Latest Exploits / Tools

Latest Exploits

  • Tue, 26 Jul 2016 01:34:00 +0000: PHP gettext 1.0.12 Code Execution - Exploit Files ≈ Packet Storm
    PHP gettext.php versions 1.0.12 and below suffer from an unauthenticated code execution vulnerability.
  • Tue, 26 Jul 2016 01:28:20 +0000: Drupal CODER Module Remote Command Execution - Exploit Files ≈ Packet Storm
    This Metasploit module exploits a Remote Command Execution vulnerability in Drupal CODER Module. Unauthenticated users can execute arbitrary command under the context of the web server user. CODER module doesn't sufficiently validate user inputs in a script file that has the php extension. A malicious unauthenticated user can make requests directly to this file to execute arbitrary command. The module does not need to be enabled for this to be exploited This Metasploit module was tested against CODER 2.5 with Drupal 7.5 installation on Ubuntu server.
  • Mon, 25 Jul 2016 17:22:01 +0000: MediaCoder 0.8.43.5852 SEH Overflow - Exploit Files ≈ Packet Storm
    MediaCoder version 0.8.43.5852 SEH buffer overflow exploit that spawns calc.exe.
  • Mon, 25 Jul 2016 17:01:11 +0000: CoolPlayer+ Portable 2.19.6 Stack Overflow - Exploit Files ≈ Packet Storm
    CoolPlayer+ Portable version 2.19.6 m3u stack overflow exploit with egghunter shellcode and aslr bypass.
  • Mon, 25 Jul 2016 14:44:44 +0000: CodoForum 3.2.1 SQL Injection - Exploit Files ≈ Packet Storm
    CodoForum version 3.2.1 suffers from a remote SQL injection vulnerability.
  • Mon, 25 Jul 2016 13:13:13 +0000: Micro Focus Filr CSRF / XSS / Code Execution - Exploit Files ≈ Packet Storm
    Multiple Micro Focus Filr appliances suffer from cross site request forgery, cross site scripting, command injection, insecure design, missing cookie flag, authentication bypass, poor permission, and path traversal vulnerabilities.
  • Mon, 25 Jul 2016 09:33:33 +0000: PHP File Vault 0.9 Directory Traversal / File Read - Exploit Files ≈ Packet Storm
    PHP File Vault version 0.9 suffers from directory traversal and file reading vulnerabilities.
  • Mon, 25 Jul 2016 06:55:55 +0000: WordPress Code Snippets 2.6.1 Cross Site Scripting - Exploit Files ≈ Packet Storm
    WordPress Code Snippets plugin version 2.6.1 suffers from a cross site scripting vulnerability.
  • Mon, 25 Jul 2016 05:44:44 +0000: WordPress Contact Form To Email 1.1.47 Cross Site Scripting - Exploit Files ≈ Packet Storm
    WordPress Contact Form to Email plugin version 1.1.47 suffers from a cross site scripting vulnerability.
  • Mon, 25 Jul 2016 04:44:44 +0000: Bellini/Supercook Wi-Fi Yumi SC200 Information Disclosure / Code Execution - Exploit Files ≈ Packet Storm
    Bellini/Supercook Wi-Fi Yumi SC200 suffers from code execution, weak default password, and information disclosure vulnerabilities.
