Latest Exploits / Tools

Latest Exploits

  • Fri, 14 Jun 2019 19:53:19 +0000: Java Card Proof Of Concepts - Exploit Files ≈ Packet Storm
    Security Explorations has discovered multiple security vulnerabilities in the reference implementation of Java Card technology from Oracle used in financial, government, transportation and telecommunication sectors among others. As for the impact, the vulnerabilities found make it possible to break memory safety of the underlying Java Card VM. As a result, full access to smartcard memory could be achieved, applet firewall could be broken or native code execution could be gained. This archive contains the proof of concept code that demonstrates these vulnerabilities which were originally made public in March of 2019.
  • Fri, 14 Jun 2019 19:41:55 +0000: Thunderbird libical Type Confusion - Exploit Files ≈ Packet Storm
    A type confusion has been identified in the Thunderbird email client. The issue is present in the libical implementation, which was forked from upstream libical version 0.47. The issue can be triggered remotely, when an attacker sends an specially crafted calendar attachment and does not require user interaction. It might be used by a remote attacker to crash the process or leak information from the client system via calendar replies. Proof of concept included.
  • Fri, 14 Jun 2019 19:39:00 +0000: Thunderbird libical Stack Buffer Overflow - Exploit Files ≈ Packet Storm
    A stack-based buffer overflow has been identified in the Thunderbird email client. The issue is present in the libical implementation, which was forked from upstream libical version 0.47. The issue can be triggered remotely, when an attacker sends an specially crafted calendar attachment and does not require user interaction. It might be used by a remote attacker to crash or gain remote code execution in the client system. Proof of concept included.
  • Fri, 14 Jun 2019 19:34:37 +0000: Thunderbird libical icalparser.c Heap Overflow - Exploit Files ≈ Packet Storm
    A heap-based buffer overflow has been identified in the Thunderbird email client. The issue is present in the libical implementation, which was forked from upstream libical version 0.47. The issue can be triggered remotely, when an attacker sends an specially crafted calendar attachment and does not require user interaction. It might be used by a remote attacker to crash or gain remote code execution in the client system. Proof of concept included.
  • Fri, 14 Jun 2019 19:32:07 +0000: Thunderbird libical Heap Overflow - Exploit Files ≈ Packet Storm
    A heap-based buffer overflow has been identified in the Thunderbird email client. The issue is present in the libical implementation, which was forked from upstream libical version 0.47. The issue can be triggered remotely, when an attacker sends an specially crafted calendar attachment and does not require user interaction. It might be used by a remote attacker to crash or gain remote code execution in the client system. Proof of concept included.
  • Fri, 14 Jun 2019 19:22:22 +0000: CentOS 7.6 ptrace_scope Privlege Escalation - Exploit Files ≈ Packet Storm
    CentOS version 7.6 ptrace_scope misconfiguration local privilege escalation exploit.
  • Fri, 14 Jun 2019 18:02:22 +0000: Aida64 6.00.5100 SEH Buffer Overflow - Exploit Files ≈ Packet Storm
    Aida64 version 6.00.5100 Log to CSV File local SEH buffer overflow exploit.
  • Fri, 14 Jun 2019 04:28:27 +0000: Tzumi Electronics Klic Lock Authentication Bypass - Exploit Files ≈ Packet Storm
    Tzumi Electronics Klic Lock version 1.0.9 allows for attackers to access resources via capture-replay.
  • Thu, 13 Jun 2019 19:33:38 +0000: WAGO 852 Industrial Managed Switch Series Code Execution / Hardcoded Credentials - Exploit Files ≈ Packet Storm
    The industrial managed switch series 852 from WAGO is affected by multiple vulnerabilities such as old software components embedded in the firmware. Furthermore, hardcoded password hashes and credentials were also found by doing an automated scan with IoT Inspector.
