Lucene search
K
PacketstormRecent

50738 matches found

Packet Storm
Packet Storm
added 2024/04/15 12:0 a.m.351 views

Moodle 3.10.1 SQL Injection

Exploit Title: Moodle Authenticated Time-Based Blind SQL Injection - "sort" Parameter Google Dork: Date: 04/11/2023 Exploit Author: Julio Ángel Ferrari Aka. T0X1Cx Vendor Homepage: https://moodle.org/ Software Link: Version: 3.10.1 Tested on: Linux CVE : CVE-2021-36393 import requests import stri...

9.8CVSS7.4AI score0.52299EPSS
Exploits6
Packet Storm
Packet Storm
added 2024/04/15 12:0 a.m.321 views

OpenClinic GA 5.247.01 Path Traversal

Exploit Title: OpenClinic GA 5.247.01 - Path Traversal Authenticated Date: 2023-08-14 Exploit Author: V. B. Vendor Homepage: https://sourceforge.net/projects/open-clinic/ Software Link: https://sourceforge.net/projects/open-clinic/ Version: OpenClinic GA 5.247.01 Tested on: Windows 10, Windows 11...

7.4AI score0.0338EPSS
Exploits4
Packet Storm
Packet Storm
added 2024/04/15 12:0 a.m.235 views

Online Fire Reporting System 1.2 SQL Injection

Exploit Title: Online Fire Reporting System SQL Injection Authentication Bypass Date: 02/10/2024 Exploit Author: Diyar Saadi Vendor Homepage: https://phpgurukul.com/online-fire-reporting-system-using-php-and-mysql/ Software Link:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/04/15 12:0 a.m.284 views

Kruxton 1.0 Shell Upload

Title: kruxton-1.0-FileUpload-RCE Author: nu11secur1ty Date: 04/15/2024 Vendor: https://www.mayurik.com/ Software: https://www.sourcecodester.com/php/16127/best-pos-management-system-php.html Reference: https://portswigger.net/web-security/file-upload Description: The system setting with paramete...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/04/15 12:0 a.m.264 views

WordPress WP Video Playlist 1.1.1 Cross Site Scripting

Exploit Title: Wordpress Plugin WP Video Playlist 1.1.1 - Stored Cross-Site Scripting XSS Date: 12 April 2024 Exploit Author: Erdemstar Vendor: https://wordpress.com/ Version: 1.1.1 Proof Of Concept: 1. Click Add Video part and enter the XSS payload as below into the first input of form or Reques...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/04/15 12:0 a.m.634 views

PrusaSlicer 2.6.1 Arbitrary Code Execution

Exploit Title: PrusaSlicer 2.6.1 - Arbitrary code execution on g-code export Date: 16/01/2024 Exploit Author: Kamil Breński Vendor Homepage: https://www.prusa3d.com Software Link: https://github.com/prusa3d/PrusaSlicer Version: PrusaSlicer up to and including version 2.6.1 Tested on: Windows and...

7.4AI score0.0072EPSS
Exploits4
Packet Storm
Packet Storm
added 2024/04/15 12:0 a.m.611 views

CrushFTP Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'CrushFTP Unauthenticated RCE', 'Description' = %q This exploit module leverages an Improperly Controlled Modification of Dynamically-Determined...

9.8CVSS7.4AI score0.81801EPSS
Exploits7
Packet Storm
Packet Storm
added 2024/04/15 12:0 a.m.504 views

Django REST Framework SimpleJWT 5.3.1 Information Disclosure

Exploit Title: djangorestframework-simplejwt 5.3.1 - Information Disclosure Date: 26/01/2024 Exploit Author: Dhrumil Mistry dmdhrumilmistry Vendor Homepage: https://github.com/jazzband/djangorestframework-simplejwt/ Software...

7.4AI score0.00804EPSS
Exploits3
Packet Storm
Packet Storm
added 2024/04/15 12:0 a.m.360 views

Stock Management System 1.0 SQL Injection

Exploit Title: Stock Management System v1.0 - Unauthenticated SQL Injection Date: February 6, 2024 Exploit Author: Josué Mier aka blu3ming Security Researcher & Penetration Tester @wizlynx group Vendor Homepage:...

