Packetstorm - Page 116 of Packetstorm Vulnerabilities List

Packet Storm•added 2023/02/09 12:0 a.m.•408 views

Fortra GoAnywhere MFT Unsafe Deserialization Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Fortra GoAnywhere MFT Unsafe Deserialization RCE', 'Description' = %q This module exploits CVE-2023-0669, which is an object deserialization...

0.5AI score0.94378EPSS

Exploits12

Packet Storm•added 2023/02/09 12:0 a.m.•419 views

CKSource CKEditor5 35.4.0 Cross Site Scripting

Exploit Title: Cross Site Scripting in CKSource's CKEditor5 35.4.0 Google Dork: N/A Date: February 09, 2023 Exploit Author: Manish Pathak Vendor Homepage: https://cksource.com/ Software Link: https://ckeditor.com/ckeditor-5/download/ Version: 35.4.0 Tested on: Linux / Web CVE : CVE-2022-48110...

6.8AI score0.01266EPSS

Packet Storm•added 2023/02/09 12:0 a.m.•699 views

Zoho ManageEngine Endpoint Central / MSP 10.1.2228.10 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ManageEngine Endpoint Central Unauthenticated SAML RCE', 'Description' = %q This exploits an unauthenticated remote code execution vulnerability...

9.8CVSS0.3AI score0.94378EPSS

Exploits15

Packet Storm•added 2023/02/08 12:0 a.m.•373 views

ManageEngine ADSelfService Plus Unauthenticated SAML Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ManageEngine ADSelfService Plus Unauthenticated SAML RCE', 'Description' = %q This exploits an unauthenticated remote code execution vulnerabilit...

9.8CVSS0.7AI score0.94378EPSS

Exploits15

Packet Storm•added 2023/02/08 12:0 a.m.•497 views

Nagios XI 5.7.5 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Nagios XI 5.5.6 to 5.7.5 - ConfigWizards Authenticated Remote Code Exection', 'Description' = %q This module exploits CVE-2021-25296,...

9CVSS0.93287EPSS

Exploits9

Packet Storm•added 2023/02/07 12:0 a.m.•321 views

101news By Mayuri K 1.0 SQL Injection

Title: 101news-by-Mayuri-K-1.0 Multiple-SQLi Author: nu11secur1ty Date: 02.02.2023 Vendor: https://mayurik.com/ Software: https://mayurik.com/source-code/P4030/news-portal-project-in-php Reference: https://portswigger.net/web-security/sql-injection Description: The comment parameter appears to be...

Packet Storm•added 2023/02/07 12:0 a.m.•420 views

Zoho ManageEngine ServiceDesk Plus 14003 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ManageEngine ServiceDesk Plus Unauthenticated SAML RCE', 'Description' = %q This exploits an unauthenticated remote code execution vulnerability...

9.8CVSS0.5AI score0.94378EPSS

Exploits15

Packet Storm•added 2023/02/07 12:0 a.m.•462 views

Material Dashboard 2 SQL Injection

==================================================================================================================================== | Title : Material Dashboard 2 Auth by pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro | | Vendor : https://www.creative-tim.com...

0.5AI score

Packet Storm•added 2023/02/06 12:0 a.m.•280 views

Apache Tomcat On Ubuntu Log Init Privilege Escalation

This exploit sample shows how an exploit module could be written to exploit a bug in a command on a linux computer for priv esc. class MetasploitModule 'Apache Tomcat on Ubuntu Log Init Privilege Escalation', 'Description' = %q Tomcat 6, 7, 8 packages provided by default repositories on...

7.8CVSS0.7AI score0.22216EPSS

Exploits8

Packet Storm•added 2023/02/03 12:0 a.m.•290 views

F5 Big-IP Create Administrative User

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'unixcrypt' class MetasploitModule 'F5 Big-IP Create Admin User', 'Description' = %q This creates a local user with a username/password and root-level privileges...

8.8CVSS0.92678EPSS

Exploits9

Packet Storm•added 2023/02/03 12:0 a.m.•264 views

Lenovo Diagnostics Driver Memory Access

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Lenovo Diagnostics Driver IOCTL memmove', 'Description' = %q Incorrect access control for the Lenovo Diagnostics Driver allows a low-privileged...

0.3AI score0.84504EPSS

Packet Storm•added 2023/02/03 12:0 a.m.•434 views

Oracle Database 12.1.0.2 Spatial Component Privilege Escalation

Title: Oracle Database Privilege Escalation Through Oracle Spatial Component Product: Database Manufacturer: Oracle Affected Versions: 12.1.0.2 Tested Versions: 12cR1 Risk Level: High Solution Status: Fixed in Oracle Critical Patch Update October 2021 CVE Reference: N/A, Backported in Oracle CPU...

1.3AI score

Packet Storm•added 2023/02/03 12:0 a.m.•345 views

macOS Dirty Cow Arbitrary File Write Local Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'macOS Dirty Cow Arbitrary File Write Local Privilege Escalation', 'Description' = %q An app may be able to execute arbitrary code with kernel...

