Lucene search
K
PacketstormRecent

50738 matches found

Packet Storm
Packet Storm
added 2023/09/13 12:0 a.m.341 views

Blood Bank And Donor Management System 2.2 Cross Site Scripting

Exploit Title: Blood Bank & Donor Management System using v2.2 - Stored XSS Application: Blood Donor Management System Version: v2.2 Bugs: Stored XSS Technology: PHP Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/blood-bank-donor-management-system-free-download/...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/09/13 12:0 a.m.622 views

Ivanti Sentry Authentication Bypass / Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ivanti Sentry MICSLogService Auth Bypass resulting in RCE CVE-2023-38035', 'Description' = %q This module exploits an authentication bypass in...

9.8CVSS7.1AI score0.99949EPSS
Exploits6
Packet Storm
Packet Storm
added 2023/09/13 12:0 a.m.265 views

Fundraising Script 1.0 SQL Injection

Title: Fundraising Script-1.0 SQLi Author: nu11secur1ty Date: 09/13/2023 Vendor: https://www.phpjabbers.com/ Software: https://www.phpjabbers.com/fundraising-script/sectionDemo Reference: https://portswigger.net/web-security/sql-injection Description: The cid parameter appears to be vulnerable to...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/09/12 12:0 a.m.304 views

Equipment Rental Script 1.0 SQL Injection

Title: Equipment Rental Script-1.0 - SQLi Author: nu11secur1ty Date: 09/12/2023 Vendor: https://www.phpjabbers.com/ Software: https://www.phpjabbers.com/equipment-rental-script/sectionDemo Reference: https://portswigger.net/web-security/sql-injection Description: The packageid parameter appears t...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/09/12 12:0 a.m.282 views

KALIMATAN GMS 1.0.0 Cross Site Scripting

==================================================================================================================================== | Title : KALIMATAN GMS V1.0.0 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 64.0.2 32-bit | | Vend...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/09/12 12:0 a.m.269 views

Kylin CMS 1.3.0 SQL Injection

==================================================================================================================================== | Title : KylinCMS V1.3.0 Auth by pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.332-bit | |...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/09/12 12:0 a.m.213 views

Online Pizza Ordering System 1.0 Shell Upload

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Online Pizza Ordering System PHP File Upload Vulnerability", 'Description' = %q This module exploits a vulnerability found in Online Pizza Orderi...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/09/12 12:0 a.m.300 views

Kaledo RD CMS 1.0 SQL Injection

==================================================================================================================================== | Title : Kalédo RD CMS va1.0 SQL Injection vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/09/12 12:0 a.m.278 views

Kolifa Download CMS 1.2 HTML Injection

==================================================================================================================================== | Title : Kolifa Download CMS v1.2 HTML Inject Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/09/11 12:0 a.m.252 views

Varient News Magazine Script 1.3.0 Insecure Settings

====================================================================================================================================== | Title : Varient News Magazine Script V1.3.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro | | Vendor :...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/09/11 12:0 a.m.264 views

iSmile Soft CMS 0.3.0 Cross Site Scripting

==================================================================================================================================== | Title : iSmile Soft CMS v0.3.0 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit | |...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/09/11 12:0 a.m.323 views

VMware vRealize Log Insight Unauthenticated Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/proto/thrift' require 'rex/stopwatch' class MetasploitModule 'VMware vRealize Log Insight Unauthenticated RCE', 'Description' = %q VMware vRealize Log...

9.8CVSS7.1AI score0.87077EPSS
Exploits3
Packet Storm
Packet Storm
added 2023/09/11 12:0 a.m.262 views

Shuttle Booking Software 1.0 SQL Injection

Title: Shuttle-Booking-Software-1.0 Multiple-SQLi Author: nu11secur1ty Date: 09/10/2023 Vendor: https://www.phpjabbers.com/ Software: https://www.phpjabbers.com/shuttle-booking-software/sectionPricing Reference: https://portswigger.net/web-security/sql-injection Description: The locationid...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/09/11 12:0 a.m.269 views

IWT Imagine CMS 1.0 Cross Site Scripting

==================================================================================================================================== | Title : IWT Imagineِ CMS v1.0 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.232-bit | | Vend...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/09/11 12:0 a.m.318 views

WordPress Slimstat Analytics 5.0.9 Cross Site Scripting / SQL Injection

Vulnerability Summary from Wordfence Intelligence Description: Slimstat Analytics = 5.0.9 – Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Affected Plugin: Slimstat Analytics Plugin Slug: wp-slimstat Affected Versions: = 5.0.9 CVE ID: CVE-2023-4597 CVSS Score: 6.4 Medium CVS...

