Lucene search
K
PacketstormRecent

50786 matches found

Packet Storm
Packet Storm
added 2020/10/26 12:0 a.m.318 views

Online Health Care System 1.0 Cross Site Scripting

Exploit Title: Online Health Care System 1.0 - Multiple Cross Site Scripting Stored Google Dork: N/A Date: 2020/10/24 Exploit Author: Akıner Kısa Vendor Homepage: https://www.sourcecodester.com/php/14526/online-health-care-system-php-full-source-code-2020.html Software Link:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/10/21 12:0 a.m.3090 views

Tiki Wiki CMS Groupware 21.1 Authentication Bypass

Exploit Title: Tiki Wiki CMS Groupware 21.1 - Authentication Bypass Date: 01.08.2020 1st August 2020 Exploit Author: Maximilian Barz aka. Silky Vendor Homepage: tiki.org Software Link: https://jztkft.dl.sourceforge.net/project/tikiwiki/Tiki21.xUYScuti/21.1/tiki-21.1.zip Version: 21.1 Tested on:...

0.4AI score0.27362EPSS
Exploits5
Packet Storm
Packet Storm
added 2020/10/21 12:0 a.m.718 views

Hrsale 2.0.0 Local File Inclusion

Exploit Title: Hrsale 2.0.0 - Local File Inclusion Date: 10/21/2020 Exploit Author: Sosecure Vendor Homepage: https://hrsale.com/index.php Version: version 2.0.0 Description: This exploit allow you to download any readable file from server with out permission and login session. Payload :...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/10/21 12:0 a.m.726 views

GOautodial 4.0 Shell Upload

Exploit Title: GOautodial 4.0 - Authenticated Shell Upload Author: Balzabu Discovery Date: 07-23-2020 Vendor Homepage: https://goautodial.org/ Software Link: https://goautodial.org/GOautodial-4-x8664-Final-20191010-0150.iso.html Tested Version: 4.0 Last relase as of today Tested on OS: CentOS 7...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/10/21 12:0 a.m.819 views

BigBlueButton 2.2.25 File Disclosure / Server-Side Request Forgery

Advisory: Arbitrary File Disclosure and Server-Side Request Forgery in BigBlueButton RedTeam Pentesting discovered a vulnerability in the BigBlueButton web conferencing system which allows participants of a conference with permissions to upload presentations to read arbitrary files from the file...

5CVSS0.3AI score0.78683EPSS
Exploits8
Packet Storm
Packet Storm
added 2020/10/21 12:0 a.m.739 views

School Faculty Scheduling System 1.0 SQL Injection

Exploit Title: School Faculty Scheduling System 1.0 - Authentication Bypass Date: 21/10/2020 Exploit Author: Jyotsna Adhana Vendor Homepage: https://www.sourcecodester.com/php/14535/school-faculty-scheduling-system-using-phpmysqli-source-code.html Software Link:...

Exploits0
Packet Storm
Packet Storm
added 2020/10/21 12:0 a.m.736 views

School Faculty Scheduling System 1.0 Cross Site Scripting

Exploit Title: School Faculty Scheduling System 1.0 - Stored Cross Site Scripting Date: 21/10/2020 Exploit Author: Jyotsna Adhana Vendor Homepage: https://www.sourcecodester.com/php/14535/school-faculty-scheduling-system-using-phpmysqli-source-code.html Software Link:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/10/21 12:0 a.m.805 views

Bludit 3.9.2 Bruteforce Mitigation Bypass

!/usr/bin/python3 Exploit Title: Bludit = 3.9.2 - Bruteforce Mitigation Bypass Author: ColdFusionX Mayank Deshmukh Author website: https://coldfusionx.github.io Date: 2020-10-19 Vendor Homepage: https://www.bludit.com/ Software Link: https://github.com/bludit/bludit/archive/3.9.2.tar.gz Version: ...

