Latest Exploits / Tools

Latest Exploits

  • Fri, 24 Jun 2016 04:35:26 +0000: SugarCRM 6.5.18 fopen() Command Injection / XSS / SSRF - Exploit Files ≈ Packet Storm
    SugarCRM versions 6.5.18 and below suffer from a MySugar::addDashlet insecure fopen() usage that can lead to command injection, cross site scripting, and server-side request forgery exploitation.
  • Fri, 24 Jun 2016 04:34:16 +0000: SugarCRM 6.5.18 PHP Code Injection - Exploit Files ≈ Packet Storm
    SugarCRM versions 6.5.18 and below suffer from two PHP code injection vulnerabilities.
  • Fri, 24 Jun 2016 04:33:01 +0000: SugarCRM 6.5.18 Missing Authorization - Exploit Files ≈ Packet Storm
    SugarCRM versions 6.5.18 and below suffer from a missing authorization check vulnerability.
  • Thu, 23 Jun 2016 17:32:22 +0000: WordPress Ultimate Product Catalog 3.8.6 Shell Upload - Exploit Files ≈ Packet Storm
    WordPress Ultimate Product Catalog plugin version 3.8.6 suffers from a remote shell upload vulnerability.
  • Thu, 23 Jun 2016 15:55:55 +0000: vPet Engine 2.1 SQL Injection / Backdoor Account - Exploit Files ≈ Packet Storm
    vPet Engine version 2.1 suffers from remote SQL injection and default backdoor admin account vulnerabilities.
  • Thu, 23 Jun 2016 13:01:24 +0000: Windows Local WebDAV NTLM Reflection Elevation Of Privilege - Exploit Files ≈ Packet Storm
    A default installation of Windows 7/8 can be made to perform a NTLM reflection attack through WebDAV which allows a local user to elevate privileges to local system.
  • Thu, 23 Jun 2016 12:58:59 +0000: FinderView Path Traversal / Cross Site Scripting - Exploit Files ≈ Packet Storm
    FinderView suffers from path traversal and cross site scripting vulnerabilities.
  • Thu, 23 Jun 2016 12:57:40 +0000: XuezhuLi FileSharing Cross Site Request Forgery - Exploit Files ≈ Packet Storm
    XuezhuLi FileSharing suffers from a cross site request forgery vulnerability.
  • Thu, 23 Jun 2016 12:56:16 +0000: XuezhuLi FileSharing Path Traversal - Exploit Files ≈ Packet Storm
    XuezhuLi FileSharing suffers from a path traversal vulnerability.
  • Thu, 23 Jun 2016 12:54:52 +0000: Getsimple CMS 3.3.10 Shell Upload - Exploit Files ≈ Packet Storm
    Getsimple CMS versions 3.3.10 and below suffer from a remote shell upload vulnerability.
  • Thu, 23 Jun 2016 12:52:44 +0000: Dolibarr CRM Command Injection - Exploit Files ≈ Packet Storm
    Dolibarr CRM versions prior to 3.9.1 suffer from a command injection vulnerability.
  • Thu, 23 Jun 2016 12:50:25 +0000: Quick.Cart.Ext 6.7 Cross Site Request Forgery - Exploit Files ≈ Packet Storm
    Quick.Cart.Ext versions 6.7 and below remote admin add cross site request forgery exploit.
  • Wed, 22 Jun 2016 23:33:37 +0000: Tiki-Wiki CMS Calendar Command Execution - Exploit Files ≈ Packet Storm
    Tiki-Wiki CMS's calendar module contains a remote code execution vulnerability within the viewmode GET parameter. The calendar module is NOT enabled by default. If enabled, the default permissions are set to NOT allow anonymous users to access.
  • Wed, 22 Jun 2016 23:23:12 +0000: Open-Xchange App Suite 7.8.1 Information Disclosure - Exploit Files ≈ Packet Storm
    Open-Xchange App Suite versions 7.8.1 and below suffer from an information disclosure vulnerability.
  • Wed, 22 Jun 2016 23:20:23 +0000: WordPress Contus Video Comments 1.0 File Upload - Exploit Files ≈ Packet Storm
    WordPress Contus Video Comments plugin version 1.0 suffers from a remote file upload vulnerability.
  • Wed, 22 Jun 2016 22:22:22 +0000: PCMAN FTP Server 2.0.7 ls Buffer Overflow - Exploit Files ≈ Packet Storm
    This Metasploit module exploits a buffer overflow vulnerability found in the ls command of the PCMAN FTP version 2.0.7 Server.
  • Wed, 22 Jun 2016 20:02:22 +0000: Wolf CMS 0.8.2 Arbitrary PHP File Upload - Exploit Files ≈ Packet Storm
    This Metasploit module exploits a file upload vulnerability in Wolf CMS version 0.8.2. This application has an upload feature that allows an authenticated user with administrator roles to upload arbitrary files to the '/public' directory.
  • Wed, 22 Jun 2016 03:19:14 +0000: DarkComet Server 3.2 Remote File Download - Exploit Files ≈ Packet Storm
    This Metasploit module exploits an arbitrary file download vulnerability in the DarkComet C&C server versions 3.2 and up. The exploit does not need to know the password chosen for the bot/server communication.
  • Wed, 22 Jun 2016 03:11:39 +0000: SSHC 5.0 Encrypted Database Content Stealing - Exploit Files ≈ Packet Storm
    SSHC version 5.0 is susceptible to an encrypted database content theft vulnerability.
  • Wed, 22 Jun 2016 03:08:25 +0000: YetiForce CRM Cross Site Scripting - Exploit Files ≈ Packet Storm
    YetiForce CRM versions prior to 3.1 suffer from a persistent cross site scripting vulnerability.

