Latest Exploits / Tools

Latest Exploits

  • Tue, 12 Dec 2017 05:23:13 +0000: macOS / iOS Kernel IOSurfaceRootUserClient Double-Free - Exploit Files ≈ Packet Storm
    macOS and iOS suffer from a kernel double free vulnerability due to IOSurfaceRootUserClient not respecting MIG ownership rules.
  • Tue, 12 Dec 2017 05:22:26 +0000: macOS getrusage Stack Leak - Exploit Files ≈ Packet Storm
    macOS suffers from a getrusage stack leak through struct padding.
  • Tue, 12 Dec 2017 05:21:36 +0000: macOS necp_get_socket_attributes so_pcb Type Confusion - Exploit Files ≈ Packet Storm
    macOS suffers from an so_pcb type confusion vulnerability in necp_get_socket_attributes.
  • Tue, 12 Dec 2017 05:18:54 +0000: XNU Kernel Memory Corruption - Exploit Files ≈ Packet Storm
    The XNU kernel suffers from a memory corruption vulnerability due to an integer overflow in the __offsetof usage in posix_spawn on 32-bit platforms.
  • Tue, 12 Dec 2017 05:17:27 +0000: macOS / iOS IOTimeSyncClockManagerUserClient Use-After-Free - Exploit Files ≈ Packet Storm
    macOS / iOS suffer from multiple kernel use-after-free vulnerabilities due to incorrect IOKit object lifetime management in IOTimeSyncClockManagerUserClient.
  • Tue, 12 Dec 2017 05:15:47 +0000: macOS AppleIntelCapriController::GetLinkConfig Kernel Code Execution - Exploit Files ≈ Packet Storm
    The macOS kernel suffers from a code execution vulnerability due to a lack of bounds checking in AppleIntelCapriController::GetLinkConfig.
  • Tue, 12 Dec 2017 05:14:49 +0000: macOS / iOS Kernel Double Free - Exploit Files ≈ Packet Storm
    macOS and iOS suffer from a kernel double free due to incorrect API usage in flow divert socket option handling.
  • Tue, 12 Dec 2017 05:13:20 +0000: XNU Kernel API Memory Disclosure - Exploit Files ≈ Packet Storm
    There is a XNU kernel memory disclosure flaw caused by a bug in the kernel API for detecting kernel memory disclosures. No, this isn't a failure at writing a description.
  • Tue, 12 Dec 2017 05:11:07 +0000: LibTIFF pal2rgb 4.0.9 Heap Overflow - Exploit Files ≈ Packet Storm
    LibTIFF pal2rgb version 4.0.9 suffers from a heap buffer overflow.
  • Tue, 12 Dec 2017 05:05:21 +0000: Vanguard 1.4 SQL Injection - Exploit Files ≈ Packet Storm
    Vanguard version 1.4 suffers from a remote SQL injection vulnerability.
  • Tue, 12 Dec 2017 05:03:34 +0000: Vanguard 1.4 Arbitrary File Upload - Exploit Files ≈ Packet Storm
    Vanguard version 1.4 suffers from an arbitrary file upload vulnerability.
  • Tue, 12 Dec 2017 05:02:25 +0000: Basic Job Site Script 2.0.5 SQL Injection - Exploit Files ≈ Packet Storm
    Basic Job Site Script version 2.0.5 suffers from a remote SQL injection vulnerability.
  • Tue, 12 Dec 2017 05:01:47 +0000: Resume Clone Script 2.0.5 SQL Injection - Exploit Files ≈ Packet Storm
    Resume Clone Script version 2.0.5 suffers from a remote SQL injection vulnerability.
  • Tue, 12 Dec 2017 05:00:57 +0000: Advanced World Database 2.0.5 SQL Injection - Exploit Files ≈ Packet Storm
    Advanced World Database version 2.0.5 suffers from a remote SQL injection vulnerability.
  • Tue, 12 Dec 2017 05:00:34 +0000: Muslim Matrimonial Script 3.02 SQL Injection - Exploit Files ≈ Packet Storm
    Muslim Matrimonial Script version 3.02 suffers from a remote SQL injection vulnerability.
  • Tue, 12 Dec 2017 05:00:06 +0000: Groupon Clone Script 3.01 SQL Injection - Exploit Files ≈ Packet Storm
    Groupon Clone Script version 3.01 suffers from a remote SQL injection vulnerability.
  • Tue, 12 Dec 2017 04:58:43 +0000: Car Rental Script 2.0.4 SQL Injection - Exploit Files ≈ Packet Storm
    Car Rental Script version 2.0.4 suffers from a remote SQL injection vulnerability.
  • Tue, 12 Dec 2017 04:58:12 +0000: MLM Forced Matrix 2.0.9 SQL Injection - Exploit Files ≈ Packet Storm
    MLM Forced Matrix version 2.0.9 suffers from a remote SQL injection vulnerability.
  • Tue, 12 Dec 2017 04:57:18 +0000: MLM Forex Market Plan Script 2.0.4 SQL Injection - Exploit Files ≈ Packet Storm
    MLM Forex Market Plan Script version 2.0.4 suffers from a remote SQL injection vulnerability.
  • Tue, 12 Dec 2017 04:56:53 +0000: Entrepreneur Bus Booking Script 3.0.4 SQL Injection - Exploit Files ≈ Packet Storm
    Entrepreneur Bus Booking Script version 3.0.4 suffers from a remote SQL injection vulnerability.

