Latest Exploits / Tools

Latest Exploits

  • Mon, 20 Feb 2017 22:50:19 +0000: PHPShell 2.4 Cross Site Scripting - Exploit Files ≈ Packet Storm
    PHPShell version 2.4 suffers from a cross site scripting vulnerability.
  • Mon, 20 Feb 2017 22:49:23 +0000: PHPShell 2.4 Session Fixation - Exploit Files ≈ Packet Storm
    PHPShell version 2.4 suffers from a session fixation vulnerability.
  • Mon, 20 Feb 2017 22:48:08 +0000: Sawmill Enterprise 8.7.9 Authentication Bypass - Exploit Files ≈ Packet Storm
    Sawmill Enterprise version 8.7.9 suffers from a pass the hash authentication bypass vulnerability.
  • Sun, 19 Feb 2017 03:33:33 +0000: Joomla DJCatalog2 1.5 SQL Injection - Exploit Files ≈ Packet Storm
    Joomla DJCatalog2 component version 1.5 suffers from a remote SQL injection vulnerability.
  • Sun, 19 Feb 2017 02:22:22 +0000: Joomla Anief 1.5 SQL Injection - Exploit Files ≈ Packet Storm
    Joomla Anief component version 1.5 suffers from a remote SQL injection vulnerability .
  • Sat, 18 Feb 2017 15:56:32 +0000: Adobe Flash MP4 AMF Parsing Overflow - Exploit Files ≈ Packet Storm
    Adobe Flash suffers from an overflow vulnerability during MP4 AMF parsing.
  • Sat, 18 Feb 2017 15:55:48 +0000: Adobe Flash SWF Stack Corruption - Exploit Files ≈ Packet Storm
    Adobe Flash suffers from a stack corruption vulnerability using a fuzzed SWF file.
  • Sat, 18 Feb 2017 15:55:00 +0000: Adobe Flash YUVPlane Decoding Heap Overflow - Exploit Files ≈ Packet Storm
    Adobe Flash suffers from a heap overflow vulnerability during YUVPLane decoding.
  • Sat, 18 Feb 2017 15:53:54 +0000: Adobe Flash Bitmapfilter Use-After-Free - Exploit Files ≈ Packet Storm
    Adobe Flash suffers from a use-after-free vulnerability in applying bitmapfilter.
  • Sat, 18 Feb 2017 15:52:35 +0000: Google Chrome Download Filetype Blacklist Bypass - Exploit Files ≈ Packet Storm
    Google Chrome suffers from a bypass vulnerability in the download filetype blacklist functionality. Versions 54.0.2840.100 stable is affected.
  • Sat, 18 Feb 2017 15:50:02 +0000: GDI GDI32!ConvertDxArray Insufficient Bounds Check - Exploit Files ≈ Packet Storm
    GDI suffers from an insufficient bounds check on GDI32!ConvertDxArray.
  • Sat, 18 Feb 2017 15:48:12 +0000: Microsoft Office Powerpoint 2010 MSO/OART Heap Out-Of-Bounds Access - Exploit Files ≈ Packet Storm
    Microsoft Office 2010 running under Windows 7 x86 with Application Verifier enabled suffers from a heap out-of-bounds access issue that leads to a memory corruption condition.
  • Sat, 18 Feb 2017 15:46:31 +0000: Microsoft Office 2010 MSO!Ordinal5429 Heap Corruption - Exploit Files ≈ Packet Storm
    Microsoft Office 2010 running under Windows 7 x86 with Application Verifier enabled suffers from a heap corruption issue due to a missing length check.
  • Sat, 18 Feb 2017 15:42:16 +0000: Elefant CMS 1.3.12-RC Code Execution - Exploit Files ≈ Packet Storm
    Elefant CMS version 1.3.12-RC suffers from remote code execution vulnerabilities.
  • Sat, 18 Feb 2017 15:41:21 +0000: Plone 5.0.5 Cross Site Scripting - Exploit Files ≈ Packet Storm
    Plone version 5.0.5 suffers from a cross site scripting vulnerability.
  • Sat, 18 Feb 2017 15:21:41 +0000: Microsoft SQL Server Clr Stored Procedure Payload Execution - Exploit Files ≈ Packet Storm
    This Metasploit module executes an arbitrary native payload on a Microsoft SQL server by loading a custom SQL CLR Assembly into the target SQL installation, and calling it directly with a base64-encoded payload. The module requires working credentials in order to connect directly to the MSSQL Server. This method requires the user to have sufficient privileges to install a custom SQL CRL DLL, and invoke the custom stored procedure that comes with it. This exploit does not leave any binaries on disk. Tested on MS SQL Server versions: 2005, 2012, 2016 (all x64).
  • Fri, 17 Feb 2017 23:33:33 +0000: Elefant CMS 1.3.12-RC Cross Site Request Forgery - Exploit Files ≈ Packet Storm
    Elefant CMS version 1.3.12-RC suffers from multiple cross site request forgery vulnerabilities.
  • Fri, 17 Feb 2017 23:22:22 +0000: Simplessus Files 3.7.7 Path Traversal - Exploit Files ≈ Packet Storm
    Simplessus Files version 3.7.7 suffers from a path traversal vulnerability.
  • Fri, 17 Feb 2017 23:02:22 +0000: Elefant CMS 1.3.12-RC Cross Site Scripting - Exploit Files ≈ Packet Storm
    Elefant CMS version 1.3.12-RC suffers from multiple persistent cross site scripting vulnerabilities.
  • Fri, 17 Feb 2017 20:22:22 +0000: Simplessus Files 3.7.7 SQL Injection - Exploit Files ≈ Packet Storm
    Simplessus Files version 3.7.7 suffers from a remote SQL injection vulnerability.