9.8CVSS7.4AI score0.01361EPSS
Exploits4
Packet Storm
Packet Storm
added 2024/04/15 12:0 a.m.476 views

Amazon AWS Glue Database Password Disclosure

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Database Passwords in Server Response product: Amazon AWS Glue vulnerable version: until 2024-02-23 fixed version: as of 2024-02-23 CVE number: - impact: medium homepage:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/04/15 12:0 a.m.569 views

WBCE 1.6.0 SQL Injection

Exploit Title: |Unauthenticated SQL injection in WBCE 1.6.0 Date: 15.11.2023 Exploit Author: young pope Vendor Homepage: https://github.com/WBCE/WBCECMS Software Link: https://github.com/WBCE/WBCECMS/archive/refs/tags/1.6.0.zip Version: 1.6.0 Tested on: Kali linux CVE : CVE-2023-39796 There is an...

9.8CVSS7.4AI score0.06096EPSS
Exploits3
Packet Storm
Packet Storm
added 2024/04/15 12:0 a.m.400 views

AMPLE BILLS 0.1 SQL injection

Title: AMPLE BILLS 0.1 Multiple-SQLi Author: nu11secur1ty Date: 04/13/2024 Vendor: https://www.mayurik.com/ Software: https://www.sourcecodester.com/php/16741/free-and-open-source-inventory-management-system-php-source-code.html Reference: https://portswigger.net/web-security/sql-injection...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/04/12 12:0 a.m.318 views

Ray OS 2.6.3 Command Injection

Exploit Title: Ray OS v2.6.3 - Command Injection RCEUnauthorized Description: The Ray Project dashboard contains a CPU profiling page, and the format parameter is not validated before being inserted into a system command executed in a shell, allowing for arbitrary command execution. If the system...

9.8CVSS7.4AI score0.7463EPSS
Exploits15
Packet Storm
Packet Storm
added 2024/04/12 12:0 a.m.409 views

MinIO Privilege Escalation

Exploit Title: MinIO 2024-01-31T20-20-33Z - Privilege Escalation Date: 2024-04-11 Exploit Author: Jenson Zhao Vendor Homepage: https://min.io/ Software Link: https://github.com/minio/minio/ Version: Up to excluding RELEASE.2024-01-31T20-20-33Z Tested on: Windows 10 CVE : CVE-2024-24747 Required...

8.8CVSS7.4AI score0.34086EPSS
Exploits4
Packet Storm
Packet Storm
added 2024/04/12 12:0 a.m.240 views

Terratec dmx_6fire USB 1.23.0.02 Unquoted Service Path

Exploit Title: Terratec dmx6fire USB - Unquoted Service Path Google Dork: null Date: 4/10/2024 Exploit Author: Joseph Kwabena Fiagbor Vendor Homepage: https://dmx-6fire-24-96-controlpanel.software.informer.com/download/ Software Link: Version: v.1.23.0.02 Tested on: windows 7-11 CVE :...

7.4AI score0.00677EPSS
Exploits3
Packet Storm
Packet Storm
added 2024/04/12 12:0 a.m.262 views

WordPress Playlist For Youtube 1.32 Cross Site Scripting

Exploit Title: Wordpress Plugin Playlist for Youtube - Stored Cross-Site Scripting XSS Date: 22 March 2024 Exploit Author: Erdemstar Vendor: https://wordpress.com/ Version: 1.32 Proof Of Concept: 1. Click Add a new playlist and enter the XSS payload as below into the properties named "Name" or...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/04/11 12:0 a.m.225 views

Concrete CMS 9.2.7 Cross Site Scripting / Open Redirect

Exploit Title: Multiple Web Flaws in concretecmsv9.2.7 Date: 4/2024 Exploit Author: Andrey Stoykov Version: 9.2.7 Tested on: Ubuntu 22.04 Blog: http://msecureltd.blogspot.com Verbose Error Message - Stack Trace: 1. Directly browse to edit profile page 2. Error should come up with verbose stack...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/04/11 12:0 a.m.313 views

GUnet OpenEclass E-learning 3.15 File Upload / Command Execution

import requests import argparse import zipfile import os import sys RED = '\03391m' GREEN = '\03392m' YELLOW = '\03393m' RESET = '\0330m' ORANGE = '\03338;5;208m' MALICIOUSPAYLOAD = """\ """ def banner: printf'''RED YELLOW ============================ Author: Frey ============================...

7.4AI score0.03821EPSS
Exploits6
Packet Storm
Packet Storm
added 2024/04/11 12:0 a.m.335 views

Trimble TM4Web 22.2.0 Privilege Escalation / Access Code Disclosure

CVE ID: CVE-2023-27195 Description: An access control issue in Trimble TM4Web v22.2.0 allows unauthenticated attackers to access a specific crafted URL path to retrieve the last registration access code and use this access code to register a valid account. If the access code was used to create an...

