Lucene search
K
PacketstormRecent

50738 matches found

Packet Storm
Packet Storm
added 2023/10/03 12:0 a.m.376 views

openVIVA c2 20220101 Cross Site Scripting

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Stored Cross-Site Scripting product: mb Support broker management solution openVIVA c2 vulnerable version: 20220801 CVE number: CVE-2022-39172 impact: Medium homepage:...

7.1AI score0.00628EPSS
Exploits2
Packet Storm
Packet Storm
added 2023/10/02 12:0 a.m.300 views

Electrolink FM/DAB/TV Transmitter Unauthenticated Remote Denial Of Service

Electrolink FM/DAB/TV Transmitter Unauthenticated Remote DoS Vendor: Electrolink s.r.l. Product web page: https://www.electrolink.com Affected version: 10W, 100W, 250W, Compact DAB Transmitter 500W, 1kW, 2kW Medium DAB Transmitter 2.5kW, 3kW, 4kW, 5kW High Power DAB Transmitter 100W, 500W, 1kW, 2...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/10/02 12:0 a.m.288 views

Electrolink FM/DAB/TV Transmitter Pre-Auth MPFS Image Remote Code Execution

Electrolink FM/DAB/TV Transmitter Pre-Auth MPFS Image Remote Code Execution Vendor: Electrolink s.r.l. Product web page: https://www.electrolink.com Affected version: 10W, 100W, 250W, Compact DAB Transmitter 500W, 1kW, 2kW Medium DAB Transmitter 2.5kW, 3kW, 4kW, 5kW High Power DAB Transmitter 100...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/10/02 12:0 a.m.283 views

Electrolink FM/DAB/TV Transmitter Remote Authentication Removal

!/usr/bin/env python Electrolink FM/DAB/TV Transmitter Remote Authentication Removal Vendor: Electrolink s.r.l. Product web page: https://www.electrolink.com Affected version: 10W, 100W, 250W, Compact DAB Transmitter 500W, 1kW, 2kW Medium DAB Transmitter 2.5kW, 3kW, 4kW, 5kW High Power DAB...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/10/02 12:0 a.m.624 views

Juniper SRX Firewall / EX Switch Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'unixcrypt' require 'net/ssh' require 'net/ssh/commandstream' class MetasploitModule 'Junos OS PHPRC Environment Variable Manipulation RCE', 'Description' = %q...

9.8CVSS7.1AI score0.93546EPSS
Exploits27
Packet Storm
Packet Storm
added 2023/10/02 12:0 a.m.334 views

Electrolink FM/DAB/TV Transmitter (login.htm/mail.htm) Credential Disclosure

Electrolink FM/DAB/TV Transmitter login.htm/mail.htm Credentials Disclosure Vendor: Electrolink s.r.l. Product web page: https://www.electrolink.com Affected version: 10W, 100W, 250W, Compact DAB Transmitter 500W, 1kW, 2kW Medium DAB Transmitter 2.5kW, 3kW, 4kW, 5kW High Power DAB Transmitter 100...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/10/02 12:0 a.m.263 views

Electrolink FM/DAB/TV Transmitter (Login Cookie) Authentication Bypass

Electrolink FM/DAB/TV Transmitter Login Cookie Authentication Bypass Vendor: Electrolink s.r.l. Product web page: https://www.electrolink.com Affected version: 10W, 100W, 250W, Compact DAB Transmitter 500W, 1kW, 2kW Medium DAB Transmitter 2.5kW, 3kW, 4kW, 5kW High Power DAB Transmitter 100W, 500W...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/10/02 12:0 a.m.302 views

Electrolink FM/DAB/TV Transmitter Vertical Privilege Escalation

Electrolink FM/DAB/TV Transmitter Vertical Privilege Escalation Vendor: Electrolink s.r.l. Product web page: https://www.electrolink.com Affected version: 10W, 100W, 250W, Compact DAB Transmitter 500W, 1kW, 2kW Medium DAB Transmitter 2.5kW, 3kW, 4kW, 5kW High Power DAB Transmitter 100W, 500W, 1kW...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/10/02 12:0 a.m.253 views

Electrolink FM/DAB/TV Transmitter SuperAdmin Hidden Functionality

Electrolink FM/DAB/TV Transmitter SuperAdmin Hidden Functionality Vendor: Electrolink s.r.l. Product web page: https://www.electrolink.com Affected version: 10W, 100W, 250W, Compact DAB Transmitter 500W, 1kW, 2kW Medium DAB Transmitter 2.5kW, 3kW, 4kW, 5kW High Power DAB Transmitter 100W, 500W,...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/10/02 12:0 a.m.290 views

Electrolink FM/DAB/TV Transmitter (controlloLogin.js) Credential Disclosure

Electrolink FM/DAB/TV Transmitter controlloLogin.js Credentials Disclosure Vendor: Electrolink s.r.l. Product web page: https://www.electrolink.com Affected version: 10W, 100W, 250W, Compact DAB Transmitter 500W, 1kW, 2kW Medium DAB Transmitter 2.5kW, 3kW, 4kW, 5kW High Power DAB Transmitter 100W...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/09/29 12:0 a.m.405 views

JetBrains TeamCity Unauthenticated Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'JetBrains TeamCity Unauthenticated Remote Code Execution', 'Description' = %q This module exploits an authentication bypass vulnerability to...

