Lucene search
K
PacketstormRecent

50738 matches found

Packet Storm
Packet Storm
added 2023/09/05 12:0 a.m.297 views

Freefloat FTP Server 1.0 Buffer Overflow

Exploit title: Freefloat FTP Server 1.0 - 'PWD' Remote Buffer Overflow Date: 08/22/2023 Exploit Author: Waqas Ahmed Faroouqi ZEROXINN Vendor Homepage: http://www.freefoat.com Version: 1.0 Tested on Windows XP SP3 !/usr/bin/python import socket Metasploit Shellcode msfvenom -p...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/09/05 12:0 a.m.287 views

WEBIGniter 28.7.23 Cross Site Scripting

Title: WEBIGniter-28.7.23-XSS-Reflected Author: nu11secur1ty Date: 09/04/2023 Vendor: https://webigniter.net/ Software: https://webigniter.net/demo Reference: https://portswigger.net/web-security/cross-site-scripting Description: The value of the redirect request parameter is copied into the valu...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/09/05 12:0 a.m.297 views

Kingo ROOT 1.5.8 Unquoted Service Path

Exploit Title: Kingo ROOT 1.5.8 - Unquoted Service Path Date: 8/22/2023 Exploit Author: Anish Feroz ZEROXINN Vendor Homepage: https://www.kingoapp.com/ Software Link: https://www.kingoapp.com/android-root/download.htm Version: 1.5.8.3353 Tested on: Windows 10 Pro -------------Discovering Unquoted...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/09/04 12:0 a.m.310 views

Humhub 1.3.13 Shell Upload

==================================================================================================================================== | Title : Humhub v1.3.13 Unrestricted File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/09/04 12:0 a.m.285 views

Ivanti Avalance Remote Code Execution

""" Exploit Title: Ivanti Avalanche IIIss'.formatself.namesize, self.valuesize, self.type, self.namesize, self.valuesize, self.name, self.value Create a header structure class HP: def initself, hdr, payload: self.hdr = hdr self.payload = payload self.pad = b'\x00' 16 - lenself.hdr + lenself.paylo...

9.8CVSS7.1AI score0.98919EPSS
Exploits7
Packet Storm
Packet Storm
added 2023/09/04 12:0 a.m.258 views

NVClient 5.0 Stack Buffer Overflow

Exploit Title: NVClient v5.0 - Stack Buffer Overflow DoS Discovered by: Ahmet Ümit BAYRAM Discovered Date: 2023-08-19 Software Link: http://www.neonguvenlik.com/yuklemeler/yazilim/kst-f919-hd2004.rar Software Manual:...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/09/04 12:0 a.m.239 views

Impress CMS 1.3.9 Open Redirection

==================================================================================================================================== | Title : impress CMS v1.3.9 Open Redirect vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit ...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/09/04 12:0 a.m.269 views

ImpressionTech CMS 1.4 SQL Injection

==================================================================================================================================== | Title : ImpressionTech CMS ٍv1.4 Sql injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 61.0.1...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/09/04 12:0 a.m.332 views

CSZ CMS 1.3.0 Cross Site Scripting

Exploit Title: CSZ CMS 1.3.0 - Stored Cross-Site Scripting Plugin 'Gallery' Date: 2023/08/18 CVE: CVE-2023-38911 Exploit Author: Daniel González Vendor Homepage: https://www.cszcms.com/ Software Link: https://github.com/cskaza/cszcms Version: 1.3.0 Tested on: CSZ CMS 1.3.0 Description: CSZ CMS...

6.1CVSS7.1AI score0.00468EPSS
Exploits7
Packet Storm
Packet Storm
added 2023/09/04 12:0 a.m.393 views

AdminLTE PiHole Broken Access Control

Exploit Title: AdminLTE PiHole ' HTTP requests GET /admin/scripts/pi-hole/php/queryads.php?domain=' HTTP/1.1 HOST: pi.hole Cookie: ..SNIPPED.. ..SNIPPED.. HTTP Response HTTP/1.1 200 OK ..SNIPPED.. data: Match found in ..SNIPPED.. data: data: data:...