4.3CVSS6.8AI score0.39598EPSS
Exploits9
Packet Storm
Packet Storm
added 2020/10/21 12:0 a.m.828 views

Libtaxii 1.1.117 / OpenTaxi 0.2.0 Server-Side Request Forgery

Libtaxii version = 1.1.117 & OpenTaxi =0.2.0 Blind SSRF Details ======================================================================================== Product: Security-Risk: High Remote-Exploit: yes Vendor-URL: https://github.com/eclecticiq/OpenTAXII , https://github.com/TAXIIProject/libtaxii...

0.0225EPSS
Exploits2
Packet Storm
Packet Storm
added 2020/10/20 12:0 a.m.724 views

Visitor Management System In PHP 1.0 SQL Injection

Title: Visitor Management System in PHP 1.0 - Authenticated SQL Injection Exploit Author: Rahul Ramkumar Date: 2020-09-16 Vendor Homepage: https://projectworlds.in Software Link: https://projectworlds.in/wp-content/uploads/2020/07/Visitor-Management-System-in-PHP.zip Version: 1.0 Tested On: Windo...

6.5CVSS0.7AI score0.02169EPSS
Exploits4
Packet Storm
Packet Storm
added 2020/10/20 12:0 a.m.1746 views

Telerik UI ASP.NET AJAX RadAsyncUpload Deserialization

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule Msf::Exploit::Remote Rank = ExcellentRanking prepend Msf::Exploit::Remote::AutoCheck include Msf::Exploit::Remote::HttpClient include...

7.5CVSS0.4AI score0.99737EPSS
Exploits19
Packet Storm
Packet Storm
added 2020/10/20 12:0 a.m.681 views

Ultimate Project Manager CRM PRO 2.05 SQL Injection

Exploit Title: Ultimate Project Manager CRM PRO 2.0.5 - SQLi Credentials Leakage Date: 2020-16-09 Exploit Author: nag0mez Vendor Homepage: https://ultimatepro.codexcube.com/ Version: = 2.0.5 Tested on: Kali Linux 2020.2 The SQLi injection does not allow UNION payloads. However, we can guess...

0.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/10/20 12:0 a.m.716 views

Hostel Management System 2.1 Cross Site Scripting

Exploit Title: PHPGurukul hostel-management-system 2.1 allows XSS via Guardian Name, Guardian Relation, Guardian Contact no, Address, City Google Dork: N/A Date: 2020-10-08 Exploit Author: Kokn3t Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/hostel-management-syste...

3.5CVSS5.6AI score0.03185EPSS
Exploits3
Packet Storm
Packet Storm
added 2020/10/20 12:0 a.m.763 views

WordPress Rest Google Maps SQL Injection

Exploit Title: WordPress Rest Google Maps Plugin SQL Injection Google Dork: inurl:index.php?restroute=3D/wpgmza/ Date: 2020-09-09 Exploit Author: Jonatas Fil Vendor Homepage: https://wordpress.org/plugins/wp-google-maps/developers Software Link: https://wordpress.org/plugins/wp-google-maps/...

7.5CVSS0.2AI score0.78699EPSS
Exploits6
Packet Storm
Packet Storm
added 2020/10/20 12:0 a.m.758 views

Linux / Unix su Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Login to Another User with Su on Linux / Unix Systems', 'Description' = %q This module attempts to create a new login session by invoking the su...

0.9AI score
Exploits0
Packet Storm
Packet Storm
added 2020/10/20 12:0 a.m.385 views

Loan Management System 1.0 Cross Site Scripting

Exploit Title: Loan Management System 1.0 - Multiple Cross Site Scripting Stored Google Dork: N/A Date: 2020/10/19 Exploit Author: Akıner Kısa Vendor Homepage: https://www.sourcecodester.com/php/14471/loan-management-system-using-phpmysql-source-code.html Software Link:...

Exploits0
Packet Storm
Packet Storm
added 2020/10/20 12:0 a.m.420 views

WordPress Colorbox Lightbox 1.1.1 Cross Site Scripting

Exploit Title: WordPress Plugin Colorbox Lightbox v1.1.1 - Persistent Cross-Site Scripting Vulnerability Authenticated Date: 10.8.2020. Exploit Author: n1x MS-WEB Software Homepage: https://wordpress.org/plugins/wp-colorbox/ Software Link v1.1.1:...

