Lucene search
K
PacketstormRecent

50744 matches found

Packet Storm
Packet Storm
added 2023/02/28 12:0 a.m.275 views

Osprey Pump Controller 1.0.1 Unauthenticated File Disclosure

Osprey Pump Controller 1.0.1 Unauthenticated File Disclosure Vendor: ProPump and Controls, Inc. Product web page: https://www.propumpservice.com | https://www.pumpstationparts.com Affected version: Software Build ID 20211018, Production 10/18/2021 Mirage App: MirageAppManager, Release 1.0.1 Mirag...

0.6AI score
Exploits0
Packet Storm
Packet Storm
added 2023/02/28 12:0 a.m.265 views

Osprey Pump Controller 1.0.1 Authentication Bypass

!/usr/bin/env python Osprey Pump Controller 1.0.1 Authentication Bypass Credentials Modification Vendor: ProPump and Controls, Inc. Product web page: https://www.propumpservice.com | https://www.pumpstationparts.com Affected version: Software Build ID 20211018, Production 10/18/2021 Mirage App:...

0.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/02/28 12:0 a.m.346 views

WordPress Real Estate 7 Theme 3.3.4 Cross Site Scripting

==== Z://USB-00RESEARCH/WORDPRESS/ ============================================= 2023 == Report Title: WordPress Real Estate 7 Theme = 3.3.4 - Unauthenticated Reflected Cross-Site Scripting XSS Google Dork: inurl:/wp-content/themes/realestate-7/ Research Date: 2023-02-10 Researcher: FearZzZz...

Exploits0
Packet Storm
Packet Storm
added 2023/02/28 12:0 a.m.382 views

Osprey Pump Controller 1.0.1 Cross Site Request Forgery

!-- Osprey Pump Controller 1.0.1 Cross-Site Request Forgery Vendor: ProPump and Controls, Inc. Product web page: https://www.propumpservice.com | https://www.pumpstationparts.com Affected version: Software Build ID 20211018, Production 10/18/2021 Mirage App: MirageAppManager, Release 1.0.1 Mirage...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2023/02/28 12:0 a.m.232 views

ME-FI DOT 2.2 SQL Injection

==================================================================================================================================== | Title : ME-FI DOT SQL Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 108.0.332-bit | | Vendo...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/02/28 12:0 a.m.306 views

Osprey Pump Controller 1.0.1 Predictable Session Token / Session Hijacking

Osprey Pump Controller 1.0.1 Predictable Session Token / Session Hijack Vendor: ProPump and Controls, Inc. Product web page: https://www.propumpservice.com | https://www.pumpstationparts.com Affected version: Software Build ID 20211018, Production 10/18/2021 Mirage App: MirageAppManager, Release...

0.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/02/28 12:0 a.m.391 views

WordPress Real Estate 7 Theme 3.3.4 Abuse Of Functionality

==== Z://USB-00RESEARCH/WORDPRESS/ ============================================= 2023 == Report Title: WordPress Real Estate 7 Theme = 3.3.4 - Abuse of Functionality Google Dork: inurl:/wp-content/themes/realestate-7/ Research Date: 2023-02-10 Researcher: FearZzZz https://fearzzzz.ru Component...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/02/28 12:0 a.m.274 views

ME-FI DOT 2.2 Default Credentials

==================================================================================================================================== | Title : ME-FI DOT 2.2 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 108.0.332-bit |...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/02/28 12:0 a.m.306 views

WordPress Real Estate 7 Theme 3.3.4 Cross Site Request Forgery

==== Z://USB-00RESEARCH/WORDPRESS/ ============================================= 2023 == Report Title: WordPress Real Estate 7 Theme = 3.3.4 - Multiple Cross-Site Request Forgery CSRF Vulnerabilities Google Dork: inurl:/wp-content/themes/realestate-7/ Research Date: 2023-02-10 Researcher: FearZzZ...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/02/28 12:0 a.m.269 views

Osprey Pump Controller 1.0.1 Cross Site Scripting

Osprey Pump Controller 1.0.1 Unauthenticated Reflected XSS Vendor: ProPump and Controls, Inc. Product web page: https://www.propumpservice.com | https://www.pumpstationparts.com Affected version: Software Build ID 20211018, Production 10/18/2021 Mirage App: MirageAppManager, Release 1.0.1 Mirage...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2023/02/28 12:0 a.m.643 views

WordPress WoodMart Theme 7.1.0 Shortcodes Injection

==== Z://USB-00RESEARCH/WORDPRESS/ ============================================= 2022 == Report Title: WordPress WoodMart Theme = 7.1.0 - Unauthenticated Arbitrary Shortcodes Injection Google Dork: inurl:/wp-content/themes/woodmart/ Research Date: 2022-11-12 Researcher: FearZzZz https://fearzzzz....