7CVSS0.5AI score0.85334EPSS

Exploits9

Packet Storm•added 2023/02/01 12:0 a.m.•243 views

eCommerce Marketplace Platform CMS 1.7 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

0.2AI score

Packet Storm•added 2023/02/01 12:0 a.m.•352 views

vmwgfx Driver File Descriptor Handling Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'vmwgfx Driver File Descriptor Handling Priv Esc', 'Description' = %q If the vmwgfx driver fails to copy the 'fencerep' object to userland, it tri...

0.5AI score0.13534EPSS

Exploits3

Packet Storm•added 2023/02/01 12:0 a.m.•221 views

Online Eyewear Shop 1.0 SQL Injection

Exploit Title: Online Eyewear Shop 1.0 - Product detail 'id' SQL Injection Unauthenticated Date: 2023-01-02 Exploit Author: Muhammad Navaid Zafar Ansari Vendor Homepage: https://www.sourcecodester.com/php/16089/online-eyewear-shop-website-using-php-and-mysql-free-download.html Software Link:...

Packet Storm•added 2023/02/01 12:0 a.m.•211 views

eCommerce Marketplace Platform CMS 1.7 SQL Injection

0.6AI score

Packet Storm•added 2023/02/01 12:0 a.m.•361 views

io_uring Same Type Object Reuse Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'iouring Same Type Object Reuse Priv Esc', 'Description' = %q This module exploits a bug in iouring leading to an additional putcred that can be...

8.8CVSS0.5AI score0.18512EPSS

Packet Storm•added 2023/01/31 12:0 a.m.•249 views

PHPJabbers Auto Classifieds Script 3.2 Cross Site Scripting

Packet Storm•added 2023/01/31 12:0 a.m.•222 views

PHPJabbers Business Directory Script 3.2 Cross Site Scripting

Packet Storm•added 2023/01/31 12:0 a.m.•1041 views

mRemoteNG 1.76.20 Privilege Escalation

mRemoteNG mRemoteNG v1.76.20 Privilege Escalation Detailed Information ------------------------------------------------------------------------------------------------------------------------------------------------------------------------ Product Name: mRemoteNG Vendor Home Page:...

0.7AI score0.00139EPSS

Exploits1

Packet Storm•added 2023/01/31 12:0 a.m.•373 views

Control Web Panel Unauthenticated Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/stopwatch' class MetasploitModule 'CWP login.php Unauthenticated RCE', 'Description' = %q Control Web Panel versions 'Spencer McIntyre', metasploit module...

9.8CVSS0.6AI score0.94457EPSS

Exploits12

Packet Storm•added 2023/01/30 12:0 a.m.•217 views

PHPJabbers Travel Tours Script 1.0 SQL Injection

0.1AI score

Packet Storm•added 2023/01/30 12:0 a.m.•385 views

Zstore 6.6.0 Cross Site Scripting

Title: zstore-6.6.0 - XSS-Reflected Development: nu11secur1ty Date: 01.29.2023 Vendor: https://zippy.com.ua/ Software: https://github.com/leon-mbs/zstore/releases/tag/6.5.4 Reproduce: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/zippy/zstore-6.5.4 Description: The value of...

Packet Storm•added 2023/01/30 12:0 a.m.•192 views

PHPJabbers Property Listing Script 3.1 SQL Injection

Packet Storm•added 2023/01/30 12:0 a.m.•214 views

PHPJabbers Event Ticketing System Script 1.0 Cross Site Scripting

Packet Storm•added 2023/01/30 12:0 a.m.•204 views

PHPJabbers Travel Tours Script 1.0 Cross Site Scripting

Packet Storm•added 2023/01/30 12:0 a.m.•181 views

PHPJabbers Car Park Booking System 2.0 Cross Site Scripting

0.1AI score

Packet Storm•added 2023/01/30 12:0 a.m.•204 views

PHPJabbers Property Listing Script 3.1 Cross Site Scripting

Packet Storm•added 2023/01/27 12:0 a.m.•233 views

PHPJabbers Car Rental Script 3.0 SQL Injection

Packet Storm•added 2023/01/27 12:0 a.m.•420 views

Razer Synapse 3.7.0731.072516 Local Privilege Escalation

Advisory ID: SYSS-2022-047 Product: Razer Synapse Manufacturer: Razer Inc. Affected Versions: Versions before 3.7.0830.081906 Tested Versions: 3.7.0731.072516 Vulnerability Type: Improper Certificate Validation CWE-295 Risk Level: High Solution Status: Open Manufacturer Notification: 2022-08-02...

7.3CVSS0.4AI score0.00062EPSS

Exploits6

Packet Storm•added 2023/01/27 12:0 a.m.•288 views

Micro Focus GroupWise Session ID Disclosure

Trovent Security Advisory 2203-01 Micro Focus GroupWise transmits session ID in URL Overview Advisory ID: TRSA-2203-01 Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2203-01 Affected product: Micro Focus GroupWise Affected version: prior to 18.4.2...