Exploits0
Packet Storm
Packet Storm
added 2020/10/20 12:0 a.m.666 views

Textpattern CMS 4.6.2 Cross Site Request Forgery

Exploit Title: Textpattern CMS 4.6.2 - Cross-site Request Forgery Exploit Author: Alperen Ergel Contact: @alprenae Software Homepage: https://textpattern.com/ Version : 4.6.2 Tested on: windows 10 / xammp Category: WebApp Google Dork: intext:"Published with Textpattern CMS" Date: 2020-10-29...

0.6AI score
Exploits0
Packet Storm
Packet Storm
added 2020/10/20 12:0 a.m.1764 views

Apache Struts 2 Remote Code Execution

Exploit Title: Apache Struts 2 - DefaultActionMapper Prefixes OGNL Code Execution Google Dork: ext:action | filetype:action Date: 2020/09/09 Exploit Author: Jonatas Fil Vendor Homepage: http://struts.apache.org/release/2.3.x/docs/s2-016.html Version: = 2.3.15 Tested on: Linux CVE : CVE-2013-2251...

9.3CVSS0.1AI score0.99998EPSS
Exploits18
Packet Storm
Packet Storm
added 2020/10/20 12:0 a.m.579 views

Typesetter CMS 5.1 Remote Code Execution

Exploit Title: Typesetter CMS 5.1 - Arbitrary Code Execution Exploit Author: Rodolfo "t0gu" Tavares Contact: @t0guu TW Software Homepage: https://www.typesettercms.com/ Version : 5.1 Tested on: Linux / Apache Category: WebApp Google Dork: intext:"Powered by Typesetter" Date: 2020-09-29 CVE :...

6.5CVSS7.1AI score0.15578EPSS
Exploits3
Packet Storm
Packet Storm
added 2020/10/20 12:0 a.m.840 views

User Registration And Login And User Management System 2.1 Cross Site Scripting

Exploit Title: User Registration & Login and User Management System With admin panel 2.1 - Persistent XSS Google Dork: N/A Date: 2020-08-07 Exploit Author: yusufmalikul Vendor Homepage: https://phpgurukul.com Software Link:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/10/20 12:0 a.m.751 views

Comtrend AR-5387un Cross Site Scripting

!/usr/bin/env python3 -- coding: utf-8 -- """ Exploit Title: Persistent XSS on Comtrend AR-5387un router Date: 19/10/2020 Exploit Author: OscarAkaElvis Vendor Homepage: https://www.comtrend.com/ Version: Comtrend AR-5387un router Tested on: Software/Firmware version A731-410JAZ-C04R02.A2pD035g.d2...

5.6AI score0.00954EPSS
Exploits3
Packet Storm
Packet Storm
added 2020/10/20 12:0 a.m.3651 views

WordPress SuperStoreFinder 6.1 CSRF / Shell Upload

Exploit Title : SuperStoreFinder Wordpress Plugins CSRF File Upload Wordpress Plugins Affected : Super Store Finder | Super Interactive Maps | Super Logo Showcase Exploit Type : Cross Site Request Forgery Plugin URI: http://www.superstorefinder.net/ Version : All versions from 6.1 and below , sho...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2020/10/20 12:0 a.m.630 views

WordPress HS Brand Logo Slider 2.1 Shell Upload

Exploit Title: WordPress Plugin HS Brand Logo Slider 2.1 - 'logoupload' File Upload Date: 2020-10-20 Exploit Author: Net-Hunter Google Dork: N/A Software Link: https://ms.wordpress.org/plugins/hs-brand-logo-slider/ Vendor Homepage: https://www.heliossolutions.co/ Tested on: Linux Apache / Wordpre...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/10/20 12:0 a.m.638 views

Rite CMS 2.2.1 Remote Code Execution

Exploit Title: RiteCMS 2.2.1 - Authenticated Remote Code Execution Date: 2020-07-03 Exploit Author: H0j3n Vendor Homepage: http://ritecms.com/ Software Link: http://sourceforge.net/projects/ritecms/files/ritecms2.2.1.zip/download Version: 2.2.1 Tested on: Linux Reference:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/10/19 12:0 a.m.280 views

Online Discussion Forum Site 1.0 Cross Site Scripting

Exploit Title: Online Discussion Forum Site 1.0 - XSS in Messaging System Google Dork: N/A Date: 2020-10-17 Exploit Author: j5oh Vendor Homepage: https://www.sourcecodester.com/php/14233/online-discussion-forum-site.html Software Link:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/10/19 12:0 a.m.615 views

QRadar RemoteJavaScript Deserialization

------------------------------------------------------------------------ Java deserialization vulnerability in QRadar RemoteJavaScript Servlet ------------------------------------------------------------------------ Abstract ------------------------------------------------------------------------...

