Lucene search
K
PacketstormRecent

50786 matches found

Packet Storm
Packet Storm
added 2020/09/14 12:0 a.m.606 views

Joomla! paGO Commerce 2.5.9.0 SQL Injection

Exploit Title: Joomla! paGO Commerce 2.5.9.0 - SQL Injection Authenticated Date: 2020-08-21 Exploit Author: Mehmet Kelepçe / Gais Cyber Security Author ID: 8763 Vendor Homepage: https://www.corephp.com/ Software Link: https://www.corephp.com/joomla-products/pago-commerce Version: 2.5.9.0 Tested o...

0.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/09/14 12:0 a.m.516 views

RAD SecFlow-1v SF_0290_2.3.01.26 Cross Site Scripting

Exploit Title: RAD SecFlow-1v SF02902.3.01.26 - Persistent Cross-Site Scripting Date: 2020-08-31 Exploit Author: Jonatan Schor and Uriel Yochpaz Vendor Homepage: https://www.rad.com/products/secflow-1v-IIoT-Gateway Version: SecFlow-1v os-image SF02902.3.01.26 Tested on: RAD SecFlow-1v CVE : N/A A...

0.1AI score0.04663EPSS
Exploits7
Packet Storm
Packet Storm
added 2020/09/14 12:0 a.m.720 views

Rapid7 Nexpose Installer 6.6.39 Unquoted Service Path

Exploit Title: Rapid7 Nexpose Installer 6.6.39 - 'nexposeengine' Unquoted Service Path Date: 2020-08-31 Exploit Author: Angelo D'Amato Vendor Homepage: https://www.rapid7.com Version: sc qc nexposeengine SC QueryServiceConfig SUCCESS SERVICENAME: nexposeengine TYPE : 10 WIN32OWNPROCESS STARTTYPE ...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2020/09/14 12:0 a.m.1061 views

Microsoft Windows Finger Security Bypass / C2 Channel

Title: Windows TCPIP Finger Command - C2 Channel and Bypassing Security Software + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/WindowsTCPIPFingerCommandC2ChannelandBypassingSecuritySoftware.txt + twitter.com/hyp3rlinx +...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/09/14 12:0 a.m.559 views

Pearson Vue VTS 2.3.1911 Unquoted Service Path

Exploit Title: Pearson Vue VTS 2.3.1911 Installer - 'VUEApplicationWrapper' Unquoted Service Path Discovery by: Jok3r Discovery Date: 2020-09-14 Vendor Homepage: https://home.pearsonvue.com/ Software Link: https://vss.pearsonvue.com/VSSFiles/Documents/ENUTCInstallGuide/DownloadVTSInstaller.htm...

Exploits0
Packet Storm
Packet Storm
added 2020/09/14 12:0 a.m.515 views

RAD SecFlow-1v SF_0290_2.3.01.26 Cross Site Request Forgery

Exploit Title: RAD SecFlow-1v SF02902.3.01.26 - Cross-Site Request Forgery Reboot Date: 2020-08-31 Exploit Author: Uriel Yochpaz and Jonatan Schor Vendor Homepage: https://www.rad.com/products/secflow-1v-IIoT-Gateway Version: SecFlow-1v os-image SF02902.3.01.26 Tested on: RAD SecFlow-1v CVE : N/A...

0.7AI score0.04663EPSS
Exploits7
Packet Storm
Packet Storm
added 2020/09/14 12:0 a.m.689 views

Linux expand_downwards() / munmap() Race Condition

Linux =4.20: expanddownwards can race with munmap page table freeing Since 4.20, domunmap downgrades the mmapsem from write-locked to read-locked after detaching the VMAs from the mmstruct, but before dropping references to pages and freeing page tables. This ought to be safe because VMA tree...

Exploits0
Packet Storm
Packet Storm
added 2020/09/11 12:0 a.m.735 views

DnsAdmin ServerLevelPluginDll Feature Abuse Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'metasploit/framework/compiler/windows' class MetasploitModule 'DnsAdmin ServerLevelPluginDll Feature Abuse Privilege Escalation', 'Description' = %q This module...

