Lucene search
K
PacketstormRecent

50784 matches found

Packet Storm
Packet Storm
•added 2021/05/06 12:0 a.m.•389 views

Tagstoo 2.0.1 Cross Site Scripting / Code Execution

Exploit Title: Tagstoo v2.0.1 - Stored XSS to RCE Exploit Author: TaurusOmar Twitter:@TaurusOmar HomePage:taurusomar.com Date: May 4th, 2021 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Risk: High 8.8 Vendor Homepage: https://tagstoo.sourceforge.io/ Version: v2.0.1 Tested on: Windows, Linux, MacO...

0.1AI score
Exploits0
Packet Storm
Packet Storm
•added 2021/05/06 12:0 a.m.•165 views

Marky 0.0.1 Cross Site Scripting / Code Execution

Exploit Title: Marky 0.0.1 XSS to RCE Exploit Author: TaurusOmar Twitter:@TaurusOmar HomePage:taurusomar.com Date: May 4th, 2021 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Risk: High 8.8 Vendor Homepage: https://github.com/vesparny/marky Version: 0.0.1 Tested on: Linux, MacOs, Windows Software...

0.2AI score
Exploits0
Packet Storm
Packet Storm
•added 2021/05/06 12:0 a.m.•350 views

Trojan.Win32.Siscos.bqe Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/b4a35ae6dcceea6390769829b4e1506f.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan.Win32.Siscos.bqe Vulnerability: Insecure Permissions Description: The malware creates a...

7.4AI score
Exploits0
Packet Storm
Packet Storm
•added 2021/05/06 12:0 a.m.•145 views

Markdownify 1.2.0 Cross Site Scripting / Code Execution

Exploit Title: Markdownify 1.2.0 XSS to RCE Exploit Author: TaurusOmar Twitter:@TaurusOmar HomePage:taurusomar.com Date: May 4th, 2021 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Risk: High 8.8 Vendor Homepage: https://github.com/amitmerchant1990/electron-markdownify Version: 1.2.0 Tested on:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
•added 2021/05/06 12:0 a.m.•940 views

Xmind 2020 Cross Site Scripting / Code Execution

Exploit Title: Xmind 2020 XSS to RCE Exploit Author: TaurusOmar Twitter:@TaurusOmar HomePage:taurusomar.com Date: May 4th, 2021 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Risk: High 8.8 Vendor Homepage: https://www.xmind.net/ Version: 2020 Tested on: Windows, Linux, MacOs Software Description:...

Exploits0
Packet Storm
Packet Storm
•added 2021/05/06 12:0 a.m.•147 views

Anote 1.0 Cross Site Scripting / Code Execution

Exploit Title: Anote 1.0 XSS to RCE Exploit Author: TaurusOmar Twitter:@TaurusOmar HomePage:taurusomar.com Date: May 4th, 2021 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Risk: High 8.8 Vendor Homepage: https://github.com/AnotherNote/anote Version: 1.0 Tested on: Linux, MacOs Software Descriptio...

Exploits0
Packet Storm
Packet Storm
•added 2021/05/06 12:0 a.m.•152 views

Markdown-Explorer 0.1.1 Cross Site Scripting / Code Execution

Exploit Title: Markdown-Explorer 0.1.1 XSS to RCE Exploit Author: TaurusOmar Twitter:@TaurusOmar HomePage:taurusomar.com Date: May 4th, 2021 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Risk: High 8.8 Vendor Homepage: https://github.com/jersou/markdown-explorer Version: 0.1.1 Tested on: Windows,...

0.1AI score
Exploits0
Packet Storm
Packet Storm
•added 2021/05/06 12:0 a.m.•146 views

WordPress WP Super Edit 2.5.4 Arbitrary File Upload

Title: Wordpress Plugin WP Super Edit 2.5.4 - Remote File Upload Author: h4shur date: 2021-05-06 Vendor Homepage: https://wordpress.org Software Link: https://wordpress.org/plugins/wp-super-edit/ Version : 2.5.4 and earlier Tested on: Windows 10 & Google Chrome Category : Web Application Bugs Dor...