9.8CVSS9.3AI score0.99979EPSS
Exploits17
Packet Storm
Packet Storm
added 2023/09/27 12:0 a.m.461 views

Microsoft Error Reporting Local Privilege Elevation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft Error Reporting Local Privilege Elevation Vulnerability', 'Description' = %q This module takes advantage of a bug in the way Windows...

7.8CVSS7.1AI score0.32309EPSS
Exploits5
Packet Storm
Packet Storm
added 2023/09/25 12:0 a.m.428 views

OPNsense 23.1.11_1 / 23.7.3 / 23.7.4 Cross Site Scripting / Privilege Escalation

Advisory X41-2023-001: Two Vulnerabilities in OPNsense =========================================================== Highest Severity Rating: High Confirmed Affected Versions: 23.1.111, 23.7.3, 23.7.4 Confirmed Patched Versions: Commit 484753b2abe3fd0fcdb73d8bf00c3fc3709eb8b7 Vendor: Deciso B.V. /...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/09/25 12:0 a.m.368 views

LogoBee CMS 0.2 Cross Site Scripting

==================================================================================================================================== | Title : LogoBee CMS v0.2 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit | | Vendor :...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/09/25 12:0 a.m.337 views

Lamano LMS 0.1 Insecure Settings

==================================================================================================================================== | Title : Lamano LMS v0.1 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 69.032-bit | ...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/09/22 12:0 a.m.383 views

Taskhub 2.8.8 Cross Site Scripting

Title: TASKHUB-2.8.8-XSS-Reflected Author: nu11secur1ty Date: 09/22/2023 Vendor: https://codecanyon.net/user/infinitietech Software: https://codecanyon.net/item/taskhub-project-management-finance-crm-tool/25685874 Reference: https://portswigger.net/web-security/cross-site-scripting Description: T...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/09/22 12:0 a.m.455 views

Elasticsearch 8.5.3 Stack Overflow

Exploit Author: TOUHAMI KASBAOUI Vendor Homepage: https://elastic.co/ Version: 8.5.3 / OpenSearch Tested on: Ubuntu 20.04 LTS CVE : CVE-2023-31419 Ref: https://github.com/sqrtZeroKnowledge/Elasticsearch-Exploit-CVE-2023-31419 import requests import random import string esurl =...

7.1AI score0.60679EPSS
Exploits4
Packet Storm
Packet Storm
added 2023/09/21 12:0 a.m.494 views

TOTOLINK Wireless Routers Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/stopwatch' class MetasploitModule 'TOTOLINK Wireless Routers unauthenticated remote command execution vulnerability.', 'Description' = %q Multiple TOTOLINK...

9.8CVSS7.1AI score0.25889EPSS
Exploits4
Packet Storm
Packet Storm
added 2023/09/21 12:0 a.m.363 views

Luxcal Event Calendar 3.2.3 Cross Site Request Forgery

==================================================================================================================================== | Title : Luxcal Event Calendar v3.2.3 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/09/20 12:0 a.m.380 views

WordPress Theme My Login 2FA Brute Force

The theme my login plugin before 1.2 does not check how often a 2FA code was wrongly entered, allowing a bruteforce of codes to bypass 2FA effectively. A working python exploit: from typing import KeysView from selenium.webdriver.common.by import By from selenium import webdriver from...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/09/20 12:0 a.m.358 views

Lamano CMS 2.0 Cross Site Request Forgery

==================================================================================================================================== | Title : Lamano CMS v2.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 69.032-bit | | Vendor :...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/09/19 12:0 a.m.390 views

Lacabane 1.0 SQL Injection

==================================================================================================================================== | Title : lacabane v1.0 Auth by pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit | |...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/09/19 12:0 a.m.429 views

Taskhub 2.8.7 SQL Injection

Exploit Title: taskhub 2.8.7 - SQL Injection Exploit Author: CraCkEr Date: 05/09/2023 Vendor: Infinitie Technologies Vendor Homepage: https://www.infinitietech.com/ Software Link: https://codecanyon.net/item/taskhub-project-management-finance-crm-tool/25685874 Demo: https://taskhub.company/auth...

