Packetstorm - Page 155 of Packetstorm Vulnerabilities List | Vulners.com

PacketstormRecent

Recent Most viewed

50630 matches found

Packet Storm•added 2021/09/03 12:0 a.m.•300 views

Remote Mouse 4.002 Unquoted Service Path

Exploit Title: Remote Mouse 4.002 - Unquoted Service Path Exploit Author: Salman Asad @deathflash1411, [email protected] Date: 03.09.2021 Software Link: https://www.remotemouse.net/downloads/RemoteMouse.exe Vendor Homepage: https://www.remotemouse.net/ Version: Remote Mouse 3.008 & 4.002 Tested on...

Packet Storm•added 2021/09/03 12:0 a.m.•194 views

jforum 2.7.0 Cross Site Scripting

hi, I found a vulnerability in the jforum 2.7.0. It is a storage cross site script vulnerability. The place is the user's profile - signature. The technique of the vulnerability is the same as that described in this article "STORED CROSS SITE SCRIPTING IN BBCODE"...

Packet Storm•added 2021/09/02 12:0 a.m.•315 views

Backdoor.Win32.MoonPie.40 Remote Command Execution

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/Backdoor.Win32.MoonPie.40.9dbb6d56bc9a7813305883acd0f9a355C.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.MoonPie.40 Vulnerability: Unauthenticated Remote Command...

Packet Storm•added 2021/09/02 12:0 a.m.•165 views

Backdoor.Win32.MoonPie.40 Authentication Bypass / Code Execution

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/9dbb6d56bc9a7813305883acd0f9a355.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.MoonPie.40 Vulnerability: Authentication Bypass RCE Description: The malware runs an...

Packet Storm•added 2021/09/02 12:0 a.m.•211 views

Compro Technology IP Camera Stream Disclosure

Exploit Title: Compro Technology IP Camera - ' indexMJpeg.cgi' Stream Disclosure Date: 2021-09-30 Exploit Author: icekam,xiao13,Rainbow,tfsec Software Link: http://www.comprotech.com.hk/ Version: Compro IP70 2.087130218, IP570 2.087130520, IP60, TN540 CVE : CVE-2021-40381 Has an unauthorized acce...

7.6AI score0.39532EPSS

Packet Storm•added 2021/09/02 12:0 a.m.•140 views

OpenSIS Community 8.0 SQL Injection

Exploit Title: OpenSIS Community 8.0 - 'cpidmissattn' SQL Injection Date: 09/01/2021 Exploit Author: Eric Salario Vendor Homepage: http://www.os4ed.com/ Software Link: https://opensis.com/download Version: 8.0 Tested on: Windows, Linux A SQL injection vulnerability exists in the Take Attendance...

Packet Storm•added 2021/09/02 12:0 a.m.•188 views

Compro Technology IP Camera Denial Of Service

Exploit Title: Compro Technology IP Camera - 'killps.cgi' Denial-of-Service DoS Date: 2021-09-30 Exploit Author: icekam,xiao13,Rainbow,tfsec Software Link: http://www.comprotech.com.hk/ Version: Compro IP70 2.087130218, IP570 2.087130520, IP60, TN540 CVE : CVE-2021-40378 There is a backdoor...

0.4AI score0.40608EPSS

Packet Storm•added 2021/09/02 12:0 a.m.•158 views

Dolibarr ERP/CRM 14.0.1 Privilege Escalation

Exploit Title: Dolibarr ERP/CRM 14.0.1 - Privilege Escalation Date: April 8, 2021 Exploit Author: Vishwaraj101 Vendor Homepage: https://www.dolibarr.org/ Affected Version: = 14.0.1 Patch: https://github.com/Dolibarr/dolibarr/commit/489cff46a37b04784d8e884af7fc2ad623bee17d Summary: Using the below...

Packet Storm•added 2021/09/02 12:0 a.m.•171 views

WPanel 4.3.1 Remote Code Execution

Exploit Title: WPanel 4.3.1 - Remote Code Execution RCE Authenticated Date: 07/06/2021 Exploit Author: Sentinal920 Vendor Homepage: https://github.com/wpanel Software Link: https://github.com/wpanel/wpanel4-cms Version: 4.3.1 Tested on: Linux import requests import random,string Change This url =...

