exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 131 RSS Feed

Files

Packet Storm New Exploits For January, 2023
Posted Feb 1, 2023
Authored by Todd J. | Site packetstormsecurity.com

This archive contains all of the 130 exploits added to Packet Storm in January, 2023.

tags | exploit
SHA-256 | ea59f7d618d1f8fe8f750faa31ef909e70fc61e5274fef5dd74a9c65027bb7bf
Control Web Panel Unauthenticated Remote Command Execution
Posted Jan 31, 2023
Authored by Spencer McIntyre, numan turle | Site metasploit.com

Control Web Panel versions prior to 0.9.8.1147 are vulnerable to unauthenticated OS command injection. Successful exploitation results in code execution as the root user. The results of the command are not contained within the HTTP response and the request will block while the command is running.

tags | exploit, web, root, code execution
advisories | CVE-2022-44877
SHA-256 | 00cb85e5ab25f2d5091aa8c72d9d5252d08919dce9dbd37743bea7469e5dbc51
PHPJabbers Business Directory Script 3.2 Cross Site Scripting
Posted Jan 31, 2023
Authored by CraCkEr

PHPJabbers Business Directory Script version 3.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | d2557e411d456bd34555a2aacdc580e243ce6132afdd23ed9686aef6b539969e
PHPJabbers Auto Classifieds Script 3.2 Cross Site Scripting
Posted Jan 31, 2023
Authored by CraCkEr

PHPJabbers Auto Classifieds Script version 3.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | a763dffdb3d9d66af1165c31dde196ceb865df88853aef37d01989c9d9427a14
mRemoteNG 1.76.20 Privilege Escalation
Posted Jan 31, 2023
Authored by Thurein Soe

mRemoteNG version 1.76.20 suffers from a weak permission privilege escalation vulnerability.

tags | exploit
advisories | CVE-2020-24307
SHA-256 | aa08068eda449c43f5c76d0ec56fca19930c2ac6719246bec693e3037f692da6
PHPJabbers Car Park Booking System 2.0 Cross Site Scripting
Posted Jan 30, 2023
Authored by CraCkEr

PHPJabbers Car Park Booking System version 2.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 692a826df097e4229d209944d70fe7f7799c532b5e037c41aba1f0ba9bebb91b
Zstore 6.6.0 Cross Site Scripting
Posted Jan 30, 2023
Authored by nu11secur1ty

Zstore version 6.6.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 653905fd4efa9030f79aa84e990c72cb875f0be6933e755e36678f4aa2c9a0c8
PHPJabbers Event Ticketing System Script 1.0 Cross Site Scripting
Posted Jan 30, 2023
Authored by CraCkEr

PHPJabbers Event Ticketing System Script version 1.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 8fab16cdc74a1a2eec65f585cba5d399670dcb6b308f9255fea72f9fbd84df1a
PHPJabbers Travel Tours Script 1.0 SQL Injection
Posted Jan 30, 2023
Authored by CraCkEr

PHPJabbers Travel Tours Script version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | ca11533d20acd6bee2a211d4e3de4c988afb414b29686bd6473042b4b019f864
PHPJabbers Travel Tours Script 1.0 Cross Site Scripting
Posted Jan 30, 2023
Authored by CraCkEr

PHPJabbers Travel Tours Script version 1.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 0a7f5b626d6393bcc255133a21566a6f163578785f29510c84d73418a28fd1fe
PHPJabbers Property Listing Script 3.1 SQL Injection
Posted Jan 30, 2023
Authored by CraCkEr

PHPJabbers Property Listing Script version 3.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | a31fd6b56b7d7115984b30a6505b1ddcaee6cb5274d5e467b5411856220a7fd9
PHPJabbers Property Listing Script 3.1 Cross Site Scripting
Posted Jan 30, 2023
Authored by CraCkEr

PHPJabbers Property Listing Script version 3.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 302f3f53c1a0e807af0b328668c5cb8b327fd8eb8e22a11b9af1c012ac5056ca
Razer Synapse 3.7.0731.072516 Local Privilege Escalation
Posted Jan 27, 2023
Authored by Dr. Oliver Schwarz | Site syss.de

Razer Synapse version 3.7.0731.072516 suffers from a local privilege escalation due to a DLL hijacking vulnerability.

tags | exploit, local
systems | windows
advisories | CVE-2022-47632
SHA-256 | b44857059280bd0c0f9219f18143442834c6560bf766c7639b847e7be7cb3329
Micro Focus GroupWise Session ID Disclosure
Posted Jan 27, 2023
Authored by Stefan Pietsch | Site trovent.io

Micro Focus GroupWise is a messaging software for email and personal information management. Trovent Security GmbH discovered that the GroupWise web application transmits the session ID in HTTP GET requests in the URL when email content is accessed. The exposed session ID can be recorded in the browser history of the client and in log files of the web server or reverse proxy server. A possible attacker with access to the browser history or the server log files is able to take control of the user session with the help of the session ID. Versions prior to 18.4.2 are affected.

tags | exploit, web
advisories | CVE-2022-38756
SHA-256 | 45d877f2bc8d1d68f308fad7fe918c90f982d284964eee41b93805a3c6fb1ad2
PHPJabbers Car Rental Script 3.0 SQL Injection
Posted Jan 27, 2023
Authored by CraCkEr

PHPJabbers Car Rental Script version 3.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | da611ec0ad9f60f8789a0b37c087ba77ab18171db28eb201e5d8c4312ef65403
Secure Web Gateway 10.2.11 Cross Site Scripting
Posted Jan 26, 2023
Site redteam-pentesting.de

