Lucene search
K
PacketstormnewsRecent

6858 matches found

Packet Storm News
Packet Storm News
•added 2025/04/03 12:0 a.m.•5 views

Apple Security Advisory 03-31-2025-3

Apple Security Advisory 03-31-2025-3 - iOS 18.4 and iPadOS 18.4 addresses buffer overflow, bypass, cross site scripting, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities...

9.8CVSS6.7AI score0.0197EPSS
Exploits4
Packet Storm News
Packet Storm News
•added 2025/04/03 12:0 a.m.•3 views

Apple Security Advisory 03-31-2025-5

Apple Security Advisory 03-31-2025-5 - iOS 16.7.11 and iPadOS 16.7.11 addresses an out of bounds write vulnerability...

8.8CVSS6.7AI score0.04371EPSS
Exploits4
Packet Storm News
Packet Storm News
•added 2025/04/03 12:0 a.m.•3 views

Apple Security Advisory 03-31-2025-6

Apple Security Advisory 03-31-2025-6 - iOS 15.8.4 and iPadOS 15.8.4 addresses an out of bounds write vulnerabilities...

8.8CVSS6.9AI score0.04371EPSS
Exploits4
Packet Storm News
Packet Storm News
•added 2025/04/03 12:0 a.m.•2 views

Apple Security Advisory 03-31-2025-1

Apple Security Advisory 03-31-2025-1 - Safari 18.4 addresses buffer overflow, cross site scripting, spoofing, and use-after-free vulnerabilities...

9.8CVSS6.8AI score0.00961EPSS
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/03 12:0 a.m.•3 views

Apple Security Advisory 04-01-2025-1

Apple Security Advisory 04-01-2025-1 - watchOS 11.4 addresses buffer overflow, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities...

9.8CVSS7.2AI score0.0197EPSS
Exploits4
Packet Storm News
Packet Storm News
•added 2025/04/03 12:0 a.m.•15 views

Apple Security Advisory 03-31-2025-4

Apple Security Advisory 03-31-2025-4 - iPadOS 17.7.6 addresses buffer overflow, out of bounds read, spoofing, and use-after-free vulnerabilities...

9.8CVSS7.2AI score0.18668EPSS
Exploits12
Packet Storm News
Packet Storm News
•added 2025/04/03 12:0 a.m.•3 views

Apple Security Advisory 03-31-2025-10

Apple Security Advisory 03-31-2025-10 - tvOS 18.4 addresses buffer overflow, out of bounds read, and use-after-free vulnerabilities...

9.8CVSS7.2AI score0.0197EPSS
Exploits3
Packet Storm News
Packet Storm News
•added 2025/04/03 12:0 a.m.•6 views

Apple Security Advisory 03-31-2025-11

Apple Security Advisory 03-31-2025-11 - visionOS 2.4 addresses buffer overflow, bypass, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities...

9.8CVSS7.2AI score0.0197EPSS
Exploits4
Packet Storm News
Packet Storm News
•added 2025/04/03 12:0 a.m.•94 views

Apple Security Advisory 03-31-2025-7

Apple Security Advisory 03-31-2025-7 - macOS Sequoia 15.4 addresses buffer overflow, bypass, code execution, format string, heap corruption, integer overflow, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities...

9.8CVSS7.4AI score0.02527EPSS
Exploits9
Packet Storm News
Packet Storm News
•added 2025/04/03 12:0 a.m.•3 views

Apple Security Advisory 03-31-2025-9

Apple Security Advisory 03-31-2025-9 - macOS Ventura 13.7.5 addresses buffer overflow, bypass, code execution, format string, heap corruption, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities...

9.8CVSS7.4AI score0.18668EPSS
Exploits11
Packet Storm News
Packet Storm News
•added 2025/04/03 12:0 a.m.•6 views

Apple Security Advisory 03-31-2025-8

Apple Security Advisory 03-31-2025-8 - macOS Sonoma 14.7.5 addresses buffer overflow, bypass, code execution, format string, heap corruption, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities...

9.8CVSS7.4AI score0.18668EPSS
Exploits11
Packet Storm News
Packet Storm News
•added 2025/04/02 12:0 a.m.•12 views

WordPress Front-End Users 3.2.32 Shell Upload

WordPress Front-End Users plugin versions 3.2.32 and below suffer from a remote shell upload vulnerability...