Packet Storm•added 2021/09/02 12:0 a.m.•350 views

Geutebruck Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Geutebruck Multiple Remote Command Execution', 'Description' = %q This module bypasses the HTTP basic authentication used to access the /uapi-cgi...

0.2AI score0.94247EPSS

Packet Storm•added 2021/09/02 12:0 a.m.•192 views

Backdoor.Win32.MoonPie.40 Man-In-The-Middle

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/9dbb6d56bc9a7813305883acd0f9a355B.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.MoonPie.40 Vulnerability: Port Bounce Scan Description: The malware listens on TCP...

Packet Storm•added 2021/09/02 12:0 a.m.•200 views

Compro Technology IP Camera Credential Disclosure

Exploit Title: Compro Technology IP Camera - 'Multiple' Credential Disclosure Date: 2021-09-30 Exploit Author: icekam,xiao13,Rainbow,tfsec Software Link: http://www.comprotech.com.hk/ Version: Compro IP70 2.087130218, IP570 2.087130520, IP60, TN540 CVE : CVE-2021-40380 There are unauthorized acce...

0.1AI score0.39532EPSS

Packet Storm•added 2021/09/02 12:0 a.m.•189 views

WordPress Duplicate Page 4.4.1 Cross Site Scripting

Exploit Title: WordPress Plugin Duplicate Page 4.4.1 - Stored Cross-Site Scripting XSS Date: 02/09/2021 Exploit Author: Nikhil Kapoor Software Link: https://wordpress.org/plugins/duplicate-page/ Version: 4.4.1 Category: Web Application Tested on Windows How to Reproduce this Vulnerability: 1...

Packet Storm•added 2021/09/02 12:0 a.m.•200 views

Compro Technology IP Camera Screenshot Disclosure

Exploit Title: Compro Technology IP Camera - ' mjpegStreamer.cgi' Screenshot Disclosure Date: 2021-09-30 Exploit Author: icekam,xiao13,Rainbow,tfsec Software Link: http://www.comprotech.com.hk/ Version: Compro IP70 2.087130218, IP570 2.087130520, IP60, TN540 CVE : CVE-2021-40382 There is an...

7.6AI score0.39532EPSS

Packet Storm•added 2021/09/02 12:0 a.m.•184 views

Compro Technology IP Camera RTSP Stream Disclosure

Exploit Title: Compro Technology IP Camera - RTSP stream disclosure Unauthenticated Date: 2021-09-30 Exploit Author: icekam,xiao13,Rainbow,tfsec Software Link: http://www.comprotech.com.hk/ Version: Compro IP70 2.087130218, IP570 2.087130520, IP60, TN540 CVE : CVE-2021-40379 Some devices have...

7.6AI score0.40065EPSS

Packet Storm•added 2021/09/02 12:0 a.m.•236 views

CyberArk Credential Provider Race Condition / Authorization Bypass

KL-001-2021-009: CyberArk Credential Provider Race Condition And Authorization Bypass Title: CyberArk Credential Provider Race Condition And Authorization Bypass Advisory ID: KL-001-2021-009 Publication Date: 2021.09.01 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2021-009.t...

0.5AI score0.00085EPSS

Packet Storm•added 2021/09/01 12:0 a.m.•166 views

Traffic Offense Management System 1.0 SQL Injection / Remote Code Execution

Exploit Title: Traffic Offense Management System 1.0 - SQLi to Remote Code Execution RCE Unauthenticated Date: 19.08.2021 Exploit Author: Tagoletta Tağmaç Software Link: https://www.sourcecodester.com/php/14909/online-traffic-offense-management-system-php-free-source-code.html Version: 1.0 Tested...

Packet Storm•added 2021/09/01 12:0 a.m.•185 views

WordPress GetPaid 2.4.6 HTML Injection

Exploit Title: WordPress Plugin Payments Plugin | GetPaid 2.4.6 - HTML Injection Date: 29/08/2021 Exploit Author: Niraj Mahajan Software Link: https://wordpress.org/plugins/invoicing/ Version: 2.4.6 Tested on Windows Steps to Reproduce: 1. Install Wordpress 5.8 2. Install and Activate "WordPress...

