Latest Exploits / Tools

Latest Exploits

  • Sun, 19 Apr 2015 18:27:49 +0000: Adobe Flash Player copyPixelsToByteArray Integer Overflow - Exploit Files ≈ Packet Storm
    This Metasploit module exploits an integer overflow in Adobe Flash Player. The vulnerability occurs in the copyPixelsToByteArray method from the BitmapData object. The position field of the destination ByteArray can be used to cause an integer overflow and write contents out of the ByteArray buffer. This Metasploit module has been tested successfully on Windows 7 SP1 (32-bit), IE 8 to IE 11 and Flash 14.0.0.176, 14.0.0.145 and 14.0.0.125.
  • Sun, 19 Apr 2015 18:27:11 +0000: WordPress Reflex Gallery Upload - Exploit Files ≈ Packet Storm
    This Metasploit module exploits an arbitrary PHP code upload in the WordPress Reflex Gallery version 3.1.3. The vulnerability allows for arbitrary file upload and remote code execution.
  • Sun, 19 Apr 2015 18:26:38 +0000: WordPress N-Media Website Contact Form Upload - Exploit Files ≈ Packet Storm
    This Metasploit module exploits an arbitrary PHP code upload in the WordPress N-Media Website Contact Form plugin, version 1.3.4. The vulnerability allows for arbitrary file upload and remote code execution.
  • Sun, 19 Apr 2015 18:26:06 +0000: WordPress Creative Contact Form Upload - Exploit Files ≈ Packet Storm
    This Metasploit module exploits an arbitrary PHP code upload in the WordPress Creative Contact Form version 0.9.7. The vulnerability allows for arbitrary file upload and remote code execution.
  • Sun, 19 Apr 2015 18:25:33 +0000: WordPress Work The Flow Upload - Exploit Files ≈ Packet Storm
    This Metasploit module exploits an arbitrary PHP code upload in the WordPress Work The Flow plugin, version 2.5.2. The vulnerability allows for arbitrary file upload and remote code execution.
  • Sun, 19 Apr 2015 17:43:46 +0000: Lychee 2.7.1 Remote Code Execution - Exploit Files ≈ Packet Storm
    Lychee version 2.7.1 suffers from a remote code execution vulnerability when logged in as an administrator.
  • Sun, 19 Apr 2015 17:39:12 +0000: Landesk Management Suite 9.5 RFI / CSRF - Exploit Files ≈ Packet Storm
    Landesk Management Suite version 9.5 suffers from cross site request forgery and remote file inclusion vulnerabilities.
  • Sun, 19 Apr 2015 11:11:11 +0000: BlueDragon CFChart Servlet 7.1.1.17759 Directory Traversal - Exploit Files ≈ Packet Storm
    The CFChart servlet of BlueDragon (component com.naryx.tagfusion.cfm.cfchartServlet) is vulnerable to arbitrary file retrieval due to a directory traversal vulnerability. In certain circumstances the retrieved file is also deleted. Versions 7.1.1.17759 is affected.
  • Sun, 19 Apr 2015 07:22:22 +0000: ADB Backup Traversal / File Overwrite - Exploit Files ≈ Packet Storm
    ADB backup on Android version 4.0.4 allows for file overwrite via modified tar headers.
  • Sun, 19 Apr 2015 04:44:44 +0000: WordPress Content Slide 1.4.2 CSRF / Cross Site Scripting - Exploit Files ≈ Packet Storm
