Lucene search
K
PacketstormRecent

50738 matches found

Packet Storm
Packet Storm
added 2026/06/18 12:0 a.m.48 views

📄 WordPress Contest Gallery 28.1.4 SQL Injection

WordPress Contest Gallery plugin version 28.1.4 unauthenticated blind SQL Injection exploit written in Python3. ================================================================================================================================== | Title : WordPress Contest Gallery 28.1.4...

7.5CVSS5.9AI score0.00739EPSS
Exploits4
Packet Storm
Packet Storm
added 2026/06/18 12:0 a.m.41 views

📄 Wing FTP Server 8.1.2 Authenticated Remote Code Execution

Wing FTP Server versions prior to 8.1.3 allows authenticated administrators to execute arbitrary Lua code on the server. ================================================================================================================================== | Title : Wing FTP Server 8.1.2 - Authenticat...

8.6CVSS5.9AI score0.02643EPSS
Exploits5
Packet Storm
Packet Storm
added 2026/06/18 12:0 a.m.39 views

📄 WordPress PickPlugins 2.0.46 OTP Bypass

WordPress PickPlugins plugin version 2.0.46 proof of concept user verification OTP authentication bypass exploit. ================================================================================================================================== | Title : WordPress PickPlugins 2.0.46 User...

9.8CVSS5.3AI score0.00578EPSS
Exploits3
Packet Storm
Packet Storm
added 2026/06/17 12:0 a.m.35 views

📄 Grav CMS Remote Code Execution

This Python exploit targets a vulnerability in Grav CMS versions prior to 2.0.0-beta.2 by abusing the administrative Direct Install plugin feature to achieve remote code execution...

9.1CVSS5.8AI score0.03934EPSS
Exploits4
Packet Storm
Packet Storm
added 2026/06/17 12:0 a.m.36 views

📄 D-Link DSL2600U rom-0 Admin Password Disclosure

Proof of concept that demonstrates a vulnerability in D-Link DSL2600U routers with firmware version 1.08 that allows unauthenticated attackers to download the rom-0 configuration file containing the administrator password...

5.4AI score
Exploits0
Packet Storm
Packet Storm
added 2026/06/17 12:0 a.m.37 views

📄 CMSsiam 2 SQL Injection

CMSsiam version 2 suffers from a remote SQL injection vulnerability that allows for login bypass. ================================================================================================================================== | Title : CMSsiam v2 Auth by pass | | Author : indoushka | | Tested ...

5.8AI score
Exploits0
Packet Storm
Packet Storm
added 2026/06/17 12:0 a.m.46 views

📄 CMS SINDEHOTÉIS 1.2.4 Cross Site Request Forgery

CMS SINDEHOT�IS version 1.2.4 suffers from a cross site request forgery vulnerability. ================================================================================================================================== | Title : CMS SINDEHOTÉIS 1.2.4 CSRF | | Author : indoushka | | Tested on :...

4.8AI score
Exploits0
Packet Storm
Packet Storm
added 2026/06/17 12:0 a.m.39 views

📄 dedoc/scramble 0.13.2 Remote Code Execution

This is a Metasploit exploit module for CVE-2026-44262, an unauthenticated remote code execution vulnerability in the Laravel-based tool dedoc/scramble. ================================================================================================================================== | Title :...

9.4CVSS6.2AI score0.0586EPSS
Exploits3
Packet Storm
Packet Storm
added 2026/06/17 12:0 a.m.49 views

📄 NTLM Relay to Self (HTTP to LDAP) Post Exploitation

This Metasploit module performs an NTLM relay-to-self privilege escalation attack. It starts an HTTP-to-LDAP relay server on the compromised host, then triggers the WebClient service via an ETW event allowing a low-privilege user to start it, and coerces the local machine account to authenticate...

5.4AI score
Exploits0
Packet Storm
Packet Storm
added 2026/06/17 12:0 a.m.37 views

📄 Discuz! X5.0 Local File Inclusion

This is a Metasploit auxiliary module targeting a local file inclusion vulnerability in Discuz! X5.0. ================================================================================================================================== | Title : Discuz! X5.0 LFI Metasploit Module | | Author :...

8.6CVSS5.3AI score0.00525EPSS
Exploits2
Packet Storm
Packet Storm
added 2026/06/17 12:0 a.m.44 views

📄 Discuz! X5.0 Chained Remote Code Execution

This Metasploit module uses race condition and local file inclusion vulnerabilities in Discuz! X5.0 in order to achieve remote code execution. ================================================================================================================================== | Title : Discuz! X5.0...

