Latest Exploits

• Mon, 01 Mar 2021 16:10:00 +0000: Packet Storm New Exploits For February, 2021 - Exploit Files ≈ Packet Storm
  This archive contains all of the 189 exploits added to Packet Storm in February, 2021.
• Mon, 01 Mar 2021 15:59:08 +0000: FortiLogger 4.4.2.2 Arbitrary File Upload - Exploit Files ≈ Packet Storm
  This Metasploit module exploits an unauthenticated arbitrary file upload via an insecure POST request to Fortilogger. It has been tested on version 4.4.2.2 in Windows 10 Enterprise.
• Mon, 01 Mar 2021 15:56:53 +0000: Concrete5 8.5.4 Cross Site Scripting - Exploit Files ≈ Packet Storm
  Concrete5 version 8.5.4 suffers from a persistent cross site scripting vulnerability.
• Mon, 01 Mar 2021 15:55:29 +0000: Trojan-Spy.Win32.Stealer.osh Insecure Permissions - Exploit Files ≈ Packet Storm
  Trojan-Spy.Win32.Stealer.osh malware suffers from an insecure permissions vulnerability.
• Mon, 01 Mar 2021 15:54:31 +0000: Online Catering Reservation System 1.0 Code Execution - Exploit Files ≈ Packet Storm
  Online Catering Reservation System version 1.0 suffers from an unauthenticated remote code execution vulnerability.
• Mon, 01 Mar 2021 15:49:43 +0000: Covid-19 Contact Tracing System 1.0 Code Execution - Exploit Files ≈ Packet Storm
  Covid-19 Contact Tracing System version 1.0 suffers from a remote code execution vulnerability.
• Mon, 01 Mar 2021 15:43:28 +0000: VMware vCenter Server 7.0 Arbitrary File Upload - Exploit Files ≈ Packet Storm
  VMware vCenter Server version 7.0 unauthenticated arbitrary file upload exploit.
• Mon, 01 Mar 2021 15:41:03 +0000: Backdoor.Win32.RemoteManipulator.fdo Insecure Permissions - Exploit Files ≈ Packet Storm
  Backdoor.Win32.RemoteManipulator.fdo malware suffers from an insecure permissions vulnerability.
• Sun, 28 Feb 2021 17:22:22 +0000: WiFi Mouse 1.7.8.5 Remote Code Execution - Exploit Files ≈ Packet Storm
  WiFi Mouse version 1.7.8.5 suffers from a remote code execution vulnerability.
• Fri, 26 Feb 2021 16:19:38 +0000: Package Control Arbitrary File Write - Exploit Files ≈ Packet Storm
  Package Control suffers from an arbitrary file write vulnerability.
• Fri, 26 Feb 2021 16:18:07 +0000: Microsoft DirectWrite fsg_ExecuteGlyph Buffer Overflow - Exploit Files ≈ Packet Storm
  Microsoft DirectWrite suffers from a heap-based buffer overflow vulnerability in fsg_ExecuteGlyph while processing variable TTF fonts.
• Fri, 26 Feb 2021 16:14:18 +0000: Chrome DataElement Out-Of-Bounds Read - Exploit Files ≈ Packet Storm
  Chrome suffers from an out-of-bounds read vulnerability in network DataElement struct traits.
• Fri, 26 Feb 2021 15:55:31 +0000: Trojan-Proxy.Win32.Delf.ai Buffer Overflow - Exploit Files ≈ Packet Storm
  Trojan-Proxy.Win32.Delf.ai malware suffers from a buffer overflow vulnerability.
• Fri, 26 Feb 2021 15:52:38 +0000: Doctor Appointment System 1.0 Cross Site Scripting - Exploit Files ≈ Packet Storm
  Doctor Appointment System version 1.0 suffers from multiple cross site scripting vulnerabilities.
• Fri, 26 Feb 2021 15:50:28 +0000: Trojan-Dropper.Win32.Daws.etlm Unauthenticated Reboot - Exploit Files ≈ Packet Storm
  Trojan-Dropper.Win32.Daws.etlm malware suffers from a remote unauthenticated system reboot vulnerability.