0.8AI score
Exploits0
Packet Storm
Packet Storm
added 2020/09/11 12:0 a.m.575 views

VTENEXT 19 CE Remote Code Execution

!/usr/bin/python3 Exploit Title: VTENEXT 19 CE - Remote Code Execution Google Dork: n/a Date: 2020/09/09 Exploit Author: Marco Ruela Vendor Homepage: https://www.vtenext.com/en/ Software Link: Vendor removed vulnerable version from sourceforge.net Version: 19 CE Tested on: Ubuntu 16.04 CVE : N/A...

0.02883EPSS
Exploits4
Packet Storm
Packet Storm
added 2020/09/11 12:0 a.m.652 views

Microsoft Internet Explorer 11 Use-After-Free

Exploit Title: Internet Explorer 11 - Use-After-Free Google Dork: if applicable Date: 2020-09-06 Exploit Author: Tgroup Vendor Homepage: Microsoft.com Version: IE 11 REQUIRED Tested on: Windows 7 x64 CVE : CVE-2020-0674 //...

7.6CVSS8.1AI score0.86863EPSS
Exploits17
Packet Storm
Packet Storm
added 2020/09/11 12:0 a.m.684 views

Tea LaTex 1.0 Remote Code Execution

Exploit Title: Tea LaTex 1.0 - Remote Code Execution Unauthenticated Google Dork: N/A Date: 2020-09-01 Exploit Author: nepska Vendor Homepage: https://github.com/ammarfaizi2/latex.teainside.org Software Link: https://github.com/ammarfaizi2/latex.teainside.org Version: v1.0 Tested on: Kali linux /...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/09/11 12:0 a.m.694 views

Gnome Fonts Viewer 3.34.0 Heap Corruption

!/usr/bin/env python3 Exploit Title: Gnome Fonts Viewer 3.34.0 Heap Corruption Date: 2020-09-10 Exploit Author: Cody Winkler Vendor Homepage: gnome.org Software Link: https://help.gnome.org/misc/release-notes/3.6/users-font-viewer.html Version: 3.34.0 Tested On: Ubuntu 20.04.1 LTS Note: May take ...

0.5AI score
Exploits0
Packet Storm
Packet Storm
added 2020/09/10 12:0 a.m.622 views

Tiandy IPC / NVR 9.12.7 Credential Disclosure

Exploit Title: Tiandy IPC and NVR 9.12.7 - Credential Disclosure Date: 2020-09-10 Exploit Author: zb3 Vendor Homepage: http://en.tiandy.com Product Link: http://en.tiandy.com/index.php?s=/home/product/index/category/products.html Software Link:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/09/10 12:0 a.m.967 views

Mobile Shop System 1.0 SQL Injection

Title: Mobile Shop System v1.0 - SQLi lead to authentication bypass Exploit Author: Moaaz Taha 0xStorm Date: 2020-09-08 Vendor Homepage: https://www.sourcecodester.com/php/14412/mobile-shop-system-php-mysql.html Software Link:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/09/10 12:0 a.m.772 views

IlchCMS 2.1.37 Cross Site Scripting

Information -------------------- Advisory by Netsparker Name: Cross-Site Scripting in IlchCMS Affected Software: IlchCMS Affected Versions: 2.1.37 Vendor Homepage: https://www.ilch.de/ Vulnerability Type: Cross-Site Scripting Severity: Important Status: Fixed CVSS Score 3.0: 7.4 High Netsparker...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/09/10 12:0 a.m.687 views

ZTE F602W CAPTCHA Bypass

Exploit Title: ZTE Router F602W - Captcha Bypass Exploit Author: Hritik Vijay @MrHritik Vendor Homepage: https://zte.com.cn Reported: 2019-06-14 Version: F6x2W V6.0.10P2T2 Version: F6x2W V6.0.10P2T5 Tested on: F602W CVE: CVE-2020-6862 Background ----------- Captcha is used to make sure the form i...

5CVSS5.4AI score0.06306EPSS
Exploits3
Packet Storm
Packet Storm
added 2020/09/10 12:0 a.m.686 views

CuteNews 2.1.2 Remote Code Execution

Exploit Title: CuteNews 2.1.2 - Remote Code Execution Google Dork: N/A Date: 2020-09-10 Exploit Author: Musyoka Ian Vendor Homepage: https://cutephp.com/cutenews/downloading.php Software Link: https://cutephp.com/cutenews/downloading.php Version: CuteNews 2.1.2 Tested on: Ubuntu 20.04, CuteNews...

