Packetstorm - Page 121 of Packetstorm Vulnerabilities List | Vulners.com

PacketstormRecent

Recent Most viewed

50630 matches found

Packet Storm•added 2022/11/09 12:0 a.m.•273 views

WordPress Blog2Social 6.9.11 Missing Authorization

Description: Missing Authorization to Authenticated Subscriber+ Settings Update Affected Plugin: Blog2Social Plugin Slug: blog2social Affected Versions: = 6.9.11 CVE ID: CVE-2022-3622 CVSS Score: 4.7 Medium CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N Researcher/s: Marco Wotschka Ful...

0.5AI score0.00141EPSS

Packet Storm•added 2022/11/08 12:0 a.m.•237 views

Forma SPOT-LMS 3.2.1 Cross Site Scripting

Title: Forma SPOT-LMS-3.2.1 Cross-site scripting reflected RCE - reset mail vulnerability Author: nu11secur1ty Date: 11.07.2022 Vendor: https://www.spotlms.us/indexmulti.php The software is applied in the demo account: https://www.spotlms-anca-001.ovh/ Reference:...

Packet Storm•added 2022/11/04 12:0 a.m.•368 views

WebKit HTMLSelectElement Use-After-Free

WebKit use-after-free in HTMLSelectElement There is a use-after-free in HTMLSelectElement. If the length of the HTMLSelectElement is set to a value greater than the existing options length then dummy HTMLOptionElements elements are created. These HTMLOptionsElements are stored as raw pointers in...

Packet Storm•added 2022/11/04 12:0 a.m.•300 views

Senayan Library Management System 9.5.0 SQL Injection

Title: Senayan Library Management System v9.5.0 a.k.a SLIMS 9 BULIAN SQLi Author: nu11secur1ty Date: 11.03.2022 Vendor: https://slims.web.id/web/ Software: https://github.com/slims/slims9bulian/releases Reference:...

Packet Storm•added 2022/11/03 12:0 a.m.•268 views

Automated Tank Gauge (ATG) Remote Configuration Disclosure

!/usr/bin/env python3 import time import socket with open"/tmp/ATGSCAN.txt",'r' as atgfile: for line in atgfile.read.splitlines: try: atgsocket = socket.socketsocket.AFINET, socket.SOCKSTREAM port = 10001 searchstr = 'IN-TANK INVENTORY' msg = str'\x01' + 'I20100' + '\n'.encode'ascii'...

Packet Storm•added 2022/11/02 12:0 a.m.•537 views

Apache CouchDB Erlang Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Couchdb Erlang RCE', 'Description' = %q In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installatio...

10CVSS0.2AI score0.94383EPSS

Packet Storm•added 2022/11/02 12:0 a.m.•381 views

FLIR AX8 1.46.16 Remote Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/stopwatch' class MetasploitModule 'FLIR AX8 unauthenticated RCE', 'Description' = %q All FLIR AX8 thermal sensor cameras versions up to and including 1.46.1...

9.8CVSS0.3AI score0.93519EPSS

Packet Storm•added 2022/11/02 12:0 a.m.•466 views

Webmin 1.984 File Manager Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Webmin File Manager RCE', 'Description' = %q In Webmin version 1.984, any authenticated low privilege user without access rights to the File...

9CVSS8.6AI score0.92677EPSS

Packet Storm•added 2022/10/31 12:0 a.m.•236 views

Simple Cold Storage Management System 1.0 SQL Injection

Simple Cold Storage Management System v1.0 by oretnom23 has SQL injection BUGAuthor: QiaoRui feng Login account: admin/admin123 Super Admin account vendors: https://www.sourcecodester.com/php/15088/simple-cold-storage-management-system-using-phpoop-source-code.html The program is built using the...

