Lucene search
K
PacketstormRecent

50738 matches found

Packet Storm
Packet Storm
added 2024/08/23 12:0 a.m.229 views

Ray Agent Job Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ray Agent Job RCE', 'Description' = %q RCE in Ray via the agent job submission endpoint. This is intended functionality as Ray's main purpose is...

9.8CVSS7AI score0.81512EPSS
Exploits6
Packet Storm
Packet Storm
added 2024/08/23 12:0 a.m.211 views

DiCal-RED 4009 Missing Authentication

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2024-036 Product: DiCal-RED Manufacturer: Swissphone Wireless AG Affected Versions: Unknown Tested Versions: 4009 Vulnerability Type: Missing Authentication for Critical Function CWE-306 Risk Level: High Solution Status: Open...

7.6CVSS7.1AI score0.0061EPSS
Exploits1
Packet Storm
Packet Storm
added 2024/08/23 12:0 a.m.250 views

Client Management System 1.0 SQL Injection

============================================================================================================================================= | Title : Client ms Project 1.0 Auth By Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 129.0.1 64...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/23 12:0 a.m.256 views

DiCal-RED 4009 Log Disclosure

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2024-040 Product: DiCal-RED Manufacturer: Swissphone Wireless AG Affected Versions: Unknown Tested Versions: 4009 Vulnerability Type: Improper Authentication CWE-287 Risk Level: High Solution Status: Open Manufacturer Notification:...

7.1AI score0.00514EPSS
Exploits1
Packet Storm
Packet Storm
added 2024/08/23 12:0 a.m.261 views

Company Visitor Management 1.0 SQL Injection

============================================================================================================================================= | Title : Company Visitor Management 1.0 Auth By Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/23 12:0 a.m.270 views

DiCal-RED 4009 Path Traversal

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2024-039 Product: DiCal-RED Manufacturer: Swissphone Wireless AG Affected Versions: Unknown Tested Versions: 4009 Vulnerability Type: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' CWE-22 Risk Level:...

8.8CVSS7.1AI score0.00737EPSS
Exploits1
Packet Storm
Packet Storm
added 2024/08/23 12:0 a.m.214 views

PlantUML 1.2024.6 Cross Site Scripting

Exploit Title: PlantUML version 1.2024.6 Cross Site Scripting XSS Date: 23/08/2024 Exploit Author: Hosein Vita Vendor Homepage: https://plantuml.com/ Version: 1.2024.6 Tested on: Linux Description: This proof-of-concept demonstrates a Cross-Site Scripting XSS vulnerability in PlantUML. The...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/23 12:0 a.m.204 views

Courier Management System 1.0 Cross Site Request Forgery

============================================================================================================================================= | Title : Courier Management System 1.0 CSRF add admin Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/23 12:0 a.m.292 views

Ray cpu_profile Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ray cpuprofile command injection', 'Description' = %q Ray RCE via cpuprofile command injection vulnerability. , 'Author' = 'sierrabearchell',...

9.8CVSS7AI score0.7463EPSS
Exploits15
Packet Storm
Packet Storm
added 2024/08/22 12:0 a.m.312 views

DIAEnergie 1.10 SQL Injection

class MetasploitModule 'DIAEnergie SQL Injection CVE-2024-4548', 'Description' = %q SQL injection vulnerability in DIAEnergie MSFLICENSE, 'Author' = 'Michael Heinzl', MSF exploit 'Tenable' Discovery & PoC , 'References' = 'URL', 'https://www.tenable.com/security/research/tra-2024-13', 'CVE',...

9.8CVSS7.1AI score0.29425EPSS
Exploits5
Packet Storm
Packet Storm
added 2024/08/22 12:0 a.m.216 views

Online Survey System 1.0 Cross Site Request Forgery

============================================================================================================================================= | Title : Online Survey System 1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3 64 bits |...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/22 12:0 a.m.229 views

Online Shopping System Master 1.0 Cross Site Request Forgery

============================================================================================================================================= | Title : online shopping system master v1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/22 12:0 a.m.287 views

Online Banking System 1.0 Arbitrary File Upload

============================================================================================================================================= | Title : Online Banking System 1.0 Remote File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/22 12:0 a.m.312 views

Online ID Generator 1.0 Cross Site Request Forgery

============================================================================================================================================= | Title : Online ID Generator 1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3 64 bits | ...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/22 12:0 a.m.230 views

AVMS Project 1.0 SQL Injection

============================================================================================================================================= | Title : AVMS Project 1.0 Auth By Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 129.0.1 64 bits |...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/22 12:0 a.m.1147 views

SPIP 4.2.12 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SPIP Unauthenticated RCE via porteplume Plugin', 'Description' = %q This module exploits a Remote Code Execution vulnerability in SPIP versions u...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/21 12:0 a.m.241 views

