Latest Exploits / Tools

Latest Exploits

  • Fri, 23 Sep 2022 14:16:05 +0000: WordPress 3dady Real-Time Web Stats 1.0 Cross Site Scripting - Exploit Files ≈ Packet Storm
    WordPress 3dady Real-Time Web Stats plugin version 1.0 suffers from a persistent cross site scripting vulnerability.
  • Fri, 23 Sep 2022 14:14:36 +0000: WordPress WP-UserOnline 2.88.0 Cross Site Scripting - Exploit Files ≈ Packet Storm
    WordPress WP-UserOnline plugin version 2.88.0 suffers from a persistent cross site scripting vulnerability.
  • Fri, 23 Sep 2022 14:09:31 +0000: Teleport 10.1.1 Remote Code Execution - Exploit Files ≈ Packet Storm
    Teleport version 10.1.1 suffers from a remote code execution vulnerability.
  • Fri, 23 Sep 2022 14:08:24 +0000: Feehi CMS 2.1.1 Remote Code Execution - Exploit Files ≈ Packet Storm
    Feehi CMS version 2.1.1 suffers from an authenticated remote code execution vulnerability.
  • Fri, 23 Sep 2022 14:06:48 +0000: Testa 3.5.1 Cross Site Scripting - Exploit Files ≈ Packet Storm
    Testa Online Test Management System version 3.5.1 suffers from a cross site scripting vulnerability.
  • Fri, 23 Sep 2022 14:03:25 +0000: TP-Link Tapo c200 1.1.15 Remote Code Execution - Exploit Files ≈ Packet Storm
    TP-Link Tapo c200 version 1.1.15 suffers from a remote code execution vulnerability.
  • Thu, 22 Sep 2022 16:01:49 +0000: Bitbucket Git Command Injection - Exploit Files ≈ Packet Storm
    Various versions of Bitbucket Server and Data Center are vulnerable to an unauthenticated command injection vulnerability in multiple API endpoints. The /rest/api/latest/projects/{projectKey}/repos/{repositorySlug}/archive endpoint creates an archive of the repository, leveraging the git-archive command to do so. Supplying NULL bytes to the request enables the passing of additional arguments to the command, ultimately enabling execution of arbitrary commands.
  • Thu, 22 Sep 2022 15:56:48 +0000: Linux Stable 5.4 / 5.10 Use-After-Free / Race Condition - Exploit Files ≈ Packet Storm
    Linux stable versions 5.4 and 5.10 suffers from a page use-after-free via stale TLB caused by an rmap lock not held during PUD move.
  • Thu, 22 Sep 2022 15:53:17 +0000: WorkOrder CMS 0.1.0 Cross Site Scripting - Exploit Files ≈ Packet Storm
    WorkOrder CMS version 0.1.0 suffers from a cross site scripting vulnerability.
  • Thu, 22 Sep 2022 15:52:05 +0000: WorkOrder CMS 0.1.0 SQL Injection - Exploit Files ≈ Packet Storm
    WorkOrder CMS version 0.1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
  • Thu, 22 Sep 2022 15:45:58 +0000: Multix 2.4 Cross Site Request Forgery - Exploit Files ≈ Packet Storm
    Multix version 2.4 suffers from a cross site request forgery vulnerability.
  • Thu, 22 Sep 2022 15:45:29 +0000: Multix 2.4 Cross Site Scripting - Exploit Files ≈ Packet Storm
    Multix version 2.4 suffers from a cross site scripting vulnerability.
  • Wed, 21 Sep 2022 13:50:13 +0000: Unified Remote Authentication Bypass / Code Execution - Exploit Files ≈ Packet Storm
    This Metasploit module utilizes the Unified Remote remote control protocol to type out and deploy a payload. The remote control protocol can be configured to have no passwords, a group password, or individual user accounts. If the web page is accessible, the access control is set to no password for exploitation, then reverted. If the web page is not accessible, exploitation will be tried blindly. This module has been successfully tested against version 3.11.0.2483 (50) on Windows 10.
  • Wed, 21 Sep 2022 13:45:44 +0000: WiFiMouse 1.8.3.4 Remote Code Execution - Exploit Files ≈ Packet Storm
    WiFiMouse version 1.8.3.4 suffers from a remote code execution vulnerability.
  • Tue, 20 Sep 2022 14:19:09 +0000: Arm Mali CSF Missing Buffer Size Check - Exploit Files ≈ Packet Storm
    In the Linux Mali driver, when building with MALI_USE_CSF, the VFS read handler of the main Mali file descriptor (kbase_read()) never looks at its "count" parameter. This means that a simple userspace program that sets up a Mali file descriptor, then calls read(mali_fd, buf, 1), will see read() returning a higher length than requested, and out-of-bounds data in the userspace buffer will be clobbered.
  • Tue, 20 Sep 2022 14:15:41 +0000: Arm Mali Race Condition - Exploit Files ≈ Packet Storm
    The Mali driver frees GPU page tables before removing the higher-level PTEs pointing to those page tables (and, therefore, also before issuing the required flushes). This means a racing memory write instruction on the GPU can write to an attacker-controlled physical address.
  • Tue, 20 Sep 2022 14:12:12 +0000: Arm Mali Physical Address Exposure - Exploit Files ≈ Packet Storm
    Arm Mali has an issue where a driver exposes physical addresses to unprivileged userspace.
  • Tue, 20 Sep 2022 14:07:36 +0000: Arm Mali Released Buffer Use-After-Free - Exploit Files ≈ Packet Storm
    On Mali devices without the new CSF interface, IMPORTED_USER_BUF is released without flushing host-side VMAs, leading to a page use-after-free vulnerability.
  • Tue, 20 Sep 2022 14:05:45 +0000: Backdoor.Win32.Hellza.120 MVID-2022-0641 Remote Command Execution - Exploit Files ≈ Packet Storm
    Backdoor.Win32.Hellza.120 malware suffers from a remote command execution vulnerability.
  • Tue, 20 Sep 2022 14:04:49 +0000: Backdoor.Win32.Hellza.120 MVID-2022-0642 Authentication Bypass - Exploit Files ≈ Packet Storm
    Backdoor.Win32.Hellza.120 malware suffers from an authentication bypass vulnerability.

