Latest Exploits / Tools

Latest Exploits

  • Wed, 19 Jun 2013 02:08:55 +0000: MoinMoin twikidraw Action Traversal File Upload - Exploit Files ≈ Packet Storm
    This Metasploit module exploits a vulnerability in MoinMoin 1.9.5. The vulnerability exists on the manage of the twikidraw actions, where a traversal path can be used in order to upload arbitrary files. Exploitation is achieved on Apached/mod_wsgi configurations by overwriting moin.wsgi, which allows to execute arbitrary python code, as exploited in the wild on July, 2012.
  • Wed, 19 Jun 2013 02:07:34 +0000: Solaris 10 Patch Cluster File Clobber - Exploit Files ≈ Packet Storm
    Solaris 10 patch cluster suffers from a file clobber vulnerability in /tmp.
  • Tue, 18 Jun 2013 17:22:22 +0000: Joomla Cryptography Weakness - Exploit Files ≈ Packet Storm
    All current and past versions of Joomla up to 1.5.26, 2.5.11, and 3.1.1 use ECB mode when performing encryption with JCryptCipherSimple.
  • Tue, 18 Jun 2013 14:23:23 +0000: Canon Printer DoS / Secret Disclosure - Exploit Files ≈ Packet Storm
    Various Canon printers suffer from a lack of password authentication, denial of service, and WEP/WPA/WPA2 secret disclosure vulnerabilities. Models affected include, but are not limited to, MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, and MX920.
  • Tue, 18 Jun 2013 13:01:11 +0000: imacs CMS 0.3.0 Shell Upload - Exploit Files ≈ Packet Storm
    imacs CMS version 0.3.0 remote shell upload exploit.
  • Tue, 18 Jun 2013 12:22:33 +0000: Et-Chat 3.07 Privilege Escalation / Shell Upload - Exploit Files ≈ Packet Storm
    Et-Chat version 3.07 suffers from a privilege escalation vulnerability that then enables a user to upload a shell.
  • Mon, 17 Jun 2013 20:32:22 +0000: Bloofox CMS 0.5.0 Shell Upload - Exploit Files ≈ Packet Storm
    Bloofox CMS version 0.5.0 suffers from a remote shell upload vulnerability.
  • Mon, 17 Jun 2013 19:23:33 +0000: Havalite CMS 1.1.7 Shell Upload - Exploit Files ≈ Packet Storm
    Havalite CMS version 1.1.7 suffers from a remote shell upload vulnerability.
  • Mon, 17 Jun 2013 17:55:55 +0000: SPBAS Business Automation Software 2012 XSS / CSRF - Exploit Files ≈ Packet Storm
    SPBAS Business Automation Software version 2012 suffers from cross site request forgery and cross site scripting vulnerabilities.
  • Mon, 17 Jun 2013 17:22:33 +0000: Fly-High CMS 2012-07-08 Shell Upload - Exploit Files ≈ Packet Storm
    Fly-High CMS version 2012-07-08 suffers from a remote shell upload vulnerability.
  • Mon, 17 Jun 2013 13:33:22 +0000: Simple File Manager 024 Login Bypass - Exploit Files ≈ Packet Storm
    Simple File Manager version 024 suffers from a login bypass vulnerability.
  • Mon, 17 Jun 2013 11:11:11 +0000: Adrenalin Player 2.2.5.3 Buffer Overflow - Exploit Files ≈ Packet Storm
    Adrenalin Player version 2.2.5.3 local buffer overflow exploit that creates a malicious .wax file.
  • Mon, 17 Jun 2013 10:22:22 +0000: Hostinger Web Hosting Cross Site Scripting - Exploit Files ≈ Packet Storm
    Hostinger Web Hosting suffers from multiple cross site scripting vulnerabilities.
  • Mon, 17 Jun 2013 09:32:22 +0000: Facebook Open Redirect - Exploit Files ≈ Packet Storm
    Facebook suffers from multiple open redirection vulnerabilities.
  • Mon, 17 Jun 2013 09:11:11 +0000: Ultimate WordPress Auction 1.0 Cross Site Request Forgery - Exploit Files ≈ Packet Storm
    Ultimate WordPress Auction plugin version 1.0 suffers from a cross site request forgery vulnerability.
  • Sun, 16 Jun 2013 15:52:22 +0000: Dreamhack XSS / User Enumeration - Exploit Files ≈ Packet Storm
    Various Dreamhack sites suffer from cross site scripting and user enumeration vulnerabilities. The owners have not been responsive to fixing these identified issues so the researcher has made the information public.
  • Sun, 16 Jun 2013 14:32:33 +0000: Winamp 5.12 Buffer Overflow - Exploit Files ≈ Packet Storm
    Winamp version 5.12 stack buffer overflow exploit that creates a malicious .m3u file.
  • Sat, 15 Jun 2013 17:22:22 +0000: TaxiMonger 2.6.2 / 2.3.3 Cross Site Scripting - Exploit Files ≈ Packet Storm
    TaxiMonger version 2.6.2 along with version 2.3.3 (Android) suffers from persistent cross site scripting vulnerabilities.
  • Sat, 15 Jun 2013 14:48:22 +0000: MozTrap Open Redirect - Exploit Files ≈ Packet Storm
    Mozilla's MozTrap site suffers from an open redirection vulnerability.
  • Sat, 15 Jun 2013 13:33:33 +0000: Facebook Mobile Open Redirect - Exploit Files ≈ Packet Storm
    Facebook Mobile suffered from an open redirect vulnerability.