Medical Center Portal 1.0 Cross Site Request Forgery

============================================================================================================================================= | Title : Medical Center Portal 1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3 64 bits ...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/21 12:0 a.m.269 views

Multi-Vendor Online Groceries Management System 1.0 Cross Site Request Forgery

============================================================================================================================================= | Title : Multi-Vendor Online Groceries Management System 1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozill...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/21 12:0 a.m.341 views

Alphaware E-Commerce System 1.0 Code Injection

============================================================================================================================================= | Title : Alphaware E-CommerceSystem 1.0 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firef...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/21 12:0 a.m.261 views

Online Banking System 1.0 Cross Site Request Forgery

============================================================================================================================================= | Title : Online Banking System 1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3 64 bits ...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/21 12:0 a.m.227 views

Event Registration and Attendance System 1.0 Cross Site Request Forgery

============================================================================================================================================= | Title : Event Registration and Attendance System 1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firef...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/21 12:0 a.m.237 views

Music Gallery Site 1.0 Cross Site Request Forgery

============================================================================================================================================= | Title : Music Gallery Site v1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits | ...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/21 12:0 a.m.308 views

Cab Management System 1.0 Cross Site Request Forgery

============================================================================================================================================= | Title : cab management system 1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3 64 bits ...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/21 12:0 a.m.240 views

Online Diagnostic Lab Management System 1.0 Arbitrary File Upload

============================================================================================================================================= | Title : Online Diagnostic Lab Management System v1.0 Remote File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser :...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/20 12:0 a.m.195 views

Biobook Social Networking Site 1.0 Arbitrary File Upload

============================================================================================================================================= | Title : biobook Social Networking Site 1.0 Remote File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/20 12:0 a.m.222 views

Akuvox Smart Intercom/Doorphone Unauthenticated Stream Disclosure

Akuvox Smart Intercom/Doorphone Unauthenticated Stream Disclosure Vendor: The Akuvox Company Product web page: https://www.akuvox.com Affected version: Doorphone: S539 S532 X916 X915 X912 R29 Intercom: R20K-2 R20A-2 C313W-2 NS-2 NC-2 NX-2 Firmware: 912.30.1.137 Summary: Vandal-resistant Door Phon...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/20 12:0 a.m.233 views

Lost and Found Information System 1.0 Cross Site Request Forgery

============================================================================================================================================= | Title : Lost and Found Information System v1.0 v1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefo...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/20 12:0 a.m.220 views

Accounting Journal Management System 1.0 Code Injection

============================================================================================================================================= | Title : Accounting Journal Management System 1.0 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser :...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/20 12:0 a.m.370 views

Event Registration and Attendance System 1.0 Code Injection

============================================================================================================================================= | Title : Event Registration and Attendance System 1.0 wysiwyg code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / brows...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/20 12:0 a.m.283 views

Loan Management System 1.0 Cross Site Request Forgery

============================================================================================================================================= | Title : Loan Management System 1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3 64 bits...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/20 12:0 a.m.226 views

ABIC Cardiology Management System 1.0 Cross Site Request Forgery

============================================================================================================================================= | Title : ABIC cardiology Management System 1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/20 12:0 a.m.302 views

Simple Machines Forum 2.1.4 Code Injection

Exploit Title: Authenticated Code Injection - smfv2.1.4 Date: 8/2024 Exploit Author: Andrey Stoykov Version: 2.1.4 Tested on: Ubuntu 22.04 Blog: https://msecureltd.blogspot.com/2024/06/friday-fun-pentest-series-7-smfv214.html Code Injection Authenticated: Steps to Reproduce: 1. Login as admin 2...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/20 12:0 a.m.332 views

Linux Landlock Logic Bug

Linux: landlock can be disabled thanks to missing credtransfer hook; and Smack looks dodgy too I found a logic bug that makes it possible for a process to get rid of all Landlock restrictions applied to it: When a process' cred struct is replaced, this almost always invokes the credprepare LSM...

7.1AI score0.00287EPSS
Exploits2
Packet Storm
Packet Storm
added 2024/08/20 12:0 a.m.296 views

Hospital Management System 1.0 Code Injection

============================================================================================================================================= | Title : Hospital Management System 1.0WYSIWYG code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/19 12:0 a.m.333 views

Ewon Cosy+ Hardcoded Key

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2024-032 Product: Ewon Cosy+ Manufacturer: HMS Industrial Networks AB Affected Versions: Firmware Versions: 21.2s10 and 22.1s3 Tested Versions: Firmware Version: 21.2s7 Vulnerability Type: Use of Hard-coded Cryptographic Key CWE-32...

