Packetstorm - Page 141 of Packetstorm Vulnerabilities List | Vulners.com

PacketstormRecent

Recent Most viewed

50621 matches found

Packet Storm•added 2022/01/25 12:0 a.m.•289 views

Backdoor.Win32.Hanuman.b Code Execution

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/4087cffab90fa22c2882e2f97a467e8e.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Hanuman.b Vulnerability: Unauthenticated Remote Command Execution Description: The...

Packet Storm•added 2022/01/25 12:0 a.m.•236 views

Backdoor.Win32.Agent.uq Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/b83836d7e6b0893e08d88a7850ca84ee.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Agent.uq Vulnerability: Insecure Permissions Description: The malware writes a PE fil...

Packet Storm•added 2022/01/25 12:0 a.m.•221 views

Ametys CMS 4.4.1 Cross Site Scripting

Document Title: =============== Ametys v4.4.1 CMS - Cross Site Scripting Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2275 Release Date: ============= 2022-01-12 Vulnerability Laboratory ID VL-ID: ==================================== 22...

Packet Storm•added 2022/01/25 12:0 a.m.•221 views

CosaNostra Builder WebPanel Cross Site Request Forgery

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/61285c988de52b7c067fb2e703f2ab83C.txt Contact: [email protected] Media: twitter.com/malvuln Threat: CosaNostra Builder WebPanel Vulnerability: Cross Site Request Forgery CSRF Description: The Panel...

Packet Storm•added 2022/01/25 12:0 a.m.•318 views

Ethercreative Logs 3.0.3 Path Traversal

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Authenticated Path Traversal product: Ethercreative Logs plugin for Craft CMS vulnerable version: =3.0.4 CVE number: CVE-2022-23409 impact: Medium homepage:...

Packet Storm•added 2022/01/25 12:0 a.m.•224 views

CosaNostra Builder WebPanel Insecure Cryptographic Storage

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/61285c988de52b7c067fb2e703f2ab83B.txt Contact: [email protected] Media: twitter.com/malvuln Threat: CosaNostra Builder WebPanel Vulnerability: Insecure Crypto Description: The password for the panel ...

Packet Storm•added 2022/01/25 12:0 a.m.•223 views

WebACMS 2.1.0 Cross Site Scripting

Advisory ID: TO-2021-001 Product: WebACMS Vendor: AFI Solutions GmbH Tested Version: 2.1.0 Fixed Version: - Vulnerability Type: Cross-Site Scripting CWE-79 CVSSv2 Severity: AV:N/AC:L/Au:N/C:P/I:P/A:N Score 6.4 CVSSv3 Severity: AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Score 6.1 Solution Status: Unfixed...

Packet Storm•added 2022/01/25 12:0 a.m.•223 views

CosaNostra Builder Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/61285c988de52b7c067fb2e703f2ab83.txt Contact: [email protected] Media: twitter.com/malvuln Threat: CosaNostra Builder Vulnerability: Insecure Permissions Description: The malware creates PE files wit...

Packet Storm•added 2022/01/25 12:0 a.m.•288 views

Grandstream UCM62xx IP PBX sendPasswordEmail Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Grandstream UCM62xx IP PBX sendPasswordEmail RCE', 'Description' = %q This module exploits an unauthenticated SQL injection vulnerability...

10CVSS0.4AI score0.92735EPSS

Packet Storm•added 2022/01/25 12:0 a.m.•313 views

H2 Database Console Remote Code Execution

Document Title =============== Unauthenticated RCE vuln in the H2 Database console: CVE-2022-23221. Product Description =============== The H2 Console Application The Console lets you access a SQL database using a browser interface. Homepage: http://www.h2database.com/html/quickstart.html Affecte...

0.1AI score0.26568EPSS

Packet Storm•added 2022/01/25 12:0 a.m.•249 views

Online Project Time Management System 1.0 Cross Site Scripting

Exploit Title: Online Project Time Management System 1.0 - Multiple Stored XSS Authenticated Date: 19/01/2022 Exploit Author: Felipe Alcantara Filiplain Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

Packet Storm•added 2022/01/25 12:0 a.m.•239 views

Xerox Versalink Denial Of Service

Credits: Mahmoud Al-Qudsi + Website: https://neosmart.net/ + Source: https://neosmart.net/blog/?p=4865 + Media: https://twitter.com/mqudsi and https://twitter.com/neosmart Vendor Xerox Corporation Product Xerox Versalink printers, other Xerox printers/copiers. Vulnerability Type Remote...

Packet Storm•added 2022/01/25 12:0 a.m.•212 views

Backdoor.Win32.FTP99 Man-In-The-Middle

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/09dd14d3988e08a56798b1480c55a5b0B.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.FTP99 Vulnerability: Port Bounce Scan MITM Description: The malware listens on TCP...

