Latest Exploits / Tools

Latest Exploits

  • Fri, 21 Nov 2014 19:03:05 +0000: Privacyware Privatefirewall 7.0 Privilege Escalation - Exploit Files ≈ Packet Storm
    Privacyware Privatefirewall version 7.0 suffers from an unquoted search path issue impacting the Core Service 'PFNet' service for Windows deployed as part of Privatefirewall bundle. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user's code would execute with the elevated privileges of the application.
  • Fri, 21 Nov 2014 19:01:21 +0000: Netgear Wireless Router WNR500 Local File Inclusion - Exploit Files ≈ Packet Storm
    The Netgear Wireless Router WNR500 suffers from an authenticated file inclusion vulnerability (LFI) when input passed thru the 'getpage' parameter to 'webproc' script is not properly verified before being used to include files. This can be exploited to include files from local resources with directory traversal attacks.
  • Fri, 21 Nov 2014 18:51:55 +0000: Supr Shopsystem 5.1.0 Cross Site Scripting - Exploit Files ≈ Packet Storm
    Supr Shopsystem version 5.1.0 suffers from a persistent cross site scripting vulnerability.
  • Fri, 21 Nov 2014 18:50:56 +0000: WordPress SP Client Document Manager 2.4.1 SQL Injection - Exploit Files ≈ Packet Storm
    WordPress SP Client Document Manager plugin version 2.4.1 suffers from multiple remote SQL injection vulnerabilities.
  • Fri, 21 Nov 2014 18:49:20 +0000: Booking.com Open Redirect - Exploit Files ≈ Packet Storm
    Booking.com suffers from an open redirection vulnerability.
  • Fri, 21 Nov 2014 01:07:36 +0000: Zenario CMS 7.0.2d Cross Site Scripting / Open Redirect - Exploit Files ≈ Packet Storm
    Zenario CMS version 7.0.2d suffers from cross site scripting and open redirection vulnerabilities.
  • Fri, 21 Nov 2014 00:00:22 +0000: Microsoft Internet Explorer OLE Pre-IE11 Code Execution - Exploit Files ≈ Packet Storm
    Microsoft Internet Explorer OLE Pre-IE11 automation array remote code execution / powershell VirtualAlloc MS14-064 exploit.
  • Fri, 21 Nov 2014 00:00:21 +0000: Advertisement: SolarWinds Log & Event Manager - Exploit Files ≈ Packet Storm
    Need root-cause analysis, log management, and compliance monitoring? SolarWinds(r) LEM is smart security for any IT pro. Download a free trial
  • Thu, 20 Nov 2014 16:39:26 +0000: Hikvision DVR RTSP Request Remote Code Execution - Exploit Files ≈ Packet Storm
    This Metasploit module exploits a buffer overflow in the RTSP request parsing code of Hikvision DVR appliances. The Hikvision DVR devices record video feeds of surveillance cameras and offer remote administration and playback of recorded footage. The vulnerability is present in several models / firmware versions but due to the available test device this module only supports the DS-7204 model.
  • Thu, 20 Nov 2014 16:29:34 +0000: Advantech EKI-6340 2.05 Command Injection - Exploit Files ≈ Packet Storm
    Advantech EKI-6340 series is vulnerable to an OS command injection, which can be exploited by remote attackers to execute arbitrary code and commands, by using a non privileged user against a vulnerable CGI file.
  • Thu, 20 Nov 2014 16:21:04 +0000: WordPress CM Download Manager 2.0.0 Code Injection - Exploit Files ≈ Packet Storm
    WordPress CM Download Manager plugin versions 2.0.0 and below suffer from a code injection vulnerability.
  • Thu, 20 Nov 2014 16:04:44 +0000: PHP 5.5.12 Locale::parseLocale Double Free Memory Corruption - Exploit Files ≈ Packet Storm
