Latest Exploits / Tools

Latest Exploits

  • Sat, 20 Apr 2019 23:23:23 +0000: LabF nfsAxe 3.7 Ping Client Buffer Overflow - Exploit Files ≈ Packet Storm
    LabF nfsAxe version 3.7 ping client buffer overflow exploit.
  • Sat, 20 Apr 2019 04:55:55 +0000: Zikula Core CMS 2.0.13 Database Disclosure - Exploit Files ≈ Packet Storm
    Zikula Core CMS version 2.0.13 suffers from a database disclosure vulnerability.
  • Sat, 20 Apr 2019 04:44:44 +0000: RingsDB Software 1.0.0 Database Disclosure - Exploit Files ≈ Packet Storm
    RingsDB Software version 1.0.0 suffers from a database disclosure vulnerability.
  • Sat, 20 Apr 2019 03:33:33 +0000: OpenDocMan Document Management System 1.3.5 Database Disclosure - Exploit Files ≈ Packet Storm
    OpenDocMan Document Management System version 1.3.5 suffers from a database disclosure vulnerability.
  • Sat, 20 Apr 2019 02:22:22 +0000: ChurchCRM Software 3.3.2 Database Disclosure - Exploit Files ≈ Packet Storm
    ChurchCRM Software version 3.3.2 suffers from a database disclosure vulnerability.
  • Fri, 19 Apr 2019 22:22:12 +0000: Oracle Business Intelligence Directory Traversal - Exploit Files ≈ Packet Storm
    Oracle Business Intelligence versions 11.1.1.9.0, 12.2.1.3.0, and 12.2.1.4.0 suffer from a directory traversal vulnerability.
  • Fri, 19 Apr 2019 22:20:25 +0000: Oracle Business Intelligence And XML Publisher XML Injection - Exploit Files ≈ Packet Storm
    Oracle Business Intelligence and XML Publisher versions 11.1.1.9.0, 12.2.1.3.0, and 12.2.1.4.0 suffer from an XML external entity injection vulnerability.
  • Fri, 19 Apr 2019 22:17:45 +0000: QNAP myQNAPcloud Connect 1.3.4.0317 Username/Password Denial Of Service - Exploit Files ≈ Packet Storm
    QNAP myQNAPcloud Connect version 1.3.4.0317 suffers from a username / password denial of service vulnerability.
  • Fri, 19 Apr 2019 13:28:00 +0000: SystemTap 1.3 MODPROBE_OPTIONS Privilege Escalation - Exploit Files ≈ Packet Storm
    This Metasploit module attempts to gain root privileges by exploiting a vulnerability in the staprun executable included with SystemTap version 1.3. The staprun executable does not clear environment variables prior to executing modprobe, allowing an arbitrary configuration file to be specified in the MODPROBE_OPTIONS environment variable, resulting in arbitrary command execution with root privileges. This module has been tested successfully on: systemtap 1.2-1.fc13-i686 on Fedora 13 (i686); and systemtap 1.1-3.el5 on RHEL 5.5 (x64).
  • Thu, 18 Apr 2019 21:28:28 +0000: Atlassian Confluence Widget Connector Macro Velocity Template Injection - Exploit Files ≈ Packet Storm
    Widget Connector Macro is part of Atlassian Confluence Server and Data Center that allows embed online videos, slideshows, photostreams and more directly into page. A _template parameter can be used to inject remote Java code into a Velocity template, and gain code execution. Authentication is not required to exploit this vulnerability. By default, Java payload will be used because it is cross-platform, but you can also specify which native payload you want (Linux or Windows). Confluence before version 6.6.12, from version 6.7.0 before 6.12.3, from version 6.13.0 before 6.13.3 and from version 6.14.0 before 6.14.2 are affected.
  • Thu, 18 Apr 2019 21:25:00 +0000: Netwide Assembler (NASM) 2.14rc15 Null Pointer Dereference - Exploit Files ≈ Packet Storm
    Netwide Assembler (NASM) version 2.14rc15 null pointer dereference proof of concept exploit.
  • Thu, 18 Apr 2019 21:20:52 +0000: ManageEngine Applications Manager 14 SQL Injection / Remote Code Execution - Exploit Files ≈ Packet Storm
    This Metasploit module exploits SQL injection and command injection vulnerabilities in ManageEngine AM 14 and prior versions. An unauthenticated user can gain the authority of "system" on the server due to the SQL injection vulnerability. The exploit allows the writing of the desired file to the system using the postgresql structure. The module is written over the payload by selecting a file with the extension ".vbs" that is used for monitoring by the ManageEngine which working with "system" authority. In addition, it dumps the users and passwords from the database for us. After the harmful ".vbs" file is written, the shell session may be a bit late.
  • Thu, 18 Apr 2019 21:19:24 +0000: Evernote 7.9 Path Traversal / Code Execution - Exploit Files ≈ Packet Storm
    Evernote version 4.9 suffers from a path traversal that can allow for code execution.
  • Wed, 17 Apr 2019 23:23:02 +0000: LibreOffice Macro Code Execution - Exploit Files ≈ Packet Storm
    This Metasploit module generates an ODT file with a mouse over event that when triggered, will execute arbitrary code.
  • Wed, 17 Apr 2019 18:06:36 +0000: Oracle Java Runtime Environment GlyphIterator::setCurrGlyphID Heap Corruption - Exploit Files ≈ Packet Storm
    A heap corruption was observed in Oracle Java Runtime Environment version 8u202 (latest at the time of this writing) while fuzz-testing the processing of TrueType fonts.
  • Wed, 17 Apr 2019 18:05:03 +0000: Oracle Java Runtime Environment sc_FindExtrema4 Heap Corruption - Exploit Files ≈ Packet Storm
    A heap corruption was observed in Oracle Java Runtime Environment version 8u202 (latest at the time of this writing) while fuzz-testing the processing of TrueType, implemented in a proprietary t2k library.
  • Wed, 17 Apr 2019 17:47:15 +0000: OAMbuster Multi-Threaded CVE-2018-2879 Scanner - Exploit Files ≈ Packet Storm
    OAMbuster is a multi-threaded exploit for CVE-2018-2879.
  • Wed, 17 Apr 2019 17:19:06 +0000: DHCP Server 2.5.2 Denial Of Service - Exploit Files ≈ Packet Storm
    DHCP Server version 2.5.2 suffers from a denial of service vulnerability.
  • Wed, 17 Apr 2019 17:17:51 +0000: ASUS HG100 Denial Of Service - Exploit Files ≈ Packet Storm
    ASUS HG100 suffers from a denial of service vulnerability.
  • Wed, 17 Apr 2019 10:22:22 +0000: WordPress Download Manager 2.9.93 Cross Site Scripting - Exploit Files ≈ Packet Storm
    WordPress Download Manager plugin version 2.9.93 suffers from a cross site scripting vulnerability.

