Lucene search
K
PacketstormRecent

50748 matches found

Packet Storm
Packet Storm
added 2022/10/01 12:0 a.m.244 views

Joomla MyMuse 4.3.0 SQL Injection

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2022/10/01 12:0 a.m.246 views

Centreon 22.04.0 Cross Site Scripting

Exploit Title: Stored XSS in servicealias parameter in Centreon version 22.04.0 Date: 1/10/2022 Exploit Author: syad Vendor Homepage: Centreon Software Link: https://download.centreon.com/ Version: 22.04.0 CVE ID : CVE-2022-39988 Tested on: Centos 7 Centreon 22.04.0 is vulnerable to Stored Cross...

5.8AI score0.00616EPSS
Exploits3
Packet Storm
Packet Storm
added 2022/10/01 12:0 a.m.209 views

ZKSecurity BIO 3.0.5.0_R Privilege Escalation

ADVISORY INFORMATION Product: ZKSecurity BIO Vendor: ZKTeco Version Affected: 3.0.5.0R CVE: CVE-2022-36634 Vulnerability: User privilege escalation CREDIT This vulnerability was discovered and researched by Caio Burgardt and Silton Santos. INTRODUCTION Based on the hybrid biometric technology and...

0.5AI score0.01341EPSS
Exploits3
Packet Storm
Packet Storm
added 2022/10/01 12:0 a.m.214 views

Joomla JS Jobs Pro 1.3.6 SQL Injection

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

0.6AI score
Exploits0
Packet Storm
Packet Storm
added 2022/10/01 12:0 a.m.219 views

Joomla jMarket 5.15 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2022/09/30 12:0 a.m.208 views

Joomla JoomRecipe 4.2.2 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/09/30 12:0 a.m.233 views

jCart For OpenCart 3.0.3.19 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/09/30 12:0 a.m.204 views

Joomla DJ-Classifieds Ads 3.9 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2022/09/29 12:0 a.m.237 views

Joomla AdsManager 3.2.0 SQL Injection

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

0.5AI score
Exploits0
Packet Storm
Packet Storm
added 2022/09/29 12:0 a.m.204 views

Joomla EDocman 1.23.3 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/09/29 12:0 a.m.220 views

Bus Pass Management System 1.0 Cross Site Scripting

Exploit Title: Bus Pass Management System 1.0 - 'searchdata' Cross-Site Scripting XSS Date: 2022-07-02 Exploit Author: Ali Alipour Vendor Homepage: https://phpgurukul.com/bus-pass-management-system-using-php-and-mysql Software Link:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/09/29 12:0 a.m.232 views

Online Examination System 1.0 Cross Site Scripting

Exploit Title: Online Examination System - Cross site scripting Reflected Google Dork: N/A Date: 2022-9-29 Exploit Author: yousef alraddadi - https://twitter.com/y0usef11 Vendor Homepage: https://projectworlds.in/free-projects/php-projects/online-examination/ Software Link:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/09/29 12:0 a.m.215 views

Online Examination System 1.0 SQL Injection

Exploit Title: Online Examination System - SQL Injection Google Dork: N/A Date: 2022-9-28 Exploit Author: yousef alraddadi - https://twitter.com/y0usef11 Vendor Homepage: https://projectworlds.in/free-projects/php-projects/online-examination/ Software Link:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/09/29 12:0 a.m.224 views

qdPM 9.1 Authenticated Shell Upload

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'qdPM 9.1 Authenticated Arbitrary PHP File Upload RCE', 'Description' = %q A remote code execution RCE vulnerability exists in qdPM 9.1 and earlie...

8.8CVSS0.1AI score0.83235EPSS
Exploits18
Packet Storm
Packet Storm
added 2022/09/28 12:0 a.m.246 views

WordPress Motopress Hotel Booking Lite 4.4.2 Cross Site Scripting

Exploit Title: WordPress Plugin Motopress Hotel Booking Lite 4.4.2 - Stored Cross-Site Scripting XSS Date: 2022-09-28 Exploit Author: Ali Alipour Vendor Homepage: https://motopress.com/ Software Link: https://wordpress.org/plugins/motopress-hotel-booking-lite/ Version: 4.4.2 Tested on: Windows 10...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/09/28 12:0 a.m.370 views

Netfilter nft_set_elem_init Heap Overflow Privilege Escalation

frozenstringliteral: true This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Netfilter nftseteleminit Heap Overflow Privilege Escalation', 'Description' = %q An issue was discovered in the Linux...

