Latest Exploits / Tools

Latest Exploits

  • Sun, 25 Jan 2015 18:32:22 +0000: OpenSchool Community Edition 2.2 XSS / Access Bypass - Exploit Files ≈ Packet Storm
    OpenSchool Community Edition version 2.2 suffers from access bypass and cross site scripting vulnerabilities.
  • Sun, 25 Jan 2015 13:02:22 +0000: SWFupload 2.5.0 Cross Frame Scripting - Exploit Files ≈ Packet Storm
    SWFupload version 2.5.0 suffers from a cross frame scripting vulnerability.
  • Sun, 25 Jan 2015 10:11:11 +0000: WordPress Revolution Slider Local File Disclosure - Exploit Files ≈ Packet Storm
    WordPress Revolution Slider plugin suffers from a local file disclosure vulnerability. Note that this finding houses site-specific data.
  • Sat, 24 Jan 2015 18:22:22 +0000: Cisco Ironport Appliance Privilege Escalation - Exploit Files ≈ Packet Storm
    Cisco Ironport appliances are vulnerable to authenticated "admin" privilege escalation. By enabling the Service Account from the GUI or CLI allows an admin to gain root access on the appliance, therefore bypassing all existing "admin" account limitations. The vulnerability is due to weak algorithm implementation in the password generation process which is used by Cisco to remotely access the appliance to provide technical support.
  • Fri, 23 Jan 2015 23:23:23 +0000: ManageEngine ServiceDesk 9.0 SQL Injection - Exploit Files ≈ Packet Storm
    ManageEngine ServiceDesk version 9.0 prior to build 9031 suffers from a remote SQL injection vulnerability.
  • Fri, 23 Jan 2015 23:03:33 +0000: ManageEngine ServiceDesk 9.0 User Enumeration - Exploit Files ≈ Packet Storm
    ManageEngine ServiceDesk version 9.0 prior to build 9031 suffers from a remote user enumeration vulnerability.
  • Fri, 23 Jan 2015 23:03:33 +0000: ManageEngine ServiceDesk Plus 9.0 Privilege Escalation - Exploit Files ≈ Packet Storm
    ManageEngine ServiceDesk Plus version 9.0 prior to build 9031 suffers from a remote privilege escalation vulnerability due to improper access controls.
  • Fri, 23 Jan 2015 02:06:16 +0000: ferretCMS 1.0.4-alpha Cross Site Scripting / SQL Injection - Exploit Files ≈ Packet Storm
    ferretCMS version 1.0.4-alpha suffers from cross site scripting and remote SQL injection vulnerabilities.
  • Fri, 23 Jan 2015 02:04:09 +0000: SmartCMS 2 Cross Site Scripting - Exploit Files ≈ Packet Storm
    SmartCMS version 2 suffers from multiple cross site scripting vulnerabilities.
  • Fri, 23 Jan 2015 02:01:53 +0000: SmartCMS 2 SQL Injection - Exploit Files ≈ Packet Storm
    SmartCMS version 2 suffers from multiple remote SQL injection vulnerabilities.
  • Fri, 23 Jan 2015 01:48:57 +0000: Program-O 2.4.6 XSS / LFI / HTTP Response Splitting - Exploit Files ≈ Packet Storm
    Program-O version 2.4.6 suffers from http response splitting, cross site scripting, and local file inclusion vulnerabilities.
  • Fri, 23 Jan 2015 01:46:59 +0000: USAA Mobile App Information Disclosure - Exploit Files ≈ Packet Storm
    The USAA Mobile app for Android versions prior to 7.10.1 suffer from an information disclosure vulnerability.
  • Fri, 23 Jan 2015 01:44:44 +0000: articleFR CMS 3.0.5 Cross Site Scripting - Exploit Files ≈ Packet Storm
    articleFR CMS version 3.0.5 suffers from a cross site scripting vulnerability.
  • Fri, 23 Jan 2015 00:44:44 +0000: Alibaba Cross Site Scripting / Open Redirect - Exploit Files ≈ Packet Storm
    Various Alibaba sites suffer from cross site scripting and open redirect vulnerabilities.
  • Fri, 23 Jan 2015 00:33:33 +0000: ecommerceMajor SQL Injection - Exploit Files ≈ Packet Storm
    ecommerceMajor suffers from remote SQL injection vulnerabilities.
  • Thu, 22 Jan 2015 17:00:56 +0000: Arris VAP2500 tools_command.php Command Execution - Exploit Files ≈ Packet Storm
    Arris VAP2500 access points are vulnerable to OS command injection in the web management portal via the tools_command.php page. Though authentication is required to access this page, it is trivially bypassed by setting the value of a cookie to an md5 hash of a valid username.
  • Thu, 22 Jan 2015 16:54:33 +0000: EventSentry 3.1.0 Cross Site Scripting - Exploit Files ≈ Packet Storm
    EventSentry version 3.1.0 suffers from a cross site scripting vulnerability.
  • Thu, 22 Jan 2015 16:53:17 +0000: Mango Automation SCADA/HMI 2.4.0 Cross Site Scripting - Exploit Files ≈ Packet Storm
    Mango Automation SCADA/HMI version 2.4.0 suffers from a cross site scripting vulnerability.
  • Thu, 22 Jan 2015 16:51:50 +0000: X-CART e-Commerce 5.1.8 Cross Site Scripting - Exploit Files ≈ Packet Storm
    X-CART e-Commerce version 5.1.8 suffers from a cross site scripting vulnerability.
  • Thu, 22 Jan 2015 16:49:06 +0000: Symantec SDCS:SA / SCSP XSS / Bypass / SQL Injection / Disclosure - Exploit Files ≈ Packet Storm
    Symantec Data Center Security: Server Advanced (SDCS:SA) and Symantec Critical System Protection (SCSP) suffer from cross site scripting, remote SQL injection, information disclosure, and policy bypass vulnerabilities.

