Hack Tools/Exploits

Packetstorm Last 10 Files

  1. EMC Documentum Content Server ESA-2014-105 Fail - A vulnerability exists in the EMC Documentum Content Server which allows an authenticated user to elevate privileges, hijack Content Server filesystem, or execute arbitrary commands by creating malicious dm_job objects. Although ESA-2014-105 claimed to remediate this issue, it persists.
  2. Gentoo Linux Security Advisory 201507-02 - Gentoo Linux Security Advisory 201507-2 - Two vulnerabilities have been found in Tor, the worst of which can allow remote attackers to cause a Denial of Service condition. Versions less than 0.2.6.7 are affected.
  3. Debian Security Advisory 3301-1 - Debian Linux Security Advisory 3301-1 - Charlie Smurthwaite of aTech Media discovered a flaw in HAProxy, a fast and reliable load balancing reverse proxy, when HTTP pipelining is used. A client can take advantage of this flaw to cause data corruption and retrieve uninitialized memory contents that exhibit data from a past request or session.
  4. Debian Security Advisory 3300-1 - Debian Linux Security Advisory 3300-1 - Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser. Multiple memory safety errors, use-after-frees and other implementation errors may lead to the execution of arbitrary code or denial of service. This update also addresses a vulnerability in DHE key processing commonly known as the "LogJam" vulnerability.
  5. Ubuntu Security Notice USN-2659-1 - Ubuntu Security Notice 2659-1 - Petr Sklenar discovered that the cups-filters texttopdf filter incorrectly handled line sizes. A remote attacker could use this issue to cause a denial of service, or possibly execute arbitrary code as the lp user.
  6. Ubuntu Security Notice USN-2658-1 - Ubuntu Security Notice 2658-1 - Neal Poole and Tomas Hoger discovered that PHP incorrectly handled NULL bytes in file paths. A remote attacker could possibly use this issue to bypass intended restrictions and create or obtain access to sensitive files. Emmanuel Law discovered that the PHP phar extension incorrectly handled filenames starting with a NULL byte. A remote attacker could use this issue with a crafted tar archive to cause a denial of service. Various other issues were also addressed.
  7. Debian Security Advisory 3299-1 - Debian Linux Security Advisory 3299-1 - Johan Olofsson discovered an authentication bypass vulnerability in Stunnel, a program designed to work as an universal SSL tunnel for network daemons. When Stunnel in server mode is used with the redirect option and certificate-based authentication is enabled with "verify = 2" or higher, then only the initial connection is redirected to the hosts specified with "redirect". This allows a remote attacker to bypass authentication.
  8. Gentoo Linux Security Advisory 201507-01 - Gentoo Linux Security Advisory 201507-1 - Multiple vulnerabilities have been found in chrony, the worst of which can cause arbitrary code execution. Versions less than 1.31.1 are affected.
  9. WordPress StageShow 5.0.8 Open Redirect - WordPress StageShow plugin version 5.0.8 suffers from an open redirection vulnerability.
  10. Telegram API Cross Site Request Forgery - Telegram API suffers from a cross site request forgery vulnerability. Note that this advisory has site-specific information.

Packetstorm Tools

  1. OpenSSH 6.9p1 - This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.
  2. Faraday 1.0.11 - Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
  3. DAVOSET 1.2.5 - DAVOSET is a tool for committing distributed denial of service attacks using execution on other sites.
  4. TRENDnet TEW-818RDU PIN Disclosure - TRENDnet TEW-818RDU versions 1 ("ac1900") and 2 ("ac3200") PIN disclosure exploit.
  5. Htcap Analysis Tool Alpha 0.1 - Htcap is a web application analysis tool for detecting communications between javascript and the server. It crawls the target application and maps ajax calls, dynamically inserted scripts, websockets calls, dynamically loaded resources and some interesting elements. The generated report is meant to be a good starting point for a manual web application security audit. Htcap is written in python and uses phantomjs to load pages injecting a probe that analyzes javascript behaviour. Once injected, the probe, overrides native javascript methods in order to intercept communications and DOM changes. It also simulates user interaction by firing all attached events and by filling html inputs.
  6. AESshell 0.7 - AESshell is a backconnect shell for Windows and Unix written in python and uses AES in CBC mode in conjunction with HMAC-SHA256 for secure transport. Written in python but also includes a Windows binary.
  7. Find DNS Scanner - find_dns is a tool that scans networks looking for DNS servers.
  8. Smalisca 0.2 - Smalisca is a static code analysis tool for Smali files.
  9. Tor-ramdisk i686 UClibc-based Linux Distribution x86 20150616 - Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86_64 version.
  10. Packet Fence 5.2.0 - PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.