9CVSS0.2AI score0.73451EPSS
Exploits2
Packet Storm
Packet Storm
added 2020/10/19 12:0 a.m.284 views

OX App Suite / OX Documents 7.10.3 XSS / Server-Side Request Forgery

Product: OX App Suite / OX Documents Vendor: OX Software GmbH Vulnerability type: Cross-Site Scripting CWE-80 Vulnerable version: 7.10.2, 7.10.3 Vulnerable component: backend Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 7.10.2-rev29, 7.10.3-rev15 Vendor notificatio...

0.1AI score0.02847EPSS
Exploits4
Packet Storm
Packet Storm
added 2020/10/19 12:0 a.m.332 views

ReQuest Serious Play F3 Media Server 7.0.3 Unauthenticated Remote Code Execution

!/usr/bin/env python3 -- coding: utf-8 -- ReQuest Serious Play F3 Media Server 7.0.3 Unauthenticated Remote Code Execution Vendor: ReQuest Serious Play LLC Product web page: http://www.request.com Affected version: 7.0.3.4968 Pro 7.0.2.4954 6.5.2.4954 6.4.2.4681 6.3.2.4203 2.0.1.823 Summary: F3...

0.9AI score
Exploits0
Packet Storm
Packet Storm
added 2020/10/19 12:0 a.m.273 views

ReQuest Serious Play F3 Media Server 7.0.3 Denial Of Service

ReQuest Serious Play F3 Media Server 7.0.3 Remote Denial of Service Vendor: ReQuest Serious Play LLC Product web page: http://www.request.com Affected version: 7.0.3.4968 Pro 7.0.2.4954 6.5.2.4954 6.4.2.4681 6.3.2.4203 2.0.1.823 Summary: F3 packs all the power of ReQuest's multi-zone serious Play...

Exploits0
Packet Storm
Packet Storm
added 2020/10/19 12:0 a.m.235 views

ReQuest Serious Play Media Player 3.0 File Disclosure / Path Traversal

ReQuest Serious Play Media Player 3.0 Directory Traversal File Disclosure Vulnerability Vendor: ReQuest Serious Play LLC Product web page: http://www.request.com Affected version: 3.0.0 2.1.0.831 1.5.2.822 1.5.2.821 1.5.1.820 Summary: With the MediaPlayer, ReQuest delivers video content and...

Exploits0
Packet Storm
Packet Storm
added 2020/10/19 12:0 a.m.874 views

Microsoft SharePoint SSI / ViewState Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft SharePoint Server-Side Include and ViewState RCE', 'Description' = %q This module exploits a server-side include SSI in SharePoint to...

0.4AI score0.70894EPSS
Exploits5
Packet Storm
Packet Storm
added 2020/10/19 12:0 a.m.279 views

Nagios XI 5.7.3 SQL Injection

Exploit Title: Nagios XI 5.7.3 - 'Manage Users' Authenticated SQL Injection Date: 10-18-2020 Exploit Author: Matthew Aberegg Vendor Homepage: https://www.nagios.com/products/nagios-xi/ Vendor Changelog: https://www.nagios.com/downloads/nagios-xi/change-log/ Software Link:...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2020/10/19 12:0 a.m.239 views

ReQuest Serious Play F3 Media Server 7.0.3 Debug Log Disclosure

ReQuest Serious Play F3 Media Server 7.0.3 Debug Log Disclosure Vendor: ReQuest Serious Play LLC Product web page: http://www.request.com Affected version: 7.0.3.4968 Pro 7.0.2.4954 6.5.2.4954 6.4.2.4681 6.3.2.4203 2.0.1.823 Summary: F3 packs all the power of ReQuest's multi-zone serious Play...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/10/19 12:0 a.m.301 views