Latest Tools

  • Sat, 09 Dec 2017 01:58:58 +0000: Suricata IDPE 4.0.3 - Security Tool Files ≈ Packet Storm
    Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.
  • Sat, 09 Dec 2017 01:58:38 +0000: OpenSSL Toolkit 1.0.2n - Security Tool Files ≈ Packet Storm
    OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.
  • Mon, 04 Dec 2017 01:11:11 +0000: 0d1n 2.5 - Security Tool Files ≈ Packet Storm
    0d1n is a web security tool for fuzzing various HTTP/S payloads. It's written in C and uses libcurl.
  • Mon, 04 Dec 2017 00:53:15 +0000: TOR Virtual Network Tunneling Tool 0.3.1.9 - Security Tool Files ≈ Packet Storm
    Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
  • Thu, 30 Nov 2017 23:44:44 +0000: Wireshark Analyzer 2.4.3 - Security Tool Files ≈ Packet Storm
    Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.
  • Tue, 28 Nov 2017 20:15:09 +0000: Zed Attack Proxy 2.7.0 Cross Platform Package - Security Tool Files ≈ Packet Storm
    The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. This is the cross platform package.
  • Tue, 28 Nov 2017 19:39:42 +0000: JTempest Windows ExtIO 32-Bit - Security Tool Files ≈ Packet Storm
    TempestSDR is an open source tool that allows you to use any SDR that has a supporting ExtIO (such as RTL-SDR, Airspy, SDRplay, HackRF) to receive the unintentional signal radiation from a screen, and turn that signal back into a live image. This is a pre-compiled version of the project that is built to work on Windows with ExtIO interfaces.
  • Tue, 28 Nov 2017 19:36:58 +0000: TempestSDR RTL-SDR Fork - Security Tool Files ≈ Packet Storm
    This project is a software toolkit for remotely eavesdropping video monitors using a Software Defined Radio (SDR) receiver. It exploits compromising emanations from cables carrying video signals. Raster video is usually transmitted one line of pixels at a time, encoded as a varying current. This generates an electromagnetic wave that can be picked up by an SDR receiver. The software maps the received field strength of a pixel to a gray-scale shade in real-time. This forms a false colour estimate of the original video signal. The toolkit uses unmodified off-the-shelf hardware which lowers the costs and increases mobility compared to existing solutions. It allows for additional post-processing which improves the signal-to-noise ratio. The attacker does not need to have prior knowledge about the target video display. All parameters such as resolution and refresh rate are estimated with the aid of the software. The software consists of a library written in C, a collection of plug-ins for various Software Define Radio (SDR) front-ends and a Java based Graphical User Interface (GUI). It is a multi-platform application, with all native libraries pre-compiled and packed into a single Java jar file. This forked variant of the original contains an updated Makefile to support Windows with ExtIO interfaces.
  • Mon, 27 Nov 2017 18:22:22 +0000: Chameleon Mini Smartcard Emulator Iceman Fork - Security Tool Files ≈ Packet Storm
    This is the Iceman fork of the Chameleon Mini source code for the firmware. The Chameleon Mini is a versatile contactless smartcard emulator compliant to NFC. A popular hardware revision is the Chameleon Mini rev E - rebooted.
  • Mon, 27 Nov 2017 17:22:22 +0000: IPTables Bash Completion 1.7 - Security Tool Files ≈ Packet Storm
    iptables-bash_completion provides programmable completion for the iptables and ip6tables programs from netfilter.org. Following the logic of iptables, options are shown only if they are valid at the current context. Additionally to the completion on options, matches and targets, it supports dynamic retrieval of data from the system i.e: chain-, set-names, interfaces, hostnames, etc. Environment variables allow to fine grade completion options. IP and MAC addresses can be fed by file.