7.2CVSS0.4AI score0.00388EPSS

Packet Storm•added 2022/10/31 12:0 a.m.•375 views

Train Scheduler App 1.0 Insecure Direct Object Reference

Exploit Title: Train Scheduler App v1.0 - Insecure Direct Object Reference IDOR to "delete user id " Exploit Author: Rohit Sharma Vendor Name: oretnom23 Vendor Homepage: https://www.sourcecodester.com/php/15720/train-scheduler-app-using-php-oop-and-mysql-database-free-download.html Software Link:...

7.7AI score0.00527EPSS

Packet Storm•added 2022/10/31 12:0 a.m.•274 views

wolfSSL Buffer Overflow

wolfssl before 5.5.1: CVE-2022-39173 Buffer overflow when refining cipher suites ================================================================================== INFO ======= The CVE project has assigned the id CVE-2022-39173 to this issue. Severity: high 7.5 Affected version: before 5.5.1 End ...

7.5CVSS0.4AI score0.01374EPSS

Packet Storm•added 2022/10/31 12:0 a.m.•251 views

Ecommerce CodeIgniter Bootstrap 1.0 Cross Site Scripting

Title: Ecommerce-CodeIgniter-Bootstrap-1.0 Cross-site scripting reflected RCE Author: nu11secur1ty Date: 10.29.2022 Vendor: https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap Software: https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/archive/refs/heads/master.zip...

Packet Storm•added 2022/10/31 12:0 a.m.•346 views

Leeloo Multipath Authorization Bypass / Symlink Attack

Qualys Security Advisory Leeloo Multipath: Authorization bypass and symlink attack in multipathd CVE-2022-41974 and CVE-2022-41973 ======================================================================== Contents ======================================================================== Summary...

0.3AI score0.00231EPSS

Packet Storm•added 2022/10/28 12:0 a.m.•656 views

Siemens APOGEE PXC / TALON TC Authentication Bypass

!/usr/bin/env python3 -- coding: utf-8 -- 2022-05-23 Standard Modules from metasploit import module Extra Dependencies dependenciesmissing = False try: import logging import requests import requests import xmltodict import xml.etree.ElementTree as ET import socket import struct import requests...

7.5CVSS0.2AI score0.08851EPSS

Packet Storm•added 2022/10/27 12:0 a.m.•368 views

Vagrant Synced Folder Vagrantfile Breakout

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Vagrant Synced Folder Vagrantfile Breakout', 'Description' = %q This module exploits a default Vagrant synced folder shared folder to append a Ru...

Packet Storm•added 2022/10/26 12:0 a.m.•279 views

Dinstar FXO Analog VoIP Gateway DAG2000-16O Cross Site Scripting

Exploit Title: Dinstar FXO Analog VoIP Gateway DAG2000-16O Stored Cross Site Scripting Google Dork: NA Date: 25/10/2022 Exploit Author: Yehia Elghaly Vendor Homepage: https://www.dinstar.com/ Software Link: https://www.dinstar.com/analog-voip-gateway/16-fxo/ Version: DAG2000-16O CVE: N/A Summary:...

Packet Storm•added 2022/10/26 12:0 a.m.•282 views

ERP Sankhya 4.13.x Cross Site Scripting

Exploit Title: ERP Sankhya - XSS to Account Takeover Google Dork: N/A Date: 19/10/2022 Exploit Author: Lucas Alves Da Cunha - 0xLucas Vendor Homepage: https://www.sankhya.com.br Version: Sankhya Om Payload utilizado para capturar os dados da sessão do usuário: Passos para reprodução: 1 -...

0.2AI score0.00529EPSS

Packet Storm•added 2022/10/25 12:0 a.m.•702 views

GLPI 10.0.2 Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'GLPI htmLawed php command injection', 'Description' = %q This exploit takes advantage of a unauthenticated php command injection available from...

9.8CVSS9.6AI score0.94395EPSS

Packet Storm•added 2022/10/25 12:0 a.m.•468 views

ZKTeco ZEM500-510-560-760 / ZEM600-800 / ZEM720 / ZMM Missing Authentication

Advisory: Missing Authentication in ZKTeco ZEM/ZMM Web Interface The ZKTeco time attendance device does not require authentication to use the web interface, exposing the database of employees and their credentials. Details ======= Product: ZKTeco ZEM500-510-560-760, ZEM600-800, ZEM720, ZMM Affect...

