Hack Tools/Exploits

Packetstorm Last 10 Files

  1. GetSimpleCMS PHP File Upload - This Metasploit module exploits a file upload vulnerability in GetSimple CMS. By abusing the upload.php file, a malicious authenticated user can upload an arbitrary file, including PHP code, which results in arbitrary code execution.
  2. Gentoo Linux Security Advisory 201409-08 - Gentoo Linux Security Advisory 201409-8 - A vulnerability in libxml2 allows a remote attacker to cause Denial of Service. Versions less than 2.9.1-r4 are affected.
  3. Gentoo Linux Security Advisory 201409-07 - Gentoo Linux Security Advisory 201409-7 - A vulnerability in c-icap could result in Denial of Service. Versions less than 0.2.6 are affected.
  4. Gentoo Linux Security Advisory 201409-06 - Gentoo Linux Security Advisory 201409-6 - Multiple vulnerabilities have been found in Chromium, the worst of which can allow remote attackers to cause Denial of Service. Versions less than 37.0.2062.120 are affected.
  5. Gentoo Linux Security Advisory 201409-05 - Gentoo Linux Security Advisory 201409-5 - Multiple vulnerabilities have been found in Adobe Flash Player, the worst of which allows remote attackers to execute arbitrary code. Versions less than 11.2.202.406 are affected.
  6. Apple Security Advisory 2014-09-17-7 - Apple Security Advisory 2014-09-17-7 - Xcode 6.0.1 is now available and addresses a denial of service vulnerability.
  7. Apple Security Advisory 2014-09-17-6 - Apple Security Advisory 2014-09-17-6 - OS X Server 2.2.3 is now available and addresses an arbitrary SQL query execution vulnerability.
  8. Apple Security Advisory 2014-09-17-5 - Apple Security Advisory 2014-09-17-5 - OS X Server 3.2.1 is now available and addresses arbitrary SQL execution, arbitrary javascript execution, and multiple vulnerabilities in PostgreSQL.
  9. Apple Security Advisory 2014-09-17-4 - Apple Security Advisory 2014-09-17-4 - Safari 6.2 and Safari 7.1 are now available and address credential interception, arbitrary code execution, and data browsing vulnerabilities.
  10. Apple Security Advisory 2014-09-17-3 - Apple Security Advisory 2014-09-17-3 - OS X Mavericks 10.9.5 and Security Update 2014-004 are now available and address PHP code execution, Bluetooth API validation, PDF handling, and various other vulnerabilities.

Packetstorm Tools

  1. UFONet 0.3b - UFONet is a tool designed to launch DDoS attacks against a target, using open redirection vectors on third party web applications.
  2. DAWIN - Distributed Audit and Wireless Intrustion Notification - DA-WIN, a wireless IDS, provides an organization a continuous wireless scanning capability that is light touch and simple. It utilizes compact and discreet sensors that can easily be deployed reducing the total cost of protection and simplifying the effort required for absolute, categoric regulatory compliance. This archive includes a dd image to be used on a Raspberry Pi and a user manual.
  3. Project Kakilles 0.3 - Kakilles is a perl script that spawns an HTTP proxy and lets you modify user-agent, content, and cookie headers.
  4. Maligno 1.3 - Maligno is an open source penetration testing tool written in python, that serves Metasploit payloads. It generates shellcode with msfvenom and transmits it over HTTP or HTTPS. The shellcode is encrypted with AES and encoded with Base64 prior to transmission.
  5. PoisonShell PHP Backdoor - PoisonShell is a simple PHP shell that has several options.
  6. Packet Fence 4.4.0 - PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
  7. Lynis Auditing Tool 1.6.1 - Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.
  8. Codetective 0.8 - Codetective is an analysis tool to determine the crypto/encoding algorithm used according to traces of its representation. It can be used as a standalone version or as a volatility plugin for memory analysis. Written in Python.
  9. wtmpclean 0.8.1 - wtmpClean is a tool for Unix which clears a given user from the wtmp database.
  10. Paranoic Scan 1.7 - Paranoic is a simple vulnerability scanner written in Perl.

Packetstorm Exploits

  1. GetSimpleCMS PHP File Upload - This Metasploit module exploits a file upload vulnerability in GetSimple CMS. By abusing the upload.php file, a malicious authenticated user can upload an arbitrary file, including PHP code, which results in arbitrary code execution.
  2. M/Monit 3.2.2 Cross Site Request Forgery - M/Monit versions 3.2.2 and below suffer from multiple cross site request forgery vulnerabilities.
  3. WatchGuard XTM 11.8.3 Cross Site Scripting - WatchGuard XTM version 11.8.3 suffers from a cross site scripting vulnerability.
  4. Netgear Download Center Cross Site Scripting / Open Redirect - downloadcenter.netgear.com suffers from cross site scripting and open redirection vulnerabilities.
  5. Oracle MyOracle Filter Bypass - Oracle's MyOracle allows for malicious script code insertion into outbound emails.
  6. Nokia Asha 501 Lock Bypass - The Nokia Asha platform suffers from a lock code bypass vulnerability that allows for access to call records.
  7. MODX Revolution 2.3.1-pl Cross Site Scripting - MODX Revolution version 2.3.1-pl suffers from a reflective cross site scripting vulnerability.
  8. webEdition 6.3.8.0 Path Traversal - webEdition version 6.3.8.0 suffers from a path traversal vulnerability.
  9. ClassApps SelectSurvey.net 4.124.004 SQL Injection - ClassApps SelectSurvey.net version 4.124.004 suffers from multiple remote SQL injection vulnerabilities.
  10. Livefyre LiveComments 3.0 Cross Site Scripting - Livefyre LiveComments version 3.0 suffers from a persistent cross site scripting vulnerability.

Securiteam Exploits

  1. IBM WebSphere Service Registry And Repository Cross-Site Scripting Vulnerability - Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Service Registry and Repository (WSRR) 6.2, 6.3 before 6.3.0.6, 7.0 before 7.0.0.6, 7.5 before 7.5.0.5, and 8.0 before 8.0.0.3 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
  2. Microsoft Debug Interface Access SDK 'msdia.dll' Memory Corruption Vulnerability - Microsoft Debug Interface Access SDK is prone to a memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the current process. Failed attacks will cause denial-of-service conditions.
  3. Oracle Supply Chain Products Suite 9.3.3.0 Information Disclosure Vulnerability - Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.3.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Security.
  4. Python Commandline Symlink Attack Vulnerability - Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 uses the names of temporary files on the command line, which makes it easier for local users to conduct symlink attacks by listing the processes.
  5. Apache CloudStack Authentication Bypass Vulnerability - Apache CloudStack is prone to a security-bypass vulnerability. Successful exploits will allow attackers to bypass certain security restrictions, which may aid in further attacks.