SOPlanning version 1.52.00 suffers from a remote SQL injection vulnerability in projects.php.
https://packetstormsecurity.com/files/178436/soplanning15200-sql.txt
SOPlanning version 1.52.00 suffers from a cross site request forgery vulnerability in xajax_server.php.
https://packetstormsecurity.com/files/178435/soplanning15200-xsrf.txt
SOPlanning version 1.52.00 suffers from a cross site scripting vulnerability in groupe_save.php.
https://packetstormsecurity.com/files/178434/soplanning15200-xss.txt
htmlLawed versions 1.2.5 and below proof of concept remote command execution exploit.
https://packetstormsecurity.com/files/178425/CVE-2022-35914.sh.txt
This archive contains all of the 132 exploits added to Packet Storm in April, 2024.
https://packetstormsecurity.com/files/178422/202404-exploits.tgz
Online Tours and Travels Management System version 1.0 suffers from a remote SQL injection vulnerability.
https://packetstormsecurity.com/files/178418/tmotmsp10-sql.txt
Proof of concept code that demonstrates how the Windows kernel suffers from a privilege escalation vulnerability due to a double-fetch in PspBuildCreateProcessContext that leads to a stack buffer...
https://packetstormsecurity.com/files/178377/CVE-2024-26218-main.zip
Proof of concept code that demonstrates how the Windows kernel suffers from a privilege escalation vulnerability due to a double-fetch in NtQueryInformationThread that leads to an arbitrary write...
https://packetstormsecurity.com/files/178376/CVE-2024-21345-main.zip
This is the full Windows privilege escalation exploit produced from the blog Exploiting the NT Kernel in 24H2: New Bugs in Old Code and Side Channels Against KASLR.
https://packetstormsecurity.com/files/178378/24h2-nt-exploit-main.zip
osCommerce version 4 suffers from a cross site scripting vulnerability. This finding is another vector of attack for this issue already discovered by the same researcher in November of 2023.
https://packetstormsecurity.com/files/178375/oscommerce4cat-xss.txt
This Metasploit module exploits an unauthenticated command injection vulnerability in Progress Kemp LoadMaster in the authorization header after version 7.2.48.1. The following versions are patch...
https://packetstormsecurity.com/files/178305/progress_kemp_loadmaster_unauth_cmd_injection.rb.txt
Doctor Appointment Management System version 1.0 suffers from a cross site scripting vulnerability.
ESET NOD32 Antivirus version 17.1.11.0 suffers from an unquoted service path vulnerability.
https://packetstormsecurity.com/files/178294/esetnod32av171110-unquotedpath.txt
PowerVR has a security issue where a writability check in PMRMMapPMR() does not clear VM_MAYWRITE.
https://packetstormsecurity.com/files/178256/GS20240425141408.tgz
Apache Solr versions 6.0.0 through 8.11.2 and versions 9.0.0 up to 9.4.1 are affected by an unrestricted file upload vulnerability which can result in remote code execution in the context of the ...
https://packetstormsecurity.com/files/178255/apache_solr_backup_restore.rb.txt
Relate Learning and Teaching System versions prior to 2024.1 suffers from a server-side template injection vulnerability that leads to remote code execution. This particular finding targets the B...
https://packetstormsecurity.com/files/178251/rltsbiet-sstiexec.txt
Nginx versions 1.25.5 and below appear to have a host header filtering validation bug that could possibly be used for malice.
https://packetstormsecurity.com/files/178250/nginx1255-hostvalidation.txt
A remote SQL injection vulnerability exists in FortiNet FortiClient EMS (Endpoint Management Server) versions 7.2.0 through 7.2.2 and 7.0.1 through 7.0.10. FortiClient EMS serves as an endpoint m...
https://packetstormsecurity.com/files/178230/forticlient_ems_fctid_sqli.rb.txt
GitKraken GitLens versions prior to 14.0.0 allow an untrusted workspace to execute git commands. A repo may include its own .git folder including a malicious config file to execute arbitrary code...
https://packetstormsecurity.com/files/178227/gitlens_local_config_exec.rb.txt
This Metasploit module creates a vsix file which can be installed in Visual Studio Code as an extension. At activation/install, the extension will execute a shell or two. Tested against VSCode 1....
https://packetstormsecurity.com/files/178225/visual_studio_vsix_exec.rb.txt
A remote code execution vulnerability in Gambio online webshop versions 4.9.2.0 and below allows remote attackers to run arbitrary commands via an unauthenticated HTTP POST request. The identifie...
https://packetstormsecurity.com/files/178222/gambio_unauth_rce_cve_2024_23759.rb.txt
This Metasploit module exploits two vulnerabilities in Palo Alto Networks PAN-OS that allow an unauthenticated attacker to create arbitrarily named files and execute shell commands. Configuration...
https://packetstormsecurity.com/files/178220/panos_telemetry_cmd_exec.rb.txt
Palo Alto PAN-OS versions prior to 11.1.2-h3 command injection and arbitrary file creation exploit.
https://packetstormsecurity.com/files/178216/paloaltopanos-filecreateexec.txt
LRMS PHP version 1.0 suffers from remote shell upload and multiple remote SQL injection vulnerabilities.
https://packetstormsecurity.com/files/178215/lrms10-sqlshell.txt
Dreamehome versions 2.1.5 and below suffer from multiple broken authorization vulnerabilities.
https://packetstormsecurity.com/files/178218/SA-20240418-0.txt