7.4AI score0.01018EPSS
Exploits2
Packet Storm
Packet Storm
added 2024/04/10 12:0 a.m.333 views

CHAOS RAT 5.0.1 Remote Command Execution

Exploit Title: CHAOS RAT v5.0.1 RCE Date: 2024-04-05 Exploit Author: @chebuya Software Link: https://github.com/tiagorlampert/CHAOS Version: v5.0.1 Tested on: Ubuntu 20.04 LTS CVE: CVE-2024-30850, CVE-2024-31839 Description: The CHAOS RAT web panel is vulnerable to command injection, which can be...

7.4AI score0.80454EPSS
Exploits7
Packet Storm
Packet Storm
added 2024/04/10 12:0 a.m.346 views

Joomla SP Page Builder 5.2.7 SQL Injection

==================================================================================================================================== | Title : SP Page Builder 5.2.7 Sql injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 69.032-bit ...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/04/09 12:0 a.m.303 views

Flightio.com SQL Injection

This site which has a security problem with the SQL INJECTION Vulnerability "CWE-89". We have repeatedly reported to this site that it has a security problem and has ignored our report. We want to record this security issue Exploit Title : Site Flight agency airpol the Islamic Republic of Iran SQ...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/04/08 12:0 a.m.227 views

Open Source Medicine Ordering System 1.0 SQL Injection

Exploit Title : Open Source Medicine Ordering System v1.0 - SQLi Author : Onur Karasalihoğlu Date : 27/02/2024 Sample Usage % python3 omossqliexploit.py https://target.com Available Databases: 1. informationschema 2. omosdb Please select a database to use enter number: 2 You selected: omosdb...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/04/08 12:0 a.m.284 views

Trojan.Win32.Razy.abc MVID-2024-0678 Insecure Permissions

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/0eb4a9089d3f7cf431d6547db3b9484d.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan.Win32.Razy.abc Vulnerability: Insecure Permissions In memory IPC Family: Razy Type:...

6.7CVSS7.4AI score0.0157EPSS
Exploits5
Packet Storm
Packet Storm
added 2024/04/08 12:0 a.m.250 views

Daily Expense Manager 1.0 SQL Injection

Exploit Title: Daily Expense Manager 1.0 - 'term' SQLi Date: February 25th, 2024 Exploit Author: Stefan Hesselman Vendor Homepage: https://code-projects.org/daily-expense-manager-in-php-with-source-code/ Software Link:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/04/08 12:0 a.m.900 views

Invision Community 4.7.15 SQL Injection

-------------------------------------------------------------------- Invision Community filter and \isarray \IPS\Request::i-filter 128 129 $url = $url-setQueryString 'filter', \IPS\Request::i-filter ; 130 foreach \IPS\Request::i-filter as $filterId = $allowedValues 131 132 $where = array...

7.4AI score0.08676EPSS
Exploits3
Packet Storm
Packet Storm
added 2024/04/08 12:0 a.m.245 views

Open eShop 2.7.0 Cross Site Scripting

Exploit Title: Open eShop Version : 2.7.0 - Reflected XSS Exploit Author: tmrswrr Vendor Homepage: http://www.open-eshop.com/ Version : 2.7.0 Date : 04/08/2024 1 Go to home page https://127.0.0.1/OpeneShop 2 Write url this payload : test.html" 3 After save it you will be see xss alert...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/04/08 12:0 a.m.620 views

Invision Community 4.7.16 Remote Code Execution

------------------------------------------------------------------------------ Invision Community = 4.7.16 toolbar.php Remote Code Execution Vulnerability ------------------------------------------------------------------------------ - Software Link: https://invisioncommunity.com - Affected...

7.4AI score0.00701EPSS
Exploits2
Packet Storm
Packet Storm
added 2024/04/08 12:0 a.m.293 views

HTMLy 2.9.6 Cross Site Scripting

Exploit Title: HTMLy Version : 2.9.6 - Stored XSS Exploit Author: tmrswrr Vendor Homepage: https://www.htmly.com/ Version 3.10.8.21 Date : 04/08/2024 1 Login admin https://127.0.0.1/HTMLy/admin/config 2 General Setting Blog title " 3 After save it you will be see xss alert...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/04/08 12:0 a.m.249 views

UP-RESULT 0.1 2024 SQL Injection

Title: upresult0.1-2024 Multiple-SQLi Author: nu11secur1ty Date: 04/08/2024 Vendor: https://www.mayurik.com/ Software: https://www.sourcecodester.com/php/15653/best-student-result-management-system-project-source-code-php-and-mysql-free-download Reference:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/04/08 12:0 a.m.282 views

