Latest Exploits / Tools

Latest Exploits

  • Fri, 19 Sep 2014 23:56:48 +0000: GetSimpleCMS PHP File Upload - Exploit Files ≈ Packet Storm
    This Metasploit module exploits a file upload vulnerability in GetSimple CMS. By abusing the upload.php file, a malicious authenticated user can upload an arbitrary file, including PHP code, which results in arbitrary code execution.
  • Fri, 19 Sep 2014 10:22:22 +0000: M/Monit 3.2.2 Cross Site Request Forgery - Exploit Files ≈ Packet Storm
    M/Monit versions 3.2.2 and below suffer from multiple cross site request forgery vulnerabilities.
  • Thu, 18 Sep 2014 23:59:23 +0000: WatchGuard XTM 11.8.3 Cross Site Scripting - Exploit Files ≈ Packet Storm
    WatchGuard XTM version 11.8.3 suffers from a cross site scripting vulnerability.
  • Thu, 18 Sep 2014 23:55:19 +0000: Netgear Download Center Cross Site Scripting / Open Redirect - Exploit Files ≈ Packet Storm
    downloadcenter.netgear.com suffers from cross site scripting and open redirection vulnerabilities.
  • Thu, 18 Sep 2014 19:43:13 +0000: Oracle MyOracle Filter Bypass - Exploit Files ≈ Packet Storm
    Oracle's MyOracle allows for malicious script code insertion into outbound emails.
  • Wed, 17 Sep 2014 23:33:33 +0000: Nokia Asha 501 Lock Bypass - Exploit Files ≈ Packet Storm
    The Nokia Asha platform suffers from a lock code bypass vulnerability that allows for access to call records.
  • Wed, 17 Sep 2014 22:42:37 +0000: MODX Revolution 2.3.1-pl Cross Site Scripting - Exploit Files ≈ Packet Storm
    MODX Revolution version 2.3.1-pl suffers from a reflective cross site scripting vulnerability.
  • Wed, 17 Sep 2014 22:41:31 +0000: webEdition 6.3.8.0 Path Traversal - Exploit Files ≈ Packet Storm
    webEdition version 6.3.8.0 suffers from a path traversal vulnerability.
  • Wed, 17 Sep 2014 20:44:36 +0000: ClassApps SelectSurvey.net 4.124.004 SQL Injection - Exploit Files ≈ Packet Storm
    ClassApps SelectSurvey.net version 4.124.004 suffers from multiple remote SQL injection vulnerabilities.
  • Wed, 17 Sep 2014 16:19:51 +0000: Livefyre LiveComments 3.0 Cross Site Scripting - Exploit Files ≈ Packet Storm
    Livefyre LiveComments version 3.0 suffers from a persistent cross site scripting vulnerability.
  • Wed, 17 Sep 2014 16:18:17 +0000: WordPress WP-Ban 1.62 Bypass - Exploit Files ≈ Packet Storm
    WordPress WP-Ban plugin version 1.62 suffers from a bypass vulnerability when a properly minted X-Forwarded-For header is used.
  • Wed, 17 Sep 2014 16:16:23 +0000: WordPress Login Widget With Shortcode 3.1.1 CSRF / XSS - Exploit Files ≈ Packet Storm
    WordPress Login Widget With Shortcode plugin version 3.1.1 suffers from cross site request forgery and cross site scripting vulnerabilities.
  • Wed, 17 Sep 2014 16:01:46 +0000: OsClass 3.4.1 Cross Site Scripting - Exploit Files ≈ Packet Storm
    OsClass version 3.4.1 suffers from multiple cross site scripting vulnerabilities.
  • Wed, 17 Sep 2014 16:00:31 +0000: OsClass 3.4.1 Local File Inclusion - Exploit Files ≈ Packet Storm
    OsClass version 3.4.1 suffers from a local file inclusion vulnerability.
  • Wed, 17 Sep 2014 14:04:44 +0000: seafile-server 3.1.5 Denial Of Service - Exploit Files ≈ Packet Storm
    seafile-server version 3.1.5 suffers from a denial of service vulnerability.
  • Tue, 16 Sep 2014 21:10:44 +0000: Cart Engine 3.0 XSS / Open Redirect / SQL Injection - Exploit Files ≈ Packet Storm
    Cart Engine version 3.0 suffers from cross site scripting, open redirection, and remote SQL injection vulnerabilities.
  • Tue, 16 Sep 2014 21:08:16 +0000: Laravel 2.1 Hash::make() bcrypt Truncation - Exploit Files ≈ Packet Storm
    Laravel version 2.1 fails to check length prior to password hash creation allowing for possible hash collisions for secrets over 72 characters.
  • Tue, 16 Sep 2014 21:03:36 +0000: Phpwiki Ploticus Remote Code Execution - Exploit Files ≈ Packet Storm
    The Ploticus module in PhpWiki 1.5.0 allows remote attackers to execute arbitrary code via command injection.
  • Tue, 16 Sep 2014 14:15:28 +0000: USB & WiFi Flash Drive 1.3 Code Execution - Exploit Files ≈ Packet Storm
    USB & WiFi Flash Drive version 1.3 suffers from a code execution vulnerability.
  • Tue, 16 Sep 2014 14:11:54 +0000: WordPress Slideshow Gallery 1.4.6 Shell Upload - Exploit Files ≈ Packet Storm
    WordPress Slideshow Gallery plugin version 1.4.6 shell upload exploit.

