Lucene search
K
PacketstormRecent

50738 matches found

Packet Storm
Packet Storm
added 2025/05/23 12:0 a.m.83 views

📄 ABB Cylon Aspect 3.08.03 logYumLookup.php Path Traversal

The ABB Cylon Aspect BAS controller is vulnerable to an authenticated hybrid path traversal vulnerability in logYumLookup.php due to insufficient validation of the logFile parameter. The script checks for the presence of an expected path /var/log/yum.log using strpos, which can be bypassed by...

6.9AI score
Exploits0
Packet Storm
Packet Storm
added 2025/05/23 12:0 a.m.93 views

📄 ABB Cylon Aspect Studio 3.08.03 CylonLicence.dll Binary Planting

A DLL hijacking vulnerability exists in Aspect-Studio version 3.08.03, where the application attempts to load a library named CylonLicence via System.loadLibrary"CylonLicence" without a full path, falling back to the standard library search order. If an attacker can plant a malicious...

7.1CVSS7.2AI score0.00977EPSS
Exploits3
Packet Storm
Packet Storm
added 2025/05/23 12:0 a.m.88 views

📄 ABB Cylon Aspect 3.08.03 Java/PHP Log Forging

Multiple PHP and Java components across the system fail to properly sanitize user-supplied input before including it in application logs. In PHP, files like supervisorProxy.php directly embed values such as $SERVER'REQUESTURI' and raw POST bodies into log messages without filtering, enabling...

6.9CVSS6.5AI score0.00316EPSS
Exploits2
Packet Storm
Packet Storm
added 2025/05/23 12:0 a.m.77 views

📄 ABB Cylon Aspect 3.08.03 logMixDownload.php Remote Code Execution

The ABB BMS/BAS controller suffers from an authenticated blind OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the 'instance' HTTP POST parameter called by the logMixDownload.php script and dependant on SELECTED=ALL case. Version...

8.3AI score
Exploits0
Packet Storm
Packet Storm
added 2025/05/23 12:0 a.m.87 views

📄 ABB Cylon BACnet MS/TP Kernel Module mstp.ko Out-Of-Bounds Write

A buffer overflow vulnerability exists in the mstp.ko kernel module, responsible for processing BACnet MS/TP frames over serial RS485. The SendFrame function writes directly into a statically sized kernel buffer allocentry0x1f5 without validating the length of attacker-controlled data param5. If ...

8.2AI score
Exploits0
Packet Storm
Packet Storm
added 2025/05/23 12:0 a.m.67 views

📄 ABB Cylon Aspect 3.08.03 File Deletion

ABB Cylon Aspect version 3.08.03 BMS/BAS is vulnerable to a critical flaw in the AuthenticatedHttpServlet within its application server, enabling remote attackers to bypass authentication by setting the Host: 127.0.0.1 header. This deceives the server into processing requests as if they originate...

7.7AI score
Exploits0
Packet Storm
Packet Storm
added 2025/05/23 12:0 a.m.83 views

📄 ABB Cylon Aspect 3.08.02 MIX Session Validation Bypass

ABB Cylon Aspect version 3.08.02 suffers from a broken session management issue. The backend implements inconsistent session validation by prioritizing the Authorization header over the PHPSESSID cookie, which is typically used to authenticate access to the controller system’s admin panel. While...

7.5AI score
Exploits0
Packet Storm
Packet Storm
added 2025/05/23 12:0 a.m.82 views

📄 ABB Cylon Aspect Studio 3.08.03 Insecure Permissions

ABB Cylon Aspect Studio version 3.08.03 suffers from an elevation of privileges vulnerability which can be used by a simple authenticated user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'M' flag Modify for...

7.3CVSS6.3AI score0.00132EPSS
Exploits2
Packet Storm
Packet Storm
added 2025/05/23 12:0 a.m.75 views

📄 ABB Cylon Aspect 3.08.03 Authentication Bypass

ABB Cylon Aspect version 3.08.03 BMS/BAS is vulnerable to a critical flaw in the AuthenticatedHttpServlet within its application server, enabling remote attackers to bypass authentication by setting the Host: 127.0.0.1 header. This deceives the server into processing requests as if they originate...