0.00523EPSS
Exploits3
Packet Storm
Packet Storm
added 2023/02/28 12:0 a.m.275 views

ChurchCRM 4.5.3 SQL Injection

Title: ChurchCRM-4.5.3-121fcc1-SQLi Author: nu11secur1ty Date: 02.27.2023 Vendor: http://churchcrm.io/ Software: https://github.com/ChurchCRM/CRM Reference: https://portswigger.net/web-security/sql-injection Description: In the manual insertion point 1 - parameter EID appears to be vulnerable to...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/02/28 12:0 a.m.254 views

Osprey Pump Controller 1.0.1 Administrator Backdoor Access

Osprey Pump Controller 1.0.1 Administrator Backdoor Access Vendor: ProPump and Controls, Inc. Product web page: https://www.propumpservice.com | https://www.pumpstationparts.com Affected version: Software Build ID 20211018, Production 10/18/2021 Mirage App: MirageAppManager, Release 1.0.1 Mirage...

0.6AI score
Exploits0
Packet Storm
Packet Storm
added 2023/02/28 12:0 a.m.302 views

Osprey Pump Controller 1.0.1 eventFileSelected Command Injection

Osprey Pump Controller 1.0.1 eventFileSelected Command Injection Vendor: ProPump and Controls, Inc. Product web page: https://www.propumpservice.com | https://www.pumpstationparts.com Affected version: Software Build ID 20211018, Production 10/18/2021 Mirage App: MirageAppManager, Release 1.0.1...

0.5AI score
Exploits0
Packet Storm
Packet Storm
added 2023/02/28 12:0 a.m.359 views

Osprey Pump Controller 1.0.1 Unauthenticated Remote Code Execution

!/usr/bin/env python Osprey Pump Controller 1.0.1 Unauthenticated Remote Code Execution Exploit Vendor: ProPump and Controls, Inc. Product web page: https://www.propumpservice.com | https://www.pumpstationparts.com Affected version: Software Build ID 20211018, Production 10/18/2021 Mirage App:...

0.7AI score
Exploits0
Packet Storm
Packet Storm
added 2023/02/28 12:0 a.m.248 views

Osprey Pump Controller 1.0.1 pseudonym Command Injection

Osprey Pump Controller 1.0.1 pseudonym Semi-blind Command Injection Vendor: ProPump and Controls, Inc. Product web page: https://www.propumpservice.com | https://www.pumpstationparts.com Affected version: Software Build ID 20211018, Production 10/18/2021 Mirage App: MirageAppManager, Release 1.0....

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2023/02/28 12:0 a.m.366 views

WordPress WoodMart Theme 7.1.1 Cross Site Request Forgery

==== Z://USB-00RESEARCH/WORDPRESS/ ============================================= 2023 == Report Title: WordPress WoodMart Theme deactivate; $this-notices-addsuccess 'Theme license is successfully deactivated.' ; return; if isset $POST'woodmart-purchase-code' &...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2023/02/27 12:0 a.m.370 views

ASUS ASMB8 iKVM 1.14.51 SNMP Remote Root

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Exploit Title: ASUS ASMB8 iKVM RCE and SSH Root Access Date: 2023-02-16 Exploit Author: [email protected] for NetworkSEC NWSSA-002-2023 Vendor Homepage: https://servers.asus.com/search?q=ASMB8 Version/Model: ASMB8 iKVM...

0.17399EPSS
Exploits6
Packet Storm
Packet Storm
added 2023/02/27 12:0 a.m.283 views

ABUS Security Camera TVIP 20000-21150 LFI / Remote Code Execution

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Exploit Title: ABUS Security Camera LFI, RCE and SSH Root Access Date: 2023-02-16 Exploit Author: [email protected] for NetworkSEC NWSSA-001-2023 Vendor Homepage: https://www.abus.com Version/Model: TVIP 20000-21150 probabl...