HiSilicon Video Encoder Buffer Overflow / Denial Of Service

!/usr/bin/env bash Exploit Title: HiSilicon video encoders - unauthenticated RTSP buffer overflow DoS Date: 2020-09-20 Exploit Author: Alexei Kojenov Vendor Homepage: multiple vendors Software Link: N/A Version: vendor-specific Tested on: Linux CVE: CVE-2020-24214 Vendors: URayTech, J-Tech Digita...

1AI score0.35393EPSS
Exploits4
Packet Storm
Packet Storm
added 2020/10/19 12:0 a.m.251 views

HiSilicon Video Encoder Command Injection

!/usr/bin/env bash Exploit Title: HiSilicon video encoders - RCE via unauthenticated command injection Date: 2020-09-20 Exploit Author: Alexei Kojenov Vendor Homepage: multiple vendors Software Link: N/A Version: vendor-specific Tested on: Linux CVE: CVE-2020-24217 Vendors: URayTech, J-Tech...

0.6AI score0.40302EPSS
Exploits5
Packet Storm
Packet Storm
added 2020/10/19 12:0 a.m.295 views

HiSilicon Video Encoder Malicious Firmware Code Execution

!/usr/bin/env bash Exploit Title: HiSilicon video encoders - RCE via unauthenticated upload of malicious firmware Date: 2020-09-20 Exploit Author: Alexei Kojenov Vendor Homepage: multiple vendors Software Link: N/A Version: vendor-specific Tested on: Linux CVE: CVE-2020-24217 Vendors: URayTech,...

0.3AI score0.40302EPSS
Exploits5
Packet Storm
Packet Storm
added 2020/10/19 12:0 a.m.261 views

HiSilicon Video Encoder Backdoor Password

!/usr/bin/env bash Exploit Title: HiSilicon video encoders - full admin access via backdoor password Date: 2020-09-20 Exploit Author: Alexei Kojenov Vendor Homepage: multiple vendors Software Link: N/A Version: vendor-specific Tested on: Linux CVE: CVE-2020-24215 Vendors: URayTech, J-Tech Digital...

0.6AI score0.1976EPSS
Exploits3
Packet Storm
Packet Storm
added 2020/10/19 12:0 a.m.267 views

Tourism Management System 1.0 Shell Upload

Exploit Title: Tourism Management System 1.0 - Arbitrary File Upload Date: 2020-10-19 Exploit Author: Ankita Pal & Saurav Shukla Vendor Homepage: https://phpgurukul.com/tourism-management-system-free-download/ Software Link: https://phpgurukul.com/?smdprocessdownload=1&downloadid=7204 Version: V1...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/10/19 12:0 a.m.438 views

Jenkins 2.63 Sandbox Bypass

Exploit Title: Jenkins 2.63 - Sandbox bypass in pipeline: Groovy plug-in Date: 8th October 2020 Exploit Author: dmw0ng Vendor Homepage: https://www.jenkins.io Software Link: http://archives.jenkins-ci.org/windows/jenkins-2.63.zip Version: Jenkins 2.63 Tested on: Ubuntu 18.04 / 20.04 CVE :...

6.5CVSS9.6AI score0.75594EPSS
Exploits3
Packet Storm
Packet Storm
added 2020/10/19 12:0 a.m.525 views

TinyMCE 5 HTML Injection

Exploit Title: iframe Injection\Html Injection TinyMCE 5 HTML WYSIWYG Date:18.10.2020 Author: Vincent666 ibn Winnie Software Link: https://www.tiny.cloud/features/ Tested on: Windows 10 Web Browser: Mozilla Firefox Blog : https://pentest-vincent.blogspot.com/ PoC:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/10/19 12:0 a.m.242 views

Online Job Portal 1.0 Cross Site Scripting

Exploit Title: Online Job Portal 1.0 Cross Site Scripting Stored Google Dork: N/A Date: 2020/10/17 Exploit Author: Akıner Kısa Vendor Homepage: https://www.sourcecodester.com/php/13850/online-job-portal-phppdo.html Software Link:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/10/19 12:0 a.m.288 views

Nagios XI 5.7.3 Cross Site Scripting

Exploit Title: Nagios XI 5.7.3 - 'Contact Templates' Persistent Cross-Site Scripting Date: 10-18-2020 Exploit Author: Matthew Aberegg Vendor Homepage: https://www.nagios.com/products/nagios-xi/ Vendor Changelog: https://www.nagios.com/downloads/nagios-xi/change-log/ Software Link:...