7.5AI score
Exploits0
Packet Storm
Packet Storm
added 2025/05/23 12:0 a.m.89 views

📄 ABB Cylon Aspect 3.08.03 Time Manipulation

ABB Cylon Aspect MIX's NTPServlet allows NTP config changes via the Host: 127.0.0.1 bypass, writing attacker-controlled hosts to NTPTickers and syncing the system clock. A malicious NTP server can manipulate time, enabling DoS or time-based attacks. Version 3.08.03 is affected. ABB Cylon Aspect...

7.2AI score
Exploits0
Packet Storm
Packet Storm
added 2025/05/23 12:0 a.m.89 views

📄 ABB Cylon Aspect 3.08.03 Remote Code Execution

ABB Cylon Aspect version 3.08.03 BMS/BAS is vulnerable to a critical flaw in the AuthenticatedHttpServlet within its application server, enabling remote attackers to bypass authentication by setting the Host: 127.0.0.1 header. This deceives the server into processing requests as if they originate...

8.3AI score
Exploits0
Packet Storm
Packet Storm
added 2025/05/23 12:0 a.m.88 views

📄 ABB Cylon Aspect 3.08.03 Network Manipulation

ABB Cylon Aspect MIX's IPConfigServlet allows unauthenticated network config changes via the Host: 127.0.0.1 bypass, writing to /etc/hosts and config files. Attackers can redirect traffic e.g. localhost to 1.2.3.4 or disrupt connectivity, amplifying impact with network restarts. Version 3.08.03 i...

7.3AI score
Exploits0
Packet Storm
Packet Storm
added 2025/05/23 12:0 a.m.91 views

📄 ABB Cylon Aspect 3.08.03 login.php Obscure Authentication Bypass

The ABB Cylon Aspect BAS controller allows login using guest:guest, which initiates a web session but restricts access to administrative features by returning an 'Invalid Admin Username and/or Password' message. However, the session is still active and valid within the HMI environment. Despite...

7.6AI score
Exploits0
Packet Storm
Packet Storm
added 2025/05/23 12:0 a.m.99 views

📄 ABB Cylon Aspect 3.08.03 Remote Code Execution

ABB Cylon Aspect version 3.08.03 BMS/BAS is vulnerable to a critical flaw in the AuthenticatedHttpServlet within its application server, enabling remote attackers to bypass authentication by setting the Host: 127.0.0.1 header. This deceives the server into processing requests as if they originate...

8.3AI score
Exploits0
Packet Storm
Packet Storm
added 2025/05/22 12:0 a.m.101 views

📄 Clinic's Patient Management System 1.0 SQL Injection / Remote Code Execution

This Metasploit module exploits an SQL injection vulnerability in the login portal, allowing an attacker to log in as an admin. Next, it allows the attacker to upload malicious files through user modification to achieve remote code execution. This module requires Metasploit:...

9.8CVSS8.9AI score0.19373EPSS
Exploits8
Packet Storm
Packet Storm
added 2025/05/22 12:0 a.m.179 views

📄 Invision Community 5.0.6 CustomCss Remote Code Execution

Invision Community versions 5.0.6 and below contain a remote code execution vulnerability in the theme editors customCss endpoint. By crafting a specially formatted content parameter with a expression="…" construct, arbitrary PHP can be evaluated. This Metasploit module leverages that flaw to...

10CVSS8.6AI score0.79174EPSS
Exploits6
Packet Storm
Packet Storm
added 2025/05/22 12:0 a.m.94 views

📄 Remote for Windows 2024.15 Desktop Stream Disclosure

Remote for Windows version 2024.15 has a vulnerability that allows any unauthenticated attacker to access a real-time H.264 stream of the victim’s Windows/Mac desktop. This is achieved by querying the /api/getVersion endpoint to retrieve the liveview.port, and then opening a TCP connection to tha...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2025/05/22 12:0 a.m.130 views

📄 WordPress Motors 5.6.67 Privilege Escalation

WordPress Motors theme versions 5.6.67 and below suffer from a privilege escalation vulnerability that allows for account takeover. 🔐 CVE-2025-4322 – Motors = 5.6.67 - Unauthenticated Privilege Escalation via Password Update/Account Takeover 📌 Plugin Information - Plugin: Motors = 5.6.67 -...