7.1AI score0.00692EPSS
Exploits5
Packet Storm
Packet Storm
added 2023/09/19 12:0 a.m.465 views

Free And Open Source Inventory Management System 1.0 SQL Injection

Exploit Title: Free and Open Source Inventory Management System 1.0 - Unauthenticated SQL Injection Exploit Author: Sefa Ozan Date: 16/09/2023 Vendor: MAYURIK Vendor Homepage: https://mayurik.com/ Software Link:...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/09/19 12:0 a.m.490 views

WordPress Essential Blocks 4.2.0 / Essential Blocks Pro 1.1.0 PHP Object Injection

Vulnerability Summary from Wordfence Intelligence Description: Insecure Deserialization/PHP Object Injection via queries Affected Plugin: Essential Blocks, Essential Blocks Pro Plugin slug: essential-blocks, essential-blocks-pro Vendor: WPDeveloper Affected versions: = 4.2.0 Free and = 1.1.0 Pro...

7.1AI score0.0134EPSS
Exploits3
Packet Storm
Packet Storm
added 2023/09/19 12:0 a.m.414 views

Lamano CMS 2.0 SQL Injection

==================================================================================================================================== | Title : Lamano CMS v2.0 Auth By Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 69.032-bit | |...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/09/19 12:0 a.m.611 views

Lexmark Device Embedded Web Server Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Lexmark Device Embedded Web Server RCE', 'Description' = %q A unauthenticated Remote Code Execution vulnerability exists in the embedded webserve...

9.8CVSS7.1AI score0.37835EPSS
Exploits4
Packet Storm
Packet Storm
added 2023/09/19 12:0 a.m.616 views

Apache Airflow 1.10.10 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Airflow 1.10.10 - Example DAG Remote Code Execution', 'Description' = %q This module exploits an unauthenticated command injection...

9.8CVSS7.1AI score0.997EPSS
Exploits10
Packet Storm
Packet Storm
added 2023/09/19 12:0 a.m.475 views

Super Store Finder 3.7 Remote Command Execution

Vulnerability : Authenticated Arbitrary PHP Code Injection lead to Remote Code Execution Researcher : Etharus Vendor : Joe Iz, https://www.superstorefinder.net/ Demo Url : https://superstorefinder.net/products/superstorefinder/ Version Affected : 3.7 and below Date : 18 September 2023 FOFA Dork :...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/09/18 12:0 a.m.383 views

Atos Unify OpenScape Code Execution / Missing Authentication

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Authenticated Remote Code Execution and Missing Authentication product: Atos Unify OpenScape Session Border Controller Atos Unify OpenScape Branch Atos Unify OpenScape BC...

7.1AI score0.0356EPSS
Exploits4
Packet Storm
Packet Storm
added 2023/09/18 12:0 a.m.265 views

Karenderia MRS 5.3 Directory Traversal

==================================================================================================================================== | Title : Karenderia MRS v5.3 Directory Traversal Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/09/18 12:0 a.m.335 views

KPK CMS 1.0 SQL Injection

==================================================================================================================================== | Title : KPK CMS v1.0 Auth by pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 74.032-bit | | Vendor...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/09/18 12:0 a.m.441 views

PTC - Codebeamer Cross Site Scripting

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Reflected Cross-Site Scripting XSS product: PTC - Codebeamer ALM Solution vulnerable version: =22.10-SP8, =22.04-SP6, =21.09-SP14 CVE number: CVE-2023-4296 impact: high...

8.8CVSS7.1AI score0.00613EPSS
Exploits1
Packet Storm
Packet Storm
added 2023/09/18 12:0 a.m.337 views

KPOT Stealer CMS 2.0 Directory Traversal

==================================================================================================================================== | Title : KPOT Stealer CMS v2.0 Directory Traversal Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0....

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/09/18 12:0 a.m.327 views

Ivanti Avalanche MDM Buffer Overflow

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ivanti Avalanche MDM Buffer Overflow', 'Description' = %q This module exploits a buffer overflow condition in Ivanti Avalanche MDM versions befor...

9.8CVSS7.1AI score0.98919EPSS
Exploits7
Packet Storm
Packet Storm
added 2023/09/18 12:0 a.m.485 views

Razer Synapse Race Condition / DLL Hijacking

Advisory ID: SYSS-2023-002 Product: Razer Synapse Manufacturer: Razer Inc. Affected Versions: Versions before 3.8.0428.042117 20230601 Tested Versions: 3.8.0228.022313 20230315 under Windows 10 Pro 10.0.19044 under Windows 11 Home 10.0.22621 Vulnerability Type: Improper Privilege Management CWE-2...

