Lucene search
K
PacketstormRecent

50738 matches found

Packet Storm
Packet Storm
added 2023/08/22 12:0 a.m.242 views

FlightPath LMS 4.8.2 Insecure Direct Object Reference

==================================================================================================================================== | Title : FlightPath LMS v4.8.2 Insecure Direct Object Reference Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/22 12:0 a.m.284 views

Global Multi School Management System Express 1.0 SQL Injection

Exploit Title: Global - Multi School Management System Express v1.0- SQL Injection Date: 2023-08-12 Exploit Author: Ahmet Ümit BAYRAM Vendor: https://codecanyon.net/item/global-multi-school-management-system-express/21975378 Tested on: Kali Linux & MacOS CVE: N/A Request POST /report/balance...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/22 12:0 a.m.277 views

FIRESHOP Advanced CMS 2.3 Arbitrary File Upload

==================================================================================================================================== | Title : FIRESHOP Advanced CMS v2.3 unrestricted file upload Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/22 12:0 a.m.282 views

FoccusWeb CMS 0.1 Cross Site Scripting

====================================================================================================================================== | Title : FoccusWeb CMS v0.1 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.232-bit | | Vendo...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/22 12:0 a.m.404 views

TSPlus 16.0.2.14 Insecure Permissions

Exploit Title: TSplus 16.0.2.14 - Remote Access Insecure Files and Folders Permissions Date: 2023-08-09 Exploit Author: Carlo Di Dato for Deloitte Risk Advisory Italia Vendor Homepage: https://tsplus.net/ Version: Up to 16.0.2.14 Tested on: Windows CVE : CVE-2023-31067 TSplus Remote Access v...

7.1AI score0.02884EPSS
Exploits4
Packet Storm
Packet Storm
added 2023/08/22 12:0 a.m.312 views

TSPlus 16.0.0.0 Insecure Credential Storage

Exploit Title: TSPlus 16.0.0.0 - Remote Work Insecure Credential storage Date: 2023-08-09 Exploit Author: Carlo Di Dato for Deloitte Risk Advisory Italia Vendor Homepage: https://tsplus.net/ Version: Up to 16.0.0.0 Tested on: Windows CVE : CVE-2023-31069 With TSPlus Remote Work v. 16.0.0.0 you ca...

7.1AI score0.01932EPSS
Exploits3
Packet Storm
Packet Storm
added 2023/08/22 12:0 a.m.243 views

E-mailer Newsletter And Mailing System with Analytics + GEO location 1.16 Information Disclosure

================================================================================================================================== | Title : E-mailer Newsletter & Mailing System with Analytics + GEO location v1.16 information Disclosure vulnerability | | Author : indoushka | | Tested on : windows...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/22 12:0 a.m.305 views

FOG Forum 0.8 Cross Site Scripting

==================================================================================================================================== | Title : FOG Forum v0.8 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit | | Vendor :...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/22 12:0 a.m.321 views

TSPlus 16.0.0.0 Insecure Permissions

Exploit Title: TSplus 16.0.0.0 - Remote Work Insecure Files and Folders Permissions Date: 2023-08-09 Exploit Author: Carlo Di Dato for Deloitte Risk Advisory Italia Vendor Homepage: https://tsplus.net/ Version: Up to 16.0.0.0 Tested on: Windows CVE : CVE-2023-31068 With TSPlus Remote Work v...

7.1AI score0.02849EPSS
Exploits3
Packet Storm
Packet Storm
added 2023/08/22 12:0 a.m.257 views

PHPJabbers Business Directory Script 3.2 Cross Site Request Forgery / Cross Site Scripting

Exploit Title: PHPJabbers Business Directory Script v3.2 - Multiple Vulnerabilities Date: 09/08/2023 Exploit Author: Kerimcan Ozturk Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/business-directory-script/ Version: 3.2 Tested on: Windows 10 Pro Description...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/22 12:0 a.m.338 views

OVOO Movie Portal CMS 3.3.3 SQL Injection

Exploit Title: OVOO Movie Portal CMS v3.3.3 - SQL Injection Date: 2023-08-12 Exploit Author: Ahmet Ümit BAYRAM Vendor: https://codecanyon.net/item/ovoomovie-video-streaming-cms-with-unlimited-tvseries/20180569 Tested on: Kali Linux & MacOS CVE: N/A Request POST /filtermovies/1 HTTP/2 Host:...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/22 12:0 a.m.254 views