Packet Storm•added 2021/09/01 12:0 a.m.•222 views

Telegram Desktop 2.9.2 Denial Of Service

Exploit Title: Telegram Desktop 2.9.2 - Denial of Service PoC Exploit Author: Aryan Chehreghani Date: 2021-08-30 Vendor Homepage: https://telegram.org Software Link: https://telegram.org/dl/desktop/win64 Tested Version: 2.9.2 x64 Tested on OS: Windows 10 Enterprise About App Telegram is a messagi...

Packet Storm•added 2021/09/01 12:0 a.m.•578 views

COVID-19 Contact Tracing System With QR Code Scanning 1.0 SQL Injection

Exploit Title: Covid-19 Contact Tracing System Web App with QR Code Scanning CTS-QR by: oretnom23 v1.0 remote SQL-Injection-Bypass-Authentication in /ctsqr/classes/Login.php + XSS-Stored PWNED PHPSESSID Vulnerable parameter "code" in applicatoin State/Province List. Author: nu11secur1ty Testing a...

Packet Storm•added 2021/09/01 12:0 a.m.•351 views

Moxa Command Injection / Cross Site Scripting / Vulnerable Software

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple vulnerabilities product: see "Vulnerable / tested versions" vulnerable version: see "Vulnerable / tested versions" fixed version: see "Solution" CVE number:...

10CVSS0.4AI score0.93905EPSS

Packet Storm•added 2021/09/01 12:0 a.m.•312 views

Confluence Server 7.12.4 OGNL Injection Remote Code Execution

Exploit Title: Confluence Server 7.12.4 - 'OGNL injection' Remote Code Execution RCE Unauthenticated Date: 01/09/2021 Exploit Author: h3v0x Vendor Homepage: https://www.atlassian.com/ Software Link: https://www.atlassian.com/software/confluence/download-archives Version: All 7.12.x versions befor...

8.7AI score0.9444EPSS

Packet Storm•added 2021/09/01 12:0 a.m.•173 views

OpenEMR 6.0.0 Insecure Direct Object Reference

Exploit Title: Openemr 6.0.0 - Insecure direct object references Date: 31/8/2021 Exploit Author: Allen Enosh Upputori Vendor Homepage: https://community.open-emr.org Version: 6.0.0 Tested on: Linux CVE: 2021-40352 PoC: An attacker who has Physician Access can read messages with were sent to other...

6.5AI score0.04642EPSS

Packet Storm•added 2021/09/01 12:0 a.m.•199 views

Fabasoft Cloud Website Cross Site Scripting

Bulletin was redacted based on a request by the author...

Packet Storm•added 2021/09/01 12:0 a.m.•211 views

Linux eBPF ALU32 32-bit Invalid Bounds Tracking Local Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Linux eBPF ALU32 32-bit Invalid Bounds Tracking LPE', 'Description' = %q Linux kernels from 5.7-rc1 prior to 5.13-rc4, 5.12.4, 5.11.21, and 5.10....

7.8CVSS0.9AI score0.23269EPSS

Packet Storm•added 2021/08/31 12:0 a.m.•161 views

Backdoor.Win32.Hupigon.aejq Traversal

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/2a366cea300b84b4e6f8204a8c229266C.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Hupigon.aejq Vulnerability: Directory Traversal Description: The malware deploys a W...

Packet Storm•added 2021/08/31 12:0 a.m.•170 views

Backdoor.Win32.Hupigon.aejq Man-In-The-Middle

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/2a366cea300b84b4e6f8204a8c229266B.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Hupigon.aejq Vulnerability: Port Bounce Scan Description: The malware listens on TCP...

Packet Storm•added 2021/08/31 12:0 a.m.•168 views

Strapi 3.0.0-beta Authentication Bypass

Exploit Title: Strapi 3.0.0-beta - Set Password Unauthenticated Date: 2021-08-29 Exploit Author: David Anglada CodiObert Vendor Homepage: https://strapi.io/ Version: 3.0.0-beta Tested on: Linux CVE: CVE-2019-18818 !/usr/bin/python import requests import sys import json userEmail = "[email protected]...

9.8CVSS0.7AI score0.94045EPSS

Packet Storm•added 2021/08/31 12:0 a.m.•169 views

Backdoor.Win32.Hupigon.aejq Authentication Bypass / Code Execution

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/2a366cea300b84b4e6f8204a8c229266.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Hupigon.aejq Vulnerability: Authentication Bypass RCE Description: The malware runs a...