7.8CVSS7.1AI score0.00889EPSS
Exploits7
Packet Storm
Packet Storm
added 2023/09/15 12:0 a.m.379 views

Academy LMS 6.2 SQL Injection

Exploit Title: Academy LMS 6.2 - SQL Injection Exploit Author: CraCkEr Date: 29/08/2023 Vendor: Creativeitem Vendor Homepage: https://creativeitem.com/ Software Link: https://demo.creativeitem.com/academy/ Tested on: Windows 10 Pro Impact: Database Access CVE: CVE-2023-4974 CWE: CWE-89 / CWE-74 /...

7.1AI score0.04886EPSS
Exploits3
Packet Storm
Packet Storm
added 2023/09/15 12:0 a.m.324 views

Italia Mediasky CMS 2.0 Cross Site Scripting

==================================================================================================================================== | Title : İtalia Mediasky CMS v2.0 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit | |...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/09/15 12:0 a.m.335 views

Italia Mediasky CMS 2.0 Cross Site Request Forgery

==================================================================================================================================== | Title : İtalia Mediasky CMS v2.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit | |...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/09/15 12:0 a.m.323 views

Academy LMS 6.2 Cross Site Scripting

Exploit Title: Academy LMS 6.2 - Reflected XSS Exploit Author: CraCkEr Date: 29/08/2023 Vendor: Creativeitem Vendor Homepage: https://creativeitem.com/ Software Link: https://demo.creativeitem.com/academy/ Tested on: Windows 10 Pro Impact: Manipulate the content of the site CVE: CVE-2023-4973 CWE...

7.1AI score0.01835EPSS
Exploits4
Packet Storm
Packet Storm
added 2023/09/15 12:0 a.m.347 views

Chrome Read-Only Property Overwrite

Chrome: Read-only property overwrite in TurboFan VULNERABILITY DETAILS While collecting information for a property store, TurboFan bails out if the property isn't writable2. Unfortunately, the branch condition1 does not include one of the store modes, namely kDefine. This allows an attacker to...

8.8CVSS7.1AI score0.01776EPSS
Exploits2
Packet Storm
Packet Storm
added 2023/09/14 12:0 a.m.383 views

islamnt CMS 2.1.0 Cross Site Scripting

==================================================================================================================================== | Title : islamnt CMS v2.1.0 XSS Vulnerability Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.332-b...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/09/14 12:0 a.m.315 views

islamnt CMS 2.1.0 Add Administrator

==================================================================================================================================== | Title : islamnt CMS v2.1.0 Add ADmin Vulnerability Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/09/14 12:0 a.m.368 views

Night Club Booking Software 1.0 Cross Site Scripting

Title: Night Club Booking Software-1.0 XSS-Reflected Author: nu11secur1ty Date: 09/09/2023 Vendor: https://www.phpjabbers.com/ Software: https://www.phpjabbers.com/night-club-booking-software/sectionDemo Reference: https://portswigger.net/web-security/cross-site-scripting/reflected Description: T...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/09/14 12:0 a.m.484 views

Windows Common Log File System Driver (clfs.sys) Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows Common Log File System Driver clfs.sys Elevation of Privilege Vulnerability', 'Description' = %q A privilege escalation vulnerability...

7.8CVSS7.1AI score0.48973EPSS
Exploits10
Packet Storm
Packet Storm
added 2023/09/14 12:0 a.m.297 views

ImgHosting 1.3 Cross Site Scripting

==================================================================================================================================== | Title : ImgHosting v1.3 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 65.032-bit | | Vendor :...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/09/14 12:0 a.m.323 views

iSmile Soft CMS 0.3.0 Add Administrator

==================================================================================================================================== | Title : iSmile Soft CMS v0.3.0 Add Admin Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit ...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/09/13 12:0 a.m.386 views

PHP Shopping Cart 4.2 SQL Injection

Title: PHP Shopping Cart-4.2 Multiple-SQLi Author: nu11secur1ty Date: 09/13/2023 Vendor: https://www.phpjabbers.com/ Software:https://www.phpjabbers.com/php-shopping-cart-script/sectionPricing Reference: https://portswigger.net/web-security/sql-injection Description: The id parameter appears to b...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/09/13 12:0 a.m.284 views

K-LOANS 1.4.5 Insecure Settings

==================================================================================================================================== | Title : K-LOANS v1.4.5 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit ...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/09/13 12:0 a.m.292 views

Kleeja 1.5.4 Cross Site Scripting

==================================================================================================================================== | Title : Kleeja v1.5.4 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit | | Vendor :...

7.1AI score
Exploits0
Total number of security vulnerabilities50738