0.3AI score0.38722EPSS
Exploits5
Packet Storm
Packet Storm
added 2023/02/27 12:0 a.m.246 views

pfBlockerNG 2.1.4_26 Remote Code Execution

Exploit Title: pfBlockerNG 2.1.426 - Remote Code Execution RCE Shodan Results: https://www.shodan.io/search?query=http.title%3A%22pfSense+-+Login%22+%22Server%3A+nginx%22+%22Set-Cookie%3A+PHPSESSID%3D%22 Date: 5th of September 2022 Exploit Author: IHTeam Vendor Homepage:...

9.8CVSS0.4AI score0.86446EPSS
Exploits14
Packet Storm
Packet Storm
added 2023/02/24 12:0 a.m.332 views

Auto Dealer Management System 1.0 SQL Injection

Auto Dealer Management System - SQL Injection on page viewtransaction.php and parameter is id, application url is ?page=vehicles/viewtransaction&id=? with low privilege authentication Date: 18 February 2023 CVE Assigned: CVE-2023-0912 mitre.org nvd.nist.org Author Name: Muhammad Navaid Zafar Ansa...

0.5AI score0.01728EPSS
Exploits11
Packet Storm
Packet Storm
added 2023/02/24 12:0 a.m.244 views

Employee Task Management System 1.0 SQL Injection

Employee Task Management System - SQL Injection on task-details.php?taskid=? with low privilege authentication Date: 17 February 2023 CVE Assigned: CVE-2023-0904 mitre.org, nvd.nist.org Author Email: [email protected] Vendor Homepage: https://www.sourcecodester.com Software Link: Employe...

0.2AI score0.02693EPSS
Exploits13
Packet Storm
Packet Storm
added 2023/02/24 12:0 a.m.209 views

Kshitish 2.0 Default Credentials

==================================================================================================================================== | Title : kshitish v2.0 Multipurpose eCommerce Platform Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser :...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2023/02/24 12:0 a.m.254 views

Simple Food Ordering System 1.0 Cross Site Scripting

Simple Food Ordering System - Authenticated Reflected Cross Site Scripting Date: 17 February 2023 CVE Assigned: CVE-2023-0902 mitre.org nvd.nist.org Author Email: [email protected] Vendor Homepage: https://www.sourcecodester.com Software Link: Simple Food Ordering System Version: v 1.0...

5.2AI score0.02693EPSS
Exploits9
Packet Storm
Packet Storm
added 2023/02/24 12:0 a.m.224 views

Auto Dealer Management System 1.0 Privilege Escalation

Auto Dealer Management System - Broken Access Control leads to compromise of all application accounts by accessing the ?page=user/list with low privileged user account Date: 18 February 2023 Author Email: [email protected] Vendor Homepage: https://www.sourcecodester.com Software Link: Au...

0.5AI score
Exploits0
Packet Storm
Packet Storm
added 2023/02/24 12:0 a.m.248 views

Employee Task Management System 1.0 Privilege Escalation

Employee Task Management System - Broken Authentication leads to compromise of all application accounts by changing the password Date: 17 February 2023 CVE Assigned: CVE-2023-0905 mitre.org, nvd.nist.org Author Email: [email protected] Vendor Homepage: https://www.sourcecodester.com...

0.3AI score0.03189EPSS
Exploits5
Packet Storm
Packet Storm
added 2023/02/24 12:0 a.m.425 views

Music Gallery Site 1.0 SQL Injection

Music Gallery Site - SQL Injection on page musiclist.php and parameter cid is vulnerable, application url is ?page=musiclist&cid=?. Any remote attacker can access this page to exploit the vulnerbility. Date: 21 February 2023 CVE Assigned: CVE-2023-0938 mitre.org nvd.nist.org Author Name: Muhammad...

0.4AI score0.01883EPSS
Exploits11
Packet Storm
Packet Storm
added 2023/02/24 12:0 a.m.220 views

Music Gallery Site 1.0 Privilege Escalation / Missing Authentication

Music Gallery Site - Broken Access Control leads to compromise of complete application by adding admin user without log-in into the application. Date: 21 February 2023 CVE Assigned: CVE-2023-0963 mitre.org nvd.nist.org Author Email: [email protected] Vendor Homepage:...

1.1AI score0.0467EPSS
Exploits5
Packet Storm
Packet Storm
added 2023/02/23 12:0 a.m.305 views

Yoga Class Registration System 1.0 SQL Injection

Exploit Title: Authenticated POST based SQL Injection when delete user on Yoga Class Registration System Google Dork: NA Date: 23/2/2023 Exploit Author: Ahmed Ismail @MrOz1l Vendor Homepage: https://www.sourcecodester.com/php/16097/yoga-class-registration-system-php-and-mysql-free-source-code.htm...

