Lucene search
K
PacketstormRecent

50773 matches found

Packet Storm
Packet Storm
added 2022/01/27 12:0 a.m.329 views

WordPress Modern Events Calendar 6.1 SQL Injection

Exploit Title: WordPress Plugin Modern Events Calendar V 6.1 - SQL Injection Unauthenticated Date 26.01.2022 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://webnus.net/modern-events-calendar/ Software Link: https://downloads.wordpress.org/plugin/modern-events-calendar-lite.6.1.0.zi...

9.8CVSS0.1AI score0.728EPSS
Exploits7
Packet Storm
Packet Storm
added 2022/01/26 12:0 a.m.229 views

Backdoor.Win32.WinShell.50 Weak Hardcoded Password

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/1fd45364073a81ddd707d74ba5d4c121.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.WinShell.50 Vulnerability: Weak Hardcoded Password Description: The malware listens o...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2022/01/25 12:0 a.m.266 views

FAUST iServer 9.0.018.018.4 Local File Inclusion

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Local file inclusion vulnerability product: Land Software - FAUST iServer vulnerable version: 9.0.017.017.1-3 - 9.0.018.018.4 fixed version: 9.0.019.019.7, Version 10 CVE...

7.6AI score0.26823EPSS
Exploits3
Packet Storm
Packet Storm
added 2022/01/25 12:0 a.m.207 views

Backdoor.Win32.FTP.Lana.01.d Weak Hardcoded Password

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/fc100ff65f676a26293915407adc211c.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.FTP.Lana.01.d Vulnerability: Weak Hardcoded Password Description: The malware listens...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2022/01/25 12:0 a.m.223 views

Ametys CMS 4.4.1 Cross Site Scripting

Document Title: =============== Ametys v4.4.1 CMS - Cross Site Scripting Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2275 Release Date: ============= 2022-01-12 Vulnerability Laboratory ID VL-ID: ==================================== 22...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/01/25 12:0 a.m.259 views

Online Project Time Management System 1.0 SQL Injection

Exploit Title: Online Project Time Management System 1.0 - SQLi Authenticated Date: 19/01/2022 Exploit Author: Felipe Alcantara Filiplain Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

0.5AI score
Exploits0
Packet Storm
Packet Storm
added 2022/01/25 12:0 a.m.244 views

Backdoor.Win32.FTP.Lana.01.d Man-In-The-Middle

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/fc100ff65f676a26293915407adc211cB.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.FTP.Lana.01.d Vulnerability: Port Bounce Scan MITM Description: The malware listens ...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/01/25 12:0 a.m.270 views

uBidAuction 2.0.1 Cross Site Scripting

Document Title: =============== uBidAuction v2.0.1 - Multiple XSS Web Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2289 Release Date: ============= 2022-01-21 Vulnerability Laboratory ID VL-ID: ==================================== 228...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/01/25 12:0 a.m.226 views

WebACMS 2.1.0 Cross Site Scripting

Advisory ID: TO-2021-001 Product: WebACMS Vendor: AFI Solutions GmbH Tested Version: 2.1.0 Fixed Version: - Vulnerability Type: Cross-Site Scripting CWE-79 CVSSv2 Severity: AV:N/AC:L/Au:N/C:P/I:P/A:N Score 6.4 CVSSv3 Severity: AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Score 6.1 Solution Status: Unfixed...

0.01606EPSS
Exploits3
Packet Storm
Packet Storm
added 2022/01/25 12:0 a.m.254 views

Online Project Time Management System 1.0 Cross Site Scripting

Exploit Title: Online Project Time Management System 1.0 - Multiple Stored XSS Authenticated Date: 19/01/2022 Exploit Author: Felipe Alcantara Filiplain Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

Exploits0
Packet Storm
Packet Storm
added 2022/01/25 12:0 a.m.225 views

CosaNostra Builder WebPanel Cross Site Request Forgery

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/61285c988de52b7c067fb2e703f2ab83C.txt Contact: [email protected] Media: twitter.com/malvuln Threat: CosaNostra Builder WebPanel Vulnerability: Cross Site Request Forgery CSRF Description: The Panel...

0.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/01/25 12:0 a.m.230 views

CosaNostra Builder Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/61285c988de52b7c067fb2e703f2ab83.txt Contact: [email protected] Media: twitter.com/malvuln Threat: CosaNostra Builder Vulnerability: Insecure Permissions Description: The malware creates PE files wit...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2022/01/25 12:0 a.m.320 views

H2 Database Console Remote Code Execution

Document Title =============== Unauthenticated RCE vuln in the H2 Database console: CVE-2022-23221. Product Description =============== The H2 Console Application The Console lets you access a SQL database using a browser interface. Homepage: http://www.h2database.com/html/quickstart.html Affecte...