6.5CVSS0.52901EPSS
Exploits10
Packet Storm
Packet Storm
added 2020/09/09 12:0 a.m.541 views

Input Director 1.4.3 Unquoted Service Path

Exploit Title: Input Director 1.4.3 - 'Input Director' Unquoted Service Path Discovery Date: 2020-09-08 Response from Input Director Support: 09/09/2020 Exploit Author: TOUHAMI Kasbaoui Vendor Homepage: https://www.inputdirector.com/ Version: 1.4.3 Tested on: Windows Server 2012, Windows 10 Find...

0.5AI score
Exploits0
Packet Storm
Packet Storm
added 2020/09/09 12:0 a.m.524 views

Audio Playback Recorder 3.2.2 Local Buffer Overflow

Exploit Title: Audio Playback Recorder 3.2.2 - Local Buffer Overflow SEH Date: 2020-09-08 Author: Felipe Winsnes Software Link: https://archive.org/download/tucows288670AudioPlaybackRecorder/AudioRec.exe Version: 3.2.2 Tested on: Windows 7 x86 Blog: https://whitecr0wz.github.io/ Proof of the...

0.5AI score
Exploits0
Packet Storm
Packet Storm
added 2020/09/09 12:0 a.m.623 views

ShareMouse 5.0.43 Unquoted Service Path

Exploit Title: ShareMouse 5.0.43 - 'ShareMouse Service' Unquoted Service Path Discovery Date: 2020-09-08 Discovery by: Alan Lacerda alacerda Vendor Homepage: https://www.sharemouse.com/ Software Link: https://www.sharemouse.com/ShareMouseSetup.exe Version: 5.0.43 Tested on OS: Microsoft Windows 1...

0.7AI score
Exploits0
Packet Storm
Packet Storm
added 2020/09/09 12:0 a.m.680 views

Scopia XT Desktop 8.3.915.4 Cross Site Request Forgery

Exploit Title: Scopia XT Desktop 8.3.915.4 - Cross-Site Request Forgery change admin password Google Dork: inurl:scopia+index.jsp Date: 2020-09-09 Exploit Author: v1n1v131r4 Vendor Homepage: https://avaya.com Software Link:...

0.6AI score
Exploits0
Packet Storm
Packet Storm
added 2020/09/08 12:0 a.m.680 views

Yaws 2.0.7 XML Injection / Command Injection

Exploit Title: Multiple vulnerabilities in Yaws web server Date: 2020-08-10 Exploit Author: Alexey Pronin (vulnbe) Vendor Homepage: http://yaws.hyber.org/ Software Link: https://github.com/erlyaws/yaws Versions affected: 1.81 - 2.0.7 CVE: CVE-2020-24379, CVE-2020-24916 1. Description:...

0.1AI score0.17374EPSS
Exploits4
Packet Storm
Packet Storm
added 2020/09/07 12:0 a.m.625 views

macOS cfprefsd Arbitrary File Write / Local Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'macOS cfprefsd Arbitrary File Write Local Privilege Escalation', 'Description' = %q This module exploits an arbitrary file write in cfprefsd on...

5.1CVSS0.6AI score0.03667EPSS
Exploits3
Packet Storm
Packet Storm
added 2020/09/07 12:0 a.m.554 views

Joomla GMapFP J3.5 / J3.5F Arbitrary File Upload

Exploit Title: Joomla! Component GMapFP J3.5/J3.5F - Unauthenticated Arbitrary File Upload Google Dork: inurl:''comgmapfp'' Date: 2020-03-27 Exploit Author: ThelastVvV Vendor Homepage:https://gmapfp.org/ Version:Version J3.5 /J3.5free Tested on: Ubuntu CVE:CVE-2020-23972 Description: An attacker...

