Lucene search
K
PacketstormRecent

50738 matches found

Packet Storm
Packet Storm
added 2023/03/24 12:0 a.m.454 views

Joomla! 4.2.7 Unauthenticated Information Disclosure

!/usr/bin/env ruby Exploit Title: Joomla! = 4.2.8 References: - https://nsfocusglobal.com/joomla-unauthorized-access-vulnerability-cve-2023-23752-notice/ - https://developer.joomla.org/security-centre/894-20230201-core-improper-access-check-in-webservice-endpoints.html -...

5.3CVSS5.9AI score0.99827EPSS
Exploits43
Packet Storm
Packet Storm
added 2023/03/23 12:0 a.m.372 views

WordPress Watu Quiz 3.3.9 / GN Publisher 1.5.5 / Japanized For WooComerce 2.5.4 XSS

Description: Reflected Cross-Site Scripting Affected Plugin: Watu Quiz Plugin Slug: watu Affected Versions: = 3.3.9 CVE ID: CVE-2023-0968 CVSS Score: 6.1 Medium CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Researcher/s: Marco Wotschka Fully Patched Version: 3.3.9.1 Description:...

6.1CVSS6.7AI score0.0126EPSS
Exploits5
Packet Storm
Packet Storm
added 2023/03/23 12:0 a.m.370 views

Monitorr 1.7.6m / 1.7.7d Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Monitorr unauthenticated Remote Code Execution RCE', 'Description' = %q This module exploits an arbitrary file upload vulnerability and achieving...

9.8CVSS9.4AI score0.85785EPSS
Exploits8
Packet Storm
Packet Storm
added 2023/03/22 12:0 a.m.202 views

MyBB Export User 2.0 Cross Site Scripting

Exploit Title: MyBB Export User Plugin 2.0 – Cross-Site Scripting Date: January 29, 2021 Author: 0xB9 Twitter: @0xB9sec Software Link: https://community.mybb.com/mods.php?action=view&pid=1408 Version: 2.0 Tested On: Windows 10 CVE: CVE-2023-27890 Description: This plugin allows users to request...

5.8AI score0.00637EPSS
Exploits1
Packet Storm
Packet Storm
added 2023/03/22 12:0 a.m.297 views

Python CGI Documentation Cross Site Scripting

Is there low hanging fruit for the following observation? The documentation of the python cgi module is vulnerable to XSS cross site scripting https://docs.python.org/3/library/cgi.html form = cgi.FieldStorage print"name:", form"name".value print"addr:", form"addr".value First result on google fo...

6.8AI score
Exploits0
Packet Storm
Packet Storm
added 2023/03/22 12:0 a.m.205 views

Zyxel Unauthenticated LAN Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'openssl' class MetasploitModule 'Zyxel Unauthenticated LAN Remote Code Execution', 'Description' = %q This module exploits a buffer overflow in the zhttpd binar...

6.8AI score
Exploits0
Packet Storm
Packet Storm
added 2023/03/20 12:0 a.m.268 views

Human Resources Management System 1.0 SQL Injection

Exploit Title: Human Resources Management System - HRM - Multiple SQLi Date: 16/03/2023 Exploit Author: Abdulhakim Öner Vendor Homepage: https://www.sourcecodester.com Software Link:...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/03/20 12:0 a.m.198 views

MyBB Active Threads 1.3.0 Cross Site Scripting

Exploit Title: MyBB Active Threads Plugin 1.3.0 – Cross-Site Scripting Date: February 9, 2022 Author: 0xB9 Twitter: @0xB9sec Software Link: https://community.mybb.com/mods.php?action=view&pid=1336 Version: 1.3.0 Tested On: Windows 10 CVE: CVE-2022-28354 Description: This plugin shows a page of...

6.6AI score0.0054EPSS
Exploits2
Packet Storm
Packet Storm
added 2023/03/20 12:0 a.m.198 views

Yoga Class Registration System 1.0 Cross Site Scripting

Exploit Title: Yoga Class Registration System - Cross Site Scripting Vulnerability Authenticated Date: 19/03/2023 Exploit Author: Abdulhakim Öner Vendor Homepage: https://www.sourcecodester.com Software Link:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/03/20 12:0 a.m.235 views

101+ News Portal 1.0 SQL Injection

Exploit Title: 101+ News Portal - SQLi Date: 19/03/2023 Exploit Author: Abdulhakim Öner Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/16067/best-online-news-portal-project-php-free-download.html Software Download:...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2023/03/20 12:0 a.m.201 views

