Lucene search
K
PacketstormRecent

50738 matches found

Packet Storm
Packet Storm
added 2025/03/07 12:0 a.m.313 views

Adobe Reader 11.0.10 CoolType Out-Of-Bounds Read

Adobe Reader version 11.0.10 proof of concept exploit that demonstrates an out-of-bounds read found in 2015. ============================================================================================================================================= | Title : Adobe Reader 11.0.10 CoolType...

10CVSS7.2AI score0.05815EPSS
Exploits2
Packet Storm
Packet Storm
added 2025/03/07 12:0 a.m.277 views

ImageX Image Converter Cross Site Request Forgery

ImageX Image Converter suffers from a cross site request forgery vulnerability that allows you to add an administrator. This software does not list a version but was reported as of March 03, 2025 to be vulnerable. Exploit Title: ImageX - Image Converter - Cross Site Request Forgery CSRF Add Admin...

6.9AI score
Exploits0
Packet Storm
Packet Storm
added 2025/03/07 12:0 a.m.363 views

Apache ActiveMQ 5.3.2 Source Code Disclosure

Apache ActiveMQ version 5.3.2 source code disclosure proof of concept exploit that demonstrates an issue discovered in 2010. ============================================================================================================================================= | Title : Apache ActiveMQ 5.3....

5CVSS7.4AI score0.78018EPSS
Exploits6
Packet Storm
Packet Storm
added 2025/03/07 12:0 a.m.639 views

WordPress 4.2.4 XMLRPC GHOST Vulnerability Scanner

WordPress version 4.2.4 XMLRPC GHOST vulnerability scanning script that checks to see if an instance is vulnerable. ============================================================================================================================================= | Title : WordPress 4.2.4 XMLRPC GHOST...

10CVSS7.2AI score0.94859EPSS
Exploits29
Packet Storm
Packet Storm
added 2025/03/07 12:0 a.m.305 views

OpenPanel 0.3.4 Directory Traversal / Arbitrary File Read

OpenPanel version 0.3.4 suffers from a directory traversal vulnerability in the fix permission functionality. This can be leveraged to change permissions on files unaccessible to userland and make them accessible to attackers. Exploit Title: OpenPanel 0.3.4 - Insecure Permission Modification via...

7.2AI score0.00421EPSS
Exploits2
Packet Storm
Packet Storm
added 2025/03/07 12:0 a.m.294 views

WordPress Custom Contact Form 5.1.0.3 CSRF / SQL Injection

WordPress Custom Contact Form plugin version 5.1.0.3 suffers from cross site request forgery and remote SQL injection vulnerabilities. ============================================================================================================================================= | Title : WordPress...

8.4AI score
Exploits0
Packet Storm
Packet Storm
added 2025/03/07 12:0 a.m.336 views

Advantech WebAccess 7.1 SQL Injection

Advantech WebAccess version 7.1 proof of concept exploit that demonstrates a SQL injection vulnerability original discovered in 2014. ============================================================================================================================================= | Title : Advantech...

7.5CVSS8.3AI score0.1903EPSS
Exploits4
Packet Storm
Packet Storm
added 2025/03/07 12:0 a.m.406 views

Drupal 7.2 XML Injection

Drupal version 7.2 XML external entity injection proof of concept exploit that demonstrates a vulnerability distributed in 2012. ============================================================================================================================================= | Title : Drupal 7.2 via...

5CVSS7.6AI score0.15812EPSS
Exploits4
Packet Storm
Packet Storm
added 2025/03/07 12:0 a.m.884 views

Zontal Arcade HTML 5 Game Portal PHP Script SQL Injection

Zontal Arcade HTML 5 Game Portal PHP Script suffers from a remote SQL injection vulnerability. This software does not list a version but was reported as of March 05, 2025 to be vulnerable. Exploit Title: Zontal Arcade HTML 5 Game Portal PHP Script - SQL Injection Date: 05-03-2025 Exploit Author:...

8.2AI score
Exploits0
Packet Storm
Packet Storm
added 2025/03/07 12:0 a.m.373 views

Webmin 2.202 Remote Command Execution

Webmin version 2.202 remote command execution exploit that provides a reverse shell. ============================================================================================================================================= | Title : Webmin 2.202 Reverse Shell attack | | Author : indoushka | |...