    WordPress Content Slide plugin version 1.4.2 suffers from cross site request forgery and stored cross site scripting vulnerabilities.
  • Sun, 19 Apr 2015 04:02:22 +0000: Android Backup Agent Arbitrary Code Execution - Exploit Files ≈ Packet Storm
    The Android backup agent implementation was vulnerable to privilege escalation and race condition. An attacker with adb shell access could run arbitrary code as the system (1000) user (or any other valid package). The attack is tested on Android OS 4.4.4.
  • Sun, 19 Apr 2015 03:33:33 +0000: WordPress Citizen Space 1.1 Cross Site Scripting - Exploit Files ≈ Packet Storm
    WordPress Citizen Space plugin version 1.1 suffers from a cross site scripting vulnerability.
  • Sun, 19 Apr 2015 01:11:11 +0000: Mac OS X Local Denial Of Service - Exploit Files ≈ Packet Storm
    Local denial of service exploit for Mac OS X kernel versions prior to 10.10.3.
  • Sat, 18 Apr 2015 14:44:44 +0000: Wolf CMS 0.8.2 Shell Upload - Exploit Files ≈ Packet Storm
    Wolf CMS version 0.8.2 suffers from a remote shell upload vulnerability.
  • Sat, 18 Apr 2015 04:44:44 +0000: Nodes Studio CMS XSS / Path Disclosure / SQL Injection - Exploit Files ≈ Packet Storm
    Nodes Studio CMS suffers from cross site scripting, path disclosure, and remote SQL injection vulnerabilities.
  • Sat, 18 Apr 2015 02:22:22 +0000: ProFTPd 1.3.5 File Copy - Exploit Files ≈ Packet Storm
    ProFTPd installations that use the mod_copy module's SITE CPFR/SITE CPTO commands allows these commands to be used by unauthenticated clients.
  • Sat, 18 Apr 2015 02:22:22 +0000: WordPress WP-Mon Arbitrary File Download - Exploit Files ≈ Packet Storm
    WordPress WP-Mon plugin suffers from an arbitrary file disclosure vulnerability.
  • Fri, 17 Apr 2015 03:03:33 +0000: Oracle Hyperion Smart View For Office 11.1.2.3.000 DoS - Exploit Files ≈ Packet Storm
    Oracle Hyperion Smart View for Office version 11.1.2.3.000 crash proof of concept exploit.
  • Thu, 16 Apr 2015 05:58:22 +0000: WordPress Ajax Store Locator 1.2 SQL Injection - Exploit Files ≈ Packet Storm
    WordPress Ajax Store Locator versions 1.2 and below suffer from a remote SQL injection vulnerability.
  • Thu, 16 Apr 2015 05:54:07 +0000: D-Link/TRENDnet NCC Service Command Injection - Exploit Files ≈ Packet Storm
    This Metasploit module exploits a remote command injection vulnerability on several routers. The vulnerability exists in the ncc service, while handling ping commands. This Metasploit module has been tested on a DIR-626L emulated environment only. Several D-Link and TRENDnet devices are reported as affected, including: D-Link DIR-626L (Rev A) v1.04b04, D-Link DIR-636L (Rev A) v1.04, D-Link DIR-808L (Rev A) v1.03b05, D-Link DIR-810L (Rev A) v1.01b04, D-Link DIR-810L (Rev B) v2.02b01, D-Link DIR-820L (Rev A) v1.02B10, D-Link DIR-820L (Rev A) v1.05B03, D-Link DIR-820L (Rev B) v2.01b02, D-Link DIR-826L (Rev A) v1.00b23, D-Link DIR-830L (Rev A) v1.00b07, D-Link DIR-836L (Rev A) v1.01b03, and TRENDnet TEW-731BR (Rev 2) v2.01b01