9.8CVSS7.2AI score0.20411EPSS
Exploits3
Packet Storm News
Packet Storm News
•added 2025/04/02 12:0 a.m.•3 views

Wazuh 4.11.2

Wazuh is a free and open source security platform that unifies XDR and SIEM capabilities. It protects workloads across on-premises, virtualized, containerized, and cloud-based environments. This is the source code release...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/01 12:0 a.m.•3 views

Advanced XSS Exploitation - Capturing User Local Storage Data

In this paper, the author teaches advanced persistent cross site scripting techniques that can be used to capture data from the client's local storage and send it to an external server. The paper is primarily focusing on a pentesting perspective but also discusses mitigations. Written in Brazilia...

6.1AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/03/31 12:0 a.m.•8 views

WordPress the Novel Design Store Directory 4.3.0 Shell Upload

WordPress The Novel Design Store Directory plugin versions 4.3.0 and below suffer from a remote shell upload vulnerability...

10CVSS7.2AI score0.01457EPSS
Exploits1
Packet Storm News
Packet Storm News
•added 2025/03/31 12:0 a.m.•12 views

WordPress Newscrunch Theme 1.8.4.1 Shell Upload

WordPress Newscrunch theme version 1.8.4.1 suffers from a remote shell upload vulnerability...

9.8CVSS7.2AI score0.01977EPSS
Exploits2
Packet Storm News
Packet Storm News
•added 2025/03/31 12:0 a.m.•9 views

WordPress SoJ SoundSlides 1.2.2 Shell Upload

WordPress SoJ SoundSlides plugin versions 1.2.2 and below suffer from a remote shell upload vulnerability...

8.8CVSS7.2AI score0.00688EPSS
Exploits1
Packet Storm News
Packet Storm News
•added 2025/03/31 12:0 a.m.•7 views

Packet Storm New Exploits for March, 2025

This archive contains all of the 223 exploits added to Packet Storm in March, 2025...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/03/31 12:0 a.m.•9 views

WordPress Datasets Manager 1.5 Shell Upload

WordPress Datasets Manager plugin versions 1.5 and below suffer from a remote shell upload vulnerability...

10CVSS7.2AI score0.0135EPSS
Exploits1
Packet Storm News
Packet Storm News
•added 2025/03/31 12:0 a.m.•6 views

WordPress Verbalize WP 1.0 Shell Upload

WordPress Verbalize WP plugin versions 1.0 and below suffer from a remote shell upload vulnerability...

9.8CVSS7.2AI score0.00443EPSS
Exploits0
Packet Storm News
Packet Storm News
•added 2025/03/31 12:0 a.m.•11 views

WordPress Checkout Mestres do WP for WooCommerce 8.7.5 Missing Authentication

WordPress Checkout Mestres do WP for WooCommerce plugin versions 8.6.5 through 8.7.5 suffer from a missing authentication vulnerability that allows you to update options...

9.8CVSS7AI score0.00678EPSS
Exploits1
Packet Storm News
Packet Storm News
•added 2025/03/31 12:0 a.m.•6 views

Advanced XSS Exploitation - User Screenshot

In this paper, the author teaches advanced persistent cross site scripting techniques that can be used to take screenshots of the client's screen and send them to an external server. The paper is primarily focusing on a pentesting perspective but also discusses mitigations. Written in Brazilian...

6.3AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/03/31 12:0 a.m.•10 views

WordPress Newscrunch Theme 1.8.4.1 Cross Site Request Forgery

WordPress Newscrunch theme version 1.8.4 suffers from a cross site request forgery vulnerability...

8.8CVSS6.7AI score0.00491EPSS
Exploits1
Packet Storm News
Packet Storm News
•added 2025/03/31 12:0 a.m.•4 views

Advanced XSS Exploitation - How to Record User Audio

In this paper, the author teaches advanced persistent cross site scripting techniques that can be used to record client audio conversations and send them to an external server. The paper is primarily focusing on a pentesting perspective but also discusses mitigations. Written in Brazilian...

6.3AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/03/28 12:0 a.m.•7 views

Advanced XSS Exploitation - How to Create Keylogger and Get Password

In this paper, the author teaches advanced persistent cross site scripting techniques that can be used to create keyloggers and send the content typed by the client to an external server, where the attacker will have access to messages, passwords, etc. The paper is primarily focusing on a...