8.8CVSS7.1AI score0.00916EPSS
Exploits4
Packet Storm
Packet Storm
added 2023/09/11 12:0 a.m.272 views

Splunk Enterprise Account Takeover

https://github.com/redwaysecurity/CVEs/blob/main/CVE-2023-32707/README.md !/usr/bin/env python3 Splunk admin account take over exploit - CVE-2023-32707 Author: Redway Security Discovery: Santiago Lopez Vendor Description: A low-privilege user who holds a role that has the edituser capability...

8.8CVSS7.1AI score0.73537EPSS
Exploits7
Packet Storm
Packet Storm
added 2023/09/11 12:0 a.m.341 views

OpenPLC Webserver 3 Denial Of Service / Buffer Overflow

import requests import sys import time import optparse import re parser = optparse.OptionParser parser.addoption'-u', '--url', action="store", dest="url", help="Base target uri ex. http://target-uri:8080" parser.addoption'-l', '--user', action="store", dest="user", help="User credential to login"...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/09/08 12:0 a.m.363 views

WinRAR Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'zip' class MetasploitModule 'WinRAR CVE-2023-38831 Exploit', 'Description' = %q This module exploits a vulnerability in WinRAR CVE-2023-38831. When a user opens...

7.8CVSS7.1AI score0.97798EPSS
Exploits49
Packet Storm
Packet Storm
added 2023/09/08 12:0 a.m.310 views

GOM Player 2.3.90.5360 Buffer Overflow

Exploit Title: GOM Player 2.3.90.5360 - Buffer Overflow PoC Discovered by: Ahmet Ümit BAYRAM Discovered Date: 30.08.2023 Vendor Homepage: https://www.gomlab.com Software Link: https://cdn.gomlab.com/gretech/player/GOMPLAYERGLOBALSETUPNEW.EXE Tested Version: 2.3.90.5360 latest Tested on: Windows 1...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/09/08 12:0 a.m.295 views

Wp2Fac 1.0 Command Injection

Exploit Title: Wp2Fac v1.0 - OS Command Injection Date: 2023-08-27 Exploit Author: Ahmet Ümit BAYRAM Vendor: https://github.com/metinyesil/wp2fac Tested on: Kali Linux & Windows 11 CVE: N/A import requests def sendpostrequesthost, revshell: url = f'http://host/send.php' headers = 'User-Agent':...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/09/08 12:0 a.m.328 views

Drupal 10.1.2 Web Cache Poisoning

Title: drupal-10.1.2 web-cache-poisoning-External-service-interaction Author: nu11secur1ty Date: 08/30/2023 Vendor: https://www.drupal.org/ Software: https://www.drupal.org/download Reference: https://portswigger.net/kb/issues/00300210external-service-interaction-http Description: It is possible ...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/09/08 12:0 a.m.666 views

Kibana Timelion Prototype Pollution Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Kibana Timelion Prototype Pollution RCE', 'Description' = %q Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in...

10CVSS7.1AI score0.95338EPSS
Exploits12
Packet Storm
Packet Storm
added 2023/09/08 12:0 a.m.269 views

Soosyze 2.0.0 Arbitrary File Upload

Title: soosyze 2.0.0 - File Upload Author: nu11secur1ty Date: 04.26.2023-08.28.2023 Vendor: https://soosyze.com/ Software: https://github.com/soosyze/soosyze/releases/tag/2.0.0 Reference: https://portswigger.net/web-security/file-upload Description: Broken file upload logic. The malicious user ca...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/09/08 12:0 a.m.620 views

Sonicwall GMS 9.9.9320 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Sonicwall', 'Description' = %q This module exploits a series of vulnerabilities - including auth bypass, SQL injection, and shell injection - to...

9.8CVSS7.1AI score0.86733EPSS
Exploits2
Packet Storm
Packet Storm
added 2023/09/08 12:0 a.m.312 views

SyncBreeze 15.2.24 Denial Of Service

Exploit Title: SyncBreeze 15.2.24 -'login' Denial of Service Date: 30/08/2023 Exploit Author: mohamed youssef Vendor Homepage: https://www.syncbreeze.com/ Software Link: https://www.syncbreeze.com/setups/syncbreezesetupv15.4.32.exe Version: 15.2.24 Tested on: windows 10 64-bit import socket impor...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/09/08 12:0 a.m.420 views

WordPress Elementor Iframe Injection

Exploit Title: Wordpress Plugin Elementor 3.5.5 - Iframe Injection Date: 28.08.2023 Exploit Author: Miguel Santareno Vendor Homepage: https://elementor.com/ Version: 3.5.5 Tested on: Google and Firefox latest version CVE : CVE-2022-4953 1. Description The plugin does not filter out user-controlle...

