Packetstorm - Page 157 of Packetstorm Vulnerabilities List | Vulners.com

PacketstormRecent

Recent Most viewed

50630 matches found

Packet Storm•added 2021/08/13 12:0 a.m.•474 views

Easy-Mock 1.6.0 Remote Code Execution

Exploit Title: easy-mock 1.6.0 - Remote Code Execution RCE Authenticated Date: 12/08/2021 Exploit Author: LionTree Vendor Homepage: https://github.com/easy-mock Software Link: https://github.com/easy-mock/easy-mock Version: 1.5.0-1.6.0 Tested on: windows 10node v8.17.0 import requests import json...

Packet Storm•added 2021/08/13 12:0 a.m.•461 views

4images 1.8 SQL Injection

Exploit Title: 4images 1.8 - 'limitnumber' SQL Injection Authenticated Exploit Author: Andrey Stoykov Software Link: https://www.4homepages.de/download-4images Version: 1.8 Tested on: Linux Source Analysis: Line 658 - User action defined if $action == "findimages" Line 661 - Vulnerable condition...

Packet Storm•added 2021/08/13 12:0 a.m.•349 views

PluXML 5.8.7 Cross Site Scripting

Exploit Title: XSS-Stored on PluXML 5.8.7 - latest parameter "idcontent" Author: nu11secur1ty Testing and Debugging: nu11secur1ty Date: 08.13.2021 Vendor: https://pluxml.org/ Link: https://sourceforge.net/projects/chikitsa/ CVE: CVE-2021-38603 + Exploit Source: !/usr/bin/python3 Author:...

5.2AI score0.0065EPSS

Packet Storm•added 2021/08/12 12:0 a.m.•466 views

RATES SYSTEM 1.0 SQL Injection

Exploit Title: RATES SYSTEM 1.0 - 'Multiple' SQL Injections Date: 11-08-2021 Exploit Author: Halit AKAYDIN hLtAkydn Software Link: https://www.sourcecodester.com/php/14904/rates-system.html Version: V1.0 Category: Webapps Tested on: Linux/Windows Description: PHP Dashboards is prone to an...

Packet Storm•added 2021/08/12 12:0 a.m.•299 views

Xiaomi 10.2.4.g Information Disclosure

Exploit Title: Xiaomi browser 10.2.4.g - Browser Search History Disclosure Date: 27-Dec-2018 Exploit Author: Vishwaraj101 Vendor Homepage: https://www.mi.com/us Software Link: https://www.apkmirror.com/apk/xiaomi-inc/mi-browse/mi-browse-10-2-4-release/ Version: 10.2.4.g Tested on: Tested in Andro...

5.3CVSS5.4AI score0.05868EPSS

Packet Storm•added 2021/08/12 12:0 a.m.•328 views

Atlassian Crowd pdkinstall Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Atlassian Crowd pdkinstall Unauthenticated Plugin Upload RCE', 'Description' = %q This module can be used to upload a plugin on Atlassian Cloud v...

9.8CVSS0.6AI score0.94383EPSS

Packet Storm•added 2021/08/12 12:0 a.m.•400 views

Lexmark Driver Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Lexmark Driver Privilege Escalation', 'Description' = %q Various Lexmark Universal Printer drivers as listed at advisory TE953 allow low-privileg...

7.2CVSS1.1AI score0.13287EPSS

Packet Storm•added 2021/08/12 12:0 a.m.•586 views

COVID19 Testing Management System 1.0 SQL Injection

Exploit Title: COVID19 Testing Management System 1.0 - 'searchdata' SQL Injection Google Dork: intitle: "COVID19 Testing Management System" Date: 09/08/2021 Exploit Author: Ashish Upsham Vendor Homepage: https://phpgurukul.com Software Link:...

Packet Storm•added 2021/08/11 12:0 a.m.•385 views

Canon TR150 Driver 3.71.2.10 Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Canon Driver Privilege Escalation', 'Description' = %q Canon TR150 print drivers versions 3.71.2.10 and below allow local users to read/write fil...

0.8AI score0.03671EPSS

Packet Storm•added 2021/08/11 12:0 a.m.•314 views

HackTool.Win32.Hidd.b Buffer Overflow

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/665a408981294ca49be23096363eec2f.txt Contact: [email protected] Media: twitter.com/malvuln Threat: HackTool.Win32.Hidd.b Vulnerability: Remote Stack Buffer Overflow UDP Datagram Description: The...

Packet Storm•added 2021/08/11 12:0 a.m.•313 views

Trojan-Proxy.Win32.Raznew.gen Unauthenticated Open Proxy

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/55ce4b6c2ec10838c54dca54d96801d6.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan-Proxy.Win32.Raznew.gen Vulnerability: Unauthenticated Open Proxy Description: The malware...

