Latest Exploits / Tools

Latest Exploits

  • Thu, 04 Feb 2016 14:44:44 +0000: Getdpd Cross Site Scripting - Exploit Files ≈ Packet Storm
    Getdpd suffered from a cross site scripting vulnerability.
  • Thu, 04 Feb 2016 13:33:33 +0000: SimpleView CRM Open Redirection - Exploit Files ≈ Packet Storm
    SimpleView CRM suffers from a client side open redirection vulnerability.
  • Thu, 04 Feb 2016 12:44:44 +0000: File Manager PRO 1.3 Local File Inclusion / File Upload - Exploit Files ≈ Packet Storm
    File Manager PRO version 1.3 suffers from local file inclusion and remote files upload vulnerabilities.
  • Thu, 04 Feb 2016 12:12:12 +0000: Soso Transfer 1.1 Denial Of Service - Exploit Files ≈ Packet Storm
    Soso Transfer version 1.1 suffers from a denial of service vulnerability.
  • Thu, 04 Feb 2016 04:53:30 +0000: ASUS RT-N56U 3.0.0.4.374_239 Cross Site Scripting - Exploit Files ≈ Packet Storm
    ASUS RT-N56U version 3.0.0.4.374_239 suffers from a persistent cross site scripting vulnerability.
  • Thu, 04 Feb 2016 04:52:46 +0000: Timeclock 0.995 SQL Injection - Exploit Files ≈ Packet Storm
    Timeclock version 0.995 suffers from a remote SQL injection vulnerability.
  • Thu, 04 Feb 2016 04:49:10 +0000: GE Industrial Solutions UPS SNMP Adapter Command Injection - Exploit Files ≈ Packet Storm
    GE Industrial Solutions UPS SNMP adapter suffers from command injection and clear-text storage of sensitive information.
  • Thu, 04 Feb 2016 04:46:11 +0000: UliCMS 9.8.1 SQL Injection - Exploit Files ≈ Packet Storm
    UliCMS versions 9.8.1 and below suffer from a remote SQL injection vulnerability.
  • Wed, 03 Feb 2016 23:37:56 +0000: Mezzanine 4.1.0 Arbitrary File Upload - Exploit Files ≈ Packet Storm
    Mezzanine version 4.1.0 suffers from an arbitrary file upload vulnerability.
  • Wed, 03 Feb 2016 23:37:17 +0000: Mezzanine 4.1.0 Cross Site Scripting - Exploit Files ≈ Packet Storm
    Mezzanine version 4.1.0 suffers from a cross site scripting vulnerability.
  • Wed, 03 Feb 2016 23:35:44 +0000: MailPoet Newsletters 2.6.19 Cross Site Scripting - Exploit Files ≈ Packet Storm
    MailPoet Newsletters version 2.6.19 suffers from a cross site scripting vulnerability.
  • Wed, 03 Feb 2016 23:23:23 +0000: Opendocman 1.3.4 Cross Site Request Forgery - Exploit Files ≈ Packet Storm
    Opendocman version 1.3.4 suffers from a cross site request forgery vulnerability.
  • Wed, 03 Feb 2016 22:22:22 +0000: Opendocman 1.3.4 HTML Injection - Exploit Files ≈ Packet Storm
    Opendocman version 1.3.4 suffers from an html injection vulnerability.
  • Wed, 03 Feb 2016 20:32:22 +0000: D-Link DVG-N5402SP Path Traversal / Information Disclosure - Exploit Files ≈ Packet Storm
    D-Link DVG-N5402SP suffers from path traversal, weak credential management, and information leakage vulnerabilities.
  • Wed, 03 Feb 2016 20:22:22 +0000: yTree 1.94-1.1 Buffer Overflow - Exploit Files ≈ Packet Storm
    yTree version 1.94-1.1 suffers from a buffer overflow vulnerability.
  • Wed, 03 Feb 2016 19:32:22 +0000: Atutor 2.2 Cross Site Scripting - Exploit Files ≈ Packet Storm
    Atutor version 2.2 suffers from a cross site scripting vulnerability.
  • Wed, 03 Feb 2016 13:33:33 +0000: Equibase.com HTML Injection - Exploit Files ≈ Packet Storm
    Equibase.com suffers from an html injection vulnerability that may allow for cross site scripting.
  • Wed, 03 Feb 2016 02:36:00 +0000: Baumer VeriSens Application Suite 2.6.2 Buffer Overflow - Exploit Files ≈ Packet Storm
    Baumer VeriSens Application Suite version 2.6.2 suffers from a vulnerability that is caused due to a boundary error in baselibs.dll library when processing device job file, which can be exploited to cause a buffer overflow when a user opens e.g. a specially crafted .APP file. Successful exploitation could allow execution of arbitrary code on the affected machine.
  • Wed, 03 Feb 2016 02:32:23 +0000: Oracle 9i XDB FTP Pass Overflow - Exploit Files ≈ Packet Storm
    Oracle 9i XDB FTP PASS overflow for win32. Ported to python from the oracle9i_xdb_ftp_pass.rb exploit.
  • Tue, 02 Feb 2016 17:07:59 +0000: HP Client Security Manager 8.3.4 Cross Site Scripting - Exploit Files ≈ Packet Storm
    HP Client Security Manager version 8.3.4 suffers from a cross site scripting vulnerability.