Packet Storm•added 2021/08/31 12:0 a.m.•154 views

Backdoor.Win32.Delf.wr Man-In-The-Middle

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/fc74e80ff2f49380972904d77df1c0f1B.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Delf.wr Vulnerability: Port Bounce Scan Description: The CrazyInvadres Group⌐ bY...

Packet Storm•added 2021/08/31 12:0 a.m.•204 views

BSCW Server Remote Code Execution

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Authenticated RCE product: BSCW Server vulnerable version: BSCW Server =5.0.11, =5.1.9, =5.2.3, =7.3.2, =7.4.2 fixed version: 5.0.12, 5.1.10, 5.2.4, 7.3.3, 7.4.3 CVE...

0.1AI score0.03984EPSS

Packet Storm•added 2021/08/31 12:0 a.m.•210 views

Git LFS Clone Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Git LFS Clone Command Exec', 'Description' = %q Git clients that support delay-capable clean / smudge filters and symbolic links on...

8CVSS0.1AI score0.61881EPSS

Packet Storm•added 2021/08/31 12:0 a.m.•152 views

Backdoor.Win32.BO2K.11.d Buffer Overflow

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/abc6a590d237b8ee180638007f67089e.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.BO2K.11.d Vulnerability: Local Stack Buffer Overflow Description: Back Orifice 2000 b...

Packet Storm•added 2021/08/31 12:0 a.m.•138 views

Backdoor.Win32.Delf.um Authentication Bypass / Code Execution

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/d5256768a01a0e7c2ad5ba1264777f71.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Delf.um Vulnerability: Authentication Bypass RCE Description: The malware runs an FTP...

Packet Storm•added 2021/08/31 12:0 a.m.•421 views

Online Leave Management System 1.0 SQL Injection

Exploit Title: OLMS - PHP by: oretnom23 v1.0 SQL-Injection-Bypass-Authentication in /leavesystem/classes/Login.php. Author: nu11secur1ty Testing and Debugging: nu11secur1ty Date: 08.31.2021 Vendor: https://www.sourcecodester.com/php/14910/online-leave-management-system-php-free-source-code.html...

Packet Storm•added 2021/08/31 12:0 a.m.•165 views

Umbraco CMS 8.9.1 Traversal / Arbitrary File Write

Exploit Title: Umbraco CMS 8.9.1 - Path traversal and Arbitrary File Write Authenticated Exploit Author: BitTheByte Description: Authenticated path traversal vulnerability. Exploit Research: https://www.tenable.com/security/research/tra-2020-59 Vendor Homepage: https://umbraco.com/ Version:...

6.5CVSS0.5AI score0.02606EPSS

Packet Storm•added 2021/08/31 12:0 a.m.•278 views

BSCW Server XML Injection

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: XML Tag injection product: BSCW Server vulnerable version: BSCW Server...

0.1AI score0.04884EPSS

Packet Storm•added 2021/08/31 12:0 a.m.•164 views

Backdoor.Win32.Delf.wr Authentication Bypass / Code Execution

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/fc74e80ff2f49380972904d77df1c0f1.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Delf.wr Vulnerability: Authentication Bypass RCE Description: The CrazyInvadres Group...

Packet Storm•added 2021/08/31 12:0 a.m.•216 views

WordPress ProfilePress 3.1.3 Privilege Escalation

Exploit Title: WordPress Plugin ProfilePress 3.1.3 - Privilege Escalation Unauthenticated Date: 23-08-2021 Exploit Author: Numan Rajkotiya Vendor Homepage: https://profilepress.net/ Software Link: https://downloads.wordpress.org/plugin/wp-user-avatar.3.0.zip Version: 1 ProfilePress Formerly WP Us...

9.8CVSS0.4AI score0.93479EPSS

Packet Storm•added 2021/08/30 12:0 a.m.•143 views

Backdoor.Win32.DarkKomet.aspl Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/5c644104f96ccad7a8cf324c2e523530.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.DarkKomet.aspl Vulnerability: Insecure Permissions Description: The malware creates a...

