Lucene search
K
PacketstormRecent

50738 matches found

Packet Storm
Packet Storm
added 2025/11/28 12:0 a.m.269 views

📄 CodeIgniter CMS 4.2.0 SQL Injection

Proof of concept exploit for the CodeIgniter CMS version 4.2.0 remote SQL injection vulnerability. ============================================================================================================================================= | Title : CodeIgniter CMS 4.2.0 SQL Injection Exploit | ...

8.2AI score
Exploits0
Packet Storm
Packet Storm
added 2025/11/27 12:0 a.m.169 views

📄 FortiWeb 8.0.1 Authentication Bypass

A critical authentication bypass vulnerability exists in FortiWeb web application firewalls that allows unauthenticated attackers to create administrative users via path traversal in the API endpoint. Version 8.0.1 is affected...

9.8CVSS7.4AI score0.89177EPSS
Exploits17
Packet Storm
Packet Storm
added 2025/11/27 12:0 a.m.166 views

📄 Monsta FTP DownloadFile Remote Code Execution

This Metasploit module exploits a pre-authenticated remote code execution vulnerability in Monsta FTP versions prior to 2.11.3. The vulnerability exists in the downloadFile action which allows an attacker to connect to a malicious FTP or SFTP server and download arbitrary files to arbitrary...

9.8CVSS8.1AI score0.72536EPSS
Exploits6
Packet Storm
Packet Storm
added 2025/11/27 12:0 a.m.206 views

📄 Microsoft Windows 10 21H2 / 22H2 Kernel Race Condition / Privilege Escalation

Proof of concept exploit for a kernel race condition in Microsoft Windows 10 versions 21H2 and 22H2. Combined with a double-free memory corrupt issue, it allows for privilege escalation...

7CVSS5.6AI score0.061EPSS
Exploits6
Packet Storm
Packet Storm
added 2025/11/27 12:0 a.m.319 views

📄 Flowise 3.0.4 Code Injection

Flowise versions 3.0.4 and below suffer from a remote command injection vulnerability. ============================================================================================================================================= | Title : Flowise 3.0.4 php code injection | | Author : indoushka | ...

10CVSS7.3AI score0.90183EPSS
Exploits21
Packet Storm
Packet Storm
added 2025/11/27 12:0 a.m.180 views

📄 Laravel 11 Cross Site Scripting Scanner

This is a script to scan Laravel version 11 instances to identify known cross site scripting vulnerabilities. ============================================================================================================================================= | Title : Laravel v11 XSS Vulnerability Scann...

6.5AI score
Exploits0
Packet Storm
Packet Storm
added 2025/11/27 12:0 a.m.153 views

📄 Cisco ISE API 3.0 Command Injection

Proof of concept exploit for a command injection vulnerability in Cisco ISE API version 3.0. ============================================================================================================================================= | Title : Cisco ISE API 3.0 command injection Exploits | |...

10CVSS7.9AI score0.96732EPSS
Exploits10
Packet Storm
Packet Storm
added 2025/11/27 12:0 a.m.153 views

📄 Check Point Security Gateway R80.30 Arbitrary File Read

Proof of concept exploit for an unauthenticated arbitrary file read vulnerability in Check Point Security Gateway version R80.30. ============================================================================================================================================= | Title : Check Point...

8.6CVSS9.7AI score0.99978EPSS
Exploits52
Packet Storm
Packet Storm
added 2025/11/27 12:0 a.m.190 views

📄 sudo 1.9.17 Local Privilege Escalation

sudo version 1.9.17 local privilege escalation proof of concept exploit that leverages NSS module loading. ============================================================================================================================================= | Title : sudo 1.9.17 local Privilege Escalation...

9.3CVSS7.6AI score0.47467EPSS
Exploits70
Packet Storm
Packet Storm
added 2025/11/27 12:0 a.m.138 views

📄 HP Intelligent Management 5.1 E0201 Account Creation

Proof of concept for an old bypass vulnerability in HP Intelligent Management version 5.1 E0201 that allows for account creation. ============================================================================================================================================= | Title : HP Intelligent...

7.5CVSS6.7AI score0.23927EPSS
Exploits3
Packet Storm
Packet Storm
added 2025/11/27 12:0 a.m.152 views

📄 Notepad++ 8.8.7 DLL Hijacking

Notepad++ version 8.8.7 DLL hijacking proof of concept exploit. ============================================================================================================================================= | Title : Notepad++ 8.8.7 Unsafe Plugin Persistence AutoLoad | | Author : indoushka | |...