Music Gallery Site 1.0 Cross Site Scripting

Exploit Title: Music Gallery Site - Cross Site Scripting Vulnerability Authenticated Date: 19/03/2023 Exploit Author: Abdulhakim Öner Vendor Homepage: https://www.sourcecodester.com Software Link:...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2023/03/20 12:0 a.m.233 views

Yoga Class Registration 1.0 SQL Injection

Title: Yoga Class Registration -1.0-2023 - Multiple SQLi Author: nu11secur1ty Date: 02.27.2023 Vendor: https://github.com/oretnom23 Software: https://www.sourcecodester.com/php/16097/yoga-class-registration-system-php-and-mysql-free-source-code.html Reference:...

Exploits0
Packet Storm
Packet Storm
added 2023/03/20 12:0 a.m.205 views

Medicine Tracker System 1.0 Cross Site Scripting

Exploit Title: Medicine Tracker System - Cross Site Scripting Vulnerability Date: 19/03/2023 Exploit Author: Abdulhakim Öner Vendor Homepage: https://www.sourcecodester.com Software Link:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/03/20 12:0 a.m.275 views

Online Pizza Ordering System 1.0 SQL Injection

Exploit Title: Online Pizza Ordering System 1.0 - "id" SQLi Date: 19/03/2023 Exploit Author: Abdulhakim Öner Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/16166/online-pizza-ordering-system-php-free-source-code.html Software Download:...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2023/03/20 12:0 a.m.364 views

MyBB External Redirect Warning 1.3 Cross Site Scripting

Exploit Title: MyBB External Redirect Warning Plugin 1.3 – Cross-Site Scripting Date: February 1, 2021 Author: 0xB9 Twitter: @0xB9sec Software Link: https://community.mybb.com/mods.php?action=view&pid=493 Version: 1.3 Tested On: Windows 10 CVE: CVE-2022-28353 Description: This plugin notifies the...

6.6AI score0.00558EPSS
Exploits2
Packet Storm
Packet Storm
added 2023/03/20 12:0 a.m.219 views

Adobe Connect 11.4.5 / 12.1.5 Local File Disclosure

Title: adobe connect - Local File Disclosure / Download security feature bypass vulnerability Author: h4shur date:2021.01.16-2023.02.17 CVE: CVE-2023-22232 Vendor Homepage: https://www.adobe.com Software Link: https://www.adobe.com/products/adobeconnect.html Version: 11.4.5 and earlier, 12.1.5 an...

5.3CVSS5.3AI score0.81875EPSS
Exploits4
Packet Storm
Packet Storm
added 2023/03/17 12:0 a.m.281 views

Riello UPS Restricted Shell Bypass

I. VULNERABILITY ------------------------- Riello UPS systems allow to easily escape the configuration shell and get access to the operating system II. VENDOR ------------------------- Riello https://www.riello-ups.es/ III. DESCRIPTION ------------------------- Riello UPS systems allow SSH access...

0.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/03/17 12:0 a.m.372 views

Open Web Analytics 1.7.3 Remote Code Execution

class MetasploitModule 'Open Web Analytics 1.7.3 - Remote Code Execution RCE', 'Description' = %q Open Web Analytics OWA before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs...

9.8CVSS0.5AI score0.99134EPSS
Exploits14
Packet Storm
Packet Storm
added 2023/03/16 12:0 a.m.337 views

Bitbucket Environment Variable Remote Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Bitbucket Environment Variable RCE', 'Description' = %q For various versions of Bitbucket, there is an authenticated command injection...

9.8CVSS0.8AI score0.98035EPSS
Exploits3
Packet Storm
Packet Storm
added 2023/03/16 12:0 a.m.399 views

Microsoft SQL Server 2014 / 2016 / 2017 / 2019 / 2022 Audit Logging Failure

Title: Microsoft SQL Server Password Hash Exposure Product: Database Manufacturer: Microsoft Affected Versions: 2012-2022 Risk Level: Medium CVE Reference: N/A Author of Advisory: Emad Al-Mousa Overview: SQL Server is a popular database system, and database systems are a vital backbone in IT...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/03/15 12:0 a.m.365 views

WordPress Profile Builder 3.9.0 Missing Authorization

Description: Profile Builder – User Profile & User Registration Forms get’. Finally, the function returns the value of the retrieved ‘key’ for the given ‘userid’. During this process, capability checks are not properly implemented to ensure that the user executing the function is authorized to...