Latest Tools

  • Thu, 22 Jan 2015 17:02:17 +0000: OpenSSL Toolkit 1.0.2 - Security Tool Files ≈ Packet Storm
    OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.
  • Tue, 20 Jan 2015 02:38:38 +0000: Tor-ramdisk i686 UClibc-based Linux Distribution x86 20150114 - Security Tool Files ≈ Packet Storm
    Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86_64 version.
  • Thu, 15 Jan 2015 17:34:45 +0000: oclHashcat For NVidia 1.32 - Security Tool Files ≈ Packet Storm
    oclHashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. NVidia version.
  • Thu, 15 Jan 2015 17:22:43 +0000: oclHashcat+ Advanced GPU Hash Cracking Utility 1.32 - Security Tool Files ≈ Packet Storm
    oclHashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. NVidia version.
  • Thu, 15 Jan 2015 17:06:02 +0000: OpenSSL Toolkit 1.0.1l - Security Tool Files ≈ Packet Storm
    OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.
  • Thu, 15 Jan 2015 17:01:33 +0000: Suricata IDPE 2.0.6 - Security Tool Files ≈ Packet Storm
    Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.
  • Wed, 14 Jan 2015 04:08:25 +0000: KeySweeper Stealth Logger - Security Tool Files ≈ Packet Storm
    KeySweeper is a stealthy Arduino-based device, camouflaged as a functioning USB wall charger, that wirelessly and passively sniffs, decrypts, logs and reports back (over GSM) all keystrokes from any Microsoft wireless keyboard in the vicinity.
  • Tue, 13 Jan 2015 14:44:44 +0000: Lizard Squad Botnet Code - Security Tool Files ≈ Packet Storm
    This bot code was liberated from the Lizard Squad.
  • Tue, 13 Jan 2015 04:32:22 +0000: Facebook Data Mining Utility - Security Tool Files ≈ Packet Storm
    This is a php script that can be used to mine friends and metadata of a person from Facebook using their API.
  • Mon, 12 Jan 2015 17:12:54 +0000: Maligno 1.5 - Security Tool Files ≈ Packet Storm
    Maligno is an open source penetration testing tool written in python, that serves Metasploit payloads. It generates shellcode with msfvenom and transmits it over HTTP or HTTPS. The shellcode is encrypted with AES and encoded with Base64 prior to transmission.
  • Sat, 10 Jan 2015 14:22:22 +0000: Chatroom 2 - Security Tool Files ≈ Packet Storm
    This is a chat system composed of a TCP/IP server daemon and its corresponding java client. You can chat with other peers in clear text or AES password-based encryption on your own computer network.
  • Sat, 10 Jan 2015 14:02:22 +0000: Shodan Tool 0.6 - Security Tool Files ≈ Packet Storm
    Shodan Tool is a perl script that allows you to search for vulnerabilities in Shodan.
  • Fri, 09 Jan 2015 10:22:22 +0000: LFI Image Helper 0.8 - Security Tool Files ≈ Packet Storm
    This is a simple script to infect images with PHP Backdoors for local file inclusion attacks.
  • Fri, 09 Jan 2015 02:04:19 +0000: OpenSSL Toolkit 1.0.1k - Security Tool Files ≈ Packet Storm
    OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.
  • Fri, 09 Jan 2015 01:48:16 +0000: PIN-Based P2P Server - Security Tool Files ≈ Packet Storm
    This tool provides a client and a server that performs peer-to-peer file transfer using a shared, trusted PIN. The server is capable of handling simultaneous connections and transfers according to limitation set as command line argument when executing the server daemon. Written for Unix/Linux systems. It should be noted that this is still in Beta.
  • Thu, 08 Jan 2015 11:22:22 +0000: WP-Bruteforce c0d3Lib WordPress Bruteforcing Tool - Security Tool Files ≈ Packet Storm
    This is a perl script to bruteforce logins on WordPress.
  • Sun, 04 Jan 2015 23:33:33 +0000: WifiPhisher Phishing Tool - Security Tool Files ≈ Packet Storm
    Wifiphisher is a security tool that mounts fast automated phishing attacks against WPA networks in order to obtain the secret passphrase. It is a social engineering attack that unlike other methods it does not include any brute forcing. It is an easy way for obtaining WPA credentials.
  • Thu, 01 Jan 2015 12:22:22 +0000: Cookie Manager 0.5 - Security Tool Files ≈ Packet Storm
    Cookie Manager is a cookie stealer for XSS to find and mint cookies using PHP.
  • Mon, 29 Dec 2014 23:19:16 +0000: THC-IPv6 Attack Tool 2.7 - Security Tool Files ≈ Packet Storm
    THC-IPV6 is a toolkit that attacks the inherent protocol weaknesses of IPv6 and ICMP6 and it includes an easy to use packet factory library.
  • Mon, 29 Dec 2014 19:22:22 +0000: mrtparse MRT Parsing Tool 1.1 - Security Tool Files ≈ Packet Storm
    mrtparse is a module to read and analyze the MRT format data. The MRT format data can be used to export routing protocol messages, state changes, and routing information base contents, and is standardized in RFC6396. Programs like Quagga / Zebra, BIRD, OpenBGPD and PyRT can dump the MRT format data. Written in Python.

@Risk Exploits

  • : SANSFIRE 2011 - @RISK: The Consensus Security Alert
    SANSFIRE 2011

ExploitDB