Lucene search
K
PacketstormRecent

50744 matches found

Packet Storm
Packet Storm
added 2023/02/10 12:0 a.m.228 views

ChiKoi 1.0 Cross Site Scripting

==================================================================================================================================== | Title : ChiKoi version 1.0 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 65.032-bit | | Vendor :...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2023/02/10 12:0 a.m.334 views

Monitorr 1.7.6 Shell Upload

Exploit Title: Monitorr v1.7.6 - Unauthenticated File upload to Remote Code Execution Exploit Author: Achuth V P retrymp3 Date: February 09, 2023 Vendor Homepage: https://github.com/Monitorr/ Software Link: https://github.com/Monitorr/Monitorr Tested on: Ubuntu Version: v1.7.6 Exploit Description...

9.8CVSS9.6AI score0.85785EPSS
Exploits8
Packet Storm
Packet Storm
added 2023/02/10 12:0 a.m.242 views

ChiKoi 1.0 Directory Traversal

==================================================================================================================================== | Title : ChiKoi version 1.0 Directory Traversal Vulnerability Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...

0.5AI score
Exploits0
Packet Storm
Packet Storm
added 2023/02/10 12:0 a.m.295 views

WEBY 1.2.5 Cross Site Request Forgery

==================================================================================================================================== | Title : WEBY v.1.2.5 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 108.0.132-bit | | Vendor :...

0.8AI score
Exploits0
Packet Storm
Packet Storm
added 2023/02/09 12:0 a.m.243 views

SOUND4 LinkAndShare Transmitter 1.1.2 Format String Stack Buffer Overflow

SOUND4 LinkAndShare Transmitter 1.1.2 Format String Stack Buffer Overflow Vendor: SOUND4 Ltd. Product web page: https://www.sound4.com | https://www.sound4.biz Affected version: 1.1.2 Summary: The SOUND4 Link&Share L&S is a simple and open protocol that allow users to remotely control SOUND4...

1.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/02/09 12:0 a.m.412 views

Fortra GoAnywhere MFT Unsafe Deserialization Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Fortra GoAnywhere MFT Unsafe Deserialization RCE', 'Description' = %q This module exploits CVE-2023-0669, which is an object deserialization...

0.5AI score0.99999EPSS
Exploits12
Packet Storm
Packet Storm
added 2023/02/09 12:0 a.m.710 views

Zoho ManageEngine Endpoint Central / MSP 10.1.2228.10 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ManageEngine Endpoint Central Unauthenticated SAML RCE', 'Description' = %q This exploits an unauthenticated remote code execution vulnerability...

9.8CVSS0.3AI score0.99753EPSS
Exploits15
Packet Storm
Packet Storm
added 2023/02/09 12:0 a.m.427 views

CKSource CKEditor5 35.4.0 Cross Site Scripting

Exploit Title: Cross Site Scripting in CKSource's CKEditor5 35.4.0 Google Dork: N/A Date: February 09, 2023 Exploit Author: Manish Pathak Vendor Homepage: https://cksource.com/ Software Link: https://ckeditor.com/ckeditor-5/download/ Version: 35.4.0 Tested on: Linux / Web CVE : CVE-2022-48110...

6.8AI score0.02097EPSS
Exploits4
Packet Storm
Packet Storm
added 2023/02/08 12:0 a.m.376 views

ManageEngine ADSelfService Plus Unauthenticated SAML Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ManageEngine ADSelfService Plus Unauthenticated SAML RCE', 'Description' = %q This exploits an unauthenticated remote code execution vulnerabilit...

9.8CVSS0.7AI score0.99753EPSS
Exploits15
Packet Storm
Packet Storm
added 2023/02/08 12:0 a.m.511 views

Nagios XI 5.7.5 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Nagios XI 5.5.6 to 5.7.5 - ConfigWizards Authenticated Remote Code Exection', 'Description' = %q This module exploits CVE-2021-25296,...

