Packetstorm - Page 148 of Packetstorm Vulnerabilities List | Vulners.com

PacketstormRecent

Recent Most viewed

50621 matches found

Packet Storm•added 2021/11/05 12:0 a.m.•392 views

Payment Terminal 2.x / 3.x Cross Site Scripting

Document Title: =============== Payment Terminal 2.x & v3.x - Multiple XSS Web Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2280 Release Date: ============= 2021-11-05 Vulnerability Laboratory ID VL-ID:...

Packet Storm•added 2021/11/05 12:0 a.m.•530 views

PHP Event Calendar Lite Edition SQL Injection

Advisory ID: SYSS-2021-048 Product: PHP Event Calendar Manufacturer: Kayson Group Ltd. Affected Versions: PHP Event Calendar Lite edition Tested Versions: PHP Event Calendar Lite edition Vulnerability Type: SQL injection CWE-89 Risk Level: High Solution Status: Closed Manufacturer Notification:...

9.2AI score0.00754EPSS

Packet Storm•added 2021/11/05 12:0 a.m.•494 views

IBM Sterling B2B Integrator Cross Site Scripting

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Reflected cross-site scripting vulnerability product: IBM Sterling B2B Integrator vulnerable version: 5.2.0.0 - 5.2.6.53 6.0.0.0 - 6.0.3.4 6.1.0.0 - 6.1.0.2 fixed version...

3.5CVSS5.8AI score0.00715EPSS

Packet Storm•added 2021/11/04 12:0 a.m.•410 views

GitLab Unauthenticated Remote ExifTool Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'GitLab Unauthenticated Remote ExifTool Command Injection', 'Description' = %q This module exploits an unauthenticated file upload and command...

10CVSS9AI score0.94467EPSS

Packet Storm•added 2021/11/04 12:0 a.m.•329 views

Opencart 3 Extension TMD Vendor System SQL Injection

Exploit Title: Opencart 3 Extension TMD Vendor System - Blind SQL Injection Author: Muhammad Zaki Sulistya [email protected] Date: 03-11-2021 Product: TMD Vendor System Vendor Homepage: https://www.opencartextensions.in/ Software Link:...

Packet Storm•added 2021/11/03 12:0 a.m.•760 views

Fuel CMS 1.4.1 Remote Code Execution

Exploit Title: Fuel CMS 1.4.1 - Remote Code Execution 3 Exploit Author: Padsala Trushal Date: 2021-11-03 Vendor Homepage: https://www.getfuelcms.com/ Software Link: https://github.com/daylightstudio/FUEL-CMS/releases/tag/1.4.1 Version: ',epilog=f'EXAMPLE - python3 sys.argv0 -u http://10.10.21.74'...

9.8CVSS9.2AI score0.9391EPSS

Packet Storm•added 2021/11/02 12:0 a.m.•405 views

Employee Record Management System 1.2 SQL Injection

Title: Employee Record Management System 1.2 - 'empid' SQL injection Unauthenticated Exploit Author: Anubhav Singh Date: 2021-10-31 Vendor Homepage: https://phpgurukul.com/employee-record-management-system-in-php-and-mysql/ Version: 1.2 Software Link:...

Packet Storm•added 2021/11/02 12:0 a.m.•306 views

i3 International Annexxus Cameras Ax-n 5.2.0 Application Logic Flaw

i3 International Annexxus Cameras Ax-n 5.2.0 Application Logic Flaw Vendor: i3 International Inc. Product web page: https://www.i3international.com Affected version: V5.2.0 build 150317 Ax46 V5.0.9 build 151106 Ax68 V5.0.9 build 150615 Ax78 Summary: The Annexxus camera 6MP provides 4 simultaneous...

Packet Storm•added 2021/11/02 12:0 a.m.•395 views

Ericsson Network Location MPS GMPC21 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ericsson Network Location MPS - Restrictions Bypass RCE Meow Variant', 'Description' = %q This module exploits an arbitrary command execution...