7AI score
Exploits0
Packet Storm
Packet Storm
added 2025/11/26 12:0 a.m.151 views

📄 YesWiki Directory Traversal

YesWiki versions prior to 4.5.2 are vulnerable to an unauthenticated path traversal vulnerability through the squelette parameter. A remote attacker can leverage this flaw to read arbitrary files on the target system...

8.6CVSS7.1AI score0.05366EPSS
Exploits6
Packet Storm
Packet Storm
added 2025/11/26 12:0 a.m.267 views

📄 Apache Tomcat 11.0.3 Remote Session Injection

A vulnerability in Apache Tomcat version 11.0.3 allows attackers to upload a .session file containing a malicious Java serialized payload and then trigger it through a forged JSESSIONID cookie...

10CVSS7AI score0.99945EPSS
Exploits46
Packet Storm
Packet Storm
added 2025/11/26 12:0 a.m.171 views

📄 Fortinet FortiWeb Unauthenticated Remote Code Execution

This Metasploit module exploits an authentication bypass via a path traversal vulnerability in the Fortinet FortiWeb management interface to create a new local administrator user account. From there a command injection vulnerability is leveraged to achieve remote code execution with root...

9.8CVSS8.7AI score0.89177EPSS
Exploits20
Packet Storm
Packet Storm
added 2025/11/26 12:0 a.m.155 views

📄 Brocade Fabric OS Weak Crypto / Key Compromise

This analysis focuses on some older flaws with Brocade Fabric OS versions prior to 9.2.2 related to man-in-the-middle, weak cryptography, and hardcoded key compromise vulnerabilities...

9.8CVSS7.1AI score0.01546EPSS
Exploits2
Packet Storm
Packet Storm
added 2025/11/26 12:0 a.m.193 views

📄 Zimbra Collaboration Suite Postjournal 8.8.15 Remote Code Execution

Zimbra Collaboration Suite Postjournal version 8.8.15 unauthenticated proof of concept remote code execution exploit that leverages SMTP injection. ============================================================================================================================================= | Title...

8.4AI score
Exploits0
Packet Storm
Packet Storm
added 2025/11/26 12:0 a.m.204 views

📄 XWiki Platform 15.10.10 Remote Command Execution

XWiki Platform version 15.10.10 suffers from a critical unauthenticated remote command execution vulnerability through the SolrSearch endpoint. The issue is patched in versions 15.10.11, 16.4.1, and 16.5.0RC1...

9.8CVSS7.5AI score0.99898EPSS
Exploits50
Packet Storm
Packet Storm
added 2025/11/26 12:0 a.m.194 views

📄 7-Zip 25.00 Zip Slip Directory Traversal

7-Zip version 25.00 suffers from a symlink directory traversal vulnerability. This write up provides analysis with a proof of concept. ============================================================================================================================================= | Title : 7-Zip 25.0...

7.8CVSS7AI score0.27017EPSS
Exploits11
Packet Storm
Packet Storm
added 2025/11/26 12:0 a.m.175 views

📄 Microsoft Sharepoint Authentication Bypass

This is a proof of concept exploit for a Microsoft Sharepoint authentication bypass vulnerability discovered in 2023. ============================================================================================================================================= | Title : SharePoint Authentication...

9.8CVSS7.1AI score0.99618EPSS
Exploits11
Packet Storm
Packet Storm
added 2025/11/26 12:0 a.m.156 views

📄 IGEL OS Privilege Escalation

This Metasploit module escalates privileges for IGEL OS Workspace Edition sessions by modifying network-manager.service using setupcmd SUID and network and then restarting the service. This module requires Metasploit: https://metasploit.com/download Current source:...

7AI score
Exploits0
Packet Storm
Packet Storm
added 2025/11/26 12:0 a.m.157 views

📄 Confluence 8.x Privilege Escalation

Metasploit module proof of concept exploit that demonstrates an authentication bypass vulnerability Confluence version 8.x. ============================================================================================================================================= | Title : Confluence 8.x...

10CVSS7.2AI score0.99618EPSS
Exploits48
Packet Storm
Packet Storm
added 2025/11/26 12:0 a.m.161 views

📄 Craft CMS 5.0 Authentication Session Path Exposure

Proof of concept exploit that demonstrates an authentication session path exposure vulnerability in Craft CMS version 5.0. ============================================================================================================================================= | Title : Craft CMS 5.0...