0.5AI score0.10877EPSS

Packet Storm•added 2022/10/24 12:0 a.m.•287 views

Email-Worm.Win32.Kipis.c MVID-2022-0652 File Write / Code Execution

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/8d0df60c96e4011c312d61ed3e6dc70e.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Email-Worm.Win32.Kipis.c Vulnerability: Remote File Write Code Execution Description: The...

Packet Storm•added 2022/10/24 12:0 a.m.•283 views

Backdoor.Win32.Psychward.10 MVID-2022-0651 Remote Command Execution

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/70c5f8d61f6ac67091c0c5860e456427.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Psychward.10 Vulnerability: Unauthenticated Remote Command Execution...

Packet Storm•added 2022/10/24 12:0 a.m.•325 views

Backdoor.Win32.Delf.arh MVID-2022-0650 Authentication Bypass

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/b3b19524967d22d6eb7517b03b660b00.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Delf.arh Vulnerability: Authentication Bypass Description: The malware runs...

Packet Storm•added 2022/10/24 12:0 a.m.•324 views

Pega Platform 8.7.3 Remote Code Execution

Exploit Title: Pega Platform 8.1.0 and higher Remote Code Execution Google Dork: N/A Date: 20 Oct 2022 Exploit Author: Marcin Wolak using MOGWAI LABS JMX Exploitation Toolkit Vendor Homepage: www.pega.com Software Link: Not Available Version: 8.1.0 on-premise and higher, up to 8.7.3 Tested on: Re...

9.8CVSS9.7AI score0.45577EPSS

Packet Storm•added 2022/10/20 12:0 a.m.•270 views

Zimbra Collaboration Suite TAR Path Traversal

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'TAR Path Traversal in Zimbra CVE-2022-41352', 'Description' = %q This module creates a .tar file that can be emailed to a Zimbra server to exploi...

9.8CVSS0.2AI score0.93958EPSS

Packet Storm•added 2022/10/19 12:0 a.m.•413 views

Fortinet FortiOS / FortiProxy / FortiSwitchManager Authentication Bypass

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Fortinet FortiOS, FortiProxy, and FortiSwitchManager authentication bypass.', 'Description' = %q This module exploits an authentication bypass...

0.2AI score0.94427EPSS

Packet Storm•added 2022/10/19 12:0 a.m.•313 views

Zimbra Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Zimbra sudo + postfix privilege escalation', 'Description' = %q This module exploits a vulnerable sudo configuration that permits the zimbra user...

0.7AI score0.02836EPSS

Packet Storm•added 2022/10/19 12:0 a.m.•249 views

AVS Audio Converter 10.3 Stack Overflow

Exploit Title: AVS Audio Converter 10.3 - Stack Overflow SEH Discovered by: Yehia Elghaly - Mrvar0x Discovered Date: 2022-10-16 Tested Version: 10.3.1.633 Tested on OS: Windows 7 Professional x86 pop+ret Address=005154E6 Message= 0x005154e6 : pop ecx pop ebp ret 0x04 | startnull PAGEEXECUTEREAD...

Packet Storm•added 2022/10/17 12:0 a.m.•233 views

WiFi File Transfer 1.0.8 Cross Site Scripting

Document Title: =============== WiFi File Transfer v1.0.8 - Cross Site Scripting Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2322 Release Date: ============= 2022-10-17 Vulnerability Laboratory ID VL-ID:...

Packet Storm•added 2022/10/17 12:0 a.m.•241 views

Garage Management System 1.0 Cross Site Scripting

Exploit Title: Garage Management System 1.0 - 'categoriesName' - Stored XSS Date: 18-09-2022 Exploit Author: Sam Wallace Software Link: https://www.sourcecodester.com/php/15485/garage-management-system-using-phpmysql-source-code.html Version: 1.0 Tested on: Debian CVE : CVE-2022-41358 Summary:...