Dolibarr 17.0.1 Cross Site Scripting

Exploit Title: Dolibarr Version 17.0.1 - Stored XSS Dork: Date: 2023-08-09 Exploit Author: Furkan Karaarslan Category : Webapps Vendor Homepage: http://127.0.0.1/dolibarr-17.0.1/htdocs/user/note.php Version: 17.0.1 REQUIRED Tested on: Windows/Linux CVE :...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/22 12:0 a.m.303 views

Inosoft VisiWin 7 2022-2.1 Insecure Permissions / Privilege Escalation

Exploit Title: Inosoft VisiWin 7 2022-2.1 - Insecure Folders Permissions Privilege Escalation Date: 2023-08-09 Exploit Author: Carlo Di Dato for Deloitte Risk Advisory Italia Vendor Homepage: https://www.inosoft.com/ Version: Up to 2022-2.1 Runtime RT7.3 RC3 20221209.5 Tested on: Windows CVE:...

7.1AI score0.00823EPSS
Exploits4
Packet Storm
Packet Storm
added 2023/08/22 12:0 a.m.333 views

FleetCart Laravel Ecommerce System 1.1.2 Insecure Settings

==================================================================================================================================== | Title : FleetCart - Laravel Ecommerce System v1.1.2 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser :...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/21 12:0 a.m.245 views

DoorGets CMS 7.0 Information Disclosure

==================================================================================================================================== | Title : DoorGets CMS v7.0 Sensitive information disclosure Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/21 12:0 a.m.246 views

Academy LMS 6.1 Cross Site Scripting / File Upload

Exploit Title: Academy LMS 6.1 - Arbitrary File Upload Exploit Author: CraCkEr Date: 05/08/2023 Vendor: Creativeitem Vendor Homepage: https://academylms.net/ Software Link: https://demo.academylms.net/ Tested on: Windows 10 Pro Impact: Allows User to upload files to the web server CWE: CWE-79 -...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/21 12:0 a.m.385 views

Jorani Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Jorani unauthenticated Remote Code Execution', 'Description' = %q This module exploits an unauthenticated Remote Code Execution in Jorani prior t...

7.1AI score0.81918EPSS
Exploits5
Packet Storm
Packet Storm
added 2023/08/21 12:0 a.m.314 views

Crypto Currency Tracker (CCT) 9.5 Add Administrator

Exploit Title: Crypto Currency Tracker CCT - Admin Account Creation Unauthenticated Date: 11.08.2023 Exploit Author: 0xBr Software Link: https://codecanyon.net/item/crypto-currency-tracker-prices-charts-news-icos-info-and-more/21588008 Version: =9.5 CVE: CVE-2023-37759 POST /en/user/register HTTP...

7.1AI score0.03564EPSS
Exploits4
Packet Storm
Packet Storm
added 2023/08/21 12:0 a.m.245 views

Event Locations CMS 1.0.1 Shell Upload

==================================================================================================================================== | Title : Event Locations CMS V1.0.1 - unrestricted files upload Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/21 12:0 a.m.288 views

Emaar Real Estate Agency Directory System 5.7 Shell Upload

==================================================================================================================================== | Title : Emaar – Real Estate Agency Directory System v5.7 Unrestricted File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro /...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/21 12:0 a.m.312 views

Credit Lite 1.5.4 SQL Injection

Exploit Title: Credit Lite 1.5.4 - SQL Injection Exploit Author: CraCkEr Date: 31/07/2023 Vendor: Hobby-Tech Vendor Homepage: https://codecanyon.net/item/credit-lite-micro-credit-solutions/39554392 Software Link: https://credit-lite.appshat.xyz/ Tested on: Windows 10 Pro Impact: Database Access...