Secure Web Gateway version 10.2.11 suffers from a cross site scripting vulnerability. RedTeam Pentesting identified a vulnerability which allows attackers to craft URLs to any third-party website that result in arbitrary content to be injected into the response when accessed through the Secure Web Gateway. While it is possible to inject arbitrary content types, the primary risk arises from JavaScript code allowing for cross site scripting.

tags | exploit, web, arbitrary, javascript, xss
advisories | CVE-2023-0214
SHA-256 | f0bbf9c04ccb2873653f86035ec08f7b9388e540d28d2f705eaf53a75692bfea
Inout Jobs Portal 2.2.2 Cross Site Scripting
Posted Jan 25, 2023
Authored by CraCkEr

Inout Jobs Portal version 2.2.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 6f3be2d31feb3d9c7a0c800ce5810ede460356e4aec96ec7e16f05115241db1a
Inout Jobs Portal 2.2.2 SQL Injection
Posted Jan 25, 2023
Authored by CraCkEr

Inout Jobs Portal version 2.2.2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 9f8b4b7af85a0ac5ff2162e8db5b902d70686fae9043406cbad209c183367ccf
Inout Music 5.1.1 SQL Injection
Posted Jan 25, 2023
Authored by CraCkEr

Inout Music version 5.1.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 77e27e4a02fc7a2e3b12e40b81fb4fcccd78c51d27a51a95afd57db9e134c114
Cacti 1.2.22 Command Injection
Posted Jan 24, 2023
Authored by mr_me, Erik Wynter, Stefan Schiller, Owen Gong | Site metasploit.com

This Metasploit module exploits an unauthenticated command injection vulnerability in Cacti versions through 1.2.22 in order to achieve unauthenticated remote code execution as the www-data user.

tags | exploit, remote, code execution
advisories | CVE-2022-46169
SHA-256 | e63c1aedc4dd728df608137b19687c9e69ec0ae051a555280b58f4cc45f05eb6
Inout Search Engine 10.1.3 Cross Site Scripting
Posted Jan 24, 2023
Authored by CraCkEr

Inout Search Engine version 10.1.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | c32df83849d238b031091b57cbe551049a10b3a034d6d248af9e813f15050385
Inout Homestay 2.2 SQL Injection
Posted Jan 24, 2023
Authored by CraCkEr

Inout Homestay version 2.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | ddd17c54c1ad77326efd7f4df4ae548147ee2c630ceb187f992d756190a45d19
Active eCommerce CMS 6.5.0 Cross Site Scripting
Posted Jan 23, 2023
Authored by Sajibe Kanti

Active eCommerce CMS version 6.5.0 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | bd1b8525d134e8539153037cbd2b3ebad280be2852c627e63b5bf9be93e5ebd0
ERPGo SaaS 3.9 CSV Injection
Posted Jan 23, 2023
Authored by Sajibe Kanti

ERPGo is a software as a service (SaaS) platform that is vulnerable to CSV injection attacks. This type of attack occurs when an attacker is able to manipulate the data that is imported or exported in a CSV file, in order to execute malicious code or gain unauthorized access to sensitive information. This vulnerability can be exploited by an attacker by injecting specially crafted data into a CSV file, which is then imported into the ERPGo system. This can potentially allow the attacker to gain access to sensitive information, such as login credentials or financial data, or to execute malicious code on the system.

tags | exploit
SHA-256 | 801e5c6092682a2b27f17597b4056f7e77672f236eae2def67958ed0d9232464
Inout RealEstate 2.1.3 SQL Injection
Posted Jan 23, 2023
Authored by CraCkEr

Inout RealEstate version 2.1.3 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | ffa3447c61c56fe4c310a17f891e52d6098984d03dfc9fd65cd0e880839be912
Page 1 of 6
Back12345Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
Malware Operators Use Copyright Infringement To Lure In Businesses
Posted Nov 1, 2024

tags | headline, malware, cybercrime, fraud
FakeCall Malware Menaces Android Devices
Posted Oct 31, 2024

tags | headline, malware, phone, google
Chinese Attackers Accessed Canadian Government Networks For Five Years
Posted Oct 31, 2024

tags | headline, hacker, government, canada, china, cyberwar, spyware
Windows Themes 0-Day Bug Exposes Users To NTLM Credential Theft
Posted Oct 31, 2024

tags | headline, hacker, microsoft, data loss, flaw, password, zero day
Yahoo Discloses NetIQ iManager Flaws Allowing Remote Code Execution
Posted Oct 31, 2024

tags | headline, flaw, yahoo
North Korean Nation State Threat Actor Using Play Ransomware
Posted Oct 31, 2024

tags | headline, government, malware, cybercrime, cyberwar, cryptography, north korea
Prosecutors Seek A 17-Year Prison Term For Pentagon Secrets Leaker Jack Teixeira
Posted Oct 31, 2024

tags | headline, government, usa, data loss, cyberwar, military
LottieFiles Supply Chain Attack Exposes Users To Wallet Drainer
Posted Oct 31, 2024

tags | headline, hacker, privacy, malware, data loss, cryptography
Intel And AMD Chips Still Vulnerable To Spectre Flaw
Posted Oct 30, 2024

tags | headline, flaw, intel
AI Bug Bounty Program Yields 34 Flaws In Open Source Tools
Posted Oct 30, 2024

tags | headline, botnet, flaw
View More News →
packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close