Hack Tools/Exploits

Packetstorm Last 10 Files

  1. Ubuntu Security Notice USN-2691-1 - Ubuntu Security Notice 2691-1 - Andy Lutomirski discovered a flaw in the Linux kernel's handling of nested NMIs (non-maskable interrupts). An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or potentially escalate their privileges. Colin King discovered a flaw in the add_key function of the Linux kernel's keyring subsystem. A local user could exploit this flaw to cause a denial of service (memory exhaustion). Various other issues were also addressed.
  2. Ubuntu Security Notice USN-2688-1 - Ubuntu Security Notice 2688-1 - Andy Lutomirski discovered a flaw in the Linux kernel's handling of nested NMIs (non-maskable interrupts). An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or potentially escalate their privileges. Colin King discovered a flaw in the add_key function of the Linux kernel's keyring subsystem. A local user could exploit this flaw to cause a denial of service (memory exhaustion). Various other issues were also addressed.
  3. Ubuntu Security Notice USN-2687-1 - Ubuntu Security Notice 2687-1 - Andy Lutomirski discovered a flaw in the Linux kernel's handling of nested NMIs (non-maskable interrupts). An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or potentially escalate their privileges. Colin King discovered a flaw in the add_key function of the Linux kernel's keyring subsystem. A local user could exploit this flaw to cause a denial of service (memory exhaustion). Various other issues were also addressed.
  4. Ubuntu Security Notice USN-2689-1 - Ubuntu Security Notice 2689-1 - Andy Lutomirski discovered a flaw in the Linux kernel's handling of nested NMIs (non-maskable interrupts). An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or potentially escalate their privileges. Colin King discovered a flaw in the add_key function of the Linux kernel's keyring subsystem. A local user could exploit this flaw to cause a denial of service (memory exhaustion). Various other issues were also addressed.
  5. Red Hat Security Advisory 2015-1512-01 - Red Hat Security Advisory 2015-1512-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM. A heap buffer overflow flaw was found in the way QEMU's IDE subsystem handled I/O buffer access while processing certain ATAPI commands. A privileged guest user in a guest with the CDROM drive enabled could potentially use this flaw to execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest.
  6. Ubuntu Security Notice USN-2690-1 - Ubuntu Security Notice 2690-1 - Andy Lutomirski discovered a flaw in the Linux kernel's handling of nested NMIs (non-maskable interrupts). An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or potentially escalate their privileges. Colin King discovered a flaw in the add_key function of the Linux kernel's keyring subsystem. A local user could exploit this flaw to cause a denial of service (memory exhaustion). Various other issues were also addressed.
  7. Ubuntu Security Notice USN-2693-1 - Ubuntu Security Notice 2693-1 - Jonathan Foote discovered that Bind incorrectly handled certain TKEY queries. A remote attacker could use this issue with a specially crafted packet to cause Bind to crash, resulting in a denial of service. Pories Ediansyah discovered that Bind incorrectly handled certain configurations involving DNS64. A remote attacker could use this issue with a specially crafted query to cause Bind to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS. Various other issues were also addressed.
  8. Debian Security Advisory 3319-1 - Debian Linux Security Advisory 3319-1 - Jonathan Foote discovered that the BIND DNS server does not properly handle TKEY queries. A remote attacker can take advantage of this flaw to mount a denial of service via a specially crafted query triggering an assertion failure and causing BIND to exit.
  9. Ubuntu Security Notice USN-2692-1 - Ubuntu Security Notice 2692-1 - Matt Tait discovered that QEMU incorrectly handled PIT emulation. In a non-default configuration, a malicious guest could use this issue to cause a denial of service, or possibly execute arbitrary code on the host as the user running the QEMU process. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. Kevin Wolf discovered that QEMU incorrectly handled processing ATAPI commands. A malicious guest could use this issue to cause a denial of service, or possibly execute arbitrary code on the host as the user running the QEMU process. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. Various other issues were also addressed.
  10. phpFileManager 0.9.8 Remote Command Execution - phpFileManager version 0.9.8 suffers from a remote command execution vulnerability.

