Latest Exploits / Tools

Latest Exploits

  • Wed, 20 Jun 2018 00:01:00 +0000: Microsoft Windows Desktop Bridge Virtual Registry Incomplete Fix - Exploit Files ≈ Packet Storm
    The handling of the virtual registry for desktop bridge applications can allow an application to create arbitrary files as system resulting in privilege escalation. This is because the fix for CVE-2018-0880 (MSRC case 42755) did not cover all similar cases which were reported at the same time in the issue.
  • Tue, 19 Jun 2018 16:11:00 +0000: Microsoft Windows Desktop Bridge Activation Arbitrary Directory Creation - Exploit Files ≈ Packet Storm
    The activator for Desktop Bridge applications calls CreateAppContainerToken while running as a privileged account leading to creation of arbitrary object directories leading to privilege escalation.
  • Mon, 18 Jun 2018 23:44:12 +0000: Microsoft COM For Windows Improper Serialized Object Handling - Exploit Files ≈ Packet Storm
    Microsoft COM for Windows privilege escalation proof of concept exploit. A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized objects. An attacker who successfully exploited the vulnerability could use a specially crafted file or script to perform actions. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file. The security update addresses the vulnerability by correcting how "Microsoft COM for Windows" handles serialized objects.
  • Mon, 18 Jun 2018 23:23:23 +0000: MagniComp SysInfo Information Exposure - Exploit Files ≈ Packet Storm
    MagniComp SysInfo contains a information exposure vulnerability through debug functionality. Versions SysInfo 10-H81 and above are not affected.
  • Mon, 18 Jun 2018 16:50:27 +0000: RabbitMQ Web Management Cross Site Request Forgery - Exploit Files ≈ Packet Storm
    RabbitMQ Web Management versions prior to 3.7.6 suffer from a cross site request forgery vulnerability.
  • Mon, 18 Jun 2018 16:48:55 +0000: Pale Moon Browser Use-After-Free - Exploit Files ≈ Packet Storm
    Pale Moon Browser versions prior to 27.9.3 suffer from a use-after-free vulnerability.
  • Mon, 18 Jun 2018 16:47:45 +0000: Nikto 2.1.6 CSV Injection - Exploit Files ≈ Packet Storm
    Nikto version 2.1.6 suffers from a csv injection vulnerability.
  • Mon, 18 Jun 2018 16:46:45 +0000: Redatam Web Server Directory Traversal - Exploit Files ≈ Packet Storm
    Redatam Web Server prior to version 7 suffer from a directory traversal vulnerability.
  • Mon, 18 Jun 2018 16:45:10 +0000: Redis-cli Buffer Overflow - Exploit Files ≈ Packet Storm
    Redis-cli versions prior to 5.0 buffer overflow proof of concept exploit.
  • Mon, 18 Jun 2018 16:43:52 +0000: Audiograbber 1.83 Buffer Overflow - Exploit Files ≈ Packet Storm
    Audiograbber version 1.83 local SEH buffer overflow exploit.
  • Mon, 18 Jun 2018 16:41:32 +0000: Joomla Jomres 9.11.2 Cross Site Request Forgery - Exploit Files ≈ Packet Storm
    Joomla Jomres component version 9.11.2 suffers from a cross site request forgery vulnerability.
  • Mon, 18 Jun 2018 16:39:28 +0000: phpMyAdmin 4.x Remote Code Execution - Exploit Files ≈ Packet Storm
    phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to prevent use of the preg_replace (aka eval) modifier, which might allow remote attackers to execute arbitrary PHP code via a crafted string, as demonstrated by the table search-and-replace implementation.
  • Mon, 18 Jun 2018 16:12:11 +0000: Tapplock Smart Lock Insecure Direct Object Reference - Exploit Files ≈ Packet Storm
    Tapplock Smart Lock suffers from multiple insecure direct object reference vulnerabilities.
  • Fri, 15 Jun 2018 16:11:15 +0000: WordPress Redirection 2.7.1 Deserialization Code Execution - Exploit Files ≈ Packet Storm
    WordPress Redirection plugin version 2.7.1 suffers from a code execution vulnerability.
  • Fri, 15 Jun 2018 10:11:11 +0000: Easy Chat Server 3.1 Add User Local Buffer Overflow - Exploit Files ≈ Packet Storm
    Easy Chat Server version 3.1 add user local buffer overflow exploit.
  • Thu, 14 Jun 2018 15:53:14 +0000: rtorrent 0.9.6 Denial Of Service - Exploit Files ≈ Packet Storm
    rtorrent versions 0.9.6 and below denial of service exploit.
  • Thu, 14 Jun 2018 15:52:10 +0000: Joomla Ek Rishta 2.10 SQL Injection - Exploit Files ≈ Packet Storm
    Joomla Ek Rishta component version 2.10 suffers from a remote SQL injection vulnerability.
  • Thu, 14 Jun 2018 04:44:44 +0000: Soroush IM Desktop App 0.15 Authentication Bypass - Exploit Files ≈ Packet Storm
    Soroush IM Desktop App version 0.15 suffers from an authentication bypass vulnerability.
  • Wed, 13 Jun 2018 23:02:22 +0000: Eclipse Vert.x 3.5.1 HTTP Header Injection - Exploit Files ≈ Packet Storm
    Eclipse Vert.x versions 3.0.0 through 3.5.1 suffer from an HTTP header injection vulnerability.
  • Wed, 13 Jun 2018 22:22:22 +0000: Samsung Web Viewer For Samsung DVR Cross Site Scripting - Exploit Files ≈ Packet Storm
    Samsung Web Viewer for Samsung DVR suffers from a cross site scripting vulnerability.

