Latest Exploits / Tools

Latest Exploits

  • Fri, 23 Feb 2018 17:54:12 +0000: Disk Savvy Enterprise 10.4.18 Buffer Ovreflow - Exploit Files ≈ Packet Storm
    This Metasploit module exploits a stack-based buffer overflow vulnerability in Disk Savvy Enterprise version 10.4.18, caused by improper bounds checking of the request sent to the built-in server. This Metasploit module has been tested successfully on Windows 7 SP1 x86.
  • Fri, 23 Feb 2018 17:52:49 +0000: CloudMe Sync 1.10.9 Buffer Overflow - Exploit Files ≈ Packet Storm
    This Metasploit module exploits a stack-based buffer overflow vulnerability in the CloudMe Sync version 1.10.9 client application. This Metasploit module has been tested successfully on Windows 7 SP1 x86.
  • Fri, 23 Feb 2018 17:52:32 +0000: AsusWRT LAN Unauthenticated Remote Code Execution - Exploit Files ≈ Packet Storm
    The HTTP server in AsusWRT has a flaw where it allows an unauthenticated client to perform a POST in certain cases. This can be combined with another vulnerability in the VPN configuration upload routine that sets NVRAM configuration variables directly from the POST request to enable a special command mode. This command mode can then be abused by sending a UDP packet to infosvr, which is running on port UDP 9999 to directly execute commands as root. This exploit leverages that to start telnetd in a random port, and then connects to it. It has been tested with the RT-AC68U running AsusWRT Version 3.0.0.4.380.7743.
  • Fri, 23 Feb 2018 17:41:46 +0000: Groupon Clone Script 3.0.2 Cross Site Scripting - Exploit Files ≈ Packet Storm
    Groupon Clone Script version 3.0.2 suffers from a persistent cross site scripting vulnerability.
  • Fri, 23 Feb 2018 17:40:17 +0000: Alibaba Clone Script 1.0.2 Cross Site Scripting - Exploit Files ≈ Packet Storm
    Alibaba Clone Script version 1.0.2 suffers from a persistent cross site scripting vulnerability.
  • Fri, 23 Feb 2018 17:39:22 +0000: Learning And Examination Management System Script 2.3.1 XSS - Exploit Files ≈ Packet Storm
    Learning and Examination Management System Script version 2.3.1 suffers from a persistent cross site scripting vulnerability.
  • Fri, 23 Feb 2018 17:38:40 +0000: Joomla! OS Property Real Estate 3.12.7 SQL Injection - Exploit Files ≈ Packet Storm
    Joomla! OS Property Real Estate component version 3.12.7 suffers from a remote SQL injection vulnerability.
  • Fri, 23 Feb 2018 17:37:33 +0000: Joomla! Proclaim 9.1.1 Shell Upload - Exploit Files ≈ Packet Storm