Packetstorm Tools

  1. Linux Reverse TCP Shell In Python - Python code that provides a reverse TCP shell.
  2. Packet Fence 5.3.1 - PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
  3. Lynis Auditing Tool 2.1.1 - Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.
  4. Packet Fence 5.3.0 - PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
  5. Capstone 3.0.4 - Capstone is a multi-architecture, multi-platform disassembly framework. It has a simple and lightweight architecture-neutral API, thread-safe by design, provides details on disassembled instruction, and more.
  6. Beltane Web-Based Management For Samhain 1.0.20 - Beltane is a web-based central management console for the Samhain file integrity / intrusion detection system. It enables the administrator to browse client messages, acknowledge them, and update centrally stored file signature databases. Beltane requires a Samhain (version 1.6.0 or higher) client/server installation, with file signature databases stored on the central server, and logging to a SQL database enabled.
  7. Samhain File Integrity Checker 4.0.0 - Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
  8. Pcapteller 0.1 - Pcapteller is a tool designed for simple traffic manipulation and replay. The tool allows you to recreate a recorded network traffic scenario that occurred in a foreign network, as it really happened in yours. Basically, the tool reads network packets from a PCAP file, and it replaces a given IP address with one that fits your needs. Afterwards, the manipulated packets are injected into the network. The tool is useful if you want to recreate scenarios where computer attacks or malware infections occurred. Using such scenarios as a base, Pcapteller will make it look like everything is really happening in your network. Pcapteller can help you improving your blue team's network security monitoring skills, or creating network decoys during red team operations.
  9. Tor-ramdisk i686 UClibc-based Linux Distribution x86 20150714 - Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86_64 version.
  10. D3LT4 SQL Injection Scanner - D3LT4 is a mutation of smartd0rk3r and can search for 10,446 google dorks and scans for SQL injection vulnerabilities.

Packetstorm Exploits

  1. phpFileManager 0.9.8 Remote Command Execution - phpFileManager version 0.9.8 suffers from a remote command execution vulnerability.
  2. WordPress Flickr Justified Gallery 3.3.6 Cross Site Scripting - WordPress Flickr Justified Gallery plugin version 3.3.6 suffers from a cross site scripting vulnerability.
  3. Foxit Reader 7.1.5 Arbitrary Code Execution - Foxit Reader versions 7.0.8 through 7.1.5 suffer from a PNG conversion parsing tEXt chunk arbitrary code execution vulnerability.
  4. Hawkeye-G 3.0.1.4912 Cross Site Scripting / Information Leakage - Hawkeye-G version 3.0.1.4912 suffers from cross site scripting and information leakage vulnerabilities.
  5. Seditio CMS 1.7.1 Password Disclosure - Seditio CMS version 1.7.1 suffers from an administrator password disclosure vulnerability.
  6. OpenSSL Alternative Chains Certificate Forgery MITM Proxy - This Metasploit module exploits a logic error in OpenSSL by impersonating the server and sending a specially-crafted chain of certificates, resulting in certain checks on untrusted certificates to be bypassed on the client, allowing it to use a valid leaf certificate as a CA certificate to sign a fake certificate. The SSL/TLS session is then proxied to the server allowing the session to continue normally and application data transmitted between the peers to be saved. The valid leaf certificate must not contain the keyUsage extension or it must have at least the keyCertSign bit set (see X509_check_issued function in crypto/x509v3/v3_purp.c); otherwise; X509_verify_cert fails with X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY. This Metasploit module requires an active man-in-the-middle attack.
  7. Seditio CMS 1.7.1 Open Redirect - Seditio CMS version 1.7.1 suffers from an open redirect vulnerability.
  8. XenForo 1.4.9 Cross Site Scripting - XenForo versions 1.4.9 and below suffer from a cross site scripting vulnerability.
  9. WordPress Unite Gallery Lite 1.4.6 CSRF / SQL Injection - WordPress Unite Gallery Lite plugin version 1.4.6 suffers from cross site request forgery and remote SQL injection vulnerabilities.
  10. WordPress Music Store 1.0.14 Open Redirect - WordPress Music Store plugin version 1.0.14 suffers from an open redirect vulnerability.

Securiteam Exploits

  1. Cisco SPA 300 And 500 Series IP Phones Remote Users Listen Vulnerabilities - The default configuration of Cisco Small Business IP phones SPA 300 7.5.5 and SPA 500 7.5.5 does not properly support authentication, which allows remote attackers to read audio-stream data or originate telephone calls via a crafted XML request
  2. Drupal Term Queue Module Cross Site Scripting Vulnerabilities - Cross-site scripting (XSS) vulnerability in administration pages in the Term Queue module before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML
  3. General Electric Hydran M2 Predictable Random Number Generator Vulnerabilities - The 17046 Ethernet card before 94450214LFMT100SEM-L.R3-CL for the GE Digital Energy Hydran M2 does not properly generate random values for TCP Initial Sequence Numbers (ISNs), which makes it easier for remote attackers to spoof packets by predicting these values.
  4. HP Point Of Sale PC OPOSMSR.ocx For PUSB Thermal Receipt Printers Vulnerabilities - The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSCheckScanner.ocx for PUSB Thermal Receipt printers, SerialUSB Thermal Receipt printers, Hybrid POS printers with MICR, Value PUSB Receipt printers, and Value Serial/USB Receipt printers
  5. KENT-WEB Arbitrary Code Execution Vulnerabilities - KENT-WEB Joyful Note before 5.3 allows remote attackers to delete files or write to files, and consequently execute arbitrary code, via vectors involving an article.