0.2AI score0.00541EPSS
Exploits2
Packet Storm
Packet Storm
added 2023/02/23 12:0 a.m.317 views

Device Manager Express 7.8.20002.47752 SQL Injection / XSS / Code Execution / Traversal

Product Name: Device Manager Express Vendor Homepage: https://www.audiocodes.com Software Link: https://www.audiocodes.com/solutions-products/products/management-products-solutions/device-manager Version: = 7.8.20002.47752 Tested on: Windows 10 / Server 2019 Default credentials: admin/admin...

1.1AI score0.43187EPSS
Exploits9
Packet Storm
Packet Storm
added 2023/02/23 12:0 a.m.330 views

Froxlor 2.0.6 Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Froxlor Log Path RCE', 'Description' = %q Froxlor v2.0.6 and below suffer from a bug that allows authenticated users to change the application lo...

8.8CVSS0.2AI score0.97653EPSS
Exploits8
Packet Storm
Packet Storm
added 2023/02/22 12:0 a.m.377 views

pyLoad js2py Python Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/stopwatch' class MetasploitModule 'pyLoad js2py Python Execution', 'Description' = %q pyLoad versions prior to 0.5.0b3.dev31 are vulnerable to Python code...

9.8CVSS9.6AI score0.96988EPSS
Exploits13
Packet Storm
Packet Storm
added 2023/02/21 12:0 a.m.268 views

Sales Tracker System 1.0 SQL Injection

Exploit Title: Authenticated SQL Injection on Sales Tracker System Google Dork: NA Date: 21/2/2023 Exploit Author: Ahmed Ismail @MrOz1l Vendor Homepage: https://www.sourcecodester.com/php/16061/sales-tracker-management-system-using-php-free-source-code.html Software Link: download link if availab...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/02/17 12:0 a.m.246 views

Best POS Management System 1.0 Shell Upload

Exploit Title: Authenticated Remote Code Execution on File Upload Google Dork: NA Date: 17/2/2023 Exploit Author: Ahmed Ismail @MrOz1l Vendor Homepage: https://www.sourcecodester.com/php/16127/best-pos-management-system-php.html Software Link:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/02/17 12:0 a.m.249 views

Kardex Mlog MCC 5.7.12+0-a203c2a213-master File Inclusion / Remote Code Execution

Remote Code Execution in Kardex MLOG ======================================================================= Product: Kardex Mlog MCC Vendor: Kardex Holding AG Tested Version: 5.7.12+0-a203c2a213-master Fixed Version: inline patch - no new version number Vulnerability Type: Improper Control of...

9.7AI score0.14832EPSS
Exploits8
Packet Storm
Packet Storm
added 2023/02/17 12:0 a.m.287 views

Zabbix Agent 6.2.7 Insecure Permissions / Privilege Escalation

Exploit Title: Zabbix agents - Insecure Permissions on non-default installation directory location Discovery by: mmg Discovery Date: 2023-01-23 Vendor Homepage: https://www.zabbix.com/downloadagents Software Link Zabbix agent :...

0.9AI score
Exploits0
Packet Storm
Packet Storm
added 2023/02/17 12:0 a.m.217 views

Best POS Management System 1.0 Cross Site Scripting

Exploit Title: Stored Cross Site Scripting on Best pos Management System Google Dork: NA Date: 14/2/2023 Exploit Author: Ahmed Ismail @MrOz1l Vendor Homepage: https://www.sourcecodester.com/php/16127/best-pos-management-system-php.html Software Link:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/02/17 12:0 a.m.278 views

Demanzo Matrimony 1.5 Cross Site Request Forgery

==================================================================================================================================== | Title : Demanzo Matrimony v.1.5 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 109.0.132-bit | |...