WordPress Travelscape Theme 1.0.3 Arbitrary File Upload

Exploit Title: Wordpress Theme Travelscape v1.0.3 - Arbitrary File Upload Date: 2024-04-01 Author: Milad Karimi Ex3ptionaL Category : webapps Tested on: windows 10 , firefox import sys import os.path import requests import re import urllib3 from requests.exceptions import SSLError from...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/04/08 12:0 a.m.296 views

AnyDesk 7.0.15 Unquoted Service Path

Exploit Title: AnyDesk 7.0.15 - Unquoted Service Path Privilege Escalation Date: 2024-04-01 Exploit Author: Milad Karimi Ex3ptionaL Contact: [email protected] Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL Vendor Homepage: http://anydesk.com Software Link: http://anydesk.com/download...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/04/05 12:0 a.m.430 views

Visual Planning 8 Arbitrary File Read

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Title ===== SCHUTZWERK-SA-2023-006: Arbitrary File Read via XML External Entities in Visual Planning Status ====== PUBLISHED Version ======= 1.0 CVE reference ============= CVE-2023-49234 Link ====...

6.8AI score0.00227EPSS
Exploits1
Packet Storm
Packet Storm
added 2024/04/05 12:0 a.m.353 views

DerbyNet 9.0 photo.php Cross Site Scripting

CVE ID: CVE-2024-30921 Description: A Cross-Site Scripting XSS vulnerability has been identified in DerbyNet version 9.0, specifically affecting the photo.php component. This vulnerability allows remote attackers to execute arbitrary code via crafted URLs, without requiring authentication...

7.4AI score0.0062EPSS
Exploits2
Packet Storm
Packet Storm
added 2024/04/05 12:0 a.m.282 views

DerbyNet 9.0 playlist.php Cross Site Scripting

CVE ID: CVE-2024-30929 Description: A Cross-Site Scripting XSS vulnerability has been found in DerbyNet version 9.0, affecting the playlist.php component. This issue allows remote attackers to execute arbitrary code by exploiting the back parameter. The application does not properly sanitize the...

7.4AI score0.00981EPSS
Exploits2
Packet Storm
Packet Storm
added 2024/04/05 12:0 a.m.302 views

DerbyNet 9.0 inc/kisosks.inc Cross Site Scripting

CVE ID: CVE-2024-30926 Description: A Cross-Site Scripting XSS vulnerability has been identified in DerbyNet version 9.0, affecting the ./inc/kiosks.inc component. This vulnerability permits remote attackers to execute arbitrary code by exploiting the addressforcurrentkiosk function. The issue...

7.4AI score0.00511EPSS
Exploits2
Packet Storm
Packet Storm
added 2024/04/05 12:0 a.m.490 views

Gibbon School Platform 26.0.00 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Gibbon School Platform Authenticated PHP Deserialization Vulnerability', 'Description' = %q A Remote Code Execution vulnerability in Gibbon onlin...

6.8AI score0.5132EPSS
Exploits7
Packet Storm
Packet Storm
added 2024/04/05 12:0 a.m.774 views

Visual Planning REST API 2.0 Authentication Bypass

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Title ===== SCHUTZWERK-SA-2023-003: Authentication Bypass in Visual Planning REST API Status ====== PUBLISHED Version ======= 1.0 CVE reference ============= CVE-2023-49231 Link ==== https://www.schutzwerk.com/advisories/schutzwerk-sa-2023-003/...

6.8AI score0.42898EPSS
Exploits1
Packet Storm
Packet Storm
added 2024/04/05 12:0 a.m.262 views

DerbyNet 9.0 render-document.php Cross Site Scripting

CVE ID: CVE-2024-30920 Description: A Cross Site Scripting XSS vulnerability has been identified in DerbyNet v9.0, specifically within the render-document.php component. This vulnerability allows a remote attacker to execute arbitrary code via crafted URLs. The root cause of the vulnerability is...

7.4AI score0.01027EPSS
Exploits2
Packet Storm
Packet Storm
added 2024/04/05 12:0 a.m.274 views

DerbyNet 9.0 ajax/query.slide.next.inc SQL Injection

CVE ID: CVE-2024-30928 Description: An SQL Injection vulnerability has been discovered in DerbyNet version 9.0, particularly within the ajax/query.slide.next.inc file. This vulnerability allows remote attackers to execute arbitrary code and disclose sensitive information by exploiting the...