Latest Tools

  • Mon, 17 Jun 2013 12:22:22 +0000: iOS App Hotspot Cracker - Security Tool Files ≈ Packet Storm
    This application assists in generating an iOS hotspot cracking word list, which might be used in subsequent attacks on other hotspot users. The application also gives explanations and hints on how to crack a captured WPA2 handshake using well-known password crackers.
  • Mon, 17 Jun 2013 08:22:22 +0000: Web Soul 2 Scanner - Security Tool Files ≈ Packet Storm
    Web Soul is a plugin based scanner for attacking and data mining web sites. Written in Perl.
  • Sat, 08 Jun 2013 19:56:36 +0000: Haveged 1.7c - Security Tool Files ≈ Packet Storm
    haveged is a daemon that feeds the /dev/random pool on Linux using an adaptation of the HArdware Volatile Entropy Gathering and Expansion algorithm invented at IRISA. The algorithm is self-tuning on machines with cpuid support, and has been tested in both 32-bit and 64-bit environments. The tarball uses the GNU build mechanism, and includes self test targets and a spec file for those who want to build an RPM.
  • Fri, 07 Jun 2013 13:44:44 +0000: OWASP Bricks Torsa Release - Security Tool Files ≈ Packet Storm
    Bricks is a web application security learning platform built on PHP and MySQL. The project focuses on variations of commonly seen application security issues. Each 'Brick' has some sort of security issue which can be leveraged manually or using automated software tools. The mission is to 'Break the Bricks' and thus learn the various aspects of web application security. Bricks is a completely free and open source project brought to you by OWASP.
  • Thu, 06 Jun 2013 23:44:44 +0000: Sanewall 1.1.3 - Security Tool Files ≈ Packet Storm
    Sanewall is a firewall builder for Linux which uses an elegant language abstracted to just the right level. This makes it powerful and easy to use, audit, and understand. It allows you to create very readable configurations even for complex stateful firewalls. Sanewall can be used for almost any purpose, including control of any number of internal/external/virtual interfaces, control of any combination of routed traffic, setting up DMZ routers and servers, all kinds of NAT, providing strong protection (flooding, spoofing, etc.), transparent caches, source MAC verification, blacklists, and whitelists. Newer versions abstract the differences between IPv4 and IPv6, allowing you to define a common set of rules for both, while permitting specific rules for each as you need.
  • Thu, 06 Jun 2013 18:24:13 +0000: Moscrack WPA Cluster Cracker 2.08b - Security Tool Files ≈ Packet Storm
    Moscrack is intended to facilitate the use of a WPA cracker on a cluster. Currently, it has only been used with Mosix (clustering software) and SSH nodes. It works by reading a word list from STDIN or a file, breaking it into chunks and passing those chunks off to separate processes that run in parallel. The parallel processes can then execute on different nodes in your cluster. All results are checked (to a degree) and recorded on your master node. Logging, error handling, etc. are all handled for you. Moscrack is designed to be run for long periods of time (days, weeks, or more).
  • Thu, 06 Jun 2013 16:22:22 +0000: Pantea HTTP Hijacker Tool - Security Tool Files ≈ Packet Storm
    Pantea is a plugin-based HTTP session hijacking tool for well known websites. Written in Python.
  • Wed, 05 Jun 2013 03:37:04 +0000: 360-FAAR Firewall Analysis Audit And Repair 0.4.6 - Security Tool Files ≈ Packet Storm
    360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.
  • Tue, 04 Jun 2013 01:23:56 +0000: Access Road 0.7.3 - Security Tool Files ≈ Packet Storm
    Access Road is a universal simulator of access controls that is intended to improve design and auditing of IT security. It provides simulations of GNU/Linux (components and rights on the file system), MySQL Server (components and privileges), and a generic Role-Based-Access-Control application. It is designed for database, system, and application administrators, IT architects and developers, and auditors. Reliability and the ability to explain the results are the main objectives. A 50 page tutorial is provided, and a powerful framework allows new simulations to be added. This is the source release.