Packet Storm•added 2021/08/30 12:0 a.m.•272 views

Strapi 3.0.0-beta.17.7 Remote Code Execution

Exploit Title: Strapi 3.0.0-beta.17.7 - Remote Code Execution RCE Authenticated Date: 29/08/2021 Exploit Author: David Utón M3n0sD0n4ld Vendor Homepage: https://strapi.io/ Affected Version: strapi-3.0.0-beta.17.7 and earlier Tested on: Linux Ubuntu 18.04.5 LTS CVE : CVE-2019-19609 !/usr/bin/pytho...

9CVSS0.1AI score0.81127EPSS

Packet Storm•added 2021/08/30 12:0 a.m.•151 views

Projectsend r1295 Cross Site Scripting

Exploit Title: Projectsend r1295 - 'name' Stored XSS Date: 30.08.2021 Exploit Author: Abdullah Kala Vendor Homepage: https://www.projectsend.org/ Software Link: https://www.projectsend.org/download/387/ Version: r1295 Tested on: Ubuntu 18.04 Description: Firstly add client group. After uploading...

Packet Storm•added 2021/08/30 12:0 a.m.•180 views

HEUR.Trojan.Win32.Delf.gen Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/058ef1acc6456a924737d940f3cf81aa.txt Contact: [email protected] Media: twitter.com/malvuln Threat: HEUR.Trojan.Win32.Delf.gen Vulnerability: Insecure Permissions Description: The Batch VirusGen malwa...

Packet Storm•added 2021/08/30 12:0 a.m.•148 views

Backdoor.Win32.Antilam.11 Code Execution

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/9adffcc98cd658a7f9c5419480013f72B.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Antilam.11 Vulnerability: Unauthenticated Remote Code Execution Description: The...

Packet Storm•added 2021/08/30 12:0 a.m.•160 views

Bus Pass Management System 1.0 SQL Injection

Exploit Title: Bus Pass Management System 1.0 - 'viewid' SQL Injection Date: 2021-08-28 Exploit Author: Aryan Chehreghani Vendor Homepage: https://phpgurukul.com/bus-pass-management-system-using-php-and-mysql Software Link:...

Packet Storm•added 2021/08/30 12:0 a.m.•147 views

Backdoor.Win32.Hupigon.abe Unauthenticated Open Proxy

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/5d7908e7e95d0eb4a7351d24605e62a6.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Hupigon.abe Vulnerability: Unauthenticated Open Proxy Description: The malware listen...

Packet Storm•added 2021/08/30 12:0 a.m.•334 views

Strapi CMS 3.0.0-beta.17.4 Remote Code Execution

Exploit Title: Strapi CMS 3.0.0-beta.17.4 - Remote Code Execution RCE Unauthenticated Date: 2021-08-30 Exploit Author: Musyoka Ian Vendor Homepage: https://strapi.io/ Software Link: https://strapi.io/ Version: Strapi CMS version 3.0.0-beta.17.4 or lower Tested on: Ubuntu 20.04 CVE : CVE-2019-1881...

9.8CVSS8.4AI score0.94045EPSS

Packet Storm•added 2021/08/30 12:0 a.m.•449 views

Ship Ferry Ticket Reservation System 1.0 SQL Injection

Exploit Title: Ship Ferry Ticket Reservation System v1.0 SQL-Injection-Bypass-Authentication in /shipticketing/classes/Login.php. Author: nu11secur1ty Testing and Debugging: nu11secur1ty Date: 08.30.2021 Vendor:...

Packet Storm•added 2021/08/30 12:0 a.m.•170 views

Trojan-Proxy.Win32.Raznew.gen Unauthenticated Open Proxy

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/033ccd3a926441c49d3898dab97aefed.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan-Proxy.Win32.Raznew.gen Vulnerability: Unauthenticated Open Proxy Description: The malware...

Packet Storm•added 2021/08/29 12:0 a.m.•172 views

MySQL User-Defined (Linux) x32 / x86_64 sys_exec Local Privilege Escalation

Exploit Title: MySQL User-Defined Linux x32 / x8664 - 'sysexec' Local Privilege Escalation 2 Date: 29/08/2021 Exploit Author: ninpwn Vendor Homepage: https://www.mysql.com Software Link: www.mysql.com Version: MySQL 4.x/5.x Tested on: Debian GNU/Linux 9 / mysql Ver 14.14 Distrib 5.7.30, for Linux...

Total number of security vulnerabilities50630