Lucene search
K
PacketstormRecent

50736 matches found

Packet Storm
Packet Storm
added 2026/04/23 12:0 a.m.104 views

📄 Ghost CMS 6.19.0 SQL Injection

This is a Metasploit auxiliary module targeting a blind, unauthenticated SQL injection vulnerability in the Ghost CMS Content API that affects versions 3.24.0 through 6.19.0...

9.4CVSS6AI score0.69996EPSS
Exploits7
Packet Storm
Packet Storm
added 2026/04/22 12:0 a.m.107 views

📄 Dovecot 3.1.0 Authentication Bypass / User Enumeration

This Metasploit auxiliary module targets an LDAP injection vulnerability in Dovecot mail servers that can lead to authentication bypass or user enumeration via IMAP/POP3. Version 3.1.0 is affected...

5.3CVSS5.8AI score0.00286EPSS
Exploits1
Packet Storm
Packet Storm
added 2026/04/22 12:0 a.m.89 views

📄 Dovecot doveadm Timing Attack / Credential Extraction

This Metasploit auxiliary module performs a timing-based side-channel attack against the Dovecot doveadm HTTP interface to extract credentials character by character. ==================================================================================================================================...

7.4CVSS5.8AI score0.00392EPSS
Exploits1
Packet Storm
Packet Storm
added 2026/04/22 12:0 a.m.81 views

📄 Dovecot IMAP NOOP Command Memory Exhaustion Denial of Service

This Metasploit auxiliary module targets a memory exhaustion vulnerability in the Dovecot IMAP service. It opens multiple concurrent TCP connections and sends specially crafted NOOP commands containing deeply nested parentheses to force excessive memory allocation on the server. By sustaining the...

7.5CVSS5.8AI score0.00667EPSS
Exploits1
Packet Storm
Packet Storm
added 2026/04/22 12:0 a.m.99 views

📄 Dovecot ManageSieve Crash Denial of Service

This Metasploit auxiliary module targets a denial of service vulnerability in the Dovecot ManageSieve service, where improper handling of authentication requests can lead to service crashes. Affects Dovecot CE core 2.4.0-2.4.2 and Dovecot Pro core 3.1.0-3.1.2. Fixed in versions 2.4.3 and 3.1.3...

7.5CVSS5.8AI score0.00703EPSS
Exploits1
Packet Storm
Packet Storm
added 2026/04/22 12:0 a.m.91 views

📄 Dovecot OTP Replay Attack

This Metasploit auxiliary module targets a vulnerability in Dovecot's OTP One-Time Password authentication system that allows potential replay attacks when authentication caching is enabled and username handling is improperly managed...

6.8CVSS5.7AI score0.00338EPSS
Exploits1
Packet Storm
Packet Storm
added 2026/04/22 12:0 a.m.85 views

📄 esiclivre 0.2.2 SQL Injection

The password reset functionality in esiclivre is affected by multiple vulnerabilities. The cpfcnpj parameter is vulnerable to Blind SQL injection due to improper input handling. Additionally, the endpoint lacks CSRF protection, input validation, and rate limiting, enabling attackers to perform us...

5.8AI score
Exploits0
Packet Storm
Packet Storm
added 2026/04/22 12:0 a.m.106 views

📄 Dovecot passwd-file Path Traversal

This Metasploit auxiliary module targets a path traversal vulnerability in Dovecot's passwd-file authentication backend when per-domain configuration is enabled. ================================================================================================================================== |...

5.3CVSS5.7AI score0.00427EPSS
Exploits1
Packet Storm
Packet Storm
added 2026/04/22 12:0 a.m.116 views

📄 Eclipse Che WebSocket Machine-Exec Remote Code Execution

This Python script is a WebSocket-based client designed to interact with an Eclipse Che / DevSpaces machine-exec service and test for an unauthenticated remote code execution vulnerability...

