12:0 a.m.182 views

📄 joserfc JWE PBES2 1.6.2 Denial of Service

A denial of service condition can occur in applications using the joserfc library when processing malicious JSON Web Encryption tokens that use the PBES2-HS256+A128KW algorithm...

7.5CVSS5.8AI score0.00432EPSS
Exploits2
Packet Storm
Packet Storm
added 2026/03/06 12:0 a.m.187 views

📄 basic-ftp Path Traversal / Arbitrary File Write

basic-ftp versions prior to 5.2.0 proof of concept that demonstrates an arbitrary file write using a path traversal. ============================================================================================================================================= | Title : basic-ftp prior to version...

9.8CVSS5.9AI score0.00528EPSS
Exploits2
Packet Storm
Packet Storm
added 2026/03/06 12:0 a.m.126 views

📄 psd-tools Denial of Service

When a specially crafted PSD file contains malformed RLE-compressed image data for example, a literal run extending beyond the expected row size, the internal decoderle function raises a ValueError in psd-tools, resulting in a denial of service condition...

5.8AI score
Exploits0
Packet Storm
Packet Storm
added 2026/03/06 12:0 a.m.138 views

📄 minimatch Denial of Service

minimatch suffers from a regular expression denial of service vulnerability. Versions prior to 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4 are affected...

5.8AI score
Exploits0
Packet Storm
Packet Storm
added 2026/03/06 12:0 a.m.150 views

📄 Apache Artemis / ActiveMQ Artemis Missing Authentication

Proof of concept exploit for CVE-2026-27446 targeting Apache Artemis versions 2.50.0 through 2.51.0 and Apache ActiveMQ Artemis versions 2.11.0 through 2.44.0...

9.8CVSS5.8AI score0.10629EPSS
Exploits1
Packet Storm
Packet Storm
added 2026/03/06 12:0 a.m.204 views

📄 OpenStack Remote Code Execution

A remote code execution vulnerability exists in the query parser of OpenStack Vitrage prior to versions 12.0.1, 13.0.0, 14.0.0, and 15.0.0.The issue resides in the createqueryfunction method...

9.1CVSS6.3AI score0.00763EPSS
Exploits2
Packet Storm
Packet Storm
added 2026/03/06 12:0 a.m.146 views

📄 Siklu EtherHaul Series EH-8010 / EH-1200 File Upload

PHP proof of concept for a critical vulnerability that exists in Siklu EtherHaul EH-8010 and EH-1200 devices running firmware versions 7.4.0 through 10.7.3. The rfpiped service exposed on TCP port 555 uses hardcoded AES-256-CBC encryption parameters static key and IV and lacks any authentication...

6.5CVSS6.2AI score0.00417EPSS
Exploits6
Packet Storm
Packet Storm
added 2026/03/05 12:0 a.m.107 views

📄 Honeywell Trend IQ4 Unauthenticated Add Admin

This Metasploit module exploits an insecure default configuration in Honeywell Trend IQ4 controllers. By default, these devices do not enforce authentication, allowing a remote user to enable the User Module and create a new administrative account. Note: This action permanently changes the device...

6AI score
Exploits0
Packet Storm
Packet Storm
added 2026/03/05 12:0 a.m.158 views

📄 dottie 2.0.6 Prototype Pollution Bypass

CVE-2026-27837 describes an incomplete patch in dottie versions 2.0.4 through 2.0.6, following the original CVE-2023-26132 fix attempt. The protection added in commit 7d3aee1 validates only the first segment of a dot-separated property path against dangerous keys such as proto. However, the...

9.8CVSS6AI score0.01062EPSS
Exploits3
Packet Storm
Packet Storm
added 2026/03/05 12:0 a.m.115 views

📄 Adobe SDK 1.7.1 2410 Integer Overflow / Denial of Service

A logic flaw in the processing of the ProfileHueSatMapDims 0xC6F5 tag within the Adobe DNG SDK can lead to an integer overflow condition when parsing crafted DNG files. By supplying excessively large dimension values e.g., 0x15555554 in the Hue/Saturation map metadata, an attacker can trigger...

6AI score
Exploits0
Packet Storm
Packet Storm
added 2026/03/05 12:0 a.m.143 views

📄 Wireshark Dissector Crash Denial of Service

A vulnerability in the RF4CE Profile protocol dissector of Wireshark versions 4.6.0 through 4.6.3 and 4.4.0 through 4.4.13 allows an attacker to trigger a denial of service condition by supplying a specially crafted IEEE 802.15.4 packet capture file. The flaw exists in the handling of malformed...

7.5CVSS6AI score0.00157EPSS
Exploits1
Packet Storm
Packet Storm
added 2026/03/05 12:0 a.m.114 views

📄 basic-ftp downloadToDir() Path Traversal

basic-ftp versions prior to 5.2.0 suffer from a path traversal vulnerability in downloadToDir. ============================================================================================================================================= | Title : basic-ftp prior to version 5.2.0 Path Traversal in...

5.9AI score
Exploits0
Packet Storm
Packet Storm
added 2026/03/05 12:0 a.m.141 views

📄 Juniper JunosEvolved Remote Command Execution

This Metasploit module exploits an unauthenticated command injection vulnerability in the Juniper JunosEvolved API. The exploit workflow involves creating a custom command entity, mapping it to a Directed Acyclic Graph DAG, and triggering an execution instance. The module uses a non-destructive...

9.8CVSS6.1AI score0.17709EPSS
Exploits2
Packet Storm
Packet Storm
added 2026/03/05 12:0 a.m.215 views

📄 Windows SMB Client Privilege Escalation

This Metasploit module exploits CVE-2025-33073 in Windows SMB clients through a complex attack chain involving DNS record injection, NTLM relay attacks, and RPC coercion. The vulnerability allows privilege escalation and remote code execution on affected Windows systems including Windows 11,...

8.8CVSS6.5AI score0.64987EPSS
Exploits6
Packet Storm
Packet Storm
added 2026/03/05 12:0 a.m.229 views

📄 Tactical RMM Jinja2 SSTI Remote Code Execution

This Metasploit module exploits a Server-Side Template Injection SSTI vulnerability in Tactical RMM versions prior to 1.4.0 CVE-2025-69516. The reporting template preview endpoint passes user-controlled Jinja2 template content to Environment.fromstring without sandboxing, allowing arbitrary Pytho...

8.8CVSS6.5AI score0.021EPSS
Exploits4
Packet Storm
Packet Storm
added 2026/03/05 12:0 a.m.133 views

📄 Wireshark USB HID Protocol Dissector Memory Exhaustion

CVE-2026-3201 is a denial of service vulnerability affecting the USB HID protocol dissector in Wireshark versions 4.6.0 through 4.6.3 and 4.4.0 through 4.4.13. The vulnerability is triggered when Wireshark parses a specially crafted USB HID Report Descriptor containing an excessively large...

7.5CVSS5.9AI score0.00184EPSS
Exploits2
Total number of security vulnerabilities50738