7.6AI score0.31444EPSS
Exploits3
Packet Storm
Packet Storm
added 2020/09/07 12:0 a.m.516 views

Rapid7 Nexpose Installer 6.6.39 Local Privilege Escalation

Rapid7 Nexpose Installer 6.6.39 Local Privilege Escalation Vendor: Rapid7 Product web page: https://www.rapid7.com Affected version: sc qc nexposeengine SC QueryServiceConfig SUCCESS SERVICENAME: nexposeengine TYPE : 10 WIN32OWNPROCESS STARTTYPE : 2 AUTOSTART ERRORCONTROL : 0 IGNORE BINARYPATHNAM...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2020/09/07 12:0 a.m.566 views

Cabot 0.11.12 Cross Site Scripting

Exploit Title: Cabot 0.11.12 - Persistent Cross-Site Scripting Date: 2020-09-06 Exploit Author: Abhiram V Vendor Homepage: https://cabotapp.com/ Software Link: https://github.com/arachnys/cabot Version: 0.11.12 Tested on: Ubuntu Linux Introduction Cabot is a free, open-source, self-hosted...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/09/07 12:0 a.m.488 views

Grocy 2.7.1 Cross Site Scripting

Exploit Title: grocy 2.7.1 - Persistent Cross-Site Scripting Date: 2020-09-06 Exploit Author: Mufaddal Masalawala Vendor Homepage: https://berrnd.de/ Software Link: https://github.com/grocy/grocy Version: 2.7.1 Tested on: Kali Linux 2020.3 Proof Of Concept: grocy household management solution...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/09/04 12:0 a.m.485 views

Noise-Java AESGCMOnCtrCipherState.encryptWithAd() Insufficient Boundary Checks

Vulnerability title: Noise-Java AESGCMOnCtrCipherState.encryptWithAd insufficient boundary checks Author: Pietro Oliva CVE: CVE-2020-25023 Vendor: Rhys Weatherley Creator of Noise Framework's reference implementation in Java Product: Noise-Java Affected version: No version information is currentl...

6.8CVSS6.5AI score0.02553EPSS
Exploits11
Packet Storm
Packet Storm
added 2020/09/04 12:0 a.m.500 views

ManageEngine Applications Manager Authenticated Remote Code Execution

!/usr/bin/python3 Exploit Title: ManageEngine Applications Manager - Authenticated RCE via Java class reflection in Weblogic server test credential API Google Dork: None Date: 04-09-2020 Exploit Author: Hodorsec Vendor Homepage: https://manageengine.co.uk Vendor Vulnerability Description:...

0.7AI score0.35773EPSS
Exploits4
Packet Storm
Packet Storm
added 2020/09/03 12:0 a.m.407 views

Noise-Java AESGCMFallbackCipherState.encryptWithAd() Insufficient Boundary Checks

Vulnerability title: Noise-Java AESGCMFallbackCipherState.encryptWithAd insufficient boundary checks Author: Pietro Oliva CVE: CVE-2020-25022 Vendor: Rhys Weatherley Creator of Noise Framework's reference implementation in Java Product: Noise-Java Affected version: No version information is...

6.8CVSS0.02553EPSS
Exploits11
Packet Storm
Packet Storm
added 2020/09/03 12:0 a.m.647 views

Red Lion N-Tron 702-W / 702M12-W 2.0.26 XSS / CSRF / Shell

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Vulnerabilities product: Red Lion N-Tron 702-W, Red Lion N-Tron 702M12-W vulnerable version: =2.0.26 fixed version: CVE number: CVE-2020-16210, CVE-2020-16206,...

6.5CVSS9.4AI score0.0624EPSS
Exploits15
Packet Storm
Packet Storm
added 2020/09/03 12:0 a.m.521 views

Hyland OnBase SQL Injection

CVSSv3.1 Score ------------------------------------------------- AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Vendor ------------------------------------------------- Hyland Software - https://www.hyland.com/en/ and https://www.onbase.com/en/ Product ------------------------------------------------- Hylan...

Exploits0
Packet Storm
Packet Storm
added 2020/09/03 12:0 a.m.449 views

Noise-Java ChaChaPolyCipherState.encryptWithAd() Insufficient Boundary Checks

Vulnerability title: Noise-Java ChaChaPolyCipherState.encryptWithAd insufficient boundary checks Author: Pietro Oliva CVE: CVE-2020-25021 Vendor: Rhys Weatherley Creator of Noise Framework's reference implementation in Java Product: Noise-Java Affected version: No version information is currently...

