Lucene search
K
PacketstormRecent

50773 matches found

Packet Storm
Packet Storm
added 2022/02/17 12:0 a.m.262 views

Telegram Android 8.4.4 Denial Of Service

Document Title: =============== Telegram Android v8.4.4 - Denial of Service PoC References Source: ==================== https://twitter.com/h4shur Release Date: ============= 2022-01-30 Common Vulnerability Scoring System: ==================================== 7.8 Product & Service Introduction:...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2022/02/17 12:0 a.m.249 views

Backdoor.Win32.Zombam.b Information Disclosure

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/1e3665a67201209609ae493a2a590beeB.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Zombam.b Vulnerability: Unauthenticated Information Disclosure Description: z0mbie's...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/02/17 12:0 a.m.215 views

Trojan-Spy.Win32.Zbot.aawo.Zeus-Builder Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/fe0dacbc953d4301232b386fcb3afc23.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan-Spy.Win32.Zbot.aawo.Zeus-Builder Vulnerability: Insecure Permissions Description: ZeuS Builde...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/02/17 12:0 a.m.190 views

Backdoor.Win32.Prosti.b Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/8201ba6b542fc91c004110b2fc5395aa.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Prosti.b Vulnerability: Insecure Permissions Description: The malware writes a ".dll"...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/02/17 12:0 a.m.235 views

Backdoor.Win32.Zombam.b Cross Site Scripting

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/1e3665a67201209609ae493a2a590beeC.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Zombam.b Vulnerability: Cross Site Scripting XSS Description: z0mbie's HTTP RAT v0.1...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/02/17 12:0 a.m.485 views

Vicidial 2.14-783a SQL Injection

Document Title: =============== Vicidial v2.14-783a - DB SQL Injection Web Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2312 Release Date: ============= 2022-02-17 Vulnerability Laboratory ID VL-ID: ====================================...

1AI score
Exploits0
Packet Storm
Packet Storm
added 2022/02/17 12:0 a.m.1572 views

Zyxel Buffer Overflow / File Disclosure / CSRF / XSS / Broken Access Control

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Critical Vulnerabilities product: Multiple Zyxel devices vulnerable version: For affected products see "Solution" section fixed version: see "Solution" section C...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2022/02/16 12:0 a.m.349 views

Emerson PAC Machine Edition 9.80 Build 8695 Unquoted Service Path

Exploit Title: Emerson PAC Machine Edition 9.80 Build 8695 - 'TrapiServer' Unquoted Service Path Discovery by: Luis Martinez Discovery Date: 2022-02-13 Vendor Homepage: https://www.emerson.com/en-us Software Link : https://www.opertek.com/descargar-software/?prc=326 Tested Version: 9.80 Build 869...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2022/02/16 12:0 a.m.238 views

Medical Store Management System 1.0 SQL Injection

Title: Medical Store Management System v1.0 remote SQL-Injections Author: nu11secur1ty Date: 02.16.2022 Vendor: https://github.com/abhisheks008 Software: https://github.com/abhisheks008/Medical-Store-Management-System CVE-Medical Store Management System v1.0 Description: The cid parameter fom...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2022/02/16 12:0 a.m.381 views

Tiny File Manager 2.4.3 Shell Upload

Tiny File Manager Example: ./exploit.sh http://files.ubuntu.local/index.php admin "admin@123" https://github.com/febinrev/tinyfilemanager-2.4.3-exploit !/bin/bash check which curl if $? = 0 then printf "✔ Curl found! \n" else printf "❌ Curl not found! \n" exit fi which jq if $? = 0 then printf "✔...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/02/16 12:0 a.m.204 views

WordPress Error Log Viewer 1.1.1 Arbitrary File Deletion

Exploit Title: WordPress Plugin Error Log Viewer 1.1.1 - Arbitrary File Clearing Authenticated Date: 09-11-2021 Exploit Author: Ceylan Bozogullarindan Exploit Website: https://bozogullarindan.com Vendor Homepage: https://bestwebsoft.com/ Software Link:...

