Latest Exploits / Tools

Latest Exploits

  • Fri, 07 May 2021 15:59:44 +0000: macOS Gatekeeper Check Bypass - Exploit Files ≈ Packet Storm
    This Metasploit module serves an OSX app (as a zip) that contains no Info.plist, which bypasses gatekeeper in macOS versions prior to 11.3. If the user visits the site on Safari, the zip file is automatically extracted, and clicking on the downloaded file will automatically launch the payload. If the user visits the site in another browser, the user must click once to unzip the app, and click again in order to execute the payload.
  • Fri, 07 May 2021 15:45:42 +0000: Epic Games Easy Anti-Cheat 4.0 Local Privilege Escalation - Exploit Files ≈ Packet Storm
    Epic Games Easy Anti-Cheat version 4.0 suffers from a local privilege escalation vulnerability.
  • Fri, 07 May 2021 15:41:44 +0000: WifiHotSpot 1.0.0.0 Unquoted Service Path - Exploit Files ≈ Packet Storm
    WifiHotSpot version 1.0.0.0 suffers from an unquoted service path vulnerability.
  • Fri, 07 May 2021 15:38:18 +0000: Android Memory Disclosure / Out-Of-Bounds Write / Double-Free - Exploit Files ≈ Packet Storm
    Android suffers from memory disclosure, out-of-bounds write, and double-free vulnerabilities in NFC's Felica tag handling.
  • Fri, 07 May 2021 15:36:53 +0000: Voting System 1.0 Shell Upload - Exploit Files ≈ Packet Storm
    Voting System version 1.0 suffers from a remote shell upload vulnerability.
  • Fri, 07 May 2021 15:26:46 +0000: Human Resource Information System 0.1 Remote Code Execution - Exploit Files ≈ Packet Storm
    Human Resource Information System version 0.1 suffers from a remote code execution vulnerability.
  • Fri, 07 May 2021 15:25:08 +0000: Voting System 1.0 SQL Injection - Exploit Files ≈ Packet Storm
    Voting System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass. Original discovery of SQL injection in this version is attributed to Syed Sheeraz Ali in May of 2021.
  • Fri, 07 May 2021 15:22:37 +0000: Sandboxie Plus 0.7.4 Unquoted Service Path - Exploit Files ≈ Packet Storm
    Sandboxie Plus version 0.7.4 suffers from an unquoted service path vulnerability.
  • Fri, 07 May 2021 10:11:11 +0000: Sandboxie 5.49.7 Denial Of Service - Exploit Files ≈ Packet Storm
    Sandboxie version 5.49.7 suffers from a denial of service vulnerability.
  • Thu, 06 May 2021 15:00:43 +0000: b2evolution 7-2-2 SQL Injection - Exploit Files ≈ Packet Storm
    b2evolution version 7-2-2 suffers from a remote SQL injection vulnerability.
  • Thu, 06 May 2021 14:58:22 +0000: WordPress WP Super Edit 2.5.4 Arbitrary File Upload - Exploit Files ≈ Packet Storm
    WordPress WP Super Edit plugin version 2.5.4 suffers from an arbitrary file upload vulnerability.
  • Thu, 06 May 2021 14:49:57 +0000: Schlix CMS 2.2.6-6 Remote Code Execution - Exploit Files ≈ Packet Storm
    Schlix CMS version 2.2.6-6 suffers from a remote code execution vulnerability.
  • Thu, 06 May 2021 14:48:27 +0000: Schlix CMS 2.2.6-6 Cross Site Scripting - Exploit Files ≈ Packet Storm
    Schlix CMS version 2.2.6-6 suffers from a persistent cross site scripting vulnerability.
  • Thu, 06 May 2021 01:13:20 +0000: Xmind 2020 Cross Site Scripting / Code Execution - Exploit Files ≈ Packet Storm
    Xmind version 2020 suffers from a cross site scripting vulnerability that can lead to remote code execution.
  • Thu, 06 May 2021 01:12:30 +0000: Tagstoo 2.0.1 Cross Site Scripting / Code Execution - Exploit Files ≈ Packet Storm
    Tagstoo version 2.0.1 suffers from a cross site scripting vulnerability that can lead to remote code execution.
  • Thu, 06 May 2021 01:11:49 +0000: Marky 0.0.1 Cross Site Scripting / Code Execution - Exploit Files ≈ Packet Storm
    Marky version 0.0.1 suffers from a cross site scripting vulnerability that can lead to remote code execution.
  • Thu, 06 May 2021 01:10:54 +0000: StudyMD 0.3.2 Cross Site Scripting / Code Execution - Exploit Files ≈ Packet Storm
    StudyMD version 0.3.2 suffers from a cross site scripting vulnerability that can lead to remote code execution.
  • Thu, 06 May 2021 01:09:57 +0000: SnipCommand 0.1.0 Cross Site Scripting / Code Execution - Exploit Files ≈ Packet Storm
    SnipCommand version 0.1.0 suffers from a cross site scripting vulnerability that can lead to remote code execution.
  • Thu, 06 May 2021 01:08:59 +0000: Moeditor 0.2.0 Cross Site Scripting / Code Execution - Exploit Files ≈ Packet Storm
    Moeditor version 0.2.0 suffers from a cross site scripting vulnerability that can lead to remote code execution.
  • Thu, 06 May 2021 01:08:05 +0000: Markdownify 1.2.0 Cross Site Scripting / Code Execution - Exploit Files ≈ Packet Storm
    Markdownify version 1.2.0 suffers from a cross site scripting vulnerability that can lead to remote code execution.