9.8CVSS7.6AI score0.18241EPSS
Exploits3
Packet Storm
Packet Storm
added 2025/05/21 12:0 a.m.86 views

📄 Remote for Windows 2024.15 Unauthenticated Desktop Screenshot Capture

Remote for Windows version 2024.15 suffers from a missing authentication vulnerability that allows for the disclosure of desktop screenshots. Exploit Title: Remote for Windows 2024.15 - Unauthenticated Desktop Screenshot Capture Date: 2025-05-19 Exploit Author: Chokri Hammedi Vendor Homepage:...

7.5AI score
Exploits0
Packet Storm
Packet Storm
added 2025/05/21 12:0 a.m.76 views

📄 Remote for Windows 2024.15 Local Privilege Escalation

Remote for Windows version 2024.15 suffers from a local privilege escalation vulnerability. Exploit Title: Remote for Windows 2024.15 - Local Privilege Escalation Date: 2025-05-19 Exploit Author: Chokri Hammedi Vendor Homepage: https://rs.ltd Software Link: https://rs.ltd/latest.php?os=win Versio...

7.6AI score
Exploits0
Packet Storm
Packet Storm
added 2025/05/21 12:0 a.m.94 views

📄 Remote for Windows 2024.15 Remote Code Execution

Remote for Windows version 2024.15 suffers from multiple remote code execution vulnerabilities. Exploit Title: Remote for Windows 2024.15 - RCE Date: 2025-05-19 Exploit Author: Chokri Hammedi Vendor Homepage: https://rs.ltd Software Link: https://rs.ltd/latest.php?os=win Version: 2024.15 Tested o...

8.5AI score
Exploits0
Packet Storm
Packet Storm
added 2025/05/21 12:0 a.m.84 views

📄 ABB Cylon FLXeon 9.3.5 variant.js Information Disclosure

The ABB Cylon FLXeon BACnet controller's /api/variant endpoint exposes sensitive system information, including the internal IP address, MAC address, device model, and build type, without requiring authentication. The get function gathers network interface data using the os.networkInterfaces API a...

7.3AI score
Exploits0
Packet Storm
Packet Storm
added 2025/05/20 12:0 a.m.99 views

📄 Cubecart 6.5.9 Cross Site Scripting

Cubecart version 6.5.9 suffers from a persistent cross site scripting vulnerability. Exploit Title: Stored XSS in "Description" Functionality - cubecartv6.5.9 Date: 05/2025 Exploit Author: Andrey Stoykov Version: 6.5.9 Tested on: Debian 12 Blog: https://msecureltd.blogspot.com/ Stored XSS 1: Step...

6.6AI score
Exploits0
Packet Storm
Packet Storm
added 2025/05/20 12:0 a.m.104 views

📄 Ibn Al Haithm 1.0 Insecure Direct Object Reference

Ibn Al Haithm version 1.0 suffers from an insecure direct object reference vulnerability. Exploit Title: Ibn Al Haithm intlaqcit.com - Multiple Vulnerabilities Date: May 19, 2025 Exploit Author: wa03 Telegram: @wa03 Vendor Homepage: intlaqcit.com Version: 1.0 CVE: N/A Google Dork: intxt: Ibn Al...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2025/05/20 12:0 a.m.88 views

📄 ABB Cylon FLXeon 9.3.5 uukl.js Predictable Salt / Weak Hashing Algorithm

The ABB Cylon FLXeon BACnet controller's /api/uukl.js module implements password verification and update mechanisms using the insecure MD5 hash function alongside weak salt generation via Math.random. This constitutes a cryptographic vulnerability where password hashes are susceptible to collisio...