• Fri, 26 Feb 2021 15:49:12 +0000: Online Catering Reservation System 1.0 SQL Injection - Exploit Files ≈ Packet Storm
  Online Catering Reservation System version 1.0 suffers from a remote SQL injection vulnerability.
• Fri, 26 Feb 2021 15:47:08 +0000: VisualWare MyConnection Server 11.x Remote Code Execution - Exploit Files ≈ Packet Storm
  VisualWare MyConnection Server version 11.x suffers from a remote code execution vulnerability.
• Fri, 26 Feb 2021 15:45:28 +0000: Triconsole 3.75 Cross Site Scripting - Exploit Files ≈ Packet Storm
  Triconsole version 3.75 suffers from a cross site scripting vulnerability.
• Fri, 26 Feb 2021 15:44:00 +0000: Zenphoto CMS 1.5.7 Shell Upload - Exploit Files ≈ Packet Storm
  Zenphoto CMS versions 1.5.7 and below suffer from a remote shell upload vulnerability.
• Fri, 26 Feb 2021 15:37:44 +0000: Remote Desktop Web Access Authentication Timing Attack - Exploit Files ≈ Packet Storm
  Remote Desktop Web Access suffers form an authentication timing attack vulnerability.

Latest Tools

• Mon, 01 Mar 2021 16:05:39 +0000: American Fuzzy Lop plus plus 3.10c - Security Tool Files ≈ Packet Storm
  Google's American Fuzzy Lop is a brute-force fuzzer coupled with an exceedingly simple but rock-solid instrumentation-guided genetic algorithm. afl++ is a superior fork to Google's afl. It has more speed, more and better mutations, more and better instrumentation, custom module support, etc.
• Mon, 01 Mar 2021 16:01:57 +0000: Faraday 3.14.2 - Security Tool Files ≈ Packet Storm
  Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
• Wed, 24 Feb 2021 15:08:54 +0000: Global Socket 1.4.25 - Security Tool Files ≈ Packet Storm
  Global Socket is a tool for moving data from here to there, securely, fast, and through NAT and firewalls. It uses the Global Socket Relay Network to connect TCP pipes, has end-to-end encryption (using OpenSSL's SRP / RFC-5054), AES-256 and key exchange using 4096-bit Prime, requires no PKI, has Perfect Forward Secrecy, and TOR support.
• Wed, 24 Feb 2021 15:06:52 +0000: jSQL Injection 0.84 - Security Tool Files ≈ Packet Storm
  jSQL Injection is a lightweight application used to find database information from a distant server. jSQL Injection is also part of the official penetration testing distribution Kali Linux and is included in various other distributions like Pentest Box, Parrot Security OS, ArchStrike and BlackArch Linux. This is the source code release.
• Tue, 23 Feb 2021 15:55:38 +0000: Zeek 3.2.4 - Security Tool Files ≈ Packet Storm
  Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.
• Mon, 22 Feb 2021 16:25:25 +0000: OpenDNSSEC 2.1.8 - Security Tool Files ≈ Packet Storm
  OpenDNSSEC is software that manages the security of domain names on the Internet. The project intends to drive adoption of Domain Name System Security Extensions (DNSSEC) to further enhance Internet security.
• Mon, 22 Feb 2021 16:23:46 +0000: Global Socket 1.4.24 - Security Tool Files ≈ Packet Storm
  Global Socket is a tool for moving data from here to there, securely, fast, and through NAT and firewalls. It uses the Global Socket Relay Network to connect TCP pipes, has end-to-end encryption (using OpenSSL's SRP / RFC-5054), AES-256 and key exchange using 4096-bit Prime, requires no PKI, has Perfect Forward Secrecy, and TOR support.
• Mon, 22 Feb 2021 16:21:42 +0000: Wapiti Web Application Vulnerability Scanner 3.0.4 - Security Tool Files ≈ Packet Storm
  Wapiti is a web application vulnerability scanner. It will scan the web pages of a deployed web application and will fuzz the URL parameters and forms to find common web vulnerabilities.
