Latest Exploits / Tools

Latest Exploits

  • Fri, 29 Aug 2014 22:22:06 +0000: Wing FTP Server Authenticated Command Execution - Exploit Files ≈ Packet Storm
    This Metasploit module exploits the embedded Lua interpreter in the admin web interface for versions 4.3.8 and below. When supplying a specially crafted HTTP POST request an attacker can use os.execute() to execute arbitrary system commands on the target with SYSTEM privileges.
  • Fri, 29 Aug 2014 22:05:22 +0000: Microsoft Internet Explorer MS14-029 Memory Corruption - Exploit Files ≈ Packet Storm
    Microsoft Internet Explorer memory corruption proof of concept exploit that leverages the vulnerability noted in MS14-029.
  • Fri, 29 Aug 2014 20:22:22 +0000: HTML Help Workshop 1.4 Buffer Overflow - Exploit Files ≈ Packet Storm
    HTML Help Workshop version 1.4 SEH buffer overflow exploit.
  • Fri, 29 Aug 2014 01:56:02 +0000: F5 Unauthenticated rsync Access To Remote Root Code Execution - Exploit Files ≈ Packet Storm
    When configured in a high availability mode, the F5 solution suffers from an unauthenticated rsync access vulnerability that can be leveraged to upload a malicious SSH key and gain remote root access to the appliance. Affected includes F5 BIG-IP 11.x versions before 11.6.0, 11.5.1 HF3, 11.5.0 HF4, 11.4.1 HF, 11.4.0 HF7, 11.3.0 HF9, and 11.2.1 HF11, Enterprise Manager 3.x versions before 3.1.1 HF2.
  • Thu, 28 Aug 2014 22:37:34 +0000: NRPE 2.15 Remote Command Execution - Exploit Files ≈ Packet Storm
    NRPE version 2.15 remote command execution exploit written in Python.
  • Thu, 28 Aug 2014 22:35:41 +0000: DomainTrader Domain Parking / Auction Script 2.5.3 CSRF / XSS - Exploit Files ≈ Packet Storm
    DomainTrader Domain Parking and Auction Script version 2.5.3 suffers from cross site request forgery and cross site scripting vulnerabilities.
  • Thu, 28 Aug 2014 22:31:09 +0000: Jappix Cross Site Scripting - Exploit Files ≈ Packet Storm
    Jappix suffers from a persistent cross site scripting vulnerability.
  • Thu, 28 Aug 2014 18:38:46 +0000: F5 BIG-IP 11.5.1 Cross Site Scripting - Exploit Files ≈ Packet Storm
    F5 BIG-IP versions 11.5.1 and below suffer from a reflective cross site scripting vulnerability.
  • Thu, 28 Aug 2014 18:34:00 +0000: ActualAnalyzer Remote Command Execution - Exploit Files ≈ Packet Storm
    ActualAnalyzer remote command execution exploit that leverages an eval.
  • Thu, 28 Aug 2014 18:32:08 +0000: PhpWiki Ploticus Command Injection - Exploit Files ≈ Packet Storm
    Proof of concept exploit for PhpWiki that demonstrates a remote command injection vulnerability via the Ploticus module.
  • Thu, 28 Aug 2014 18:30:03 +0000: XRMS Blind SQL Injection / Command Execution - Exploit Files ≈ Packet Storm
    XRMS blind SQL injection exploit that leverages $_SESSION poisoning and achieves remote command execution.
  • Thu, 28 Aug 2014 10:11:11 +0000: Plogger Authenticated Arbitrary File Upload - Exploit Files ≈ Packet Storm
    Plogger versions prior to 1.0-RC1 suffer from a remote authenticated arbitrary file upload vulnerability.
  • Wed, 27 Aug 2014 21:43:54 +0000: Firefox WebIDL Privileged Javascript Injection - Exploit Files ≈ Packet Storm
    This exploit gains remote code execution on Firefox 22-27 by abusing two separate privilege escalation vulnerabilities in Firefox's Javascript APIs.
  • Wed, 27 Aug 2014 21:37:39 +0000: ManageEngine DeviceExpert 5.9 Credential Disclosure - Exploit Files ≈ Packet Storm
    ManageEngine DeviceExpert version 5.9 suffers from a user credential disclosure vulnerability.
  • Wed, 27 Aug 2014 16:04:44 +0000: WooCommerce Store Exporter 1.7.5 Cross Site Scripting - Exploit Files ≈ Packet Storm
    WooCommerce Store Exporter version 1.7.5 suffers from multiple persistent cross site scripting vulnerabilities.
  • Wed, 27 Aug 2014 09:22:22 +0000: Furniture Site Manager SQL Injection - Exploit Files ≈ Packet Storm
    Furniture Site Manager suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
  • Tue, 26 Aug 2014 23:33:33 +0000: glibc __gconv_translit_find() Privilege Escalation - Exploit Files ≈ Packet Storm
    glibc __gconv_translit_find() single-fixed-byte heap metadata overflow local root exploit for Fedora 20 32-bit. This issue is not specific to Fedora, but the proof of concept is specifically for Fedora 20 32-bit.
  • Tue, 26 Aug 2014 22:22:22 +0000: Grand MA 300 Fingerprint Reader Weak PIN Verification - Exploit Files ≈ Packet Storm
    Grand MA 300/ID with firmware 6.60 has a weakness that allows the retrieval of the access pin from sniffed data, as well as a weakness that allows a fast brute-force attack on the pin.
  • Tue, 26 Aug 2014 19:22:22 +0000: Joomla Spider 2.8.3 SQL Injection - Exploit Files ≈ Packet Storm
    Joomla Spider video player version 2.8.3 suffers from a remote SQL injection vulnerability.
  • Tue, 26 Aug 2014 18:22:22 +0000: vm-support 0.88 File Overwrite / Information Disclosure - Exploit Files ≈ Packet Storm
    vm-support version 0.88 suffers from file overwrite and sensitive information disclosure vulnerabilities.

