Fri, 06 Dec 2019 23:22:22 +0000: OkayCMS 2.3.4 Remote Code Execution - Exploit Files ≈ Packet Storm OkayCMS versions 2.3.4 and below suffer from remote code execution vulnerability.
Fri, 06 Dec 2019 23:02:22 +0000: SiteVision 4.x / 5.x Remote Code Execution - Exploit Files ≈ Packet Storm SiteVision suffers from an issue where attackers may execute arbitrary code as root on the target server after gaining access to a low-privilege account. All versions of SiteVision 4 until 4.5.6 and all versions of SiteVision 5 until 5.1.1 are vulnerable.
Fri, 06 Dec 2019 22:22:22 +0000: SiteVision 4.x / 5.x Insufficient Module Access Control - Exploit Files ≈ Packet Storm SiteVision suffers from an issue where attacker may inject non-authorized module when editing pages using a lower privileged account, which can lead to cross site scripting and remote code execution. All versions of SiteVision 4 until 4.5.6 and all versions of SiteVision 5 until 5.1.1 are vulnerable.
Fri, 06 Dec 2019 16:34:56 +0000: Yachtcontrol 2019-10-06 Remote Code Execution - Exploit Files ≈ Packet Storm Yachtcontrol versions dated 2019-10-06 suffer from an unauthenticated remote code execution vulnerability.
Fri, 06 Dec 2019 16:16:03 +0000: Integard Pro NoJs 2.2.0.9026 Remote Buffer Overflow - Exploit Files ≈ Packet Storm Integard Pro NoJs version 2.2.0.9026 suffers from a remote buffer overflow vulnerability.
Fri, 06 Dec 2019 16:14:40 +0000: Verot 2.0.3 Remote Code Execution - Exploit Files ≈ Packet Storm Verot version 2.0.3 suffers from a remote code execution vulnerability.
Fri, 06 Dec 2019 09:22:22 +0000: Microsoft Skype For Business DNS Query - Exploit Files ≈ Packet Storm Microsoft Skype for Business latest versions affected from external service interaction (DNS) vulnerability. A remote attacker could force the vulnerable server to send DNS request to any remote server attacker wants.
Thu, 05 Dec 2019 18:02:22 +0000: Amiti Antivirus 25.0.640 Unquoted Service Path - Exploit Files ≈ Packet Storm Amiti Antivirus version 25.0.640 suffers from an unquoted service path vulnerability.
Thu, 05 Dec 2019 10:11:11 +0000: NETGATE Data Backup 3.0.620 Unquoted Service Path - Exploit Files ≈ Packet Storm NETGATE Data Backup version 3.0.620 suffers from an unquoted service path vulnerability.
Wed, 04 Dec 2019 23:34:21 +0000: YouPHPTube 7.7 SQL Injection - Exploit Files ≈ Packet Storm YouPHPTube versions 7.7 and below suffer from a remote SQL injection vulnerability in getChat.json.php.
Wed, 04 Dec 2019 23:31:06 +0000: Fronius Solar Inverter Series Insecure Communication / Path Traversal - Exploit Files ≈ Packet Storm Fronius Solar Inverter Series with software versions below 3.14.1 (HM 1.12.1) suffer from unencrypted communication and path traversal vulnerabilities.
Wed, 04 Dec 2019 23:30:12 +0000: SSDWLAB 6.1 Authentication Bypass - Exploit Files ≈ Packet Storm SSDWLAB version 6.1 suffers from an authentication bypass vulnerability.
Wed, 04 Dec 2019 23:28:11 +0000: Revive Adserver 4.2 Remote Code Execution - Exploit Files ≈ Packet Storm Revive Adserver version 4.2 suffers from a code execution vulnerability.
Wed, 04 Dec 2019 23:26:28 +0000: WordPress CSS Hero 4.0.3 Cross Site Scripting - Exploit Files ≈ Packet Storm WordPress CSS Hero plugin versions 4.0.3 and below suffer from a cross site scripting vulnerability.
Wed, 04 Dec 2019 23:19:12 +0000: Microsoft Windows Media Center XML Injection - Exploit Files ≈ Packet Storm Microsoft Windows Media Center suffers from an XML external entity injection vulnerability. This vulnerability was originally released back on December 4, 2016, yet remains unfixed.
Wed, 04 Dec 2019 23:16:15 +0000: BMC Smart Reporting 7.3 20180418 XML Injection - Exploit Files ≈ Packet Storm BMC Smart Reporting version 7.3 20180418 suffers from an XML external entity injection vulnerability.
Wed, 04 Dec 2019 23:15:44 +0000: Microsoft Visual Basic 2010 Express XML Injection - Exploit Files ≈ Packet Storm Microsoft Visual Basic 2010 Express suffers from an XML external entity injection vulnerability.