6.8CVSS0.02553EPSS
Exploits11
Packet Storm
Packet Storm
added 2020/09/03 12:0 a.m.476 views

SiteMagic CMS 4.4.2 Shell Upload

Exploit Title: SiteMagic CMS 4.4.2 - Arbitrary File Upload Authenticated Date: 2020-09-02 Exploit Author: v1n1v131r4 Vendor Homepage: https://sitemagic.org/ Software Link: https://sitemagic.org/Download.html Version: 4.4.2 Tested on: Ubuntu 18.04 CVE : N/A PoC:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/09/03 12:0 a.m.414 views

Nord VPN 6.31.13.0 Unquoted Service Path

Exploit Title: Nord VPN-6.31.13.0 - 'nordvpn-service' Unquoted Service Path Discovery Date: 2020-09-03 Discovery by: chipo Vendor Homepage: https://nordvpn.com Software Link : https://downloads.nordcdn.com/apps/windows/10/NordVPN/latest/NordVPNSetup.exe Tested Version: 6.31.13.0 Tested on OS:...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2020/09/02 12:0 a.m.263 views

COVR 3902 1.01B0 Hardcoded Credentials

Title: Telnet Hardcoded Credentials Summary: The latest versions of the firmware have hardcoded default credentials that can be exploited by an unauthenticated attacker to gain privileged access to the firmware and to extract sensitive data Affected Firmware: COVR-3902REVAROUTERFIRMWAREv1.01B0 CV...

9.7AI score0.03933EPSS
Exploits3
Packet Storm
Packet Storm
added 2020/09/02 12:0 a.m.619 views

Go CGI / FastCGI Transport Cross Site Scripting

Advisory: Inconsistent Behavior of Go's CGI and FastCGI Transport May Lead to Cross-Site Scripting The CGI and FastCGI implementations in the Go standard library behave differently from the HTTP server implementation when serving content. In contrast to the documented behavior, they may return...

0.2AI score0.03646EPSS
Exploits2
Packet Storm
Packet Storm
added 2020/09/01 12:0 a.m.246 views

Kamailio 5.4.0 Header Smuggling

Kamailio vulnerable to header smuggling possible due to bypass of removehf - Fixed versions: Kamailio v5.4.0 - Enable Security Advisory: - Tested vulnerable versions: 5.3.5 and earlier - Timeline: - Report date & issue patched by Kamailio: 2020-07-16 - Kamailio rewrite for header parser better fi...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/09/01 12:0 a.m.243 views

Bagisto Credential Disclosure

Vendor: Bagisto https://bagisto.com/ Affected version: All Introduction: Bagisto is an open source shop system based on PHP and Laravel framework Vulnerability description: Bagisto can be installed in sub-directories below the document root exposing the Laravel .env file which includes database a...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/09/01 12:0 a.m.210 views

Rebar3 3.13.2 Command Injection

Exploit Title: Rebar3 - OS command injection Date: 2020-06-03 Exploit Author: Alexey Pronin (vulnbe) Vendor Homepage: https://rebar3.org Software Link: https://github.com/erlang/rebar3 Versions affected: 3.0.0-beta.3 - 3.13.2 CVE: CVE-2020-13802 1. Description: ---------------------- Rebar3...

9.6AI score0.0675EPSS
Exploits3
Packet Storm
Packet Storm
added 2020/09/01 12:0 a.m.309 views

Sagemcom F@ST 5280 Privilege Escalation

privilege escalation Date: 08-31-2020 Exploit Author: Ryan Delaney Author Contact: ryan.delaney owasp org Author LinkedIn: https://www.linkedin.com/in/infosecrd/ Vendor Homepage: https://sagemcom.com/en Software Link: N/A F@ST 5280 firmware not published Version: F@ST 5280 router, F/W 1.150.61,...