5.8AI score0.0106EPSS

Packet Storm•added 2022/10/17 12:0 a.m.•256 views

Webile 1.0.1 Directory Traversal

Document Title: =============== Webile v1.0.1 - Directory Traversal Web Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2320 Release Date: ============= 2022-10-10 Vulnerability Laboratory ID VL-ID: ==================================== 232...

Packet Storm•added 2022/10/17 12:0 a.m.•322 views

Spring Cloud Gateway 3.1.0 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Spring Cloud Gateway Remote Code Execution', 'Description' = %q This module exploits an unauthenticated remote code execution vulnerability in...

10CVSS0.2AI score0.94461EPSS

Packet Storm•added 2022/10/17 12:0 a.m.•237 views

MiniDVBLinux 5.4 Configuration Download

MiniDVBLinux 5.4 Config Download Exploit Vendor: MiniDVBLinux Product web page: https://www.minidvblinux.de Affected version: =5.4 Summary: MiniDVBLinuxTM Distribution MLD. MLD offers a simple way to convert a standard PC into a Multi Media Centre based on the Video Disk Recorder VDR by Klaus...

Packet Storm•added 2022/10/17 12:0 a.m.•239 views

WordPress Photo Gallery 1.8.0 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

Packet Storm•added 2022/10/17 12:0 a.m.•205 views

MiniDVBLinux 5.4 Remote Root Command Execution

!/usr/bin/env python3 MiniDVBLinux 5.4 Remote Root Command Execution Vulnerability Vendor: MiniDVBLinux Product web page: https://www.minidvblinux.de Affected version: =5.4 Summary: MiniDVBLinuxTM Distribution MLD. MLD offers a simple way to convert a standard PC into a Multi Media Centre based o...

Packet Storm•added 2022/10/17 12:0 a.m.•198 views

MiniDVBLinux 5.4 SVDRP Control

MiniDVBLinux 5.4 Simple VideoDiskRecorder Protocol SVDRP svdrpsend.sh Exploit Vendor: MiniDVBLinux Product web page: https://www.minidvblinux.de Affected version: =5.4 Summary: MiniDVBLinuxTM Distribution MLD. MLD offers a simple way to convert a standard PC into a Multi Media Centre based on the...

Packet Storm•added 2022/10/17 12:0 a.m.•234 views

MapTool 1.11.5 Cross Site Scripting

Document Title: =============== MapTool v1.11.5 - Cross Site Scripting Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2319 Release Date: ============= 2022-10-11 Vulnerability Laboratory ID VL-ID: ==================================== 23...

Packet Storm•added 2022/10/17 12:0 a.m.•186 views

Joomla Vik Appointments 1.7.3 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

Packet Storm•added 2022/10/17 12:0 a.m.•237 views

Knap Advanced PHP Login 3.1.3 Cross Site Scripting

Document Title: =============== Knap APL v3.1.3 - Persistent Cross Site Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2307 Release Date: ============= 2022-10-10 Vulnerability Laboratory ID VL-ID: ==================================== 230...

Packet Storm•added 2022/10/17 12:0 a.m.•214 views

Backdoor.Win32.Redkod.d MVID-2022-0649 Hardcoded Credential

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/bb309bdd071d5733efefe940a89fcbe8.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Redkod.d Vulnerability: Weak Hardcoded Credentials Description: The malware...

Packet Storm•added 2022/10/17 12:0 a.m.•244 views

MapTool 1.11.5 Denial Of Service

Document Title: =============== MapTool v1.11.5 - Denial of Service Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2318 Release Date: ============= 2022-10-10 Vulnerability Laboratory ID VL-ID: ==================================== 2318...

Packet Storm•added 2022/10/17 12:0 a.m.•209 views

MiniDVBLinux 5.4 Unauthenticated Stream Disclosure

MiniDVBLinux 5.4 Unauthenticated Stream Disclosure Vulnerability Vendor: MiniDVBLinux Product web page: https://www.minidvblinux.de Affected version: /dev/null -------------------------------------------------------------------- Tested on: MiniDVBLinux 5.4 BusyBox v1.25.1 Architecture: armhf,...