  • Thu, 13 Jun 2019 19:31:33 +0000: APCUPSD Information Leak - Exploit Files ≈ Packet Storm
    This script abuses an unauthenticated information leak in the apcupsd daemon.
  • Thu, 13 Jun 2019 19:27:44 +0000: Pronestor Health Monitoring Privilege Escalation - Exploit Files ≈ Packet Storm
    Pronestor Health Monitoring versions prior to 8.1.12.0 suffer from a local privilege escalation vulnerability due to weak file permissions.
  • Thu, 13 Jun 2019 19:26:13 +0000: Sitecore 8.x Deserialization Remote Code Execution - Exploit Files ≈ Packet Storm
    Sitecore versions 8.x suffer from a deserialization vulnerability that allows for remote code execution.
  • Thu, 13 Jun 2019 19:22:22 +0000: WebLord WL-Nuke Coppermine For PHP-Nuke 1.3.1c SQL Injection - Exploit Files ≈ Packet Storm
    WebLord WL-Nuke Coppermine for PHP-Nuke version 1.3.1c suffers from a remote SQL injection vulnerability.
  • Wed, 12 Jun 2019 18:57:36 +0000: Telus Actiontec T2200H Local Privilege Escalation - Exploit Files ≈ Packet Storm
    Telus Actiontec T2200H with firmware T2200H-31.128L.08 suffers from a local privilege escalation vulnerability.
  • Wed, 12 Jun 2019 18:50:31 +0000: Telus Actiontec WEB6000Q Serial Number Information Disclosure - Exploit Files ≈ Packet Storm
    Telus Actiontec WEB6000Q with firmware 1.1.02.22 suffers from a serial number information disclosure vulnerability. The wireless extenders use DHCP Option 125 to include device details such as model number, manufacturer, and serial number. The WCB6000Q DHCP DISCOVER and REQUEST broadcasts include the device serial number in the DHCP option 125 (subopt 2) field. An attacker on the same Layer 2 network segment as the device, can see all these DHCP requests with a packet capture. Once he or she has this, the device's admin web UI password can be reset using the web UI "forgot password" page to reset to a known value.
  • Wed, 12 Jun 2019 18:49:02 +0000: SymCrypt Infinite Loop - Exploit Files ≈ Packet Storm
    There's a bug in the SymCrypt multi-precision arithmetic routines that can cause an infinite loop when calculating the modular inverse on specific bit patterns with bcryptprimitives!SymCryptFdefModInvGeneric.
  • Wed, 12 Jun 2019 18:46:34 +0000: Telus Actiontec T2200H Serial Number Information Disclosure - Exploit Files ≈ Packet Storm
    Telus Actiontec T2200H with firmware T2200H-31.128L.08 suffers from a serial number information disclosure vulnerability. The wireless extenders use DHCP Option 125 to include device details such as model number, manufacturer, and serial number. By forging a special DHCP packet using Option 125, an attacker can obtain the device serial number. Once he or she has this, the device's admin web UI password can be reset using the web UI "forgot password" page to reset to a known value.
  • Wed, 12 Jun 2019 18:44:21 +0000: Telus Actiontec WEB6000Q Denial Of Service - Exploit Files ≈ Packet Storm
    Telus Actiontec WEB6000Q with firmware 1.1.02.22 suffers from a denial of service vulnerability. By querying CGI endpoints with empty (GET/POST/HEAD) requests causes a Segmentation Fault of the uhttpd webserver. Since there is no watchdog on this daemon, a device reboot is needed to restart the webserver to make any modification to the device.
  • Wed, 12 Jun 2019 18:39:04 +0000: Telus Actiontec WEB6000Q Privilege Escalation - Exploit Files ≈ Packet Storm
    Telus Actiontec WEB6000Q with firmware 1.1.02.22 suffers from both local and remote privilege escalation vulnerabilities.
  • Wed, 12 Jun 2019 18:35:12 +0000: Telus Actiontec T2200H WiFi Credential Disclosure - Exploit Files ≈ Packet Storm
    Telus Actiontec T2200H with firmware T2200H-31.128L.08 suffers from a credential disclosure vulnerability. An HTTP interface used by wireless extenders to pull the modem's wifi settings uses DHCP client-provided option values to restrict access to this API. By forging DHCP packets, one can access this interface without any authentication and obtain details such as SSID name, encryption type, and WPA/WEP keys. This can be leveraged if an attacker is on the same Layer 2 network as the modem.