Packet Storm•added 2021/11/02 12:0 a.m.•362 views

Codiad 2.8.4 Shell Upload

Exploit Title: Codiad 2.8.4 - Remote Code Execution Authenticated 4 Author: P4p4M4n3 Vendor Homepage: http://codiad.com/ Software Links : https://github.com/Codiad/Codiad/releases Type: WebApp ------------------------------------- Proof of Concept: 1- login on codiad 2- go to...

Packet Storm•added 2021/11/02 12:0 a.m.•354 views

Kingdia CD Extractor 3.0.2 Buffer Overflow

Exploit Title: Kingdia CD Extractor 3.0.2 - Buffer Overflow SEH Date: 31.10.2021 Software Link: https://en.softonic.com/download/kingdia-cd-extractor/windows/post-download Exploit Author: Achilles Tested Version: 3.0.2 Tested on: Windows 7 64bit 1.- Run python code : Kingdia.py 2.- Open EVIL.txt...

Packet Storm•added 2021/11/02 12:0 a.m.•375 views

YouTube Video Grabber 1.9.9.1 Buffer Overflow

Exploit Title: YouTube Video Grabber 1.9.9.1 - Buffer Overflow SEH Date: 01.11.2021 Software Link: https://www.litexmedia.com/ytgrabber.exe Exploit Author: Achilles Tested Version: 1.9.9.1 Tested on: Windows 7 64bit 1.- Run python code : YouTube.py 2.- Open EVIL.txt and copy All content to...

Packet Storm•added 2021/11/02 12:0 a.m.•397 views

10-Strike Network Inventory Explorer Pro 9.31 Buffer Overflow

Exploit Title: 10-Strike Network Inventory Explorer Pro 9.31 - Buffer Overflow SEH Date: 2021-10-31 Exploit Author: ro0k Vendor Homepage: https://www.10-strike.com/ Software Link: https://www.10-strike.com/networkinventoryexplorer/network-inventory-pro-setup.exe Version: 9.31 Tested on: Windows 1...

Packet Storm•added 2021/11/02 12:0 a.m.•342 views

Ericsson Network Location MPS GMPC21 Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ericsson Network Location MPS - Privilege Escalation Meow Variant', 'Description' = %q This module exploits privilege escalation vulnerability in...

Packet Storm•added 2021/11/02 12:0 a.m.•318 views

WordPress Pie Register 3.7.1.4 Authentication Bypass / Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/zip' class MetasploitModule 'WordPress Plugin Pie Register Auth Bypass to RCE', 'Description' = %q This module uses an authentication bypass vulnerability i...

Packet Storm•added 2021/11/02 12:0 a.m.•331 views

Dynojet Power Core 2.3.0 Unquoted Service Path

Exploit Title: Dynojet Power Core 2.3.0 - Unquoted Service Path Exploit Author: Pedro Sousa Rodrigues https://www.0x90.zone/ / @PedroSECR Version: 2.3.0 Build 303 Date: 30.10.2021 Vendor Homepage: https://www.dynojet.com/ Software Link: https://docs.dynojet.com/Document/18762 Tested on: Windows 1...

Packet Storm•added 2021/11/01 12:0 a.m.•322 views

Trojan.Win32.Delf.bna Information Disclosure

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/6bf08611410e3ef7df67d781a2e8efed.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan.Win32.Delf.bna Vulnerability: Information Disclosure Description: The malware listens on TCP...

Packet Storm•added 2021/11/01 12:0 a.m.•343 views

Trojan.Win32.Phires.zm Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/34fb086a88f3a2506b61a17cced3b476.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan.Win32.Phires.zm Vulnerability: Insecure Permissions Description: The malware creates an dir...

