Latest Exploits / Tools

Latest Exploits

  • Thu, 08 Dec 2016 20:22:22 +0000: Microsoft Internet Explorer 9 MSHTML CDispNode::InsertSiblingNode Use-After-Free - Exploit Files ≈ Packet Storm
    Microsoft Internet Explorer version 9 suffers from an MSHTML CDispNode::InsertSiblingNode use-after-free vulnerability.
  • Thu, 08 Dec 2016 17:22:22 +0000: Netgear R7000 Command Injection - Exploit Files ≈ Packet Storm
    Netgear R7000 suffers from a command injection vulnerability.
  • Thu, 08 Dec 2016 00:47:22 +0000: Cisco Unified Communications Manager 7 / 8 / 9 Directory Traversal - Exploit Files ≈ Packet Storm
    A directory traversal vulnerability exists in the Cisco Unified Communications Manager administrative web interface. Versions 7.x, 8.x, and 9.x are all affected.
  • Thu, 08 Dec 2016 00:02:22 +0000: OpenSSH 7.2 Denial Of Service - Exploit Files ≈ Packet Storm
    OpenSSH versions 7.2 and below crypt CPU consumption denial of service exploit.
  • Wed, 07 Dec 2016 16:49:33 +0000: Linux Kernel 4.4.0 AF_PACKET Race Condition / Privilege Escalation - Exploit Files ≈ Packet Storm
    Linux AF_PACKET race condition exploit for Ubuntu 16.04 x86_64.
  • Wed, 07 Dec 2016 16:00:00 +0000: Dual DHCP DNS Server 7.29 Denial Of Service - Exploit Files ≈ Packet Storm
    Dual DHCP DNS server version 7.29 buffer overflow denial of service exploit.
  • Wed, 07 Dec 2016 04:44:44 +0000: TP-LINK TD-W8951ND Denial Of Service - Exploit Files ≈ Packet Storm
    TP-LINK TD-W8951ND suffers from a denial of service vulnerability.
  • Wed, 07 Dec 2016 00:42:16 +0000: Microsoft Windows 10 x86/x64 WLAN AutoConfig Named Pipe Proof Of Concept - Exploit Files ≈ Packet Storm
    Microsoft Windows 10 x86/x64 build 10.0.14393 WLAN autoconfig named pipe denial of service proof of concept exploit.
  • Wed, 07 Dec 2016 00:35:23 +0000: Edge SkateShop Authentication Bypass - Exploit Files ≈ Packet Storm
    Edge SkateShop suffers from an authentication bypass vulnerability.
  • Tue, 06 Dec 2016 17:07:17 +0000: Sony IPELA ENGINE IP Cameras Backdoor Accounts - Exploit Files ≈ Packet Storm
    Sony IPELA ENGINE IP Cameras contain multiple backdoors that, among other functionality, allow an attacker to enable the Telnet/SSH service for remote administration over the network. Other available functionality may have undesired effects to the camera image quality or other camera functionality. After enabling Telnet/SSH, another backdoor allows an attacker to gain access to a Linux shell with root privileges.
  • Tue, 06 Dec 2016 17:03:57 +0000: Microsoft Internet Explorer 9 jscript9 JavaScriptStackWalker Memory Corruption - Exploit Files ≈ Packet Storm
    A specially crafted web-page can trigger a memory corruption vulnerability in Microsoft Internet Explorer 9. A pointer set up to point to certain data on the stack can be used after that data has been removed from the stack. This results in a stack-based analog to a heap use-after-free vulnerability. The stack memory where the data was stored can be modified by an attacker before it is used, allowing remote code execution.
  • Tue, 06 Dec 2016 16:59:42 +0000: AbanteCart 1.2.7 Cross Site Scripting - Exploit Files ≈ Packet Storm
    AbanteCart version 1.2.7 suffers from a stored cross site scripting vulnerability.
  • Tue, 06 Dec 2016 16:57:22 +0000: Microsoft PowerShell XXE Injection - Exploit Files ≈ Packet Storm
    Microsoft PowerShell suffers from an XML external entity (XXE) injection vulnerability that allows for file exfiltration.
  • Tue, 06 Dec 2016 00:57:16 +0000: WordPress Single Personal Message 1.0.3 SQL Injection - Exploit Files ≈ Packet Storm
    WordPress Single Personal Message plugin version 1.0.3 suffers from a remote SQL injection vulnerability.
  • Tue, 06 Dec 2016 00:52:11 +0000: Dup Scout Enterprise 9.1.14 Buffer Overflow - Exploit Files ≈ Packet Storm
    Dup Scout Enterprise version 9.1.14 buffer overflow SEH exploit.
  • Tue, 06 Dec 2016 00:04:44 +0000: DiskBoss Enterprise 7.4.28 Buffer Overflow - Exploit Files ≈ Packet Storm
    DiskBoss Enterprise version 7.4.28 GET buffer overflow exploit.
  • Mon, 05 Dec 2016 17:03:47 +0000: BlackStratus LOGStorm 4.5.1.35 / 4.5.1.96 Remote Root - Exploit Files ≈ Packet Storm
    BlackStratus LOGStorm has multiple vulnerabilities that allow a remote unauthenticated user, among other things, to assume complete control over the virtual appliance with root privileges. This is possible due to multiple network servers listening for network connections by default, allowing authorization with undocumented credentials supported by appliance's OS, web interface and sql server. Versions 4.5.1.35 and 4.5.1.96 are affected.
  • Mon, 05 Dec 2016 16:59:52 +0000: Microsoft Authorization Manager 6.1.7601 XXE Injection - Exploit Files ≈ Packet Storm
    Microsoft Authorization Manager version 6.1.7601 suffers from an XML external entity (XXE) injection vulnerability that allows for file exfiltration.
  • Mon, 05 Dec 2016 15:55:55 +0000: Alcatel Lucent Omnivista 8770 Remote Code Execution - Exploit Files ≈ Packet Storm
    Alcatel Lucent Omnivista 8770 suffers from a remote code execution vulnerability.
  • Mon, 05 Dec 2016 14:02:22 +0000: Microsoft Event Viewer 1.0 XXE Injection - Exploit Files ≈ Packet Storm
    Microsoft Event Viewer version 1.0 suffers from an XML external entity (XXE) injection vulnerability that allows for file exfiltration.