7.4AI score
Exploits0
Packet Storm
Packet Storm
•added 2021/05/06 12:0 a.m.•297 views

Schlix CMS 2.2.6-6 Remote Code Execution

Exploit Title: Schlix CMS 2.2.6-6 - Remote Code Execution Authenticated Date: 2021-05-06 Exploit Author: Eren Saraç Vendor Homepage: https://www.schlix.com/ Software Link: https://www.schlix.com/downloads/schlix-cms/schlix-cms-v2.2.6-6.zip Version: 2.2.6-6 Tested on: Windows & WampServer ==...

7.4AI score
Exploits0
Packet Storm
Packet Storm
•added 2021/05/06 12:0 a.m.•351 views

Backdoor.Win32.Floder.gqe Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/0629e3b2ab8a973a3e37e4e97cb9cfea.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Floder.gqe Vulnerability: Insecure Permissions Description: The malware creates an...

7.4AI score
Exploits0
Packet Storm
Packet Storm
•added 2021/05/06 12:0 a.m.•152 views

Markright 1.0 Cross Site Scripting / Code Execution

Exploit Title: Markright 1.0 XSS to RCE Exploit Author: TaurusOmar Twitter:@TaurusOmar HomePage:taurusomar.com Date: May 4th, 2021 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Risk: High 8.8 Vendor Homepage: https://github.com/dvcrn/markright Version: 1.0 Tested on: Linux, MacOs,Windows Software...

0.2AI score
Exploits0
Packet Storm
Packet Storm
•added 2021/05/06 12:0 a.m.•206 views

b2evolution 7-2-2 SQL Injection

Exploit Title: b2evolution 7-2-2 obtaining sensitive database information by injecting SQL commands into the "cfname" parameter Author: @nu11secur1ty Testing and Debugging: @nu11secur1ty Date: 05.06.2021 Vendor: https://b2evolution.net/ Link: https://b2evolution.net/downloads/7-2-2 CVE:...

6.5CVSS8.8AI score0.04962EPSS
Exploits4
Packet Storm
Packet Storm
•added 2021/05/06 12:0 a.m.•287 views

Schlix CMS 2.2.6-6 Cross Site Scripting

Exploit Title: Schlix CMS 2.2.6-6 - 'title' Persistent Cross-Site Scripting Authenticated Date: 2021-05-05 Exploit Author: Emircan BaÅŸ Vendor Homepage: https://www.schlix.com/ Software Link: https://www.schlix.com/downloads/schlix-cms/schlix-cms-v2.2.6-6.zip Version: 2.2.6-6 Tested on: Windows &...

7.4AI score
Exploits0
Packet Storm
Packet Storm
•added 2021/05/06 12:0 a.m.•152 views

Moeditor 0.2.0 Cross Site Scripting / Code Execution

Exploit Title: Moeditor 0.2.0 XSS to RCE Exploit Author: TaurusOmar Twitter:@TaurusOmar HomePage:taurusomar.com Date: May 4th, 2021 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Risk: High 8.8 Vendor Homepage: https://moeditor.js.org/ Version: 0.2.0 Tested on: Windows, Linux, MacOs Software...

7.4AI score
Exploits0
Packet Storm
Packet Storm
•added 2021/05/06 12:0 a.m.•369 views

Backdoor.Win32.NinjaSpy.c Code Execution

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/6eece319bc108576bd1f4a8364616264B.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.NinjaSpy.c Vulnerability: Remote Command Execution Description: The malware listens ...

7.4AI score
Exploits0
Packet Storm
Packet Storm
•added 2021/05/06 12:0 a.m.•158 views

SnipCommand 0.1.0 Cross Site Scripting / Code Execution

Exploit Title: SnipCommand 0.1.0 XSS to RCE Exploit Author: TaurusOmar Twitter:@TaurusOmar HomePage:taurusomar.com Date: May 4th, 2021 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Risk: High 8.8 Vendor Homepage: https://github.com/gurayyarar/SnipCommand Version: 0.1.0 Tested on: Windows, Linux,...