Latest Tools

  • Fri, 24 Jun 2016 04:02:22 +0000: Mandos Encrypted File System Unattended Reboot Utility 1.7.10 - Security Tool Files ≈ Packet Storm
    The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.
  • Thu, 23 Jun 2016 13:15:36 +0000: Packet Fence 6.1.1 - Security Tool Files ≈ Packet Storm
    PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
  • Wed, 22 Jun 2016 23:48:27 +0000: Mandos Encrypted File System Unattended Reboot Utility 1.7.9 - Security Tool Files ≈ Packet Storm
    The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.
  • Wed, 22 Jun 2016 03:48:21 +0000: Faraday 1.0.21 - Security Tool Files ≈ Packet Storm
    Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
  • Wed, 22 Jun 2016 03:47:37 +0000: Packet Fence 6.1.0 - Security Tool Files ≈ Packet Storm
    PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
  • Wed, 22 Jun 2016 03:33:30 +0000: Mandos Encrypted File System Unattended Reboot Utility 1.7.8 - Security Tool Files ≈ Packet Storm
    The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.
  • Tue, 21 Jun 2016 01:07:50 +0000: Ansvif 1.5.2 - Security Tool Files ≈ Packet Storm
    Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.
  • Tue, 21 Jun 2016 01:06:42 +0000: Suricata IDPE 3.1 - Security Tool Files ≈ Packet Storm
    Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.
  • Tue, 21 Jun 2016 01:04:04 +0000: AIEngine 1.5 - Security Tool Files ≈ Packet Storm
    AIEngine is a packet inspection engine with capabilities of learning without any human intervention. It helps network/security professionals to identify traffic and develop signatures for use them on NIDS, Firewalls, Traffic classifiers and so on.
  • Thu, 16 Jun 2016 20:37:50 +0000: Hydra Network Logon Cracker 8.2 - Security Tool Files ≈ Packet Storm
    THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.
  • Mon, 13 Jun 2016 01:11:11 +0000: WSO Shell Variant Using A 404 - Security Tool Files ≈ Packet Storm
    This is a modified WSO PHP shell backdoor that maraudes as a 404 in order to try and hide. On top of that the backdoor is probably backdoored.
  • Thu, 09 Jun 2016 23:14:55 +0000: Wireshark Analyzer 2.0.4 - Security Tool Files ≈ Packet Storm
    Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.
  • Thu, 09 Jun 2016 23:12:35 +0000: I2P 0.9.26 - Security Tool Files ≈ Packet Storm
    I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.
  • Thu, 09 Jun 2016 23:09:15 +0000: Falco 0.2.0 - Security Tool Files ≈ Packet Storm
    Sysdig falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about falco as a mix between snort, ossec and strace.
  • Thu, 09 Jun 2016 23:06:10 +0000: Fwknop Port Knocking Utility 2.6.9 - Security Tool Files ≈ Packet Storm
    fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap.
  • Tue, 07 Jun 2016 01:11:11 +0000: Packet Fence 6.0.3 - Security Tool Files ≈ Packet Storm
    PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
  • Sun, 05 Jun 2016 03:33:33 +0000: Evilgrade - The Update Exploitation Framework 2.0.7 - Security Tool Files ≈ Packet Storm
    Evilgrade is a modular framework that allows the user to take advantage of poor upgrade implementations by injecting fake updates. This framework comes into play when the attacker is able to make traffic redirection, and such thing can be done in several ways such as: DNS tampering, DNS Cache Poisoning, ARP spoofing Wi-Fi Access Point impersonation, DHCP hijacking with your favorite tools. This way you can easy take control of a fully patched machine during a penetration test in a clean and easy way. The main idea behind the is to show the amount of trivial errors in the update process of mainstream applications.
  • Sat, 04 Jun 2016 16:34:34 +0000: Zed Attack Proxy 2.5.0 Windows Installer - Security Tool Files ≈ Packet Storm
    The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. Windows installer.
  • Sat, 04 Jun 2016 16:33:33 +0000: Zed Attack Proxy 2.5.0 Mac OS X Release - Security Tool Files ≈ Packet Storm
    The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. Mac OS X release.
  • Sat, 04 Jun 2016 16:31:46 +0000: Zed Attack Proxy 2.5.0 Linux Release - Security Tool Files ≈ Packet Storm
    The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. Linux release.

@Risk Exploits

ExploitDB