Packetstorm - Page 134 of Packetstorm Vulnerabilities List | Vulners.com

PacketstormRecent

Recent Most viewed

50624 matches found

Packet Storm•added 2022/04/07 12:0 a.m.•288 views

minewebcms 1.15.2 Cross Site Scripting

Exploit Title: minewebcms 1.15.2 - Cross-site Scripting XSS Google Dork: NA Date: 02/20/2022 Exploit Author: Chetanya Sharma @AggressiveUser Vendor Homepage: https://mineweb.org/ Software Link: https://github.com/mineweb/minewebcms Version: 1.15.2 Tested on: KALI OS CVE : CVE-2022-1163...

6.8CVSS5.4AI score0.00626EPSS

Packet Storm•added 2022/04/07 12:0 a.m.•258 views

Kramer VIAware Remote Code Execution

Exploit Title: Remote Code Execution as Root on KRAMER VIAware Date: 31/03/2022 Exploit Author: sharkmoos Vendor Homepage: https://www.kramerav.com/ Software Link: https://www.kramerav.com/us/product/viaware Version: Tested on: ViaWare Go Linux CVE : CVE-2021-35064, CVE-2021-36356 import sys,...

10CVSS0.8AI score0.93004EPSS

Packet Storm•added 2022/04/07 12:0 a.m.•278 views

FFS Colibri Controller Module 1.8.19.8580 Directory Traversal

============== Author ============== = Name: Momen Eldawakhly Cyber Guy = Company: Cypro.se ====================================== ============== Product ============== = Vendor: Franklin Fueling Systems = Product: FFS Colibri Controller Module = Version: 1.8.19.8580...

0.8AI score0.92171EPSS

Packet Storm•added 2022/04/06 12:0 a.m.•222 views

Bakery Shop Management System 1.0 Local File Inclusion

Title: Bakery Shop Management System 1.0 LFI To RCE Author: Hejap Zairy Date: 06.04.2022 Vendor: https://www.campcodes.com/projects/php/simple-bakery-shop-management-system/ Software: https://www.campcodes.com/wp-content/uploads/2022/02/bsms0.zip Reference: https://github.com/Matrix07ksa Tested o...

Packet Storm•added 2022/04/06 12:0 a.m.•221 views

Online Sports Complex Booking System 1.0 SQL Injection

Title: Online Sports Complex Booking System 1.0 SQL Injection Author: Zllggggg Vendor: https://www.sourcecodester.com/php/15236/online-sports-complex-booking-system-phpmysql-free-source-code.html Software: https://www.sourcecodester.com/sites/default/files/download/oretnom23/scbs1.zip Reference:...

Packet Storm•added 2022/04/06 12:0 a.m.•231 views

Bakery Shop Management System 1.0 SQL Injection

Title: Bakery Shop Management System 1.0 - Blind Time SQLi To Rce Author: Hejap Zairy Date: 06.04.2022 Vendor: https://www.campcodes.com/projects/php/simple-bakery-shop-management-system/ Software: https://www.campcodes.com/wp-content/uploads/2022/02/bsms0.zip Reference:...

Packet Storm•added 2022/04/06 12:0 a.m.•243 views

SAP Information System 1.0 Shell Upload

Title: SAP Information System 1.0 Shell Upload Author: Hejap Zairy Date: 05.04.2022 Vendor: https://www.sourcecodester.com/php/15262/sap-information-system-using-phppdo-oop.html Software: https://www.sourcecodester.com/sites/default/files/download/oretnom23/SAPInformationSystem.zip Reference:...

Packet Storm•added 2022/04/06 12:0 a.m.•315 views

cmark-gfm Integer overflow

cmark-gfm: Integer overflow in table extension cmark-gfm Github's markdown parsing library is vulnerable to an out-of-bounds write when parsing markdown tables with a high number of columns due to an overflow of the 16bit columns count. Support for parsing tables in a github flavored markdown fil...