7.1AI score0.01073EPSS
Exploits4
Packet Storm
Packet Storm
added 2023/08/21 12:0 a.m.314 views

Evsanati Radyo 1.0 Shell Upload

==================================================================================================================================== | Title : evsanati radyo v1.0 Remote File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 64.0.2...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/21 12:0 a.m.259 views

Fara Melk Estate CMS 1.5.0 Information Disclosure

==================================================================================================================================== | Title : Fara Melk Estate CMS v1.5.0 unauthorized administrative access Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser :...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/18 12:0 a.m.441 views

Cisco ThousandEyes Enterprise Agent Virtual Appliance Arbitrary File Modification

KL-001-2023-003: Cisco ThousandEyes Enterprise Agent Virtual Appliance Arbitrary File Modification via sudoedit Title: Cisco ThousandEyes Enterprise Agent Virtual Appliance Arbitrary File Modification via sudoedit Advisory ID: KL-001-2023-003 Publication Date: 2023.08.17 Publication URL:...

7.8CVSS7.1AI score0.55367EPSS
Exploits20
Packet Storm
Packet Storm
added 2023/08/18 12:0 a.m.408 views

Cisco ThousandEyes Enterprise Agent Virtual Appliance Arbitrary File Read

KL-001-2023-001: Cisco ThousandEyes Enterprise Agent Virtual Appliance Arbitrary File Read via sudo dig Title: Cisco ThousandEyes Enterprise Agent Virtual Appliance Arbitrary File Read via sudo dig Advisory ID: KL-001-2023-001 Publication Date: 2023.08.17 Publication URL:...

7.1AI score0.00304EPSS
Exploits2
Packet Storm
Packet Storm
added 2023/08/18 12:0 a.m.401 views

Cisco ThousandEyes Enterprise Agent Virtual Appliance Privilege Escalation

KL-001-2023-002: Cisco ThousandEyes Enterprise Agent Virtual Appliance Privilege Escalation via tcpdump Title: Cisco ThousandEyes Enterprise Agent Virtual Appliance Privilege Escalation via tcpdump Advisory ID: KL-001-2023-002 Publication Date: 2023.08.17 Publication URL:...

7.1AI score0.00418EPSS
Exploits2
Packet Storm
Packet Storm
added 2023/08/17 12:0 a.m.901 views

Maltrail 0.53 Unauthenticated Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Maltrail Unauthenticated Command Injection', 'Description' = %q Maltrail is a malicious traffic detection system, utilizing publicly available...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/17 12:0 a.m.359 views

Greenshot 1.3.274 Deserialization / Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Greenshot .NET Deserialization Fileformat Exploit', 'Description' = %q There exists a .NET deserialization vulnerability in Greenshot version...

7.8CVSS7.1AI score0.07685EPSS
Exploits7
Packet Storm
Packet Storm
added 2023/08/16 12:0 a.m.352 views

Event Locations CMS 1.0.1 Cross Site Scripting

==================================================================================================================================== | Title : Event Locations CMS v1.0.1 - XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 64.0.2 32-bit ...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/16 12:0 a.m.318 views

Education Time Indonesian School CRM 1.7 SQL Injection

==================================================================================================================================== | Title : Education Time Indonesian School CRM v 1.7 Sql injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozill...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/16 12:0 a.m.326 views

ExcessWeb And Network CMS 4.0 Database Disclosure

==================================================================================================================================== | Title : ExcessWeb & Network CMS v4.0 Database Disclosure Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefo...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/16 12:0 a.m.294 views

EMH CMS 0.1 Cross Site Scripting

==================================================================================================================================== | Title : EMH CMS v0.1 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.364-bit | | Vendor :...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/16 12:0 a.m.393 views

AudioCodes VoIP Phones Hardcoded Key

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2022-052 Product: AudioCodes VoIP Phones Manufacturer: AudioCodes Ltd. Affected Versions: Firmware Versions = 3.4.8.M4 Tested Versions: Firmware Version 3.4.4.1000 Vulnerability Type: Use of Hard-coded Cryptographic Key CWE-321 Ris...