0.1AI score0.64766EPSS
Exploits4
Packet Storm
Packet Storm
added 2022/01/25 12:0 a.m.227 views

Backdoor.Win32.FTP99 Authentication Bypass

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/09dd14d3988e08a56798b1480c55a5b0.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.FTP99 Vulnerability: Authentication Bypass Race Condition Description: The malware...

0.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/01/25 12:0 a.m.322 views

Ethercreative Logs 3.0.3 Path Traversal

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Authenticated Path Traversal product: Ethercreative Logs plugin for Craft CMS vulnerable version: =3.0.4 CVE number: CVE-2022-23409 impact: Medium homepage:...

0.13759EPSS
Exploits6
Packet Storm
Packet Storm
added 2022/01/25 12:0 a.m.263 views

PHPIPAM 1.4.4 SQL Injection

Exploit Title: PHPIPAM 1.4.4 - SQLi Authenticated Google Dork: if applicable Date: 20/01/2022 Exploit Author: Rodolfo "Inc0gbyt3" Tavares Vendor Homepage: https://github.com/phpipam/phpipam Software Link: https://github.com/phpipam/phpipam Version: 1.4.4 Tested on: Linux/Windows CVE :...

0.5AI score0.25243EPSS
Exploits7
Packet Storm
Packet Storm
added 2022/01/25 12:0 a.m.245 views

Xerox Versalink Denial Of Service

Credits: Mahmoud Al-Qudsi + Website: https://neosmart.net/ + Source: https://neosmart.net/blog/?p=4865 + Media: https://twitter.com/mqudsi and https://twitter.com/neosmart Vendor Xerox Corporation Product Xerox Versalink printers, other Xerox printers/copiers. Vulnerability Type Remote...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/01/25 12:0 a.m.239 views

Backdoor.Win32.Agent.uq Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/b83836d7e6b0893e08d88a7850ca84ee.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Agent.uq Vulnerability: Insecure Permissions Description: The malware writes a PE fil...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/01/25 12:0 a.m.316 views

Backdoor.Win32.DRA.c Weak Hardcoded Password

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/5ff832ce6af4b03a709eaf380672cf34.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.DRA.c Vulnerability: Weak Hardcoded Password Description: The malware listens on TCP...

Exploits0
Packet Storm
Packet Storm
added 2022/01/25 12:0 a.m.292 views

Backdoor.Win32.Hanuman.b Code Execution

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/4087cffab90fa22c2882e2f97a467e8e.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Hanuman.b Vulnerability: Unauthenticated Remote Command Execution Description: The...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/01/25 12:0 a.m.216 views

Backdoor.Win32.FTP99 Man-In-The-Middle

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/09dd14d3988e08a56798b1480c55a5b0B.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.FTP99 Vulnerability: Port Bounce Scan MITM Description: The malware listens on TCP...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/01/25 12:0 a.m.229 views

CosaNostra Builder WebPanel Insecure Cryptographic Storage

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/61285c988de52b7c067fb2e703f2ab83B.txt Contact: [email protected] Media: twitter.com/malvuln Threat: CosaNostra Builder WebPanel Vulnerability: Insecure Crypto Description: The password for the panel ...

0.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/01/25 12:0 a.m.352 views

Grandstream UCM62xx IP PBX sendPasswordEmail Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Grandstream UCM62xx IP PBX sendPasswordEmail RCE', 'Description' = %q This module exploits an unauthenticated SQL injection vulnerability...

10CVSS0.4AI score0.83926EPSS
Exploits8
Packet Storm
Packet Storm
added 2022/01/25 12:0 a.m.512 views

TYPO3 femanager 6.3.0 Cross Site Scripting

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Stored Cross-Site Scripting vulnerability product: TYPO3 extension "femanager" vulnerable version: 6.0.0 - 6.3.0 and 5.5.0 and below fixed version: 6.3.1 and 5.5.1 CVE...

5.4CVSS0.2AI score0.01333EPSS
Exploits3
Packet Storm
Packet Storm
added 2022/01/24 12:0 a.m.963 views

UniFi Network Application Unauthenticated Log4Shell Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'UniFi Network Application Unauthenticated JNDI Injection RCE via Log4Shell', 'Description' = %q The Ubiquiti UniFi Network Application versions...

