Hack Tools/Exploits


Packetstorm Last 10 Files

  1. Debian Security Advisory 3608-1 - Debian Linux Security Advisory 3608-1 - Aleksandar Nikolic discovered that missing input sanitising in the RTF parser in Libreoffice may result in the execution of arbitrary code if a malformed documented is opened.
  2. Debian Security Advisory 3609-1 - Debian Linux Security Advisory 3609-1 - Multiple security vulnerabilities have been discovered in the Tomcat servlet and JSP engine, which may result in information disclosure, the bypass of CSRF protections, bypass of the SecurityManager or denial of service.
  3. Red Hat Security Advisory 2016-1374-01 - Red Hat Security Advisory 2016-1374-01 - JBoss Portal Platform provides an integrated open source platform for hosting and serving a portal's web interface, aggregating, publishing, and managing its content, and personalizing its experience. This asynchronous patch is a security update for JGroups package in Red Hat JBoss Portal Platform 6.2. Security Fix: It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks.
  4. Symantec Endpoint Protection 12.1 CSRF / XSS / Open Redirect - Symantec Endpoint Protection Manager and Client version 12.1 suffers from cross site request forgery, cross site scripting, and open redirection vulnerabilities.
  5. WordPress Ultimate Membership Pro 3.3 SQL Injection - WordPress Ultimate Membership Pro plugin version 3.3 suffers from a remote SQL injection vulnerability.
  6. Cuckoo Sandbox Guest 2.0.1 Code Execution - Cuckoo Sandbox Guest versions 2.0.1 and below XMLRPC privilege remote code execution exploit.
  7. Lenovo ThinkPad System Management Mode Arbitrary Code Execution - This code exploits a 0day privilege escalation vulnerability (or possible backdoor) in the SystemSmmRuntimeRt UEFI driver (GUID is 7C79AC 8C-5E6C-4E3D-BA6F-C260EE7C172E) of Lenovo firmware.
  8. Windows 7 SP1 x86 Privilege Escalation - Windows 7 SP1 x86 privilege escalation exploit that leverages the issue documented in MS16-014.
  9. Cisco Security Advisory 20160629-piauthbypass - Cisco Security Advisory - A vulnerability in the application programming interface (API) of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an unauthenticated, remote attacker to access and control the API resources. The vulnerability is due to improper input validation of HTTP requests for unauthenticated URIs. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected URIs. Successful exploitation of this vulnerability could allow the attacker to upload malicious code to the application server or read unauthorized management data, such as credentials of devices managed by Cisco Prime Infrastructure or EPNM. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
  10. Cisco Security Advisory 20160629-cpcpauthbypass - Cisco Security Advisory - A vulnerability in the Lightweight Directory Access Protocol (LDAP) authentication for Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to bypass authentication. The attacker could be granted full administrator privileges. The vulnerability is due to an improper implementation of LDAP authentication. An attacker could exploit this vulnerability by logging into a targeted device that is configured for LDAP authentication. Successful exploitation of this vulnerability could grant the attacker full administrator privileges. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Packetstorm Tools

  1. Blue Team Training Toolkit (BT3) 1.0 - Blue Team Training Toolkit (BT3) is an attempt to introduce improvements in current computer network defense analysis training. Based on adversary replication techniques, and with reusability in mind, BT3 allows individuals and organizations to create realistic computer attack scenarios, while reducing infrastructure costs, implementation time and risk. The Blue Team Training Toolkit is written in Python, and it includes the lastest versions of Encripto's Maligno and Pcapteller.
  2. Mandos Encrypted File System Unattended Reboot Utility 1.7.10 - The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.
  3. Packet Fence 6.1.1 - PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
  4. Mandos Encrypted File System Unattended Reboot Utility 1.7.9 - The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.
  5. Faraday 1.0.21 - Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
  6. Packet Fence 6.1.0 - PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
  7. Mandos Encrypted File System Unattended Reboot Utility 1.7.8 - The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.
  8. Ansvif 1.5.2 - Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.
  9. Suricata IDPE 3.1 - Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.
  10. AIEngine 1.5 - AIEngine is a packet inspection engine with capabilities of learning without any human intervention. It helps network/security professionals to identify traffic and develop signatures for use them on NIDS, Firewalls, Traffic classifiers and so on.

Packetstorm Exploits

  1. Symantec Endpoint Protection 12.1 CSRF / XSS / Open Redirect - Symantec Endpoint Protection Manager and Client version 12.1 suffers from cross site request forgery, cross site scripting, and open redirection vulnerabilities.
  2. WordPress Ultimate Membership Pro 3.3 SQL Injection - WordPress Ultimate Membership Pro plugin version 3.3 suffers from a remote SQL injection vulnerability.
  3. Cuckoo Sandbox Guest 2.0.1 Code Execution - Cuckoo Sandbox Guest versions 2.0.1 and below XMLRPC privilege remote code execution exploit.
  4. Lenovo ThinkPad System Management Mode Arbitrary Code Execution - This code exploits a 0day privilege escalation vulnerability (or possible backdoor) in the SystemSmmRuntimeRt UEFI driver (GUID is 7C79AC 8C-5E6C-4E3D-BA6F-C260EE7C172E) of Lenovo firmware.
  5. Windows 7 SP1 x86 Privilege Escalation - Windows 7 SP1 x86 privilege escalation exploit that leverages the issue documented in MS16-014.
  6. Symantec PowerPoint Misaligned Stream-Cache Buffer Overflow - Symantec suffers from a PowerPoint misaligned stream-cache remote stack buffer overflow vulnerability.
  7. Symantec dec2zip ALPkOldFormatDecompressor::UnShrink Missing Bounds Check - Symantec suffers from a missing bounds checks in dec2zip ALPkOldFormatDecompressor::UnShrink.
  8. Symantec TNEF Decoder Integer Overflow - Symantec suffers from an integer overflow in the TNEF decoder.
  9. Symantec MIME Message Modification Heap Overflow - Symantec attempts to clean or remove components from archives or other multipart containers that they detect as malicious. The code that they use to remove components from MIME encoded messages in CMIMEParser::UpdateHeader() assumes that filenames cannot be longer than 77 characters. This assumption is obviously incorrect, names can be any length, resulting in a very clean heap overflow.
  10. Symantec Antivirus MSPACK Unpacking Memory Corruption - Symantec Antivirus suffers from multiple remote memory corruption issues when unpacking MSPACK archives.

Securiteam Exploits

  1. Claws Mail Missing Range Checks Vulnerabilities - Multiple stack-based buffer overflows in the (1) conv_jistoeuc, (2) conv_euctojis, and (3) conv_sjistoeuc functions in codeconv.c in Claws Mail before 3.13.1 allow remote attackers to have impact via a crafted email, involving Japanese character set conversion.
  2. Erlang/OTP Man In The Middle Information Disclosure Vulnerabilities - Erlang/OTP before 18.0-rc1 does not properly check CBC padding bytes when terminating connections, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack.
  3. Git Heap-Based Buffer Overflow Vulnerabilities - revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based buffer overflow.
  4. Google Chrome Integer Underflow Vulnerabilities - Integer underflow in the ProcessCommandsInternal function in dec/decode.c in Brotli, as used in Google Chrome before 48.0.2564.109, allows remote attackers to cause a denial of service (buffer overflow) or possibly have other impact via crafted data with brotli compression.
  5. Install Of Informix Dynamic Server On Windows Vulnerabilities - The client implementation in IBM Informix Dynamic Server 11.70.xCn on Windows does not properly restrict access to the (1) nsrd, (2) nsrexecd, and (3) portmap executable files, which allows local users to gain privileges via a Trojan horse file.