8.6CVSS5.8AI score0.00525EPSS
Exploits2
Packet Storm
Packet Storm
added 2026/06/17 12:0 a.m.33 views

📄 EspoCRM 9.3.3 Server-Side Request Forgery

This Metasploit module exploits an authenticated server-side request forgery vulnerability in EspoCRM versions up to 9.3.3. The vulnerability exists in the Attachment/fromImageUrl API endpoint which allows users to fetch images from remote URLs. By using alternative IPv4 notations octal, hex,...

4.3CVSS5.3AI score0.01978EPSS
Exploits5
Packet Storm
Packet Storm
added 2026/06/17 12:0 a.m.40 views

📄 EternalBlue MS17-010 SMB Remote Code Execution

This Metasploit module exploits the SMBv1 vulnerability in Microsoft Windows MS17-010 known as EternalBlue. ================================================================================================================================== | Title : EternalBlue MS17-010 SMB Remote Code Execution |...

9.3CVSS8.1AI score0.9923EPSS
Exploits55
Packet Storm
Packet Storm
added 2026/06/16 12:0 a.m.44 views

📄 Bloodbank CMS 1.0 SQL Injection

Bloodbank CMS version 1.0 suffers from a remote SQL injection vulnerability. ================================================================================================================================== | Title : bloodbank cms v1.0 sql injection vulnerability | | Author : indoushka | | Teste...

5.8AI score
Exploits0
Packet Storm
Packet Storm
added 2026/06/16 12:0 a.m.39 views

📄 Casdoor 3.54.1 Arbitrary File Write / Shell Upload

This Python3 script exploits a path traversal flaw in Casdoor version 3.54.1 that allows an authenticated attacker to write files anywhere on the server via a misconfigured storage provider. If written to an executable location, a shell can be minted...

5.9CVSS5.3AI score0.00513EPSS
Exploits5
Packet Storm
Packet Storm
added 2026/06/16 12:0 a.m.39 views

📄 AnyDesk 9.7.5 Unquoted Service Path

AnyDesk version 9.7.5 unquoted service path privilege escalation to SYSTEM exploit. ================================================================================================================================== | Title : AnyDesk v9.7.5 Unquoted Service Path Privilege Escalation to SYSTEM | |...

5.3AI score
Exploits0
Packet Storm
Packet Storm
added 2026/06/16 12:0 a.m.41 views

📄 HotelDruid 3.0.x Credential Exposure / Stress Tester

Proof of concept denial of service and credential disclosure exploit for HotelDruid versions 3.0.0 and 3.0.7. ================================================================================================================================== | Title : HotelDruid 3.0.x Credential Exposure & Stress...

7.5CVSS5.2AI score0.00542EPSS
Exploits2
Packet Storm
Packet Storm
added 2026/06/16 12:0 a.m.62 views

📄 nginx 1.27.4 Insecure TLS Session Reuse / SSL Certificate Validation Bypass

Proof of concept exploit for nginx version 1.27.4 that demonstrates insecure TLS session reuse leading to certification validation bypass. ================================================================================================================================== | Title : nginx 1.27.4...

5.3AI score
Exploits0
Packet Storm
Packet Storm
added 2026/06/16 12:0 a.m.34 views

📄 BookStack Denial of Service

This Metasploit auxiliary module targets a denial of service vulnerability in BookStack versions prior to 25.12.1 by abusing the search system. ================================================================================================================================== | Title : BookStack...

5.4AI score
Exploits0
Packet Storm
Packet Storm
added 2026/06/16 12:0 a.m.29 views

📄 Apache Flink Kubernetes Operator 1.14.0 Server-Side Request Forgery

This ia proof of concept Metasploit module for the Apache Flink Kubernetes Operator version 1.14.0 server-side request forgery vulnerability that also provides metadata extraction...

6.5CVSS5.2AI score0.0049EPSS
Exploits3
Packet Storm
Packet Storm
added 2026/06/16 12:0 a.m.37 views

📄 Casdoor 3.54.1 Path Traversal / Arbitrary File Write

This Metasploit module exploits a path traversal vulnerability in the storage provider management component of Casdoor versions prior to 3.54.1. By creating a Local File System provider with a manipulated pathPrefix, an authenticated administrator can bypass the storage sandbox to write, overwrit...