7.8CVSS1.2AI score0.05451EPSS
Exploits10
Packet Storm
Packet Storm
added 2022/09/28 12:0 a.m.211 views

EShop Joomla Shopping-Cart 3.6.0 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

Exploits0
Packet Storm
Packet Storm
added 2022/09/28 12:0 a.m.298 views

Mobile Mouse Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Mobile Mouse RCE', 'Description' = %q This module utilizes the Mobile Mouse Server by RPA Technologies, Inc protocol to deploy a payload and run ...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/09/27 12:0 a.m.249 views

Online Birth Certificate Management System 1.0 Cross Site Scripting

Exploit Title: Online Birth Certificate Management System - Cross Site Scripting XSS Reflected POST Google Dork: N/A Date: 2022-9-27 Exploit Author: yousef alraddadi - https://twitter.com/y0usef11 Vendor Homepage:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/09/27 12:0 a.m.286 views

Online Birth Certificate Management System 1.0 Cross Site Request Forgery

Exploit Title: Online Birth Certificate Management System - Cross Site Request Forgery CSRF Google Dork: N/A Date: 2022-9-27 Exploit Author: yousef alraddadi - https://twitter.com/y0usef11 Vendor Homepage:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/09/27 12:0 a.m.269 views

COVESA 2.18.8 NULL Pointer Dereference / Heap Buffer Over-Read

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Memory Corruption Vulnerabilities product: COVESA DLT daemon Diagnostic Log and Trace Connected Vehicle Systems Alliance COVESA, formerly GENIVI vulnerable...

0.5AI score0.00417EPSS
Exploits4
Packet Storm
Packet Storm
added 2022/09/27 12:0 a.m.338 views

Food Ordering Management System 1.0 SQL Injection

Exploit Title: Food Ordering Management System - SQL Injection Google Dork: N/A Date: 2022-9-27 Exploit Author: yousef alraddadi - https://twitter.com/y0usef11 Vendor Homepage: https://www.sourcecodester.com/php/15689/food-ordering-management-system-php-and-mysql-free-source-code.html Software...

0.5AI score
Exploits0
Packet Storm
Packet Storm
added 2022/09/27 12:0 a.m.296 views

Online Birth Certificate Management System 1.0 Cross Site Scripting

Exploit Title: Online Birth Certificate Management System - Stored Cross-Site Scripting XSS Google Dork: N/A Date: 2022-9-27 Exploit Author: yousef alraddadi - https://twitter.com/y0usef11 Vendor Homepage:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/09/27 12:0 a.m.294 views

Online Birth Certificate Management System 1.0 Insecure Direct Object Reference

Exploit Title: Online Birth Certificate Management System - Insecure Direct Object Reference IDOR Google Dork: N/A Date: 2022-9-27 Exploit Author: yousef alraddadi - https://twitter.com/y0usef11 Vendor Homepage:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/09/26 12:0 a.m.239 views

Backdoor.Win32.Psychward.b MVID-2022-0645 Hardcoded Credential

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/0b8cf90ab9820cb3fcb7f1d1b45e4e57.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Psychward.b Vulnerability: Weak Hardcoded Credentials Description: The...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/09/26 12:0 a.m.209 views

pfBlockerNG 2.1.4_26 Shell Upload

!/usr/bin/env python3 Original Advisory: https://www.ihteam.net/advisory/pfblockerng-unauth-rce-vulnerability/ import argparse import requests import time import sys import urllib.parse from requests.packages.urllib3.exceptions import InsecureRequestWarning...