Latest Tools

  • Sat, 18 Feb 2017 16:06:29 +0000: Suricata IDPE 3.2.1 - Security Tool Files ≈ Packet Storm
    Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.
  • Sat, 18 Feb 2017 16:04:41 +0000: Stegano 0.6.5 - Security Tool Files ≈ Packet Storm
    Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit (LSB) technique. It is possible to use a more advanced LSB method based on integers sets. The sets (Sieve of Eratosthenes, Fermat, Carmichael numbers, etc.) are used to select the pixels used to hide the information.
  • Sat, 18 Feb 2017 16:02:51 +0000: Lynis Auditing Tool 2.4.2 - Security Tool Files ≈ Packet Storm
    Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.
  • Sat, 18 Feb 2017 16:01:21 +0000: FireHOL 3.1.3 - Security Tool Files ≈ Packet Storm
    FireHOL a simple yet powerful way to configure stateful iptables firewalls. It can be used for almost any purpose, including control of any number of internal/external/virtual interfaces, control of any combination of routed traffic, setting up DMZ routers and servers, and all kinds of NAT. It provides strong protection (flooding, spoofing, etc.), transparent caches, source MAC verification, blacklists, whitelists, and more. Its goal is to be completely abstracted and powerful but also easy to use, audit, and understand.
  • Sat, 18 Feb 2017 15:46:31 +0000: AIEngine 1.7.0 - Security Tool Files ≈ Packet Storm
    AIEngine is a packet inspection engine with capabilities of learning without any human intervention. It helps network/security professionals to identify traffic and develop signatures for use them on NIDS, Firewalls, Traffic classifiers and so on.
  • Thu, 09 Feb 2017 17:19:31 +0000: Faraday 2.3.1 - Security Tool Files ≈ Packet Storm
    Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
  • Thu, 09 Feb 2017 17:11:27 +0000: Lynis Auditing Tool 2.4.1 - Security Tool Files ≈ Packet Storm
    Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.
  • Wed, 08 Feb 2017 23:02:22 +0000: FireHOL 3.1.2 - Security Tool Files ≈ Packet Storm
    FireHOL a simple yet powerful way to configure stateful iptables firewalls. It can be used for almost any purpose, including control of any number of internal/external/virtual interfaces, control of any combination of routed traffic, setting up DMZ routers and servers, and all kinds of NAT. It provides strong protection (flooding, spoofing, etc.), transparent caches, source MAC verification, blacklists, whitelists, and more. Its goal is to be completely abstracted and powerful but also easy to use, audit, and understand.
  • Wed, 08 Feb 2017 21:11:11 +0000: Stegano 0.6.4 - Security Tool Files ≈ Packet Storm
    Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit (LSB) technique. It is possible to use a more advanced LSB method based on integers sets. The sets (Sieve of Eratosthenes, Fermat, Carmichael numbers, etc.) are used to select the pixels used to hide the information.
  • Wed, 08 Feb 2017 20:22:22 +0000: Proxmark Iceman Fork 1.6.9 - Security Tool Files ≈ Packet Storm
    This is a custom firmware written for the proxmark3. It extends the currently available firmware (revision 2.3.0) to support brute force attacks against proximity card access control systems.
  • Thu, 02 Feb 2017 14:10:16 +0000: tcpdump 4.9.0 - Security Tool Files ≈ Packet Storm
    tcpdump allows you to dump the traffic on a network. It can be used to print out the headers and/or contents of packets on a network interface that matches a given expression. You can use this tool to track down network problems, to detect many attacks, or to monitor the network activities.
  • Wed, 01 Feb 2017 01:34:16 +0000: Mobius Forensic Toolkit 0.5.27 - Security Tool Files ≈ Packet Storm
    Mobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files for easy integration with other tools.
  • Wed, 01 Feb 2017 01:12:00 +0000: Stegano 0.6.3 - Security Tool Files ≈ Packet Storm
    Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit (LSB) technique. It is possible to use a more advanced LSB method based on integers sets. The sets (Sieve of Eratosthenes, Fermat, Carmichael numbers, etc.) are used to select the pixels used to hide the information.
  • Wed, 01 Feb 2017 01:09:16 +0000: Packet Fence 6.5.0 - Security Tool Files ≈ Packet Storm
    PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
  • Tue, 31 Jan 2017 17:23:59 +0000: Hydra Network Logon Cracker 8.4 - Security Tool Files ≈ Packet Storm
    THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.
  • Tue, 31 Jan 2017 17:15:12 +0000: WP Easy Full Backup Brute Forcer - Security Tool Files ≈ Packet Storm
    This is a database download brute forcing script that is written for the WordPress WP Easy Full Backup plugin.
  • Tue, 31 Jan 2017 01:30:56 +0000: Proxmark Iceman Fork 1.6.8 - Security Tool Files ≈ Packet Storm
    This is a custom firmware written for the proxmark3. It extends the currently available firmware (revision 2.3.0) to support brute force attacks against proximity card access control systems.
  • Tue, 31 Jan 2017 01:30:00 +0000: Faraday 2.3.0 - Security Tool Files ≈ Packet Storm
    Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
  • Thu, 26 Jan 2017 15:21:19 +0000: OpenSSL Toolkit 1.0.2k - Security Tool Files ≈ Packet Storm
    OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.
  • Thu, 26 Jan 2017 14:44:44 +0000: Mandos Encrypted File System Unattended Reboot Utility 1.7.14 - Security Tool Files ≈ Packet Storm
    The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.

@Risk Exploits

ExploitDB