Latest Exploits / Tools

Latest Exploits

  • Fri, 20 Jul 2018 18:22:22 +0000: Microsoft dnslint.exe DNS Tool Forced Drive-By Download - Exploit Files ≈ Packet Storm
    Microsoft's dnslint.exe tool does not verify domain names when parsing DNS text-files using the "/ql" switch making it prone to forced drive-by downloads, providing an end user is tricked into using a server text-file containing a script/binary reference instead of a normally expected domain name.
  • Fri, 20 Jul 2018 01:11:11 +0000: Oracle Fusion Middleware 12c (12.2.1.3.0) WebLogic SAML Issues - Exploit Files ≈ Packet Storm
    Two vulnerabilities were discovered within the Oracle WebLogic SAML service provider authentication mechanism. By inserting an XML comment into the SAML NameID tag, an attacker can coerce the SAML service provider to log in as another user. Additionally, WebLogic does not require signed SAML assertions in the default configuration. By omitting the signature portions from a SAML assertion, an attacker can craft an arbitrary SAML assertion and bypass the authentication mechanism.
  • Thu, 19 Jul 2018 23:22:22 +0000: CMS Made Simple 2.2.5 Authenticated Remote Command Execution - Exploit Files ≈ Packet Storm
    CMS Made Simple version 2.2.5 allows an authenticated administrator to upload a file and rename it to have a .php extension. The file can then be executed by opening the URL of the file in the /uploads/ directory.
  • Thu, 19 Jul 2018 18:22:22 +0000: WordPress All In One Favicon 4.6 Cross Site Scripting - Exploit Files ≈ Packet Storm
    WordPress All In One Favicon plugin version 4.6 suffers from a cross site scripting vulnerability.
  • Thu, 19 Jul 2018 17:44:11 +0000: Chrome Swiftshader Blitting Floating-Point Precision Errors - Exploit Files ≈ Packet Storm
    Chrome suffers from floating-point precision errors in Swiftshader blitting.
  • Thu, 19 Jul 2018 17:22:22 +0000: MyBB New Threads 1.1 Cross Site Scripting - Exploit Files ≈ Packet Storm
    MyBB New Threads plugin version 1.1 suffers from a cross site scripting vulnerability.
  • Thu, 19 Jul 2018 17:02:22 +0000: Chrome SwiftShader OpenGL Texture Binding Reference Count Leak - Exploit Files ≈ Packet Storm
    Chrome suffers from a reference count leak in SwiftShader OpenGL texture bindings.
  • Thu, 19 Jul 2018 15:47:51 +0000: Adobe Systems Main lead DBMS Arbitrary Code Injection - Exploit Files ≈ Packet Storm
    Adobe Systems Mail Lead DBMS suffers from an arbitrary code injection vulnerability.
  • Thu, 19 Jul 2018 14:44:44 +0000: Chrome Swiftshader Texture Allocation Integer Overflow - Exploit Files ≈ Packet Storm