9CVSS6.4AI score0.01164EPSS
Exploits2
Packet Storm
Packet Storm
added 2026/04/22 12:0 a.m.71 views

📄 WebDAV PHP Upload

This Metasploit module exploits WebDAV which also has PHP enabled, such as found on XAMPP servers. It can use do by using any supplied credentials to upload via WebDAV, a PHP payload and then execute it. This module requires Metasploit: https://metasploit.com/download Current source:...

8.7CVSS5.8AI score0.01209EPSS
Exploits2
Packet Storm
Packet Storm
added 2026/04/22 12:0 a.m.60 views

📄 WordPress Highlight and Share 5.2.0 Missing Authentication

WordPress Highlight and Share plugin versions 5.2.0 and below suffers from a missing authentication vulnerability. Exploit Title: WordPress Plugin 5.2.0 - Broken Access Control Date: 2025-09-20 Exploit Author: Zeeshan Haider Vendor Homepage: https://wordpress.org/plugins/ Software Link:...

4.7CVSS5.8AI score0.004EPSS
Exploits2
Packet Storm
Packet Storm
added 2026/04/22 12:0 a.m.73 views

📄 Dovecot MIME Parameter CPU Exhaustion

This Metasploit module targets a denial of service vulnerability in the Dovecot LMTP service caused by excessive CPU consumption. ================================================================================================================================== | Title : Dovecot MIME Parameter CPU...

5.3CVSS5.7AI score0.00374EPSS
Exploits1
Packet Storm
Packet Storm
added 2026/04/22 12:0 a.m.80 views

📄 Throttlestop Kernel Driver 3.0.0.0 Privilege Escalation

Throttlestop Kernel Driver version 3.0.0.0 suffers from a privilege escalation vulnerability. Exploit Title: Throttlestop Kernel Driver - Kernel Out-of-Bounds Write Privilege Escalation Exploit Details: https://xavibel.com/2025/12/22/using-vulnerable-drivers-in-red-team-exercises/ Date: 8/12/2025...

8.7CVSS5.8AI score0.08963EPSS
Exploits8
Packet Storm
Packet Storm
added 2026/04/21 12:0 a.m.135 views

📄 ASP.net 8.0.10 Core Kestrel HTTP Request Smuggling

This Metasploit auxiliary module targets a critical HTTP request smuggling vulnerability in ASP.NET Core Kestrel caused by improper parsing of malformed chunked transfer encoding notably LF-only line handling and case-variant headers like chUnKEd...

9.9CVSS5.8AI score0.66258EPSS
Exploits5
Packet Storm
Packet Storm
added 2026/04/21 12:0 a.m.160 views

📄 Below Symlink Privilege Escalation

This Python script demonstrates a potential privilege escalation technique related to CVE-2025-27591, leveraging symbolic link symlink manipulation in a logging directory used by the below utility. Versions prior to 0.9.0 are affected...

6.8CVSS7AI score0.0036EPSS
Exploits22
Packet Storm
Packet Storm
added 2026/04/21 12:0 a.m.167 views

📄 Below Log File Symlink Privilege Escalation

This Metasploit module exploits a local privilege escalation vulnerability in the below utility when executed with sudo. This affects versions prior to 0.9.0. ================================================================================================================================== | Title...

6.8CVSS7.1AI score0.0036EPSS
Exploits22
Packet Storm
Packet Storm
added 2026/04/21 12:0 a.m.76 views

📄 Trojan-Spy.Win32.Small MVID-2026-0705 Remote Command Execution

Trojan-Spy.Win32.Small malware opens a listener on TCP port 65535, allowing unauthenticated remote attackers with network access to execute arbitrary operating system commands on the infected host. Discovery / credits: Malvuln John Page aka hyp3rlinx c 2026 Original source:...

6.2AI score
Exploits0
Packet Storm
Packet Storm
added 2026/04/21 12:0 a.m.83 views

📄 7-Zip Directory Traversal / Remote Code Execution

This Metasploit local Windows exploit module targets a directory traversal vulnerability in 7-Zip versions prior to 25.00 that can be abused through a malicious ZIP archive to achieve arbitrary code execution when the archive is extracted...

