Latest Exploits / Tools

Latest Exploits

  • Thu, 30 Oct 2014 22:22:56 +0000: F5 Big-IP 11.3.0.39.0 XML External Entity Injection #2 - Exploit Files ≈ Packet Storm
    F5 Big-IP version 11.3.0.39.0 suffers from an XML external entity injection vulnerability.
  • Thu, 30 Oct 2014 22:15:11 +0000: F5 Big-IP 11.3.0.39.0 XML External Entity Injection #1 - Exploit Files ≈ Packet Storm
    F5 Big-IP version 11.3.0.39.0 suffers from an XML external entity injection vulnerability.
  • Thu, 30 Oct 2014 20:23:22 +0000: MAARCH 1.4 Arbitrary File Upload - Exploit Files ≈ Packet Storm
    MAARCH version 1.4 suffers from a remote shell upload vulnerability.
  • Thu, 30 Oct 2014 20:23:21 +0000: MAARCH 1.4 SQL Injection - Exploit Files ≈ Packet Storm
    MAARCH version 1.4 suffers from a remote SQL injection vulnerability.
  • Thu, 30 Oct 2014 18:32:32 +0000: IBM Tivoli Monitoring 6.2.2 kbbacf1 Privilege Escalation - Exploit Files ≈ Packet Storm
    IBM Tivoli Monitoring version 6.2.2 kbbacf1 privilege escalation exploit.
  • Thu, 30 Oct 2014 10:44:44 +0000: Konke Smart Plug Authentication Bypass - Exploit Files ≈ Packet Storm
    Konke Smart Plug suffers from an authentication bypass vulnerability.
  • Wed, 29 Oct 2014 23:02:22 +0000: EspoCRM 2.5.2 XSS / LFI / Access Control - Exploit Files ≈ Packet Storm
    EspoCRM version 2.5.2 suffers from cross site scripting, local file inclusion, and improper access control vulnerabilities.
  • Wed, 29 Oct 2014 23:02:22 +0000: Confluence RefinedWiki Original Theme Cross Site Scripting - Exploit Files ≈ Packet Storm
    Confluence RefinedWiki Original Theme versions 3.x through 4.0.x suffer from a persistent cross site scripting vulnerability.
  • Wed, 29 Oct 2014 20:32:22 +0000: Joomla RD Download SQL Injection - Exploit Files ≈ Packet Storm
    Joomla RD Download component suffers from a remote SQL injection vulnerability.
  • Wed, 29 Oct 2014 14:43:33 +0000: Nuevolabs Nuevoplayer For Clipshare SQL Injection - Exploit Files ≈ Packet Storm
    Nuevolabs Nuevoplayer for Clipshare suffer from privilege escalation and remote SQL injection vulnerabilities.
  • Tue, 28 Oct 2014 18:28:30 +0000: CUPS Filter Bash Environment Variable Code Injection - Exploit Files ≈ Packet Storm
    This Metasploit module exploits a post-auth code injection in specially crafted environment variables in Bash, specifically targeting CUPS filters through the PRINTER_INFO and PRINTER_LOCATION variables by default.
  • Tue, 28 Oct 2014 18:24:49 +0000: Tuleap 7.4.99.5 Remote Command Execution - Exploit Files ≈ Packet Storm
    Enalean Tuleap versions 7.4.99.5 and below suffer from a remote command execution vulnerability.
  • Tue, 28 Oct 2014 18:23:05 +0000: Tuleap 7.2 XXE Injection - Exploit Files ≈ Packet Storm
    Enalean Tuleap versions 7.2 and below suffer from an external XML entity injection vulnerability.
  • Tue, 28 Oct 2014 18:21:41 +0000: Tuleap 7.4.99.5 Blind SQL Injection - Exploit Files ≈ Packet Storm
    Enalean Tuleap versions 7.4.99.5 and below suffer from a remote, authenticated blind SQL injection vulnerability.
  • Tue, 28 Oct 2014 18:05:13 +0000: Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 (.wax) Buffer Overflow - Exploit Files ≈ Packet Storm
    Mini-stream RM-MP3 Converter version 3.1.2.1.2010.03.30 suffers from a buffer overflow vulnerability when handling .wax files.
  • Tue, 28 Oct 2014 17:11:22 +0000: ESTsoft ALUpdate 8.5.1.0.0 Privilege Escalation - Exploit Files ≈ Packet Storm
    ESTsoft ALUpdate version 8.5.1.0.0 suffers from a privilege escalation vulnerability.
  • Tue, 28 Oct 2014 01:03:29 +0000: Windows TrackPopupMenu Win32k NULL Pointer Dereference - Exploit Files ≈ Packet Storm
    This Metasploit module exploits a NULL Pointer Dereference in win32k.sys, the vulnerability can be triggered through the use of TrackPopupMenu. Under special conditions, the NULL pointer dereference can be abused on xxxSendMessageTimeout to achieve arbitrary code execution. This Metasploit module has been tested successfully on Windows XP SP3, Windows 2003 SP2, Windows 7 SP1 and Windows 2008 32bits. Also on Windows 7 SP1 and Windows 2008 R2 SP1 64 bits.
  • Tue, 28 Oct 2014 00:59:24 +0000: CBN CH6640E/CG6640E Wireless Gateway XSS / CSRF / DoS / Disclosure - Exploit Files ≈ Packet Storm
    The CBN CH6640E/CG6640E wireless gateway series suffers from information disclosure, cross site request forgery, cross site scripting, and denial of service vulnerabilities.
  • Mon, 27 Oct 2014 17:22:22 +0000: Google Youtube Filter Bypass / Cross Site Scripting - Exploit Files ≈ Packet Storm
    Google Youtube suffered from filter bypass and persistent cross site scripting vulnerabilities.
  • Mon, 27 Oct 2014 14:44:44 +0000: Folder Plus 2.5.1 Script Injection - Exploit Files ≈ Packet Storm
    Folder Plus version 2.5.1 suffers from a persistent script insertion vulnerability.