7.7AI score
Exploits0
Packet Storm
Packet Storm
added 2025/03/07 12:0 a.m.384 views

Axigen 8.10 Directory Traversal

Axigen version 8.10 directory traversal exploit that demonstrates a flaw discovered in 2012. ============================================================================================================================================= | Title : Axigen 8.10 WebAdmin interface Directory Traversal...

6.4CVSS7.3AI score0.83632EPSS
Exploits3
Packet Storm
Packet Storm
added 2025/03/07 12:0 a.m.638 views

D Tale 3.10.0 Remote Command Execution

D Tale version 3.10.0 proof of concept remote command execution exploit. ============================================================================================================================================= | Title : D Tale v3.10.0 PHP code execution vulnerability | | Author : indoushka |...

9.8CVSS7.7AI score0.77951EPSS
Exploits5
Packet Storm
Packet Storm
added 2025/03/06 12:0 a.m.579 views

Android SPF Memory Issues

SPF in AOSP version 5.10 and 5.15 kernels can create dangling TLB entries by misdirecting TLB flushes on race with mremap. The AOSP 5.10/5.15 kernels contain a non-upstream memory management optimization called "Speculative Page Fault" SPF. There have been a series of issues in this before, see...

7.3AI score
Exploits1
Packet Storm
Packet Storm
added 2025/03/06 12:0 a.m.233 views

Precurio Intranet Portal 4.4 Remote Command Execution

Precurio Intranet Portal version 4.4 suffers from a remote command execution vulnerability. Exploit Title: Precurio Intranet Portal 4.4 - Remote Command Execution Discovered by: Ahmet Ümit BAYRAM Discovered Date: 05.03.2024 Vendor Homepage: https://www.precurio.com Software Link:...

7.7AI score
Exploits0
Packet Storm
Packet Storm
added 2025/03/06 12:0 a.m.238 views

Ghostscript 9.21 Arbitrary Command Execution

Ghostscript version 9.21 exploit that leverages a flaw from 2017 to execute arbitrary commands and provides a reverse shell. ============================================================================================================================================= | Title : Ghostscript versions...

8.1AI score
Exploits0
Packet Storm
Packet Storm
added 2025/03/06 12:0 a.m.610 views

Zabbix 6.4.17rc1 Remote Code Execution

Zabbix server version 6.4.17rc1 remote code execution exploit that provides a reverse shell. ============================================================================================================================================= | Title : Zabbix server v 6.4.17rc1 PHP Code Injection...

9.9CVSS8.3AI score0.78831EPSS
Exploits13
Packet Storm
Packet Storm
added 2025/03/06 12:0 a.m.303 views

Plikli CMS 4.1.5 SQL Injection

Plikli CMS version 4.1.5 suffers from a remote SQL injection vulnerability. Exploit Title: Plikli CMS 4.1.5 - 'randkey' SQL Injection Discovered by: Ahmet Ümit BAYRAM Discovered Date: 05.03.2024 Vendor Homepage: https://github.com/kkumar326/plikli Software Link:...

8.5AI score
Exploits0
Packet Storm
Packet Storm
added 2025/03/06 12:0 a.m.165 views

HP Intelligent Management Center 5.1 E0202 Shell Upload

HP Intelligent Management Center version 5.1 E0202 suffers from a remote shell upload vulnerability. ============================================================================================================================================= | Title : HP Intelligent Management Center 5.1 E0202...

7.5AI score
Exploits0
Packet Storm
Packet Storm
added 2025/03/06 12:0 a.m.313 views

OpenAdmin 0.3.4 Cross Site Request Forgery

Cross site request forgery in the Users and Change Root Password functions in OpenAdmin version 0.3.4 allows remote attackers to perform attacks enabling unauthorized actions that could lead to privilege escalation. Exploit Title: OpenAdmin 0.3.4 - Multiple CSRF Vulnerabilities Date: Nov 8, 2024...

7.4AI score0.00164EPSS
Exploits2
Packet Storm
Packet Storm
added 2025/03/06 12:0 a.m.322 views

Microsoft SRV2.SYS SMB 2 Remote Code Execution

Microsoft SRV2.SYS SMB version 2 remote code execution exploit that leverages a flaw from 2009. ============================================================================================================================================= | Title : Microsoft SRV2.SYS SMB v2 RCE Vulnerability | |...