5.3CVSS7.1AI score0.40162EPSS
Exploits4
Packet Storm
Packet Storm
added 2023/09/04 12:0 a.m.236 views

ImgHosting 1.3 HTML Injection

==================================================================================================================================== | Title : ImgHosting v1.3 html injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 65.032-bit | |...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/09/04 12:0 a.m.267 views

Linux 6.4 Use-After-Free / Race Condition

Linux 6.4: UAF race between mbind and VMA-locked page fault tested on git master, at commit 57012c57536f Summary: There's a race between mbind and VMA-locked page faults, leading to UAF. You can quickly hit this with a straightforward reproducer that just keeps calling mbind on one thread and...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/09/02 12:0 a.m.286 views

Clcknshop 1.0.0 Cross Site Scripting

Exploit Title: Clcknshop 1.0.0 - Reflected XSS Exploit Author: CraCkEr Date: 16/08/2023 Vendor: Infosoftbd Solutions Vendor Homepage: https://infosoftbd.com/ Software Link: https://infosoftbd.com/multitenancy-e-commerce-solution/ Demo: https://kidszone.clckn.shop/ Tested on: Windows 10 Pro Impact...

7.1AI score0.00525EPSS
Exploits2
Packet Storm
Packet Storm
added 2023/09/02 12:0 a.m.331 views

Clcknshop 1.0.0 SQL Injection

Exploit Title: Clcknshop 1.0.0 - SQL Injection Exploit Author: CraCkEr Date: 16/08/2023 Vendor: Infosoftbd Solutions Vendor Homepage: https://infosoftbd.com/ Software Link: https://infosoftbd.com/multitenancy-e-commerce-solution/ Demo: https://kidszone.clckn.shop/ Tested on: Windows 10 Pro Impact...

7.1AI score0.45639EPSS
Exploits3
Packet Storm
Packet Storm
added 2023/09/02 12:0 a.m.281 views

Tinycontrol LAN Controller 3 Remote Admin Password Change

!/bin/bash : " Tinycontrol LAN Controller v3 LK3 Remote Admin Password Change Vendor: Tinycontrol Product web page: https://www.tinycontrol.pl Affected version: this with a calendar when - then. The device provides a user interface in the form of a web page. The website presents readings of vario...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/09/02 12:0 a.m.262 views

Tinycontrol LAN Controller 3 Denial Of Service

Tinycontrol LAN Controller v3 LK3 Remote Denial Of Service Exploit Vendor: Tinycontrol Product web page: https://www.tinycontrol.pl Affected version: this with a calendar when - then. The device provides a user interface in the form of a web page. The website presents readings of various types of...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/09/02 12:0 a.m.292 views

Tinycontrol LAN Controller 3 Remote Credential Extraction

!/usr/bin/env python Tinycontrol LAN Controller v3 LK3 Remote Credentials Extraction PoC Vendor: Tinycontrol Product web page: https://www.tinycontrol.pl Affected version: this with a calendar when - then. The device provides a user interface in the form of a web page. The website presents readin...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/09/02 12:0 a.m.403 views

Oracle RMAN Missing Auditing

Title: CVE-2021-2207 - RMAN Controlfile Operation Not Audited Product: Database Manufacturer: Oracle Affected Versions: 12.1.0.2, 12.2.0.1, 18c, 19c Tested Versions: 19c Risk Level: low Score: 2.3 Solution Status: Fixed CVE Reference: CVE-2021-2207 Author of Advisory: Emad Al-Mousa Overview: Audi...

2.3CVSS7.1AI score0.00643EPSS
Exploits2
Packet Storm
Packet Storm
added 2023/09/02 12:0 a.m.399 views

PlayTube 3.0.1 Information Disclosure

Exploit Title: PlayTube 3.0.1 - Redirect Information Disclosure Exploit Author: CraCkEr Date: 19/08/2023 Vendor: PlayTube Vendor Homepage: https://playtubescript.com/ Software Link: https://demo.playtubescript.com/ Tested on: Windows 10 Pro Impact: Sensitive Information Leakage CVE: CVE-2023-4714...