  • Mon, 03 Jun 2013 16:32:39 +0000: Shellcodecs Shellcoding Toolset - Security Tool Files ≈ Packet Storm
    Shellcodecs is a collection of shellcodes, loaders, sources, and generators provided with documentation designed to ease the exploitation and shellcode programming process.
  • Thu, 30 May 2013 19:22:22 +0000: Suricata IDPE 1.4.2 - Security Tool Files ≈ Packet Storm
    Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.
  • Thu, 30 May 2013 14:44:44 +0000: Maligno 0.6 - Security Tool Files ≈ Packet Storm
    Maligno is an open source penetration testing tool written in python, that serves Metasploit payloads. It generates shellcode with msfvenom and transmits it over HTTP or HTTPS. The shellcode is encrypted with AES and encoded with Base64 prior to transmission.
  • Tue, 28 May 2013 14:44:44 +0000: aidSQL SQL Injection Detection And Exploitation Tool 20130527 - Security Tool Files ≈ Packet Storm
    aidSQL SQL injection detection and exploitation tool is a modular PHP scanner that allows you to develop your own plugins for use.
  • Tue, 28 May 2013 12:22:44 +0000: Firewall Log Watch 1.4 - Security Tool Files ≈ Packet Storm
    fwlogwatch is a packet filter and firewall log analyzer with support for Linux ipchains, Linux netfilter/iptables, Solaris/BSD/HP-UX/IRIX ipfilter, Cisco IOS, Cisco PIX/ASA, Netscreen, Elsa Lancom router, and Snort IDS log files. It can output its summaries in text and HTML and has a lot of options. fwlogwatch also features a realtime anomaly response capability with a Web interface.
  • Sat, 25 May 2013 04:58:01 +0000: 360-FAAR Firewall Analysis Audit And Repair 0.4.5 - Security Tool Files ≈ Packet Storm
    360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.
  • Wed, 22 May 2013 03:17:14 +0000: Obeseus Distributed Denial Of Service Detector 7.1a - Security Tool Files ≈ Packet Storm
    Obeseus is a light-weight, high-speed ip DDOS detector that has been designed to run on an Intel probe running an advanced 10 Gb/s FPGA card. It detects TCP floods, Fragment Floods, raw ICMP/TCP/UDP, reflected (DNS / SMURF) and BOGON misuse. It also detects application misuse in HTTP and UDP.
  • Sun, 19 May 2013 19:27:25 +0000: 360-FAAR Firewall Analysis Audit And Repair 0.4.4 - Security Tool Files ≈ Packet Storm
    360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.
  • Sat, 18 May 2013 12:12:12 +0000: CodeCrypt 1.1 - Security Tool Files ≈ Packet Storm
    codecrypt is a GnuPG-like program for encryption and signing that uses only quantum-computer-resistant algorithms.
  • Tue, 14 May 2013 03:48:21 +0000: Sanewall 1.0.2 - Security Tool Files ≈ Packet Storm
    Sanewall is a firewall builder for Linux which uses an elegant language abstracted to just the right level. This makes it powerful and easy to use, audit, and understand. It allows you to create very readable configurations even for complex stateful firewalls. Sanewall can be used for almost any purpose, including control of any number of internal/external/virtual interfaces, control of any combination of routed traffic, setting up DMZ routers and servers, all kinds of NAT, providing strong protection (flooding, spoofing, etc.), transparent caches, source MAC verification, blacklists, and whitelists. Newer versions abstract the differences between IPv4 and IPv6, allowing you to define a common set of rules for both, while permitting specific rules for each as you need.
  • Tue, 14 May 2013 03:31:27 +0000: ipset 6.19 - Security Tool Files ≈ Packet Storm
    ipset allows administration of sets of IP addresses/networks, ports, MAC addresses, and interfaces, which are stored in hash or bitmap data structures. These can then be used in conjunction with iptables to do fast presence lookups.

@Risk Exploits

  • : SANSFIRE 2011 - @RISK: The Consensus Security Alert
    SANSFIRE 2011

ExploitDB