10CVSS0.4AI score0.99999EPSS
Exploits351
Packet Storm
Packet Storm
added 2022/01/21 12:0 a.m.321 views

Backdoor.Win32.Wollf.16 Authentication Bypass

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/204613443e555f73237ea43a2faecaa5.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Wollf.16 Vulnerability: Authentication Bypass Description: The malware listens on TCP...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2022/01/21 12:0 a.m.338 views

Backdoor.Win32.Wollf.16 Hardcoded Credential

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/204613443e555f73237ea43a2faecaa5B.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Wollf.16 Vulnerability: Weak Hardcoded Credentials Description: The malware runs wit...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/01/21 12:0 a.m.373 views

Banco Guayaquil 8.0.0 Cross Site Scripting

Document Title: =============== Banco Guayaquil Versión 8.0.0 IOS - Cross Site Scripting Stored Credits & Authors: ================== TaurusOmar - @TaurusOmar [email protected] taurusomar.com Vendor Homepage: https://apps.apple.com/ec/app/banco-guayaquil/id624963066 =============== Release...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2022/01/21 12:0 a.m.314 views

Online Project Time Management 1.0 SQL Injection

Title: Online Project Time Management 1.0 Multiple SQL - Injections Author: nu11secur1ty Date: 01.20.2022 Vendor: https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/php/15136/online-project-time-management-system-phpoop-free-source-code.html Description: The pid...

0.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/01/20 12:0 a.m.339 views

Backdoor.Win32.Wisell Remote Command Execution

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/57bda78cc5fd6a06017148bae28e8e39.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Wisell Vulnerability: Unauthenticated Remote Command Execution Description: The malwa...

Exploits0
Packet Storm
Packet Storm
added 2022/01/20 12:0 a.m.323 views

Ransomware Builder Babuk Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/5dfa998f62612e10d5d28d26948dd50f.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Ransomware Builder Babuk Vulnerability: Insecure Permissions Description: The malware creates...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/01/20 12:0 a.m.458 views

Grandstream GXV3175 Unauthenticated Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Grandstream GXV3175 'settimezone' Unauthenticated Command Execution", 'Description' = %q This module exploits a command injection vulnerability i...

9.8CVSS0.8AI score0.15353EPSS
Exploits7
Packet Storm
Packet Storm
added 2022/01/20 12:0 a.m.291 views

CollectorStealerBuilder Panel 2.0.0 Man-In-The-Middle

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/54530f88c8e4f4371c9418f00c256b1dB.txt Contact: [email protected] Media: twitter.com/malvuln Threat: CollectorStealerBuilder v2.0.0 Panel Vulnerability: Man-in-the-Middle MITM Description: MITM vector...

Exploits0
Packet Storm
Packet Storm
added 2022/01/20 12:0 a.m.360 views

CollectorStealerBuilder Panel 2.0.0 Insecure Credential Storage

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/54530f88c8e4f4371c9418f00c256b1d.txt Contact: [email protected] Media: twitter.com/malvuln Threat: CollectorStealerBuilder v2.0.0 Panel Vulnerability: Insecure Credential Storage Description: The pan...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/01/20 12:0 a.m.321 views

VulturiBuilder Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/ca294b2f778abc14fef6313b3cea7155.txt Contact: [email protected] Media: twitter.com/malvuln Threat: VulturiBuilder Vulnerability: Insecure Permissions Description: The malware writes an .EXE with...

Exploits0
Packet Storm
Packet Storm
added 2022/01/20 12:0 a.m.530 views

VMware vCenter Server Unauthenticated Log4Shell JNDI Injection Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VMware vCenter Server Unauthenticated JNDI Injection RCE via Log4Shell', 'Description' = %q VMware vCenter Server is affected by the Log4Shell...

10CVSS1AI score0.99999EPSS
Exploits351
Packet Storm
Packet Storm
added 2022/01/19 12:0 a.m.288 views

WordPress Email Template Designer – WP HTML Mail 3.0.9 Cross Site Scripting

Exploit makes it possible for unauthenticated attackers to achieve complete site takeover. On December 23, 2021 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in “WordPress Email Template Designer – WP HTML Mail”, a WordPress...

6.6AI score0.70511EPSS
Exploits3
Packet Storm
Packet Storm
added 2022/01/18 12:0 a.m.251 views

Landa Driving School Management System 2.0.1 Arbitrary File Upload

Exploit Title: Landa Driving School Management System Arbitrary File Upload Version 2.0.1 Google Dork: N/A Date: 17/01/2022 Exploit Author: Sohel Yousef - [email protected] Software Link: https://codecanyon.net/item/landa-driving-school-management-system/23220151 Software link 2...

