Latest Exploits / Tools

Latest Exploits

  • Sun, 01 May 2016 16:11:24 +0000: Wireshark ett_zbee_zcl_pwr_prof_enphases Out-Of-Bounds Read - Exploit Files ≈ Packet Storm
    Multiple crashes exist in the ASAN build of Wireshark due to a static out-of-bounds memory read while accessing ett_zbee_zcl_pwr_prof_enphases.
  • Sun, 01 May 2016 16:10:23 +0000: Wireshark alloc_address_wmem Assertion Failure - Exploit Files ≈ Packet Storm
    An assertion failure has been discovered in alloc_address_wmem in the ASAN build of Wireshark.
  • Sun, 01 May 2016 16:08:44 +0000: Wireshark dissect_2008_16_security_4 Buffer Overflow - Exploit Files ≈ Packet Storm
    The included proof of concept causes a crash due to a stack-based buffer overflow in Wireshark in dissect_2008_16_security_4.
  • Sun, 01 May 2016 16:04:52 +0000: Packet Storm New Exploits For April, 2016 - Exploit Files ≈ Packet Storm
    This archive contains all of the 144 exploits added to Packet Storm in April, 2016.
  • Sat, 30 Apr 2016 07:49:01 +0000: Observium 0.16.7533 Code Execution / Cross Site Request Forgery - Exploit Files ≈ Packet Storm
    Observium version 0.16.7533 suffers from code execution and cross site request forgery vulnerabilities.
  • Sat, 30 Apr 2016 07:20:00 +0000: Observium 0.16.7533 Cross Site Request Forgery - Exploit Files ≈ Packet Storm
    Observium version 0.16.7533 suffers from a cross site request forgery vulnerability.
  • Sat, 30 Apr 2016 04:06:34 +0000: Apache Struts 2.3.28 Dynamic Method Invocation Remote Code Execution - Exploit Files ≈ Packet Storm
    This Metasploit module exploits a remote command execution vulnerability in Apache Struts version between 2.3.20 and 2.3.28 (except 2.3.20.2 and 2.3.24.2). Remote Code Execution can be performed via method: prefix when Dynamic Method Invocation is enabled.
  • Fri, 29 Apr 2016 14:26:38 +0000: GLPI 0.90.2 SQL Injection - Exploit Files ≈ Packet Storm
    GLPI version 0.90.2 suffers from a remote SQL injection vulnerability.
  • Fri, 29 Apr 2016 14:21:01 +0000: Mozilla Firefox / Thunderbird DLL Hijacking - Exploit Files ≈ Packet Storm
    Mozilla continues to ship Firefox and Thunderbird for Windows with a vulnerable executable installer.
  • Fri, 29 Apr 2016 02:22:22 +0000: WordPress Truemag Theme Cross Site Scripting - Exploit Files ≈ Packet Storm
    WordPress Truemag theme from 2016 Q2 suffers from a cross site scripting vulnerability.
  • Thu, 28 Apr 2016 15:49:21 +0000: PHP 7.x Heap Overflow - Exploit Files ≈ Packet Storm
    An integer wrap may occur in PHP 7.x before version 7.0.6 when reading zip files with the getFromIndex() and getFromName() methods of ZipArchive, resulting in a heap overflow. Full exploit included.
  • Thu, 28 Apr 2016 12:22:22 +0000: Microsoft Windows Kernel win32k.sys TTF Processing Pool Corruption - Exploit Files ≈ Packet Storm
    A Microsoft Windows kernel crash exists in the win32k.sys driver while processing a corrupted TTF font file.
  • Thu, 28 Apr 2016 12:12:12 +0000: Android Service Manager One Way Binder Transaction Crash - Exploit Files ≈ Packet Storm
    If an application sends a one way binder transaction the service tries to send a reply which fails. This causes the service manager to exit its binder loop and the process dies causing the system to reboot. Tested on Android version 6.0.1 February patches.
  • Wed, 27 Apr 2016 17:33:33 +0000: Mach Race OS X Local Privilege Escalation - Exploit Files ≈ Packet Storm
    This is a SUID, SIP, and binary entitlements universal OS X local privilege escalation exploit.
  • Wed, 27 Apr 2016 16:22:22 +0000: EMC ViPR SRM Cross Site Request Forgery - Exploit Files ≈ Packet Storm
    EMC ViPR SRM versions prior to 3.7 suffer from a cross site request forgery vulnerability.
  • Wed, 27 Apr 2016 15:55:55 +0000: AWS CAPTCHA Bypass - Exploit Files ≈ Packet Storm
    AWS appears to suffer from a CAPTCHA bypass vulnerability.
  • Wed, 27 Apr 2016 15:02:22 +0000: Voo Branded Netgear CG3700b Firmware CSRF / Authentication - Exploit Files ≈ Packet Storm
    Voo branded Netgear CG3700b custom firmware version 2.02.03 suffers from cross site request forgery and insufficient authentication vulnerabilities.
  • Wed, 27 Apr 2016 14:55:22 +0000: Microsoft Windows CSRSS Privilege Escalation - Exploit Files ≈ Packet Storm
    The CSRSS BaseSrv RPC call BaseSrvCheckVDM allows you to create a new process with the anonymous token, which results on a new process in session 0 which can be abused to elevate privileges.
  • Wed, 27 Apr 2016 14:04:44 +0000: RomPager 4.34 Authentication Bypass - Exploit Files ≈ Packet Storm
    RomPager versions 4.34 and below router authentication remover exploit.
  • Wed, 27 Apr 2016 13:33:33 +0000: Sophos XG Firewall (SF01V) Cross Site Scripting - Exploit Files ≈ Packet Storm
    Sophos XG Firewall (SF01V) suffers from a cross site scripting vulnerability.