• Mon, 22 Feb 2021 16:20:03 +0000: I2P 0.9.49 - Security Tool Files ≈ Packet Storm
  I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.
• Fri, 19 Feb 2021 14:30:54 +0000: Faraday 3.14.1 - Security Tool Files ≈ Packet Storm
  Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
• Wed, 17 Feb 2021 14:53:17 +0000: OpenSSL Toolkit 1.1.1j - Security Tool Files ≈ Packet Storm
  OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.
• Tue, 16 Feb 2021 15:52:46 +0000: TOR Virtual Network Tunneling Tool 0.4.5.6 - Security Tool Files ≈ Packet Storm
  Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
• Tue, 16 Feb 2021 15:48:59 +0000: Recon Informer 1.3 - Security Tool Files ≈ Packet Storm
  Recon-Informer is a basic real-time anti-reconnaissance detection tool for offensive security systems, useful for penetration testers. It runs on Windows/Linux and leverages scapy.
• Thu, 11 Feb 2021 15:27:57 +0000: AIDE 0.17.3 - Security Tool Files ≈ Packet Storm
  AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire(tm). It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determining which files get added to the database. You can use several message digest algorithms to ensure that the files have not been tampered with.
• Mon, 08 Feb 2021 17:16:46 +0000: AIDE 0.17.2 - Security Tool Files ≈ Packet Storm
  AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire(tm). It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determining which files get added to the database. You can use several message digest algorithms to ensure that the files have not been tampered with.
• Thu, 04 Feb 2021 14:15:38 +0000: TOR Virtual Network Tunneling Tool 0.4.4.7 - Security Tool Files ≈ Packet Storm
  Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
• Thu, 04 Feb 2021 14:06:35 +0000: Clam AntiVirus Toolkit 0.103.1 - Security Tool Files ≈ Packet Storm
  Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command-line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.
• Wed, 03 Feb 2021 16:35:00 +0000: Mandos Encrypted File System Unattended Reboot Utility 1.8.14 - Security Tool Files ≈ Packet Storm
  The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.
• Tue, 02 Feb 2021 16:10:11 +0000: SQLMAP - Automatic SQL Injection Tool 1.5.2 - Security Tool Files ≈ Packet Storm
  sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.
• Mon, 01 Feb 2021 16:46:03 +0000: Wireshark Analyzer 3.4.3 - Security Tool Files ≈ Packet Storm
  Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.

@Risk Exploits

ExploitDB

• Mon, 01 Mar 2021 00:00:00 +0000: [webapps] FortiLogger 4.4.2.2 - Unauthenticated Arbitrary File Upload (Metasploit) - Exploit-DB.com RSS Feed
  FortiLogger 4.4.2.2 - Unauthenticated Arbitrary File Upload (Metasploit)
• Mon, 01 Mar 2021 00:00:00 +0000: [remote] WiFi Mouse 1.7.8.5 - Remote Code Execution - Exploit-DB.com RSS Feed
  WiFi Mouse 1.7.8.5 - Remote Code Execution
• Mon, 01 Mar 2021 00:00:00 +0000: [webapps] VMware vCenter Server 7.0 - Unauthenticated File Upload - Exploit-DB.com RSS Feed
  VMware vCenter Server 7.0 - Unauthenticated File Upload