10CVSS7.2AI score0.99803EPSS
Exploits14
Packet Storm
Packet Storm
added 2025/11/26 12:0 a.m.148 views

📄 vBulletin 6.0.3 replaceAdTemplate Expression Injection

Proof of concept exploit for vBulletin versions 5.0.0 through 6.0.3 for the replaceAdTemplate expression injection vulnerability. ============================================================================================================================================= | Title : vBulletin 5.0.0...

10CVSS7.4AI score0.69649EPSS
Exploits4
Packet Storm
Packet Storm
added 2025/11/26 12:0 a.m.160 views

📄 CAREL Boss / Boss Mini 1.4.0 Path Traversal

Proof of concept for an older vulnerability in 2023 where CAREL Boss and Boss Mini version 1.4.0 suffer from a path traversal vulnerability. ============================================================================================================================================= | Title : Boss...

9.8CVSS7AI score0.75206EPSS
Exploits6
Packet Storm
Packet Storm
added 2025/11/25 12:0 a.m.213 views

📄 WordPress Backup Migration 1.2.8 Remote Code Execution

WordPress Backup Migration plugin version 1.2.8 proof of concept code injection exploit for an older vulnerability from 2023. ============================================================================================================================================= | Title : WordPress Backup...

9.8CVSS7.6AI score0.97846EPSS
Exploits14
Packet Storm
Packet Storm
added 2025/11/25 12:0 a.m.168 views

📄 Classroomio LMS 0.1.13 Insecure Direct Object Reference

Classroomio LMS version 0.1.13 suffers from multiple insecure direct object reference vulnerabilities. CVE-2025-65670 An Insecure Direct Object Reference IDOR in classroomio 0.1.13 allows students to access sensitive admin/teacher endpoints by manipulating course IDs in URLs, resulting in...

7.5CVSS7.3AI score0.0034EPSS
Exploits3
Packet Storm
Packet Storm
added 2025/11/25 12:0 a.m.139 views

📄 B2B Hospitality Travel CMS 1.11 Shell Upload

B2B Hospitality Travel CMS version 1.11 suffers from a remote shell upload vulnerability. ============================================================================================================================================= | Title : B2B Hospitality Travel CMS 1.11 Remote File Upload...

7.3AI score
Exploits0
Packet Storm
Packet Storm
added 2025/11/25 12:0 a.m.150 views

📄 CZS CMS 1.3.0 Cross Site Request Forgery

This proof of concept leverages a known cross site request forgery vulnerability in CZS CMS version 1.3.0 to add an administrator. ============================================================================================================================================= | Title : CZS CMS v 1.3....

6.7AI score
Exploits0
Packet Storm
Packet Storm
added 2025/11/25 12:0 a.m.160 views

📄 Citrix Bleed 2 PHP Mass Scanner

This is a high-speed mass-scanner written in PHP designed to test for data leakage through the CitrixBleed2 InitialValue extraction issue. The tool reproduces the functionality of the original Bash/Parallel scanner but works in restricted PHP environments...

7AI score
Exploits0
Packet Storm
Packet Storm
added 2025/11/25 12:0 a.m.148 views

📄 Classroomio LMS 0.1.13 Cross Site Scripting

Classroomio LMS version 0.1.13 suffers from multiple persistent cross site scripting vulnerabilities via uploaded SVG files. CVE-2025-65676 Stored Cross site scripting XSS vulnerability in Classroomio LMS 0.1.13 allows authenticated attackers to execute arbitrary code via crafted SVG cover images...

5.4CVSS6.6AI score0.00234EPSS
Exploits3
Packet Storm
Packet Storm
added 2025/11/25 12:0 a.m.168 views

📄 macOS 18.3.2 VM_BEHAVIOR_ZERO_WIRED_PAGES Handling

A vulnerability exists in the way macOS handles VMBEHAVIORZEROWIREDPAGES combined with mmap + mlock + vmdeallocate on a read-only mapped file. A local attacker may trigger abnormal kernel behavior depending on system conditions. This proof of concept is purely academic and demonstrates a controll...

6.5AI score
Exploits0
Packet Storm
Packet Storm
added 2025/11/24 12:0 a.m.146 views

📄 Flowise Custom MCP Remote Code Execution

This Metasploit module exploits a remote code execution vulnerability in Flowise versions greater than or equal to 2.2.7-patch.1 and less than 3.0.1. The vulnerability exists in the customMCP endpoint /api/v1/node-load-method/customMCP located in...