Latest Tools

  • Sat, 30 Apr 2016 06:42:51 +0000: Packet Fence 6.0.1 - Security Tool Files ≈ Packet Storm
    PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
  • Thu, 28 Apr 2016 13:02:22 +0000: Packet Fence 6.0.0 - Security Tool Files ≈ Packet Storm
    PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
  • Wed, 27 Apr 2016 13:44:44 +0000: Logwatch 7.4.3 - Security Tool Files ≈ Packet Storm
    Logwatch analyzes and reports on unix system logs. It is a customizable and pluggable log monitoring system which will go through the logs for a given period of time and make a customizable report. It should work right out of the package on most systems.
  • Tue, 26 Apr 2016 12:52:22 +0000: Pcapteller 1.1 - Security Tool Files ≈ Packet Storm
    Pcapteller is a tool designed for simple traffic manipulation and replay. The tool allows you to recreate a recorded network traffic scenario that occurred in a foreign network, as it really happened in yours. Basically, the tool reads network packets from a PCAP file, and it replaces a given IP address with one that fits your needs. Afterwards, the manipulated packets are injected into the network. The tool is useful if you want to recreate scenarios where computer attacks or malware infections occurred. Using such scenarios as a base, Pcapteller will make it look like everything is really happening in your network. Pcapteller can help you improving your blue team's network security monitoring skills, or creating network decoys during red team operations.
  • Tue, 26 Apr 2016 12:52:14 +0000: Ansvif 1.4.1 - Security Tool Files ≈ Packet Storm
    Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.
  • Tue, 26 Apr 2016 12:35:36 +0000: Stegano 0.5.1 - Security Tool Files ≈ Packet Storm
    Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit (LSB) technique. It is possible to use a more advanced LSB method based on integers sets. The sets (Sieve of Eratosthenes, Fermat, Carmichael numbers, etc.) are used to select the pixels used to hide the information.
  • Sat, 23 Apr 2016 01:11:11 +0000: pyJoiner Exe Joiner - Security Tool Files ≈ Packet Storm
    Simple python script to combine two executables.
  • Fri, 22 Apr 2016 23:56:56 +0000: Wireshark Analyzer 2.0.3 - Security Tool Files ≈ Packet Storm
    Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.
  • Fri, 22 Apr 2016 05:22:13 +0000: Pcapteller 1.0 - Security Tool Files ≈ Packet Storm
    Pcapteller is a tool designed for simple traffic manipulation and replay. The tool allows you to recreate a recorded network traffic scenario that occurred in a foreign network, as it really happened in yours. Basically, the tool reads network packets from a PCAP file, and it replaces a given IP address with one that fits your needs. Afterwards, the manipulated packets are injected into the network. The tool is useful if you want to recreate scenarios where computer attacks or malware infections occurred. Using such scenarios as a base, Pcapteller will make it look like everything is really happening in your network. Pcapteller can help you improving your blue team's network security monitoring skills, or creating network decoys during red team operations.