    PHP version 5.5.12 suffers from a memory corruption vulnerability that could potentially be exploited to achieve remote code execution. The vulnerability exists due to inconsistent behavior in the get_icu_value_internal function of ext\intl\locale\locale_methods.c. In most cases, get_icu_value_internal allocates memory that the caller is expected to free. However, if the first argument, loc_name, satisfies the conditions specified by the isIDPrefix macro (figure 1), and fromParseLocal is true, loc_name itself is returned. If a caller abides by contract and frees the return value of such a call, then the pointer passed via loc_name is freed again elsewhere, a double free occurs.
  • Thu, 20 Nov 2014 13:02:22 +0000: Paid Memberships Pro 1.7.14.2 Path Traversal - Exploit Files ≈ Packet Storm
    Paid Memberships Pro version 1.7.14.2 suffers from a path traversal vulnerability.
  • Thu, 20 Nov 2014 12:32:22 +0000: Exploiting Sudo's Grace Period - Exploit Files ≈ Packet Storm
    Whitepaper called Exploiting sudo's grace period. This paper goes into detail on how to leverage sudo's grace period against a user in order to escalate privileges once basic access is achieved on their account.
  • Wed, 19 Nov 2014 16:45:02 +0000: Dolibarr ERP And CRM 3.5.3 SQL Injection - Exploit Files ≈ Packet Storm
    Dolibarr ERP and CRM version 3.5.3 suffers from multiple remote SQL injection vulnerabilities.
  • Wed, 19 Nov 2014 16:41:34 +0000: Compaq/Hewlett Packard Glance 11.00 Privilege Escalation - Exploit Files ≈ Packet Storm
    It has been identified that binaries that are executed with elevated privileges (SetGID and SetUID programs) in Compaq/HP's Glance for Linux have been compiled in manner that means they searched for libraries in insecure locations. Versions 11.00 and below are affected.
  • Wed, 19 Nov 2014 16:39:06 +0000: IO Slaves KDE Insufficient Input Validation - Exploit Files ≈ Packet Storm
    It was discovered that a number of the protocol handlers (referred to as IO slaves) did not satisfactorily handle malicious input. It is possible for an attacker to inject JavaScript by manipulating IO slave URI such that the JavaScript from the manipulated request is returned in the response.
  • Wed, 19 Nov 2014 16:27:49 +0000: Joomla Simple Email Form 1.8.5 Cross Site Scripting - Exploit Files ≈ Packet Storm
    Joomla Simple Email Form version 1.8.5 suffers from a cross site scripting vulnerability.
  • Wed, 19 Nov 2014 16:22:57 +0000: Android Privilege Escalation - Exploit Files ≈ Packet Storm
    In Android versions prior to 5.0, java.io.ObjectInputStream did not check whether the Object that is being deserialized is actually serializable. This means that when ObjectInputStream is used on untrusted inputs, an attacker can cause an instance of any class with a non-private parameterless constructor to be created. All fields of that instance can be set to arbitrary values. The malicious object will then typically either be ignored or cast to a type to which it doesn't fit, implying that no methods will be called on it and no data from it will be used. However, when it is collected by the GC, the GC will call the object's finalize method. Proof of concept code included.
  • Wed, 19 Nov 2014 01:41:37 +0000: ExploitRemotingService .NET Tool - Exploit Files ≈ Packet Storm
    This is a tool to exploit .NET Remoting Services vulnerable to CVE-2014-1806 or CVE-2014-4149. It only works on Windows although some aspects might work in Mono on *nix.

