This Metasploit module exploits a SQL injection vulnerability in Cacti versions 1.2.12 and below. An admin can exploit the filter variable within color.php to pull arbitrary values as well as conduct stacked queries. With stacked queries, the path_php_binary value is changed within the settings table to a payload, and an update is called to execute […]
Postbird version 0.8.4 suffers from cross site scripting, local file inclusion, and insecure data storage vulnerabilities. Included in this archive is a whitepaper and proof of concept exploit.
This archive contains all of the 185 exploits added to Packet Storm in May, 2021.
Veyon version 4.4.1 suffers from an unquoted service path vulnerability.
DupTerminator version 1.4.5639.37199 denial of service proof of concept exploit.
Backdoor.Win32.Wisell malware suffers from a code execution vulnerability.
LogonTracer version 1.2.0 unauthenticated remote code execution exploit.
WordPress WP Prayer plugin version 1.6.1 suffers from a persistent cross site scripting vulnerability.
CHIYU TCP/IP Converter devices suffers from a crlf injection vulnerability. Versions affected include BF-430, BF-431, and BF-450M.
CHIYU IoT devices suffer from multiple cross site scripting vulnerabilities. Versions affected include BF-430, BF-431, BF-450M, BF-630, BF631-W, BF830-W, Webpass, BF-MINI-W, and SEMAC.