Latest Tools

  • Fri, 19 Sep 2014 10:22:22 +0000: UFONet 0.3b - Security Tool Files ≈ Packet Storm
    UFONet is a tool designed to launch DDoS attacks against a target, using open redirection vectors on third party web applications.
  • Wed, 17 Sep 2014 22:34:16 +0000: DAWIN - Distributed Audit and Wireless Intrustion Notification - Security Tool Files ≈ Packet Storm
    DA-WIN, a wireless IDS, provides an organization a continuous wireless scanning capability that is light touch and simple. It utilizes compact and discreet sensors that can easily be deployed reducing the total cost of protection and simplifying the effort required for absolute, categoric regulatory compliance. This archive includes a dd image to be used on a Raspberry Pi and a user manual.
  • Wed, 17 Sep 2014 09:22:22 +0000: Project Kakilles 0.3 - Security Tool Files ≈ Packet Storm
    Kakilles is a perl script that spawns an HTTP proxy and lets you modify user-agent, content, and cookie headers.
  • Mon, 15 Sep 2014 18:24:37 +0000: Maligno 1.3 - Security Tool Files ≈ Packet Storm
    Maligno is an open source penetration testing tool written in python, that serves Metasploit payloads. It generates shellcode with msfvenom and transmits it over HTTP or HTTPS. The shellcode is encrypted with AES and encoded with Base64 prior to transmission.
  • Sat, 13 Sep 2014 10:22:22 +0000: PoisonShell PHP Backdoor - Security Tool Files ≈ Packet Storm
    PoisonShell is a simple PHP shell that has several options.
  • Fri, 12 Sep 2014 04:10:19 +0000: Packet Fence 4.4.0 - Security Tool Files ≈ Packet Storm
    PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
  • Fri, 12 Sep 2014 03:46:28 +0000: Lynis Auditing Tool 1.6.1 - Security Tool Files ≈ Packet Storm
    Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.
  • Sun, 07 Sep 2014 23:44:44 +0000: Codetective 0.8 - Security Tool Files ≈ Packet Storm
    Codetective is an analysis tool to determine the crypto/encoding algorithm used according to traces of its representation. It can be used as a standalone version or as a volatility plugin for memory analysis. Written in Python.
  • Wed, 03 Sep 2014 23:11:13 +0000: wtmpclean 0.8.1 - Security Tool Files ≈ Packet Storm
    wtmpClean is a tool for Unix which clears a given user from the wtmp database.
  • Sat, 30 Aug 2014 14:44:44 +0000: Paranoic Scan 1.7 - Security Tool Files ≈ Packet Storm
    Paranoic is a simple vulnerability scanner written in Perl.
  • Fri, 29 Aug 2014 22:39:01 +0000: Spiped 1.4.0 - Security Tool Files ≈ Packet Storm
    Spiped (pronounced "ess-pipe-dee") is a utility for creating symmetrically encrypted and authenticated pipes between socket addresses, so that one may connect to one address (e.g., a UNIX socket on localhost) and transparently have a connection established to another address (e.g., a UNIX socket on a different system). This is similar to 'ssh -L' functionality, but does not use SSH and requires a pre-shared symmetric key. Spiped uses strong and well-understood cryptographic components: The initial key negotiation is performed using HMAC-SHA256 and an authenticated Diffie-Hellman key exchange over the standard 2048-bit "group 14"; following the completion of key negotiation, packets are transmitted encrypted with AES-256 in CTR mode and authenticated using HMAC-SHA256.