7.1AI score0.01131EPSS
Exploits2
Packet Storm
Packet Storm
added 2023/08/16 12:0 a.m.336 views

EI Tube YouTube API 3 Cross Site Scripting

==================================================================================================================================== | Title : EI Tube YouTube API V3 site builder XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/16 12:0 a.m.329 views

Evsanati Radyo 1.0 Insecure Settings

==================================================================================================================================== | Title : evsanati radyo v1.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 64.0.2...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/16 12:0 a.m.301 views

E-partenaire LMS 1.0.0 Cross Site Scripting

==================================================================================================================================== | Title : E-partenaire LMS v1.0.0 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 68.032-bit | | Vend...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/16 12:0 a.m.304 views

Erim Upload 4 Database Disclosure

==================================================================================================================================== | Title : Erim Upload V4 Database Disclosure Exploit | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 108.032-bit | |...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/16 12:0 a.m.412 views

AudioCodes VoIP Phones Insufficient Firmware Validation

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2022-055 Product: AudioCodes VoIP Phones Manufacturer: AudioCodes Ltd. Affected Versions: Firmware Versions = 3.4.4.1000 Tested Versions: Firmware Version 3.4.4.1000 Vulnerability Type: Missing Immutable Root of Trust in Hardware...

7.1AI score0.003EPSS
Exploits2
Packet Storm
Packet Storm
added 2023/08/16 12:0 a.m.524 views

AudioCodes VoIP Phones Hardcoded Key

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2022-054 Product: AudioCodes VoIP Phones Manufacturer: AudioCodes Ltd. Affected Versions: Firmware Versions = 3.4.8.M4 Tested Versions: Firmware Version 3.4.4.1000 Vulnerability Type: Use of Hard-coded Cryptographic Key CWE-321 Ris...

7.1AI score0.01131EPSS
Exploits2
Packet Storm
Packet Storm
added 2023/08/16 12:0 a.m.343 views

Hyip Rio 2.1 Cross Site Scripting / File Upload

Exploit Title: Hyip Rio 2.1 - Arbitrary File Upload Exploit Author: CraCkEr Date: 30/07/2023 Vendor: tdevs Vendor Homepage: https://tdevs.co/ Software Link: https://hyiprio-feature.tdevs.co/ Tested on: Windows 10 Pro Impact: Allows User to upload files to the web server CVE: CVE-2023-4382...

7.1AI score0.01131EPSS
Exploits4
Packet Storm
Packet Storm
added 2023/08/16 12:0 a.m.812 views

H2 Web Interface Create Alias Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'H2 Web Interface Create Alias RCE', 'Description' = %q The H2 database contains an alias function which allows for arbitrary Java code to be used...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/15 12:0 a.m.288 views

Ekushey Project Manager CRM 3.1 Insecure Settings

==================================================================================================================================== | Title : Ekushey Project Manager CRM V3.1 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/15 12:0 a.m.377 views

RaspAP 2.8.7 Unauthenticated Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'RaspAP Unauthenticated Command Injection', 'Description' = %q RaspAP is feature-rich wireless router software that just works on many popular...

9.8CVSS7.1AI score0.98725EPSS
Exploits3
Packet Storm
Packet Storm
added 2023/08/15 12:0 a.m.240 views

Datoo Complete Dating Script 1.0 Insecure Settings

==================================================================================================================================== | Title : Datoo - Complete Dating Script v1.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/15 12:0 a.m.339 views

E-Fun CMS 5.0 XML Injection

==================================================================================================================================== | Title : E-Fun CMS V5.0 XML external entity injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/15 12:0 a.m.301 views

E-Journal Homoeo CMS 2.0.3 SQL Injection

==================================================================================================================================== | Title : E-Journal homoeo CMS v2.0.3 Sql inhection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/15 12:0 a.m.278 views

eLitius 1.0 Backup Disclosure

==================================================================================================================================== | Title : eLitius v1.0 Backup Disclosure Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 65.032-bit | |...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/15 12:0 a.m.288 views

CSC-CMS 1.0.0 Insecure Settings

==================================================================================================================================== | Title : CSC-CMS v1.0.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 68.032-bit | |...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/15 12:0 a.m.276 views

Elite CMS Pro 2.01 SQL Injection

====================================================================================================================================== | Title : Elite CMS Pro V2.01 Sql injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 64.0.2 32-b...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/15 12:0 a.m.244 views

doorGets CMS 7.0 Shell Upload

==================================================================================================================================== | Title : doorGets CMS v7.0 Unrestricted File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...

7.1AI score
Exploits0
Total number of security vulnerabilities50738