Latest Tools

  • Fri, 07 May 2021 15:43:34 +0000: Falco 0.28.1 - Security Tool Files ≈ Packet Storm
    Sysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about falco as a mix between snort, ossec and strace.
  • Thu, 06 May 2021 01:20:05 +0000: jSQL Injection 0.85 - Security Tool Files ≈ Packet Storm
    jSQL Injection is a lightweight application used to find database information from a distant server. jSQL Injection is also part of the official penetration testing distribution Kali Linux and is included in various other distributions like Pentest Box, Parrot Security OS, ArchStrike and BlackArch Linux. This is the source code release.
  • Tue, 04 May 2021 19:20:50 +0000: OpenDNSSEC 2.1.9 - Security Tool Files ≈ Packet Storm
    OpenDNSSEC is software that manages the security of domain names on the Internet. The project intends to drive adoption of Domain Name System Security Extensions (DNSSEC) to further enhance Internet security.
  • Mon, 03 May 2021 21:02:00 +0000: OATH Toolkit 2.6.7 - Security Tool Files ≈ Packet Storm
    OATH Toolkit attempts to collect several tools that are useful when deploying technologies related to OATH, such as HOTP one-time passwords. It is a fork of the earlier HOTP Toolkit.
  • Mon, 03 May 2021 20:55:55 +0000: SQLMAP - Automatic SQL Injection Tool 1.5.5 - Security Tool Files ≈ Packet Storm
    sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.
  • Thu, 29 Apr 2021 14:53:30 +0000: GRAudit Grep Auditing Tool 3.0 - Security Tool Files ≈ Packet Storm
    Graudit is a simple script and signature sets that allows you to find potential security flaws in source code using the GNU utility, grep. It's comparable to other static analysis applications like RATS, SWAAT, and flaw-finder while keeping the technical requirements to a minimum and being very flexible.
  • Fri, 23 Apr 2021 15:22:22 +0000: nfstream 6.3.1 - Security Tool Files ≈ Packet Storm
    nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python. Additionally, it has the broader goal of becoming a common network data processing framework for researchers providing data reproducibility across experiments.
  • Thu, 22 Apr 2021 15:43:16 +0000: Wireshark Analyzer 3.4.5 - Security Tool Files ≈ Packet Storm
    Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.
  • Thu, 22 Apr 2021 15:36:38 +0000: Zeek 4.0.1 - Security Tool Files ≈ Packet Storm
    Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.
  • Thu, 22 Apr 2021 15:35:40 +0000: nfstream 6.3.0 - Security Tool Files ≈ Packet Storm
    nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python. Additionally, it has the broader goal of becoming a common network data processing framework for researchers providing data reproducibility across experiments.
  • Tue, 20 Apr 2021 16:24:32 +0000: Scapy Packet Manipulation Tool 2.4.5 - Security Tool Files ≈ Packet Storm
