Latest Exploits / Tools

Latest Exploits

  • Tue, 28 Jul 2015 15:55:55 +0000: phpFileManager 0.9.8 Remote Command Execution - Exploit Files ≈ Packet Storm
    phpFileManager version 0.9.8 suffers from a remote command execution vulnerability.
  • Tue, 28 Jul 2015 14:44:02 +0000: WordPress Flickr Justified Gallery 3.3.6 Cross Site Scripting - Exploit Files ≈ Packet Storm
    WordPress Flickr Justified Gallery plugin version 3.3.6 suffers from a cross site scripting vulnerability.
  • Mon, 27 Jul 2015 22:22:22 +0000: Foxit Reader 7.1.5 Arbitrary Code Execution - Exploit Files ≈ Packet Storm
    Foxit Reader versions 7.0.8 through 7.1.5 suffer from a PNG conversion parsing tEXt chunk arbitrary code execution vulnerability.
  • Mon, 27 Jul 2015 16:00:04 +0000: Hawkeye-G 3.0.1.4912 Cross Site Scripting / Information Leakage - Exploit Files ≈ Packet Storm
    Hawkeye-G version 3.0.1.4912 suffers from cross site scripting and information leakage vulnerabilities.
  • Mon, 27 Jul 2015 15:44:44 +0000: Seditio CMS 1.7.1 Password Disclosure - Exploit Files ≈ Packet Storm
    Seditio CMS version 1.7.1 suffers from an administrator password disclosure vulnerability.
  • Mon, 27 Jul 2015 15:43:07 +0000: OpenSSL Alternative Chains Certificate Forgery MITM Proxy - Exploit Files ≈ Packet Storm
    This Metasploit module exploits a logic error in OpenSSL by impersonating the server and sending a specially-crafted chain of certificates, resulting in certain checks on untrusted certificates to be bypassed on the client, allowing it to use a valid leaf certificate as a CA certificate to sign a fake certificate. The SSL/TLS session is then proxied to the server allowing the session to continue normally and application data transmitted between the peers to be saved. The valid leaf certificate must not contain the keyUsage extension or it must have at least the keyCertSign bit set (see X509_check_issued function in crypto/x509v3/v3_purp.c); otherwise; X509_verify_cert fails with X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY. This Metasploit module requires an active man-in-the-middle attack.
  • Mon, 27 Jul 2015 14:44:44 +0000: Seditio CMS 1.7.1 Open Redirect - Exploit Files ≈ Packet Storm
    Seditio CMS version 1.7.1 suffers from an open redirect vulnerability.
  • Mon, 27 Jul 2015 04:44:44 +0000: XenForo 1.4.9 Cross Site Scripting - Exploit Files ≈ Packet Storm
    XenForo versions 1.4.9 and below suffer from a cross site scripting vulnerability.
  • Sun, 26 Jul 2015 13:44:44 +0000: WordPress Unite Gallery Lite 1.4.6 CSRF / SQL Injection - Exploit Files ≈ Packet Storm
    WordPress Unite Gallery Lite plugin version 1.4.6 suffers from cross site request forgery and remote SQL injection vulnerabilities.
  • Sun, 26 Jul 2015 13:03:33 +0000: WordPress Music Store 1.0.14 Open Redirect - Exploit Files ≈ Packet Storm
    WordPress Music Store plugin version 1.0.14 suffers from an open redirect vulnerability.