9.8CVSS8.6AI score0.70866EPSS
Exploits3
Packet Storm
Packet Storm
added 2025/11/24 12:0 a.m.270 views

📄 Flowise JS Injection Remote Code Execution

This Metasploit module exploits a remote code execution vulnerability in Flowise versions greater than or equal to 2.2.7-patch.1 and less than 3.0.6. The vulnerability exists in the customMCP endpoint /api/v1/node-load-method/customMCP located in...

10CVSS9.2AI score0.90183EPSS
Exploits21
Packet Storm
Packet Storm
added 2025/11/24 12:0 a.m.154 views

📄 Ruckus Unleashed 200.13.6.1.319 Cross Site Scripting

Ruckus Unleashed version 200.13.6.1.319 suffers from a cross site scripting vulnerability. CVE-2025-63735 – Reflected XSS in Ruckus Unleashed 200.13.6.1.319 Summary A reflected cross-site scripting XSS vulnerability exists in Ruckus Unleashed 200.13.6.1.319 via the name parameter to the...

6.1CVSS6.4AI score0.00192EPSS
Exploits4
Packet Storm
Packet Storm
added 2025/11/21 12:0 a.m.202 views

📄 eGovFramework 4.3.1 Arbitrary File Upload

eGovFramework version 4.3.1 proof of concept exploit that demonstrates an arbitrary file upload vulnerability. ============================================================================================================================================= | Title : eGovFramework 4.3.1 Unauthenticate...

6.9CVSS7.2AI score0.00503EPSS
Exploits2
Packet Storm
Packet Storm
added 2025/11/20 12:0 a.m.280 views

📄 eGovFramework 4.3.1 File Upload / Unauthenticated Encryption Oracle

eGovFramework versions 4.3.1 and below suffer from unauthenticated file upload and encryption oracle vulnerabilities. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory Information Title: 2 vulnerabilities in Egovframe Advisory URL: https://pierrekim.github.io/advisories/2025-egovframe.txt...

8.7CVSS7.5AI score0.00503EPSS
Exploits2
Packet Storm
Packet Storm
added 2025/11/20 12:0 a.m.173 views

📄 AudioCodes Fax/IVR Appliance 2.6.23 File Upload / Code Execution / Privilege Escalation

AudioCodes Fax/IVR Appliance versions 2.6.23 and below suffer from multiple code execution and command injection vulnerabilities as well as privilege escalation, file upload, and file read vulnerabilities. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory Information Title: 8 vulnerabiliti...

10CVSS8.7AI score0.63748EPSS
Exploits20
Packet Storm
Packet Storm
added 2025/11/19 12:0 a.m.209 views

📄 Fortinet FortiWeb 8.0.0 Authentication Bypass

Analysis write up of the Fortinet FortiWeb version 8.0.0 authentication bypass vulnerability that can be leveraged for remote code execution. Titles: Fortinet FortiWeb Auth-8.0.0 Bypass CVE-2025-64446 Author: nu11secur1ty Date: 11/17/2025 Vendor: https://www.fortinet.com/ Software: v8.0.0...

9.8CVSS8.5AI score0.89177EPSS
Exploits17
Packet Storm
Packet Storm
added 2025/11/18 12:0 a.m.159 views

📄 Snipe-IT 8.3.4 Cross Site Scripting

Snipe-IT version 8.3.4 suffers from a cross site scripting vulnerability. Product Info Snipe-IT is a free and open-source IT asset management system FOSS built on Laravel. It provides hardware asset tracking, software license management, accessories, and consumables inventory features for IT...

7.1CVSS6.4AI score0.00303EPSS
Exploits2
Packet Storm
Packet Storm
added 2025/11/14 12:0 a.m.201 views

📄 Grocery Store Management System 1.0 SQL Injection

Grocery Store Management System version 1.0 appears to suffer from a remote SQL injection vulnerability in searchproducts.php. CVE-2025-63943 — SQL Injection in Grocery Store Management System 1.0 Overview A high-severity SQL Injection vulnerability was identified in the searchproducts.php...

8.2AI score
Exploits1
Packet Storm
Packet Storm
added 2025/11/13 12:0 a.m.173 views

📄 Ilevia EVE X1/X5 Server 4.7.18.0.eden Authenticated Remote Command Injection

Ilevia EVE X1/X5 Server version 4.7.18.0.eden suffers from multiple authenticated OS command injection vulnerabilities. This can be exploited to inject and execute arbitrary shell commands through multiple scripts affecting multiple parameters. Ilevia EVE X1/X5 Server 4.7.18.0.eden Authenticated...

