Latest Exploits / Tools

Latest Exploits

  • Wed, 24 Aug 2016 11:12:12 +0000: chatNow 0.0.0 Cross Site Request Forgery - Exploit Files ≈ Packet Storm
    chatNow version 0.0.0 suffers from a cross site request forgery vulnerability.
  • Wed, 24 Aug 2016 11:11:11 +0000: chatNow 0.0.0 Cross Site Scripting - Exploit Files ≈ Packet Storm
    chatNow version 0.0.0 suffers from a cross site scripting vulnerability.
  • Wed, 24 Aug 2016 10:22:22 +0000: SimplePHPQuiz Blind SQL Injection - Exploit Files ≈ Packet Storm
    SimplePHPQuiz suffers from a remote blind SQL injection vulnerability.
  • Tue, 23 Aug 2016 15:55:55 +0000: WordPress Mail Master 1.0 Local File Inclusion - Exploit Files ≈ Packet Storm
    WordPress Mail Masta plugin version 1.0 suffers from a local file inclusion vulnerability.
  • Tue, 23 Aug 2016 15:44:44 +0000: VideoIQ Camera Remote File Disclosure - Exploit Files ≈ Packet Storm
    VideoIQ Camera suffers from a file disclosure vulnerability.
  • Tue, 23 Aug 2016 14:04:44 +0000: Gnome Eye Of Gnome 3.10.2 Out-Of-Bounds Write - Exploit Files ≈ Packet Storm
    Gnome Eye of Gnome version 3.10.2 suffers from an out-of-bounds write vulnerability.
  • Tue, 23 Aug 2016 04:44:44 +0000: WordPress Bonkersbeat / Method / Awake Arbitrary File Download - Exploit Files ≈ Packet Storm
    WordPress Bonkersbeat theme version 1.0, Method theme version 1.8, and Awake theme version 3.2 suffer from an arbitrary file download vulnerability.
  • Mon, 22 Aug 2016 18:35:20 +0000: BENIGNCERTAIN Cisco VPN Private Key Extraction - Exploit Files ≈ Packet Storm
    BENIGNCERTAIN is a remote exploit to extract Cisco VPN private keys. Note that this exploit is part of the recent public disclosure from the "Shadow Brokers" who claim to have compromised data from a team known as the "Equation Group", however, there is no author data available in this content. The tool references Cisco PIX versions 5.2(9) to 6.3(4), which were released in 2004.
  • Mon, 22 Aug 2016 18:30:25 +0000: Phoenix Exploit Kit Remote Code Execution - Exploit Files ≈ Packet Storm
    This Metasploit module exploits a remote code execution in the web panel of Phoenix Exploit Kit via the geoip.php. The Phoenix Exploit Kit is a popular commercial crimeware tool that probes the browser of the visitor for the presence of outdated and insecure versions of browser plugins like Java, and Adobe Flash and Reader which then silently installs malware.
  • Mon, 22 Aug 2016 18:27:35 +0000: Jaws CMS 1.1.1 Cross Site Request Forgery - Exploit Files ≈ Packet Storm