Latest Tools

  • Fri, 29 Aug 2014 22:39:01 +0000: Spiped 1.4.0 - Security Tool Files ≈ Packet Storm
    Spiped (pronounced "ess-pipe-dee") is a utility for creating symmetrically encrypted and authenticated pipes between socket addresses, so that one may connect to one address (e.g., a UNIX socket on localhost) and transparently have a connection established to another address (e.g., a UNIX socket on a different system). This is similar to 'ssh -L' functionality, but does not use SSH and requires a pre-shared symmetric key. Spiped uses strong and well-understood cryptographic components: The initial key negotiation is performed using HMAC-SHA256 and an authenticated Diffie-Hellman key exchange over the standard 2048-bit "group 14"; following the completion of key negotiation, packets are transmitted encrypted with AES-256 in CTR mode and authenticated using HMAC-SHA256.
  • Thu, 28 Aug 2014 18:40:41 +0000: Lynis Auditing Tool 1.6.0 - Security Tool Files ≈ Packet Storm
    Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.
  • Wed, 27 Aug 2014 11:11:11 +0000: RedHat Checklist Script - Security Tool Files ≈ Packet Storm
    This script is designed to perform a security evaluation against industry best practices, over RedHat and RedHat based systems, to detect configuration deviations. It was developed due to the need to ensure that the servers within the author's workplace would comply with specific policies. As this tool was designed specifically for this purpose, "lynis" was not used for the task.
  • Tue, 26 Aug 2014 02:50:44 +0000: Nmap Port Scanner 6.47 - Security Tool Files ≈ Packet Storm
    Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings.
  • Mon, 25 Aug 2014 10:11:11 +0000: SSDP Amplification Scanner - Security Tool Files ≈ Packet Storm
    SSDP amplification scanner written in Python. Makes use of Scapy.
  • Thu, 21 Aug 2014 20:21:40 +0000: oclHashcat For AMD 1.30 - Security Tool Files ≈ Packet Storm
    oclHashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. AMD version.
  • Thu, 21 Aug 2014 20:17:47 +0000: oclHashcat For NVidia 1.30 - Security Tool Files ≈ Packet Storm
    oclHashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. NVidia version.
  • Tue, 19 Aug 2014 23:54:11 +0000: Maligno 1.2 - Security Tool Files ≈ Packet Storm
    Maligno is an open source penetration testing tool written in python, that serves Metasploit payloads. It generates shellcode with msfvenom and transmits it over HTTP or HTTPS. The shellcode is encrypted with AES and encoded with Base64 prior to transmission.
  • Tue, 19 Aug 2014 16:04:44 +0000: Melkor ELF Fuzzer 1.0 - Security Tool Files ≈ Packet Storm
    Melkor is an ELF fuzzer that mutates the existing data in an ELF sample given to create orcs (malformed ELFs), however, it does not change values randomly (dumb fuzzing), instead, it fuzzes certain metadata with semi-valid values through the use of fuzzing rules (knowledge base). Written in C, Melkor is a very intuitive and easy-to-use fuzzer to find functional (and security) bugs in ELF parsers.