0.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/09/26 12:0 a.m.277 views

WooCommerce BRW Booking Rental 1.3.1 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/09/26 12:0 a.m.237 views

osCommerce Shopping Cart 4 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/09/26 12:0 a.m.341 views

Active eCommerce CMS 6.3.0 Arbitrary File Download

Exploit Title: Active eCommerce CMS Arbitrary File Download Exploit Author: th3d1gger Vendor Homepage: https://codecanyon.net Software Link: https://codecanyon.net/item/active-ecommerce-cms/23471405 Version: Version 6.3.0 Tested on Ubuntu 18.04 without authentication with for loop user can downlo...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2022/09/26 12:0 a.m.280 views

LivelyCart Pro 3 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/09/26 12:0 a.m.245 views

Online Diagnostic Lab Management System 1.0 SQL Injection / Shell Upload

Exploit Title: Online Diagnostic Lab Management System - Remote Code Execution RCE Unauthenticated Google Dork: N/A Date: 2022-9-23 Exploit Author: yousef alraddadi - https://twitter.com/y0usef11 Vendor Homepage:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/09/26 12:0 a.m.259 views

Backdoor.Win32.Augudor.b MVID-2022-0644 Code Execution

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/94ccd337cbdd4efbbcc0a6c888abb87d.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Augudor.b Vulnerability: Remote File Write Code Execution Description: The...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/09/26 12:0 a.m.262 views

Backdoor.Win32.Bingle.b MVID-2022-0643 Hardcoded Credential

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/eacaa12336f50f1c395663fba92a4d32.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Bingle.b Vulnerability: Weak Hardcoded Credentials Description: The malware...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/09/26 12:0 a.m.270 views

Veritas Backup Exec Agent Remote Code Execution

frozenstringliteral: true This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Veritas Backup Exec Agent Remote Code Execution', 'Description' = %q Veritas Backup Exec Agent supports multiple...

9.8CVSS0.2AI score0.6491EPSS
Exploits7
Packet Storm
Packet Storm
added 2022/09/26 12:0 a.m.345 views

WiFi Mouse 1.8.3.4 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Wifi Mouse RCE', 'Description' = %q The WiFi Mouse Mouse Server from Necta LLC contains an auth bypass as the authentication is completely...

9.8CVSS9.7AI score0.73475EPSS
Exploits5
Packet Storm
Packet Storm
added 2022/09/26 12:0 a.m.315 views

Active eCommerce CMS 6.3.0 Cross Site Scripting

Exploit Title: Active eCommerce CMS Cross Site Scripting Exploit Author: th3d1gger Vendor Homepage: https://codecanyon.net Software Link: https://codecanyon.net/item/active-ecommerce-cms/23471405 Version: Version 6.3.0 Tested on Ubuntu 18.04 -------Request----------- POST /ajax-search HTTP/1.1...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/09/26 12:0 a.m.337 views

WordPress Forym 1.5.7 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/09/26 12:0 a.m.299 views

WordPress Sabai Discuss 1.4.13 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2022/09/23 12:0 a.m.276 views

Testa 3.5.1 Cross Site Scripting

Exploit Title: Testa 3.5.1 Online Test Management System - Reflected Cross-Site Scripting XSS Date: 28/08/2022 Exploit Author: Ashkan Moghaddas Vendor Homepage: https://testa.cc Software Link: https://download.aftab.cc/products/testa/Testawos2.0.1.zip Version: 3.5.1 Tested on: Windows/Linux Proof...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/09/23 12:0 a.m.283 views

TP-Link Tapo c200 1.1.15 Remote Code Execution

Exploit Title: TP-Link Tapo c200 1.1.15 - Remote Code Execution RCE Date: 02/11/2022 Exploit Author: hacefresko Vendor Homepage: https://www.tp-link.com/en/home-networking/cloud-camera/tapo-c200/ Version: 1.1.15 and below Tested on: 1.1.11, 1.1.14 and 1.1.15 CVE : CVE-2021-4045 Write up of the...

10CVSS0.72185EPSS
Exploits10
Packet Storm
Packet Storm
added 2022/09/23 12:0 a.m.345 views

WordPress WP-UserOnline 2.88.0 Cross Site Scripting

Exploit Title: Wordpress Plugin WP-UserOnline 2.88.0 - Stored Cross Site Scripting XSS Google Dork: inurl:/wp-content/plugins/wp-useronline/ Date: 2022-08-24 Exploit Author: UnD3sc0n0c1d0 Vendor Homepage: https://github.com/lesterchan/wp-useronline Software Link:...