  • Sat, 25 Jul 2015 14:44:44 +0000: QNAP TS-x09 Turbo NAS Cross Site Scripting - Exploit Files ≈ Packet Storm
    QNAP TS-x09 Turbo NAS suffers from a cross site scripting vulnerability.
  • Fri, 24 Jul 2015 15:40:39 +0000: Hawkeye-G 3.0.1.4912 Cross Site Request Forgery - Exploit Files ≈ Packet Storm
    Hawkeye-G version 3.0.1.4912 suffers from multiple cross site request forgery vulnerabilities.
  • Thu, 23 Jul 2015 22:12:10 +0000: Apple OS X DYLD_PRINT_TO_FILE Privilege Escalation - Exploit Files ≈ Packet Storm
    In Apple OS X 10.10.4 and prior, the DYLD_PRINT_TO_FILE environment variable is used for redirecting logging data to a file instead of stderr. Due to a design error, this feature can be abused by a local attacker to write arbitrary files as root via restricted, SUID-root binaries.
  • Thu, 23 Jul 2015 22:08:04 +0000: Qualys Security Advisory - userhelper / libuser - Exploit Files ≈ Packet Storm
    The libuser library implements a standardized interface for manipulating and administering user and group accounts, and is installed by default on Linux distributions derived from Red Hat's codebase. During an internal code audit at Qualys, they discovered multiple libuser-related vulnerabilities that allow local users to perform denial-of-service and privilege-escalation attacks. As a proof of concept, they developed an unusual local root exploit against one of libuser's applications. Both the advisory and exploit are included in this post.
  • Wed, 22 Jul 2015 22:57:14 +0000: WordPress Paid Memberships Pro 1.8.4.2 Cross Site Scripting - Exploit Files ≈ Packet Storm
    WordPress Paid Memberships Pro plugin version 1.8.4.2 suffers from a cross site scripting vulnerability.
  • Wed, 22 Jul 2015 22:55:29 +0000: WordPress Count Per Day 3.4 SQL Injection - Exploit Files ≈ Packet Storm
    WordPress Count Per Day plugin version 3.4 suffers from a remote SQL injection vulnerability.
  • Wed, 22 Jul 2015 22:46:58 +0000: Xceedium Xsuite Command Injection / XSS / Traversal / Escalation - Exploit Files ≈ Packet Storm
    Xceedium Xsuite versions 2.3.0 and 2.4.3.0 suffer from command injection, cross site scripting, directory traversal, hard-coded credential, and privilege escalation vulnerabilities.
  • Wed, 22 Jul 2015 22:44:54 +0000: NetCracker Resource Management System 8.0 SQL Injection - Exploit Files ≈ Packet Storm
    NetCracker Resource Management System versions 8.0 and below suffer from multiple remote SQL injection vulnerabilities.
  • Wed, 22 Jul 2015 22:42:55 +0000: NetCracker Resource Management System 8.0 Cross Site Scripting - Exploit Files ≈ Packet Storm
    NetCracker Resource Management System versions 8.0 and below suffer from multiple cross site scripting vulnerabilities.
  • Wed, 22 Jul 2015 18:53:17 +0000: Open Web Analytics 1.5.7 XSS / Password Disclosure / Crypto Weakness - Exploit Files ≈ Packet Storm
    Open Web Analytics version 1.5.7 suffers from password disclosure, weak cryptographic control, and cross site scripting vulnerabilities.