    Joomla! Proclaim component version 9.1.1 suffers from a remote shell upload vulnerability.
  • Fri, 23 Feb 2018 17:37:08 +0000: Joomla! CheckList 1.1.1 SQL Injection - Exploit Files ≈ Packet Storm
    Joomla! CheckList component version 1.1.1 suffers from a remote SQL injection vulnerability.
  • Fri, 23 Feb 2018 17:36:42 +0000: Joomla! Alexandria Book Library 3.1.2 SQL Injection - Exploit Files ≈ Packet Storm
    Joomla! Alexandria Book Library component version 3.1.2 suffers from a remote SQL injection vulnerability.
  • Fri, 23 Feb 2018 17:32:49 +0000: Joomla! Ek Rishta 2.9 SQL Injection - Exploit Files ≈ Packet Storm
    Joomla! Ek Rishta component version 2.9 suffers from a remote SQL injection vulnerability.
  • Fri, 23 Feb 2018 17:32:20 +0000: Joomla! PrayerCenter 3.0.2 SQL Injection - Exploit Files ≈ Packet Storm
    Joomla! PrayerCenter component version 3.0.2 suffers from a remote SQL injection vulnerability.
  • Fri, 23 Feb 2018 17:31:14 +0000: Joomla! Proclaim 9.1.1 Backup Disclosure - Exploit Files ≈ Packet Storm
    Joomla! Proclaim component version 9.1.1 suffers from a backup disclosure vulnerability.
  • Fri, 23 Feb 2018 17:30:47 +0000: Joomla! CW Tags 2.0.6 SQL Injection - Exploit Files ≈ Packet Storm
    Joomla! CW Tags component version 2.0.6 suffers from a remote SQL injection vulnerability.
  • Fri, 23 Feb 2018 17:20:26 +0000: NoMachine nxfuse Privilege Escalation - Exploit Files ≈ Packet Storm
    NoMachine versions prior to 6.0.80 (x64) suffer from an nxfuse privilege escalation vulnerability.
  • Fri, 23 Feb 2018 17:19:29 +0000: Armadito Antivirus 0.12.7.2 Detection Bypass - Exploit Files ≈ Packet Storm
    Armadito Antivirus version 0.12.7.2 suffers from a detection bypass vulnerability.
  • Fri, 23 Feb 2018 17:18:22 +0000: Disk Pulse Enterprise 10.4.18 Buffer Overflow - Exploit Files ≈ Packet Storm
    Disk Pulse Enterprise version 10.4.18 suffers from an import command buffer overflow vulnerability.
  • Fri, 23 Feb 2018 17:17:16 +0000: Disk Savvy Enterprise 10.4.18 Buffer Overflow - Exploit Files ≈ Packet Storm
    Disk Savvy Enterprise version 10.4.18 suffers from a buffer overflow vulnerability.
  • Fri, 23 Feb 2018 17:16:16 +0000: Wavpack 5.1.0 Denial Of Service - Exploit Files ≈ Packet Storm
    Wavpack version 5.1.0 suffers from a denial of service vulnerability.
  • Thu, 22 Feb 2018 05:55:55 +0000: Microsoft IE11 Js::RegexHelper::RegexReplace Use-After-Free - Exploit Files ≈ Packet Storm
    Microsoft IE11 suffers from a use-after-free vulnerability in Js::RegexHelper::RegexReplace.