    Chrome suffers from an integer overflow vulnerability in Swiftshader texture allocation.
  • Thu, 19 Jul 2018 01:55:18 +0000: Linux BPF Sign Extension Local Privilege Escalation - Exploit Files ≈ Packet Storm
    Linux kernel versions prior to 4.14.8 utilize the Berkeley Packet Filter (BPF) which contains a vulnerability where it may improperly perform signing for an extension. This can be utilized to escalate privileges. The target system must be compiled with BPF support and must not have kernel.unprivileged_bpf_disabled set to 1. This Metasploit module has been tested successfully on many different kernels.
  • Wed, 18 Jul 2018 22:22:22 +0000: Barracuda Cloud Control 7.1.1.003 Cross Site Scripting - Exploit Files ≈ Packet Storm
    Barracuda Cloud Control version 7.1.1.003 suffers from a cross site scripting vulnerability.
  • Wed, 18 Jul 2018 19:11:11 +0000: Barracuda Cloud Control 3.020 Cross Site Scripting - Exploit Files ≈ Packet Storm
    Barracuda Cloud Control version 3.020 suffers from a cross site scripting vulnerability.
  • Wed, 18 Jul 2018 14:44:44 +0000: Modx Revolution Remote Code Execution - Exploit Files ≈ Packet Storm
    Modx Revolution versions prior to 2.6.4 suffer from a remote code execution vulnerability.
  • Wed, 18 Jul 2018 14:44:44 +0000: Smart SMS And Email Manager 3.3 SQL Injection - Exploit Files ≈ Packet Storm
    Smart SMS and Email Manager version 3.3 suffers from a remote SQL injection vulnerability.
  • Wed, 18 Jul 2018 14:02:22 +0000: JavaScript Core Arbitrary Code Execution - Exploit Files ≈ Packet Storm
    JavaScript Core arbitrary code execution exploit.
  • Wed, 18 Jul 2018 13:33:33 +0000: Open-AudIT Community 2.1.1 Cross Site Scripting - Exploit Files ≈ Packet Storm
    Open-AudIT Community version 2.1.1 suffers from a cross site scripting vulnerability.
  • Wed, 18 Jul 2018 13:33:33 +0000: GhostMail Filename To Link Script Insertion - Exploit Files ≈ Packet Storm
    GhostMail suffers from a malicious script insertion vulnerability.
  • Wed, 18 Jul 2018 13:01:11 +0000: GhostMail Status Message HTML Injection - Exploit Files ≈ Packet Storm
    GhostMail suffers from an html injection vulnerability.
  • Wed, 18 Jul 2018 12:12:12 +0000: FTP2FTP 1.0 Arbitrary File Download - Exploit Files ≈ Packet Storm
    FTP2FTP version 1.0 suffers from an arbitrary file download vulnerability.
  • Tue, 17 Jul 2018 23:49:08 +0000: Binance 1.5.0 Insecure File Permission - Exploit Files ≈ Packet Storm
    Binance version 1.5.0 suffers from an insecure file permission vulnerability.