6.5CVSS0.4AI score0.00769EPSS
Exploits2
Packet Storm
Packet Storm
added 2023/03/15 12:0 a.m.409 views

Oracle DB Broken PDB Isolation / Metadata Exposure

Title: CVE-2021-2173 – PDB Isolation is broken through metadata exposure Product: Database Manufacturer: Oracle Affected Versions: 12.1.0.2, 12.2.0.1, 18c, 19c Tested Versions: 19c Risk Level: Medium Solution Status: Fixed CVE Reference: CVE-2021-2173 Author of Advisory: Emad Al-Mousa Overview:...

4.1CVSS0.1AI score0.01372EPSS
Exploits4
Packet Storm
Packet Storm
added 2023/03/15 12:0 a.m.378 views

Fortinet FortiNAC keyUpload.jsp Arbitrary File Write

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Fortinet FortiNAC keyUpload.jsp arbitrary file write', 'Description' = %q This module uploads a payload to the /tmp directory in addition to a cr...

9.8CVSS0.5AI score0.99815EPSS
Exploits7
Packet Storm
Packet Storm
added 2023/03/14 12:0 a.m.521 views

Apache Tomcat Privilege Escalation

This exploit sample shows how an exploit module could be written to exploit a bug in a command on a linux computer for priv esc. class MetasploitModule 'Apache Tomcat on RedHat Based Systems Insecure Temp Config Privilege Escalation', 'Description' = %q This module exploits a vulnerability in...

7.8CVSS0.5AI score0.03782EPSS
Exploits8
Packet Storm
Packet Storm
added 2023/03/13 12:0 a.m.221 views

Fastly Secret Disclosure

Correspondence from Fastly declined to comment regarding new discovered vulnerabilities within their website. Poor practices regarding password changes. 1. Reset user password 2. Access link sent 3. Temporary password sent plaintext // HTTP POST request POST...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/03/13 12:0 a.m.264 views

Shopify Cross Site Scripting

Correspondence from Shopify declined to comment regarding new discovered vulnerabilities within their website. Although 'frontend' vulnerabilities are considered out of scope, person/tester foundhimself a beefy bugbounty from the same page that has been listed below, including similar functionali...

Exploits0
Packet Storm
Packet Storm
added 2023/03/10 12:0 a.m.335 views

SugarCRM 12.x Remote Code Execution / Shell Upload

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'securerandom' class MetasploitModule 'SugarCRM unauthenticated Remote Code Execution RCE', 'Description' = %q This module exploits CVE-2023-22952, a Remote Code...

8.8CVSS0.3AI score0.80274EPSS
Exploits4
Packet Storm
Packet Storm
added 2023/03/09 12:0 a.m.314 views

Wondershare Dr Fone 12.9.6 Weak Permissions / Privilege Escalation

Executive Summary: Product Name: Wondershare Dr. Fone Vendor Home Page: https://drfone.wondershare.com Affected Versions: Dr Fone version 12.9.6 Vulnerability Type: Execution with Unnecessary Privileges CWE-250 CVE Reference: CVE-2023-27010. Credit: Thurein Soe Vendor Description: Wondershare Dr...

0.2AI score0.01016EPSS
Exploits4
Packet Storm
Packet Storm
added 2023/03/09 12:0 a.m.253 views

Webpower UPS 5.53 Denial Of Service

Exploit Title: Webpower UPS v5.53 HTTP Denial of Service Date: 2023-03-09 Exploit Author: Yehia Elghaly Vendor Homepage: https://www.eaton.com/ae/en-gb.html Software Link: https://www.eaton.com/ae/en-gb.html Version: Revision v5.53 Tested on: WebPower UPS CVE: N/A !/usr/bin/env python Webpower UP...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/03/09 12:0 a.m.286 views

Real Time Automation 460MCBS 5.2.14 Cross Site Scripting

Exploit Title: Real Time Automation 460MCBS Cross Site Scripting XSS Date: 2023-03-09 Exploit Author: Yehia Elghaly Vendor Homepage: https://www.rtautomation.com/ Software Link: https://www.rtautomation.com/product/460mcbs/ Version: Revision 5.2.14 Tested on: Real Time Automation CVE: N/A Summary...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/03/08 12:0 a.m.554 views

Purchase Order Management 1.0 Shell Upload

Title: Purchase Order Management-1.0 - File Inclusion Vulnerabilities - Unprivileged user interaction - file upload in the server Author: nu11secur1ty Date: 03.06.2023 Vendor: https://www.sourcecodester.com/user/257130/activity Software:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/03/07 12:0 a.m.628 views

Oracle 19c Access Bypass

Title: Oracle Database Vault Protected Table With Realm Data Extraction Vulnerability Product: Database Manufacturer: Oracle Affected Versions: 19c 19.18 and below Risk Level: Medium Solution Status: Fixed in Oracle Critical Patch Update October 2022 back-port patch for 21c version CVE Reference:...