Packet Storm•added 2021/08/11 12:0 a.m.•315 views

Backdoor.Win32.IRCBot.gen Hardcoded Credential

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/bcfc89ca07bd0ad7b9396a0815c9fc39.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.IRCBot.gen Vulnerability: Hardcoded Weak Password Description: The malware listens on...

Packet Storm•added 2021/08/10 12:0 a.m.•291 views

Facebook For Android Friend Acceptance

Author - Sivanesh Ashok | @sivaneshashok | stazot.com Date : 2021-08-03 Vendor : https://facebook.com/ Version : Tested on : Version 329.0.0.29.120, Android 10 Last Modified : 2021-08-10 -- Bug Description Facebook for Android is vulnerable to a permission issue which allows anyone with physical...

Packet Storm•added 2021/08/10 12:0 a.m.•320 views

MobileTogether Server 7.3 XML Injection

Advisory: XML External Entity Expansion in MobileTogether Server RedTeam Pentesting discovered a vulnerability in the MobileTogether server which allows users with access to at least one app to read arbitrary, non-binary files from the file system and perform server-side requests. The vulnerabili...

0.1AI score0.08684EPSS

Packet Storm•added 2021/08/10 12:0 a.m.•563 views

Cockpit CMS 0.11.1 NoSQL Injection

Exploit Title: Cockpit CMS 0.11.1 - 'Username Enumeration & Password Reset' NoSQL Injection Date: 06-08-2021 Exploit Author: Brian Ombongi Vendor Homepage: https://getcockpit.com/ Version: Cockpit 0.11.1 Tested on: Ubuntu 16.04.7 CVE : CVE-2020-35847 & CVE-2020-35848 !/usr/bin/python3 import json...

9.8CVSS9.6AI score0.93971EPSS

Packet Storm•added 2021/08/10 12:0 a.m.•194 views

IPCop 2.1.9 Remote Code Execution

Exploit Title: IPCop 2.1.9 - Remote Code Execution RCE Authenticated Date: 02/08/2021 Exploit Author: Mücahit Saratar Vendor Homepage: https://www.ipcop.org/ Software Link: https://sourceforge.net/projects/ipcop/files/IPCop/IPCop%202.1.8/ipcop-2.1.8-install-cd.i486.iso -...

Packet Storm•added 2021/08/10 12:0 a.m.•215 views

WordPress LifterLMS 4.21.1 Insecure Direct Object Reference

Exploit Title: WordPress Plugin LifterLMS 4.21.1 - Access Other Student Grades/Answers via IDOR Date: 2021-05-17 Exploit Author: captainhook Vendor Homepage: https://lifterlms.com Software Link: https://lifterlms.com Version: 4.21.1 Tested on: any Description The plugin was affected by an IDOR...

Packet Storm•added 2021/08/10 12:0 a.m.•309 views

Simple Library Management System 1.0 SQL Injection

Exploit Title: Simple Library Management System 1.0 - 'rollno' SQL Injection Date: 2021-08-08 Exploit Author: Halit AKAYDIN hLtAkydn Vendor Homepage: https://www.nikhilbhalerao.com/ Software Link: https://www.sourcecodester.com/php/14126/simple-library-management-system.html Version: V1 Category:...

Packet Storm•added 2021/08/10 12:0 a.m.•288 views

WordPress Picture Gallery 1.4.2 Cross Site Scripting

Exploit Title: WordPress Plugin Picture Gallery 1.4.2 - 'Edit Content URL' Stored Cross-Site Scripting XSS Date: 2021-08-06 Exploit Author: Aryan Chehreghani Software Link: https://wordpress.org/plugins/picture-gallery/ Version: 1.4.2 Tested on: Windows 10 How to Reproduce this Vulnerability: 1...

Packet Storm•added 2021/08/07 12:0 a.m.•282 views

OneNav Beta 0.9.12 Cross Site Scripting

Exploit Title: XSS-Stored - Brutal PWNED on OneNav beta 0.9.12 addlink feature Author: nu11secur1ty Testing and Debugging: nu11secur1ty $ g3ck0dr1v3r Date: 08.06.2021 Vendor: https://www.xiaoz.me/ Link: https://github.com/helloxz/onenav/releases/tag/0.9.12 CVE: CVE-2021-38138 + Exploit Source:...