7.4AI score
Exploits0
Packet Storm
Packet Storm
•added 2021/05/05 12:0 a.m.•200 views

Packed.Win32.Black.d Unauthenticated Open Proxy

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/3a36d7ab34b3241aa2a9072700e0cb7c.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Packed.Win32.Black.d Vulnerability: Unauthenticated Open Proxy Description: The malware listens on T...

0.3AI score
Exploits0
Packet Storm
Packet Storm
•added 2021/05/05 12:0 a.m.•174 views

Trojan.Win32.Agent.xdtv Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/ffa9b76f9549a2c46415c855a0911e8a.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan.Win32.Agent.xdtv Vulnerability: Insecure Permissions Description: The malware creates an...

7.4AI score
Exploits0
Packet Storm
Packet Storm
•added 2021/05/04 12:0 a.m.•257 views

Shenzhen Skyworth RN510 Information Disclosure

Overview ======== Title:- UnAuthenticated Sensitive information Discloser in RN510 Mesh Extender. CVE-ID :- CVE-2021-25326 Author: Kaustubh G. Padwad Vendor: Shenzhen Skyworth Digital Technology Company Ltd.http://www.skyworthdigital.com/products Products: 1. RN510 with firmware V.3.1.0.4 Tested...

3.5CVSS5.6AI score0.01486EPSS
Exploits3
Packet Storm
Packet Storm
•added 2021/05/04 12:0 a.m.•116 views

Internship Portal Management System 1.0 Shell Upload

Exploit Title: Internship Portal Management System 1.0 - Remote Code Execution Via File Upload Unauthenticated Date: 2021-05-04 Exploit Author: argenestel Vendor Homepage: https://www.sourcecodester.com/php/11712/internship-portal-management-system.html Software Link:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
•added 2021/05/04 12:0 a.m.•268 views

Shenzhen Skyworth RN510 Cross Site Request Forgery / Cross Site Scripting

Overview ======== Title:- Authenticated XSRF in RN510 Mesh Extender. CVE-ID :- CVE-2021-25327 Author: Kaustubh G. Padwad Vendor: Shenzhen Skyworth Digital Technology Company Ltd.http://www.skyworthdigital.com/products Products: 1. RN510 with firmware V.3.1.0.4 Tested and verified Potential 2.RN62...

4.3CVSS0.00899EPSS
Exploits3
Packet Storm
Packet Storm
•added 2021/05/04 12:0 a.m.•193 views

Human Resource Information System 1.0 Authentication Bypass / Account Creation

Exploit Title: Human Resource Information System 1.0 - Create Admin Account Unauthenticated Exploit Author: Richard Jones Vendor Homepage: https://www.sourcecodester.com/php/14714/human-resource-information-using-phpmysqliobject-orientedcomplete-free-sourcecode.html Version:1.0 Tested on: windows...

0.6AI score
Exploits0
Packet Storm
Packet Storm
•added 2021/05/04 12:0 a.m.•388 views

Shenzhen Skyworth RN510 Buffer Overflow

itle :- Authenticated Stack Overflow in RN510 mesh Device CVE-ID:- CVE-2021-25328 Author: Kaustubh G. Padwad Vendor: Shenzhen Skyworth Digital Technology Company Ltd.http://www.skyworthdigital.com/products Products: 1. RN510 with firmware V.3.1.0.4 Tested and verified Potential 2.RN620 with...

6.5CVSS0.3AI score0.03942EPSS
Exploits3
Packet Storm
Packet Storm
•added 2021/05/04 12:0 a.m.•387 views

GravCMS 1.10.7 Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'GravCMS Remote Command Execution', 'Description' = %q This module exploits arbitrary config write/update vulnerability to achieve remote code...

7.5CVSS0.4AI score0.80467EPSS
Exploits12
Packet Storm
Packet Storm
•added 2021/05/03 12:0 a.m.•339 views

IGEL OS Secure VNC/Terminal Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'IGEL OS Secure VNC/Terminal Command Injection RCE', 'Description' = %q This module exploits a command injection vulnerability in IGEL OS Secure...