Latest Tools

  • Sun, 21 Apr 2019 16:08:41 +0000: Lynis Auditing Tool 2.7.4 - Security Tool Files ≈ Packet Storm
    Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.
  • Thu, 18 Apr 2019 13:17:35 +0000: OpenSSH 8.0p1 - Security Tool Files ≈ Packet Storm
    This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.
  • Sun, 14 Apr 2019 20:22:22 +0000: Raptor WAF 0.6 - Security Tool Files ≈ Packet Storm
    Raptor is a web application firewall written in C that uses DFA to block SQL injection, cross site scripting, and path traversals.
  • Thu, 11 Apr 2019 14:25:32 +0000: Mandos Encrypted File System Unattended Reboot Utility 1.8.4 - Security Tool Files ≈ Packet Storm
    The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.
  • Wed, 10 Apr 2019 15:18:03 +0000: Stegano 0.9.3 - Security Tool Files ≈ Packet Storm
    Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit (LSB) technique. It is possible to use a more advanced LSB method based on integers sets. The sets (Sieve of Eratosthenes, Fermat, Carmichael numbers, etc.) are used to select the pixels used to hide the information.
  • Tue, 09 Apr 2019 18:15:44 +0000: GNUnet P2P Framework 0.11.0 - Security Tool Files ≈ Packet Storm
    GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP (IPv4 and IPv6), TCP (IPv4 and IPv6), HTTP, or SMTP messages. GNUnet supports accounting to provide contributing nodes with better service. The primary service build on top of the framework is anonymous file sharing.
  • Tue, 09 Apr 2019 18:15:14 +0000: Wireshark Analyzer 3.0.1 - Security Tool Files ≈ Packet Storm
    Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.
  • Thu, 04 Apr 2019 23:48:57 +0000: Stegano 0.9.2 - Security Tool Files ≈ Packet Storm
    Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit (LSB) technique. It is possible to use a more advanced LSB method based on integers sets. The sets (Sieve of Eratosthenes, Fermat, Carmichael numbers, etc.) are used to select the pixels used to hide the information.
  • Thu, 04 Apr 2019 23:48:21 +0000: Faraday 3.7.0 - Security Tool Files ≈ Packet Storm
    Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
  • Tue, 02 Apr 2019 16:26:55 +0000: PHPGGC unserialize() Payload Tool - Security Tool Files ≈ Packet Storm
    PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically.
  • Mon, 01 Apr 2019 14:50:53 +0000: SQLMAP - Automatic SQL Injection Tool 1.3.4 - Security Tool Files ≈ Packet Storm
    sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.
  • Wed, 27 Mar 2019 18:00:52 +0000: Clam AntiVirus Toolkit 0.101.2 - Security Tool Files ≈ Packet Storm
    Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command-line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.
  • Tue, 26 Mar 2019 15:17:20 +0000: GNU Privacy Guard 2.2.15 - Security Tool Files ≈ Packet Storm
    GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.
  • Fri, 22 Mar 2019 13:58:39 +0000: DNS Spider Multithreaded Bruteforcer 1.1 - Security Tool Files ≈ Packet Storm
    DNS Spider is a multi-threaded bruteforcer of subdomains that leverages a wordlist and/or character permutation.
  • Fri, 22 Mar 2019 02:45:54 +0000: I2P 0.9.39 - Security Tool Files ≈ Packet Storm
    I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.
  • Thu, 21 Mar 2019 14:06:00 +0000: Lynis Auditing Tool 2.7.3 - Security Tool Files ≈ Packet Storm
    Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.
  • Tue, 19 Mar 2019 21:10:07 +0000: GNU Privacy Guard 2.2.14 - Security Tool Files ≈ Packet Storm
    GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.
  • Sat, 09 Mar 2019 13:33:33 +0000: UFONet 1.3 - Security Tool Files ≈ Packet Storm
    UFONet abuses OSI Layer 7-HTTP to create/manage 'zombies' and to conduct different attacks using GET/POST, multithreading, proxies, origin spoofing methods, cache evasion techniques, etc.
  • Fri, 08 Mar 2019 02:23:55 +0000: Suricata IDPE 4.1.3 - Security Tool Files ≈ Packet Storm
    Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.
  • Fri, 08 Mar 2019 02:21:26 +0000: Lynis Auditing Tool 2.7.2 - Security Tool Files ≈ Packet Storm
    Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.

@Risk Exploits

ExploitDB