0.5AI score
Exploits0
Packet Storm
Packet Storm
added 2023/02/17 12:0 a.m.577 views

Best POS Management System 1.0 SQL Injection

Exploit Title: SQL Injection on Best pos Management System Google Dork: NA Date: 14/2/2023 Exploit Author: Ahmed Ismail @MrOz1l Vendor Homepage: https://www.sourcecodester.com/php/16127/best-pos-management-system-php.html Software Link:...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/02/17 12:0 a.m.545 views

Argon Dashboard 1.1.2 SQL Injection

==================================================================================================================================== | Title : Argon Dashboard - v1.1.2 Auth By Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 109.064-b...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/02/16 12:0 a.m.455 views

Atrocore 1.5.25 Shell Upload

Title: atrocore-1.5.25 User interaction - Unauthenticated File upload - RCE Author: nu11secur1ty Date: 02.16.2023 Vendor: https://atropim.com/ Software: https://github.com/atrocore/atrocore/releases/tag/1.5.25 Reference: https://portswigger.net/web-security/file-upload Description: The Create...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/02/15 12:0 a.m.366 views

B&R Systems Diagnostics Manager Cross Site Scripting

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple XSS Vulnerabilities product: B&R Systems Diagnostics Manager vulnerable version: =3.00 and =D4.93 CVE number: CVE-2022-4286 impact: medium homepage:...

0.2AI score0.00564EPSS
Exploits1
Packet Storm
Packet Storm
added 2023/02/15 12:0 a.m.362 views

WordPress Quiz And Survey Master 8.0.8 Media Deletion

RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Quiz And Survey Master Vendor URL: https://wordpress.org/plugins/quiz-master-next/ Type: Missing Authentication for Critical Function CWE-306 Date found: 2023-01-13 Date published: 2023-02-0...

0.5AI score0.02034EPSS
Exploits5
Packet Storm
Packet Storm
added 2023/02/15 12:0 a.m.220 views

WordPress Quiz And Survey Master 8.0.8 Cross Site Request Forgery

RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Quiz And Survey Master Vendor URL: https://wordpress.org/plugins/quiz-master-next/ Type: Cross-Site Request Forgery CSRF CWE-352 Date found: 2023-01-13 Date published: 2023-02-08 CVSSv3 Scor...

0.02034EPSS
Exploits6
Packet Storm
Packet Storm
added 2023/02/15 12:0 a.m.307 views

Arris Router Firmware 9.1.103 Remote Code Execution

c Exploit Title: Arris Router Firmware 9.1.103 - Remote Code Execution RCE Authenticated Date: 17/11/2022 Exploit Author: Yerodin Richards Vendor Homepage: https://www.commscope.com/ Version: 9.1.103 Tested on: TG2482A, TG2492, SBG10 CVE : CVE-2022-45701 import requests import base64 routerhost =...

0.4AI score0.45313EPSS
Exploits6
Packet Storm
Packet Storm
added 2023/02/15 12:0 a.m.344 views

Korenix JetWave Command Injection / Denial Of Service

CyberDanube Security Research 20230213-0 ------------------------------------------------------------------------------- title| Multiple Vulnerabilities product| JetWave4221 HP-E, JetWave 2212G, JetWave 2212X/2212S, | JetWave 2211C, JetWave 2411/2111, JetWave 2411L/2111L, | JetWave 2414/2114,...

Exploits0
Packet Storm
Packet Storm
added 2023/02/15 12:0 a.m.318 views

GitLab GitHub Repo Import Deserialization Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'GitLab GitHub Repo Import Deserialization RCE', 'Description' = %q An authenticated user can import a repository from GitHub into GitLab. If a us...

9.9CVSS9.6AI score0.86194EPSS
Exploits5
Packet Storm
Packet Storm
added 2023/02/14 12:0 a.m.206 views

XWorm Trojan 2.1 NULL Pointer Dereference

Exploit Author: TOUHAMI KASBAOUI Vendor Homepage: https://blog.cyble.com/2022/08/19/evilcoder-project-selling-multiple-dangerous-tools-online/ Software Link: N/A Version: 2.1 Tested on: Windows 10 CVE : N/A ================================================================== THE BUG : NULL pointer...

1.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/02/14 12:0 a.m.331 views

Cisco RV Series Authentication Bypass / Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco RV Series Authentication Bypass and Command Injection', 'Description' = %q This module exploits two vulnerabilities, a session ID directory...

10CVSS1.1AI score0.80031EPSS
Exploits3
Packet Storm
Packet Storm
added 2023/02/13 12:0 a.m.241 views

Global Infotech CMS 1.0 SQL Injection

==================================================================================================================================== | Title : Global Infotech cms v 1.0 Auth by pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro | | Vendor :...

0.3AI score
Exploits0
Total number of security vulnerabilities50744