Latest Tools

  • Wed, 12 Jun 2019 23:33:33 +0000: Falco 0.15.3 - Security Tool Files ≈ Packet Storm
    Sysdig falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about falco as a mix between snort, ossec and strace.
  • Wed, 12 Jun 2019 19:03:19 +0000: Falco 0.15.2 - Security Tool Files ≈ Packet Storm
    Sysdig falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about falco as a mix between snort, ossec and strace.
  • Wed, 12 Jun 2019 18:41:35 +0000: Hyperion Runtime Encrypter 2.0 - Security Tool Files ≈ Packet Storm
    Hyperion is a runtime encrypter for 32-bit and 64-bit portable executables. It is a reference implementation and bases on the paper "Hyperion: Implementation of a PE-Crypter".
  • Tue, 11 Jun 2019 11:55:55 +0000: HiddenWall Linux Firewall - Security Tool Files ≈ Packet Storm
    This is a tool that generates a Linux kernel module for custom rules with Netfilter hooking to block ports, run in hidden mode, perform rootkit functions, etc.
  • Mon, 10 Jun 2019 21:53:31 +0000: Zed Attack Proxy 2.8.0 Cross Platform Package - Security Tool Files ≈ Packet Storm
    The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. This is the cross platform package.
  • Mon, 10 Jun 2019 21:42:12 +0000: Falco 0.15.1 - Security Tool Files ≈ Packet Storm
    Sysdig falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about falco as a mix between snort, ossec and strace.
  • Thu, 06 Jun 2019 23:55:55 +0000: Faraday 3.8.0 - Security Tool Files ≈ Packet Storm
    Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
  • Wed, 05 Jun 2019 23:02:22 +0000: Stegano 0.9.4 - Security Tool Files ≈ Packet Storm
    Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit (LSB) technique. It is possible to use a more advanced LSB method based on integers sets. The sets (Sieve of Eratosthenes, Fermat, Carmichael numbers, etc.) are used to select the pixels used to hide the information.
  • Sun, 02 Jun 2019 15:30:16 +0000: SQLMAP - Automatic SQL Injection Tool 1.3.6 - Security Tool Files ≈ Packet Storm
    sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.
  • Fri, 31 May 2019 15:34:44 +0000: Bro Network Security Monitor 2.6.2 - Security Tool Files ≈ Packet Storm
    Bro is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Bro provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Bro has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Bro's user community includes major universities, research labs, supercomputing centers, and open-science communities.
  • Tue, 28 May 2019 16:43:38 +0000: GNU Privacy Guard 2.2.16 - Security Tool Files ≈ Packet Storm
    GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.
  • Tue, 28 May 2019 16:42:01 +0000: Packet Fence 9.0.1 - Security Tool Files ≈ Packet Storm
    PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
  • Tue, 28 May 2019 16:38:40 +0000: OpenSSL Toolkit 1.1.1c - Security Tool Files ≈ Packet Storm
    OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.
  • Thu, 23 May 2019 16:41:32 +0000: Wireshark Analyzer 3.0.2 - Security Tool Files ≈ Packet Storm
    Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.
  • Thu, 23 May 2019 16:39:35 +0000: GRR 3.3.0.0 - Security Tool Files ≈ Packet Storm
    GRR Rapid Response is an incident response framework focused on remote live forensics. The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely. GRR consists of 2 parts: client and server. GRR client is deployed on systems that one might want to investigate. On every such system, once deployed, GRR client periodically polls GRR frontend servers for work. "Work" means running a specific action: downloading file, listing a directory, etc. GRR server infrastructure consists of several components (frontends, workers, UI servers) and provides web-based graphical user interface and an API endpoint that allows analysts to schedule actions on clients and view and process collected data.
  • Mon, 20 May 2019 16:07:49 +0000: Flawfinder 2.0.9 - Security Tool Files ≈ Packet Storm
    Flawfinder searches through source code for potential security flaws, listing potential security flaws sorted by risk, with the most potentially dangerous flaws shown first. This risk level depends not only on the function, but on the values of the parameters of the function.
  • Sun, 19 May 2019 20:32:22 +0000: AIDE 0.16.2 - Security Tool Files ≈ Packet Storm
    AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire(tm). It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determining which files get added to the database. You can use several message digest algorithms to ensure that the files have not been tampered with.
  • Fri, 17 May 2019 20:32:22 +0000: OpenDNSSEC 2.1.4 - Security Tool Files ≈ Packet Storm
    OpenDNSSEC is software that manages the security of domain names on the Internet. The project intends to drive adoption of Domain Name System Security Extensions (DNSSEC) to further enhance Internet security.
  • Fri, 17 May 2019 20:22:22 +0000: Hydra Network Logon Cracker 9.0 - Security Tool Files ≈ Packet Storm
    THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.
  • Thu, 16 May 2019 23:16:23 +0000: Packet Fence 9.0.0 - Security Tool Files ≈ Packet Storm
    PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.

@Risk Exploits

ExploitDB