6.3AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/03/28 12:0 a.m.•12 views

WordPress WPC Smart Upsell Funnel for WooCommerce 3.0.4 Privilege Escalation

A missing authorization vulnerability in the WPC Smart Upsell Funnel for WooCommerce plugin versions through 3.0.4 allows authenticated users with minimal privileges e.g., subscriber to escalate their privileges by modifying arbitrary WordPress options via a vulnerable AJAX endpoint...

8.8CVSS7AI score0.00596EPSS
Exploits1
Packet Storm News
Packet Storm News
•added 2025/03/28 12:0 a.m.•11 views

WordPress Kubio AI Page Builder 2.5.1 Local File Inclusion

The Kubio AI Page Builder plugin for WordPress is vulnerable to a local file inclusion vulnerability in all versions up to, and including, 2.5.1 via the kubiohybridthemeloadtemplate function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server...

9.8CVSS6.9AI score0.76761EPSS
Exploits12
Packet Storm News
Packet Storm News
•added 2025/03/28 12:0 a.m.•5 views

Horde IMP 6.2.27 Cross Site Scripting / Account Takeover

Proof of concept exploit that demonstrates a cross site scripting vulnerability in Horde IMP versions 6.2.27 and below...

7.2CVSS6.3AI score0.30164EPSS
Exploits0
Packet Storm News
Packet Storm News
•added 2025/03/27 12:0 a.m.•4 views

Advanced XSS Exploitation - How to Capture Session Cookies

In this paper, the author teaches advanced cross site scripting techniques that can be used to capture user session cookies and send them to an external server. Although this paper primarily focuses on attack methodology, it also touches on cross site scripting mitigations. Written in Brazilian...

6.3AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/03/27 12:0 a.m.•6 views

TeamViewer Improper Signature Verification

Proof of concept code for a flaw in TeamViewer that enables an unprivileged user to load an arbitrary kernel driver into the system. This is a python implementation of the original exploit produced by Peter Gabaldon...

8.8CVSS7.1AI score0.00412EPSS
Exploits2
Packet Storm News
Packet Storm News
•added 2025/03/27 12:0 a.m.•7 views

IngressNightmare Proof of Concepts

This is an archive of IngressNightmare proof of concept exploits meant to help researchers understand the exploitation and vulnerability prerequisites. IngressNightmare is a series of unauthenticated remote code execution vulnerabilities in ingress NGINX controllers for Kubernetes...

9.8CVSS8.3AI score0.99098EPSS
Exploits21
Packet Storm News
Packet Storm News
•added 2025/03/26 12:0 a.m.•5 views

Buffer Overflow - How to Create an Exploit for a Web Server

In this paper, the author demonstrates how to identify a vanilla buffer overflow and how to create an exploit in Perl to exploit a vulnerability in the well-known web server MiniHttp. Written in Brazilian Portuguese...

7.3AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/03/26 12:0 a.m.•8 views

Next.js Authorization Bypass

Proof of concept exploit for a critical security vulnerability affecting Next.js, a popular React framework for building full-stack web applications. This flaw allows attackers to bypass authorization checks implemented in Next.js middleware, potentially granting unauthorized access to sensitive...

9.1CVSS6.8AI score0.99301EPSS
Exploits58
Packet Storm News
Packet Storm News
•added 2025/03/26 12:0 a.m.•3 views

Zed Attack Proxy 2.16.1 Cross Platform Package

The Zed Attack Proxy ZAP is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testin...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/03/26 12:0 a.m.•10 views

WordPress SEO LAT Auto Post 2.2.1 Remote Code Execution

WordPress SEO LAT Auto Post plugin versions 2.2.1 and below suffer from a remote code execution vulnerability...

9.8CVSS8.2AI score0.03171EPSS
Exploits1
Packet Storm News
Packet Storm News
•added 2025/03/26 12:0 a.m.•6 views

Microsoft Windows Runtime Broker ClipboardBroker Privilege Escalation

The Runtime Broker’s Clipboard Broker allows any low IL/AppContainer such as Edge or IE EPM to get access to an OOP IStorage object through the ClipboardBroker leading to a sandbox escape...