Packet Storm•added 2022/01/25 12:0 a.m.•313 views

Backdoor.Win32.DRA.c Weak Hardcoded Password

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/5ff832ce6af4b03a709eaf380672cf34.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.DRA.c Vulnerability: Weak Hardcoded Password Description: The malware listens on TCP...

Packet Storm•added 2022/01/25 12:0 a.m.•260 views

FAUST iServer 9.0.018.018.4 Local File Inclusion

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Local file inclusion vulnerability product: Land Software - FAUST iServer vulnerable version: 9.0.017.017.1-3 - 9.0.018.018.4 fixed version: 9.0.019.019.7, Version 10 CVE...

7.6AI score0.82423EPSS

Packet Storm•added 2022/01/25 12:0 a.m.•205 views

Backdoor.Win32.FTP.Lana.01.d Weak Hardcoded Password

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/fc100ff65f676a26293915407adc211c.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.FTP.Lana.01.d Vulnerability: Weak Hardcoded Password Description: The malware listens...

Packet Storm•added 2022/01/25 12:0 a.m.•224 views

Backdoor.Win32.FTP99 Authentication Bypass

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/09dd14d3988e08a56798b1480c55a5b0.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.FTP99 Vulnerability: Authentication Bypass Race Condition Description: The malware...

Packet Storm•added 2022/01/25 12:0 a.m.•256 views

Online Project Time Management System 1.0 SQL Injection

Exploit Title: Online Project Time Management System 1.0 - SQLi Authenticated Date: 19/01/2022 Exploit Author: Felipe Alcantara Filiplain Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

Packet Storm•added 2022/01/25 12:0 a.m.•503 views

TYPO3 femanager 6.3.0 Cross Site Scripting

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Stored Cross-Site Scripting vulnerability product: TYPO3 extension "femanager" vulnerable version: 6.0.0 - 6.3.0 and 5.5.0 and below fixed version: 6.3.1 and 5.5.1 CVE...

5.4CVSS0.2AI score0.00691EPSS

Packet Storm•added 2022/01/25 12:0 a.m.•241 views

Backdoor.Win32.FTP.Lana.01.d Man-In-The-Middle

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/fc100ff65f676a26293915407adc211cB.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.FTP.Lana.01.d Vulnerability: Port Bounce Scan MITM Description: The malware listens ...

Packet Storm•added 2022/01/25 12:0 a.m.•266 views

uBidAuction 2.0.1 Cross Site Scripting

Document Title: =============== uBidAuction v2.0.1 - Multiple XSS Web Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2289 Release Date: ============= 2022-01-21 Vulnerability Laboratory ID VL-ID: ==================================== 228...

Packet Storm•added 2022/01/25 12:0 a.m.•262 views

PHPIPAM 1.4.4 SQL Injection

Exploit Title: PHPIPAM 1.4.4 - SQLi Authenticated Google Dork: if applicable Date: 20/01/2022 Exploit Author: Rodolfo "Inc0gbyt3" Tavares Vendor Homepage: https://github.com/phpipam/phpipam Software Link: https://github.com/phpipam/phpipam Version: 1.4.4 Tested on: Linux/Windows CVE :...

0.5AI score0.48978EPSS

Packet Storm•added 2022/01/24 12:0 a.m.•942 views

UniFi Network Application Unauthenticated Log4Shell Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'UniFi Network Application Unauthenticated JNDI Injection RCE via Log4Shell', 'Description' = %q The Ubiquiti UniFi Network Application versions...

10CVSS0.4AI score0.94358EPSS

Packet Storm•added 2022/01/21 12:0 a.m.•318 views

Backdoor.Win32.Wollf.16 Authentication Bypass

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/204613443e555f73237ea43a2faecaa5.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Wollf.16 Vulnerability: Authentication Bypass Description: The malware listens on TCP...

Packet Storm•added 2022/01/21 12:0 a.m.•308 views

Online Project Time Management 1.0 SQL Injection

Title: Online Project Time Management 1.0 Multiple SQL - Injections Author: nu11secur1ty Date: 01.20.2022 Vendor: https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/php/15136/online-project-time-management-system-phpoop-free-source-code.html Description: The pid...

Packet Storm•added 2022/01/21 12:0 a.m.•333 views

Backdoor.Win32.Wollf.16 Hardcoded Credential

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/204613443e555f73237ea43a2faecaa5B.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Wollf.16 Vulnerability: Weak Hardcoded Credentials Description: The malware runs wit...