Latest Tools

  • Sun, 19 Apr 2015 18:31:18 +0000: Maligno 2.1 - Security Tool Files ≈ Packet Storm
    Maligno is an open source penetration testing tool written in python, that serves Metasploit payloads. It generates shellcode with msfvenom and transmits it over HTTP or HTTPS. The shellcode is encrypted with AES and encoded with Base64 prior to transmission.
  • Sun, 19 Apr 2015 18:29:49 +0000: Lynis Auditing Tool 2.1.0 - Security Tool Files ≈ Packet Storm
    Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.
  • Wed, 15 Apr 2015 03:11:36 +0000: Zed Attack Proxy 2.4.0 Windows Installer - Security Tool Files ≈ Packet Storm
    The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. Windows installer.
  • Wed, 15 Apr 2015 03:09:01 +0000: Zed Attack Proxy 2.4.0 Linux Release - Security Tool Files ≈ Packet Storm
    The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. Linux release.
  • Wed, 15 Apr 2015 03:06:50 +0000: Zed Attack Proxy 2.4.0 Mac OS X Release - Security Tool Files ≈ Packet Storm
    The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. Mac OS X release.
  • Wed, 15 Apr 2015 03:01:16 +0000: I2P 0.9.19 - Security Tool Files ≈ Packet Storm
    I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.
  • Wed, 15 Apr 2015 02:58:31 +0000: Tor-ramdisk i686 UClibc-based Linux Distribution x86 20150411 - Security Tool Files ≈ Packet Storm
    Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86_64 version.
  • Tue, 14 Apr 2015 08:02:22 +0000: WordPress Brute Forcer 2.0 - Security Tool Files ≈ Packet Storm
    This is a python script that performs brute forcing against WordPress installs using a wordlist.
  • Fri, 10 Apr 2015 22:05:23 +0000: Aircrack-ng Wireless Network Tools 1.2 RC2 - Security Tool Files ≈ Packet Storm
    aircrack-ng is a set of tools for auditing wireless networks. It's an enhanced/reborn version of aircrack. It consists of airodump (an 802.11 packet capture program), aireplay (an 802.11 packet injection program), aircrack (static WEP and WPA-PSK cracking), airdecap (decrypts WEP/WPA capture files), and some tools to handle capture files (merge, convert, etc.).
  • Fri, 10 Apr 2015 03:33:33 +0000: WebDAV Uploading Script - Security Tool Files ≈ Packet Storm
    Simple PHP script that explores WebDAV vulnerable sites that allow arbitrary uploads.
  • Tue, 07 Apr 2015 16:27:24 +0000: TOR Virtual Network Tunneling Tool 0.2.5.12 - Security Tool Files ≈ Packet Storm
    Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
  • Tue, 07 Apr 2015 12:22:22 +0000: Smalisca 0.1 - Security Tool Files ≈ Packet Storm
    Smalisca is a static code analysis tool for Smali files.
  • Mon, 06 Apr 2015 17:12:41 +0000: IPv6 Toolkit 2.0 - Security Tool Files ≈ Packet Storm
    SI6 Networks' IPv6 toolkit is a security assessment and troubleshooting tool for the IPv6 protocols. It can send arbitrary IPv6-based packets.
  • Mon, 30 Mar 2015 23:40:37 +0000: Tor-ramdisk i686 UClibc-based Linux Distribution x86 20150322 - Security Tool Files ≈ Packet Storm
    Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86_64 version.
  • Fri, 27 Mar 2015 21:38:12 +0000: MIMEDefang Email Scanner 2.76 - Security Tool Files ≈ Packet Storm
    MIMEDefang is a flexible MIME email scanner designed to protect Windows clients from viruses. Includes the ability to do many other kinds of mail processing, such as replacing parts of messages with URLs. It can alter or delete various parts of a MIME message according to a very flexible configuration file. It can also bounce messages with unacceptable attachments. MIMEDefang works with the Sendmail 8.11 and newer "Milter" API, which makes it more flexible and efficient than procmail-based approaches.
  • Thu, 26 Mar 2015 17:11:39 +0000: Samhain File Integrity Checker 3.1.5 - Security Tool Files ≈ Packet Storm
    Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
  • Tue, 24 Mar 2015 00:50:24 +0000: oclHashcat For NVidia 1.35 - Security Tool Files ≈ Packet Storm
    oclHashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. NVidia version.
  • Tue, 24 Mar 2015 00:42:18 +0000: oclHashcat For AMD 1.35 - Security Tool Files ≈ Packet Storm
    oclHashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. AMD version.
  • Fri, 20 Mar 2015 05:51:29 +0000: OpenSSL Toolkit 1.0.2a - Security Tool Files ≈ Packet Storm
    OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.
  • Wed, 18 Mar 2015 00:57:28 +0000: TOR Virtual Network Tunneling Tool 0.2.5.11 - Security Tool Files ≈ Packet Storm
    Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).

@Risk Exploits

  • : SANSFIRE 2011 - @RISK: The Consensus Security Alert
    SANSFIRE 2011

ExploitDB