Latest Tools

  • Wed, 21 Sep 2022 13:48:13 +0000: American Fuzzy Lop plus plus 4.03c - Security Tool Files ≈ Packet Storm
    Google's American Fuzzy Lop is a brute-force fuzzer coupled with an exceedingly simple but rock-solid instrumentation-guided genetic algorithm. afl++ is a superior fork to Google's afl. It has more speed, more and better mutations, more and better instrumentation, custom module support, etc.
  • Tue, 20 Sep 2022 14:23:15 +0000: Zeek 5.0.2 - Security Tool Files ≈ Packet Storm
    Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.
  • Fri, 16 Sep 2022 13:52:49 +0000: Packet Fence 12.0.0 - Security Tool Files ≈ Packet Storm
    PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
  • Wed, 14 Sep 2022 15:33:46 +0000: Faraday 4.1.0 - Security Tool Files ≈ Packet Storm
    Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
  • Thu, 08 Sep 2022 14:42:31 +0000: Wireshark Analyzer 3.6.8 - Security Tool Files ≈ Packet Storm
    Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.
  • Thu, 08 Sep 2022 14:41:53 +0000: Hydra Network Logon Cracker 9.4 - Security Tool Files ≈ Packet Storm
    THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.
  • Mon, 05 Sep 2022 15:14:51 +0000: cryptmount Filesystem Manager 6.0 - Security Tool Files ≈ Packet Storm
    cryptmount is a utility for creating and managing secure filing systems on GNU/Linux systems. After initial setup, it allows any user to mount or unmount filesystems on demand, solely by providing the decryption password, with any system devices needed to access the filing system being configured automatically. A wide variety of encryption schemes (provided by the kernel dm-crypt system and the libgcrypt library) can be used to protect both the filesystem and the access key. The protected filing systems can reside in either ordinary files or disk partitions. The package also supports encrypted swap partitions, and automatic configuration on system boot-up.
  • Mon, 05 Sep 2022 15:13:26 +0000: GNUnet P2P Framework 0.17.5 - Security Tool Files ≈ Packet Storm
    GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP (IPv4 and IPv6), TCP (IPv4 and IPv6), HTTP, or SMTP messages. GNUnet supports accounting to provide contributing nodes with better service. The primary service build on top of the framework is anonymous file sharing.
  • Fri, 02 Sep 2022 15:36:40 +0000: Nmap Port Scanner 7.93 - Security Tool Files ≈ Packet Storm
    Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings.
  • Fri, 02 Sep 2022 15:31:25 +0000: Hashcat Advanced Password Recovery 6.2.6 Source Code - Security Tool Files ≈ Packet Storm
    Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the source code release.
  • Fri, 02 Sep 2022 15:31:18 +0000: Hashcat Advanced Password Recovery 6.2.6 Binary Release - Security Tool Files ≈ Packet Storm
    Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the binary release.
  • Fri, 02 Sep 2022 15:29:00 +0000: GNU Privacy Guard 2.2.39 - Security Tool Files ≈ Packet Storm
    GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions. This is the LTS release.
  • Thu, 01 Sep 2022 16:16:06 +0000: GNU Privacy Guard 2.2.38 - Security Tool Files ≈ Packet Storm
    GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions. This is the LTS release.
  • Tue, 30 Aug 2022 15:20:20 +0000: Zeek 5.0.1 - Security Tool Files ≈ Packet Storm
    Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.
  • Thu, 25 Aug 2022 15:35:01 +0000: GNU Privacy Guard 2.2.37 - Security Tool Files ≈ Packet Storm
    GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions. This is the LTS release.
  • Wed, 24 Aug 2022 13:09:35 +0000: MIMEDefang Email Scanner 3.1 - Security Tool Files ≈ Packet Storm
    MIMEDefang is a flexible MIME email scanner designed to protect Windows clients from viruses. Includes the ability to do many other kinds of mail processing, such as replacing parts of messages with URLs. It can alter or delete various parts of a MIME message according to a very flexible configuration file. It can also bounce messages with unacceptable attachments. MIMEDefang works with the Sendmail 8.11 and newer "Milter" API, which makes it more flexible and efficient than procmail-based approaches.
  • Tue, 23 Aug 2022 14:11:27 +0000: I2P 1.9.0 - Security Tool Files ≈ Packet Storm
    I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.
  • Mon, 15 Aug 2022 16:18:07 +0000: TOR Virtual Network Tunneling Tool 0.4.7.10 - Security Tool Files ≈ Packet Storm
    Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs). This is the source code release.
  • Fri, 12 Aug 2022 14:59:19 +0000: GNUnet P2P Framework 0.17.4 - Security Tool Files ≈ Packet Storm
    GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP (IPv4 and IPv6), TCP (IPv4 and IPv6), HTTP, or SMTP messages. GNUnet supports accounting to provide contributing nodes with better service. The primary service build on top of the framework is anonymous file sharing.
  • Tue, 09 Aug 2022 14:39:40 +0000: Falco 0.32.2 - Security Tool Files ≈ Packet Storm
    Sysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about falco as a mix between snort, ossec and strace.

@Risk Exploits

ExploitDB

 

Leave a Reply Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Contact Us