  • Fri, 22 Apr 2016 03:22:22 +0000: Linux/x86 Bind Shell Shellcode Generator - Security Tool Files ≈ Packet Storm
    This python script generates bind shell shellcode for Linux x64.
  • Thu, 21 Apr 2016 03:33:33 +0000: Shellsploit Framework Beta 0.2 - Security Tool Files ≈ Packet Storm
    Shellsploit lets you generate customized shellcodes, backdoors, and injectors for various operating systems. It also has obfuscation abilities.
  • Tue, 19 Apr 2016 19:33:33 +0000: Samhain File Integrity Checker 4.1.3 - Security Tool Files ≈ Packet Storm
    Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
  • Mon, 18 Apr 2016 11:11:11 +0000: Ansvif 1.4 - Security Tool Files ≈ Packet Storm
    Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.
  • Mon, 18 Apr 2016 04:44:44 +0000: conntrack-tools Bash Completion 1.0 - Security Tool Files ≈ Packet Storm
    This is bash programmable completion for the conntrack-tools from netfilter.org. The package contains completions for conntrack, conntrackd, and nfct.
  • Mon, 18 Apr 2016 03:33:33 +0000: nfacct Bash Completion 1.1 - Security Tool Files ≈ Packet Storm
    This is bash programmable completion for the netfilter.org accounting tool nfacct.
  • Sun, 17 Apr 2016 11:11:11 +0000: IPSet List 3.6 - Security Tool Files ≈ Packet Storm
    ipset_list is a wrapper script written in bash for listing sets of the netfilter ipset program. It allows you to match and display sets, headers, and elements in various ways. The output can optionally be colorized. An interactive mode allows to select the query options in a wizard based manner.
  • Mon, 11 Apr 2016 16:14:17 +0000: Tinc Virtual Private Network Daemon 1.0.28 - Security Tool Files ≈ Packet Storm
    tinc is a Virtual Private Network (VPN) daemon that uses tunneling and encryption to create a secure private network between multiple hosts on the Internet. This tunneling allows VPN sites to share information with each other over the Internet without exposing any information.
  • Mon, 11 Apr 2016 16:04:38 +0000: SnappingTurtle Web Exploitation Tool 0.1.0411.1609 - Security Tool Files ≈ Packet Storm
    Exploit web applications with SnappingTurtle, a cross-platform tool written in Aphid and compiled into Python. SnappingTurtle can exploit SQL injection, arbitrary upload, local file inclusion, and cross-site scripting.
  • Mon, 11 Apr 2016 13:33:33 +0000: DAVOSET 1.2.8 - Security Tool Files ≈ Packet Storm
    DAVOSET is a tool for committing distributed denial of service attacks using execution on other sites.
  • Thu, 07 Apr 2016 01:25:24 +0000: Faraday 1.0.18 - Security Tool Files ≈ Packet Storm
    Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.

@Risk Exploits

  • : SANSFIRE 2011 - @RISK: The Consensus Security Alert
    SANSFIRE 2011

ExploitDB