  • Sat, 25 Nov 2017 14:47:39 +0000: AIEngine 1.8.2 - Security Tool Files ≈ Packet Storm
    AIEngine is a packet inspection engine with capabilities of learning without any human intervention. It helps network/security professionals to identify traffic and develop signatures for use them on NIDS, Firewalls, Traffic classifiers and so on.
  • Tue, 21 Nov 2017 19:21:38 +0000: Mobius Forensic Toolkit 1.0 - Security Tool Files ≈ Packet Storm
    Mobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files for easy integration with other tools.
  • Tue, 21 Nov 2017 19:20:12 +0000: Faraday 2.7.1 - Security Tool Files ≈ Packet Storm
    Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
  • Fri, 17 Nov 2017 22:23:30 +0000: Haveged 1.9.2 - Security Tool Files ≈ Packet Storm
    haveged is a daemon that feeds the /dev/random pool on Linux using an adaptation of the HArdware Volatile Entropy Gathering and Expansion algorithm invented at IRISA. The algorithm is self-tuning on machines with cpuid support, and has been tested in both 32-bit and 64-bit environments. The tarball uses the GNU build mechanism, and includes self test targets and a spec file for those who want to build an RPM.
  • Fri, 17 Nov 2017 22:20:36 +0000: Flawfinder 2.0.5 - Security Tool Files ≈ Packet Storm
    Flawfinder searches through source code for potential security flaws, listing potential security flaws sorted by risk, with the most potentially dangerous flaws shown first. This risk level depends not only on the function, but on the values of the parameters of the function.
  • Tue, 14 Nov 2017 04:58:38 +0000: I2P 0.9.32 - Security Tool Files ≈ Packet Storm
    I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.
  • Thu, 09 Nov 2017 05:22:22 +0000: PTP-RAT Screen Share Proof Of Concept - Security Tool Files ≈ Packet Storm
    PTP-RAT is a proof of concept that allows data theft via screen-share protocols. Each screen flash starts with a header. This contains a magic string, "PTP-RAT-CHUNK" followed by a sequence number. When the receiver is activated, it starts taking screenshots at twice the transmission frequency (the Nyquist rate). When it detects a valid header, it decodes the pixel colour information and waits on the next flash. As soon as a valid header is not detected, it reconstructs all the flashes and saves the result to a file. To transfer a file, you run an instance of the Rat locally on your hacktop, and set that up as a receiver. Another instance is run on the remote server and this acts as a sender. You simply click on send file, and select a file to send. The mouse pointer disappears and the screen begins to flash as the file is transmitted via the pixel colour values. At the end of the transfer, a file-save dialog appears on the receiver, and the file is saved.
  • Wed, 08 Nov 2017 23:52:22 +0000: Faraday 2.7 - Security Tool Files ≈ Packet Storm
    Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
  • Tue, 07 Nov 2017 16:20:23 +0000: Hashcat Advanced Password Recovery 4.0.1 Source Code - Security Tool Files ≈ Packet Storm
    Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the source code release.
  • Tue, 07 Nov 2017 16:20:17 +0000: Hashcat Advanced Password Recovery 4.1.0 Binary Release - Security Tool Files ≈ Packet Storm
    Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the binary release.

@Risk Exploits

ExploitDB