Packet Storm•added 2022/10/17 12:0 a.m.•210 views

MiniDVBLinux 5.4 Change Root Password

MiniDVBLinux 5.4 Change Root Password PoC Vendor: MiniDVBLinux Product web page: https://www.minidvblinux.de Affected version: =5.4 Summary: MiniDVBLinuxTM Distribution MLD. MLD offers a simple way to convert a standard PC into a Multi Media Centre based on the Video Disk Recorder VDR by Klaus...

Packet Storm•added 2022/10/17 12:0 a.m.•654 views

Vicidial 2.14-783a Cross Site Scripting

Document Title: =============== Vicidial v2.14-783a - Multiple XSS Web Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2311 Release Date: ============= 2022-10-11 Vulnerability Laboratory ID VL-ID: ==================================== 23...

Packet Storm•added 2022/10/17 12:0 a.m.•192 views

MiniDVBLinux 5.4 Arbitrary File Read

!/usr/bin/env python3 MiniDVBLinux 5.4 Arbitrary File Read Vulnerability Vendor: MiniDVBLinux Product web page: https://www.minidvblinux.de Affected version: =5.4 Summary: MiniDVBLinuxTM Distribution MLD. MLD offers a simple way to convert a standard PC into a Multi Media Centre based on the Vide...

Packet Storm•added 2022/10/17 12:0 a.m.•239 views

WordPress ImageMagick-Engine 1.7.4 Remote Code Execution

Exploit Title: Wordpress Plugin ImageMagick-Engine 1.7.4 - Remote Code Execution RCE Authenticated Google Dork: inurl:"/wp-content/plugins/imagemagick-engine/" Date: Thursday, September 1, 2022 Exploit Author: ABDO10 Vendor Homepage: https://wordpress.org/plugins/imagemagick-engine/ Software Link...

Packet Storm•added 2022/10/17 12:0 a.m.•334 views

pfSense pfBlockerNG 2.1.4_26 Shell Upload

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'pfSense plugin pfBlockerNG unauthenticated RCE as root', 'Description' = %q pfBlockerNG is a popular pfSense plugin that is not installed by...

9.8CVSS0.94321EPSS

Packet Storm•added 2022/10/17 12:0 a.m.•228 views

Stripe Green Downloads 2.03 Cross Site Scripting

Document Title: =============== Stripe Green Downloads 2.03 - Cross Site Web Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2287 Release Date: ============= 2022-10-17 Vulnerability Laboratory ID VL-ID: ===================================...

Packet Storm•added 2022/10/17 12:0 a.m.•215 views

MiniDVBLinux 5.4 Remote Root Command Injection

!/usr/bin/env python3 MiniDVBLinux 5.4 Remote Root Command Injection Vulnerability Vendor: MiniDVBLinux Product web page: https://www.minidvblinux.de Affected version: =5.4 Summary: MiniDVBLinuxTM Distribution MLD. MLD offers a simple way to convert a standard PC into a Multi Media Centre based o...

Packet Storm•added 2022/10/17 12:0 a.m.•290 views

Backdoor.Win32.DarkSky.23 MVID-2022-0648 Buffer Overflow

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/1164ef21ef2af97e0339359c0dce5e7d.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.DarkSky.23 Vulnerability: Remote Stack Buffer Overflow SEH Description: The...

Packet Storm•added 2022/10/14 12:0 a.m.•130 views

Intelbras WiFiber 120AC inMesh 1.1-220216 Command Injection

CyberDanube Security Research 20221009-0 ------------------------------------------------------------------------------- title| Authenticated Command Injection product| Intelbras WiFiber 120AC inMesh vulnerable version| 1.1-220216 fixed version| 1-1-220826 CVE number| impact| High homepage|...

Total number of security vulnerabilities50630