7.8CVSS7.8AI score0.27017EPSS
Exploits11
Packet Storm
Packet Storm
added 2026/04/21 12:0 a.m.105 views

📄 Bludit CMS 3.18.2 Shell Upload

This Metasploit module targets a vulnerability in Bludit CMS version 3.18.2 targeting the API file upload mechanism which allows authenticated users with a valid API token to upload arbitrary files without proper validation. This can result in a shell upload...

8.8CVSS5.9AI score0.01919EPSS
Exploits4
Packet Storm
Packet Storm
added 2026/04/20 12:0 a.m.79 views

📄 Remote Sunrise Helper for Windows 2026.14 Live Screen Capture

Remote Sunrise Helper for Windows version 2026.14 suffers from an unauthenticated live screen capture vulnerability. !/usr/bin/env python3 Exploit Title: Remote Sunrise Helper for Windows 2026.14 - Unauthenticated Live Screen Capture Date: 2026-04-20 Exploit Author: Chokri Hammedi Software:...

5.8AI score
Exploits0
Packet Storm
Packet Storm
added 2026/04/20 12:0 a.m.93 views

📄 OpenEMR 8.0.0.2 SQL Injection

This Metasploit auxiliary module targets a potential SQL injection vulnerability in OpenEMR version 8.0.0.2. ================================================================================================================================== | Title : OpenEMR 8.0.0.2 Exploitation Tool | | Author :...

8.8CVSS5.8AI score0.00473EPSS
Exploits3
Packet Storm
Packet Storm
added 2026/04/20 12:0 a.m.74 views

📄 openDCIM 25.01 SQL Injection

openDCIM version 25.01 remote SQL injection exploit that can be leveraged to execute arbitrary code. ================================================================================================================================== | Title : openDCIM 25.01 Python Exploit – Authenticated &...

6.1AI score
Exploits0
Packet Storm
Packet Storm
added 2026/04/20 12:0 a.m.73 views

📄 Remote Sunrise Helper for Windows 2026.14 File Upload

Remote Sunrise Helper for Windows version 2026.14 suffers from an unauthenticated file upload vulnerability. !/usr/bin/env python3 Exploit Title: Remote Sunrise Helper for Windows 2026.14 - Unauthenticated File Upload Date: 2026-04-20 Exploit Author: Chokri Hammedi Software:...

5.8AI score
Exploits0
Packet Storm
Packet Storm
added 2026/04/20 12:0 a.m.63 views

📄 Remote Sunrise Helper for Windows 2026.14 UDP Injection

Remote Sunrise Helper for Windows version 2026.14 suffers from UDP injection that can allow for remote code execution. !/usr/bin/env python3 Exploit Title: Remote Sunrise Helper for Windows 2026.14 - Unauthenticated UDP Input Injection RCE Date: 2026-04-20 Exploit Author: Chokri Hammedi Software:...

6.1AI score
Exploits0
Packet Storm
Packet Storm
added 2026/04/20 12:0 a.m.63 views

📄 dcontrol 1.0.9 Local File Inclusion

dcontrol version 1.0.9 suffers from an unauthenticated local file inclusion vulnerability via a path traversal. Exploit Title: dcontrol v1.0.9 - Unauthenticated Local File Inclusion LFI Date: 2026-04-18 Exploit Author: Chokri Hammedi Vendor Homepage: https://github.com/dhjz/dcontrol Software Link...

5.8AI score
Exploits0
Packet Storm
Packet Storm
added 2026/04/20 12:0 a.m.77 views

📄 Remote Sunrise Helper for Windows 2026.14 Directory Creation

Remote Sunrise Helper for Windows version 2026.14 suffers from an unauthenticated directory creation vulnerability. !/usr/bin/env python3 Exploit Title: Remote Sunrise Helper for Windows 2026.14 - Unauthenticated Directory Creation Date: 2026-04-20 Exploit Author: Chokri Hammedi Software:...

