Latest Exploits / Tools

Latest Exploits

  • Fri, 06 Mar 2015 22:42:55 +0000: Elastix 2.5.0 SQL Injection - Exploit Files ≈ Packet Storm
    Elastix versions 2.5.0 and below suffer from a remote blind SQL injection vulnerability.
  • Fri, 06 Mar 2015 22:01:50 +0000: Betster 1.0.4 SQL Injection / Authentication Bypass - Exploit Files ≈ Packet Storm
    Betster version 1.0.4 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
  • Fri, 06 Mar 2015 14:41:50 +0000: Nvidia Mental Ray Satellite Service Arbitrary DLL Injection - Exploit Files ≈ Packet Storm
    The Nvidia Mental Ray Satellite Service listens for control commands on port 7414. When it receives the command to load a DLL (via an UNC path) it will try to connect back to the host on port 7514. If a TCP connection is successful it will then attempt to load the DLL. This Metasploit module has been tested successfully on Win7 x64 with Nvidia Mental Ray Satellite Service v3.11.1.
  • Fri, 06 Mar 2015 14:37:24 +0000: ProjectSend r561 SQL Injection - Exploit Files ≈ Packet Storm
    ProjectSend version r561 suffers from a remote SQL injection vulnerability.
  • Fri, 06 Mar 2015 14:35:35 +0000: WordPress Download Manager 2.7.2 Privilege Escalation - Exploit Files ≈ Packet Storm
    WordPress Download Manager plugin version 2.7.2 suffers from a privilege escalation vulnerability.
  • Thu, 05 Mar 2015 21:58:20 +0000: PHPMoAdmin 1.1.2 Remote Code Execution - Exploit Files ≈ Packet Storm
    This Metasploit module exploits an arbitrary PHP command execution vulnerability due to a dangerous use of eval() in PHPMoAdmin.
  • Thu, 05 Mar 2015 21:55:27 +0000: Ultimate PHP Board (UPB) 2.2.7 Cross Site Scripting - Exploit Files ≈ Packet Storm
    Ultimate PHP Board (UPB) version 2.2.7 suffers from a cross site scripting vulnerability.
  • Thu, 05 Mar 2015 03:03:40 +0000: HP Data Protector 8.10 Remote Command Execution - Exploit Files ≈ Packet Storm
    This Metasploit module exploits a remote command execution on HP Data Protector 8.10. Arbitrary commands can be execute by sending crafted requests with opcode 28 to the OmniInet service listening on the TCP/5555 port. Since there is an strict length limitation on the command, rundll32.exe is executed, and the payload is provided through a DLL by a fake SMB server. This Metasploit module has been tested successfully on HP Data Protector 8.1 on Windows 7 SP1.
  • Wed, 04 Mar 2015 18:32:22 +0000: Generic DLL Injection From Shared Resource - Exploit Files ≈ Packet Storm
    This is a general-purpose module for exploiting conditions where a DLL can be loaded from an specified SMB share. This Metasploit module serves payloads as DLLs over an SMB service.
  • Wed, 04 Mar 2015 17:22:22 +0000: Generic Web Application DLL Injection - Exploit Files ≈ Packet Storm
    This is a general-purpose module for exploiting conditions where a HTTP request triggers a DLL load from an specified SMB share. This Metasploit module serves payloads as DLLs over an SMB service and allows an arbitrary HTTP URL to be called that would trigger the load of the DLL.
  • Wed, 04 Mar 2015 15:02:22 +0000: Webshop Hun 1.062S Directory Traversal - Exploit Files ≈ Packet Storm
    Webshop Hun version 1.062S suffers from a directory traversal vulnerability.
  • Wed, 04 Mar 2015 14:02:22 +0000: Webshop Hun 1.062S Cross Site Scripting - Exploit Files ≈ Packet Storm
    Webshop Hun version 1.062S suffers from a cross site scripting vulnerability.
  • Wed, 04 Mar 2015 13:33:33 +0000: Webshop Hun 1.062S SQL Injection - Exploit Files ≈ Packet Storm
    Webshop Hun version 1.062S suffers from a remote SQL injection vulnerability.
  • Wed, 04 Mar 2015 13:03:33 +0000: WordPress Newsletter 2.6.x / 2.5.x Open Redirect - Exploit Files ≈ Packet Storm
    WordPress Newsletter plugin versions 2.6.x and 2.5.x suffer from an open redirect vulnerability.
  • Wed, 04 Mar 2015 13:02:22 +0000: WordPress Max Banner Ads 1.9 Cross Site Scripting - Exploit Files ≈ Packet Storm
    WordPress Max Banner Ads plugin versions 1.09 through 1.9 suffer from a cross site scripting vulnerability.
  • Wed, 04 Mar 2015 13:01:11 +0000: WordPress Ya'aburnee / Dignitas Privilege Escalation - Exploit Files ≈ Packet Storm
    WordPress Ya'aburnee theme version 1.0.7 and Dignitas theme 1.1.9 suffer from a privilege escalation vulnerability.
  • Wed, 04 Mar 2015 12:22:22 +0000: WordPress Contact Form DB 2.8.29 Cross Site Request Forgery - Exploit Files ≈ Packet Storm
    WordPress Contact Form DB plugin version 2.8.29 suffers from a cross site request forgery vulnerability.
  • Wed, 04 Mar 2015 05:44:44 +0000: Netcat CMS 5.5 Cross Site Scripting - Exploit Files ≈ Packet Storm
    Netcat CMS version 5.5 suffers from a stored cross site scripting vulnerability.
  • Tue, 03 Mar 2015 23:13:59 +0000: Solarwinds Orion Service SQL Injection - Exploit Files ≈ Packet Storm
    Various remote SQL injection vulnerabilities exist in the core Orion service used in most of the Solarwinds products. Affected products include Network Performance Monitor below version 11.5, NetFlow Traffic Analyzer below version 4.1, Network Configuration Manager below version 7.3.2, IP Address Manager below version 4.3, User Device Tracker below version 3.2, VoIP
  • Tue, 03 Mar 2015 22:44:44 +0000: PHPMoAdmin Remote Code Execution - Exploit Files ≈ Packet Storm
    PHPMoAdmin suffers from a remote unauthorized code execution vulnerability.