Latest Tools

  • Tue, 28 Oct 2014 10:11:11 +0000: DAVOSET 1.2.1 - Security Tool Files ≈ Packet Storm
    DAVOSET is a tool for committing distributed denial of service attacks using execution on other sites.
  • Mon, 27 Oct 2014 23:02:22 +0000: FireHOL 2.0.0 - Security Tool Files ≈ Packet Storm
    FireHOL a simple yet powerful way to configure stateful iptables firewalls. It can be used for almost any purpose, including control of any number of internal/external/virtual interfaces, control of any combination of routed traffic, setting up DMZ routers and servers, and all kinds of NAT. It provides strong protection (flooding, spoofing, etc.), transparent caches, source MAC verification, blacklists, whitelists, and more. Its goal is to be completely abstracted and powerful but also easy to use, audit, and understand.
  • Fri, 24 Oct 2014 20:52:22 +0000: TOR Virtual Network Tunneling Tool 0.2.5.10 - Security Tool Files ≈ Packet Storm
    Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
  • Thu, 23 Oct 2014 23:12:18 +0000: Tor-ramdisk i686 UClibc-based Linux Distribution x86_64 20141022 - Security Tool Files ≈ Packet Storm
    Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86_64 version.
  • Thu, 23 Oct 2014 22:55:34 +0000: Tor-ramdisk i686 UClibc-based Linux Distribution x86 20141022 - Security Tool Files ≈ Packet Storm
    Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86 version.
  • Thu, 23 Oct 2014 11:11:11 +0000: OpenSSL 6.7p1 bl0wsshd00r67p1 Backdoor - Security Tool Files ≈ Packet Storm
    bl0wsshd00r backdoors OpenSSH 6.7p1 with a magic password for any user, sniffs and records traffic, and mitigates logging to lastlog/wtmp/utmp.
  • Wed, 22 Oct 2014 20:08:35 +0000: Packet Fence 4.5.0 - Security Tool Files ≈ Packet Storm
    PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
  • Tue, 21 Oct 2014 21:57:08 +0000: TOR Virtual Network Tunneling Tool 0.2.4.25 - Security Tool Files ≈ Packet Storm
    Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
  • Mon, 20 Oct 2014 18:32:22 +0000: AIEngine 0.10 - Security Tool Files ≈ Packet Storm
    AIEngine is a packet inspection engine with capabilities of learning without any human intervention. It helps network/security professionals to identify traffic and develop signatures for use them on NIDS, Firewalls, Traffic classifiers and so on.
  • Thu, 16 Oct 2014 08:22:22 +0000: WordPress Brute Forcer - Security Tool Files ≈ Packet Storm
    This is a python script that performs brute forcing against WordPress installs using a wordlist.
  • Wed, 15 Oct 2014 23:27:58 +0000: OpenSSL Toolkit 1.0.1j - Security Tool Files ≈ Packet Storm
    OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.
  • Wed, 15 Oct 2014 08:37:21 +0000: Lynis Auditing Tool 1.6.3 - Security Tool Files ≈ Packet Storm
    Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.
  • Tue, 07 Oct 2014 23:53:12 +0000: Mobius Forensic Toolkit 0.5.21 - Security Tool Files ≈ Packet Storm
    Mobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files for easy integration with other tools.
  • Tue, 07 Oct 2014 23:48:19 +0000: OpenSSH 6.7p1 - Security Tool Files ≈ Packet Storm
    This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.
  • Mon, 06 Oct 2014 23:05:12 +0000: Mandos Encrypted File System Unattended Reboot Utility 1.6.9 - Security Tool Files ≈ Packet Storm
    The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.
  • Fri, 03 Oct 2014 01:26:31 +0000: oclHashcat For NVidia 1.31 - Security Tool Files ≈ Packet Storm
    oclHashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. NVidia version.
  • Fri, 03 Oct 2014 01:17:40 +0000: oclHashcat For AMD 1.31 - Security Tool Files ≈ Packet Storm
    oclHashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. AMD version.
  • Thu, 02 Oct 2014 00:36:34 +0000: Chatroom Client / Server With AES Encryption Support - Security Tool Files ≈ Packet Storm
    This is a chat system composed of a TCP/IP server daemon in C and its corresponding java client. You can chat with other peers in clear text or AES password based encryption on your own computer network. The AES password encryption and decryption functions is based on 128 bit key which is padded using SHA-256 applied to the provided password. Further details with instructions in README file.
  • Sat, 27 Sep 2014 16:59:52 +0000: Tor-ramdisk i686 UClibc-based Linux Distribution x86 20140925 - Security Tool Files ≈ Packet Storm
    Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86_64 version.
  • Fri, 26 Sep 2014 12:23:22 +0000: Hakabana 0.2.1 - Security Tool Files ≈ Packet Storm
    Hakabana is an open source monitoring tool that helps you visualize network traffic using Haka and Kibana.

@Risk Exploits

  • : SANSFIRE 2011 - @RISK: The Consensus Security Alert
    SANSFIRE 2011

ExploitDB