5.8AI score
Exploits0
Packet Storm
Packet Storm
added 2026/04/20 12:0 a.m.88 views

📄 dcontrol 1.0.9 Arbitrary File Upload

dcontrol version 1.0.9 suffers from an unauthenticated arbitrary file upload vulnerability. Exploit Title: dcontrol v1.0.9 - Unauthenticated Arbitrary File Upload Date: 2026-04-18 Exploit Author: Chokri Hammedi Vendor Homepage: https://github.com/dhjz/dcontrol Software Link:...

5.9AI score
Exploits0
Packet Storm
Packet Storm
added 2026/04/20 12:0 a.m.63 views

📄 Remote Sunrise Helper for Windows 2026.14 Screenshot Capture

Remote Sunrise Helper for Windows version 2026.14 suffers from an unauthenticated screenshot capture vulnerability. !/usr/bin/env python3 Exploit Title: Remote Sunrise Helper for Windows 2026.14 - Unauthenticated Screenshot Capture Date: 2026-04-20 Exploit Author: Chokri Hammedi Software:...

5.8AI score
Exploits0
Packet Storm
Packet Storm
added 2026/04/20 12:0 a.m.78 views

📄 dwol 1.0.0 Command Injection

dwol version 1.0.0 suffers from an unauthenticated command injection vulnerability in the host parameter of the /api/machines endpoint. Exploit Title: dwol v1.0.0 - Unauthenticated Command Injection Date: 2026-04-18 Exploit Author: Chokri Hammedi Vendor Homepage: https://github.com/dhjz/dwol...

5.8AI score
Exploits0
Packet Storm
Packet Storm
added 2026/04/20 12:0 a.m.92 views

📄 Remote Sunrise Helper for Windows 2026.14 Remote Code Execution

Remote Sunrise Helper for Windows version 2026.14 suffers from an unauthenticated remote code execution vulnerability. Exploit Title: Remote Sunrise Helper for Windows 2026.14 - Unauthenticated Remote Code Execution Date: 2026-04-20 Exploit Author: Chokri Hammedi Software:...

6.5AI score
Exploits0
Packet Storm
Packet Storm
added 2026/04/20 12:0 a.m.87 views

📄 openDCIM 25.01 SQL Injection / Remote Code Execution

openDCIM version 25.01 remote SQL injection exploit that achieves remote code execution. ================================================================================================================================== | Title : openDCIM 25.01 SQL Injection Leading to Remote Code Execution | |...

6.2AI score
Exploits0
Packet Storm
Packet Storm
added 2026/04/20 12:0 a.m.73 views

📄 Remote Sunrise Helper for Windows 2026.14 File / Folder Deletion

Remote Sunrise Helper for Windows version 2026.14 suffers from an unauthenticated file / folder deletion vulnerability. !/usr/bin/env python3 Exploit Title: Remote Sunrise Helper for Windows 2026.14 - Unauthenticated File/Folder Delete Date: 2026-04-20 Exploit Author: Chokri Hammedi Software:...

5.8AI score
Exploits0
Packet Storm
Packet Storm
added 2026/04/20 12:0 a.m.92 views

📄 OpenEMR 8.0.0.2 Remote Code Execution

This Metasploit exploit module targets a potential remote code execution vulnerability in OpenEMR systems identified as CVE-2026-32238. The module combines authentication handling, HTTP request manipulation, and command injection capabilities to achieve remote command execution on vulnerable...

9.1CVSS6.5AI score0.01889EPSS
Exploits3
Packet Storm
Packet Storm
added 2026/04/20 12:0 a.m.117 views

📄 WordPress Kali Forms 2.4.9 Remote Code Execution

WordPress Kali Forms plugin version 2.4.9 suffers from a remote code execution vulnerability. ================================================================================================================================== | Title : WordPress Kali Forms 2.4.9 Remote Code Execution Assessment | ...