10CVSS8.1AI score0.90121EPSS
Exploits20
Packet Storm
Packet Storm
added 2025/03/06 12:0 a.m.212 views

CZS CMS 1.3.0 Cross Site Request Forgery

CZS CMS version 1.3.0 suffers from a cross site request forgery vulnerability. Exploit Title: CZS CMS 1.3.0 - Cross Site Request Forgery CSRF Add Admin Date: 2024-05-03 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.cszcms.com Software Link:...

7AI score
Exploits0
Packet Storm
Packet Storm
added 2025/03/06 12:0 a.m.641 views

Supermicro X9 Buffer Overflow Scanner

Supermicro X9 generation motherboards before SMT X9 317 overflow scanner that checks for two flaws that date back to 2013 related to IPMI. ============================================================================================================================================= | Title :...

10CVSS7.7AI score0.71929EPSS
Exploits10
Packet Storm
Packet Storm
added 2025/03/06 12:0 a.m.248 views

UniRide Vehicle Booking Management System 1.0 Insecure Direct Object Reference

UniRide Vehicle Booking Management System version 1.0 suffers from an insecure direct object reference vulnerability. ============================================================================================================================================= | Title : UniRide Vehicle Booking...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2025/03/06 12:0 a.m.233 views

WordPress W3 Total Cache 0.9.2.4 SQL Injection / Hash Disclosure

WordPress W3 Total Cache plugin version 0.9.2.4 remote exploit that leverages SQL injection to extract a user's name and password hash. ============================================================================================================================================= | Title : WordPress...

8.6AI score
Exploits0
Packet Storm
Packet Storm
added 2025/03/06 12:0 a.m.257 views

Poko Arcade HTML 5 Game Portal PHP Script 1.0 SQL Injection

Poko Arcade HTML 5 Game Portal PHP Script version 1.0 suffers from a remote SQL injection vulnerability. Exploit Title: Poko Arcade HTML 5 Game Portal PHP Script v1.0 - SQL Injection Date: 05-03-2025 Exploit Author: Buğra Enis Dönmez Vendor:...

8.4AI score
Exploits0
Packet Storm
Packet Storm
added 2025/03/06 12:0 a.m.328 views

Wazuh 4.9.1 Remote Code Execution

Wazuh version 4.9.1 proof of concept remote code execution exploit with a reverse shell. ============================================================================================================================================= | Title : Wazuh v 4.9.1 PHP Code Injection Vulnerability | | Autho...

9.9CVSS8.3AI score0.92579EPSS
Exploits10
Packet Storm
Packet Storm
added 2025/03/06 12:0 a.m.205 views

WordPress Pingback Checker Server-Side Request Forgery

WordPress versions prior to 3.5.1 have a server-side request forgery issue that can be leveraged by the pingback checker tool. ============================================================================================================================================= | Title : WordPress before...

7.2AI score
Exploits0
Packet Storm
Packet Storm
added 2025/03/06 12:0 a.m.1170 views

Hestia Control Panel 1.9.3 Remote Code Execution

Hestia Control Panel version 1.9.3 suffers from a remote command execution vulnerability. Exploit Title: Hestia Control Panel Remote Code Execution Google Dork: N/A Date: 05-03-2025 Exploit Author: Buğra Enis Dönmez n3c1 Vendor Homepage: https://hestiacp.com/ Software Link: https://hestiacp.com/...

7.7AI score
Exploits0
Packet Storm
Packet Storm
added 2025/03/06 12:0 a.m.261 views

Monstra CMS 3.0.4 Remote Command Execution

Monstra CMS version 3.0.4 proof of concept remote command execution exploit. Exploit Title: Monstra CMS 3.0.4 - Remote Code Execution Date: 05.03.2024 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://monstra.org/ Software Link: https://monstra.org/monstra-3.0.4.zip Version: 3.0.4 Tested...

7.7AI score
Exploits0
Packet Storm
Packet Storm
added 2025/03/06 12:0 a.m.449 views

Microsoft SRV2.SYS SMB 2 Denial of Service

Microsoft SRV2.SYS SMB version 2 remote denial of service exploit that leverages a flaw from 2009. ============================================================================================================================================= | Title : Microsoft SRV2.SYS SMB v2 Denial of Service...