9CVSS0.75196EPSS
Exploits9
Packet Storm
Packet Storm
added 2023/02/07 12:0 a.m.477 views

Material Dashboard 2 SQL Injection

==================================================================================================================================== | Title : Material Dashboard 2 Auth by pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro | | Vendor : https://www.creative-tim.com...

0.5AI score
Exploits0
Packet Storm
Packet Storm
added 2023/02/07 12:0 a.m.424 views

Zoho ManageEngine ServiceDesk Plus 14003 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ManageEngine ServiceDesk Plus Unauthenticated SAML RCE', 'Description' = %q This exploits an unauthenticated remote code execution vulnerability...

9.8CVSS0.5AI score0.99753EPSS
Exploits15
Packet Storm
Packet Storm
added 2023/02/07 12:0 a.m.330 views

101news By Mayuri K 1.0 SQL Injection

Title: 101news-by-Mayuri-K-1.0 Multiple-SQLi Author: nu11secur1ty Date: 02.02.2023 Vendor: https://mayurik.com/ Software: https://mayurik.com/source-code/P4030/news-portal-project-in-php Reference: https://portswigger.net/web-security/sql-injection Description: The comment parameter appears to be...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2023/02/06 12:0 a.m.285 views

Apache Tomcat On Ubuntu Log Init Privilege Escalation

This exploit sample shows how an exploit module could be written to exploit a bug in a command on a linux computer for priv esc. class MetasploitModule 'Apache Tomcat on Ubuntu Log Init Privilege Escalation', 'Description' = %q Tomcat 6, 7, 8 packages provided by default repositories on...

7.8CVSS0.7AI score0.09783EPSS
Exploits8
Packet Storm
Packet Storm
added 2023/02/03 12:0 a.m.445 views

Oracle Database 12.1.0.2 Spatial Component Privilege Escalation

Title: Oracle Database Privilege Escalation Through Oracle Spatial Component Product: Database Manufacturer: Oracle Affected Versions: 12.1.0.2 Tested Versions: 12cR1 Risk Level: High Solution Status: Fixed in Oracle Critical Patch Update October 2021 CVE Reference: N/A, Backported in Oracle CPU...

1.3AI score
Exploits0
Packet Storm
Packet Storm
added 2023/02/03 12:0 a.m.267 views

Lenovo Diagnostics Driver Memory Access

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Lenovo Diagnostics Driver IOCTL memmove', 'Description' = %q Incorrect access control for the Lenovo Diagnostics Driver allows a low-privileged...

0.3AI score0.04284EPSS
Exploits4
Packet Storm
Packet Storm
added 2023/02/03 12:0 a.m.348 views

macOS Dirty Cow Arbitrary File Write Local Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'macOS Dirty Cow Arbitrary File Write Local Privilege Escalation', 'Description' = %q An app may be able to execute arbitrary code with kernel...

7CVSS0.5AI score0.44678EPSS
Exploits9
Packet Storm
Packet Storm
added 2023/02/03 12:0 a.m.294 views

F5 Big-IP Create Administrative User

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'unixcrypt' class MetasploitModule 'F5 Big-IP Create Admin User', 'Description' = %q This creates a local user with a username/password and root-level privileges...

8.8CVSS0.87987EPSS
Exploits9
Packet Storm
Packet Storm
added 2023/02/01 12:0 a.m.224 views

Online Eyewear Shop 1.0 SQL Injection

Exploit Title: Online Eyewear Shop 1.0 - Product detail 'id' SQL Injection Unauthenticated Date: 2023-01-02 Exploit Author: Muhammad Navaid Zafar Ansari Vendor Homepage: https://www.sourcecodester.com/php/16089/online-eyewear-shop-website-using-php-and-mysql-free-download.html Software Link:...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2023/02/01 12:0 a.m.246 views

eCommerce Marketplace Platform CMS 1.7 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2023/02/01 12:0 a.m.216 views

eCommerce Marketplace Platform CMS 1.7 SQL Injection

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

0.6AI score
Exploits0
Packet Storm
Packet Storm
added 2023/02/01 12:0 a.m.355 views

vmwgfx Driver File Descriptor Handling Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'vmwgfx Driver File Descriptor Handling Priv Esc', 'Description' = %q If the vmwgfx driver fails to copy the 'fencerep' object to userland, it tri...