5.6AI score0.0026EPSS

Packet Storm•added 2021/08/06 12:0 a.m.•285 views

Amica Prodigy 1.7 Privilege Escalation

Exploit Title: Amica Prodigy 1.7 - Privilege Escalation Date: 2021-08-06 Exploit Author: Andrea Intilangelo Vendor Homepage: https://gestionaleamica.com - https://www.bisanziosoftware.com Software Link: https://gestionaleamica.com/Download/AmicaProdigySetup.exe Version: 1.7 Tested on: Windows 10...

1.1AI score0.00195EPSS

Packet Storm•added 2021/08/06 12:0 a.m.•430 views

Backdoor.Win32.Zdemon.126 Remote Command Execution

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/cedc886b593f013133df39bb6b43a762.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Zdemon.126 Vulnerability: Unauthenticated Remote Command Execution Description: Zdemo...

Packet Storm•added 2021/08/06 12:0 a.m.•624 views

Backdoor.Win32.Zdemon.10 Remote Command Execution

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/d12f38e959d70af76fd263aa1933033c.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Zdemon.10 Vulnerability: Unauthenticated Remote Command Execution Description: Zdemon...

Packet Storm•added 2021/08/06 12:0 a.m.•387 views

Trojan-Dropper.Win32.Small.fp Unauthenticated Open Proxy

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/07122dd3b069bbbb445e060c1249d5a2.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan-Dropper.Win32.Small.fp Vulnerability: Unauthenticated Open Proxy Description: The malware...

Packet Storm•added 2021/08/06 12:0 a.m.•505 views

Constructor.Win32.SS.11.c Unauthenticated Open Proxy

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/da60b92742abff72930879fa8560b3c3.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Constructor.Win32.SS.11.c Vulnerability: Unauthenticated Open Proxy Description: The malware listens...

Packet Storm•added 2021/08/06 12:0 a.m.•581 views

Backdoor.Win32.Zaratustra Remote File Write / Code Execution

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/f240c16af2189ea9c94f317281ce7e59.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Zaratustra Vulnerability: Unauthenticated Remote File Write Remote Code Exec...

Packet Storm•added 2021/08/05 12:0 a.m.•572 views

Moodle 3.9 Remote Code Execution

Exploit Title: Moodle 3.9 - Remote Code Execution RCE Authenticated Date: 12-05-2021 Exploit Author: lanz Vendor Homepage: https://moodle.org/ Version: Moodle 3.9 Tested on: FreeBSD !/usr/bin/python3 Moodle 3.9 - RCE Authenticated as teacher Based on PoC and Payload to assign full permissions to...

8.8AI score0.39399EPSS

Packet Storm•added 2021/08/05 12:0 a.m.•257 views

CMSuno 1.7 Cross Site Scripting

Exploit Title: CMSuno 1.7 - 'tgo' Stored Cross-Site Scripting XSS Authenticated Date: 03-08-2021 Exploit Author: splint3rsec Vendor Homepage: https://github.com/boiteasite Software Link: https://github.com/boiteasite/cmsuno Affected Versions: CMSuno 1.7 and prior CVE : CVE-2021-36654 CMSuno versi...

5.6AI score0.02602EPSS

Packet Storm•added 2021/08/05 12:0 a.m.•571 views

GFI Mail Archiver 15.1 Arbitrary File Upload

Exploit Title: GFI Mail Archiver = 15.1 - Telerik UI Component Arbitrary File Upload Unauthenticated Date: 21 March 2021 Exploit Author: Amin Bohio https://aminbohio.com Original Research & Code By: Paul Taylor / Foregenix Ltd Original Exploit: https://github.com/bao7uo/RAUcrypto Vendor Homepage:...

Packet Storm•added 2021/08/04 12:0 a.m.•532 views

Client Management System 1.1 Cross Site Scripting

Exploit Title: Client Management System 1.1 - 'cname' Stored Cross-site scripting XSS Date: 2021-08-04 Exploit Author: Mohammad Koochaki Vendor Homepage: https://phpgurukul.com/client-management-system-using-php-mysql/ Software Link: https://phpgurukul.com/?smdprocessdownload=1&downloadid=10841...

Packet Storm•added 2021/08/04 12:0 a.m.•286 views

Riak Insecure Default Configuration / Remote Command Execution

Riak KV Insecure Default Cookie RCE ===== Intro ===== Riak is a NoSQL key-value database that is built to maximize data availability and performance, especially useful for eg. big data environments. It's built to survive data and network failures with design principles similar to DynamoDB while...

Packet Storm•added 2021/08/04 12:0 a.m.•229 views

WordPress WP Customize Login 1.1 Cross Site Scripting

Exploit Title: WordPress Plugin WP Customize Login 1.1 - 'Change Logo Title' Stored Cross-Site Scripting XSS Date: 2021-08-03 Exploit Author: Aryan Chehreghani Software Link: https://wordpress.org/plugins/customize-login/ Version: 1.1 Tested on: Windows 10 How to Reproduce this Vulnerability: 1...