7.1AI score0.0521EPSS
Exploits3
Packet Storm
Packet Storm
added 2023/08/31 12:0 a.m.349 views

Innovins CMS 4.7 SQL Injection

==================================================================================================================================== | Title : Innovins CMS v4.7 Sql Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit |...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/31 12:0 a.m.311 views

Islam CMS 1.0 Code Injection

==================================================================================================================================== | Title : islam cms v1.0 PHP code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/31 12:0 a.m.341 views

Online ID Generator 1.0 SQL Injection / Shell Upload

Title: Online-ID-Generator-1.0-SQLi-Bypass-login-ShellUpload-RCE Author: nu11secur1ty Date: 08/31/2023 Vendor: https://www.youtube.com/watch?v=JdB9po5DTc Software: https://www.sourcecodester.com/sites/default/files/download/oretnom23/idgenerator0.zip Reference:...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/31 12:0 a.m.430 views

PHP JABBERS PHP Review Script 1.0 Cross Site Scripting

Title: PHPJABBERS-PHP Review Script-1.0 XSS-Reflected Author: nu11secur1ty Date: 08/31/2023 Vendor: https://www.phpjabbers.com/ Software: https://www.phpjabbers.com/php-review-script/ Reference: https://portswigger.net/web-security/cross-site-scripting/reflected Description: The value of the acti...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/31 12:0 a.m.336 views

InterPhoto 2.3.0 Shell Upload

==================================================================================================================================== | Title : InterPhoto 2.3.0 Persians Remote Shell Upload vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/31 12:0 a.m.384 views

Easy Address Book Web Server 1.6 Buffer Overflow / Cross Site Scripting

Exploit Title: Easy Address Book Web Server v1.6 - Multiple Vulnerabilities Discovery by: Rafael Pedrero Discovery Date: 2021-01-10 CVE: CVE-2023-4491, CVE-2023-4492, CVE-2023-4493 Vendor Homepage: http://www.efssoft.com/web-address-book-server.html Software Link : http://www.efssoft.com/eabws.ex...

7.1AI score0.009EPSS
Exploits1
Packet Storm
Packet Storm
added 2023/08/31 12:0 a.m.294 views

Invasor Diagonal CMS 1.0 Cross Site Scripting

==================================================================================================================================== | Title : Invasor Diagonal CMS 1.0 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit | |...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/30 12:0 a.m.272 views

IQ-Medya CMS 2.0 Cross Site Scripting

==================================================================================================================================== | Title : İQ-Medya CMS v2.0 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit | | Vendor ...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/30 12:0 a.m.345 views

Apache NiFi H2 Connection String Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache NiFi H2 Connection String Remote Code Execution', 'Description' = %q The DBCPConnectionPool and HikariCPConnectionPool Controller Services...

8.8CVSS7.1AI score0.63633EPSS
Exploits9
Packet Storm
Packet Storm
added 2023/08/29 12:0 a.m.235 views

Humhub 1.3.13 Directory Traversal

==================================================================================================================================== | Title : Humhub v1.3.13 Directory traversal Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 67.032-bit |...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/29 12:0 a.m.304 views

i-Gallery 3.4 Database Disclosure

==================================================================================================================================== | Title : i-Gallery v3.4 Database Disclosure Exploit | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 108.032-bit | |...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/29 12:0 a.m.228 views

hudaallah Linker CMS 1.0 Cross Site Scripting

==================================================================================================================================== | Title : hudaallah Linker CMS v1.0 Xss Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit | |...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/29 12:0 a.m.279 views

HRM SAAS 2.1.9 Insecure Settings

==================================================================================================================================== | Title : HRM SAAS v 2.1.9 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.064-bit |...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/29 12:0 a.m.228 views

Foodiee Online Food Ordering Web Application 1.0.0 Cross Site Scripting

==================================================================================================================================== | Title : Foodiee - Online Food Ordering Web Application V1.0.0 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozil...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/29 12:0 a.m.257 views

PHPValley Micro Jobs 2.0.1 Insecure Direct Object Reference

==================================================================================================================================== | Title : PHPValley Micro Jobs v2.0.1 Missing Authentication Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/29 12:0 a.m.287 views