0.2AI score0.05188EPSS
Exploits5
Packet Storm
Packet Storm
added 2022/02/16 12:0 a.m.215 views

Multi-Vendor Online Groceries Management System 1.0 SQL Injection

Exploit Title: Multi-Vendor Online Groceries Management System 1.0 - 'id' Blind SQL Injection Date: 11/02/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

0.5AI score
Exploits0
Packet Storm
Packet Storm
added 2022/02/16 12:0 a.m.281 views

ServiceNow Orlando Username Enumeration

Exploit Title: ServiceNow - Username Enumeration Google Dork: NA Date: 12 February 2022 Exploit Author: Victor Hanna Trustwave SpiderLabs Author Github Page: https://9lyph.github.io/CVE-2021-45901/ Vendor Homepage: https://www.servicenow.com/ Software Link:...

5.4AI score0.14316EPSS
Exploits5
Packet Storm
Packet Storm
added 2022/02/16 12:0 a.m.250 views

TeamSpeak 3.5.6 Insecure File Permissions

Exploit Title: TeamSpeak 3.5.6 - Insecure File Permissions Date: 2022-02-15 Exploit Author: Aryan Chehreghani Contact: [email protected] Vendor Homepage: https://www.teamspeak.com Software Link: https://www.teamspeak.com/en/downloads Version: 3.5.6 Tested on: Windows 10 x64 About -...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/02/16 12:0 a.m.188 views

Network Video Recorder NVR304-16EP Cross Site Scripting

Exploit Title: Network Video Recorder NVR304-16EP - Reflected Cross-Site Scripting XSS Unauthenticated Author: Luis Martinez Discovery Date: 2022-02-13 Vendor Homepage: https://www.uniview.com/Products/NVR/Easy/NVR304-S-P/Product%20features Datasheet of NVR304-S-P:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/02/16 12:0 a.m.339 views

Google Play Protect 22.4.25 Detection Bypass

Exploit Title: Google Play Protect 22.4.25 - Detection Bypass Date: 2022-02-14 Exploit Author: Aryan Chehreghani Contact: [email protected] Vendor Homepage: https://play.google.com Version: 22.4.25 Possibly all versions Tested on: Android 5.1.1 About - Google Play Protect : Google Play...

Exploits0
Packet Storm
Packet Storm
added 2022/02/16 12:0 a.m.229 views

Simple Student Quarterly Result / Grade System 1.0 SQL Injection

Exploit Title: Simple Student Quarterly Result/Grade System 1.0 - SQLi Authentication Bypass Date: 11/02/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2022/02/16 12:0 a.m.763 views

Ignition Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Unauthenticated remote code execution in Ignition', 'Description' = %q Ignition before 2.5.2, as used in Laravel and other products, allows...

9.8CVSS0.99943EPSS
Exploits36
Packet Storm
Packet Storm
added 2022/02/14 12:0 a.m.239 views

Simple Bakery Shop Management System 1.0 SQL Injection

Title: Simple Bakery Shop Management System v1.0 remote SQL-Injections Author: nu11secur1ty Date: 02.14.2022 Vendor: https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/php/15174/simple-bakery-shop-management-system-phpoop-free-source-code.html Description: The...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2022/02/14 12:0 a.m.277 views

Nagios XI Autodiscovery Shell Upload

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Nagios XI Autodiscovery Webshell Upload', 'Description' = %q This module exploits a path traversal issue in Nagios XI before version 5.8.5...

8.8CVSS0.1AI score0.2382EPSS
Exploits5
Packet Storm
Packet Storm
added 2022/02/14 12:0 a.m.258 views

H3C SSL VPN Username Enumeration

H3C SSL VPN Username Enumeration Vendor: Hangzhou H3C Technologies Co. | New H3C Technologies Co., Ltd. Product web page: https://www.h3c.com Affected version: n/a Summary: H3C SSL VPN is a secure VPN system based on SSL connections. It allows mobile employees to access corporate networks remotel...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/02/14 12:0 a.m.253 views

