Hack Tools/Exploits


Packetstorm Last 10 Files

  1. Miele Professional PG 8528 Directory Traversal - The Miele Professional PG 8528 suffers from a directory traversal vulnerability.
  2. Ubuntu Security Notice USN-3239-3 - Ubuntu Security Notice 3239-3 - USN-3239-1 fixed vulnerabilities in the GNU C Library. Unfortunately, the fix for CVE-2016-3706 introduced a regression that in some circumstances prevented IPv6 addresses from resolving. This update reverts the change in Ubuntu 12.04 LTS.
  3. Nuxeo Platform 6.x / 7.x Shell Upload - Nuxeo Platform versions 6.0 (LTS 2014), 7.1, 7.2, and 7.3 suffer from a remote shell upload vulnerability.
  4. EON 5.0 SQL Injection - EON versions 5.0 and below suffer from a remote SQL injection vulnerability.
  5. EON 5.0 Remote Code Execution - EON versions 5.0 and below suffer from a remote code execution vulnerability.
  6. Apple Security Advisory 2017-03-22-2 - Apple Security Advisory 2017-03-22-2 - iTunes for Mac 12.6 is now available and addresses vulnerabilities in expat and SQLite.
  7. Microsoft Windows AppLocker Bypass - Microsoft Windows versions 8 and newer suffer from an AppLocker bypass vulnerability.
  8. wifirxpower Local Buffer Overflow - wifirxpower suffers from local stack-based buffer overflow vulnerability.
  9. Gr8 Tutorial Script SQL Injection - Gr8 Tutorial Script suffers from a remote SQL injection vulnerability.
  10. Gr8 Gallery Script SQL Injection - Gr8 Gallery Script suffers from a remote SQL injection vulnerability.

Packetstorm Tools

  1. rldns 1.1 - rldns is an open source lightweight DNS server for linux, netbsd, freebsd, and openbsd. Runs on x86 and x86_64 architectures.
  2. Lynis Auditing Tool 2.4.7 - Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.
  3. OpenSSH 7.5p1 - This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.
  4. Faraday 2.4.0 - Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
  5. Lynis Auditing Tool 2.4.6 - Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.
  6. rldns 1.0 - rldns is an open source lightweight DNS server for linux, netbsd, freebsd, and openbsd. Runs on x86 and x86_64 architectures.
  7. Stegano 0.6.9 - Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit (LSB) technique. It is possible to use a more advanced LSB method based on integers sets. The sets (Sieve of Eratosthenes, Fermat, Carmichael numbers, etc.) are used to select the pixels used to hide the information.
  8. DAVOSET 1.3 - DAVOSET is a tool for committing distributed denial of service attacks using execution on other sites.
  9. Stegano 0.6.8 - Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit (LSB) technique. It is possible to use a more advanced LSB method based on integers sets. The sets (Sieve of Eratosthenes, Fermat, Carmichael numbers, etc.) are used to select the pixels used to hide the information.
  10. OpenDNSSEC 2.1.0 - OpenDNSSEC is software that manages the security of domain names on the Internet. The project intends to drive adoption of Domain Name System Security Extensions (DNSSEC) to further enhance Internet security.

Packetstorm Exploits

  1. Miele Professional PG 8528 Directory Traversal - The Miele Professional PG 8528 suffers from a directory traversal vulnerability.
  2. Nuxeo Platform 6.x / 7.x Shell Upload - Nuxeo Platform versions 6.0 (LTS 2014), 7.1, 7.2, and 7.3 suffer from a remote shell upload vulnerability.
  3. EON 5.0 SQL Injection - EON versions 5.0 and below suffer from a remote SQL injection vulnerability.
  4. EON 5.0 Remote Code Execution - EON versions 5.0 and below suffer from a remote code execution vulnerability.
  5. wifirxpower Local Buffer Overflow - wifirxpower suffers from local stack-based buffer overflow vulnerability.
  6. Gr8 Tutorial Script SQL Injection - Gr8 Tutorial Script suffers from a remote SQL injection vulnerability.
  7. Gr8 Gallery Script SQL Injection - Gr8 Gallery Script suffers from a remote SQL injection vulnerability.
  8. NETGEAR WNR2000v5 (Un)authenticated hidden_lang_avi Stack Overflow - The NETGEAR WNR2000 router has a buffer overflow vulnerability in the hidden_lang_avi parameter. In order to exploit it, it is necessary to guess the value of a certain timestamp which is in the configuration of the router. An authenticated attacker can simply fetch this from a page, but an unauthenticated attacker has to brute force it. Brute-forcing the timestamp token might take a few minutes, a few hours, or days, but it is guaranteed that it can be brute-forced. This Metasploit module implements both modes, and it works very reliably. It has been tested with the WNR2000v5, firmware versions 1.0.0.34 and 1.0.0.18. It should also work with hardware revisions v4 and v3, but this has not been tested - with these routers it might be necessary to adjust the LibcBase variable as well as the gadget addresses.
  9. LastPass Domain Design Flaw - The LastPass domain regex does not handle data and other pseudo-url schemes.
  10. LastPass FireFox Content Script Loading - LastPass had an issue with websiteConnector.js content script allows proxying internal RPC commands. The fix appears to not work on FireFox.

Securiteam Exploits

  1. Oracle Weblogic Server availability Remote Code Execution Vulnerability - Oracle Weblogic Server it is prone to a remote code-execution vulnerability.This allows a remote attacker to exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts may result in a denial-of-service condition.
  2. Cisco Videoscape Distribution Suite Service Manager 3.0 BaseCross Site Scripting Vulnerability - Cross-site scripting (XSS) vulnerability in Cisco Videoscape Distribution Suite Service Manager (VDS-SM) 3.0 through 3.4.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCva14552.
  3. Adobe Acrobat Classic OS Continuous Denial Of Service Execute Code Overflow Memory corruption Vulnerability - Adobe Acrobat is prone to a local code-execution vulnerability.This allows a local attacker to exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts may result in a denial-of-service condition.
  4. Google Android 7.0 NVIDIA GPU Execute Code Vulnerability - Google Android is prone to a local code-execution vulnerability.This allows a local attacker to exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts may result in a denial-of-service condition
  5. Google Android 7 sensitive Obtain Information Vulnerability - Google Android is prone to a gain information vulnerability. This allows local or remote attackers to gain privileges via a malicious program in the affected application.