0.5AI score0.02579EPSS
Exploits3
Packet Storm
Packet Storm
added 2023/02/01 12:0 a.m.373 views

io_uring Same Type Object Reuse Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'iouring Same Type Object Reuse Priv Esc', 'Description' = %q This module exploits a bug in iouring leading to an additional putcred that can be...

8.8CVSS0.5AI score0.03718EPSS
Exploits4
Packet Storm
Packet Storm
added 2023/01/31 12:0 a.m.223 views

PHPJabbers Business Directory Script 3.2 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/01/31 12:0 a.m.252 views

PHPJabbers Auto Classifieds Script 3.2 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/01/31 12:0 a.m.1053 views

mRemoteNG 1.76.20 Privilege Escalation

mRemoteNG mRemoteNG v1.76.20 Privilege Escalation Detailed Information ------------------------------------------------------------------------------------------------------------------------------------------------------------------------ Product Name: mRemoteNG Vendor Home Page:...

0.7AI score0.00368EPSS
Exploits1
Packet Storm
Packet Storm
added 2023/01/31 12:0 a.m.378 views

Control Web Panel Unauthenticated Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/stopwatch' class MetasploitModule 'CWP login.php Unauthenticated RCE', 'Description' = %q Control Web Panel versions 'Spencer McIntyre', metasploit module...

9.8CVSS0.6AI score0.99995EPSS
Exploits12
Packet Storm
Packet Storm
added 2023/01/30 12:0 a.m.196 views

PHPJabbers Property Listing Script 3.1 SQL Injection

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2023/01/30 12:0 a.m.221 views

PHPJabbers Travel Tours Script 1.0 SQL Injection

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/01/30 12:0 a.m.206 views

PHPJabbers Travel Tours Script 1.0 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/01/30 12:0 a.m.206 views

PHPJabbers Property Listing Script 3.1 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/01/30 12:0 a.m.215 views

PHPJabbers Event Ticketing System Script 1.0 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/01/30 12:0 a.m.184 views

PHPJabbers Car Park Booking System 2.0 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/01/30 12:0 a.m.396 views

Zstore 6.6.0 Cross Site Scripting

Title: zstore-6.6.0 - XSS-Reflected Development: nu11secur1ty Date: 01.29.2023 Vendor: https://zippy.com.ua/ Software: https://github.com/leon-mbs/zstore/releases/tag/6.5.4 Reproduce: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/zippy/zstore-6.5.4 Description: The value of...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/01/27 12:0 a.m.290 views

Micro Focus GroupWise Session ID Disclosure

Trovent Security Advisory 2203-01 Micro Focus GroupWise transmits session ID in URL Overview Advisory ID: TRSA-2203-01 Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2203-01 Affected product: Micro Focus GroupWise Affected version: prior to 18.4.2...

4.3CVSS4.8AI score0.00844EPSS
Exploits2
Packet Storm
Packet Storm
added 2023/01/27 12:0 a.m.235 views

PHPJabbers Car Rental Script 3.0 SQL Injection

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2023/01/27 12:0 a.m.423 views

Razer Synapse 3.7.0731.072516 Local Privilege Escalation

Advisory ID: SYSS-2022-047 Product: Razer Synapse Manufacturer: Razer Inc. Affected Versions: Versions before 3.7.0830.081906 Tested Versions: 3.7.0731.072516 Vulnerability Type: Improper Certificate Validation CWE-295 Risk Level: High Solution Status: Open Manufacturer Notification: 2022-08-02...