Exploits0
Packet Storm
Packet Storm
added 2020/10/19 12:0 a.m.302 views

Online Student's Management System 1.0 Shell Upload

Exploit Title: Online Student's Management System 1.0 - Remote Code Execution Authenticated Google Dork: N/A Date: 2020/10/18 Exploit Author: Akıner Kısa Vendor Homepage: https://www.sourcecodester.com/php/14490/online-students-management-system-php-full-source-code-2020.html Software Link:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/10/19 12:0 a.m.233 views

HiSilicon Video Encoder 1.97 File Disclosure / Path Traversal

!/usr/bin/env bash Exploit Title: HiSilicon video encoders - unauthenticated file disclosure via path traversal Date: 2020-09-20 Exploit Author: Alexei Kojenov Vendor Homepage: https://www.szuray.com/ Software Link: N/A Version: up to 1.97 Tested on: Linux CVE: CVE-2020-24219 Vendors: URayTech...

7.8CVSS0.3AI score0.23636EPSS
Exploits3
Packet Storm
Packet Storm
added 2020/10/19 12:0 a.m.659 views

FRITZ!Box 7.20 DNS Rebinding Protection Bypass

Advisory: FRITZ!Box DNS Rebinding Protection Bypass RedTeam Pentesting discovered a vulnerability in FRITZ!Box router devices which allows to resolve DNS answers that point to IP addresses in the private local network, despite the DNS rebinding protection mechanism. Details ======= Product:...

0.2AI score0.01402EPSS
Exploits4
Packet Storm
Packet Storm
added 2020/10/16 12:0 a.m.484 views

CS-Cart 1.3.3 Local File Inclusion

Exploit Title: CS-Cart unauthenticated LFI Date: 2020-09-22 Exploit Author: 0xmmnbassel Vendor Homepage: https://www.cs-cart.com/e-commerce-platform.html Tested at: ver. 1.3.4 Vulnerability Type: unauthenticated LFI...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/10/16 12:0 a.m.395 views

Company Visitor Management System (CVMS) 1.0 SQL Injection

Exploit Title: Company Visitor Management System CVMS 1.0 - Authentication Bypass Date: 16/10/2020 Exploit Author: Oğuz Türkgenç Vendor Homepage: https://phpgurukul.com/company-visitor-management-system-using-php-and-mysql/ Software Link: https://phpgurukul.com/?smdprocessdownload=1&downloadid=96...

1.3AI score
Exploits0
Packet Storm
Packet Storm
added 2020/10/16 12:0 a.m.313 views

CS-Cart 1.3.3 Remote Code Execution

Exploit Title: CS-Cart authenticated RCE Date: 2020-09-22 Exploit Author: 0xmmnbassel Vendor Homepage: https://www.cs-cart.com/e-commerce-platform.html Tested at: ver. 1.3.3 Vulnerability Type: authenticated RCE get PHP shells from http://pentestmonkey.net/tools/web-shells/php-reverse-shell edit ...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/10/16 12:0 a.m.331 views

aaPanel 6.6.6 Privilege Escalation

Exploit Title: aaPanel 6.6.6 - Authenticated Privilege Escalation Google Dork: Date: 04.05.2020 Exploit Author: Ünsal Furkan Harani Zemarkhos Vendor Homepage: https://www.aapanel.com/ Software Link: https://github.com/aaPanel/aaPanel Version: 6.6.6 REQUIRED Tested on: Linux ubuntu 4.4.0-131-gener...

9CVSS0.7AI score0.0597EPSS
Exploits5
Total number of security vulnerabilities50786