Latest Tools

  • Fri, 23 Feb 2018 17:50:21 +0000: GNU Privacy Guard 2.2.5 - Security Tool Files ≈ Packet Storm
    GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.
  • Fri, 23 Feb 2018 17:48:49 +0000: Mandos Encrypted File System Unattended Reboot Utility 1.7.19 - Security Tool Files ≈ Packet Storm
    The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.
  • Wed, 21 Feb 2018 14:04:26 +0000: Hashcat Advanced Password Recovery 4.1.0 Source Code - Security Tool Files ≈ Packet Storm
    Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the source code release.
  • Wed, 21 Feb 2018 14:04:20 +0000: Hashcat Advanced Password Recovery 4.1.0 Binary Release - Security Tool Files ≈ Packet Storm
    Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the binary release.
  • Mon, 19 Feb 2018 23:44:44 +0000: Rootkit Hunter 1.4.6 - Security Tool Files ≈ Packet Storm
    Rootkit Hunter scans files and systems for known and unknown rootkits, backdoors, and sniffers. The package contains one shell script, a few text-based databases, and optional Perl modules. It should run on almost every Unix variety except Solaris and NetBSD.
  • Fri, 16 Feb 2018 03:47:20 +0000: Bro Network Security Monitor 2.5.3 - Security Tool Files ≈ Packet Storm
    Bro is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Bro provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Bro has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Bro's user community includes major universities, research labs, supercomputing centers, and open-science communities.
  • Fri, 16 Feb 2018 03:45:12 +0000: Suricata IDPE 4.0.4 - Security Tool Files ≈ Packet Storm
    Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.
  • Fri, 16 Feb 2018 03:43:29 +0000: Lynis Auditing Tool 2.6.2 - Security Tool Files ≈ Packet Storm
    Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.
  • Fri, 16 Feb 2018 03:42:30 +0000: Mandos Encrypted File System Unattended Reboot Utility 1.7.18 - Security Tool Files ≈ Packet Storm
    The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.
  • Sun, 11 Feb 2018 16:30:00 +0000: Mandos Encrypted File System Unattended Reboot Utility 1.7.17 - Security Tool Files ≈ Packet Storm
    The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.
  • Sat, 10 Feb 2018 17:12:55 +0000: SSLsplit 0.5.2 - Security Tool Files ≈ Packet Storm
    SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. Connections are transparently intercepted through a network address translation engine and redirected to SSLsplit. SSLsplit terminates SSL/TLS and initiates a new SSL/TLS connection to the original destination address, while logging all data transmitted. SSLsplit is intended to be useful for network forensics and penetration testing.
  • Sat, 10 Feb 2018 16:57:55 +0000: DNS Spider Multithreaded Bruteforcer 0.9 - Security Tool Files ≈ Packet Storm
    DNS Spider is a multi-threaded bruteforcer of subdomains that leverages a wordlist and/or character permutation.
  • Sat, 03 Feb 2018 01:33:22 +0000: ifchk 1.0.9 - Security Tool Files ≈ Packet Storm
    Ifchk is a network interface promiscuous mode detection tool that reports on the operational state of all configured interfaces present on the system. In addition, it will disable those interfaces found to be promiscuous if told to do so. Per-interface statistics can also be displayed, allowing administrators to perform traffic trend analysis, which could be an aid in the identification of possible inconsistencies or spikes in network traffic volume that may warrant further investigation.
  • Tue, 30 Jan 2018 17:37:12 +0000: I2P 0.9.33 - Security Tool Files ≈ Packet Storm
    I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.
  • Sun, 28 Jan 2018 17:37:58 +0000: Lynis Auditing Tool 2.6.1 - Security Tool Files ≈ Packet Storm
    Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.
  • Sun, 28 Jan 2018 17:37:53 +0000: Blue Team Training Toolkit (BT3) 2.6 - Security Tool Files ≈ Packet Storm
    Blue Team Training Toolkit (BT3) is an attempt to introduce improvements in current computer network defense analysis training. Based on adversary replication techniques, and with reusability in mind, BT3 allows individuals and organizations to create realistic computer attack scenarios, while reducing infrastructure costs, implementation time and risk. The Blue Team Training Toolkit is written in Python, and it includes the latest versions of Encripto's Maligno and Pcapteller.
  • Fri, 26 Jan 2018 03:28:11 +0000: Packet Fence 7.4.0 - Security Tool Files ≈ Packet Storm
    PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
  • Fri, 26 Jan 2018 03:26:35 +0000: Clam AntiVirus Toolkit 0.99.3 - Security Tool Files ≈ Packet Storm
    Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.
  • Thu, 25 Jan 2018 01:54:00 +0000: Evilgrade - The Update Exploitation Framework 2.0.9 - Security Tool Files ≈ Packet Storm
    Evilgrade is a modular framework that allows the user to take advantage of poor upgrade implementations by injecting fake updates. This framework comes into play when the attacker is able to make traffic redirection, and such thing can be done in several ways such as: DNS tampering, DNS Cache Poisoning, ARP spoofing Wi-Fi Access Point impersonation, DHCP hijacking with your favorite tools. This way you can easy take control of a fully patched machine during a penetration test in a clean and easy way. The main idea behind the is to show the amount of trivial errors in the update process of mainstream applications.
  • Wed, 24 Jan 2018 16:39:14 +0000: Chameleon Mini Smartcard Emulator Iceman Fork Rebooted Green GUI 1.0 - Security Tool Files ≈ Packet Storm
    This is the first version of a mostly working firmware for the ChameleonMini RevE rebooted device. It compiles without errors or warnings and gives you more or less the same functionality as the stock firmware. This version compiles and gives you the same functionality (and more) as the original Chameleon Mini rebooted GUI.

@Risk Exploits

ExploitDB