GOM Player 2.3.90.5360 MITM / Remote Code Execution

Exploit Title: GOM Player 2.3.90.5360 - Remote Code Execution RCE Date: 26.08.2023 Author: M. Akil Gündoğan Contact: https://twitter.com/akilgundogan Vendor Homepage: https://www.gomlab.com/gomplayer-media-player/ Software Link: https://cdn.gomlab.com/gretech/player/GOMPLAYERGLOBALSETUPNEW.EXE...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/29 12:0 a.m.259 views

Hloun 1.0.0 Insecure Settings

==================================================================================================================================== | Title : Hloun V1.0.0 Rinstall Script Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit | |...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/29 12:0 a.m.269 views

imax CMS 1.0 SQL Injection

==================================================================================================================================== | Title : imax CMS v1.0 Sql Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit | |...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/29 12:0 a.m.301 views

Grawlix 1.5.1 Cross Site Scripting

Title: grawlix-1.5.1 XSS-Reflected Author: nu11secur1ty Date: 08/29/2023 Vendor: https://getgrawlix.com/ Software: Reference: https://portswigger.net/web-security/cross-site-scripting Description: The value of the ref request parameter is copied into the value of an HTML tag attribute which is...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/29 12:0 a.m.243 views

HumbertoCaldas CMS 0.1.3 Cross Site Scripting

==================================================================================================================================== | Title : HumbertoCaldas Cms v0.1.3 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 64.0.2 32-bit | |...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/29 12:0 a.m.264 views

Human Resource PMS 1.4 Database Disclosure

==================================================================================================================================== | Title : Human Resource PMS v1.4 Database Disclosure Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/29 12:0 a.m.326 views

iBilling CRM 4.5.0 Add Administrator / Insecure Direct Object Reference

==================================================================================================================================== | Title : iBilling CRM v4.5.0 Add Admin vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit | |...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/29 12:0 a.m.268 views

HPBoost 4.0 Add Administrator

==================================================================================================================================== | Title : HPBoost v4.0 Add Admin Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit | | Vendor...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/29 12:0 a.m.258 views

ImgHosting 1.2 Cross Site Scripting

==================================================================================================================================== | Title : ImgHosting v1.2 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 65.032-bit | | Vendor :...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/29 12:0 a.m.275 views

HS-booking CMS 2.79 SQL Injection

==================================================================================================================================== | Title : HS-booking CMS v2.79 SQl injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozila Firefox 68.0 32-bit |...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/29 12:0 a.m.239 views

Hasan MWB 1 Add Administrator

==================================================================================================================================== | Title : Hasan MWB v1 Reinstall Add Admin Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 65.032-bit | |...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/28 12:0 a.m.338 views

Hesk Rtl CMS 1 Cross Site Scripting

==================================================================================================================================== | Title : Hesk Rtl CMS v1 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit | | Vendor :...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/28 12:0 a.m.272 views

HaasCMS 1.0 Cross Site Scripting

==================================================================================================================================== | Title : HaasCMS v1.0 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit | | Vendor :...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/28 12:0 a.m.304 views

SPA-Cart eCommerce CMS 1.9.0.3 Cross Site Scripting

Exploit Title: SPA-Cart eCommerce CMS 1.9.0.3 - Reflected XSS Exploit Author: CraCkEr Date: 20/08/2023 Vendor: SPA-Cart Vendor Homepage: https://spa-cart.com/ Software Link: https://demo.spa-cart.com/ Tested on: Windows 10 Pro Impact: Manipulate the content of the site CVE: CVE-2023-4547 CWE:...

7.1AI score0.48533EPSS
Exploits4
Packet Storm
Packet Storm
added 2023/08/28 12:0 a.m.257 views

Hospital HMS 2.7 SQL Injection

====================================================================================================================================== | Title : Hospital HMS v2.7 Auth by pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit ...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/28 12:0 a.m.293 views

Global Domains International 2.0 Cross Site Scripting

==================================================================================================================================== | Title : Global Domains International v2.0 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3...

7.1AI score
Exploits0
Total number of security vulnerabilities50738