0.1AI score
Exploits0
Packet Storm
Packet Storm
•added 2021/05/03 12:0 a.m.•318 views

GitLab Community Edition (CE) 13.10.3 User Enumeration

Exploit Title: GitLab Community Edition CE 13.10.3 - User Enumeration Date: 4/29/2021 Exploit Author: @4D0niiS https://github.com/4D0niiS Vendor Homepage: https://gitlab.com/ Version: 13.10.3 Tested on: Kali Linux 2021.1 !/bin/bash Colors RED='\03338;5;196m' GREEN='\e38;5;47m' NC='\0330m'...

0.1AI score
Exploits0
Packet Storm
Packet Storm
•added 2021/05/03 12:0 a.m.•300 views

Gadget Works Online Ordering System 1.0 SQL Injection / Code Execution

Exploit Title: Gadget works online ordering system - Authentication Bypass SQLi Date: 03/05/2021 Exploit Author: Richard Jones Vendor Homepage: https://www.sourcecodester.com/php/13093/gadget-works-online-ordering-system-phpmysqli.html Version: 1.0 Tested on: Windows 10 build 19041 + xampp 3.2.4...

0.5AI score
Exploits0
Packet Storm
Packet Storm
•added 2021/05/03 12:0 a.m.•163 views

Epic Games Rocket League 1.95 Insecure Permissions

Epic Games Psyonix Rocket League cacls RocketLeague.exe E:\Epic Games\rocketleague\Binaries\Win64\RocketLeague.exe BUILTIN\Administrators:F NT AUTHORITY\SYSTEM:F NT AUTHORITY\Authenticated Users:C BUILTIN\Users:R E:\Epic Games\rocketleaguecacls Binaries E:\Epic Games\rocketleague\Binaries...

0.2AI score
Exploits0
Packet Storm
Packet Storm
•added 2021/05/03 12:0 a.m.•155 views

Gadget Works Online Ordering System 1.0 SQL Injection

Exploit Title: Gadget works online ordering system - Authentication Bypass SQLi Date: 03/05/2021 Exploit Author: Richard Jones Vendor Homepage: https://www.sourcecodester.com/php/13093/gadget-works-online-ordering-system-phpmysqli.html Version: 1.0 Tested on: Windows 10 build 19041 + xampp 3.2.4...

0.3AI score
Exploits0
Packet Storm
Packet Storm
•added 2021/05/03 12:0 a.m.•489 views

Google Chrome XOR Typer Out-Of-Bounds Access / Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Google Chrome versions before 89.0.4389.128 V8 XOR Typer Out-Of-Bounds Access RCE', 'Description' = %q This module exploits an issue in the V8...

6.8CVSS0.6AI score0.70435EPSS
Exploits6
Packet Storm
Packet Storm
•added 2021/05/03 12:0 a.m.•331 views

Voting System 1.0 SQL Injection

Exploit Title: Voting System 1.0 - Time based SQLI Unauthenticated SQL injection Date: 02/05/2021 Exploit Author: Syed Sheeraz Ali Vendor Homepage: https://www.sourcecodester.com/php/12306/voting-system-using-php.html Software Link:...

0.1AI score
Exploits0
Packet Storm
Packet Storm
•added 2021/05/03 12:0 a.m.•216 views

TYPO3 6.2.1 SQL Injection

Exploit Title: TYPO3 6.2.1 allows SQL Injection via a backend user on backend.php Author: @nu11secur1ty Testing and Debugging: @nu11secur1ty Date: 05.02.2021 Vendor: https://typo3.org/ Link: https://get.typo3.org/version/6.2.1 CVE: CVE-2021-31777 Proof: https://streamable.com/8v7v4i + Exploit...