Latest Tools

  • Thu, 08 Dec 2016 23:41:54 +0000: TOR Virtual Network Tunneling Tool 0.2.8.11 - Security Tool Files ≈ Packet Storm
    Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
  • Wed, 07 Dec 2016 17:04:35 +0000: Raptor WAF 0.4 - Security Tool Files ≈ Packet Storm
    Raptor is a web application firewall written in C that uses DFA to block SQL injection, cross site scripting, and path traversals.
  • Wed, 07 Dec 2016 16:02:22 +0000: Mosca Analysis Tool 0.06 - Security Tool Files ≈ Packet Storm
    Mosca is a tool that checks code for poor security practices akin to using grep against it for static analysis.
  • Wed, 07 Dec 2016 00:44:44 +0000: Whale Win32 Attack Surface Toolkit - Security Tool Files ≈ Packet Storm
    Whale in a win32 attack surface toolkit written in C#. It's capable of monitoring many of different areas of the Windows for new and removed kernel objects, open ports, drivers, services and much more. It also allows a user to test for different bug classes and has found a few interesting issues across the sub-systems.
  • Tue, 06 Dec 2016 00:00:02 +0000: DAVOSET 1.2.9 - Security Tool Files ≈ Packet Storm
    DAVOSET is a tool for committing distributed denial of service attacks using execution on other sites.
  • Sat, 03 Dec 2016 15:22:29 +0000: Hashcat Advanced Password Recovery 3.20 Source Code - Security Tool Files ≈ Packet Storm
    hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the source code release.
  • Sat, 03 Dec 2016 15:22:23 +0000: Hashcat Advanced Password Recovery 3.20 Binary Release - Security Tool Files ≈ Packet Storm
    hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the binary release.
  • Sat, 03 Dec 2016 15:22:15 +0000: TOR Virtual Network Tunneling Tool 0.2.8.10 - Security Tool Files ≈ Packet Storm
    Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
  • Thu, 01 Dec 2016 16:45:16 +0000: Suricata IDPE 3.2 - Security Tool Files ≈ Packet Storm
    Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.
  • Tue, 29 Nov 2016 18:53:55 +0000: FireHOL 3.1.0 - Security Tool Files ≈ Packet Storm
    FireHOL a simple yet powerful way to configure stateful iptables firewalls. It can be used for almost any purpose, including control of any number of internal/external/virtual interfaces, control of any combination of routed traffic, setting up DMZ routers and servers, and all kinds of NAT. It provides strong protection (flooding, spoofing, etc.), transparent caches, source MAC verification, blacklists, whitelists, and more. Its goal is to be completely abstracted and powerful but also easy to use, audit, and understand.
  • Tue, 29 Nov 2016 02:41:26 +0000: Evilgrade - The Update Exploitation Framework 2.0.8 - Security Tool Files ≈ Packet Storm
    Evilgrade is a modular framework that allows the user to take advantage of poor upgrade implementations by injecting fake updates. This framework comes into play when the attacker is able to make traffic redirection, and such thing can be done in several ways such as: DNS tampering, DNS Cache Poisoning, ARP spoofing Wi-Fi Access Point impersonation, DHCP hijacking with your favorite tools. This way you can easy take control of a fully patched machine during a penetration test in a clean and easy way. The main idea behind the is to show the amount of trivial errors in the update process of mainstream applications.
  • Wed, 23 Nov 2016 15:38:14 +0000: Blue Team Training Toolkit (BT3) 2.1 - Security Tool Files ≈ Packet Storm