5.9CVSS5.5AI score0.00513EPSS
Exploits5
Packet Storm
Packet Storm
added 2026/06/16 12:0 a.m.50 views

📄 Wertheim SafeController Software for VAULT ROOMS Traversal / Bypass / Broken Controls

Wertheim SafeController Software for VAULT ROOMS with AssemblyVersion 6.15.8328.28014 suffer from violation of least privilege, broken websocket authorization, broken access control, IP restriction bypass, path traversal, upload restriction bypass, unauthenticated access, hardcoded secret,...

8.6CVSS5.2AI score0.00397EPSS
Exploits1
Packet Storm
Packet Storm
added 2026/06/16 12:0 a.m.47 views

📄 Apache 2.4.66 HTTP/2 mod_http2 Double-Free Denial of Service

This script is a multi-mode security tool that triggers a denial of service against Apache HTTP Server version 2.4.66 related to a double-free condition in HTTP/2 handling...

8.8CVSS8.1AI score0.4581EPSS
Exploits16
Packet Storm
Packet Storm
added 2026/06/16 12:0 a.m.40 views

📄 Xerte Online Toolkits 3.15 Shell Upload

This Metasploit module bypasses authentication failure, extension blacklist, and path traversal vulnerabilities in the /editor/elfinder/php/connector.php endpoint to upload and execute a shell in Xerte Online Toolkits versions 3.15 commit 4e40f8030a2e3267267db7ce03e0ff57270be6f5 as there are no...

9.8CVSS5.5AI score0.03575EPSS
Exploits1
Packet Storm
Packet Storm
added 2026/06/16 12:0 a.m.45 views

📄 YAMCS 5.12.6 LdapAuthModule LDAP Injection / Authentication Bypass

This Metasploit module exploits an LDAP injection vulnerability in the YAMCS LdapAuthModule. The username parameter is inserted directly into LDAP search filters without RFC 4515 escaping, allowing an attacker to bypass authentication. By crafting a malicious username containing LDAP special...

4.3CVSS5.3AI score0.01027EPSS
Exploits3
Packet Storm
Packet Storm
added 2026/06/16 12:0 a.m.40 views

📄 Apache Flink Kubernetes Operator 1.14.0 Server-Side Request Forgery

This is a Metasploit auxiliary module to demonstrate a service-side request forgery vulnerability in Apache Flink Kubernetes Operator version 1.14.0. ================================================================================================================================== | Title : Apache...

6.5CVSS5.3AI score0.0049EPSS
Exploits3
Packet Storm
Packet Storm
added 2026/06/16 12:0 a.m.38 views

📄 Waves Central 16.6.0 Local Privilege Escalation

Waves Central versions 13.0.8 through 16.6.0 suffer from multiple local privilege escalation vulnerabilities. SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Local Privilege Escalation Vulnerabilities product:...

8.1CVSS5.2AI score0.00323EPSS
Exploits1
Packet Storm
Packet Storm
added 2026/06/16 12:0 a.m.39 views

📄 BookStack Denial of Service

This Python3 script demonstrates a denial of service condition against a BookStack search endpoint by generating extremely large search queries and sending them with high levels of concurrency. Versions prior to 25.12.1 are affected...

5.3AI score
Exploits0
Packet Storm
Packet Storm
added 2026/06/16 12:0 a.m.51 views

📄 Google Chrome V8 Type Confusion

This Metasploit module exploits a type confusion vulnerability in Google Chrome's V8 JavaScript engine versions prior to 149.0.7827.103. The vulnerability is triggered by a specific pattern that causes type confusion between internal V8 objects, leading to out-of-bounds memory access. Successful...

8.8CVSS6.8AI score0.01654EPSS
Exploits4
Packet Storm
Packet Storm
added 2026/06/16 12:0 a.m.41 views

📄 Google Chrome V8 Type Confusion

This JavaScript exploit targets a type confusion vulnerability in the V8 engine of Google Chrome versions prior to 149.0.7827.103. It runs inside the browser and attempts to trigger a JIT optimization flaw using repeated object construction patterns...

8.8CVSS5.9AI score0.01654EPSS
Exploits4
Packet Storm
Packet Storm
added 2026/06/15 12:0 a.m.62 views

📄 FreeType SHZ 2.14.3 Heap Buffer Overflow

This Python proof of concept framework is designed for security research into a reported heap buffer overflow condition affecting the FreeType TrueType bytecode interpreter. The code constructs specially crafted font structures intended to exercise the SHZ instruction path, generates malformed...