10CVSS7.3AI score0.90121EPSS
Exploits20
Packet Storm
Packet Storm
added 2025/03/06 12:0 a.m.230 views

ZENworks Configuration Management 11.1 Shell Upload

ZENworks Configuration Management version 11.1 suffers from a remote shell upload vulnerability. ============================================================================================================================================= | Title : ZENworks Configuration Management 11.1 PHP Code...

7.5AI score
Exploits0
Packet Storm
Packet Storm
added 2025/03/06 12:0 a.m.267 views

ABB Cylon Aspect 3.08.01 caldavUpload.php Funkalicious Exploit

Yo, check it - the ABB BMS/BAS system's got a slick little weakness in them caldavInstall.php, caldavInstallAgendav.php, and caldavUpload.php files. All you gotta do is drop that skipChecksum beat in the POST vibe, and bam, the system skips all that MD5 checksum nonsense, no EXPERTMODE needed to...

7.2AI score
Exploits0
Packet Storm
Packet Storm
added 2025/03/05 12:0 a.m.587 views

Zabbix 7.0.1rc1 Remote Code Execution

Zabbix server version 7.0.1rc1 remote code execution exploit that provides a reverse shell. ============================================================================================================================================= | Title : Zabbix server v 7.0.1rc1 PHP Code Injection...

9.9CVSS8.3AI score0.78831EPSS
Exploits13
Packet Storm
Packet Storm
added 2025/03/05 12:0 a.m.233 views

IdoDesigns 1.0 XSS / CSRF / File Upload / File Deletion / SQL Injection

IdoDesigns version 1.0 suffers from cross site request forgery, cross site scripting, arbitrary file upload, arbitrary file deletion, and remote SQL injection vulnerabilities. @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ .:. Exploit Title IdoDesigns - Multiple Vulnerabiliti...

8.3AI score
Exploits0
Packet Storm
Packet Storm
added 2025/03/05 12:0 a.m.195 views

UniRide Vehicle Booking Management System 1.0 Insecure Settings

UniRide Vehicle Booking Management System version 1.0 suffers from an ignored default credential vulnerability. ============================================================================================================================================= | Title : UniRide Vehicle Booking Managemen...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2025/03/05 12:0 a.m.315 views

OpenPanel 0.3.4 Remote Code Execution

OpenPanel version 0.3.4 suffers from a remote code execution vulnerability via /fix-permissions. Exploit Title: OpenPanel 0.3.4 - Remote Code Execution via Fix Permission Date: Nov 7, 2024 Exploit Author: Punthat Siriwan, Korn Chaisuwan, Pongtorn Angsuchotmetee Vendor Homepage:...

8.3AI score0.00253EPSS
Exploits3
Packet Storm
Packet Storm
added 2025/03/05 12:0 a.m.210 views

Teachers Record Management System 2.1 Cross Site Scripting

Teachers Record Management System version 2.1 suffers from a cross site scripting vulnerability. Exploit Title: Teachers Record Management System v2.1 | Unauthenticated Cross-Site Scripting XSS Date: 2025-03-04 Exploit Author: Mehmet Can Kadıoğlu a.k.a mao7un Vendor:...

6.6AI score
Exploits0
Packet Storm
Packet Storm
added 2025/03/05 12:0 a.m.279 views

HEXAGreen CMS SQL Injection

HEXAGreen CMS suffers from a remote SQL injection vulnerability. This software does not offer any version associated with it. Title: HEXAGreen CMS - Authenticated SQLi Description: HEXAGreen CMS authenticated error-based sql injection Source URL: http://ezcode.pt/tests/hexagreen/admin/ Source...

8.5AI score
Exploits0
Packet Storm
Packet Storm
added 2025/03/05 12:0 a.m.235 views

Resto - Single Vendor Online Food Ordering Shell Upload

Resto - Single Vendor Online Food Ordering suffers from a remote shell upload vulnerability. This software does not provide a version number. Title: Resto - Single Vendor Online Food Ordering - Authenticated RCE Description: Resto Single Vendor Online Source URL: https://res.newmedilife.in/admin...