Packet Storm•added 2022/01/21 12:0 a.m.•369 views

Banco Guayaquil 8.0.0 Cross Site Scripting

Document Title: =============== Banco Guayaquil Versión 8.0.0 IOS - Cross Site Scripting Stored Credits & Authors: ================== TaurusOmar - @TaurusOmar [email protected] taurusomar.com Vendor Homepage: https://apps.apple.com/ec/app/banco-guayaquil/id624963066 =============== Release...

Packet Storm•added 2022/01/20 12:0 a.m.•320 views

Ransomware Builder Babuk Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/5dfa998f62612e10d5d28d26948dd50f.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Ransomware Builder Babuk Vulnerability: Insecure Permissions Description: The malware creates...

Packet Storm•added 2022/01/20 12:0 a.m.•351 views

CollectorStealerBuilder Panel 2.0.0 Insecure Credential Storage

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/54530f88c8e4f4371c9418f00c256b1d.txt Contact: [email protected] Media: twitter.com/malvuln Threat: CollectorStealerBuilder v2.0.0 Panel Vulnerability: Insecure Credential Storage Description: The pan...

Packet Storm•added 2022/01/20 12:0 a.m.•316 views

VulturiBuilder Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/ca294b2f778abc14fef6313b3cea7155.txt Contact: [email protected] Media: twitter.com/malvuln Threat: VulturiBuilder Vulnerability: Insecure Permissions Description: The malware writes an .EXE with...

Packet Storm•added 2022/01/20 12:0 a.m.•525 views

VMware vCenter Server Unauthenticated Log4Shell JNDI Injection Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VMware vCenter Server Unauthenticated JNDI Injection RCE via Log4Shell', 'Description' = %q VMware vCenter Server is affected by the Log4Shell...

10CVSS1AI score0.94358EPSS

Packet Storm•added 2022/01/20 12:0 a.m.•285 views

CollectorStealerBuilder Panel 2.0.0 Man-In-The-Middle

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/54530f88c8e4f4371c9418f00c256b1dB.txt Contact: [email protected] Media: twitter.com/malvuln Threat: CollectorStealerBuilder v2.0.0 Panel Vulnerability: Man-in-the-Middle MITM Description: MITM vector...

Packet Storm•added 2022/01/20 12:0 a.m.•337 views

Backdoor.Win32.Wisell Remote Command Execution

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/57bda78cc5fd6a06017148bae28e8e39.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Wisell Vulnerability: Unauthenticated Remote Command Execution Description: The malwa...

Packet Storm•added 2022/01/20 12:0 a.m.•448 views

Grandstream GXV3175 Unauthenticated Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Grandstream GXV3175 'settimezone' Unauthenticated Command Execution", 'Description' = %q This module exploits a command injection vulnerability i...

9.8CVSS0.8AI score0.72438EPSS

Packet Storm•added 2022/01/19 12:0 a.m.•284 views

WordPress Email Template Designer – WP HTML Mail 3.0.9 Cross Site Scripting

Exploit makes it possible for unauthenticated attackers to achieve complete site takeover. On December 23, 2021 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in “WordPress Email Template Designer – WP HTML Mail”, a WordPress...

6.6AI score0.50799EPSS

Packet Storm•added 2022/01/18 12:0 a.m.•232 views

Nyron 1.0 SQL Injection

Exploit Title: Nyron 1.0 - SQLi Unauthenticated Google Dork: inurl:"winlib.aspx" Date: 01/18/2021 Exploit Author: Miguel Santareno Vendor Homepage: http://www.wecul.pt/ Software Link: http://www.wecul.pt/solucoes/bibliotecas/ Version: 3. Research: https://miguelsantareno.github.io/edp.pdf...

Packet Storm•added 2022/01/18 12:0 a.m.•254 views

Simple Chatbot Application 1.0 Shell Upload

Exploit Title: Simple Chatbot Application 1.0 - Remote Code Execution RCE Date: 18/01/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/14788/simple-chatbot-application-using-php-source-code.html Version: 1.0 Teste...

Packet Storm•added 2022/01/18 12:0 a.m.•258 views

Online Resort Management System 1.0 SQL Injection

Exploit Title: Online Resort Management System 1.0 - SQLi Authenticated Date: 15/01/2022 Exploit Author: Gaurav Grover Vendor Homepage: Software Link: Version: 1.0 Tested on: Linux and windows both Summary: There are a vulnerabilities in Online Resort Management System ORMS 1. The attacker can...

Packet Storm•added 2022/01/18 12:0 a.m.•288 views

Archeevo 5.0 Local File Inclusion

Exploit Title: Archeevo 5.0 - Local File Inclusion Google Dork: intitle:"archeevo" Date: 01/15/2021 Exploit Author: Miguel Santareno Vendor Homepage: https://www.keep.pt/ Software Link: https://www.keep.pt/produtos/archeevo-software-de-gestao-de-arquivos/ Version: 5.0 Tested on: windows 1...