5.8AI score
Exploits0
Packet Storm
Packet Storm
added 2026/06/15 12:0 a.m.79 views

📄 FreePBX SQL Injection / Shell Upload / Remote Root

This Python3 script exploits a remote SQL injection vulnerability in FreePBX and adds a remote shell that achieves root privileges. This issue has been patched in endpoint versions 15.0.66, 16.0.89, and 17.0.3...

10CVSS6.3AI score0.93286EPSS
Exploits20
Packet Storm
Packet Storm
added 2026/06/15 12:0 a.m.54 views

📄 InnoShop 0.8.2 File Manager File Deletion / Path Traversal

This Metasploit module exploits a path traversal vulnerability in the InnoShop version 0.8.2's File Manager API. The destroyFiles endpoint does not properly validate file paths, allowing an authenticated administrator to escape the intended media/storage sandbox using ../ sequences...

7.1CVSS5.4AI score0.00175EPSS
Exploits1
Packet Storm
Packet Storm
added 2026/06/15 12:0 a.m.52 views

📄 FreeType Font Rendering Overflow Test Harness / Crash Detection

This C program is a testing harness built around the FreeType font rendering library to detect potential memory corruption issues such as heap buffer overflows when loading malicious or malformed TrueType font files...

5.7AI score
Exploits0
Packet Storm
Packet Storm
added 2026/06/15 12:0 a.m.65 views

📄 Netis N5VN AC1200 1.0.1.1742 Buffer Overflow / Denial of Service

A buffer overflow vulnerability in the Netis N5VN AC1200 router allows an attacker to crash the web server by sending a crafted request. Version 1.0.1.1742 is affected. Exploit Title: Netis N5VN AC1200 - Buffer Overflow DOS Denial of Service Application: Netis N5VN AC1200 Router Version:...

5.7AI score
Exploits0
Packet Storm
Packet Storm
added 2026/06/12 12:0 a.m.68 views

📄 HTTP/2 Multi-Server HPACK Exhaustion

This code implements a multi-target HTTP/2 resource exhaustion framework designed to stress or overwhelm server implementations through protocol-level amplification techniques. It includes server-specific payload generation for multiple platforms, automated connection orchestration, stream scalin...

5.4AI score
Exploits0
Packet Storm
Packet Storm
added 2026/06/12 12:0 a.m.55 views

📄 Paperclip AI Remote Code Execution

Paperclip is the operating system for your AI company. You set the goals, hire AI agents as employees, and watch them plan and execute work. Prior to version 2026.410.0, Paperclip allows for unauthenticated remote code execution on any network-accessible instance running in authenticated mode wit...

10CVSS6.3AI score0.01972EPSS
Exploits4
Packet Storm
Packet Storm
added 2026/06/12 12:0 a.m.57 views

📄 AnyDesk 9.7.5 Unquoted Service Path

AnyDesk version 9.7.5 suffers from an unquoted service path vulnerability. Exploit Title: AnyDesk v9.7.5 - Unquoted Service Path Date: 2026-06-06 Exploit Author: Milad Karimi Contact: [email protected] Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL Vendor Homepage: http://anydesk.com...

5.3AI score
Exploits0
Packet Storm
Packet Storm
added 2026/06/12 12:0 a.m.64 views

📄 Palo Alto GlobalProtect Authentication Bypass

This Metasploit module exploits an authentication bypass vulnerability in Palo Alto Networks PAN-OS GlobalProtect portal and gateway components. The vulnerability stems from CWE-565: Reliance on Cookies without Validation and Integrity Checking. An unauthenticated remote attacker can forge...

9.1CVSS5.5AI score0.86678EPSS
Exploits9
Packet Storm
Packet Storm
added 2026/06/12 12:0 a.m.52 views

📄 BIRD 2.18 Stack Buffer Overflow / Denial of Service Scanner

This Metasploit auxiliary module is designed to assess a vulnerability in the BGP implementation of the BIRD Internet Routing Daemon. The module establishes a BGP session with a target router, performs standard protocol negotiation, and then sends a specially crafted BGP UPDATE message containing...