5.5CVSS7AI score0.13975EPSS
Exploits1
Packet Storm News
Packet Storm News
•added 2025/03/26 12:0 a.m.•15 views

WordPress ScottCart 1.1 Remote Code Execution

WordPress ScottCart plugin versions 1.1 and below suffer from a remote code execution vulnerability...

9.8CVSS8.2AI score0.0135EPSS
Exploits1
Packet Storm News
Packet Storm News
•added 2025/03/25 12:0 a.m.•6 views

How to Create a Scan in Perl to Identify Vulnerable Telnet Servers

This paper, written in Brazilian Portuguese, explains how to create a Perl script to identify vulnerable telnet servers. In the context of application security, the author provides mitigation recommendations...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/03/25 12:0 a.m.•4 views

How to Create a Scan in Perl to Identify Vulnerable SSH Servers

This paper, written in Brazilian Portuguese, explains how to create a Perl script to identify vulnerable SSH servers. In the context of application security, the author provides mitigation recommendations...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/03/25 12:0 a.m.•6 views

How to Create a Scan in Perl to Identify Vulnerable Webservers

This paper, written in Brazilian Portuguese, explains how to create a Perl script to identify vulnerable web servers. In the context of application security, the author provides mitigation recommendations...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/03/25 12:0 a.m.•5 views

How to Create a Scan in Perl to Identify Vulnerable SMTP Servers

This paper, written in Brazilian Portuguese, explains how to create a Perl script to identify vulnerable SMTP servers. In the context of application security, the author provides mitigation recommendations...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/03/25 12:0 a.m.•6 views

How to Create a Scan in Perl to Identify Vulnerable POP3 Servers

This paper, written in Brazilian Portuguese, explains how to create a Perl script to identify vulnerable POP3 servers. In the context of application security, the author provides mitigation recommendations...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/03/25 12:0 a.m.•9 views

WordPress Shortcode Addons 3.2.5 Shell Upload

WordPress Shortcode Addons plugin versions 3.2.5 and below suffer from a remote shell upload vulnerability...

9.1CVSS7.2AI score0.01353EPSS
Exploits1
Packet Storm News
Packet Storm News
•added 2025/03/25 12:0 a.m.•14 views

Linux 4.2 Out-Of-Bounds Write

The USB CDC-ACM driver in Linux versions starting at 4.12 suffers from a missing size check in acmctrlirq that leads to an out-of-bounds write...

6.8AI score0.00328EPSS
Exploits1
Packet Storm News
Packet Storm News
•added 2025/03/25 12:0 a.m.•5 views

Creating an FTP Server Buffer Overflow Exploit with Metasploit

This paper, written in Brazilian Portuguese, explains how to create a common exploit from the data of a Metasploit Framework exploit to exploit a vanilla buffer overflow on an FTP server. In the context of application security, the author provides mitigation recommendations...

7.3AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/03/24 12:0 a.m.•9 views

Next.js Middleware Authorization Bypass

Proof of concept exploit that demonstrates an authorization bypass being exploited in Next.js middleware...

9.1CVSS7AI score0.99301EPSS
Exploits58
Packet Storm News
Packet Storm News
•added 2025/03/24 12:0 a.m.•9 views

WordPress Pubnews 1.0.7 Arbitrary Plugin Installation

WordPress Pubnews theme versions 1.0.7 and below suffer from an unauthenticated arbitrary plugin installation vulnerability...

8.8CVSS7.2AI score0.01355EPSS
Exploits1
Packet Storm News
Packet Storm News
•added 2025/03/24 12:0 a.m.•10 views

GNUnet P2P Framework 0.24.0

GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP IPv4 and IPv6, TCP IPv4 and IPv6, HTTP, o...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/03/24 12:0 a.m.•11 views

WordPress Portfolleo 1.2 Shell Upload

WordPress Portfolleo plugin versions 1.2 and below suffer from a remote shell upload vulnerability...

9.9CVSS7.2AI score0.01153EPSS
Exploits1
Packet Storm News
Packet Storm News
•added 2025/03/24 12:0 a.m.•8 views

WordPress RepairBuddy 3.8115 Shell Upload

WordPress RepairBuddy plugin versions 3.8115 and below suffer from a remote shell upload vulnerability...

10CVSS7.2AI score0.01794EPSS
Exploits4
Total number of security vulnerabilities6858