9.8CVSS0.5AI score0.04189EPSS

Packet Storm•added 2022/04/05 12:0 a.m.•263 views

Online Banquet Booking System 1.0 Cross Site Request Forgery

Exploit Title: Online Banquet Booking System - 'change admin credentials' Cross-Site Request Forgery CSRF Date: 04/04/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/online-banquet-booking-system-using-php-and-mysql/ Version: 1.0...

Packet Storm•added 2022/04/05 12:0 a.m.•245 views

Multi Store Inventory Management System 1.0 Account Takeover

Exploit Title: Multi Store Inventory Management System - Account Takeover Unauthenticated Date: 04/04/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.bdtask.com/ Software Link: https://www.campcodes.com/projects/php/complete-multi-store-inventory-management-system-in-php-mysql/...

Packet Storm•added 2022/04/05 12:0 a.m.•311 views

Multi Store Inventory Management System 1.0 Information Disclosure

Exploit Title: Multi Store Inventory Management System - Information Disclosure Date: 04/04/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.bdtask.com/ Software Link: https://www.campcodes.com/projects/php/complete-multi-store-inventory-management-system-in-php-mysql/ Version: 1.0...

Packet Storm•added 2022/04/05 12:0 a.m.•314 views

Gadget Store Management System 1.0 Shell Upload

Exploit Title: Gadget Store Management System 1.0 - Remote Code Execution RCE Unauthenticated Date: 04/04/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.campcodes.com/ Software Link: https://www.campcodes.com/projects/php/gadget-store-management-system/ Version: 1.0 Tested on:...

Packet Storm•added 2022/04/04 12:0 a.m.•296 views

Backdoor.Win32.Delf.ps Information Disclosure

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/cf3c08afa6c2d49ba36ed0f895893d71.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Delf.ps Vulnerability: Information Disclosure Description: The malware listens on TCP...

Packet Storm•added 2022/04/04 12:0 a.m.•306 views

Backdoor.Win32.Jokerdoor Hardcoded Credential

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/a6437375fff871dff97dc91c8fd6259f.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Jokerdoor Vulnerability: Weak Hardcoded Credentials Family: Jokerdoor Type: PE32 MD5:...

Packet Storm•added 2022/04/04 12:0 a.m.•280 views

Backdoor.Win32.Wollf.h Remote Command Execution

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/867c6b432ccd4aa51adc5e2722a4b144.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Wollf.h Vulnerability: Unauthenticated Remote Command Execution Description: The...

Packet Storm•added 2022/04/04 12:0 a.m.•327 views

ALLMediaServer 1.6 Buffer Overflow

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework Author: Hejap Zairy Date: 1.08.2022 Exploit Prof Proof and Exploit: image:https://i.imgur.com/yLrRR2t.png video:https://streamable.com/x4i50c require 'msf/core' class...

1AI score0.79342EPSS

Packet Storm•added 2022/04/04 12:0 a.m.•361 views

Barco Control Room Management Suite Directory Traversal

I. SUMMARY Title: CVE-2022-2623 Barco Control Room Management Suite File Path Traversal Vulnerability Product: Barco Control Room Management Suite before 2.9 build 0275 and all prior versions Vulnerability Type: File Path Traversal Credit by/Researcher: Murat Aydemir from Accenture Cyber Security...

8.2AI score0.70035EPSS

Packet Storm•added 2022/04/04 12:0 a.m.•303 views

Roxy File Manager 1.4.5 PHP File Upload Restriction Bypass

Exploit Title: Roxy File Manager 1.4.5 PHP File Upload Restriction Bypass Exploit Author: Adam Shebani NULLHE4D Date: 07/03/2022 Software: Roxy File Manager Version: 1.4.5 CVE: CVE-2018-20525 Vendor Homepage: http://www.roxyfileman.com/ Software Link:...

