Latest Exploits / Tools

Latest Exploits

  • Fri, 24 Mar 2017 15:04:22 +0000: Miele Professional PG 8528 Directory Traversal - Exploit Files ≈ Packet Storm
    The Miele Professional PG 8528 suffers from a directory traversal vulnerability.
  • Fri, 24 Mar 2017 15:00:40 +0000: Nuxeo Platform 6.x / 7.x Shell Upload - Exploit Files ≈ Packet Storm
    Nuxeo Platform versions 6.0 (LTS 2014), 7.1, 7.2, and 7.3 suffer from a remote shell upload vulnerability.
  • Fri, 24 Mar 2017 14:59:07 +0000: EON 5.0 SQL Injection - Exploit Files ≈ Packet Storm
    EON versions 5.0 and below suffer from a remote SQL injection vulnerability.
  • Fri, 24 Mar 2017 14:57:24 +0000: EON 5.0 Remote Code Execution - Exploit Files ≈ Packet Storm
    EON versions 5.0 and below suffer from a remote code execution vulnerability.
  • Fri, 24 Mar 2017 08:22:22 +0000: wifirxpower Local Buffer Overflow - Exploit Files ≈ Packet Storm
    wifirxpower suffers from local stack-based buffer overflow vulnerability.
  • Fri, 24 Mar 2017 05:55:55 +0000: Gr8 Tutorial Script SQL Injection - Exploit Files ≈ Packet Storm
    Gr8 Tutorial Script suffers from a remote SQL injection vulnerability.
  • Fri, 24 Mar 2017 04:44:44 +0000: Gr8 Gallery Script SQL Injection - Exploit Files ≈ Packet Storm
    Gr8 Gallery Script suffers from a remote SQL injection vulnerability.
  • Fri, 24 Mar 2017 00:26:14 +0000: NETGEAR WNR2000v5 (Un)authenticated hidden_lang_avi Stack Overflow - Exploit Files ≈ Packet Storm
    The NETGEAR WNR2000 router has a buffer overflow vulnerability in the hidden_lang_avi parameter. In order to exploit it, it is necessary to guess the value of a certain timestamp which is in the configuration of the router. An authenticated attacker can simply fetch this from a page, but an unauthenticated attacker has to brute force it. Brute-forcing the timestamp token might take a few minutes, a few hours, or days, but it is guaranteed that it can be brute-forced. This Metasploit module implements both modes, and it works very reliably. It has been tested with the WNR2000v5, firmware versions 1.0.0.34 and 1.0.0.18. It should also work with hardware revisions v4 and v3, but this has not been tested - with these routers it might be necessary to adjust the LibcBase variable as well as the gadget addresses.
  • Thu, 23 Mar 2017 20:32:22 +0000: LastPass Domain Design Flaw - Exploit Files ≈ Packet Storm
    The LastPass domain regex does not handle data and other pseudo-url schemes.
  • Thu, 23 Mar 2017 18:32:22 +0000: LastPass FireFox Content Script Loading - Exploit Files ≈ Packet Storm
    LastPass had an issue with websiteConnector.js content script allows proxying internal RPC commands. The fix appears to not work on FireFox.
  • Thu, 23 Mar 2017 16:28:37 +0000: Logsign Remote Command Injection - Exploit Files ≈ Packet Storm
    This Metasploit module exploits an command injection vulnerability in Logsign. By exploiting this vulnerability, unauthenticated users can execute arbitrary code under the root user. Logsign has a publicly accessible endpoint. That endpoint takes a user input and then use it during operating system command execution without proper validation. This Metasploit module was tested against 4.4.2 and 4.4.137 versions.
  • Thu, 23 Mar 2017 16:19:42 +0000: QNAP QTS Privilege Escalation / Information Disclosure - Exploit Files ≈ Packet Storm
    QNAP QTS versions prior to 4.2.4 suffer from a sensitive data exposure vulnerability that allows for privilege escalation.
  • Thu, 23 Mar 2017 13:03:33 +0000: APNGDis 2.8 Buffer Overflow - Exploit Files ≈ Packet Storm
    APNGDis version 2.8 suffers from multiple overflow vulnerabilities.
  • Thu, 23 Mar 2017 13:03:33 +0000: Joomla FocalPoint 1.2.3 SQL Injection - Exploit Files ≈ Packet Storm
    Joomla FocalPoint component version 1.2.3 suffers from a remote SQL injection vulnerability.
  • Thu, 23 Mar 2017 10:11:11 +0000: Joomla Modern Booking 1.0 SQL Injection - Exploit Files ≈ Packet Storm
    Joomla Modern Booking component version 1.0 suffers from a remote SQL injection vulnerability.
  • Thu, 23 Mar 2017 10:11:11 +0000: SpyCamLizard SC Liz 1.230 Buffer Overflow - Exploit Files ≈ Packet Storm
    SpyCamLizard SC Liz version 1.230 remote buffer overflow exploit.
  • Thu, 23 Mar 2017 07:22:22 +0000: onArcade 2.4.x Local File Disclosure - Exploit Files ≈ Packet Storm
    onArcade version 2.4.x suffers from a local file disclosure vulnerability.
  • Thu, 23 Mar 2017 05:55:55 +0000: D-Link DSL-2640B Remote DNS Changer - Exploit Files ≈ Packet Storm
    D-Link DSL-2640B remote DNS changing exploit.
  • Thu, 23 Mar 2017 04:44:44 +0000: Flippa Clone SQL injection - Exploit Files ≈ Packet Storm
    Flippa Clone suffers from a remote SQL injection vulnerability.
  • Thu, 23 Mar 2017 04:02:22 +0000: Bonza Digital Cart Script 1 SQL Injection - Exploit Files ≈ Packet Storm
    Bonza Digital Cart Script version 1 suffers from a remote SQL injection vulnerability.