Packet Storm•added 2021/11/01 12:0 a.m.•389 views

PHPJabbers Simple CMS 5 Cross Site Scripting

Document Title: =============== PHPJabbers Simple CMS v5 - Persistent XSS Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2300 Release Date: ============= 2021-10-28 Vulnerability Laboratory ID VL-ID: ====================================...

Packet Storm•added 2021/11/01 12:0 a.m.•457 views

My Movie Collection Sinatra App Movie Cross Site Scripting

Document Title: =============== My Movie Collection Sinatra App - Movie XSS Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2294 Release Date: ============= 2021-11-01 Vulnerability Laboratory ID VL-ID: ====================================...

Packet Storm•added 2021/11/01 12:0 a.m.•511 views

My Movie Collection Sinatra App Login Cross Site Scripting

Document Title: =============== My Movie Collection Sinatra App - Login XSS Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2293 Release Date: ============= 2021-11-01 Vulnerability Laboratory ID VL-ID: ==================================...

Packet Storm•added 2021/11/01 12:0 a.m.•360 views

Backdoor.Win32.Agent.sah Heap Corruption

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/3ee7a90b5fc3f2b7ba68911e8220df17.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Agent.sah Vulnerability: Heap Corruption Description: The malware listens on TCP port...

Packet Storm•added 2021/11/01 12:0 a.m.•372 views

Trojan.Win32.Pasta.mca Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/4692b129b0034fd53cd76867d9869e49.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan.Win32.Pasta.mca Vulnerability: Insecure Permissions Description: The malware writes an .DLL...

Packet Storm•added 2021/11/01 12:0 a.m.•404 views

WordPress Hotel Listing 3.x Cross Site Scripting

Document Title: =============== Hotel Listing WP Plugin v3.x - MyAccount XSS Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2277 Release Date: ============= 2021-10-28 Vulnerability Laboratory ID VL-ID: ===================================...

Packet Storm•added 2021/10/29 12:0 a.m.•581 views

WebCTRL OEM 6.5 Cross Site Scripting

Exploit Title: WebCTRL OEM 6.5 - 'locale' Reflected Cross-Site Scripting XSS Date: 4/07/2021 Exploit Author: 3ndG4me Vendor Homepage: https://www.automatedlogic.com/en/products/webctrl-building-automation-system/ Version: 6.5 and Below CVE : CVE-2021-31682 --Summary-- The login portal for the...

4.3CVSS0.1AI score0.4107EPSS

Packet Storm•added 2021/10/29 12:0 a.m.•474 views

Umbraco 8.14.1 Server-Side Request Forgery

Exploit Title: Umbraco v8.14.1 - 'baseUrl' SSRF Date: July 5, 2021 Exploit Author: NgoAnhDuc Vendor Homepage: https://our.umbraco.com/ Software Link: https://our.umbraco.com/download/releases/8141 Version: v8.14.1 Affect: Umbraco CMS v8.14.1, Umbraco Cloud Vulnerable code:...

Packet Storm•added 2021/10/29 12:0 a.m.•563 views

Movable Type 7 r.5002 XMLRPC API Remote Command Injection

class MetasploitModule "Movable Type XMLRPC API Remote Command Injection", 'Description' = %q This module exploit Movable Type XMLRPC API Remote Command Injection. , 'License' = MSFLICENSE, 'Author' = 'Etienne Gervais', author & msf module, 'Charl-Alexandre Le Brun' author & msf module ,...

7.5CVSS0.4AI score0.94187EPSS

Packet Storm•added 2021/10/29 12:0 a.m.•482 views

Mini-XML 3.2 Heap Overflow

Exploit Title: Mini-XML 3.2 - Heap Overflow Google Dork: mxml Mini-xml Mini-XML Date: 2020.10.19 Exploit Author: LIWEI Vendor Homepage: https://www.msweet.org/mxml/ Software Link: https://github.com/michaelrsweet/mxml Version: v3.2 Tested on: ubuntu 18.04.2 1.- compile the Mini-XML code to a...