9.1CVSS0.1AI score0.33957EPSS

Packet Storm•added 2022/04/04 12:0 a.m.•307 views

Sherpa Connector Service 2020.2.20328.2050 Unquoted Service Path

Exploit Title: Sherpa Connector Service v2020.2.20328.2050 - Unquoted Service Path Exploit Author: Manthan Chhabra netsectuna, Harshit fumenoid Version: 2020.2.20328.2050 Date: 02/04/2022 Vendor Homepage: http://gimmal.com/ Vulnerability Type: Unquoted Service Path Tested on: Windows 10 CVE:...

0.3AI score0.00216EPSS

Packet Storm•added 2022/04/04 12:0 a.m.•403 views

Payroll Management System 1.0 SQL Injection

Title: Payroll Management System v1.0 SQLi Author: nu11secur1ty Date: 04.03.2022 Vendor: https://www.sourcecodester.com/user/257130/activity Software: https://www.sourcecodester.com/php/14475/payroll-management-system-using-phpmysql-source-code.html Reference:...

Packet Storm•added 2022/04/01 12:0 a.m.•286 views

WordPress Uleak Security Dashboard 1.2.3 Cross Site Scripting

Exploit Title: WordPress Plugin uleak-security-dashboard 1.2.3 - Stored Cross-Site Scripting Authenticated Date: 31-03-2022 Exploit Author: Hassan Khan Yusufzai - Splint3r7 Vendor Homepage: https://wordpress.org/plugins/uleak-security-dashboard/ Version: 1.2.3 Tested on: Firefox Contact me: h at...

Packet Storm•added 2022/03/31 12:0 a.m.•288 views

IdeaRE RefTree Shell Upload

=============================================================================== title: IdeaRE RefTree Remote Code Execution product: IdeaRE RefTree 2021.09.17 vulnerability type: Unrestricted File Upload CVE ID: CVE-2022-27249 severity: High CVSSv3 score: 8.8 CVSSv3 vector:...

0.1AI score0.05243EPSS

Packet Storm•added 2022/03/31 12:0 a.m.•248 views

Spoofer 1.4.6 Privilege Escalation / Unquoted Service Path

Exploit Title: Spoofer 1.4.6 – Local Privilege Escalation via Unquoted Service Path Date: 24/01/2022 Exploit Author: Asim Sattar @MAsim1 Vendor Homepage: https://www.caida.org/projects/spoofer/ Software Link: https://www.caida.org/projects/spoofer/downloads/Spoofer-1.4.6-win32.exe Version: 1.4.6...

Packet Storm•added 2022/03/31 12:0 a.m.•259 views

EG Free AntiVirus 2020 Privilege Escalation / Unquoted Service Path

Exploit Title: EG Free AntiVirus v2020 - Unquoted Service Path Local Privilege Escalation Date: 24/01/2022 Exploit Author: Shahrukh Iqbal Mirza @shahrukhiqbal24 Vendor Homepage: http://www.egsoftweb.in/index.aspx Software Link: http://www.egsoftweb.in/OurProductReadmore.aspx?id=6 Version: 2020...

Packet Storm•added 2022/03/31 12:0 a.m.•206 views

Message System 1.0 SQL Injection

Title: Message System 1.0 1.0 Blind Time SQLi To Rce Author: Hejap Zairy Date: 30.07.2022 Vendor: https://www.sourcecodester.com/php/15249/message-system-phpoop-free-source-code.html Software:https://www.sourcecodester.com/sites/default/files/download/oretnom23/pmms1.zip Reference:...

Packet Storm•added 2022/03/31 12:0 a.m.•378 views

Spring Cloud Function SpEL Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Spring Cloud Function SpEL Injection', 'Description' = %q Spring Cloud Function versions prior to 3.1.7 and 3.2.3 are vulnerable to remote code...

0.2AI score0.94462EPSS

Packet Storm•added 2022/03/31 12:0 a.m.•176 views

Message System 1.0 Cross Site Scripting

Title: Message System 1.0 1.0 XSS Stored Author: Hejap Zairy Date: 29.07.2022 Vendor: https://www.sourcecodester.com/php/15249/message-system-phpoop-free-source-code.html Software:https://www.sourcecodester.com/sites/default/files/download/oretnom23/pmms1.zip Reference:...