7.3AI score
Exploits0
Packet Storm
Packet Storm
added 2025/05/19 12:0 a.m.98 views

📄 Magnolia DX Core 6.3.8 Command Injection

Magnolia DX Core version 6.3.8 suffers from a remote command injection vulnerability. Exploit Title: Magnolia DX Core 6.3.8 - Command Injection Date: 05/16/2025 Exploit Author: tmrswrr Version: 6.3.8 Vendor home page: https://docs.magnolia-cms.com/home/ Product:...

8AI score
Exploits0
Packet Storm
Packet Storm
added 2025/05/19 12:0 a.m.201 views

📄 ABB Cylon FLXeon 9.3.5 siteGuide.js Authenticated Directory Traversal

The ABB Cylon FLXeon BACnet controller is vulnerable to authenticated file traversal via the /api/siteGuide endpoint. An attacker with valid credentials can manipulate the filename parameter to move and access or overwrite arbitrary files. The issue arises due to improper input validation in...

7.2AI score
Exploits0
Packet Storm
Packet Storm
added 2025/05/19 12:0 a.m.161 views

📄 Automic Automation Agent Unix Privilege Escalation

An agent configured to run in privileged mode using the SetUID-Bit can be used to escalate privileges, by supplying an ini file with the "authentication" option set to "PAM" and the "libName" option set to a shared object file controlled by the attacker. The shared object will be loaded in an...

8.3AI score
Exploits0
Packet Storm
Packet Storm
added 2025/05/19 12:0 a.m.88 views

📄 Remote Keyboard Desktop 1.0.1 Remote Code Execution

Remote Keyboard Desktop version 1.0.1 suffers from a remote code execution vulnerability. Exploit Title: Remote Keyboard Desktop 1.0.1 Remote Code Execution Date: 05/17/2025 Exploit Author: Chokri Hammedi Vendor Homepage: https://remotecontrolio.web.app/ Software Link:...

8.3AI score
Exploits0
Packet Storm
Packet Storm
added 2025/05/19 12:0 a.m.480 views

📄 HP Sure Access Enterprise / Sure Click Enterprise Missing Authentication

SEC Consult conducted penetration tests on Sure Access in 2022 and on Sure Click in 2023 and established a contact with HP afterwards. After several rounds of emails and meetings with the product development team, the scope and limitations of Sure Access and Sure Click were made clear. This...

7.3AI score
Exploits0
Packet Storm
Packet Storm
added 2025/05/19 12:0 a.m.83 views

📄 Samsung MagicINFO 9 Server Remote Code Execution

This Metasploit module exploits a remote code execution vulnerability in Samsung MagicINFO 9 Server versions less than or equal to 21.1050.0. Remote code execution can be obtained by exploiting the path traversal vulnerability CVE-2024-7399 in the SWUpdateFileUploader servlet, which can be querie...

8.8CVSS8.4AI score0.91941EPSS
Exploits3
Packet Storm
Packet Storm
added 2025/05/19 12:0 a.m.119 views

📄 CrushFTP 11.3.1 Authentication Bypass / Race Condition

CrushFTP versions prior to 10.8.4 and 11.3.1 suffer from an authentication bypass vulnerability via a race condition and header parsing logic flaw in the AWS4-HMAC authorization mechanism. Exploit Title: CrushFTP 11.3.1 - Authentication Bypass Date: 2025-05-15 Exploit Author: @İbrahimsql Exploit...

9.8CVSS7.4AI score0.99963EPSS
Exploits18
Packet Storm
Packet Storm
added 2025/05/19 12:0 a.m.87 views

📄 ABB Cylon FLXeon 9.3.5 bbmdList.js Authenticated Configuration Poisoning

The ABB Cylon FLXeon BACnet controller suffers from a configuration poisoning vulnerability in the put function of bbmdList.js, where the writeFile function is invoked to persist user-controlled data req.body.bipList and req.body.natList directly into sensitive configuration files /etc/bdt.txt an...