Latest Tools

  • Thu, 23 Mar 2017 08:22:22 +0000: rldns 1.1 - Security Tool Files ≈ Packet Storm
    rldns is an open source lightweight DNS server for linux, netbsd, freebsd, and openbsd. Runs on x86 and x86_64 architectures.
  • Wed, 22 Mar 2017 13:05:55 +0000: Lynis Auditing Tool 2.4.7 - Security Tool Files ≈ Packet Storm
    Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.
  • Mon, 20 Mar 2017 23:42:33 +0000: OpenSSH 7.5p1 - Security Tool Files ≈ Packet Storm
    This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.
  • Mon, 20 Mar 2017 23:42:27 +0000: Faraday 2.4.0 - Security Tool Files ≈ Packet Storm
    Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
  • Wed, 15 Mar 2017 14:44:44 +0000: Lynis Auditing Tool 2.4.6 - Security Tool Files ≈ Packet Storm
    Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.
  • Mon, 13 Mar 2017 03:02:22 +0000: rldns 1.0 - Security Tool Files ≈ Packet Storm
    rldns is an open source lightweight DNS server for linux, netbsd, freebsd, and openbsd. Runs on x86 and x86_64 architectures.
  • Sun, 12 Mar 2017 16:10:35 +0000: Stegano 0.6.9 - Security Tool Files ≈ Packet Storm
    Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit (LSB) technique. It is possible to use a more advanced LSB method based on integers sets. The sets (Sieve of Eratosthenes, Fermat, Carmichael numbers, etc.) are used to select the pixels used to hide the information.
  • Fri, 10 Mar 2017 10:11:11 +0000: DAVOSET 1.3 - Security Tool Files ≈ Packet Storm
    DAVOSET is a tool for committing distributed denial of service attacks using execution on other sites.
  • Thu, 09 Mar 2017 17:14:10 +0000: Stegano 0.6.8 - Security Tool Files ≈ Packet Storm
    Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit (LSB) technique. It is possible to use a more advanced LSB method based on integers sets. The sets (Sieve of Eratosthenes, Fermat, Carmichael numbers, etc.) are used to select the pixels used to hide the information.
  • Thu, 09 Mar 2017 17:10:22 +0000: OpenDNSSEC 2.1.0 - Security Tool Files ≈ Packet Storm
    OpenDNSSEC is software that manages the security of domain names on the Internet. The project intends to drive adoption of Domain Name System Security Extensions (DNSSEC) to further enhance Internet security.
  • Thu, 09 Mar 2017 17:09:21 +0000: Lynis Auditing Tool 2.4.5 - Security Tool Files ≈ Packet Storm
    Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.
  • Wed, 08 Mar 2017 00:59:58 +0000: Blue Team Training Toolkit (BT3) 2.1.1 - Security Tool Files ≈ Packet Storm
    Blue Team Training Toolkit (BT3) is an attempt to introduce improvements in current computer network defense analysis training. Based on adversary replication techniques, and with reusability in mind, BT3 allows individuals and organizations to create realistic computer attack scenarios, while reducing infrastructure costs, implementation time and risk. The Blue Team Training Toolkit is written in Python, and it includes the latest versions of Encripto's Maligno and Pcapteller.
  • Tue, 07 Mar 2017 17:05:56 +0000: Proxmark Iceman Fork 1.7.0 - Security Tool Files ≈ Packet Storm
    This is a custom firmware written for the proxmark3. It extends the currently available firmware (revision 2.3.0) to support brute force attacks against proximity card access control systems.
  • Sat, 04 Mar 2017 00:55:46 +0000: Wireshark Analyzer 2.2.5 - Security Tool Files ≈ Packet Storm
    Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.
  • Fri, 03 Mar 2017 17:20:27 +0000: TOR Virtual Network Tunneling Tool 0.2.9.10 - Security Tool Files ≈ Packet Storm
    Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
  • Fri, 03 Mar 2017 17:16:12 +0000: Hashcat Advanced Password Recovery 3.40 Source Code - Security Tool Files ≈ Packet Storm
    Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the source code release.
  • Fri, 03 Mar 2017 17:15:39 +0000: Hashcat Advanced Password Recovery 3.40 Binary Release - Security Tool Files ≈ Packet Storm
    Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the binary release.
  • Fri, 03 Mar 2017 17:13:39 +0000: Capstone 3.0.5 - Security Tool Files ≈ Packet Storm
    Capstone is a multi-architecture, multi-platform disassembly framework. It has a simple and lightweight architecture-neutral API, thread-safe by design, provides details on disassembled instruction, and more.
  • Fri, 03 Mar 2017 17:11:57 +0000: I2P 0.9.29 - Security Tool Files ≈ Packet Storm
    I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.
  • Fri, 03 Mar 2017 16:58:22 +0000: Lynis Auditing Tool 2.4.4 - Security Tool Files ≈ Packet Storm
    Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.

@Risk Exploits

ExploitDB