Packet Storm•added 2022/03/31 12:0 a.m.•264 views

IdeaRE RefTree Path Traversal

=============================================================================== title: IdeaRE RefTree Download Path Traversal product: IdeaRE RefTree =============================================================================== EXECUTIVE SUMMARY RefTree is a web application made for managing...

0.3AI score0.00333EPSS

Packet Storm•added 2022/03/31 12:0 a.m.•508 views

Medical Hub Directory Site 1.0 SQL Injection

Title: Medical Hub Directory Site 1.0 Blind Time SQLi To Rce Author: Hejap Zairy Date: 30.07.2022 Vendor: https://www.sourcecodester.com/php/15252/simple-medical-hub-directory-site-phpoop-source-code.html Software:https://www.sourcecodester.com/sites/default/files/download/oretnom23/mhds.zip...

Packet Storm•added 2022/03/30 12:0 a.m.•282 views

Atom CMS 1.0.2 Shell Upload

Exploit Title: Atom CMS 2.0 - Remote Code Execution RCE Date: 22.03.2022 Exploit Author: Ashish Koli Shikari Vendor Homepage: https://thedigitalcraft.com/ Software Link: https://github.com/thedigicraft/Atom.CMS Version: 2.0 Tested on: Ubuntu 20.04.3 LTS CVE: CVE-2022-25487 Description This script...

9.8CVSS9.7AI score0.83257EPSS

Packet Storm•added 2022/03/30 12:0 a.m.•213 views

WordPress Curtain 1.0.2 Cross Site Request Forgery

Exploit Title: WordPress Plugin curtain 1.0.2 - CSRF Date: 29-03-2022 Exploit Author: Hassan Khan Yusufzai - Splint3r7 Vendor Homepage: https://wordpress.org/plugins/curtain/ Version: 1.0.2 Tested on: Firefox Contact me: h at spidersilk.com Summary: Cross site forgery vulnerability has been...

Packet Storm•added 2022/03/30 12:0 a.m.•228 views

Medical Hub Directory Site 1.0 Cross Site Scripting

Title: Medical Hub Directory Site 1.0 XSS Stored Author: Hejap Zairy Date: 30.07.2022 Vendor: https://www.sourcecodester.com/php/15252/simple-medical-hub-directory-site-phpoop-source-code.html Software:https://www.sourcecodester.com/sites/default/files/download/oretnom23/mhds.zip Reference:...

Packet Storm•added 2022/03/30 12:0 a.m.•588 views

PostgreSQL 11.7 Remote Code Execution

Exploit Title: PostgreSQL 9.3-11.7 - Remote Code Execution RCE Authenticated Date: 2022-03-29 Exploit Author: b4keSn4ke Github: https://github.com/b4keSn4ke Vendor Homepage: https://www.postgresql.org/ Software Link: https://www.postgresql.org/download/linux/debian/ Version: 9.3 - 11.7 Tested on:...

9CVSS0.2AI score0.93645EPSS

Packet Storm•added 2022/03/30 12:0 a.m.•259 views

WordPress Easy Cookie Policy 1.6.2 Cross Site Scripting

Exploit Title: WordPress Plugin Easy Cookie Policy 1.6.2 - Broken Access Control to Stored XSS Date: 2/27/2021 Author: 0xB9 Software Link: https://wordpress.org/plugins/easy-cookies-policy/ Version: 1.6.2 Tested on: Windows 10 CVE: CVE-2021-24405 1. Description: Broken access control allows any...