0.01406EPSS
Exploits3
Packet Storm
Packet Storm
•added 2021/05/02 12:0 a.m.•245 views

GetSimple CMS Custom JS 0.1 CSRF / XSS / Code Execution

Exploit Title: GetSimple CMS Custom JS v0.1 - CSRF to XSS to RCE Exploit Author: Bobby Cooke boku & Abhishek Joshi Date: April 30th, 2021 Vendor Homepage: http://get-simple.info Software Link: http://get-simple.info/download/ & http://get-simple.info/extend/plugin/custom-js/1267/ Vendor: 4Enzo...

0.3AI score
Exploits0
Packet Storm
Packet Storm
•added 2021/04/30 12:0 a.m.•734 views

Microsoft Windows UAC Privilege Escalation

Hi @ll, Microsoft still ships Windows with and lets it create user-writable directories below the "Windows" directory %SystemRoot%\ -- despite that, with exception of %SystemRoot%\Temp, they are all used to store DATA and SHOULD have been placed below %ProgramData% alias %SystemDrive%\ProgramData...

0.4AI score
Exploits0
Packet Storm
Packet Storm
•added 2021/04/30 12:0 a.m.•372 views

Backdoor.Win32.Agent.ggw Authentication Bypass

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/509e3d4839688c6173980dfba22ebd55.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Agent.ggw Vulnerability: Authentication Bypass Description: The malware runs a built-...

0.2AI score
Exploits0
Packet Storm
Packet Storm
•added 2021/04/30 12:0 a.m.•207 views

GNU wget Arbitrary File Upload / Code Execution

Exploit Title: GNU Wget 1.18 - Arbitrary File Upload / Remote Code Execution 2 Original Exploit Author: Dawid Golunski Exploit Author: liewehacksie Version: GNU Wget 1.18 CVE: CVE-2016-4971 import http.server import socketserver import socket import sys class...

4.3CVSS0.2AI score0.45935EPSS
Exploits8
Packet Storm
Packet Storm
•added 2021/04/30 12:0 a.m.•230 views

Micro Focus Operations Bridge Reporter shrboadmin Default Password

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'net/ssh' require 'net/ssh/commandstream' class MetasploitModule 'Micro Focus Operations Bridge Reporter shrboadmin default password', 'Description' = %q This...

7.5CVSS0.15776EPSS
Exploits3
Packet Storm
Packet Storm
•added 2021/04/30 12:0 a.m.•359 views

Backdoor.Win32.Agent.oj Code Execution

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/c1e92e04cdb432d83ea2610ef226d4cdB.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Agent.oj Vulnerability: Unauthenticated Remote Command Execution Description: The...

7.4AI score
Exploits0
Packet Storm
Packet Storm
•added 2021/04/30 12:0 a.m.•403 views

Worm.Win32.Delf.hu Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/46e27d7bfdbda7a71dfa12a79026a88b.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Worm.Win32.Delf.hu Vulnerability: Insecure Permissions Description: The malware creates a hidden...

7.4AI score
Exploits0
Packet Storm
Packet Storm
•added 2021/04/30 12:0 a.m.•536 views

Microsoft SAFER Bypass

Hi @ll, Microsoft introduced SAFER alias Software Restriction Policies SRP with Windows XP about 20 years ago. See for the API, plus the TechNet articles "How Software Restriction Policies Work" and "Using Software Restriction Policies to Protect Against Unauthorized Software" for the use case...

7.4AI score
Exploits0
Packet Storm
Packet Storm
•added 2021/04/30 12:0 a.m.•504 views

Micro Focus Operations Bridge Reporter Unauthenticated Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Micro Focus Operations Bridge Reporter Unauthenticated Command Injection', 'Description' = %q This module exploits a command injection...

10CVSS0.4AI score0.9674EPSS
Exploits4
Packet Storm
Packet Storm
•added 2021/04/30 12:0 a.m.•379 views

OX App Suite / OX Guard SSRF / DoS / Cross Site Scripting

Product: OX App Suite / OX Guard Vendor: OX Software GmbH Affected product: OX App Suite Internal reference: OXUIB-481 Vulnerability type: Cross-Site Scripting CWE-80 Vulnerable version: 7.10.4 and earlier Vulnerable component: frontend Report confidence: Confirmed Solution status: Fixed by Vendo...