Latest Tools

  • Mon, 27 Jul 2015 00:01:11 +0000: Linux Reverse TCP Shell In Python - Security Tool Files ≈ Packet Storm
    Python code that provides a reverse TCP shell.
  • Sat, 25 Jul 2015 00:00:51 +0000: Packet Fence 5.3.1 - Security Tool Files ≈ Packet Storm
    PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
  • Wed, 22 Jul 2015 23:02:10 +0000: Lynis Auditing Tool 2.1.1 - Security Tool Files ≈ Packet Storm
    Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.
  • Tue, 21 Jul 2015 23:55:55 +0000: Packet Fence 5.3.0 - Security Tool Files ≈ Packet Storm
    PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
  • Tue, 21 Jul 2015 15:49:45 +0000: Capstone 3.0.4 - Security Tool Files ≈ Packet Storm
    Capstone is a multi-architecture, multi-platform disassembly framework. It has a simple and lightweight architecture-neutral API, thread-safe by design, provides details on disassembled instruction, and more.
  • Mon, 20 Jul 2015 22:57:27 +0000: Beltane Web-Based Management For Samhain 1.0.20 - Security Tool Files ≈ Packet Storm
    Beltane is a web-based central management console for the Samhain file integrity / intrusion detection system. It enables the administrator to browse client messages, acknowledge them, and update centrally stored file signature databases. Beltane requires a Samhain (version 1.6.0 or higher) client/server installation, with file signature databases stored on the central server, and logging to a SQL database enabled.
  • Mon, 20 Jul 2015 19:12:09 +0000: Samhain File Integrity Checker 4.0.0 - Security Tool Files ≈ Packet Storm
    Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
  • Mon, 20 Jul 2015 11:11:11 +0000: Pcapteller 0.1 - Security Tool Files ≈ Packet Storm
    Pcapteller is a tool designed for simple traffic manipulation and replay. The tool allows you to recreate a recorded network traffic scenario that occurred in a foreign network, as it really happened in yours. Basically, the tool reads network packets from a PCAP file, and it replaces a given IP address with one that fits your needs. Afterwards, the manipulated packets are injected into the network. The tool is useful if you want to recreate scenarios where computer attacks or malware infections occurred. Using such scenarios as a base, Pcapteller will make it look like everything is really happening in your network. Pcapteller can help you improving your blue team's network security monitoring skills, or creating network decoys during red team operations.
  • Fri, 17 Jul 2015 00:51:56 +0000: Tor-ramdisk i686 UClibc-based Linux Distribution x86 20150714 - Security Tool Files ≈ Packet Storm
    Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86_64 version.
  • Wed, 15 Jul 2015 09:32:22 +0000: D3LT4 SQL Injection Scanner - Security Tool Files ≈ Packet Storm
    D3LT4 is a mutation of smartd0rk3r and can search for 10,446 google dorks and scans for SQL injection vulnerabilities.
  • Mon, 13 Jul 2015 04:55:58 +0000: TOR Virtual Network Tunneling Tool 0.2.6.10 - Security Tool Files ≈ Packet Storm
    Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
  • Thu, 09 Jul 2015 23:55:55 +0000: OpenSSL Toolkit 1.0.2d - Security Tool Files ≈ Packet Storm
    OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.
  • Tue, 07 Jul 2015 16:22:34 +0000: Tinc Virtual Private Network Daemon 1.0.26 - Security Tool Files ≈ Packet Storm
    tinc is a Virtual Private Network (VPN) daemon that uses tunneling and encryption to create a secure private network between multiple hosts on the Internet. This tunneling allows VPN sites to share information with each other over the Internet without exposing any information.
  • Mon, 06 Jul 2015 05:55:55 +0000: FreeBSD 10.x Backdoor Module - Security Tool Files ≈ Packet Storm
    This module, once loaded, gives the thread/user calling it root instantly without spawning an extra shell.
  • Wed, 01 Jul 2015 05:43:16 +0000: OpenSSH 6.9p1 - Security Tool Files ≈ Packet Storm
    This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.
  • Wed, 01 Jul 2015 03:25:15 +0000: Faraday 1.0.11 - Security Tool Files ≈ Packet Storm
    Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
  • Wed, 01 Jul 2015 00:00:02 +0000: DAVOSET 1.2.5 - Security Tool Files ≈ Packet Storm
    DAVOSET is a tool for committing distributed denial of service attacks using execution on other sites.
  • Sun, 28 Jun 2015 06:22:22 +0000: TRENDnet TEW-818RDU PIN Disclosure - Security Tool Files ≈ Packet Storm
    TRENDnet TEW-818RDU versions 1 ("ac1900") and 2 ("ac3200") PIN disclosure exploit.
  • Fri, 26 Jun 2015 13:33:33 +0000: Htcap Analysis Tool Alpha 0.1 - Security Tool Files ≈ Packet Storm
    Htcap is a web application analysis tool for detecting communications between javascript and the server. It crawls the target application and maps ajax calls, dynamically inserted scripts, websockets calls, dynamically loaded resources and some interesting elements. The generated report is meant to be a good starting point for a manual web application security audit. Htcap is written in python and uses phantomjs to load pages injecting a probe that analyzes javascript behaviour. Once injected, the probe, overrides native javascript methods in order to intercept communications and DOM changes. It also simulates user interaction by firing all attached events and by filling html inputs.
  • Thu, 25 Jun 2015 14:11:31 +0000: AESshell 0.7 - Security Tool Files ≈ Packet Storm
    AESshell is a backconnect shell for Windows and Unix written in python and uses AES in CBC mode in conjunction with HMAC-SHA256 for secure transport. Written in python but also includes a Windows binary.

@Risk Exploits

  • : SANSFIRE 2011 - @RISK: The Consensus Security Alert
    SANSFIRE 2011

ExploitDB