Packet Storm•added 2021/08/04 12:0 a.m.•264 views

Apache OfBiz 17.12.01 Remote Command Execution

Exploit Title: ApacheOfBiz 17.12.01 - Remote Command Execution RCE via Unsafe Deserialization of XMLRPC arguments Date: 2021-08-04 Exploit Author: Álvaro Muñoz, Adrián Díaz s4dbrd Vendor Homepage: https://ofbiz.apache.org/index.html Software Link:...

6.1CVSS0.5AI score0.93765EPSS

Packet Storm•added 2021/08/04 12:0 a.m.•246 views

qdPM 9.2 Information Disclosure

Exploit Title: qdPM 9.2 - DB Connection String and Password Exposure Unauthenticated Date: 03/08/2021 Exploit Author: Leon Trappett thepcn3rd Vendor Homepage: https://qdpm.net/ Software Link: https://sourceforge.net/projects/qdpm/files/latest/download Version: 9.2 Tested on: Ubuntu 20.04 Apache2...

Packet Storm•added 2021/08/03 12:0 a.m.•275 views

Hotel Management System 1.0 Cross Site Scripting / Shell Upload

Exploit Title: Hotel Management System 1.0 - Cross-Site Scripting XSS Arbitrary File Upload Remote Code Execution RCE Date: 2021-08-01 Exploit Author: Merbin Russel Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/?smdprocessdownload=1&downloadid=7204 Version: V1.0...

Packet Storm•added 2021/08/02 12:0 a.m.•408 views

Online Hotel Reservation System 1.0 Cross Site Scripting

Exploit Title: Online Hotel Reservation System 1.0 - 'Multiple' Cross-site scripting XSS Date: 2021-08-02 Exploit Author: Mohammad Koochaki Vendor Homepage: https://www.sourcecodester.com/php/13492/online-hotel-reservation-system-phpmysqli.html Software Link:...

Packet Storm•added 2021/08/01 12:0 a.m.•223 views

Neo4j 3.4.18 Remote Code Execution

Exploit Title: Neo4j 3.4.18 - RMI based Remote Code Execution RCE Date: 7/30/21 Exploit Author: Christopher Ellis, Nick Gonella, Workday Inc. Vendor Homepage: neo4j.com Software Link: https://neo4j.com/download-thanks/?edition=community&release=3.4.18&flavour=unix Version: 3.4.18 Tested on:...

Packet Storm•added 2021/07/31 12:0 a.m.•282 views

Men Salon Management System 1.0 SQL Injection

Exploit Title: Men Salon Management System 1.0 - SQL Injection Authentication Bypass Date: 2021-07-30 Exploit Author: Akshay Khanna ConfusedBot Vendor Homepage: https://phpgurukul.com/men-salon-management-system-using-php-and-mysql/ Software Link:...

Packet Storm•added 2021/07/30 12:0 a.m.•294 views

Pi-Hole Remove Commands Linux Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Pi-Hole Remove Commands Linux Priv Esc', 'Description' = %q Pi-Hole versions 3.0 - 5.3 allows for command line input to the removecustomcname,...

7.8CVSS0.8AI score0.10941EPSS

Packet Storm•added 2021/07/30 12:0 a.m.•248 views

ObjectPlanet Opinio 7.13 / 7.14 XML Injection

Exploit Authors: Timothy Tan , Daniel Tan, Yu EnHui, Khor Yong Heng CVE: CVE-2020-26564 Exploit Title: ObjectPlanet Opinio version 7.13/7.14 allows XXE injection Vendor Homepage: https://www.objectplanet.com/opinio/ Software Link: https://www.objectplanet.com/opinio/ Exploit Authors: Timothy Tan ...

6.9AI score0.00191EPSS

Packet Storm•added 2021/07/30 12:0 a.m.•373 views

Panasonic Sanyo CCTV Network Camera 2.03-0x Cross Site Request Forgery

!-- Panasonic Sanyo CCTV Network Camera 2.03-0x CSRF Disable Authentication / Change Password Vendor: Panasonic Corporation | SANYO Electric Co., Ltd. Product web page: https://www.panasonic.com https://www.sanyo-av.com https://panasonic.net/sanyo/cs/index.html Affected version: Model: VCC-HD5600...