Exploits0
Packet Storm
Packet Storm
added 2022/01/18 12:0 a.m.259 views

Simple Chatbot Application 1.0 Shell Upload

Exploit Title: Simple Chatbot Application 1.0 - Remote Code Execution RCE Date: 18/01/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/14788/simple-chatbot-application-using-php-source-code.html Version: 1.0 Teste...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/01/18 12:0 a.m.262 views

Online Resort Management System 1.0 SQL Injection

Exploit Title: Online Resort Management System 1.0 - SQLi Authenticated Date: 15/01/2022 Exploit Author: Gaurav Grover Vendor Homepage: Software Link: Version: 1.0 Tested on: Linux and windows both Summary: There are a vulnerabilities in Online Resort Management System ORMS 1. The attacker can...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2022/01/18 12:0 a.m.246 views

Simple Chatbot Application 1.0 SQL Injection

Exploit Title: Simple Chatbot Application 1.0 - 'message' Blind SQLi Date: 18/01/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/14788/simple-chatbot-application-using-php-source-code.html Version: 1.0 Tested on:...

Exploits0
Packet Storm
Packet Storm
added 2022/01/18 12:0 a.m.233 views

Nyron 1.0 SQL Injection

Exploit Title: Nyron 1.0 - SQLi Unauthenticated Google Dork: inurl:"winlib.aspx" Date: 01/18/2021 Exploit Author: Miguel Santareno Vendor Homepage: http://www.wecul.pt/ Software Link: http://www.wecul.pt/solucoes/bibliotecas/ Version: 3. Research: https://miguelsantareno.github.io/edp.pdf...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/01/18 12:0 a.m.291 views

Archeevo 5.0 Local File Inclusion

Exploit Title: Archeevo 5.0 - Local File Inclusion Google Dork: intitle:"archeevo" Date: 01/15/2021 Exploit Author: Miguel Santareno Vendor Homepage: https://www.keep.pt/ Software Link: https://www.keep.pt/produtos/archeevo-software-de-gestao-de-arquivos/ Version: 5.0 Tested on: windows 1...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/01/17 12:0 a.m.268 views

OpenBMCS 2.4 Remote File Inclusion / Server-Side Request Forgery

OpenBMCS 2.4 Unauthenticated SSRF / RFI Vendor: OPEN BMCS Product web page: https://www.openbmcs.com Affected version: 2.4 Summary: Building Management & Controls System BMCS. No matter what the size of your business, the OpenBMCS software has the ability to expand to hundreds of controllers. Our...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2022/01/17 12:0 a.m.270 views

Win32.MarsStealer Web Panel Unauthenticated Remote Data Deletion

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/8abb41f6e7010d70c90f65fd9a740faaC.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Win32.MarsStealer Web Panel Vulnerability: Unauthenticated Remote Data Deletion Description: The...

Exploits0
Packet Storm
Packet Storm
added 2022/01/17 12:0 a.m.255 views

OpenBMCS 2.4 Cross Site Request Forgery

OpenBMCS 2.4 CSRF Send E-mail Vendor: OPEN BMCS Product web page: https://www.openbmcs.com Affected version: 2.4 Summary: Building Management & Controls System BMCS. No matter what the size of your business, the OpenBMCS software has the ability to expand to hundreds of controllers. Our product c...

Exploits0
Packet Storm
Packet Storm
added 2022/01/17 12:0 a.m.260 views

Win32.MarsStealer Web Panel Information Disclosure

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/8abb41f6e7010d70c90f65fd9a740faa.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Win32.MarsStealer Web Panel Vulnerability: Unauthenticated Remote Information Disclosure Description...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/01/17 12:0 a.m.237 views

OpenBMCS 2.4 Remote Privilege Escalation

OpenBMCS 2.4 Create Admin / Remote Privilege Escalation Vendor: OPEN BMCS Product web page: https://www.openbmcs.com Affected version: 2.4 Summary: Building Management & Controls System BMCS. No matter what the size of your business, the OpenBMCS software has the ability to expand to hundreds of...

0.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/01/17 12:0 a.m.265 views

Chaos Ransomware Builder 4 Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/8b855e56e41a6e10d28522a20c1e0341.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Chaos Ransomeware Builder v4 Vulnerability: Insecure Permissions Description: The malware writes an...

Exploits0
Packet Storm
Packet Storm
added 2022/01/17 12:0 a.m.1079 views

HTTP Protocol Stack Denial Of Service / Remote Code Execution

!/usr/bin/python Author @nu11secur1ty CVE-2022-21907 from colorama import init, Fore, Back, Style initconvert=True import requests import time printFore.RED +"Please input your host...\n" printStyle.RESETALL printFore.YELLOW host = input printStyle.RESETALL printFore.BLUE +"Sending an especially...

10CVSS0.4AI score0.9279EPSS
Exploits21
Total number of security vulnerabilities50773