Latest Tools

  • Thu, 14 Jun 2018 15:55:55 +0000: msploitego 1.0 - Security Tool Files ≈ Packet Storm
    msploitego is the pentesting suite for Maltego. msploitego leverages the data gathered in a Metasploit database by enumerating and creating specific entities for services. Services like samba, smtp, snmp, http have transforms to enumerate even further.
  • Wed, 13 Jun 2018 00:00:22 +0000: TOR Virtual Network Tunneling Tool 0.3.3.7 - Security Tool Files ≈ Packet Storm
    Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
  • Tue, 12 Jun 2018 16:04:43 +0000: Tinc Virtual Private Network Daemon 1.0.34 - Security Tool Files ≈ Packet Storm
    tinc is a Virtual Private Network (VPN) daemon that uses tunneling and encryption to create a secure private network between multiple hosts on the Internet. This tunneling allows VPN sites to share information with each other over the Internet without exposing any information.
  • Sun, 10 Jun 2018 12:11:11 +0000: AIEngine 1.9.0 - Security Tool Files ≈ Packet Storm
    AIEngine is a packet inspection engine with capabilities of learning without any human intervention. It helps network/security professionals to identify traffic and develop signatures for use them on NIDS, Firewalls, Traffic classifiers and so on.
  • Sun, 10 Jun 2018 10:11:11 +0000: m4ngl3m3! 0.1 Password Generator - Security Tool Files ≈ Packet Storm
    m4ngl3m3! version 0.1 is a common password pattern generator using a strings list.
  • Fri, 08 Jun 2018 16:17:24 +0000: GNU Privacy Guard 2.2.8 - Security Tool Files ≈ Packet Storm
    GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.
  • Wed, 06 Jun 2018 14:44:44 +0000: GNUnet P2P Framework 0.11.0pre66 - Security Tool Files ≈ Packet Storm
    GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP (IPv4 and IPv6), TCP (IPv4 and IPv6), HTTP, or SMTP messages. GNUnet supports accounting to provide contributing nodes with better service. The primary service build on top of the framework is anonymous file sharing.
  • Tue, 05 Jun 2018 23:55:55 +0000: Bro Network Security Monitor 2.5.4 - Security Tool Files ≈ Packet Storm
    Bro is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Bro provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Bro has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Bro's user community includes major universities, research labs, supercomputing centers, and open-science communities.
  • Sun, 27 May 2018 13:22:22 +0000: Reptile LKM Rootkit - Security Tool Files ≈ Packet Storm
    Reptile is a Linux kernel module rootkit that hides files, processes, etc. It implements ICMP/UDP/TCP port-knocking backdoors, supports kernels 2.6.x/3.x/4.x, and more.
  • Thu, 24 May 2018 18:48:22 +0000: TOR Virtual Network Tunneling Tool 0.3.3.6 - Security Tool Files ≈ Packet Storm
    Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
  • Wed, 23 May 2018 07:18:41 +0000: Wireshark Analyzer 2.6.1 - Security Tool Files ≈ Packet Storm
    Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.
  • Wed, 16 May 2018 22:27:57 +0000: Blue Team Training Toolkit (BT3) 2.7 - Security Tool Files ≈ Packet Storm
    Blue Team Training Toolkit (BT3) is an attempt to introduce improvements in current computer network defense analysis training. Based on adversary replication techniques, and with reusability in mind, BT3 allows individuals and organizations to create realistic computer attack scenarios, while reducing infrastructure costs, implementation time and risk. The Blue Team Training Toolkit is written in Python, and it includes the latest versions of Encripto's Maligno and Pcapteller.
  • Sun, 13 May 2018 21:52:45 +0000: Wapiti Web Application Vulnerability Scanner 3.0.1 - Security Tool Files ≈ Packet Storm
    Wapiti is a web application vulnerability scanner. It will scan the web pages of a deployed web application and will fuzz the URL parameters and forms to find common web vulnerabilities.
  • Fri, 11 May 2018 08:15:55 +0000: rldns 1.2 - Security Tool Files ≈ Packet Storm
    rldns is an open source lightweight DNS server for linux, netbsd, freebsd, and openbsd. Runs on x86 and x86_64 architectures.
  • Fri, 11 May 2018 08:02:53 +0000: Packet Fence 8.0.1 - Security Tool Files ≈ Packet Storm
    PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
  • Thu, 03 May 2018 02:05:14 +0000: GNU Privacy Guard 2.2.7 - Security Tool Files ≈ Packet Storm
    GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.
  • Thu, 03 May 2018 02:04:41 +0000: Lynis Auditing Tool 2.6.4 - Security Tool Files ≈ Packet Storm
    Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.
  • Fri, 27 Apr 2018 15:05:33 +0000: Packet Fence 8.0.0 - Security Tool Files ≈ Packet Storm
    PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
  • Wed, 25 Apr 2018 00:56:47 +0000: Wireshark Analyzer 2.6.0 - Security Tool Files ≈ Packet Storm
    Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.
  • Wed, 25 Apr 2018 00:47:21 +0000: Falco 0.10.0 - Security Tool Files ≈ Packet Storm
    Sysdig falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about falco as a mix between snort, ossec and strace.

@Risk Exploits

ExploitDB