Packet Storm•added 2021/10/29 12:0 a.m.•506 views

WordPress NextScripts: Social Networks Auto-Poster 4.3.20 XSS

Description: Reflected Cross-Site ScriptingXSS Affected Plugin: NextScripts: Social Networks Auto-Poster Plugin Slug: social-networks-auto-poster-facebook-twitter-g Affected Versions: sprintf'Edit',$REQUEST'page','edit',$item-ID, 'delete' = sprintf'Delete',$REQUEST'page','delete',$item-ID, ;...

0.2AI score0.0021EPSS

Packet Storm•added 2021/10/28 12:0 a.m.•357 views

Backdoor.Win32.Antilam.14.o Remote Command Execution

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/2914f01e65d848655d4f1aac51ff04d1.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Antilam.14.o Vulnerability: Unauthenticated Remote Command Execution Description: The...

Packet Storm•added 2021/10/28 12:0 a.m.•392 views

Trojan.Win32.Akl.bc Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/0b2a0f61a209e24a7d7b2c2d5efb4d68.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan.Win32.Akl.bc Vulnerability: Insecure Permissions Description: The malware creates an dir name...

Packet Storm•added 2021/10/28 12:0 a.m.•482 views

HEUR.Backdoor.Win32.Generic Unauthenticated Open Proxy

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/6a96fc226fbe9f0efbcc8a7b2e34b807.txt Contact: [email protected] Media: twitter.com/malvuln Threat: HEUR.Backdoor.Win32.Generic Vulnerability: Unauthenticated Open Proxy Description: The malware liste...

Packet Storm•added 2021/10/28 12:0 a.m.•446 views

Backdoor.Win32.Hupigon.acio Unauthenticated Open Proxy

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/21f324a6a62d8125bc83b8d1865e17f9B.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Hupigon.acio Vulnerability: Unauthenticated Open Proxy Description: The malware...

Packet Storm•added 2021/10/28 12:0 a.m.•544 views

Backdoor.Win32.Hupigon.afjk Man-In-The-Middle

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/80b0fc8c0657c0ae7971f09af45c706bB.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Hupigon.afjk Vulnerability: Port Bounce Scan Description: The malware runs an FTP...

Packet Storm•added 2021/10/28 12:0 a.m.•469 views

Hostel Management System 2.1 Cross Site Request Forgery / Cross Site Scripting

Exploit Title: PHPGurukul Hostel Management System 2.1 - Cross-site request forgery CSRF to Cross-site Scripting XSS Date: 2021-10-27 Exploit Author: Anubhav Singh Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/hostel-management-system/ Version: V 2.1 Vulnerable...

Packet Storm•added 2021/10/28 12:0 a.m.•382 views

Backdoor.Win32.Hupigon.afjk Directory Traversal

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/80b0fc8c0657c0ae7971f09af45c706b.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Hupigon.afjk Vulnerability: Directory Traversal Description: The malware deploys a We...

Packet Storm•added 2021/10/28 12:0 a.m.•430 views

Backdoor.Win32.Delf.arjo Unquoted Service Path

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/05177f77f075293ff7d58a7f2915c64f.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Delf.arjo Vulnerability: Insecure Service Path Description: The malware creates a...

Packet Storm•added 2021/10/28 12:0 a.m.•462 views

Backdoor.Win32.Mazben.es Unauthenticated Open Proxy

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/fcd611ccbc756fab43761f4b18372b81.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Mazben.es Vulnerability: Unauthenticated Open Proxy Description: The malware listens ...

Packet Storm•added 2021/10/28 12:0 a.m.•478 views

Backdoor.Win32.Prorat.ntz Man-In-The-Middle

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/ab96d7f9e008a0774239be6be0c8e7bb.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Prorat.ntz Vulnerability: Port Bounce Scan Description: The malware runs an FTP serve...