    Blue Team Training Toolkit (BT3) is an attempt to introduce improvements in current computer network defense analysis training. Based on adversary replication techniques, and with reusability in mind, BT3 allows individuals and organizations to create realistic computer attack scenarios, while reducing infrastructure costs, implementation time and risk. The Blue Team Training Toolkit is written in Python, and it includes the latest versions of Encripto's Maligno and Pcapteller.
  • Wed, 23 Nov 2016 15:38:11 +0000: FireHOL 3.0.2 - Security Tool Files ≈ Packet Storm
    FireHOL a simple yet powerful way to configure stateful iptables firewalls. It can be used for almost any purpose, including control of any number of internal/external/virtual interfaces, control of any combination of routed traffic, setting up DMZ routers and servers, and all kinds of NAT. It provides strong protection (flooding, spoofing, etc.), transparent caches, source MAC verification, blacklists, whitelists, and more. Its goal is to be completely abstracted and powerful but also easy to use, audit, and understand.
  • Wed, 23 Nov 2016 00:49:57 +0000: Mobile Security Framework MobSF 0.9.3 Beta - Security Tool Files ≈ Packet Storm
    Mobile Security Framework (MobSF) is an all-in-one open source mobile application (Android/iOS) automated pen-testing framework capable of performing static and dynamic analysis. It can be used for effective and fast security analysis of Android and iOS Applications and supports both binaries (APK & IPA) and zipped source code. MobSF can also do Web API Security testing with it's API Fuzzer that performs Information Gathering, analyze Security Headers, identify Mobile API specific vulnerabilities like XXE, SSRF, Path Traversal, IDOR, and other logical issues related to Session Management and API Rate Limiting.
  • Mon, 21 Nov 2016 18:23:29 +0000: Proxmark Iceman Fork 1.6.6 - Security Tool Files ≈ Packet Storm
    This is a custom firmware written for the proxmark3. It extends the currently available firmware (revision 2.3.0) to support brute force attacks against proximity card access control systems. It also contains the new attack vector against newer Mifare Classic tags with the hardend prng.
  • Mon, 21 Nov 2016 17:32:58 +0000: Ansvif 1.6.1 - Security Tool Files ≈ Packet Storm
    Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.
  • Sun, 20 Nov 2016 04:22:22 +0000: Magento Bruteforcer - Security Tool Files ≈ Packet Storm
    This is a piece of software that tries to login to Magento administrative panels using a list of websites, logins, and passwords. Written in C++.
  • Sat, 19 Nov 2016 04:11:45 +0000: Faraday 2.2.0 - Security Tool Files ≈ Packet Storm
    Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
  • Fri, 18 Nov 2016 00:10:35 +0000: Bro Network Security Monitor 2.5 - Security Tool Files ≈ Packet Storm
    Bro is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Bro provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Bro has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Bro's user community includes major universities, research labs, supercomputing centers, and open-science communities.
  • Thu, 17 Nov 2016 14:50:10 +0000: PoisonTap Backdoor Network Sniffer - Security Tool Files ≈ Packet Storm
    PoisonTap exploits locked/password protected computers over USB, drops a persistent WebSocket-based backdoor, exposes an internal router, and siphons cookies using Raspberry Pi Zero and Node.js.

@Risk Exploits

  • : SANSFIRE 2011 - @RISK: The Consensus Security Alert
    SANSFIRE 2011

ExploitDB