9.8CVSS6.5AI score0.07239EPSS
Exploits2
Packet Storm
Packet Storm
added 2026/04/20 12:0 a.m.79 views

📄 Remote Sunrise Helper for Windows 2026.14 UAC Bypass

Remote Sunrise Helper for Windows version 2026.14 suffers from a local UAC bypass vulnerability via the Icon Import dialog. Exploit Title: Remote Sunrise Helper for Windows 2026.14 - UAC Bypass via Icon Import Dialog Date: 2026-04-20 Exploit Author: Chokri Hammedi Software:...

5.8AI score
Exploits0
Packet Storm
Packet Storm
added 2026/04/20 12:0 a.m.101 views

📄 dcontrol 1.0.9 Remote Code Execution

dcontrol version 1.0.9 suffers from an unauthenticated remote code execution vulnerability via the /control-api/monitor/open endpoint. Exploit Title: dcontrol v1.0.9 - Unauthenticated Remote Code Execution RCE Date: 2026-04-18 Exploit Author: Chokri Hammedi Vendor Homepage:...

6.5AI score
Exploits0
Packet Storm
Packet Storm
added 2026/04/20 12:0 a.m.77 views

📄 dcontrol 1.0.9 Remote Screen Capture

dcontrol version 1.0.9 suffers from an unauthenticated remote screen capture vulnerability via the WebSocket endpoint at /ws. The application allows any client to connect to the WebSocket without authentication and request screenshots of the target system's display by sending a "screen" message...

5.8AI score
Exploits0
Packet Storm
Packet Storm
added 2026/04/20 12:0 a.m.88 views

📄 dwatch 0.0.2 Server-Side Request Forgery

dwatch version 0.0.2 allows unauthenticated users to create monitoring tasks via the /api/task/save endpoint. The url parameter accepts arbitrary URLs and makes HTTP requests to them. Exploit Title: dwatch 0.0.2 - Unauthenticated SSRF via Task URL Date: 2026-04-18 Exploit Author: Chokri Hammedi...

5.9AI score
Exploits0
Packet Storm
Packet Storm
added 2026/04/20 12:0 a.m.90 views

📄 dmonitor 1.0.3 Server-Side Request Forgery

dmonitor version 1.0.3 suffers from an unauthenticated server-side request forgery vulnerability that can allow for data exfiltration. Exploit Title: dmonitor v1.0.3 - Unauthenticated SSRF Date: 2026-04-18 Exploit Author: Chokri Hammedi Vendor Homepage: https://github.com/dhjz/dmonitor Software...

5.8AI score
Exploits0
Packet Storm
Packet Storm
added 2026/04/20 12:0 a.m.79 views

📄 dcontrol 1.0.9 Keyboard Injection Remote Code Execution

dcontrol version 1.0.9 is vulnerable to an unauthenticated remote code execution via keyboard input injection. The /control-api/monitor/sendkey and /control-api/monitor/sendtext endpoints allow an unauthenticated attacker to simulate keyboard input on the target system. By chaining these endpoint...

6.7AI score
Exploits0
Packet Storm
Packet Storm
added 2026/04/20 12:0 a.m.74 views

📄 Remote Sunrise Helper for Windows 2026.14 Directory Listing

Remote Sunrise Helper for Windows version 2026.14 suffers from an unauthenticated file / directory listing vulnerability. !/usr/bin/env python3 Exploit Title: Remote Sunrise Helper for Windows 2026.14 - Unauthenticated File/Directory Listing Date: 2026-04-20 Exploit Author: Chokri Hammedi Softwar...

5.8AI score
Exploits0
Packet Storm
Packet Storm
added 2026/04/20 12:0 a.m.71 views

📄 Remote Sunrise Helper for Windows 2026.14 Arbitrary File Read

Remote Sunrise Helper for Windows 2026.14 suffers from an unauthenticated file read vulnerability. !/usr/bin/env python3 Exploit Title: Remote Sunrise Helper for Windows 2026.14 - Unauthenticated File Read Date: 2026-04-20 Exploit Author: Chokri Hammedi Software: https://rs.ltd/latest.php?os=win...