Slurp 1.10.2 Format String

Exploit Title: Slurp 1.10.2 - Remote Format String Date: 2022-02-12 Author: Milad Karimi slurp is a freely available, open source NNTP client. It is designed for use on most Unix and Linux operating systems. It may be possible for a remote server to execute code on a vulnerable client. slurp offe...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2022/02/14 12:0 a.m.285 views

WordPress International SMS For Contact Form 7 Integration 1.2 CSRF

Exploit Title: WordPress Plugin International Sms For Contact Form 7 Integration V1.2 - Cross-Site Request Forgery CSRF Date: 2022-02-09 Author: Milad Karimi Software Link: https://wordpress.org/plugins/cf7-international-sms-integration/ Version: 1.2 Tested on: Windows 11 CVE: CVE-2022-24272 1...

6.5AI score0.0084EPSS
Exploits2
Packet Storm
Packet Storm
added 2022/02/11 12:0 a.m.313 views

Kyocera Command Center RX ECOSYS M2035dn Directory Traversal

Exploit Title: Kyocera Command Center RX ECOSYS M2035dn - Directory Traversal File Disclosure Unauthenticated Author: Luis Martinez Discovery Date: 2022-02-10 Vendor Homepage: https://www.kyoceradocumentsolutions.com/asia/en/products/business-application/command-center-rx.html Tested Version:...

Exploits0
Packet Storm
Packet Storm
added 2022/02/11 12:0 a.m.293 views

Subrion CMS 4.2.1 Cross Site Request Forgery

Exploit Title: Subrion CMS 4.2.1 - Cross Site Request Forgery CSRF Add Amin Date: 2022-02-09 Exploit Author: Aryan Chehreghani Vendor Homepage: https://subrion.org Software Link: https://subrion.org/download Version: 4.2.1 Tested on: Windows 10 About - Subrion CMS : Subrion is a PHP/MySQL based C...

0.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/02/11 12:0 a.m.429 views

SIEMENS-SINEMA Remote Connect 1.0 SP3 HF1 Open Redirection

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Open Redirect in Login Page product: SIEMENS-SINEMA Remote Connect vulnerable version: V1.0 SP3 HF1 fixed version: V2.0 has been out since April, 2019 CVE number:...

6.3AI score0.05265EPSS
Exploits2
Packet Storm
Packet Storm
added 2022/02/11 12:0 a.m.325 views

Nokia Transport Module Authentication Bypass

title: Nokia Transport Module Authentication Bypass case id: CM-2020-02 product: BTS TRS web console FTMW20FP22019.08.160010 vulnerability type: Authentication Bypass severity: Critical found: 2020-09-28 CVE: CVE-2021-31932 by: Cristiano Maruti @cmaruti EXECUTIVE SUMMARY The TRS web console allow...

0.6AI score0.21639EPSS
Exploits3
Packet Storm
Packet Storm
added 2022/02/11 12:0 a.m.292 views

Accounting Journal Management System 1.0 SQL Injection

Exploit Title: Accounting Journal Management System 1.0 - 'id' SQLi Authenticated Exploit Author: Alperen Ergel Contact: @alpernae IG/TW Software Homepage: https://www.sourcecodester.com/php/15155/accounting-journal-management-system-trial-balance-php-free-source-code.html Version : 1.0 Tested on...

0.5AI score
Exploits0
Packet Storm
Packet Storm
added 2022/02/10 12:0 a.m.243 views

Home Owners Collection Management System 1.0 Shell Upload

Exploit Title: Home Owners Collection Management System 1.0 - Remote Code Execution RCE Authenticated Date: 9/02/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/02/10 12:0 a.m.237 views

Home Owners Collection Management System 1.0 Account Takeover

Exploit Title: Home Owners Collection Management System 1.0 - Account Takeover Unauthenticated Date: 9/02/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

0.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/02/10 12:0 a.m.229 views

Home Owners Collection Management System 1.0 SQL Injection

Exploit Title: Home Owners Collection Management System 1.0 - 'id' Blind SQL Injection Date: 9/02/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