• Mon, 01 Mar 2021 00:00:00 +0000: [webapps] Covid-19 Contact Tracing System 1.0 - Remote Code Execution (Unauthenticated) - Exploit-DB.com RSS Feed
  Covid-19 Contact Tracing System 1.0 - Remote Code Execution (Unauthenticated)
• Mon, 01 Mar 2021 00:00:00 +0000: [webapps] Online Catering Reservation System 1.0 - Remote Code Execution (Unauthenticated) - Exploit-DB.com RSS Feed
  Online Catering Reservation System 1.0 - Remote Code Execution (Unauthenticated)
• Fri, 26 Feb 2021 00:00:00 +0000: [webapps] Simple Employee Records System 1.0 - File Upload RCE (Unauthenticated) - Exploit-DB.com RSS Feed
  Simple Employee Records System 1.0 - File Upload RCE (Unauthenticated)
• Fri, 26 Feb 2021 00:00:00 +0000: [webapps] LightCMS 1.3.4 - 'exclusive' Stored XSS - Exploit-DB.com RSS Feed
  LightCMS 1.3.4 - 'exclusive' Stored XSS
• Fri, 26 Feb 2021 00:00:00 +0000: [webapps] Triconsole 3.75 - Reflected XSS - Exploit-DB.com RSS Feed
  Triconsole 3.75 - Reflected XSS
• Fri, 26 Feb 2021 00:00:00 +0000: [remote] Remote Desktop Web Access - Authentication Timing Attack (Metasploit Module) - Exploit-DB.com RSS Feed
  Remote Desktop Web Access - Authentication Timing Attack (Metasploit Module)
• Thu, 25 Feb 2021 00:00:00 +0000: [remote] ASUS Remote Link 1.1.2.13 - Remote Code Execution - Exploit-DB.com RSS Feed
  ASUS Remote Link 1.1.2.13 - Remote Code Execution
• Thu, 25 Feb 2021 00:00:00 +0000: [webapps] Vehicle Parking Management System 1.0 - 'catename' Persistent Cross-Site Scripting (XSS) - Exploit-DB.com RSS Feed
  Vehicle Parking Management System 1.0 - 'catename' Persistent Cross-Site Scripting (XSS)
• Wed, 24 Feb 2021 00:00:00 +0000: [dos] Product Key Explorer 4.2.7 - 'multiple' Denial of Service (PoC) - Exploit-DB.com RSS Feed
  Product Key Explorer 4.2.7 - 'multiple' Denial of Service (PoC)
• Wed, 24 Feb 2021 00:00:00 +0000: [webapps] LayerBB 1.1.4 - 'search_query' SQL Injection - Exploit-DB.com RSS Feed
  LayerBB 1.1.4 - 'search_query' SQL Injection
• Wed, 24 Feb 2021 00:00:00 +0000: [local] Softros LAN Messenger 9.6.4 - 'SoftrosSpellChecker' Unquoted Service Path - Exploit-DB.com RSS Feed
  Softros LAN Messenger 9.6.4 - 'SoftrosSpellChecker' Unquoted Service Path
• Wed, 24 Feb 2021 00:00:00 +0000: [dos] SpotAuditor 5.3.5 - 'multiple' Denial Of Service (PoC) - Exploit-DB.com RSS Feed
  SpotAuditor 5.3.5 - 'multiple' Denial Of Service (PoC)
• Wed, 24 Feb 2021 00:00:00 +0000: [remote] Unified Remote 3.9.0.2463 - Remote Code Execution - Exploit-DB.com RSS Feed
  Unified Remote 3.9.0.2463 - Remote Code Execution
• Wed, 24 Feb 2021 00:00:00 +0000: [local] LogonExpert 8.1 - 'LogonExpertSvc' Unquoted Service Path - Exploit-DB.com RSS Feed
  LogonExpert 8.1 - 'LogonExpertSvc' Unquoted Service Path
• Wed, 24 Feb 2021 00:00:00 +0000: [remote] python jsonpickle 2.0.0 - Remote Code Execution - Exploit-DB.com RSS Feed
  python jsonpickle 2.0.0 - Remote Code Execution
• Tue, 23 Feb 2021 00:00:00 +0000: [webapps] Monica 2.19.1 - 'last_name' Stored XSS - Exploit-DB.com RSS Feed
  Monica 2.19.1 - 'last_name' Stored XSS
• Tue, 23 Feb 2021 00:00:00 +0000: [webapps] Batflat CMS 1.3.6 - 'multiple' Stored XSS - Exploit-DB.com RSS Feed
  Batflat CMS 1.3.6 - 'multiple' Stored XSS