Packet Storm•added 2022/01/18 12:0 a.m.•245 views

Simple Chatbot Application 1.0 SQL Injection

Exploit Title: Simple Chatbot Application 1.0 - 'message' Blind SQLi Date: 18/01/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/14788/simple-chatbot-application-using-php-source-code.html Version: 1.0 Tested on:...

Packet Storm•added 2022/01/18 12:0 a.m.•247 views

Landa Driving School Management System 2.0.1 Arbitrary File Upload

Exploit Title: Landa Driving School Management System Arbitrary File Upload Version 2.0.1 Google Dork: N/A Date: 17/01/2022 Exploit Author: Sohel Yousef - [email protected] Software Link: https://codecanyon.net/item/landa-driving-school-management-system/23220151 Software link 2...

Packet Storm•added 2022/01/17 12:0 a.m.•266 views

Win32.MarsStealer Web Panel Unauthenticated Remote Data Deletion

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/8abb41f6e7010d70c90f65fd9a740faaC.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Win32.MarsStealer Web Panel Vulnerability: Unauthenticated Remote Data Deletion Description: The...

Packet Storm•added 2022/01/17 12:0 a.m.•358 views

Win32.MarsStealer Web Panel Cross Site Scripting

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/8abb41f6e7010d70c90f65fd9a740faaB.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Win32.MarsStealer Web Panel Vulnerability: Unauthenticated Remote Persistent XSS Description: The...

Packet Storm•added 2022/01/17 12:0 a.m.•288 views

OpenBMCS 2.4 SQL Injection

OpenBMCS 2.4 Authenticated SQL Injection Vendor: OPEN BMCS Product web page: https://www.openbmcs.com Affected version: 2.4 Summary: Building Management & Controls System BMCS. No matter what the size of your business, the OpenBMCS software has the ability to expand to hundreds of controllers. Ou...

Packet Storm•added 2022/01/17 12:0 a.m.•1056 views

HTTP Protocol Stack Denial Of Service / Remote Code Execution

!/usr/bin/python Author @nu11secur1ty CVE-2022-21907 from colorama import init, Fore, Back, Style initconvert=True import requests import time printFore.RED +"Please input your host...\n" printStyle.RESETALL printFore.YELLOW host = input printStyle.RESETALL printFore.BLUE +"Sending an especially...

10CVSS0.4AI score0.91887EPSS

Packet Storm•added 2022/01/17 12:0 a.m.•262 views

Chaos Ransomware Builder 4 Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/8b855e56e41a6e10d28522a20c1e0341.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Chaos Ransomeware Builder v4 Vulnerability: Insecure Permissions Description: The malware writes an...

Packet Storm•added 2022/01/17 12:0 a.m.•370 views

SB Admin Cross Site Request Forgery / SQL Injection

$$$$$$$\ $$ $$\ $$ | $$ |$$\ $$\ $$\ $$$$$$$\ $$$$$$\ $$$$$$$\ $$$$$$$ |$$ | $$ | $$ |$$ $$\ $$ $$\ $$ | $$ / $$ | $$ | $$ |$$ | $$ | $$$$$$$$ |$$ / $$ | $$ | $$ | $$ |$$ | $$ | $$ |$$ | $$ | $$$$$$$$$ |$$ | $$ |$$\$$$$$$$\ $$$$$$$\ | \/ | ||| | Offensive Security Community Ecuador...

Packet Storm•added 2022/01/17 12:0 a.m.•293 views

OpenBMCS 2.4 Secret Disclosure

OpenBMCS 2.4 Secrets Disclosure Vendor: OPEN BMCS Product web page: https://www.openbmcs.com Affected version: 2.4 Summary: Building Management & Controls System BMCS. No matter what the size of your business, the OpenBMCS software has the ability to expand to hundreds of controllers. Our product...

Packet Storm•added 2022/01/17 12:0 a.m.•260 views

AgentTesla Builder Web Panel Cross Site Scripting

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/db9629508fda139f71f625d764c7eff7.txt Contact: [email protected] Media: twitter.com/malvuln Threat: AgentTesla Builder Web Panel Vulnerability: Cross Site Scripting XSS Description: AgentTeslaBuilder...

Packet Storm•added 2022/01/17 12:0 a.m.•235 views

OpenBMCS 2.4 Remote Privilege Escalation

OpenBMCS 2.4 Create Admin / Remote Privilege Escalation Vendor: OPEN BMCS Product web page: https://www.openbmcs.com Affected version: 2.4 Summary: Building Management & Controls System BMCS. No matter what the size of your business, the OpenBMCS software has the ability to expand to hundreds of...

Total number of security vulnerabilities50621