0.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/03/07 12:0 a.m.616 views

CoreDial sipXcom sipXopenfire 21.04 Remote Command Execution / Weak Permissions

¯¯¯¯¯¯¯/ ༼ つ ◕◕ ༽つ ง'̀-'́ง ╯°□°)╯︵ ┻━┻ ヽ´ー`ノ /¯¯ ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ Product: sipXcom sipXopenfire Vendor: CoreDial Name: "sipXcom sipXopenfire XMPP message system command argument injection and insecure service file permissions RCE" Version:...

9AI score0.02501EPSS
Exploits4
Packet Storm
Packet Storm
added 2023/03/07 12:0 a.m.327 views

Arris DG3450 AR01.02.056.18_041520_711.NCS.10 XSS / Missing Authentication

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Vulnerabilities product: Arris DG3450 Cable Gateway vulnerable version: AR01.02.056.18041520711.NCS.10 fixed version: - CVE number: CVE-2023-27571, CVE-2023-2757...

0.9AI score0.009EPSS
Exploits4
Packet Storm
Packet Storm
added 2023/03/07 12:0 a.m.449 views

ZwiiCMS 12.2.04 Remote Code Execution

Exploit Title: ZwiiCMS 12.2.04 Remote Code Execution Authenticated Date: 03/06/2023 Exploit Author: Hadi Mene Vendor Homepage: https://zwiicms.fr/ Version: 12.2.04 and potentially lower versions CVE: CVE-2020-10567 Category: webapps ZwiiCMS 12.2.04 uses "Responible FileManager" 9.14.0 for its fil...

9.8CVSS9.7AI score0.1929EPSS
Exploits5
Packet Storm
Packet Storm
added 2023/03/06 12:0 a.m.281 views

Purchase Order Management 1.0 SQL Injection

Title: Purchase Order Management-1.0 - SQLi Author: nu11secur1ty Date: 03.06.2023 Vendor: https://www.sourcecodester.com/user/257130/activity Software: https://www.sourcecodester.com/php/14935/purchase-order-management-system-using-php-free-source-code.html Reference:...

Exploits0
Packet Storm
Packet Storm
added 2023/03/06 12:0 a.m.278 views

Agilebio Lab Collector 4.234 Remote Code Execution

Exploit Title: Agilebio Lab Collector Electronic Lab Notebook Remote Code Execution Date: 2023-02-28 Exploit Author: Anthony Cole Vendor Homepage: https://labcollector.com/labcollector-lims/add-ons/eln-electronic-lab-notebook/ Version: v4.234 Contact: http://twitter.com/acole76 Website:...

0.1AI score0.0454EPSS
Exploits3
Packet Storm
Packet Storm
added 2023/03/06 12:0 a.m.281 views

Android GKI Kernels Contain Broken Non-Upstream Speculative Page Faults MM Code

Android: GKI kernels contain broken non-upstream Speculative Page Faults MM code A central recurring theme in Linux MM development is that contention on the mmap lock can have a big negative performance impact on multithreaded workloads: If one thread is holding the mmap lock in exclusive mode fo...

0.7AI score0.00217EPSS
Exploits4
Packet Storm
Packet Storm
added 2023/03/06 12:0 a.m.314 views

Purchase Order Management 1.0 Cross Site Scripting

Title: Purchase Order Management-1.0 - XSS-Reflected - Information-gathering Author: nu11secur1ty Date: 03.06.2023 Vendor: https://www.sourcecodester.com/user/257130/activity Software: https://www.sourcecodester.com/php/14935/purchase-order-management-system-using-php-free-source-code.html...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/03/03 12:0 a.m.314 views

Barracuda CloudGen WAN OS Command Injection

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: OS Command Injection product: Barracuda CloudGen WAN vulnerable version: v8. hotfix 1089 fixed version: v8. with hotfix webui-sdwan-1089-8.3.1-174141891 or above version...