Packetstorm Exploits

  1. EMC Documentum Content Server ESA-2014-105 Fail - A vulnerability exists in the EMC Documentum Content Server which allows an authenticated user to elevate privileges, hijack Content Server filesystem, or execute arbitrary commands by creating malicious dm_job objects. Although ESA-2014-105 claimed to remediate this issue, it persists.
  2. WordPress StageShow 5.0.8 Open Redirect - WordPress StageShow plugin version 5.0.8 suffers from an open redirection vulnerability.
  3. Telegram API Cross Site Request Forgery - Telegram API suffers from a cross site request forgery vulnerability. Note that this advisory has site-specific information.
  4. Adobe Flash Player Nellymoser Audio Decoding Buffer Overflow - This Metasploit module exploits a buffer overflow on Adobe Flash Player when handling nellymoser encoded audio inside a FLV video, as exploited in the wild on June 2015. This Metasploit module has been tested successfully on: Windows 7 SP1 (32-bit), IE11 and Adobe Flash 18.0.0.160, Windows 7 SP1 (32-bit), Firefox 38.0.5 and Adobe Flash 18.0.0.160, Windows 8.1, Firefox 38.0.5 and Adobe Flash 18.0.0.160, Linux Mint "Rebecca" (32 bits), Firefox 33.0 and Adobe Flash 11.2.202.466, and Ubuntu 14.04.2 LTS, Firefox 35.01, and Adobe Flash 11.2.202.466. Note that this exploit is effective against both CVE-2015-3113 and the earlier CVE-2015-3043, since CVE-2015-3113 is effectively a regression to the same root cause as CVE-2015-3043.
  5. Soreco AG Xpert.Line 3.0 Authentication Bypass - Soreco AG Xpert.Line version 3.0 suffers from an authentication bypass vulnerability.
  6. BlackCat CMS 1.1.1 Path Traversal - BlackCat CMS version 1.1.1 suffers from a path traversal vulnerability.
  7. Snorby 2.6.2 Cross Site Scripting - Snorby version 2.6.2 suffers from a cross site scripting vulnerability.
  8. ipTIME n104r3 Cross Site Request Forgery / Cross Site Scripting - ipTIME n104r3 suffers from cross site request forgery and cross site scripting vulnerabilities.
  9. WordPress easy2map 1.24 SQL Injection - WordPress easy2map plugin version 1.24 suffers from a remote SQL injection vulnerability.
  10. ipTIME Remote Code Execution - ipTIME firmwares prior to 9.58 version are vulnerable to a remote code execution which gives root privileges.

Securiteam Exploits

  1. WordPress WPML Missing Authentication Vulnerabilities - The WPML plugin before 3.1.9 for WordPress does not properly handle multiple actions in a request, which allows remote attackers to bypass nonce checks and perform arbitrary actions via a request containing an action POST parameter, an action GET parameter, and a valid nonce for the action GET parameter.
  2. XZERES 442SR Wind Turbine Vulnerabilities - Cross-site request forgery (CSRF) vulnerability in XZERES 442SR OS on 442SR wind turbines allows remote attackers to hijack the authentication of admins for requests that modify the default user's password via a GET request.
  3. Adobe Flash Player Type Confusion Remote Code Execution Vulnerabilities - Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion,"
  4. Apple Mac OS X And IOS Multiple Buffer Overflow Vulnerabilities - Multiple buffer overflows in iCloud Keychain in Apple iOS before 8.2 and Apple OS X through 10.10.2 allow man-in-the-middle attackers to execute arbitrary code by modifying the client-server data stream during keychain recovery.
  5. Bsdcpio In Libarchive Absolute Path Traversal Vulnerabilities - Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 and earlier allows remote attackers to write to arbitrary files via a full pathname in an archive