6.5CVSS0.2AI score0.0383EPSS

Packet Storm•added 2022/03/30 12:0 a.m.•243 views

Kramer VIAware 2.5.0719.1034 Remote Code Execution

Exploit Title: Kramer VIAware 2.5.0719.1034 - Remote Code Execution RCE Date: 28/03/2022 Exploit Author: sharkmoos & BallO Vendor Homepage: https://www.kramerav.com/ Software Link: https://www.kramerav.com/us/product/viaware Version: 2.5.0719.1034 Tested on: ViaWare Go Windows 10 CVE :...

10CVSS0.7AI score0.23812EPSS

Packet Storm•added 2022/03/30 12:0 a.m.•243 views

CSZ CMS 1.2.9 SQL Injection

Exploit Title: CSZ CMS 1.2.9 - 'Multiple' Blind SQL Injection Authenticated Date: 2021-04-14 Exploit Author: Rahad Chowdhury Vendor Homepage: https://www.cszcms.com/ Software Link: https://sourceforge.net/projects/cszcms/files/install/CSZCMS-V1.2.9.zip Version: 1.2.9 Tested on: Windows 10, Kali...

0.3AI score0.00128EPSS

Packet Storm•added 2022/03/30 12:0 a.m.•248 views

WordPress Video-Synchro-PDF 1.7.4 Local File Inclusion

Exploit Title: WordPress Plugin video-synchro-pdf 1.7.4 - Local File Inclusion - Unauthenticated Google Dork: inurl:/wp-content/plugins/video-synchro-pdf/ Date: 29-03-2022 Exploit Author: Hassan Khan Yusufzai - Splint3r7 Vendor Homepage: https://wordpress.org/plugins/video-synchro-pdf/ Version:...

Packet Storm•added 2022/03/30 12:0 a.m.•304 views

WordPress Cab-Fare-Calculator 1.0.3 Local File Inclusion

Exploit Title: WordPress Plugin cab-fare-calculator 1.0.3 - Local File Inclusion - Unauthenticated Google Dork: inurl:/wp-content/plugins/cab-fare-calculator/ Date: 29-03-2022 Exploit Author: Hassan Khan Yusufzai - Splint3r7 Vendor Homepage: https://wordpress.org/plugins/cab-fare-calculator/...

Packet Storm•added 2022/03/30 12:0 a.m.•292 views

WordPress CleanTalk 5.173 Cross Site Scripting

Description: Reflected Cross-Site Scripting Affected Plugin: Spam protection, AntiSpam, FireWall by CleanTalk Plugin Slug: cleantalk-spam-protect Plugin Developer: CleanTalk Affected Versions: = 5.173 CVE ID: CVE-2022-28221 CVSS Score: 6.1 Medium CVSS Vector:...

6.2AI score0.00532EPSS

Packet Storm•added 2022/03/30 12:0 a.m.•222 views

WordPress Donorbox-Donation-Form 7.1.6 Cross Site Scripting

Exploit Title: WordPress Plugin donorbox-donation-form 7.1.6 - Stored Cross Site Scripting Authenticated Date: 29-03-2022 Exploit Author: Hassan Khan Yusufzai - Splint3r7 Vendor Homepage: https://wordpress.org/plugins/donorbox-donation-form Version: 7.1.6 Tested on: Firefox Contact me: h at...

Packet Storm•added 2022/03/30 12:0 a.m.•192 views

WordPress Clipr 1.2.3 Cross Site Scripting

Exploit Title: WordPress plugin clipr version 1.2.3 - Authenticated Date: 29-03-2022 Exploit Author: Hassan Khan Yusufzai - Splint3r7 Vendor Homepage: https://wordpress.org/plugins/clipr/ Version: 1.2.3 Tested on: Firefox Contact me: h at spidersilk.com POC - Install Plugin...

Packet Storm•added 2022/03/30 12:0 a.m.•258 views

Joomla! 4.1.0 Zip Slip File Overwrite / Path Traversal

------------------------------------------------- Joomla! getTarInfo$this-data; 114. 115. for $i = 0, $n = \count$this-metadata; $i metadata$i'type'; 118. 119. if $type == 'file' || $type == 'unix file' 120. 121. $buffer = $this-metadata$i'data'; 122. $path = Path::clean$destination . '/'...