7.3CVSS0.4AI score0.00889EPSS
Exploits6
Packet Storm
Packet Storm
added 2023/01/26 12:0 a.m.356 views

Secure Web Gateway 10.2.11 Cross Site Scripting

RedTeam Pentesting identified a vulnerability which allows attackers to craft URLs to any third-party website that result in arbitrary content to be injected into the response when accessed through the Secure Web Gateway. While it is possible to inject arbitrary content types, the primary risk...

6.1CVSS0.1AI score0.0189EPSS
Exploits4
Packet Storm
Packet Storm
added 2023/01/25 12:0 a.m.269 views

Inout Jobs Portal 2.2.2 SQL Injection

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/01/25 12:0 a.m.231 views

Inout Jobs Portal 2.2.2 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/01/25 12:0 a.m.326 views

Inout Music 5.1.1 SQL Injection

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/01/24 12:0 a.m.294 views

Inout Homestay 2.2 SQL Injection

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

Exploits0
Packet Storm
Packet Storm
added 2023/01/24 12:0 a.m.317 views

Inout Search Engine 10.1.3 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/01/24 12:0 a.m.645 views

Cacti 1.2.22 Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cacti 1.2.22 unauthenticated command injection', 'Description' = %q This module exploits an unauthenticated command injection vulnerability in...

9.8CVSS9.8AI score0.99826EPSS
Exploits48
Packet Storm
Packet Storm
added 2023/01/23 12:0 a.m.314 views

AmazCart Laravel Ecommerce System CMS 3.4 Cross Site Scripting

Exploit Title: AmazCart - Laravel Ecommerce System CMS 3.4 - 'Search' Cross-Site-Scripting — Reflected AJAX Date: 17/01/2023 Exploit Author: Sajibe Kanti CVE ID: Vendor Name: CodeThemes Vendor Homepage: https://spondonit.com/ Software Link:...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2023/01/23 12:0 a.m.330 views

ERPGo SaaS 3.9 CSV Injection

Exploit Title: ERPGo SaaS 3.9 - CSV Injection Date: 18/01/2023 Exploit Author: Sajibe Kanti CVE ID: Vendor Name: RajodiyaInfotech Vendor Homepage: https://rajodiya.com/ Software Link: https://codecanyon.net/item/erpgo-saas-all-in-one-business-erp-with-project-account-hrm-crm-pos/33263426 Version:...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/01/23 12:0 a.m.468 views

Active eCommerce CMS 6.5.0 Cross Site Scripting

Exploit Title: Active eCommerce CMS 6.5.0 - 'svg' Stored Cross-Site Scripting XSS Date: 19/01/2023 Exploit Author: Sajibe Kanti Vendor Name: ActiveITzone Vendor Homepage: https://activeitzone.com/ Software Link: https://codecanyon.net/item/active-ecommerce-cms/23471405 Version: 6.5.0 Tested on:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/01/23 12:0 a.m.682 views

Food Ordering System 2 Shell Upload

Title: Food Ordering System v2 File upload Vulnerability + web-shell upload - RCE Author: nu11secur1ty Date: 01.23.2023 Vendor: https://github.com/oretnom23 Software: https://www.sourcecodester.com/php/16022/online-food-ordering-system-v2-using-php8-and-mysql-free-source-code.html Reference:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/01/23 12:0 a.m.312 views

Inout RealEstate 2.1.3 SQL Injection

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2023/01/20 12:0 a.m.244 views

NetChess 2.1 Buffer Overflow

Exploit Title: NetChess2.1 Buffer Overflow SEH Date: 8/1/2022 Exploit Author: Ugur Eminli Vendor Homepage: https://sourceforge.net/projects/avmnetchess/ Software Link: https://sourceforge.net/projects/avmnetchess/ Version: 2.1 Tested on: WinXP SP2 Build 2600 !/usr/bin/perl my $file= "exploit.pgn"...

1AI score
Exploits0
Total number of security vulnerabilities50744