7.5AI score
Exploits0
Packet Storm
Packet Storm
added 2025/03/05 12:0 a.m.204 views

Employee Leaves Management System 2.1 Insecure Direct Object Reference

Employee Leaves Management System version 2.1 suffers from an insecure direct object reference vulnerability. Exploit Title: Employee Leaves Management System ELMS v2.1 - Authenticated Insecure Direct Object References IDOR Date: 2025-03-04 Exploit Author: Mehmet Can Kadıoğlu a.k.a mao7un Vendor:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2025/03/05 12:0 a.m.212 views

TYPO 3.16.0 SQL Injection

TYPO version 3.16.0 suffers from a remote SQL injection vulnerability. ============================================================================================================================================= | Title : TYPO 3.16.0 Code Injection Vulnerability | | Author : indoushka | | Tested...

8.5AI score
Exploits0
Packet Storm
Packet Storm
added 2025/03/05 12:0 a.m.207 views

Jasmin Ransomware SQL Injection / Authenticaton Bypass

Jasmin Ransomware suffers from a remote SQL injection vulnerability that allows for authentication bypass. Exploit Title: Jasmin Ransomware SQL Injection Login Bypass Google Dork: N/A Date: 05-03-2025 Exploit Author: Buğra Enis Dönmez n3c1 Vendor Homepage:...

8.7AI score
Exploits0
Packet Storm
Packet Storm
added 2025/03/05 12:0 a.m.274 views

Wazuh 4.4.0 Remote Code Execution

Wazuh version 4.4.0 proof of concept remote code execution exploit with a reverse shell. ============================================================================================================================================= | Title : Wazuh v4.4.0 PHP Code Injection Vulnerability | | Author...

9.9CVSS8.3AI score0.92579EPSS
Exploits10
Packet Storm
Packet Storm
added 2025/03/05 12:0 a.m.352 views

Webmin 2.202 Remote Code Execution

Webmin version 2.202 suffers from a remote code execution vulnerability. Exploit Title: Webmin RCE Leading to Privilege Escalation Google Dork: N/A Date: 05-03-2025 Exploit Author: Buğra Enis Dönmez Vendor Homepage: https://webmin.com/ Software Link: https://webmin.com/ Version: 2.202 Tested on:...

8.3AI score
Exploits0
Packet Storm
Packet Storm
added 2025/03/05 12:0 a.m.267 views

ZENworks Configuration Management 11.1a Shell Upload

ZENworks Configuration Management version 11.1a suffers from a remote shell upload vulnerability. ============================================================================================================================================= | Title : ZENworks Configuration Management 11.1a PHP Cod...

5CVSS7.5AI score0.2826EPSS
Exploits4
Packet Storm
Packet Storm
added 2025/03/05 12:0 a.m.283 views

WordPress ACF City Selector 1.14.0 Shell Upload

WordPress ACF City Selector plugin version 1.14.0 suffers from a remote shell upload vulnerability. ============================================================================================================================================= | Title : WordPress ACF City Selector plugin versions...

7.5AI score
Exploits0
Packet Storm
Packet Storm
added 2025/03/05 12:0 a.m.399 views

WP Load Gallery 2.1.6 Shell Upload

WordPress WP Load Gallery plugin version 2.1.6 suffers from a remote shell upload vulnerability. ============================================================================================================================================= | Title : WP Load Gallery plugin v2.1.6 Code Injection...

7.5AI score
Exploits0
Packet Storm
Packet Storm
added 2025/03/05 12:0 a.m.280 views

vBulletin 5.6.1 SQL Injection

vBulletin version 5.6.1 proof of concept remote SQL injection exploit that dumps the user table. ============================================================================================================================================= | Title : vbulletin 5.6.1 Code Injection Vulnerability | |...

9.8CVSS8.5AI score0.88948EPSS
Exploits13
Packet Storm
Packet Storm
added 2025/03/05 12:0 a.m.229 views

Hospital Management System SQL Injection / Authentication Bypass

Hospital Management System suffers from a remote SQL injection vulnerability that allows for authentication bypass. This particular software does not have a version associated with it. Title: Hospital Management System - Authentication Bypass With SQLi Description: HMS with MYSQL authentication...

8.7AI score
Exploits0
Packet Storm
Packet Storm
added 2025/03/04 12:0 a.m.161 views

Control iD iDSecure 4.7.43.0 Add Administrator / Authentication Bypass

Control iD iDSecure version 4.7.43.0 exploit that adds an administrator. ============================================================================================================================================= | Title : Control iD iDSecure v4.7.43.0 PHP Code Injection Vulnerability | | Autho...

9.8CVSS9.7AI score0.65237EPSS
Exploits6
Total number of security vulnerabilities50738