5.8AI score
Exploits0
Packet Storm
Packet Storm
added 2026/04/20 12:0 a.m.82 views

📄 Remote Sunrise Helper for Windows 2026.14 UAC Bypass

Remote Sunrise Helper for Windows version 2026.14 suffers from an unauthenticated UAC bypass vulnerability that enables remote code execution via /api/executeScript. !/usr/bin/env python3 Exploit Title: Remote Sunrise Helper for Windows 2026.14 - Unauthenticated UAC Bypass Elevated CMD Date:...

6.5AI score
Exploits0
Packet Storm
Packet Storm
added 2026/04/20 12:0 a.m.73 views

📄 dcontrol 1.0.9 Arbitrary File Delete

dcontrol version 1.0.9 suffers from an unauthenticated arbitrary file deletion vulnerability via path traversal in the /control-api/file/delete endpoint. Exploit Title: dcontrol v1.0.9 - Unauthenticated Arbitrary File Delete Date: 2026-04-18 Exploit Author: Chokri Hammedi Vendor Homepage:...

5.9AI score
Exploits0
Packet Storm
Packet Storm
added 2026/04/17 12:0 a.m.95 views

📄 EspoCRM 9.3.3 Remote Code Execution

This Metasploit module targets an authenticated remote code execution vulnerability in EspoCRM versions 9.3.3 and below. ================================================================================================================================== | Title : EspoCRM ≤ 9.3.3 Authenticated RCE...

9.1CVSS6.5AI score0.005EPSS
Exploits3
Packet Storm
Packet Storm
added 2026/04/17 12:0 a.m.160 views

📄 MCPJam Inspector 1.4.2 Remote Code Execution

This Metasploit auxiliary module targets a remote code execution vulnerability in MCPJam Inspector version 1.4.2. The flaw exists in the /api/mcp/connect endpoint, where user-controlled input is improperly passed to a backend execution mechanism...

9.8CVSS6.7AI score0.38374EPSS
Exploits29
Packet Storm
Packet Storm
added 2026/04/17 12:0 a.m.82 views

📄 PCLink 4.1.1 Authentication Bypass / Code Execution

PCLink version 4.1.1 trusts localhost requests with the "X-Internal-Auth: true" header, bypassing all authentication. Combined with unrestricted extension installation, this allows arbitrary code execution. Exploit Title: PCLink v4.1.1 - Authentication Bypass Leading to Remote Code Execution Date...

6.1AI score
Exploits0
Packet Storm
Packet Storm
added 2026/04/17 12:0 a.m.103 views

📄 Activitypub-federation-rust 0.7.1 Server-Side Request Forgery

This is a server-side request forgery scanner for Activitypub-federation-rust version 0.7.1. ================================================================================================================================== | Title : Activitypub-federation-rust 0.7.1 Lemmy ActivityPub SSRF Scanne...

6.5CVSS5.7AI score0.00359EPSS
Exploits2
Packet Storm
Packet Storm
added 2026/04/17 12:0 a.m.88 views

📄 ddev ZipSlip Path Traversal

A ZipSlip path traversal vulnerability exists in the ddev/ddev project, affecting archive extraction routines. The issue allows a crafted ZIP archive to write files outside the intended extraction directory, potentially leading to arbitrary file overwrite on the host system...

6.5CVSS5.9AI score0.00418EPSS
Exploits3
Packet Storm
Packet Storm
added 2026/04/17 12:0 a.m.114 views

📄 V8 Sandbox Bypass: BigInt Division Memory Corruption

This is a variant of crbug.com/474041332. The issue there was that MultiplyFFT, an optimized version of integer multiplication for very large inputs, is not robust against concurrent modification of its input buffers, but was called from ProcessorImpl::FromStringLarge with a temporary buffer insi...

5.9AI score
Exploits0
Total number of security vulnerabilities50736