7.4AI score0.00724EPSS
Exploits2
Packet Storm
Packet Storm
added 2024/04/05 12:0 a.m.399 views

Seo Panel 4.7.0 Cross Site Scripting

Exploit Title: Seo Panel 4.7.0 Reflected XSS Exploit Author: Arzu DEMÝREZ Date: 05.03-2024 Vendor Homepage: https://www.seopanel.org/ Software Link: https://github.com/seopanel/Seo-Panel/releases/tag/4.7.0 Version: Seo Panel 4.7.0 -Description: A cross-site scripting XSS issue in the SEO admin...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/04/05 12:0 a.m.278 views

Feng Office 3.10.8.21 Cross Site Scripting

Exploit Title: Feng Office version 3.10.8.21 - Stored XSS Exploit Author: tmrswrr Vendor Homepage: https://www.fengoffice.com/ version 3.10.8.21 1 Login admin https://127.0.0.1/FengOffice/index.php?c=access&a=index 2 Click Tasks " add task 3 Click Add worked hours you will be see xss alert...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/04/05 12:0 a.m.299 views

Human Resource Management System 2024 1.0 SQL Injection

Title: hrm2024.1.0-Multiple-SQLi Author: nu11secur1ty Date: 04/02/2024 Vendor: https://github.com/oretnom23 Software: https://www.sourcecodester.com/php/15740/human-resource-management-system-project-php-and-mysql-free-source-code.html Reference: https://portswigger.net/web-security/sql-injection...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/04/05 12:0 a.m.355 views

Jasmin Ransomware 1.1 Arbitrary File Read

Exploit Title: Jasmin Ransomware arbitrary file read Date: 2024-04-04 Exploit Author: @chebuya Software Link: https://github.com/codesiddhant/Jasmin-Ransomware Version: v1.1 Tested on: Ubuntu 20.04 LTS CVE: CVE-2024-30851 Description: Jasmin Ransomware panel contains multiple SQL injections and...

7.2AI score0.04611EPSS
Exploits7
Packet Storm
Packet Storm
added 2024/04/05 12:0 a.m.287 views

DerbyNet 9.0 photo-thumbs.php Cross Site Scripting

CVE ID: CVE-2024-30925 Description: A Cross-Site Scripting XSS vulnerability exists in DerbyNet version 9.0, specifically within the photo-thumbs.php component. This issue enables a remote attacker to execute arbitrary code through the improper handling of the racerid and back parameters. The...

7.4AI score0.00567EPSS
Exploits2
Packet Storm
Packet Storm
added 2024/04/05 12:0 a.m.437 views

Visual Planning 8 Authentication Bypass

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Title ===== SCHUTZWERK-SA-2023-004: Authentication Bypass via Password Reset Functionality in Visual Planning Status ====== PUBLISHED Version ======= 1.0 CVE reference ============= CVE-2023-49232 Link ====...

6.8AI score0.01525EPSS
Exploits1
Packet Storm
Packet Storm
added 2024/04/05 12:0 a.m.316 views

DerbyNet 9.0 print/render/award.inc SQL Injection

CVE ID: CVE-2024-30922 Description: A SQL Injection vulnerability has been identified in DerbyNet version 9.0, specifically affecting the 'where' clause in Award Document Rendering through the component print/render/award.inc. This vulnerability allows remote attackers to execute arbitrary code a...

7.4AI score0.01429EPSS
Exploits2
Packet Storm
Packet Storm
added 2024/04/05 12:0 a.m.286 views

DerbyNet 9.0 checkin.php Cross Site Scripting

CVE ID: CVE-2024-30924 Description: A Cross Site Scripting XSS vulnerability has been identified in DerbyNet version 9.0, specifically within the checkin.php component. This vulnerability allows remote attackers to execute arbitrary code due to improper handling of the order URL parameter. The fl...

7.4AI score0.00341EPSS
Exploits2
Packet Storm
Packet Storm
added 2024/04/05 12:0 a.m.276 views

DerbyNet 9.0 racer-results.php Cross Site Scripting

CVE ID: CVE-2024-30927 Description: A Cross-Site Scripting XSS vulnerability is present in DerbyNet version 9.0, specifically within the racer-results.php component. This issue allows remote attackers to execute arbitrary code through the improper handling of the racerid parameter. The...

7.4AI score0.00551EPSS
Exploits2
Packet Storm
Packet Storm
added 2024/04/05 12:0 a.m.300 views

DerbyNet 9.0 print/render/racer.inc SQL Injection

CVE ID: CVE-2024-30923 Description: An SQL Injection vulnerability has been discovered in DerbyNet version 9.0, specifically within the print/render/racer.inc component. This vulnerability allows remote attackers to execute arbitrary code and disclose sensitive information by exploiting improper...

7.4AI score0.0137EPSS
Exploits2
Total number of security vulnerabilities50738