Hack Tools/Exploits

Packetstorm Last 10 Files

  1. Loxone Smart Home CSRF / XSS / DoS / Credential Leakage - Loxone Smart Home versions prior to 6.3 suffer from cross site request forgery, cross site scripting, poor credential handling, unencrypted transport, denial of service, and various other vulnerabilities.
  2. HelpDezk 1.0.1 Shell Upload / Code Execution / Disclosure - HelpDezk version 1.0.1 suffers from remote shell upload, code execution, and information disclosure vulnerabilities.
  3. OpenSCAP Libraries 1.2.1 - The openscap project is a set of open source libraries that support the SCAP (Security Content Automation Protocol) set of standards from NIST. It supports CPE, CCE, CVE, CVSS, OVAL, and XCCDF.
  4. GNU Privacy Guard 2.0.27 - GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.
  5. GNU Privacy Guard 1.4.19 - GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.
  6. Apache Standard Taglibs 1.2.1 XXE / Remote Command Execution - Apache Standard Taglibs version 1.2.1 suffers from XXE and remote command execution vulnerabilities via the XSL extension in JSTL XML tags.
  7. Tcl 1.16 Cross Site Scripting - Tcl versions 1.0.0 through 1.16 suffer from a cross site scripting vulnerability.
  8. WordPress Media Cleaner 2.2.6 Cross Site Scripting - WordPress Media Cleaner plugin version 2.2.6 suffers from a cross site scripting vulnerability.
  9. Debian Security Advisory 3176-1 - Debian Linux Security Advisory 3176-1 - Multiple vulnerabilities have been discovered in Request Tracker, an extensible trouble-ticket tracking system.
  10. Electronic Arts Origin Client 9.5.5 Privilege Escalation - Electronic Arts Origin Client version 9.5.5 suffers from multiple privilege escalation vulnerabilities.

Packetstorm Tools

  1. GNU Privacy Guard 2.0.27 - GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.
  2. GNU Privacy Guard 1.4.19 - GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.
  3. Secure rm 1.2.15 - Secure rm (srm) is a command-line compatible rm(1) which completely destroys file contents before unlinking. The goal is to provide drop in security for users who wish to prevent command line recovery of deleted information, even if the machine is compromised.
  4. Lynis Auditing Tool 2.0.0 - Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.
  5. Suricata IDPE 2.0.7 - Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.
  6. I2P 0.9.18 - I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.
  7. Maligno 2.0 - Maligno is an open source penetration testing tool written in python, that serves Metasploit payloads. It generates shellcode with msfvenom and transmits it over HTTP or HTTPS. The shellcode is encrypted with AES and encoded with Base64 prior to transmission.
  8. Juli Man-In-The-Middle Script - This is a simple perl script for setting up man-in-the-middle attacks on Linux.
  9. Packet Fence 4.6.1 - PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
  10. Hyperion Runtime Encrypter 1.2 - Hyperion is a runtime encrypter for 32-bit portable executables. It is a reference implementation and bases on the paper "Hyperion: Implementation of a PE-Crypter".

Packetstorm Exploits

  1. Loxone Smart Home CSRF / XSS / DoS / Credential Leakage - Loxone Smart Home versions prior to 6.3 suffer from cross site request forgery, cross site scripting, poor credential handling, unencrypted transport, denial of service, and various other vulnerabilities.
  2. HelpDezk 1.0.1 Shell Upload / Code Execution / Disclosure - HelpDezk version 1.0.1 suffers from remote shell upload, code execution, and information disclosure vulnerabilities.
  3. Tcl 1.16 Cross Site Scripting - Tcl versions 1.0.0 through 1.16 suffer from a cross site scripting vulnerability.
  4. WordPress Media Cleaner 2.2.6 Cross Site Scripting - WordPress Media Cleaner plugin version 2.2.6 suffers from a cross site scripting vulnerability.
  5. Electronic Arts Origin Client 9.5.5 Privilege Escalation - Electronic Arts Origin Client version 9.5.5 suffers from multiple privilege escalation vulnerabilities.
  6. Jetty 9.2.8 Shared Buffer Leakage - Gotham Digital Science discovered a critical information leakage vulnerability in the Jetty web server that allows an unauthenticated remote attacker to read arbitrary data from previous requests and responses submitted to the server by other users. Jetty versions 9.2.3 through 9.2.8 are affected. Proof of concept code included.
  7. Wireless File Transfer Pro Android Cross Site Request Forgery - Wireless File Transfer Pro Android suffers from a cross site request forgery vulnerability.
  8. Data Source: Scopus CMS SQL Injection - Data Source: Scopus CMS suffers from a remote SQL injection vulnerability.
  9. DSS TFTP 1.0 Path Traversal - DSS TFTP version 1.0 suffers from a path traversal vulnerability.
  10. D-Link / TRENDnet ncc2 CSRF / Unauthenticated Access - Multiple D-Link and TRENDnet devices suffer from cross site request forgery and unauthenticated access vulnerabilities. Various proof of concepts included.

Securiteam Exploits

  1. Cisco IOS Running On Aironet Access Points Denial Of Service Vulnerabilities - Cisco IOS on Aironet access points, when "dot11 aaa authenticator" debugging is enabled, allows remote attackers to cause a denial of service via a malformed EAP packet
  2. CPUMiner Stack Overflow Vulnerabilities - Stack-based buffer overflow in CPUMiner before 2.4.1 allows remote attackers to have an unspecified impact by sending a mining.subscribe response with a large nonce2 length, then triggering the overflow with a mining.notify request.
  3. Digi Online Examination System Arbitrary File Upload Vulnerabilities - Unrestricted file upload vulnerability in the Photo functionality in DigitalVidhya Digi Online Examination System 2.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in assets/uploads/images/.
  4. Drupal Site Banner Module Cross Site Scripting Vulnerabilities - Cross-site scripting (XSS) vulnerability in the context administration sub-panel in the Site Banner module before 7.x-4.1 for Drupal allows remote authenticated users with the "Administer contexts" Context UI module permission to inject arbitrary web script or HTML via vectors related to context settings.
  5. Epicor Enterprise Password Disclosure Vulnerabilities - Epicor Enterprise 7.4 before FS74SP6_HotfixTL054181 allows attackers to obtain the (1) Database Connection and (2) E-mail Connection passwords by reading HTML source code of the database connection and email settings page.