  • Mon, 25 Jul 2016 03:33:33 +0000: Joomla Showdown 1.5.0 SQL Injection - Exploit Files ≈ Packet Storm
    Joomla Showdown component version 1.5.0 suffers from a remote SQL injection vulnerability.
  • Mon, 25 Jul 2016 03:33:33 +0000: Neoscreen 4.5 Cross Site Scripting - Exploit Files ≈ Packet Storm
    Neoscreen version 4.5 suffers from a cross site scripting vulnerability.
  • Mon, 25 Jul 2016 02:22:22 +0000: Neoscreen 4.5 Blind SQL Injection - Exploit Files ≈ Packet Storm
    Neoscreen version 4.5 suffers from a remote blind SQL injection vulnerability.
  • Mon, 25 Jul 2016 01:11:11 +0000: Neoscreen 4.5 Authentication Bypass - Exploit Files ≈ Packet Storm
    Neoscreen version 4.5 suffers from an authentication bypass vulnerability.
  • Sun, 24 Jul 2016 15:22:22 +0000: Joomla Huge IT Gallery 1.1.5 Cross Site Scripting / SQL Injection - Exploit Files ≈ Packet Storm
    Joomla Huge IT Gallery component version 1.1.5 suffers from cross site scripting and remote SQL injection vulnerabilities.
  • Sat, 23 Jul 2016 17:32:22 +0000: Joomla Weblinks Shell Upload - Exploit Files ≈ Packet Storm
    The Joomla Weblinks component suffers from a remote shell upload vulnerability.
  • Sat, 23 Jul 2016 13:33:33 +0000: Autobahn|Python Origin Header Manipulation - Exploit Files ≈ Packet Storm
    Autobahn|Python incorrectly checks the Origin header when the 'allowedOrigins' value is set. This can allow third parties to execute legitimate requests for WAMP WebSocket requests against an Autobahn|Python/Crossbar.io server within another browser's context. This is addressed in version 0.15.0.
  • Fri, 22 Jul 2016 22:53:42 +0000: NetBSD mail.local(8) Local Root - Exploit Files ≈ Packet Storm
    NetBSD mail.local(8) local root exploit that leverages a race condition as noted in NetBSD-SA2016-006.
  • Fri, 22 Jul 2016 22:50:36 +0000: Barracuda Web App Firewall / Load Balancer Remote Root - Exploit Files ≈ Packet Storm
    This Metasploit module exploits a remote command execution vulnerability in the Barracuda Web App Firewall Firmware version 8.0.1.007 and below and Load Balancer Firmware versions 5.4.0.004 and below by exploiting a vulnerability in the web administration interface. By sending a specially crafted request it's possible to inject system commands while escalating to root do to relaxed sudo configurations on the appliances.
  • Fri, 22 Jul 2016 22:47:11 +0000: Barracuda Spam And Virus Firewall 5.1.3.007 Remote Root - Exploit Files ≈ Packet Storm
    This Metasploit module exploits a remote command execution vulnerability in the Barracuda Spam and Virus firewall firmware versions 5.1.3.007 and below by exploiting a vulnerability in the web administration interface. By sending a specially crafted request it's possible to inject system commands while escalating to root do to relaxed sudo configuration on the local machine.