6.3CVSS5.3AI score0.003EPSS
Exploits2
Packet Storm
Packet Storm
added 2026/06/12 12:0 a.m.70 views

📄 WordPress Gravity Forms 2.10.0.1 File Deletion / Path Traversal

This Metasploit module exploits a vulnerability in the Gravity Forms WordPress plugin versions 2.10.0.1 and below where file URLs stored in form entries are not properly validated. An attacker can inject a crafted entry containing path traversal sequences ../ to reference files outside the intend...

9.6CVSS5.3AI score0.005EPSS
Exploits2
Packet Storm
Packet Storm
added 2026/06/12 12:0 a.m.49 views

📄 FortiSandbox 4.4.7 Authentication Bypass / Command Injection

This Metasploit auxiliary scanner module is designed to collect system and environment information from vulnerable FortiSandbox instances by leveraging two disclosed vulnerabilities: an authentication bypass and a command injection flaw. The module supports multiple collection modes, including...

9.8CVSS5.9AI score0.48668EPSS
Exploits7
Packet Storm
Packet Storm
added 2026/06/12 12:0 a.m.53 views

📄 Check Point VPN IKE Logic Flaw

This is a Python script attempting to exploit a vulnerability in Check Point VPN by sending a malformed IKESAINIT packet to UDP port 500, detecting whether the target responds as an indicator of exploitability, then executing a MITM attack to intercept IKE packets between a victim and a VPN...

9.3CVSS5.7AI score0.70099EPSS
Exploits5
Packet Storm
Packet Storm
added 2026/06/12 12:0 a.m.77 views

📄 Gogs 0.14.2 Argument Injection

Proof of concept exploit for an argument injection vulnerability in Gogs versions 0.14.2 and below and versions 0.15.0+dev and below. ================================================================================================================================== | Title : Gogs Git Rebase Argume...

5.3AI score
Exploits0
Packet Storm
Packet Storm
added 2026/06/11 12:0 a.m.51 views

📄 FIFOFox: Windows Named-Pipe Weak Permission and Access Control Validation

This C-based framework analyzes Windows named pipes for insecure permission configurations and weak access controls that could introduce privilege boundary issues. The code collects metadata about target pipes, inspects security descriptors and DACL configurations, checks for potentially unsafe...

5.6AI score
Exploits0
Packet Storm
Packet Storm
added 2026/06/11 12:0 a.m.43 views

📄 Drupal core 10.5.5 JSON:API PostgreSQL Error-Based SQL Injection

This code demonstrates a research-oriented implementation targeting a reported SQL injection condition in Drupal JSON:API endpoints backed by PostgreSQL. ================================================================================================================================== | Title :...

9.8CVSS6.1AI score0.84631EPSS
Exploits13
Packet Storm
Packet Storm
added 2026/06/11 12:0 a.m.45 views

📄 MEmu Android Emulator 9.2.7.0 Privilege Escalation

MEmu Android Emulator version 9.2.7.0 suffers from a local privilege escalation vulnerability via insecure permissions. CVE-2026-36213 CVE-2026-36213 | Local Privilege Escalation in MEmu Android Emulator 9.2.7.0 via Insecure Service Binary Permissions | Patched in 9.3.2 CVE-2026-36213 — MEmu...

7.8CVSS5.4AI score0.00176EPSS
Exploits1
Packet Storm
Packet Storm
added 2026/06/11 12:0 a.m.58 views

📄 Craft CMS 5.9.5 Missing Authorization / Authentication Bypass

This script is an assessment and exploitation framework targeting a missing authorization vulnerability in affected versions of Craft CMS that may permit unauthorized access to privileged migration functionality. Versions 5.9.5 and below are affected...

7.3CVSS5.5AI score0.00283EPSS
Exploits3
Packet Storm
Packet Storm
added 2026/06/10 12:0 a.m.47 views

📄 Chatwoot 4.11.1 SQL Injection

This Metasploit module targets an authenticated SQL injection vulnerability in the conversation filtering functionality of Chatwoot instances up to version 4.11.1. ================================================================================================================================== |...

8.5CVSS5.6AI score0.00227EPSS
Exploits1
Packet Storm
Packet Storm
added 2026/06/10 12:0 a.m.47 views

📄 IO-Compress 2.219 Eval Injection

An eval injection vulnerability in File::GlobMapper::getFiles allows any attacker who can control the output fileglob argument passed to IO::Compress::Gzip::gzip, IO::Compress::Zip::zip, or any sibling function to execute arbitrary Perl code in the context of the running process. Summary An eval...

7.3CVSS5.9AI score0.00292EPSS
Exploits2
Total number of security vulnerabilities50738