0.1AI score0.00049EPSS

Packet Storm•added 2022/03/30 12:0 a.m.•283 views

Medical Hub Directory Site 1.0 Local File Inclusion

Title: Medical Hub Directory Site LFI To RCE Author: Hejap Zairy Date: 30.07.2022 Vendor: https://www.sourcecodester.com/php/15252/simple-medical-hub-directory-site-phpoop-source-code.html Software:https://www.sourcecodester.com/sites/default/files/download/oretnom23/mhds.zip Reference:...

Packet Storm•added 2022/03/30 12:0 a.m.•357 views

Medical Hub Directory Site 1.0 Shell Upload

Title: Medical Hub Directory Site 1.0 Shell Upload Author: Hejap Zairy Date: 30.07.2022 Vendor: https://www.sourcecodester.com/php/15252/simple-medical-hub-directory-site-phpoop-source-code.html Software:https://www.sourcecodester.com/sites/default/files/download/oretnom23/mhds.zip Reference:...

Packet Storm•added 2022/03/30 12:0 a.m.•221 views

Medical Hub Directory Site 1.0 SQL Injection

Exploit Title: Medical Hub Directory Site - 'id' SQL Injection Date: 30/03/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/15252/simple-medical-hub-directory-site-phpoop-source-code.html Version: 1.0 Tested on:...

Packet Storm•added 2022/03/29 12:0 a.m.•195 views

Message System 1.0 Local File Inclusion

Title: Message System 1.0 LFI To RCE Author: Hejap Zairy Date: 29.07.2022 Vendor: https://www.sourcecodester.com/php/15249/message-system-phpoop-free-source-code.html Software:https://www.sourcecodester.com/sites/default/files/download/oretnom23/pmms1.zip Reference: https://github.com/Matrix07ksa...

Packet Storm•added 2022/03/29 12:0 a.m.•179 views

Message System 1.0 Shell Upload

Title: Message System 1.0 Shell Upload Author: Hejap Zairy Date: 29.07.2022 Vendor: https://www.sourcecodester.com/php/15249/message-system-phpoop-free-source-code.html Software:https://www.sourcecodester.com/sites/default/files/download/oretnom23/pmms1.zip Reference: https://github.com/Matrix07k...

Packet Storm•added 2022/03/29 12:0 a.m.•189 views

Sports Complex Booking System 1.0 Local File Inclusion

Title: Sports Complex Booking System 1.0 LFI To RCE Author: Hejap Zairy Date: 28.07.2022 Vendor: https://www.sourcecodester.com/php/15236/online-sports-complex-booking-system-phpmysql-free-source-code.html Software: https://www.sourcecodester.com/sites/default/files/download/oretnom23/scbs1.zip...

Packet Storm•added 2022/03/29 12:0 a.m.•206 views

Fingerprint Attendance 1.0 Shell Upload

Title: Fingerprint Attendance 1.0 Shell Upload Author: Hejap Zairy Date: 28.07.2022 Vendor: https://www.vetbossel.in/fingerprint-attendance-project-php/ Software: https://app.box.com/s/xlyqalhvayq8oi25tqykcbouzrrjytqy Reference: https://github.com/Matrix07ksa Tested on: Windows, MySQL, Apache...

Packet Storm•added 2022/03/29 12:0 a.m.•196 views

Fingerprint Attendance 1.0 SQL Injection

Title: Fingerprint Attendance 1.0 Blind boolean SQLi To Rce Author: Hejap Zairy Date: 28.07.2022 Vendor: https://www.vetbossel.in/fingerprint-attendance-project-php/ Software: https://app.box.com/s/xlyqalhvayq8oi25tqykcbouzrrjytqy Reference: https://github.com/Matrix07ksa Tested on: Windows, MySQ...

Total number of security vulnerabilities50624