5.5CVSS5.3AI score0.05094EPSS
Exploits6
Packet Storm
Packet Storm
added 2022/09/23 12:0 a.m.303 views

WordPress 3dady Real-Time Web Stats 1.0 Cross Site Scripting

Exploit Title: Wordpress Plugin 3dady real-time web stats 1.0 - Stored Cross Site Scripting XSS Google Dork: inurl:/wp-content/plugins/3dady-real-time-web-stats/ Date: 2022-08-24 Exploit Author: UnD3sc0n0c1d0 Vendor Homepage: https://profiles.wordpress.org/3dady/ Software Link:...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2022/09/23 12:0 a.m.394 views

Teleport 10.1.1 Remote Code Execution

Exploit Title: Teleport v10.1.1 - Remote Code Execution RCE Date: 08/01/2022 Exploit Author: Brandon Roach & Brian Landrum Vendor Homepage: https://goteleport.com Software Link: https://github.com/gravitational/teleport Version: /dev/tcp/10.0.0.1/5555 0&1...

8.8CVSS8.8AI score0.49476EPSS
Exploits6
Packet Storm
Packet Storm
added 2022/09/23 12:0 a.m.367 views

Feehi CMS 2.1.1 Remote Code Execution

Exploit Title: Feehi CMS 2.1.1 - Remote Code Execution RCE Authenticated Date: 22-08-2022 Exploit Author: yuyudhn Vendor Homepage: https://feehi.com/ Software Link: https://github.com/liufee/cms Version: 2.1.1 REQUIRED Tested on: Linux, Docker CVE : CVE-2022-34140 Proof of Concept: 1. Login using...

5.4CVSS5.5AI score0.03574EPSS
Exploits7
Packet Storm
Packet Storm
added 2022/09/22 12:0 a.m.255 views

Multix 2.4 Cross Site Scripting

Exploit Title: Multix - Multipurpose Website CMS with Codeigniter Reflected Cross Site Scripting Exploit Author: th3d1gger Vendor Homepage: https://codecanyon.net Software Link: https://codecanyon.net/item/multix-multipurpose-website-cms-with-codeigniter/23537596 Version: Version 2.4 Tested on...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/09/22 12:0 a.m.306 views

Multix 2.4 Cross Site Request Forgery

Exploit Title: Multix - Multipurpose Website CMS with Codeigniter Cross Site Request Forgery Exploit Author: th3d1gger Vendor Homepage: https://codecanyon.net Software Link: https://codecanyon.net/item/multix-multipurpose-website-cms-with-codeigniter/23537596 Version: Version 2.4 Tested on Ubuntu...

0.8AI score
Exploits0
Packet Storm
Packet Storm
added 2022/09/22 12:0 a.m.344 views

Bitbucket Git Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Bitbucket Git Command Injection', 'Description' = %q Various versions of Bitbucket Server and Data Center are vulnerable to an unauthenticated...

8.8CVSS0.4AI score0.99174EPSS
Exploits24
Packet Storm
Packet Storm
added 2022/09/22 12:0 a.m.288 views

WorkOrder CMS 0.1.0 SQL Injection

Exploit Title: WorkOrder CMS 0.1.0 SQLI Date: Sep 22, 2022 Exploit Author: Chokri Hammedi Vendor Homepage: https://github.com/romzes13/WorkOrderCMS Software Link: https://github.com/romzes13/WorkOrderCMS/archive/refs/tags/v0.1.0.zip Version: 0.1.0 Tested on: Linux Auth Bypass: username:' or '1'='...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2022/09/22 12:0 a.m.237 views

WorkOrder CMS 0.1.0 Cross Site Scripting

Exploit Title: WorkOrder CMS 0.1.0 Cross-Site Scripting XSS Date: Sep 22, 2022 Exploit Author: Chokri Hammedi Vendor Homepage: https://github.com/romzes13/WorkOrderCMS Software Link: https://github.com/romzes13/WorkOrderCMS/archive/refs/tags/v0.1.0.zip Version: 0.1.0 Tested on: Linux Payload:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/09/21 12:0 a.m.804 views

Unified Remote Authentication Bypass / Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Unified Remote Auth Bypass to RCE', 'Description' = %q This module utilizes the Unified Remote remote control protocol to type out and deploy a...

0.9AI score0.66354EPSS
Exploits4
Total number of security vulnerabilities50748