8.8CVSS8.3AI score0.02071EPSS
Exploits3
Packet Storm
Packet Storm
added 2025/11/13 12:0 a.m.156 views

📄 Logitech Streamlabs Desktop 1.19.6 CPU Exhaustion

Logitech Streamlabs Desktop version 1.19.6 has a vulnerability where importing a crafted .overlay file can cause uncontrolled CPU consumption, leading to a denial-of-service condition. The .overlay file is an archive containing a config.json configuration. By inserting an excessively large string...

6.8AI score
Exploits0
Packet Storm
Packet Storm
added 2025/11/13 12:0 a.m.152 views

📄 Patients Waiting Area Queue Management System 1.0 SQL Injection

Patients Waiting Area Queue Management System version 1.0 suffers from a remote SQL injection vulnerability. Exploit Title: Patients Waiting Area Queue Management System v1.0 - SQL Injection Exploit Author: Deva Parekh pr0f Date: October 23, 2025 Vendor Homepage:...

8.2AI score0.00351EPSS
Exploits3
Packet Storm
Packet Storm
added 2025/11/12 12:0 a.m.300 views

📄 Windows Server Update Service Deserialization Remote Code Execution

This Metasploit module exploits a deserialization vulnerability in the legacy serialization mechanism in Windows Server Update Services WSUS. The vulnerability allows an unauthenticated attacker to create a specially crafted event, which triggers an unsafe deserialization upon server...

9.8CVSS9.7AI score0.99962EPSS
Exploits24
Packet Storm
Packet Storm
added 2025/11/11 12:0 a.m.156 views

📄 LINQPad File Overwrite

This Metasploit module exploits a bug in LINQPad up to version 5.48.00. The bug is only exploitable in the paid version of software. The core of the bug is a cache file containing deserialized data, which an attacker can overwrite with a malicious payload. The data gets deserialized every time th...

8AI score0.00488EPSS
Exploits5
Packet Storm
Packet Storm
added 2025/11/10 12:0 a.m.177 views

📄 Ilevia EVE X1/X5 Server 4.7.18.0.eden Root Privilege Escalation

Ilevia EVE X1/X5 Server version 4.7.18.0.eden has a misconfiguration in the sudoers file that permits passwordless execution of specific Bash shell scripts via sudo, exposing a critical privilege escalation vulnerability. When such scripts are writable by a web-facing user www-data or accessible...

9.8CVSS8.4AI score0.07285EPSS
Exploits3
Packet Storm
Packet Storm
added 2025/11/10 12:0 a.m.154 views

📄 Ilevia EVE X1/X5 Server 4.7.18.0.eden Insecure Hashing Algorithm

Ilevia EVE X1/X5 Server version 4.7.18.0.eden stores user passwords in the database using the MD5 hashing algorithm, which is considered cryptographically insecure due to its vulnerability to collision and brute-force attacks. MD5 lacks modern protections such as salting and computational hardnes...

8.2CVSS7.1AI score0.0028EPSS
Exploits2
Packet Storm
Packet Storm
added 2025/11/10 12:0 a.m.150 views

📄 moew.government.bg Cross Site Scripting

moew.government.bg suffers from a cross site scripting vulnerability. It is unclear what vulnerable code base is being used or if it's custom, however, the researcher has not heard a response from the administrators for a year and they have not addressed the issue, putting their users at risk, so...

6.6AI score
Exploits0
Packet Storm
Packet Storm
added 2025/11/05 12:0 a.m.240 views

📄 Centreon Broker Engine Reload Parameter Command Injection

Centreon is a platform designed to monitor your cloud and on-premises infrastructure. This Metasploit module exploits a command injection vulnerability using the broker engine reload setting on the poller configuration page of the Centreon web application. Injecting a malicious payload at the...

7.2CVSS7.9AI score0.13843EPSS
Exploits2
Packet Storm
Packet Storm
added 2025/11/03 12:0 a.m.312 views

📄 WatchGuard Firebox Default Credentials / SSH Access

The default configuration of WatchGuard Firebox devices through 2025-09-10 allows administrative access via SSH on port 4118 using the default credentials. This configuration exposes the device to remote attackers who can gain full administrative access without prior authentication. CVE-2025-5939...

7.2AI score0.00043EPSS
Exploits3
Total number of security vulnerabilities50738