0.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/02/10 12:0 a.m.255 views

WordPress Jetpack 9.1 Cross Site Scripting

Exploit Title: WordPress Plugin Jetpack 9.1 - Cross Site Scripting XSS Date: 2022-02-07 Author: Milad karimi Software Link: https://wordpress.org/plugins/jetpack Version: 9.1 Tested on: Windows 11 CVE: N/A 1. Description: This plugin creates a Jetpack from any post types. The slider import search...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2022/02/10 12:0 a.m.357 views

WordPress 5.9 Cross Site Scripting

Document Title: =============== Wordpress = 5.9 Cross-Site Scripting Reflected Authenticated Credits & Authors: ================== Taurus Omar [email protected] Disclosure Type: ================ Independent Security Research Release Date: ============= 2022-31-01 Vulnerability Disclosure...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2022/02/10 12:0 a.m.359 views

Tokheim Profleet DiaLOG Fuel Management System 11.005.02 SQL Injection / Code Execution

Exploit Title: Tokheim Profleet DiaLOG Fuel Management System 11.005.02 - SQLi Unauthenticated Date: 02/9/2022 Exploit Author: golem445 Vendor Homepage: https://www.tsg-solutions.com Tested on: Kali Linux CVE: CVE-2021-34235 Description: FieldUserLogin parameter is vulnerable to crafted MySQL...

0.3AI score0.01932EPSS
Exploits3
Packet Storm
Packet Storm
added 2022/02/10 12:0 a.m.314 views

WordPress Secure Copy Content Protection And Content Locking 2.8.1 SQL Injection

Exploit Title: WordPress Plugin Secure Copy Content Protection and Content Locking 2.8.1 - SQL-Injection Unauthenticated Date 08.02.2022 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://ays-pro.com/ Software Link:...

9.8CVSS0.2AI score0.78812EPSS
Exploits7
Packet Storm
Packet Storm
added 2022/02/10 12:0 a.m.277 views

Cain And Abel 4.9.56 Unquoted Service Path

Exploit Title: Cain & Abel 4.9.56 - Unquoted Service Path Exploit Author: Aryan Chehreghani Date: 2022-02-08 Software Link: https://www.malavida.com/en/soft/cain-and-abel Version: 4.9.56 Tested on: Windows 10 x64 PoC SERVICENAME: Abel TYPE : 110 WIN32OWNPROCESS interactive STARTTYPE : 2 AUTOSTART...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2022/02/10 12:0 a.m.291 views

Hospital Management Startup 1.0 SQL Injection

Title: Hospital Management Startup v1.0 remote SQL-Injections Author: nu11secur1ty Date: 02.10.2022 Vendor: https://github.com/kabirkhyrul Software: https://github.com/kabirkhyrul/HMS CVE-2022-23366 Description: The loginid and password parameters from Hospital Management Startup 1.0 appear to be...

9.8CVSS0.2AI score0.06708EPSS
Exploits4
Packet Storm
Packet Storm
added 2022/02/10 12:0 a.m.328 views

WordPress VeronaLabs WP Statistics 13.1.4 SQL Injection

On February 7, 2022, Security Researcher Cyku Hong from DEVCORE reported a vulnerability to us that they discovered in WP Statistics, a WordPress plugin installed on over 600,000 sites. This vulnerability made it possible for unauthenticated attackers to execute arbitrary SQL queries by appending...

0.2AI score0.5346EPSS
Exploits3
Packet Storm
Packet Storm
added 2022/02/09 12:0 a.m.334 views

Backdoor.Win32.XRat.k Remote Command Execution

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/3d4350282ae043177063de2ad4827b97.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.XRat.k Vulnerability: Unauthenticated Remote Command Execution Description: XRat...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/02/09 12:0 a.m.281 views

Exam Reviewer Management System 1.0 SQL Injection

Exploit Title: Exam Reviewer Management System 1.0 - ‘id’ SQL Injection Date: 2022-02-18 Exploit Author: Juli Agarwal@agarwaljuli Vendor Homepage: https://www.sourcecodester.com/php/15160/simple-exam-reviewer-management-system-phpoop-free-source-code.html Software Link:...