  • Thu, 28 Aug 2014 18:40:41 +0000: Lynis Auditing Tool 1.6.0 - Security Tool Files ≈ Packet Storm
    Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.
  • Wed, 27 Aug 2014 11:11:11 +0000: RedHat Checklist Script - Security Tool Files ≈ Packet Storm
    This script is designed to perform a security evaluation against industry best practices, over RedHat and RedHat based systems, to detect configuration deviations. It was developed due to the need to ensure that the servers within the author's workplace would comply with specific policies. As this tool was designed specifically for this purpose, "lynis" was not used for the task.
  • Tue, 26 Aug 2014 02:50:44 +0000: Nmap Port Scanner 6.47 - Security Tool Files ≈ Packet Storm
    Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings.
  • Mon, 25 Aug 2014 10:11:11 +0000: SSDP Amplification Scanner - Security Tool Files ≈ Packet Storm
    SSDP amplification scanner written in Python. Makes use of Scapy.
  • Thu, 21 Aug 2014 20:21:40 +0000: oclHashcat For AMD 1.30 - Security Tool Files ≈ Packet Storm
    oclHashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. AMD version.
  • Thu, 21 Aug 2014 20:17:47 +0000: oclHashcat For NVidia 1.30 - Security Tool Files ≈ Packet Storm
    oclHashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. NVidia version.
  • Tue, 19 Aug 2014 23:54:11 +0000: Maligno 1.2 - Security Tool Files ≈ Packet Storm
    Maligno is an open source penetration testing tool written in python, that serves Metasploit payloads. It generates shellcode with msfvenom and transmits it over HTTP or HTTPS. The shellcode is encrypted with AES and encoded with Base64 prior to transmission.
  • Tue, 19 Aug 2014 16:04:44 +0000: Melkor ELF Fuzzer 1.0 - Security Tool Files ≈ Packet Storm
    Melkor is an ELF fuzzer that mutates the existing data in an ELF sample given to create orcs (malformed ELFs), however, it does not change values randomly (dumb fuzzing), instead, it fuzzes certain metadata with semi-valid values through the use of fuzzing rules (knowledge base). Written in C, Melkor is a very intuitive and easy-to-use fuzzer to find functional (and security) bugs in ELF parsers.
  • Mon, 18 Aug 2014 17:58:25 +0000: Viproy VoIP Penetration / Exploitation Kit 2.0 - Security Tool Files ≈ Packet Storm
    Viproy Voip Penetration and Exploitation Kit is developed to improve quality of SIP penetration testing. It provides authentication and trust analysis features that assists in creating simple tests.

@Risk Exploits

  • : SANSFIRE 2011 - @RISK: The Consensus Security Alert
    SANSFIRE 2011

ExploitDB