6.1CVSS7.1AI score0.02027EPSS
Exploits5
Packet Storm
Packet Storm
added 2023/09/08 12:0 a.m.473 views

LG Simple Editor Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'LG Simple Editor Remote Code Execution', 'Description' = %q This Metasploit module exploits broken access control and directory traversal...

7.1AI score0.82964EPSS
Exploits3
Packet Storm
Packet Storm
added 2023/09/08 12:0 a.m.288 views

Axigen 10.5.0–4370c946 Cross Site Scripting

Exploit Title: Axigen if xhr1.readyState === XMLHttpRequest.DONE hcookie = new URLxhr1.responseURL.search.split"="1; xhr2.open'PATCH', /api/v1/conversations/MQ/?h=$hcookie...

6.1CVSS7.1AI score0.52088EPSS
Exploits4
Packet Storm
Packet Storm
added 2023/09/08 12:0 a.m.428 views

TECHView LA5570 Wireless Gateway 1.0.19_T53 Traversal / Privilege Escalation

Exploit Title: Techview LA-5570 Wireless Gateway Home Automation Controller - Multiple Vulnerabilities Google Dork: N/A Date: 25/08/2023 Exploit Author: The Security Team exploitsecurity.io Vendor Homepage: https://www.jaycar.com.au/wireless-gateway-home-automation-controller/p/LA5570 Software...

7.5CVSS7.1AI score0.02548EPSS
Exploits6
Packet Storm
Packet Storm
added 2023/09/08 12:0 a.m.578 views

OpenTSDB 2.4.1 Unauthenticated Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'OpenTSDB 2.4.1 unauthenticated command injection', 'Description' = %q This module exploits an unauthenticated command injection vulnerability in...

9.8CVSS7.1AI score0.35604EPSS
Exploits4
Packet Storm
Packet Storm
added 2023/09/08 12:0 a.m.284 views

Event Ticketing System 1.0 Cross Site Scripting

Title: Event Ticketing System-1.0 XSS-Reflected - RCE Author: nu11secur1ty Date: 09/08/2023 Vendor: https://www.phpjabbers.com/ Software: https://www.phpjabbers.com/event-ticketing-system/sectionDemo Reference: https://portswigger.net/web-security/cross-site-scripting/reflected Description: The...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/09/07 12:0 a.m.267 views

Izdelava IDS 2.0 Cross Site Scripting

==================================================================================================================================== | Title : Izdelava IDS v2.0 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.232-bit | | Vendor :...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/09/07 12:0 a.m.260 views

Meeting Room Booking System 1.0 SQL Injection

Title: Meeting Room Booking System-1.0 Multiple - SQLi Author: nu11secur1ty Date: 09/06/2023 Vendor: https://www.phpjabbers.com/ Software: https://www.phpjabbers.com/meeting-room-booking-system/sectionDemo Reference: https://portswigger.net/web-security/sql-injection Description: The column...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/09/07 12:0 a.m.292 views

JPC2 CMS 1.0 SQL Injection

====================================================================================================================================== | Title : JPC2 CMS v1.0 Sql injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 61.0.1 32-bit | |...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/09/06 12:0 a.m.297 views

ImgHosting 1.3 SQL Injection

==================================================================================================================================== | Title : ImgHosting v1.3 Sql Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 65.032-bit | |...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/09/06 12:0 a.m.326 views

Infinity Market Classified Ads Script 1.6.2 Cross Site Scripting

==================================================================================================================================== | Title : Infinity Market Classified Ads Script 1.6.2 xss via file uploads Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro | | Vendor...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/09/06 12:0 a.m.332 views

Cleaning Business Software 1.0 Cross Site Scripting

Title: Cleaning Business Software-1.0 XSS-Reflected Author: nu11secur1ty Date: 09/06/2023 Vendor: https://www.phpjabbers.com/ Software: https://www.phpjabbers.com/cleaning-business-software/sectionDemo Reference: https://portswigger.net/web-security/cross-site-scripting/reflected Description: The...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/09/06 12:0 a.m.350 views

SolarView Compact 6.00 Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SolarView Compact unauthenticated remote command execution vulnerability.', 'Description' = %q CONTEC's SolarView™ Series enables you to monitor...