Latest Tools

  • Tue, 26 Jul 2016 01:43:05 +0000: Mobius Forensic Toolkit 0.5.25 - Security Tool Files ≈ Packet Storm
    Mobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files for easy integration with other tools.
  • Thu, 21 Jul 2016 16:23:07 +0000: Blue Team Training Toolkit (BT3) 1.2 - Security Tool Files ≈ Packet Storm
    Blue Team Training Toolkit (BT3) is an attempt to introduce improvements in current computer network defense analysis training. Based on adversary replication techniques, and with reusability in mind, BT3 allows individuals and organizations to create realistic computer attack scenarios, while reducing infrastructure costs, implementation time and risk. The Blue Team Training Toolkit is written in Python, and it includes the latest versions of Encripto's Maligno and Pcapteller.
  • Thu, 21 Jul 2016 16:22:30 +0000: OpenDNSSEC 2.0.1 - Security Tool Files ≈ Packet Storm
    OpenDNSSEC is software that manages the security of domain names on the Internet. The project intends to drive adoption of Domain Name System Security Extensions (DNSSEC) to further enhance Internet security.
  • Tue, 19 Jul 2016 21:01:59 +0000: Nmap Port Scanner 7.25BETA1 - Security Tool Files ≈ Packet Storm
    Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings.
  • Mon, 18 Jul 2016 23:41:40 +0000: Hashcat Advanced Password Recovery 3.00 Binary Release - Security Tool Files ≈ Packet Storm
    hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the binary release.
  • Sat, 16 Jul 2016 17:22:22 +0000: OpenDNSSEC 2.0.0-1 - Security Tool Files ≈ Packet Storm
    OpenDNSSEC is software that manages the security of domain names on the Internet. The project intends to drive adoption of Domain Name System Security Extensions (DNSSEC) to further enhance Internet security.
  • Fri, 15 Jul 2016 04:45:31 +0000: Lynis Auditing Tool 2.3.1 - Security Tool Files ≈ Packet Storm
    Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.
  • Wed, 13 Jul 2016 16:23:41 +0000: Suricata IDPE 3.1.1 - Security Tool Files ≈ Packet Storm
    Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.
  • Wed, 13 Jul 2016 16:18:05 +0000: Lynis Auditing Tool 2.3.0 - Security Tool Files ≈ Packet Storm
    Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.
  • Tue, 12 Jul 2016 00:43:22 +0000: Blue Team Training Toolkit (BT3) 1.1 - Security Tool Files ≈ Packet Storm
    Blue Team Training Toolkit (BT3) is an attempt to introduce improvements in current computer network defense analysis training. Based on adversary replication techniques, and with reusability in mind, BT3 allows individuals and organizations to create realistic computer attack scenarios, while reducing infrastructure costs, implementation time and risk. The Blue Team Training Toolkit is written in Python, and it includes the latest versions of Encripto's Maligno and Pcapteller.
  • Tue, 12 Jul 2016 00:39:05 +0000: ifchk 1.0.4 - Security Tool Files ≈ Packet Storm
    Ifchk is a network interface promiscuous mode detection tool that reports on the operational state of all configured interfaces present on the system. In addition, it will disable those interfaces found to be promiscuous if told to do so. Per-interface statistics can also be displayed, allowing administrators to perform traffic trend analysis, which could be an aid in the identification of possible inconsistencies or spikes in network traffic volume that may warrant further investigation.
  • Fri, 08 Jul 2016 15:22:22 +0000: Packet Fence 6.2.1 - Security Tool Files ≈ Packet Storm
    PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
  • Fri, 08 Jul 2016 04:44:44 +0000: AntiRansom 3.01 - Security Tool Files ≈ Packet Storm
    AntiRansom is a tool capable of detecting and mitigating attacks of Ransomware using honeypots.
  • Thu, 07 Jul 2016 23:55:55 +0000: OpenDNSSEC 2.0.0 - Security Tool Files ≈ Packet Storm
    OpenDNSSEC is software that manages the security of domain names on the Internet. The project intends to drive adoption of Domain Name System Security Extensions (DNSSEC) to further enhance Internet security.
  • Wed, 06 Jul 2016 05:44:29 +0000: Packet Fence 6.2.0 - Security Tool Files ≈ Packet Storm
    PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
  • Mon, 04 Jul 2016 19:22:22 +0000: Faraday 1.0.22 - Security Tool Files ≈ Packet Storm
    Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
  • Sun, 03 Jul 2016 04:44:44 +0000: AntiRansom 3 - Security Tool Files ≈ Packet Storm
    AntiRansom is a tool capable of detecting and mitigating attacks of Ransomware using honeypots.
  • Mon, 27 Jun 2016 18:22:22 +0000: Blue Team Training Toolkit (BT3) 1.0 - Security Tool Files ≈ Packet Storm
    Blue Team Training Toolkit (BT3) is an attempt to introduce improvements in current computer network defense analysis training. Based on adversary replication techniques, and with reusability in mind, BT3 allows individuals and organizations to create realistic computer attack scenarios, while reducing infrastructure costs, implementation time and risk. The Blue Team Training Toolkit is written in Python, and it includes the lastest versions of Encripto's Maligno and Pcapteller.
  • Fri, 24 Jun 2016 04:02:22 +0000: Mandos Encrypted File System Unattended Reboot Utility 1.7.10 - Security Tool Files ≈ Packet Storm
    The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.
  • Thu, 23 Jun 2016 13:15:36 +0000: Packet Fence 6.1.1 - Security Tool Files ≈ Packet Storm
    PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.

@Risk Exploits

ExploitDB