7.2AI score
Exploits0
Packet Storm
Packet Storm
added 2025/05/19 12:0 a.m.109 views

📄 Ivanti Endpoint Manager DLL Hijacking / Privilege Escalation

The EPM Security Scan Vulscan Self Update is vulnerable to DLL hijacking. When it is installed on a client machine, by default, it creates a scheduled task as SYSTEM that when run, tries to load non-existent ZIP files from ProgramData. A malicious DLL can be inserted into one of the ZIP files whi...

7.8CVSS7.6AI score0.00388EPSS
Exploits1
Packet Storm
Packet Storm
added 2025/05/19 12:0 a.m.95 views

📄 RSI Queue Management System 3.0 SQL Injection

An unauthenticated blind SQL injection vulnerability exists in RSI Queue Management System version 3.0 within the TaskID parameter of the get request handler. Attackers can remotely inject time-delayed SQL payloads to induce server response delays, enabling time-based inference and iterative...

7.5CVSS8.2AI score0.11279EPSS
Exploits1
Packet Storm
Packet Storm
added 2025/05/19 12:0 a.m.90 views

📄 ABB Cylon FLXeon 9.3.5 siteGuide.js Authenticated Root Remote Code Execution

The ABB Cylon FLXeon BACnet controller is vulnerable to authenticated remote root code execution via the /api/siteGuide endpoint. An attacker with valid credentials can inject arbitrary system commands by manipulating the filename and/or originalname parameters. The issue arises due to improper...

8AI score
Exploits0
Packet Storm
Packet Storm
added 2025/05/19 12:0 a.m.74 views

📄 Economizzer 0.9-beta1 Session Invalidation

Economizzer version 0.9-beta1 fails to properly invalidate user sessions. A session management vulnerability exists in gugoan's Economizzer v.0.9-beta1. The application fails to properly invalidate user sessions upon logout or other session termination events. As a result, a valid session remains...

7.3AI score
Exploits0
Packet Storm
Packet Storm
added 2025/05/19 12:0 a.m.95 views

📄 WordPress PSW Front-end Login Registration 1.12 Privilege Escalation

WordPress PSW Front-end Login Registration plugin versions 1.12 and below suffer from a privilege escalation vulnerability. 🔐 CVE-2025-47646 – PSW Front-end Login & Registration = 1.12 📌 Plugin Information - Plugin: PSW Front-end Login & Registration - Vulnerable Version: = 1.12 - CVE:...

9.8CVSS7.6AI score0.21747EPSS
Exploits3
Packet Storm
Packet Storm
added 2025/05/19 12:0 a.m.80 views

📄 ABB Cylon FLXeon 9.3.5 capture.js Authenticated File Disclosure / Deletion

The ABB Cylon FLXeon BACnet controller is vulnerable to a path traversal flaw in its capture.js endpoint due to unsanitized user input being directly concatenated into a filesystem path. An attacker can exploit this by supplying crafted file names to access arbitrary files outside the intended va...

7.2AI score
Exploits0
Packet Storm
Packet Storm
added 2025/05/19 12:0 a.m.89 views

📄 Economizzer 0.9-beta1 Cross Site Scripting

Economizzer version 0.9-beta1 suffers from multiple persistent cross site scripting vulnerabilities. A persistent cross-site scripting XSS vulnerability exists in gugoan's Economizzer v.0.9-beta1 The application fails to properly sanitize user-supplied input when creating a new cash book entry vi...

6.8AI score
Exploits0
Packet Storm
Packet Storm
added 2025/05/19 12:0 a.m.114 views

📄 Honeywell MB-Secure Command Injection

Honeywell MB-Secure versions 11.04 and up to 12.53 and PRO versions from 01.06 to 03.09 suffer from an authenticated command injection vulnerability. SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Authenticated Comman...

9.9CVSS7.7AI score0.1017EPSS
Exploits1
Packet Storm
Packet Storm
added 2025/05/19 12:0 a.m.102 views

📄 Tiiwee X1 Alarm System Replay Attack

The Tiiwee X1 Alarm System suffers from a replay attack using a Flipper Zero. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2025-006 Product: Tiiwee X1 Alarm System Manufacturer: Tiiwee B.V. Affected Versions: TWX1HAKV2 Tested Versions: TWX1HAKV2 Vulnerability Type:...