0.7AI score0.03672EPSS
Exploits3
Packet Storm
Packet Storm
added 2020/09/01 12:0 a.m.264 views

moziloCMS 2.0 Cross Site Scripting

Exploit Title: moziloCMS 2.0 - Persistent Cross-Site Scripting Authenticated Date: 2020-08-31 Exploit Author: Abdulkadir Kaya Vendor Homepage: https://www.mozilo.de/ Version: 2.0 Tested on: Windows & WampServer 1- Go to following url. http://HOST/PATH/admin/ 2- Login the admin panel. 3- Go to...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/09/01 12:0 a.m.240 views

Mara CMS 7.5 Remote Code Execution

Exploit Title: Mara CMS 7.5 - Remote Code Execution Authenticated Google Dork: N/A Date: 2020-08-31 Exploit Author: Michele Cisternino 0blio Vendor Homepage: https://sourceforge.net/projects/maracms/ Software Link: https://sourceforge.net/projects/maracms/files/MaraCMS75.zip/download Version: 7.5...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2020/08/31 12:0 a.m.370 views

CMS Made Simple 2.2.14 Shell Upload

!/usr/bin/python3 -- coding: utf-8 -- Exploit Title: CMS Made Simple 2.2.14 - Arbitrary File Upload Authenticated Google Dork: N/A Date: 2020-08-31 Exploit Author: Luis Noriega @nogagmx Vendor Homepage: https://www.cmsmadesimple.org/ Software Link:...

Exploits0
Packet Storm
Packet Storm
added 2020/08/31 12:0 a.m.331 views

BlazeDVD 7.0 Professional Buffer Overflow

Title: BlazeDVD 7.0 Professional - '.plf' Local Buffer Overflow SEH,ASLR,DEP Author: emalp Date: 2020-08-31 Vendor Homepage: http://www.blazevideo.com/ Software Link: http://www.blazevideo.com/download/BlazeDVDProSetup.exe Version: 7.0.0.0 Tested on: Windows 7 Home Basic Run this file bfile.plf...

0.7AI score
Exploits0
Packet Storm
Packet Storm
added 2020/08/31 12:0 a.m.426 views

Fuel CMS 1.4.8 SQL Injection

Exploit Title: Fuel CMS 1.4.8 - 'fuelreplaceid' SQL Injection Authenticated Date: 2020-08-19 Exploit Author: c0mpu7er(@ymbank.cn) Vendor Homepage: https://www.getfuelcms.com/ Software Link: https://github.com/daylightstudio/FUEL-CMS/archive/1.4.8.zip Version: 1.4.7 Tested on: PHP 5.4.45, Apache...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2020/08/29 12:0 a.m.350 views

Online Book Store 1.0 SQL Injection

Title: Online Book Store 1.0 - 'id' SQL Injection Exploit Author: Moaaz Taha 0xStorm Date: 2020-08-21 Vendor Homepage: https://www.sourcecodester.com/php/14383/online-book-store.html Software Link: https://www.sourcecodester.com/download-code?nid=14383&title=Online+Book+Store Version: 1.0 Tested...

Exploits0
Packet Storm
Packet Storm
added 2020/08/28 12:0 a.m.499 views

Symphony CMS 3.0.0 Cross Site Scripting

Exploit Title: SymphonyCMS 3.0.0 - Persistent Cross-Site Scripting Google Dork: "lepton cms" Date: 2020-08-28 Exploit Author: SunCSR Sun Cyber Security Research Vendor Homepage: https://www.getsymphony.com/ Software Link: https://www.getsymphony.com/ Version: 3.0.0 Tested on: Windows CVE : N/A...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/08/28 12:0 a.m.373 views

TP-Link WDR4300 Remote Code Execution

!/usr/bin/python3 import sys import hashlib import base64 import requests import binascii import socket """ RCE via stack-based overflow on TP-Link WDR4300 N750 devices, using CVE-2017-13772. Tested on Firmware versions 3.13.33, Build 130618 and 3.14.3 Build 150518, hardware WDR4300 v1 Usage: 1...

9CVSS8.8AI score0.52559EPSS
Exploits8
Packet Storm
Packet Storm
added 2020/08/28 12:0 a.m.499 views

Nagios Log Server 2.1.6 Cross Site Scripting

Exploit Title: Nagios Log Server 2.1.6 - Persistent Cross-Site Scripting Date: 2020-08-07 Vendor Homepage: https://www.nagios.com/products/nagios-log-server/ Vendor Changelog: https://www.nagios.com/downloads/nagios-log-server/change-log/ Exploit Author: Jinson Varghese Behanan @JinsonCyberSec...

3.5CVSS5.6AI score0.14414EPSS
Exploits3
Total number of security vulnerabilities50786