9.8CVSS7.1AI score0.99273EPSS
Exploits9
Packet Storm
Packet Storm
added 2023/09/06 12:0 a.m.288 views

Event Booking Calendar 4.0 Cross Site Scripting

Title: Event Booking Calendar-4.0 XSS-Reflected Author: nu11secur1ty Date: 09/06/2023 Vendor: https://www.phpjabbers.com/ Software: https://www.phpjabbers.com/event-booking-calendar/sectionDemo Reference: https://portswigger.net/web-security/cross-site-scripting/reflected Description: The value o...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/09/06 12:0 a.m.274 views

Firefox 117 Denial Of Service

This is barely a DoS, but since Chrome has explicit protection against it, we decided to disclose it. If firefox user visits a specially crafted page, then firefox may create many files in /Downloads, The user is notified about this in a small dialog, but there is no option to stop the downloads...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/09/06 12:0 a.m.453 views

OpenCart CMS 4.0.2.2 Brute Force

Exploit Title: OpenCart CMS v4.0.2.2 Login Vulnerability Date: 5-9-2023 Category: Web Application CMS Exploit Author: Rajdip Dey Sarkar Version: 4.0.2.2 Tested on: Windows/Kali CVE: CVE-2023-40834 Description: ---------------- OpenCart CMS version 4.0.2.2 is susceptible to login brute-force...

7.1AI score0.01093EPSS
Exploits3
Packet Storm
Packet Storm
added 2023/09/06 12:0 a.m.355 views

WordPress Newsletter 7.8.9 Cross Site Scripting

Vulnerability Summary from Wordfence Intelligence Description: Newsletter = 7.8.9 – Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Affected Plugin: Newsletter – Send awesome emails from WordPress Plugin Slug: newsletter Affected Versions: = 7.8.9 CVE ID: CVE-2023-4772 CVSS...

7.1AI score0.00437EPSS
Exploits2
Packet Storm
Packet Storm
added 2023/09/06 12:0 a.m.259 views

JZDCMS 1.3 Cross Site Scripting

==================================================================================================================================== | Title : JZDCMS v1.3 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 65.0.132-bit | | Vendor :...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/09/06 12:0 a.m.335 views

Cinema Booking System 1.0 Cross Site Scripting

Title: Cinema Booking System-1.0 XSS-Reflected Author: nu11secur1ty Date: 09/05/2023 Vendor: https://www.phpjabbers.com/ Software: https://www.phpjabbers.com/car-rental-script/ Reference: https://portswigger.net/web-security/sql-injection Description: The name of an arbitrarily supplied URL...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/09/05 12:0 a.m.287 views

WEBIGniter 28.7.23 Shell Upload

Title: WEBIGniter-28.7.23 File Upload - RCE Author: nu11secur1ty Date: 09/04/2023 Vendor: https://webigniter.net/ Software: https://webigniter.net/demo Reference: https://portswigger.net/web-security/file-upload Description: The media function suffers from file upload vulnerability. The attacker...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/09/05 12:0 a.m.272 views

DLINK DPH-400SE FRU2.2.15.8 Information Disclosure

Exploit Title : DLINK DPH-400SE - Exposure of Sensitive Information Date : 25-08-2023 Exploit Author : tahaafarooq Vendor Homepage : https://dlink.com/ Version : FRU2.2.15.8 Tested on: DLINK DPH-400SE VoIP Phone Description: With default credential for the guest user "guest:guest" to login on the...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/09/05 12:0 a.m.340 views

WordPress WP Statistics 13.1.5 SQL Injection

Exploit Title: WP Statistics Plugin = 13.1.5 currentpageid - Time based SQL injection Unauthenticated Date: 13/02/2022 Exploit Author: psychoSherlock Vendor Homepage: https://wp-statistics.com/ Software Link: https://downloads.wordpress.org/plugin/wp-statistics.13.1.5.zip Version: 13.1.5 and prio...

9.8CVSS7.1AI score0.81363EPSS
Exploits4
Packet Storm
Packet Storm
added 2023/09/05 12:0 a.m.570 views

Internet Radio auna IR-160 SE UIProto DoS / XSS / Missing Authentication

The internet radio device auna IR-160 SE has multiple vulnerabilities. It uses the firmware UIProto, different versions of which can also be found in many other radios. 1. The firmware offers a rudimentary web API that can be reached on the local network on port 80. This API is completely...

10CVSS7.1AI score0.04448EPSS
Exploits6
Packet Storm
Packet Storm
added 2023/09/05 12:0 a.m.267 views

AtlasVPN Linux Client 1.0.3 IP Leak

The following is my 0day. This code, when executed on any website, disconnects the AtlasVPN linux client and leaks the users IP address. I am not yet aware of it being used in the wild. However, it shows that AtlasVPN does not take their users safety serious, because their software security...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/09/05 12:0 a.m.283 views

FileMage Gateway 1.10.9 Local File Inclusion

Exploit Title: FileMage Gateway 1.10.9 - Local File Inclusion Date: 8/22/2023 Exploit Author: Bryce "Raindayzz" Harty Vendor Homepage: https://www.filemage.io/ Version: Azure Versions 1.10.9 Tested on: All Azure deployments 1.10.9 CVE : CVE-2023-39026 Technical Blog -...

7.5CVSS7.1AI score0.10562EPSS
Exploits4
Total number of security vulnerabilities50738