Latest Tools

  • Sat, 21 Jul 2018 16:15:32 +0000: SSLsplit 0.5.3 - Security Tool Files ≈ Packet Storm
    SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. Connections are transparently intercepted through a network address translation engine and redirected to SSLsplit. SSLsplit terminates SSL/TLS and initiates a new SSL/TLS connection to the original destination address, while logging all data transmitted. SSLsplit is intended to be useful for network forensics and penetration testing.
  • Thu, 19 Jul 2018 01:55:38 +0000: Wireshark Analyzer 2.6.2 - Security Tool Files ≈ Packet Storm
    Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.
  • Thu, 19 Jul 2018 01:53:15 +0000: Suricata IDPE 4.0.5 - Security Tool Files ≈ Packet Storm
    Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.
  • Wed, 18 Jul 2018 23:44:44 +0000: Capstone 3.0.5 - Security Tool Files ≈ Packet Storm
    Capstone is a multi-architecture, multi-platform disassembly framework. It has a simple and lightweight architecture-neutral API, thread-safe by design, provides details on disassembled instruction, and more.
  • Tue, 17 Jul 2018 02:48:21 +0000: TOR Virtual Network Tunneling Tool 0.3.3.9 - Security Tool Files ≈ Packet Storm
    Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
  • Fri, 13 Jul 2018 16:30:52 +0000: GNU Privacy Guard 2.2.9 - Security Tool Files ≈ Packet Storm
    GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.
  • Wed, 11 Jul 2018 02:52:27 +0000: Aircrack-ng Wireless Network Tools 1.3 - Security Tool Files ≈ Packet Storm
    aircrack-ng is a set of tools for auditing wireless networks. It's an enhanced/reborn version of aircrack. It consists of airodump (an 802.11 packet capture program), aireplay (an 802.11 packet injection program), aircrack (static WEP and WPA-PSK cracking), airdecap (decrypts WEP/WPA capture files), and some tools to handle capture files (merge, convert, etc.).
  • Wed, 11 Jul 2018 02:50:39 +0000: Packet Fence 8.1.0 - Security Tool Files ≈ Packet Storm
    PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
  • Mon, 09 Jul 2018 23:48:21 +0000: TOR Virtual Network Tunneling Tool 0.3.3.8 - Security Tool Files ≈ Packet Storm
    Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
  • Mon, 09 Jul 2018 23:47:44 +0000: Clam AntiVirus Toolkit 0.100.1 - Security Tool Files ≈ Packet Storm
    Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command-line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.
  • Fri, 06 Jul 2018 19:21:11 +0000: Lynis Auditing Tool 2.6.6 - Security Tool Files ≈ Packet Storm
    Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.
  • Tue, 03 Jul 2018 20:22:22 +0000: Faraday 3.0b4 - Security Tool Files ≈ Packet Storm
    Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
  • Sun, 01 Jul 2018 12:12:12 +0000: DNS Spider Multithreaded Bruteforcer 1.0 - Security Tool Files ≈ Packet Storm
    DNS Spider is a multi-threaded bruteforcer of subdomains that leverages a wordlist and/or character permutation.
  • Thu, 28 Jun 2018 23:23:23 +0000: GRR 3.2.3.2 - Security Tool Files ≈ Packet Storm
    GRR Rapid Response is an incident response framework focused on remote live forensics. The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely. GRR consists of 2 parts: client and server. GRR client is deployed on systems that one might want to investigate. On every such system, once deployed, GRR client periodically polls GRR frontend servers for work. "Work" means running a specific action: downloading file, listing a directory, etc. GRR server infrastructure consists of several components (frontends, workers, UI servers) and provides web-based graphical user interface and an API endpoint that allows analysts to schedule actions on clients and view and process collected data.
  • Tue, 26 Jun 2018 23:51:57 +0000: I2P 0.9.35 - Security Tool Files ≈ Packet Storm
    I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.
  • Tue, 26 Jun 2018 23:49:12 +0000: Raptor WAF 0.5 - Security Tool Files ≈ Packet Storm
    Raptor is a web application firewall written in C that uses DFA to block SQL injection, cross site scripting, and path traversals.
  • Tue, 26 Jun 2018 16:05:57 +0000: Lynis Auditing Tool 2.6.5 - Security Tool Files ≈ Packet Storm
    Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.
  • Mon, 25 Jun 2018 23:29:20 +0000: GRR 3.2.3.0 - Security Tool Files ≈ Packet Storm
    GRR Rapid Response is an incident response framework focused on remote live forensics. The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely. GRR consists of 2 parts: client and server. GRR client is deployed on systems that one might want to investigate. On every such system, once deployed, GRR client periodically polls GRR frontend servers for work. "Work" means running a specific action: downloading file, listing a directory, etc. GRR server infrastructure consists of several components (frontends, workers, UI servers) and provides web-based graphical user interface and an API endpoint that allows analysts to schedule actions on clients and view and process collected data.
  • Wed, 20 Jun 2018 17:02:22 +0000: Malbait TCP/UDP Honeypot - Security Tool Files ≈ Packet Storm
    Malbait is a honeypot written in perl. It creates fake servers and supports both TCP and UDP protocols, either singly or in combination. It outputs in CSV format as well as giving more detailed text reports. You can serve fake Telnet, FTP, SMTP, POP3, HTTP, TR-69, IMAP, asciitime, systat and echo servers, as well as serving blank or random output.
  • Thu, 14 Jun 2018 15:55:55 +0000: msploitego 1.0 - Security Tool Files ≈ Packet Storm
    msploitego is the pentesting suite for Maltego. msploitego leverages the data gathered in a Metasploit database by enumerating and creating specific entities for services. Services like samba, smtp, snmp, http have transforms to enumerate even further.

@Risk Exploits

ExploitDB