7.1AI score0.00701EPSS
Exploits6
Packet Storm
Packet Storm
added 2024/08/19 12:0 a.m.224 views

Hotel Management System 1.0 Cross Site Request Forgery

============================================================================================================================================= | Title : Hotel Management System 1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3 64 bit...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/19 12:0 a.m.450 views

Ewon Cosy+ / Talk2M Remote Access Solution Improper Authentication

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2024-043 Product: Ewon Cosy+ / Talk2M Remote Access Solution Manufacturer: HMS Industrial Networks AB Affected Versions: N.A. Tested Versions: N.A. Vulnerability Type: Improper Authentication CWE-287 Risk Level: High Solution Statu...

9.1CVSS7.2AI score0.0066EPSS
Exploits2
Packet Storm
Packet Storm
added 2024/08/19 12:0 a.m.209 views

JobSeeker CMS 1.5 Insecure Settings

==================================================================================================================================== | Title : JobSeeker CMS 1.5 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3 64 bits | |...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/19 12:0 a.m.233 views

Ewon Cosy+ Improper Neutralization / Cross Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2024-016 Product: Ewon Cosy+ Manufacturer: HMS Industrial Networks AB Affected Versions: Firmware Versions: 21.2s10 and 22.1s3 Tested Versions: Firmware Version: 21.2s7 Vulnerability Type: Improper Neutralization of Input During We...

7.4AI score0.00701EPSS
Exploits5
Packet Storm
Packet Storm
added 2024/08/19 12:0 a.m.243 views

Lawyer CMS 1.6 Insecure Settings

==================================================================================================================================== | Title : Lawyer CMS 1.6 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3 64 bits | |...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/19 12:0 a.m.495 views

Ewon Cosy+ Password Disclosure

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2024-017 Product: Ewon Cosy+ Manufacturer: HMS Industrial Networks AB Affected Versions: Firmware Versions: 21.2s10 and 22.1s3 Tested Versions: Firmware Version: 21.2s7 Vulnerability Type: Cleartext Storage of Sensitive Information...

8.5CVSS7.4AI score0.03249EPSS
Exploits7
Packet Storm
Packet Storm
added 2024/08/19 12:0 a.m.174 views

Accounting Journal Management System 1.0 Cross Site Request Forgery

============================================================================================================================================= | Title : Accounting Journal Management System 1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/19 12:0 a.m.230 views

Bhojon Restaurant Management System 3.0 Insecure Settings

==================================================================================================================================== | Title : Bhojon restaurant management system v3.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firef...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/19 12:0 a.m.170 views

Human Resource Management System 2024 1.0 Insecure Settings

============================================================================================================================================= | Title : Human Resource Management System 2024 v1.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser :...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/19 12:0 a.m.504 views

Ewon Cosy+ Command Injection

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2024-018 Product: Ewon Cosy+ Manufacturer: HMS Industrial Networks AB Affected Versions: Firmware Versions: 21.2s10 and 22.1s3 Tested Versions: Firmware Version: 21.2s7 Vulnerability Type: Improper Neutralization of Special Element...

7.1AI score0.04023EPSS
Exploits8
Packet Storm
Packet Storm
added 2024/08/19 12:0 a.m.188 views

Karya Online Shopping Portal 2.0 SQL Injection

============================================================================================================================================= | Title : Karya Online Shopping Portal 2.0 auth by pass Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/19 12:0 a.m.250 views

Jobs Finder System 1.0 SQL Injection

============================================================================================================================================= | Title : jobs Finder System v1.0 SQL injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3 6...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/19 12:0 a.m.576 views

Dovecot IMAP Server 2.2 / 2.3 Missing Rate Limiting

Affected product: Dovecot IMAP Server Internal reference: DOV-6464 Vulnerability type: CWE-770 Allocation of Resources Without Limits or Throttling Vulnerable version: 2.2, 2.3 Vulnerable component: lib-mail Report confidence: Confirmed Solution status: Fixed in 2.3.21.1 Researcher credits: Vendo...

7AI score0.00839EPSS
Exploits2
Packet Storm
Packet Storm
added 2024/08/19 12:0 a.m.537 views

Dovecot IMAP Server 2.2 / 2.3 Denial Of Service

Affected product: Dovecot IMAP Server Internal reference: DOV-6601 Vulnerability type: CWE-770 Allocation of Resources Without Limits or Throttling Vulnerable version: 2.2, 2.3 Vulnerable component: lib-mail Report confidence: Confirmed Solution status: Fixed in 2.3.21.1 Researcher credits: Vendo...

7AI score0.01284EPSS
Exploits2
Packet Storm
Packet Storm
added 2024/08/16 12:0 a.m.247 views

Human Resource Management System 2024 1.0 SQL Injection

============================================================================================================================================= | Title : Human Resource Management System 2024 v1.0 auth by pass Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla...

7.4AI score
Exploits0
Total number of security vulnerabilities50738