Latest Tools

  • Wed, 19 Nov 2014 16:56:59 +0000: Capstone 3.0 - Security Tool Files ≈ Packet Storm
    Capstone is a multi-architecture, multi-platform disassembly framework. It has a simple and lightweight architecture-neutral API, thread-safe by design, provides details on disassembled instruction, and more.
  • Wed, 19 Nov 2014 16:56:59 +0000: Clam AntiVirus Toolkit 0.98.5 - Security Tool Files ≈ Packet Storm
    Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.
  • Tue, 18 Nov 2014 11:11:11 +0000: DAVOSET 1.2.3 - Security Tool Files ≈ Packet Storm
    DAVOSET is a tool for committing distributed denial of service attacks using execution on other sites.
  • Tue, 18 Nov 2014 00:02:53 +0000: Fwknop Port Knocking Utility 2.6.4 - Security Tool Files ≈ Packet Storm
    fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap.
  • Mon, 10 Nov 2014 18:14:56 +0000: Packet Fence 4.5.1 - Security Tool Files ≈ Packet Storm
    PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
  • Fri, 07 Nov 2014 14:44:44 +0000: Hesperbot Detection Scanner 1.0 - Security Tool Files ≈ Packet Storm
    Hesperbot Scanner is a windows binary that is able to detect the Hesperbot banking trojan by fingerprinting memory and looking for things that traditional antivirus software fails to catch early during the malware campaigns.
  • Thu, 06 Nov 2014 03:33:33 +0000: DAVOSET 1.2.2 - Security Tool Files ≈ Packet Storm
    DAVOSET is a tool for committing distributed denial of service attacks using execution on other sites.
  • Thu, 06 Nov 2014 03:33:32 +0000: Advertisement: SolarWinds Log & Event Manager - Security Tool Files ≈ Packet Storm
    Need root-cause analysis, log management, and compliance monitoring? SolarWinds(r) LEM is smart security for any IT pro. Download a free trial
  • Wed, 05 Nov 2014 23:36:17 +0000: ROP Gadget Tool 5.3 - Security Tool Files ≈ Packet Storm
    This tool lets you search your gadgets on your binaries (ELF format) to facilitate your ROP exploitation. The gadgets are found on executable segments.
  • Wed, 05 Nov 2014 03:41:45 +0000: Web-Based Firewall Logging Tool 1.01 - Security Tool Files ≈ Packet Storm
    Webfwlog is a Web-based firewall log reporting and analysis tool. It allows users to design reports to use on logged firewall data in whatever configuration they desire. Included are sample reports as a starting point. Reports can be sorted with a single click, or "drilled-down" all the way to the packet level, and saved for later use. Supported log formats are netfilter, ipfilter, ipfw, ipchains, and Windows XP. Netfilter support includes ulogd MySQL or PostgreSQL database logs using the iptables ULOG target.
  • Wed, 05 Nov 2014 03:29:29 +0000: Lynis Auditing Tool 1.6.4 - Security Tool Files ≈ Packet Storm
    Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.
  • Tue, 04 Nov 2014 00:23:27 +0000: SSLsplit 0.4.9 - Security Tool Files ≈ Packet Storm
    SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. Connections are transparently intercepted through a network address translation engine and redirected to SSLsplit. SSLsplit terminates SSL/TLS and initiates a new SSL/TLS connection to the original destination address, while logging all data transmitted. SSLsplit is intended to be useful for network forensics and penetration testing.
  • Tue, 04 Nov 2014 00:20:21 +0000: I2P 0.9.16 - Security Tool Files ≈ Packet Storm
    I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.
  • Tue, 04 Nov 2014 00:16:27 +0000: Samhain File Integrity Checker 3.1.3 - Security Tool Files ≈ Packet Storm
    Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
  • Sun, 02 Nov 2014 15:44:44 +0000: Xingyiquan Linux 2.6.x / 3.x Rootkit - Security Tool Files ≈ Packet Storm
    Xingyiquan rootkit for Linux kernel versions 2.6.x and 3.x. It hides processes, files, directories, processes, network connections, adds backdoors, and more.
  • Tue, 28 Oct 2014 10:11:11 +0000: DAVOSET 1.2.1 - Security Tool Files ≈ Packet Storm
    DAVOSET is a tool for committing distributed denial of service attacks using execution on other sites.
  • Mon, 27 Oct 2014 23:02:22 +0000: FireHOL 2.0.0 - Security Tool Files ≈ Packet Storm
    FireHOL a simple yet powerful way to configure stateful iptables firewalls. It can be used for almost any purpose, including control of any number of internal/external/virtual interfaces, control of any combination of routed traffic, setting up DMZ routers and servers, and all kinds of NAT. It provides strong protection (flooding, spoofing, etc.), transparent caches, source MAC verification, blacklists, whitelists, and more. Its goal is to be completely abstracted and powerful but also easy to use, audit, and understand.
  • Fri, 24 Oct 2014 20:52:22 +0000: TOR Virtual Network Tunneling Tool 0.2.5.10 - Security Tool Files ≈ Packet Storm
    Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
  • Thu, 23 Oct 2014 23:12:18 +0000: Tor-ramdisk i686 UClibc-based Linux Distribution x86_64 20141022 - Security Tool Files ≈ Packet Storm
    Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86_64 version.
  • Thu, 23 Oct 2014 22:55:34 +0000: Tor-ramdisk i686 UClibc-based Linux Distribution x86 20141022 - Security Tool Files ≈ Packet Storm
    Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86 version.

@Risk Exploits

  • : SANSFIRE 2011 - @RISK: The Consensus Security Alert
    SANSFIRE 2011

ExploitDB