    Scapy is a powerful interactive packet manipulation tool, packet generator, network scanner, network discovery tool, and packet sniffer. It provides classes to interactively create packets or sets of packets, manipulate them, send them over the wire, sniff other packets from the wire, match answers and replies, and more. Interaction is provided by the Python interpreter, so Python programming structures can be used (such as variables, loops, and functions). Report modules are possible and easy to make. It is intended to do the same things as ttlscan, nmap, hping, queso, p0f, xprobe, arping, arp-sk, arpspoof, firewalk, irpas, tethereal, tcpdump, etc.
  • Mon, 19 Apr 2021 16:19:18 +0000: OpenSSH 8.6p1 - Security Tool Files ≈ Packet Storm
    This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.
  • Mon, 19 Apr 2021 16:17:56 +0000: Faraday 3.14.4 - Security Tool Files ≈ Packet Storm
    Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
  • Thu, 15 Apr 2021 13:59:12 +0000: nfstream 6.2.6 - Security Tool Files ≈ Packet Storm
    nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python. Additionally, it has the broader goal of becoming a common network data processing framework for researchers providing data reproducibility across experiments.
  • Wed, 14 Apr 2021 16:41:35 +0000: URLCrazy Domain Name Typo Tool 0.7.3 - Security Tool Files ≈ Packet Storm
    URLCrazy is a tool that can generate and test domain typos and variations to detect and perform typo squatting, URL hijacking, phishing, and corporate espionage. It generates 15 types of domain variants, knows over 8000 common misspellings, supports multiple keyboard layouts, can check if a typo is a valid domain, tests if domain typos are in use, and estimates the popularity of a typo.
  • Mon, 12 Apr 2021 16:34:03 +0000: Falco 0.28.0 - Security Tool Files ≈ Packet Storm
    Sysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about falco as a mix between snort, ossec and strace.
  • Fri, 09 Apr 2021 15:43:56 +0000: GRAudit Grep Auditing Tool 2.9 - Security Tool Files ≈ Packet Storm
    Graudit is a simple script and signature sets that allows you to find potential security flaws in source code using the GNU utility, grep. It's comparable to other static analysis applications like RATS, SWAAT, and flaw-finder while keeping the technical requirements to a minimum and being very flexible.
  • Wed, 07 Apr 2021 20:52:11 +0000: Clam AntiVirus Toolkit 0.103.2 - Security Tool Files ≈ Packet Storm
    Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command-line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.
  • Wed, 07 Apr 2021 20:50:55 +0000: Global Socket 1.4.29 - Security Tool Files ≈ Packet Storm
    Global Socket is a tool for moving data from here to there, securely, fast, and through NAT and firewalls. It uses the Global Socket Relay Network to connect TCP pipes, has end-to-end encryption (using OpenSSL's SRP / RFC-5054), AES-256 and key exchange using 4096-bit Prime, requires no PKI, has Perfect Forward Secrecy, and TOR support.
  • Fri, 02 Apr 2021 14:15:52 +0000: SQLMAP - Automatic SQL Injection Tool 1.5.4 - Security Tool Files ≈ Packet Storm
    sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.

@Risk Exploits

ExploitDB

 

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.