  • Mon, 18 Aug 2014 17:58:25 +0000: Viproy VoIP Penetration / Exploitation Kit 2.0 - Security Tool Files ≈ Packet Storm
    Viproy Voip Penetration and Exploitation Kit is developed to improve quality of SIP penetration testing. It provides authentication and trust analysis features that assists in creating simple tests.
  • Sat, 16 Aug 2014 00:08:56 +0000: GnuPG 2.0.26 - Security Tool Files ≈ Packet Storm
    GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.
  • Tue, 12 Aug 2014 02:04:45 +0000: I2P 0.9.14.1 - Security Tool Files ≈ Packet Storm
    I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.
  • Tue, 12 Aug 2014 02:01:34 +0000: Suricata IDPE 2.0.3 - Security Tool Files ≈ Packet Storm
    Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.
  • Thu, 07 Aug 2014 19:49:10 +0000: Samhain File Integrity Checker 3.1.2 - Security Tool Files ≈ Packet Storm
    Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
  • Thu, 07 Aug 2014 12:33:33 +0000: Mandos Encrypted File System Unattended Reboot Utility 1.6.8 - Security Tool Files ≈ Packet Storm
    The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.
  • Wed, 06 Aug 2014 23:55:55 +0000: OpenSSL Toolkit 1.0.1i - Security Tool Files ≈ Packet Storm
    OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.
  • Mon, 04 Aug 2014 22:01:19 +0000: Adobe ColdFusion MX6 Password Decryptor - Security Tool Files ≈ Packet Storm
    This tool enables you to retrieve the plain text password for ColdFusion MX6.
  • Mon, 04 Aug 2014 21:59:56 +0000: Tenshi Log Monitoring Program 0.15 - Security Tool Files ≈ Packet Storm
    tenshi is a log monitoring program, designed to watch one or more log files for lines matching user defined regular expressions and report on the matches. The regular expressions are assigned to queues which have an alert interval and a list of mail recipients. Queues can be set to send a notification as soon as there is a log line assigned to it, or to send periodic reports.
  • Sun, 03 Aug 2014 15:18:35 +0000: IPTables Bash Completion 1.2 - Security Tool Files ≈ Packet Storm
    iptables-bash_completion provides programmable completion for the iptables and ip6tables programs from netfilter.org. Following the logic of iptables, options are shown only if they are valid at the current context. Additionally to the completion on options, matches and targets, it supports dynamic retrieval of data from the system i.e: chain-, set-names, interfaces, hostnames, etc. Environment variables allow to fine grade completion options. IP and MAC addresses can be fed by file.
  • Sat, 02 Aug 2014 00:31:38 +0000: Tor-ramdisk i686 UClibc-based Linux Distribution x86 20140801 - Security Tool Files ≈ Packet Storm
    Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86_64 version.

@Risk Exploits

  • : SANSFIRE 2011 - @RISK: The Consensus Security Alert
    SANSFIRE 2011

ExploitDB