    Jaws CMS version 1.1.1 suffers from a cross site request forgery vulnerability.
  • Mon, 22 Aug 2016 18:26:55 +0000: phpCollab CMS 2.5 Cross Site Request Forgery - Exploit Files ≈ Packet Storm
    phpCollab CMS version 2.5 suffers from a cross site request forgery vulnerability.
  • Mon, 22 Aug 2016 18:25:49 +0000: AVS Audio Converter 8.2.1 Buffer Overflow - Exploit Files ≈ Packet Storm
    AVS Audio Converter version 8.2.1 suffers from a buffer overflow vulnerability.
  • Mon, 22 Aug 2016 18:24:21 +0000: ISPconfig 3.0.5.4 p6 Cross Site Scripting - Exploit Files ≈ Packet Storm
    ISPconfig version 3.0.5.4 p6 suffers from a cross site scripting vulnerability. It also leaks exception information.
  • Mon, 22 Aug 2016 18:13:38 +0000: ObiHai ObiPhone 1032/1062 XSS / CSRF / DoS / Command Injection - Exploit Files ≈ Packet Storm
    ObiHai ObiPhone 1032/1062 with firmware less than 5-0-0-3497 suffers from buffer overflow, cross site scripting, cross site request forgery, command injection, denial of service, and various other vulnerabilities.
  • Mon, 22 Aug 2016 00:07:11 +0000: Newtec Satellite Modem MDM6000 2.2.5 Cross Site Scripting - Exploit Files ≈ Packet Storm
    Newtec Satellite Modem version MDM6000 2.2.5 suffers from a cross site scripting vulnerability.
  • Mon, 22 Aug 2016 00:06:05 +0000: Sakai 10.7 Cross Site Scripting / Local File Inclusion - Exploit Files ≈ Packet Storm
    Sakai version 10.7 suffers from cross site scripting and local file inclusion vulnerabilities.
  • Mon, 22 Aug 2016 00:01:06 +0000: WordPress 4.5.3 Core Ajax Handlers Path Traversal - Exploit Files ≈ Packet Storm
    WordPress version 4.5.3 suffers from a path traversal vulnerability in the core ajax handlers.
  • Sat, 20 Aug 2016 22:22:22 +0000: MESSOA IP-Cameras Authentication Bypass / Credential Changer - Exploit Files ≈ Packet Storm
    This exploit demonstrates an authentication bypass on multiple MESSOA IP cameras that can change the admin username and password.
  • Sat, 20 Aug 2016 18:32:22 +0000: Vanderbilt IP-Camera CCPW3025-IR / CVMW3025-IR Credential Disclosure - Exploit Files ≈ Packet Storm
    Vanderbilt IP-Camera versions CCPW3025-IR and CVMW3025-IR suffer from a remote credential disclosure vulnerability.
  • Sat, 20 Aug 2016 14:02:22 +0000: JVC IP-Camera VN-T216VPRU Credential Disclosure - Exploit Files ≈ Packet Storm
    JVC IP-Camera version VN-T216VPRU suffers from a remote credential disclosure vulnerability.