0.5AI score0.07878EPSS
Exploits3
Packet Storm
Packet Storm
added 2023/03/02 12:0 a.m.278 views

Real Estate CRM Pro 5.7 SQL Injection

==================================================================================================================================== | Title : Real Estate CRM Pro v 5.7 Auth By Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 69.032-b...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/03/02 12:0 a.m.352 views

Lucee Authenticated Scheduled Job Code Execution

class MetasploitModule 'Lucee Authenticated Scheduled Job Code Execution', 'Description' = %q This module can be used to execute a payload on Lucee servers that have an exposed administrative web interface. It's possible for an administrator to create a scheduled job that queries a remote...

0.9AI score
Exploits0
Packet Storm
Packet Storm
added 2023/03/01 12:0 a.m.425 views

Oracle E-Business Suite (EBS) Unauthenticated Arbitrary File Upload

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/zip' class MetasploitModule 'Oracle E-Business Suite EBS Unauthenticated Arbitrary File Upload', 'Description' = %q This module exploits an unauthenticated...

9.8CVSS0.2AI score0.98342EPSS
Exploits7
Packet Storm
Packet Storm
added 2023/02/28 12:0 a.m.320 views

Osprey Pump Controller 1.0.1 userName Command Injection

Osprey Pump Controller 1.0.1 userName Blind Command Injection Vendor: ProPump and Controls, Inc. Product web page: https://www.propumpservice.com | https://www.pumpstationparts.com Affected version: Software Build ID 20211018, Production 10/18/2021 Mirage App: MirageAppManager, Release 1.0.1 Mira...

0.5AI score
Exploits0
Packet Storm
Packet Storm
added 2023/02/28 12:0 a.m.275 views

Osprey Pump Controller 1.0.1 Unauthenticated File Disclosure

Osprey Pump Controller 1.0.1 Unauthenticated File Disclosure Vendor: ProPump and Controls, Inc. Product web page: https://www.propumpservice.com | https://www.pumpstationparts.com Affected version: Software Build ID 20211018, Production 10/18/2021 Mirage App: MirageAppManager, Release 1.0.1 Mirag...

0.6AI score
Exploits0
Packet Storm
Packet Storm
added 2023/02/28 12:0 a.m.265 views

Osprey Pump Controller 1.0.1 Authentication Bypass

!/usr/bin/env python Osprey Pump Controller 1.0.1 Authentication Bypass Credentials Modification Vendor: ProPump and Controls, Inc. Product web page: https://www.propumpservice.com | https://www.pumpstationparts.com Affected version: Software Build ID 20211018, Production 10/18/2021 Mirage App:...

0.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/02/28 12:0 a.m.346 views

WordPress Real Estate 7 Theme 3.3.4 Cross Site Scripting

==== Z://USB-00RESEARCH/WORDPRESS/ ============================================= 2023 == Report Title: WordPress Real Estate 7 Theme = 3.3.4 - Unauthenticated Reflected Cross-Site Scripting XSS Google Dork: inurl:/wp-content/themes/realestate-7/ Research Date: 2023-02-10 Researcher: FearZzZz...

Exploits0
Packet Storm
Packet Storm
added 2023/02/28 12:0 a.m.382 views

Osprey Pump Controller 1.0.1 Cross Site Request Forgery

!-- Osprey Pump Controller 1.0.1 Cross-Site Request Forgery Vendor: ProPump and Controls, Inc. Product web page: https://www.propumpservice.com | https://www.pumpstationparts.com Affected version: Software Build ID 20211018, Production 10/18/2021 Mirage App: MirageAppManager, Release 1.0.1 Mirage...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2023/02/28 12:0 a.m.232 views

ME-FI DOT 2.2 SQL Injection

==================================================================================================================================== | Title : ME-FI DOT SQL Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 108.0.332-bit | | Vendo...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/02/28 12:0 a.m.306 views

Osprey Pump Controller 1.0.1 Predictable Session Token / Session Hijacking

Osprey Pump Controller 1.0.1 Predictable Session Token / Session Hijack Vendor: ProPump and Controls, Inc. Product web page: https://www.propumpservice.com | https://www.pumpstationparts.com Affected version: Software Build ID 20211018, Production 10/18/2021 Mirage App: MirageAppManager, Release...

0.4AI score
Exploits0
Total number of security vulnerabilities50738