7.6CVSS7.3AI score0.00555EPSS
Exploits1
Packet Storm
Packet Storm
added 2025/05/16 12:0 a.m.221 views

📄 Ivanti Connect Secure 22.7R2.5 Remote Code Execution

This Metasploit module exploits a stack-based buffer overflow vulnerability in Ivanti Connect Secure to achieve remote code execution CVE-2025-22457. Versions 22.7R2.5 and earlier are vulnerable. Note that Ivanti Pulse Connect Secure, Ivanti Policy Secure and ZTA gateways are also vulnerable but...

9.8CVSS7.9AI score0.99973EPSS
Exploits19
Packet Storm
Packet Storm
added 2025/05/15 12:0 a.m.117 views

📄 Nextcloud Workflows Remote Code Execution

This Metasploit module adds workflows as an authenticated user which can only be created by administrators by design. If the app "Nextcloud Workflow Script" is installed it is possible to generate a workflow that executes commands. This module requires Metasploit: https://metasploit.com/download...

9CVSS8.9AI score0.04176EPSS
Exploits2
Packet Storm
Packet Storm
added 2025/05/14 12:0 a.m.86 views

📄 Car Rental System 1.0 Shell Upload

This Metasploit module exploits an authenticated remote code execution vulnerability in the Online Car Rental System 1.0 via the changeimage1.php endpoint. An authenticated attacker can upload malicious PHP scripts without proper validation, enabling arbitrary code execution on the server. This...

6.5CVSS9AI score0.02424EPSS
Exploits3
Packet Storm
Packet Storm
added 2025/05/14 12:0 a.m.97 views

📄 WordPress User Registration and Membership Privilege Escalation

WordPress User Registration and Membership plugin versions prior to 4.1.2 remote privilege escalation exploit that executes a PHP payload. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WP Use...

8.1CVSS9.1AI score0.44413EPSS
Exploits7
Packet Storm
Packet Storm
added 2025/05/14 12:0 a.m.118 views

📄 WordPress SureTriggers 1.0.78 Authentication Bypass / Remote Code Execution

This Metasploit module exploits an authorization bypass in the WordPress SureTriggers plugin versions 1.0.78 and below to create an administrator account and then uploads and executes a PHP payload. This module requires Metasploit: https://metasploit.com/download Current source:...

8.1CVSS8.2AI score0.76286EPSS
Exploits8
Packet Storm
Packet Storm
added 2025/05/14 12:0 a.m.129 views

📄 Invision Community 5.0.6 Remote Code Execution

Invision Community versions 5.0.0 through 5.0.6 suffer from a customCss related remote code execution vulnerability. --------------------------------------------------------------------------- Invision Community = 5.0.6 customCss Remote Code Execution Vulnerability...

10CVSS9.8AI score0.79174EPSS
Exploits6
Packet Storm
Packet Storm
added 2025/05/13 12:0 a.m.100 views

📄 LINQPad Insecure Deserialization

This Metasploit module exploits a bug in LINQPad up to version 5.48.00. The bug is only exploitable in paid version of software. The core of a bug is cache file containing deserialized data, which attacker can overwrite with malicious payload. The data gets deserialized every time the app restart...

8.1AI score0.00488EPSS
Exploits5
Packet Storm
Packet Storm
added 2025/05/13 12:0 a.m.91 views

📄 TP-Link VN020-F3v(T) DHCP Stack Buffer Overflow

TP-Link VN020-F3vT suffers from a DHCP stack buffer overflow vulnerability. / Exploit Title: TP-Link VN020 F3vT TTV6.2.1021 - DHCP Stack Buffer Overflow Date: 10/20/2024 Exploit Author: Mohamed Maatallah Vendor Homepage: https://www.tp-link.com Version: TTV6.2.1021 VN020-F3vT Tested on: VN020-F3v...

9.8CVSS7.9AI score0.05198EPSS
Exploits3
Total number of security vulnerabilities50738