This Metasploit module leverages an authentication bypass and directory traversal vulnerabilities in Saltstack Salt’s REST API to execute commands remotely on the master as the root user. Every 60 seconds,…

This Metasploit module exploits a pre-authentication server-side request forgery vulnerability in the F5 iControl REST API’s /mgmt/shared/authn/login endpoint to generate an X-F5-Auth-Token that can be used to execute root commands…

This archive contains all of the 233 exploits added to Packet Storm in March, 2021.

Trojan-Downloader.Win32.Delf.oxz malware suffers from an insecure permissions vulnerability.

Trojan-Downloader.Win32.Delf.ur malware suffers from an insecure permissions vulnerability.

Trojan-Downloader.Win32.Delf.nzg malware suffers from an insecure permissions vulnerability.

ZBL EPON ONU Broadband Router version 1.0 suffers from a privilege escalation vulnerability. The limited administrative user (admin:admin) can elevate his/her privileges by sending a HTTP GET request to the…

Zabbix version 3.4.7 suffers from a persistent cross site scripting vulnerability.

CourseMS version 2.1 suffers from a persistent cross site scripting vulnerability.