Latest Tools

  • Fri, 06 Mar 2015 22:50:55 +0000: Packet Fence 4.7.0 - Security Tool Files ≈ Packet Storm
    PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
  • Fri, 06 Mar 2015 14:40:38 +0000: FireHOL 2.0.2 - Security Tool Files ≈ Packet Storm
    FireHOL a simple yet powerful way to configure stateful iptables firewalls. It can be used for almost any purpose, including control of any number of internal/external/virtual interfaces, control of any combination of routed traffic, setting up DMZ routers and servers, and all kinds of NAT. It provides strong protection (flooding, spoofing, etc.), transparent caches, source MAC verification, blacklists, whitelists, and more. Its goal is to be completely abstracted and powerful but also easy to use, audit, and understand.
  • Thu, 05 Mar 2015 03:10:42 +0000: Wireshark Analyzer 1.12.4 - Security Tool Files ≈ Packet Storm
    Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.
  • Mon, 02 Mar 2015 10:11:11 +0000: tmap 0.1 - Security Tool Files ≈ Packet Storm
    tmap is a fast multi-threaded port scanner that tunnels through TOR.
  • Sun, 01 Mar 2015 10:22:22 +0000: Cross Site Tracer Script - Security Tool Files ≈ Packet Storm
    Cross Site Tracer is a python script to check remote web servers for cross-site tracing.
  • Fri, 27 Feb 2015 23:28:53 +0000: GNU Privacy Guard 2.0.27 - Security Tool Files ≈ Packet Storm
    GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.
  • Fri, 27 Feb 2015 23:28:16 +0000: GNU Privacy Guard 1.4.19 - Security Tool Files ≈ Packet Storm
    GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.
  • Thu, 26 Feb 2015 17:32:38 +0000: Secure rm 1.2.15 - Security Tool Files ≈ Packet Storm
    Secure rm (srm) is a command-line compatible rm(1) which completely destroys file contents before unlinking. The goal is to provide drop in security for users who wish to prevent command line recovery of deleted information, even if the machine is compromised.
  • Wed, 25 Feb 2015 22:17:29 +0000: Lynis Auditing Tool 2.0.0 - Security Tool Files ≈ Packet Storm
    Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.
  • Wed, 25 Feb 2015 17:14:06 +0000: Suricata IDPE 2.0.7 - Security Tool Files ≈ Packet Storm
    Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.
  • Tue, 24 Feb 2015 01:55:12 +0000: I2P 0.9.18 - Security Tool Files ≈ Packet Storm
    I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.
  • Tue, 24 Feb 2015 01:49:06 +0000: Maligno 2.0 - Security Tool Files ≈ Packet Storm
    Maligno is an open source penetration testing tool written in python, that serves Metasploit payloads. It generates shellcode with msfvenom and transmits it over HTTP or HTTPS. The shellcode is encrypted with AES and encoded with Base64 prior to transmission.
  • Sat, 21 Feb 2015 17:02:22 +0000: Juli Man-In-The-Middle Script - Security Tool Files ≈ Packet Storm
    This is a simple perl script for setting up man-in-the-middle attacks on Linux.
  • Thu, 19 Feb 2015 23:08:49 +0000: Packet Fence 4.6.1 - Security Tool Files ≈ Packet Storm
    PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
  • Wed, 18 Feb 2015 22:43:55 +0000: Hyperion Runtime Encrypter 1.2 - Security Tool Files ≈ Packet Storm
    Hyperion is a runtime encrypter for 32-bit portable executables. It is a reference implementation and bases on the paper "Hyperion: Implementation of a PE-Crypter".
  • Tue, 17 Feb 2015 16:48:51 +0000: Samhain File Integrity Checker 3.1.4 - Security Tool Files ≈ Packet Storm
    Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
  • Mon, 16 Feb 2015 23:41:10 +0000: oclHashcat For NVidia 1.33 - Security Tool Files ≈ Packet Storm
    oclHashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. NVidia version.
  • Mon, 16 Feb 2015 23:30:23 +0000: oclHashcat For AMD 1.33 - Security Tool Files ≈ Packet Storm
    oclHashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. AMD version.
  • Mon, 16 Feb 2015 18:05:39 +0000: FireHOL 2.0.1 - Security Tool Files ≈ Packet Storm
    FireHOL a simple yet powerful way to configure stateful iptables firewalls. It can be used for almost any purpose, including control of any number of internal/external/virtual interfaces, control of any combination of routed traffic, setting up DMZ routers and servers, and all kinds of NAT. It provides strong protection (flooding, spoofing, etc.), transparent caches, source MAC verification, blacklists, whitelists, and more. Its goal is to be completely abstracted and powerful but also easy to use, audit, and understand.
  • Fri, 13 Feb 2015 18:21:01 +0000: Router Hunter 1.0 - Security Tool Files ≈ Packet Storm
    Router Hunter is a php script that scans for and exploits DNS change vulnerabilities in Shuttle Tech ADSL Modem-Router 915 WM and D-Link DSL-2740R routers and also exploits the credential disclosure vulnerability in LG DVR LE6016D devices.

@Risk Exploits

  • : SANSFIRE 2011 - @RISK: The Consensus Security Alert
    SANSFIRE 2011

ExploitDB