Latest Tools

  • Wed, 24 Aug 2016 23:33:26 +0000: TOR Virtual Network Tunneling Tool 0.2.8.7 - Security Tool Files ≈ Packet Storm
    Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
  • Tue, 23 Aug 2016 14:23:11 +0000: Lynis Auditing Tool 2.3.3 - Security Tool Files ≈ Packet Storm
    Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.
  • Mon, 22 Aug 2016 04:44:44 +0000: UFONet 0.7 - Security Tool Files ≈ Packet Storm
    UFONet abuses OSI Layer 7-HTTP to create/manage 'zombies' and to conduct different attacks using GET/POST, multithreading, proxies, origin spoofing methods, cache evasion techniques, etc.
  • Sun, 21 Aug 2016 22:59:18 +0000: Hashcat Advanced Password Recovery 3.10 Source Code - Security Tool Files ≈ Packet Storm
    hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the source code release.
  • Sun, 21 Aug 2016 22:59:12 +0000: Hashcat Advanced Password Recovery 3.10 Binary Release - Security Tool Files ≈ Packet Storm
    hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the binary release.
  • Sun, 21 Aug 2016 22:58:58 +0000: ifchk 1.0.5 - Security Tool Files ≈ Packet Storm
    Ifchk is a network interface promiscuous mode detection tool that reports on the operational state of all configured interfaces present on the system. In addition, it will disable those interfaces found to be promiscuous if told to do so. Per-interface statistics can also be displayed, allowing administrators to perform traffic trend analysis, which could be an aid in the identification of possible inconsistencies or spikes in network traffic volume that may warrant further investigation.
  • Thu, 18 Aug 2016 16:02:22 +0000: BLATSTING / BANANAGLEE / BANANABALLOT Implants - Security Tool Files ≈ Packet Storm
    This bundle contains various implants such as BLATSTING, BANANAGLEE, and BANANABALLOT. They are firewall and BIOS implants. Note that these implants are part of the recent public disclosure from the "Shadow Brokers" who claim to have compromised data from a team known as the "Equation Group", however, there is no author data available in this content.
  • Wed, 17 Aug 2016 23:55:55 +0000: GNU Privacy Guard 1.4.21 - Security Tool Files ≈ Packet Storm
    GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.
  • Wed, 17 Aug 2016 23:05:22 +0000: Faraday 2.0.0 - Security Tool Files ≈ Packet Storm
    Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
  • Tue, 16 Aug 2016 15:54:10 +0000: Tor-ramdisk i686 UClibc-based Linux Distribution x86 20160810 - Security Tool Files ≈ Packet Storm
    Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86_64 version.
  • Fri, 12 Aug 2016 21:17:59 +0000: Hydra Network Logon Cracker 8.3 - Security Tool Files ≈ Packet Storm
    THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.
  • Tue, 09 Aug 2016 18:46:45 +0000: Raptor WAF 0.2 - Security Tool Files ≈ Packet Storm
    Raptor is a web application firewall written in C that uses DFA to block SQL injection, cross site scripting, and path traversals.
  • Tue, 09 Aug 2016 18:46:36 +0000: Lynis Auditing Tool 2.3.2 - Security Tool Files ≈ Packet Storm
    Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.
  • Tue, 09 Aug 2016 18:09:57 +0000: Samhain File Integrity Checker 4.1.5 - Security Tool Files ≈ Packet Storm
    Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
  • Sat, 06 Aug 2016 18:56:04 +0000: Stegano 0.6 - Security Tool Files ≈ Packet Storm
    Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit (LSB) technique. It is possible to use a more advanced LSB method based on integers sets. The sets (Sieve of Eratosthenes, Fermat, Carmichael numbers, etc.) are used to select the pixels used to hide the information.
  • Sat, 06 Aug 2016 18:50:51 +0000: Web-Based Firewall Logging Tool 1.1.0 - Security Tool Files ≈ Packet Storm
    Webfwlog is a Web-based firewall log reporting and analysis tool. It allows users to design reports to use on logged firewall data in whatever configuration they desire. Included are sample reports as a starting point. Reports can be sorted with a single click, or "drilled-down" all the way to the packet level, and saved for later use. Supported log formats are netfilter, ipfilter, ipfw, ipchains, and Windows XP. Netfilter support includes ulogd MySQL or PostgreSQL database logs using the iptables ULOG target.
  • Sat, 06 Aug 2016 18:49:54 +0000: Falco 0.3.0 - Security Tool Files ≈ Packet Storm
    Sysdig falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about falco as a mix between snort, ossec and strace.
  • Thu, 04 Aug 2016 10:22:22 +0000: NetNeedle Network-Based Steganography Tool - Security Tool Files ≈ Packet Storm
    NetNeedle provides for encrypted control channels and chat sessions that are disguised to look like other common network activity. It only transmits "decoy" data in the "payload" section of any packet, so forensic analysts will only see packets that look identical to ordinary ping or HTTP GET requests. The actual data is encoded in IP headers in fields that typically contain random values. In addition to evasion features, penetration testers can use this tool to maintain control over servers in environments with highly restrictive access lists. Because NetNeedle subverts expectations surrounding network traffic, it enables users to set up back doors that use simple ICMP packets or TCP ports that are already in use. Administrators who believe that they are safe due to "principle of least privilege" access control lists or who believe that ICMP ping is harmless will find themselves sadly mistaken.
  • Wed, 03 Aug 2016 13:13:13 +0000: PH.I NFS Scanner - Security Tool Files ≈ Packet Storm
    PHI.I is an effective NFS scanner. It is intended to be left running in a screen session somewhere, scans randomly and requires very little user interaction. It finds large numbers of exported NFS directories, and lists the contents of directories that are exported to everyone. There are very large numbers of completely open NFS shares, despite it being an issue for at least 30 years. Written in bash.
  • Tue, 02 Aug 2016 23:55:52 +0000: OpenSSH 7.3p1 - Security Tool Files ≈ Packet Storm
    This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.

@Risk Exploits

ExploitDB