Packet Storm•added 2021/10/28 12:0 a.m.•367 views

Virus.Win32.Ipamor.c Unauthenticated Reboot

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/b6bfdfe91c3e37865b6a269dc9ff9302.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Virus.Win32.Ipamor.c Vulnerability: Unauthenticated Remote System Reboot Description: The malware...

Packet Storm•added 2021/10/28 12:0 a.m.•477 views

WordPress Supsystic Contact Form 1.7.18 Cross Site Scripting

Exploit Title: WordPress Plugin Supsystic Contact Form 1.7.18 - 'label' Stored Cross-Site Scripting XSS Date: 10/27/2021 Exploit Author: Murat DEMIRCI @butterflyhunt3r Vendor Homepage: https://supsystic.com/ Software Link: https://wordpress.org/plugins/contact-form-by-supsystic/ Version: 1.7.18...

Packet Storm•added 2021/10/28 12:0 a.m.•592 views

Sophos UTM WebAdmin SID Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Sophos UTM WebAdmin SID Command Injection', 'Description' = %q This module exploits an SID-based command injection in Sophos UTM's WebAdmin...

10CVSS0.1AI score0.94293EPSS

Packet Storm•added 2021/10/28 12:0 a.m.•571 views

Backdoor.Win32.Prorat.ntz Weak Hardcoded Password

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/ab96d7f9e008a0774239be6be0c8e7bbB.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Prorat.ntz Vulnerability: Weak Hardcoded Password Description: The malware runs an F...

Packet Storm•added 2021/10/28 12:0 a.m.•507 views

Microsoft OMI Management Interface Authentication Bypass

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/SCXOperatingSystem' .freeze def initializeinfo = super updateinfo info, 'Name' = 'Microsoft OMI...

7.5CVSS1AI score0.94392EPSS

Packet Storm•added 2021/10/28 12:0 a.m.•495 views

Backdoor.Win32.Hupigon.afjk Authentication Bypass / Code Execution

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/80b0fc8c0657c0ae7971f09af45c706bC.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Hupigon.afjk Vulnerability: Authentication Bypass RCE Description: The malware runs ...

Packet Storm•added 2021/10/28 12:0 a.m.•455 views

Backdoor.Win32.Hupigon.acio Unquoted Service Path

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/21f324a6a62d8125bc83b8d1865e17f9.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Hupigon.acio Vulnerability: Insecure Service Path Description: The malware creates a...

Packet Storm•added 2021/10/26 12:0 a.m.•316 views

PHP Melody 3.0 Cross Site Scripting

Document Title: =============== PHP Melody v3.0 - Editor Persistent XSS Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2291 Bulletin: https://www.phpsugar.com/blog/2021/09/php-melody-3-0-vulnerability-report-fix/ Release Date: ===========...

Packet Storm•added 2021/10/26 12:0 a.m.•472 views

Simplephpscripts Simple CMS 2.1 Cross Site Scripting

Document Title: =============== Simplephpscripts Simple CMS v2.1 - XSS Web Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2301 Release Date: ============= 2021-10-18 Vulnerability Laboratory ID VL-ID: ====================================...

Packet Storm•added 2021/10/26 12:0 a.m.•544 views

Linux SELinux PTRACE_TRACEME Handler Use-After-Free

Linux: UAF read in SELinux handler for PTRACETRACEME There's a UAF read in the SELinux handler for PTRACETRACEME, selinuxptracetraceme. The bug was introduced in commit eb1231f73c4d7 "selinux: clarify task subjective and objective credentials". Part of the issue is that while the "cred" member...

Packet Storm•added 2021/10/26 12:0 a.m.•396 views

Simplephpscripts Simple CMS 2.1 SQL Injection

Document Title: =============== Simplephpscripts Simple CMS v2.1 - SQL Injection References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2303 Release Date: ============= 2021-10-19 Vulnerability Laboratory ID VL-ID: ==================================== 2303...

Total number of security vulnerabilities50621