Latest Tools

  • Tue, 02 Feb 2016 17:06:18 +0000: IPTables Bash Completion 1.4 - Security Tool Files ≈ Packet Storm
    iptables-bash_completion provides programmable completion for the iptables and ip6tables programs from netfilter.org. Following the logic of iptables, options are shown only if they are valid at the current context. Additionally to the completion on options, matches and targets, it supports dynamic retrieval of data from the system i.e: chain-, set-names, interfaces, hostnames, etc. Environment variables allow to fine grade completion options. IP and MAC addresses can be fed by file.
  • Mon, 01 Feb 2016 15:55:55 +0000: 360-FAAR Firewall Analysis Audit And Repair 0.5.5 - Security Tool Files ≈ Packet Storm
    360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.
  • Sun, 31 Jan 2016 17:20:45 +0000: I2P 0.9.24 - Security Tool Files ≈ Packet Storm
    I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.
  • Sun, 31 Jan 2016 17:12:32 +0000: 360-FAAR Firewall Analysis Audit And Repair 0.5.4 - Security Tool Files ≈ Packet Storm
    360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.
  • Sun, 31 Jan 2016 02:28:22 +0000: VBScan Vulnerability Scanner 0.1.4 - Security Tool Files ≈ Packet Storm
    VBScan is a black box vBulletin vulnerability scanner written in perl.
  • Thu, 28 Jan 2016 17:03:33 +0000: Suricata IDPE 3.0 - Security Tool Files ≈ Packet Storm
    Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.
  • Wed, 27 Jan 2016 15:55:55 +0000: IP-Array IPTables Firewall Script 1.0.3 - Security Tool Files ≈ Packet Storm
    A Linux IPv4 firewall and traffic shaper for single hosts to small and mid-sized networks. It allows flexible rule creation, while also shipping with presets for common needs. Rules are written in simple XML, allowing various ways to group and nest the iptables arguments. An interactive mode is available in order to build configuration files in a wizard based manner. Extensive documentation is also included.
  • Tue, 26 Jan 2016 01:43:11 +0000: Packet Fence 5.6.1 - Security Tool Files ≈ Packet Storm
    PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
  • Sun, 24 Jan 2016 18:02:22 +0000: smod Modbus Assessment Framework 1.0.1 - Security Tool Files ≈ Packet Storm
    smod is a modular framework with every kind of diagnostic and offensive feature you could need in order to pentest the modbus protocol. It is a full modbus protocol implementation using Python and Scapy. This software can be run on Linux/OSX under python 2.7.x.
  • Fri, 22 Jan 2016 15:55:55 +0000: RouterHunterBR 2.0 - Security Tool Files ≈ Packet Storm
    RouterHunterBR is a tool to find and perform tests in vulnerable routers on the Internet.
  • Thu, 21 Jan 2016 16:55:49 +0000: OpenDNSSEC 1.4.9 - Security Tool Files ≈ Packet Storm
    OpenDNSSEC is software that manages the security of domain names on the Internet. The project intends to drive adoption of Domain Name System Security Extensions (DNSSEC) to further enhance Internet security.
  • Sat, 16 Jan 2016 14:02:22 +0000: The Metabrik Platform - Security Tool Files ≈ Packet Storm
    The Metabrik Platform bind together a classic Shell with a Perl interpreter as a REPL (Read-Eval-Print-Loop) and a ton of small Briks. Briks are reusable components each performing a specific task. You chain Briks together using Perl variables, they are used to pass output of a Brik Command as input for another Brik Command.
  • Fri, 15 Jan 2016 02:24:24 +0000: OpenSSH 7.1p2 - Security Tool Files ≈ Packet Storm
    This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.
  • Fri, 15 Jan 2016 02:24:06 +0000: 360-FAAR Firewall Analysis Audit And Repair 0.5.3 - Security Tool Files ≈ Packet Storm
    360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.
  • Thu, 14 Jan 2016 17:28:33 +0000: smod Modbus Assessment Framework - Security Tool Files ≈ Packet Storm
    smod is a modular framework with every kind of diagnostic and offensive feature you could need in order to pentest the modbus protocol. It is a full modbus protocol implementation using Python and Scapy. This software can be run on Linux/OSX under python 2.7.x.
  • Thu, 14 Jan 2016 00:59:57 +0000: Packet Fence 5.6.0 - Security Tool Files ≈ Packet Storm
    PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
  • Mon, 11 Jan 2016 17:18:36 +0000: 360-FAAR Firewall Analysis Audit And Repair 0.5.2 - Security Tool Files ≈ Packet Storm
    360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.
  • Mon, 11 Jan 2016 17:14:20 +0000: FireHOL 3.0.1 - Security Tool Files ≈ Packet Storm
    FireHOL a simple yet powerful way to configure stateful iptables firewalls. It can be used for almost any purpose, including control of any number of internal/external/virtual interfaces, control of any combination of routed traffic, setting up DMZ routers and servers, and all kinds of NAT. It provides strong protection (flooding, spoofing, etc.), transparent caches, source MAC verification, blacklists, whitelists, and more. Its goal is to be completely abstracted and powerful but also easy to use, audit, and understand.
  • Mon, 04 Jan 2016 17:36:00 +0000: Maligno 2.5 - Security Tool Files ≈ Packet Storm
    Maligno is an open source penetration testing tool written in python, that serves Metasploit payloads. It generates shellcode with msfvenom and transmits it over HTTP or HTTPS. The shellcode is encrypted with AES and encoded with Base64 prior to transmission.
  • Wed, 30 Dec 2015 17:02:05 +0000: Wireshark Analyzer 2.0.1 - Security Tool Files ≈ Packet Storm
    Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.

@Risk Exploits

  • : SANSFIRE 2011 - @RISK: The Consensus Security Alert
    SANSFIRE 2011

ExploitDB