0.8AI score
Exploits0
Packet Storm
Packet Storm
added 2022/02/09 12:0 a.m.237 views

Backdoor.Win32.Frauder.jt Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/16fab35b51f9e6447f2a8c04db4ebe93.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Frauder.jt Vulnerability: Insecure Permissions Description: The malware writes an...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/02/09 12:0 a.m.228 views

Backdoor.Win32.Wdoor.11 Remote Command Execution

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/55822613e0d0f437f3ebe5c7f4155452.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Wdoor.11 Vulnerability: Unauthenticated Remote Command Execution Description: Wdoor b...

Exploits0
Packet Storm
Packet Storm
added 2022/02/09 12:0 a.m.293 views

Grandstream GXV31XX settimezone Unauthenticated Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Grandstream GXV31XX 'settimezone' Unauthenticated Command Execution", 'Description' = %q This module exploits a command injection vulnerability i...

9.8CVSS0.5AI score0.15353EPSS
Exploits7
Packet Storm
Packet Storm
added 2022/02/09 12:0 a.m.276 views

Atom CMS 2.0 SQL Injection

Exploit Title: AtomCMS v2.0 - SQLi Date: 08/02/2022 Exploit Author: Luca Cuzzolin aka czz78 Vendor Homepage: https://github.com/thedigicraft/Atom.CMS Version: v2.0 Category: Webapps Tested on: Debian linux CVE : CVE-2022-24223 ==================================================== PoC : SQLi :...

9.8CVSS0.4AI score0.61965EPSS
Exploits4
Packet Storm
Packet Storm
added 2022/02/09 12:0 a.m.261 views

Backdoor.Win32.Prexot.a Man-In-The-Middle

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/29bc048d58ab8038c7001ef0d5e69c9bB.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Prexot.a Vulnerability: Port Bounce Scan MITM Description: The malware listens on...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/02/09 12:0 a.m.287 views

Backdoor.Win32.Freddy.2001 Authentication Bypass / Command Execution

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/434923afc32a7bc7355ed9a5224b9273.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Freddy.2001 Vulnerability: Authentication Bypass Command Execution Description: The...

0.7AI score
Exploits0
Packet Storm
Packet Storm
added 2022/02/09 12:0 a.m.339 views

Backdoor.Win32.Prexot.a Authentication Bypass

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/29bc048d58ab8038c7001ef0d5e69c9b.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Prexot.a Vulnerability: Authentication Bypass Description: The malware listens on...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2022/02/09 12:0 a.m.290 views

Exam Reviewer Management System 1.0 Shell Upload

Exploit Title: Exam Reviewer Management System 1.0 - Remote Code Execution RCE Authenticated Date: 2022-02-08 Exploit Author: Juli Agarwal@agarwaljuli Vendor Homepage: https://www.sourcecodester.com/php/15160/simple-exam-reviewer-management-system-phpoop-free-source-code.html Software Link:...

Exploits0
Packet Storm
Packet Storm
added 2022/02/08 12:0 a.m.238 views

WordPress Contact Form Builder 1.6.1 Cross Site Scripting

Exploit Title: Wordpress Plugin Contact Form Builder 1.6.1 - Cross-Site Scripting XSS Date: 2022-02-07 Author: Milad karimi Software Link: https://wordpress.org/plugins/contact-forms-builder/ Version: 1.6.1 Tested on: Windows 11 CVE: N/A 1. Description: This plugin creates a Contact Form Builder...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/02/08 12:0 a.m.216 views

Hotel Reservation System 1.0 SQL Injection

Exploit Title: Hotel Reservation System 1.0 - SQLi Unauthenticated Google Dork: None Date: 01/29/2022 Exploit Author: Nefrit ID Author Website: https://manadocoder.com Vendor Homepage: https://github.com/dhruvmullick Software Link: https://github.com/dhruvmullick/hotel-reservation-system Tested o...

0.1AI score
Exploits0
Total number of security vulnerabilities50773