Packet Storm•added 2021/07/30 12:0 a.m.•225 views

ObjectPlanet Opinio 7.13 Shell Upload

Exploit Authors: Timothy Tan , Daniel Tan, Yu EnHui, Khor Yong Heng CVE: CVE-2020-26806 Exploit Title: ObjectPlanet Opinio version 7.13 allows unrestricted file upload Vendor Homepage: https://www.objectplanet.com/opinio/ Software Link: https://www.objectplanet.com/opinio/ Exploit Authors: Timoth...

7.2AI score0.05031EPSS

Packet Storm•added 2021/07/30 12:0 a.m.•239 views

ObjectPlanet Opinio 7.13 Expression Language Injection

Exploit Authors: Timothy Tan , Daniel Tan, Yu EnHui, Khor Yong Heng CVE: CVE-2020-26565 Exploit Title: ObjectPlanet Opinio version 7.13 allows expression language injection Vendor Homepage: https://www.objectplanet.com/opinio/ Software Link: https://www.objectplanet.com/opinio/ Exploit Authors:...

7.7AI score0.00399EPSS

Packet Storm•added 2021/07/29 12:0 a.m.•244 views

ObjectPlanet Opinio 7.12 Cross Site Scripting

Exploit Title: ObjectPlanet Opinio 7.12 allows Cross-Site Scripting Vendor Homepage: https://www.objectplanet.com/opinio/ Software Link: https://www.objectplanet.com/opinio/ Exploit Authors: Ang Kar Min https://www.linkedin.com/in/karmin-ang CVE: CVE-2020-26563 Timeline - September 2019: Initial...

6.4AI score0.00278EPSS

Packet Storm•added 2021/07/29 12:0 a.m.•314 views

IntelliChoice eFORCE Software Suite 2.5.9 Username Enumeration

IntelliChoice eFORCE Software Suite v2.5.9 Username Enumeration Vendor: IntelliChoice, Inc. Product web page: https://www.eforcesoftware.com Affected version: 2.5.9.6 2.5.9.5 2.5.9.3 2.5.9.2 2.5.9.1 2.5.8.0 2.5.7.20 2.5.7.18 2.5.6.18 2.5.4.6 2.5.3.11 Summary: IntelliChoice is a United States...

Packet Storm•added 2021/07/29 12:0 a.m.•227 views

Care2x Integrated Hospital Info System 2.7 SQL Injection

Exploit Title: Care2x Integrated Hospital Info System 2.7 - 'Multiple' SQL Injection Date: 29.07.2021 Exploit Author: securityforeveryone.com Vendor Homepage: https://care2x.org Software Link: https://sourceforge.net/projects/care2002/ Version: = 2.7 Alpha Tested on: Linux/Windows Researchers :...

Packet Storm•added 2021/07/29 12:0 a.m.•207 views

Longjing Technology BEMS API 1.21 Remote Arbitrary File Download

Longjing Technology BEMS API 1.21 Remote Arbitrary File Download Vendor: Longjing Technology Product web page: http://www.ljkj2012.com Affected version: 1.21 Summary: Battery Energy Management System. Desc: The application suffers from an unauthenticated arbitrary file download vulnerability. Inp...

Packet Storm•added 2021/07/29 12:0 a.m.•263 views

Denver IP Camera SHO-110 Snapshot Disclosure

Exploit Title: Denver IP Camera SHO-110 - Unauthenticated Snapshot Date: 28 July 2021 Exploit Author: Ivan Nikolsky enty8080 Vendor Homepage: https://denver.eu/products/smart-home-security/denver-sho-110/c-1024/c-1243/p-3826 Version: Denver SHO-110 all firmware versions Tested on: Denver SHO-110...

Packet Storm•added 2021/07/29 12:0 a.m.•422 views

CloverDX 5.9.0 Code Execution / Cross Site Request Forgery

Exploit Title: CloverDX 5.9.0 - Cross-Site Request Forgery CSRF to Remote Code Execution RCE Date: 14.04.2021 Exploit Author: niebardzo Vendor Homepage: https://www.cloverdx.com/ Software Link: https://github.com/cloverdx/cloverdx-server-docker Version: 5.9.0, 5.8.1, 5.8.0, 5.7.0, 5.6.x, 5.5.x,...

8.8CVSS0.1AI score0.01725EPSS

Packet Storm•added 2021/07/29 12:0 a.m.•392 views

Oracle Fatwire 6.3 Cross Site Scripting / SQL Injection

Exploit Title: Oracle Fatwire 6.3 - Multiple Vulnerabilities Date: 29/07/2021 Exploit Author: J. Francisco Bolivar @Jfrancbit Vendor Homepage: https://www.oracle.com/index.html Version: 6.3 Tested on: CentOS 1. Xss Adt parameter is vulnerable to Xss:...

Total number of security vulnerabilities50630