0.0157EPSS
Exploits3
Packet Storm
Packet Storm
•added 2021/04/30 12:0 a.m.•346 views

HEUR.Trojan.Win32.Bayrob.gen Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/765698ccfb033c86eea6d293235d7ed0.txt Contact: [email protected] Media: twitter.com/malvuln Threat: HEUR.Trojan.Win32.Bayrob.gen Vulnerability: Insecure Permissions Description: The malware creates a...

7.4AI score
Exploits0
Packet Storm
Packet Storm
•added 2021/04/30 12:0 a.m.•355 views

Backdoor.Win32.Agent.kte Buffer Overflow

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/7c92e59e776355734781bbf05571d0f0.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Agent.kte Vulnerability: Remote Stack Buffer Overflow UDP Datagram Description: The...

0.5AI score
Exploits0
Packet Storm
Packet Storm
•added 2021/04/30 12:0 a.m.•359 views

Backdoor.Win32.Agent.oj Buffer Overflow

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/c1e92e04cdb432d83ea2610ef226d4cd.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Agent.oj Vulnerability: Remote Stack Buffer Overflow Description: The malware listens...

0.6AI score
Exploits0
Packet Storm
Packet Storm
•added 2021/04/30 12:0 a.m.•200 views

Piwigo 11.3.0 SQL Injection

Exploit Title: SQL injection in language parameter to admin.php?page=languages.on Piwigo 11.3.0 Author: @nu11secur1ty Testing and Debugging: nu11secur1ty Date: 04.30.2021 Vendor: https://piwigo.org/ Link: https://github.com/Piwigo/Piwigo/releases/tag/11.3.0 CVE: CVE-2021-27973 + Exploit Source:...

6.5CVSS0.1AI score0.11046EPSS
Exploits4
Packet Storm
Packet Storm
•added 2021/04/30 12:0 a.m.•400 views

Backdoor.Win32.Agent.gmug Heap Corruption

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/c7763bae3376a9f2865a1a18e84c259e.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Agent.gmug Vulnerability: Heap Corruption Description: The malware listens on TCP por...

7.4AI score
Exploits0
Packet Storm
Packet Storm
•added 2021/04/30 12:0 a.m.•356 views

Moodle 3.6.1 Cross Site Scripting

Exploit Title: Moodle 3.6.1 - Persistent Cross-Site Scripting XSS Date: 04/2021 Exploit Author: farisv Vendor Homepage: https://moodle.org/ Software Link: https://download.moodle.org https://github.com/moodle/moodle/archive/refs/tags/v3.6.1.zip Version: Moodle 3.6.2, 3.5.4, 3.4.7, 3.1.16 CVE:...

5CVSS5.6AI score0.13901EPSS
Exploits5
Packet Storm
Packet Storm
•added 2021/04/29 12:0 a.m.•170 views

NodeBB Emoji 3.2.1 Arbitrary FIle Write

Exploit Title: NodeBB Plugin Emoji 3.2.1 - Arbitrary File Write Date: 2021-02-01 Exploit Author: 1F98D Software Link: https://nodebb.org/ Version: Emoji for NodeBB ', r.text, re.IGNORECASE if csrf is None: print'! Could not extract csrf token to proceed.' sys.exit1 auth = 'username': USERNAME,...

0.6AI score
Exploits0
Packet Storm
Packet Storm
•added 2021/04/29 12:0 a.m.•184 views

Cacti 1.2.12 SQL Injection / Remote Code Execution

Exploit Title: Cacti 1.2.12 - 'filter' SQL Injection / Remote Code Execution Date: 04/28/2021 Exploit Author: Leonardo Paiva Vendor Homepage: https://www.cacti.net/ Software Link: https://www.cacti.net/downloads/cacti-1.2.12.tar.gz Version: 1.2.12 Tested on: Ubuntu 20.04 CVE : CVE-2020-14295...

6.5CVSS0.4AI score0.8633EPSS
Exploits9
Total number of security vulnerabilities50784