Latest Tools
Wed, 04 Dec 2019 23:38:08 +0000: Wireshark Analyzer 3.0.7 - Security Tool Files ≈ Packet Storm Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.
Mon, 02 Dec 2019 19:29:00 +0000: I2P 0.9.44 - Security Tool Files ≈ Packet Storm I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.
Mon, 02 Dec 2019 19:22:35 +0000: SQLMAP - Automatic SQL Injection Tool 1.3.12 - Security Tool Files ≈ Packet Storm sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.
Wed, 27 Nov 2019 15:50:13 +0000: Packet Fence 9.2.0 - Security Tool Files ≈ Packet Storm PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
Tue, 26 Nov 2019 17:37:46 +0000: GNU Privacy Guard 2.2.18 - Security Tool Files ≈ Packet Storm GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.
Thu, 21 Nov 2019 02:35:22 +0000: Clam AntiVirus Toolkit 0.102.1 - Security Tool Files ≈ Packet Storm Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command-line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.
Tue, 19 Nov 2019 15:21:05 +0000: Bing.com Hostname / IP Enumerator 1.0 - Security Tool Files ≈ Packet Storm This tool enumerates hostnames from Bing.com for an IP address. Bing.com is Microsoft's search engine which has an IP: search parameter. Written in Bash for Linux. Requires wget.
Mon, 18 Nov 2019 15:37:05 +0000: cryptmount Filesystem Manager 5.3.2 - Security Tool Files ≈ Packet Storm cryptmount is a utility for creating and managing secure filing systems on GNU/Linux systems. After initial setup, it allows any user to mount or unmount filesystems on demand, solely by providing the decryption password, with any system devices needed to access the filing system being configured automatically. A wide variety of encryption schemes (provided by the kernel dm-crypt system and the libgcrypt library) can be used to protect both the filesystem and the access key. The protected filing systems can reside in either ordinary files or disk partitions. The package also supports encrypted swap partitions, and automatic configuration on system boot-up.
Mon, 18 Nov 2019 15:16:36 +0000: XSSer Penetration Testing Tool 1.8-2 - Security Tool Files ≈ Packet Storm XSSer is an open source penetration testing tool that automates the process of detecting and exploiting XSS injections against different applications. It contains several options to try to bypass certain filters, and various special techniques of code injection.
Fri, 15 Nov 2019 21:40:12 +0000: Faraday 3.9.3 - Security Tool Files ≈ Packet Storm Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
Fri, 15 Nov 2019 17:02:27 +0000: Kamerka 2.0 - Security Tool Files ≈ Packet Storm Kamerka is an OSINT tool that builds an interactive map of cameras, printers, tweets, and photos leveraging Flickr, Instagram, Shodan, and Twitter.
Thu, 07 Nov 2019 14:52:22 +0000: Travesty 1.0 - Security Tool Files ≈ Packet Storm Travesty is a tool that can leverage a known directory traversal to assist in identifying interesting directories and files.
Wed, 06 Nov 2019 16:17:20 +0000: AIEngine 1.9.1 - Security Tool Files ≈ Packet Storm AIEngine is a packet inspection engine with capabilities of learning without any human intervention. It helps network/security professionals to identify traffic and develop signatures for use them on NIDS, Firewalls, Traffic classifiers and so on.
Wed, 06 Nov 2019 16:11:58 +0000: Bluto 2.4.16 - Security Tool Files ≈ Packet Storm Bluto is a dns reconnaissance, vulnerability checking, and enumeration tool.
Fri, 01 Nov 2019 17:28:10 +0000: SQLMAP - Automatic SQL Injection Tool 1.3.11 - Security Tool Files ≈ Packet Storm sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.
Thu, 31 Oct 2019 22:21:09 +0000: Samhain File Integrity Checker 4.4.0 - Security Tool Files ≈ Packet Storm Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
Thu, 31 Oct 2019 14:32:42 +0000: Falco 0.18.0 - Security Tool Files ≈ Packet Storm Sysdig falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about falco as a mix between snort, ossec and strace.
Wed, 30 Oct 2019 16:06:59 +0000: Ansvif 1.12 - Security Tool Files ≈ Packet Storm Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.
Mon, 28 Oct 2019 20:56:17 +0000: Stegano 0.9.7 - Security Tool Files ≈ Packet Storm Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit (LSB) technique. It is possible to use a more advanced LSB method based on integers sets. The sets (Sieve of Eratosthenes, Fermat, Carmichael numbers, etc.) are used to select the pixels used to hide the information.
Thu, 24 Oct 2019 19:02:22 +0000: I2P 0.9.43 - Security Tool Files ≈ Packet Storm I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.
Comments