4.3CVSS4.8AI score0.00184EPSS

Exploits2

Packet Storm•added 2023/01/26 12:0 a.m.•349 views

Secure Web Gateway 10.2.11 Cross Site Scripting

RedTeam Pentesting identified a vulnerability which allows attackers to craft URLs to any third-party website that result in arbitrary content to be injected into the response when accessed through the Secure Web Gateway. While it is possible to inject arbitrary content types, the primary risk...

6.1CVSS0.1AI score0.03903EPSS

Packet Storm•added 2023/01/25 12:0 a.m.•322 views

Inout Music 5.1.1 SQL Injection

Packet Storm•added 2023/01/25 12:0 a.m.•267 views

Inout Jobs Portal 2.2.2 SQL Injection

Packet Storm•added 2023/01/25 12:0 a.m.•230 views

Inout Jobs Portal 2.2.2 Cross Site Scripting

Packet Storm•added 2023/01/24 12:0 a.m.•290 views

Inout Homestay 2.2 SQL Injection

Packet Storm•added 2023/01/24 12:0 a.m.•306 views

Inout Search Engine 10.1.3 Cross Site Scripting

Packet Storm•added 2023/01/24 12:0 a.m.•631 views

Cacti 1.2.22 Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cacti 1.2.22 unauthenticated command injection', 'Description' = %q This module exploits an unauthenticated command injection vulnerability in...

9.8CVSS9.8AI score0.94469EPSS

Exploits48

Packet Storm•added 2023/01/23 12:0 a.m.•460 views

Active eCommerce CMS 6.5.0 Cross Site Scripting

Exploit Title: Active eCommerce CMS 6.5.0 - 'svg' Stored Cross-Site Scripting XSS Date: 19/01/2023 Exploit Author: Sajibe Kanti Vendor Name: ActiveITzone Vendor Homepage: https://activeitzone.com/ Software Link: https://codecanyon.net/item/active-ecommerce-cms/23471405 Version: 6.5.0 Tested on:...

Packet Storm•added 2023/01/23 12:0 a.m.•307 views

Inout RealEstate 2.1.3 SQL Injection

0.2AI score

Packet Storm•added 2023/01/23 12:0 a.m.•666 views

Food Ordering System 2 Shell Upload

Title: Food Ordering System v2 File upload Vulnerability + web-shell upload - RCE Author: nu11secur1ty Date: 01.23.2023 Vendor: https://github.com/oretnom23 Software: https://www.sourcecodester.com/php/16022/online-food-ordering-system-v2-using-php8-and-mysql-free-source-code.html Reference:...

Packet Storm•added 2023/01/23 12:0 a.m.•323 views

ERPGo SaaS 3.9 CSV Injection

Exploit Title: ERPGo SaaS 3.9 - CSV Injection Date: 18/01/2023 Exploit Author: Sajibe Kanti CVE ID: Vendor Name: RajodiyaInfotech Vendor Homepage: https://rajodiya.com/ Software Link: https://codecanyon.net/item/erpgo-saas-all-in-one-business-erp-with-project-account-hrm-crm-pos/33263426 Version:...

0.1AI score

Packet Storm•added 2023/01/23 12:0 a.m.•308 views

AmazCart Laravel Ecommerce System CMS 3.4 Cross Site Scripting

Exploit Title: AmazCart - Laravel Ecommerce System CMS 3.4 - 'Search' Cross-Site-Scripting — Reflected AJAX Date: 17/01/2023 Exploit Author: Sajibe Kanti CVE ID: Vendor Name: CodeThemes Vendor Homepage: https://spondonit.com/ Software Link:...

Packet Storm•added 2023/01/20 12:0 a.m.•571 views

Patient Record Management System 1.0 Authentication Bypass

Exploit Title: Patient Record Management System v1.0 - Authentication Bypass via PHP Loose Comparison Exploit Author: Joe Pollock Date: January 19, 2023 Vendor Homepage: https://www.sourcecodester.com/php/13505/patient-record-management-system.html Software Link:...

0.5AI score

Packet Storm•added 2023/01/20 12:0 a.m.•360 views

wolfSSL WOLFSSL_CALLBACKS Heap Buffer Over-Read

wolfSSL before 5.5.2: Heap-buffer over-read with WOLFSSLCALLBACKS ==================================================================== INFO ======= The CVE project has assigned the id CVE-2022-42905 to this issue. Severity: 9.1 CRITICAL Affected version: before 5.5.2 End of embargo: Ended October...

9.1CVSS0.04788EPSS

Exploits2

Packet Storm•added 2023/01/20 12:0 a.m.•219 views

Inout Multi-Vendor Shopping Cart 3.2.3 SQL Injection

0.2AI score

Packet Storm•added 2023/01/20 12:0 a.m.•362 views

ASKEY RTF3505VW-N1 Privilege Escalation

Exploit Title: ASKEY RTF3505VW-N1 - Privilege escalation Date: 07-12-2022 Exploit Author: Leonardo Nicolas Servalli Vendor Homepage: www.askey.com Platform: ASKEY router devices RTF3505VW-N1 Tested on: Firmware BRSVg000R3505VMN1001s327 Vulnerability analysis:...

0.8AI score