Hack Tools/Exploits


Packetstorm Last 10 Files

  1. WSO2 Identity Server 5.3.0 Cross Site Scripting - WSO2 Identity Sever version 5.3.0 suffers from multiple persistent cross site scripting vulnerabilities.
  2. Red Hat Security Advisory 2018-1213-02 - Red Hat Security Advisory 2018-1213-02 - The python-paramiko package provides a Python module that implements the SSH2 protocol for encrypted and authenticated connections to remote machines. Unlike SSL, the SSH2 protocol does not require hierarchical certificates signed by a powerful central authority. The protocol also includes the ability to open arbitrary channels to remote services across an encrypted tunnel. Issues addressed include a bypass vulnerability.
  3. Ubuntu Security Notice USN-3633-1 - Ubuntu Security Notice 3633-1 - Jann Horn discovered that the Berkeley Packet Filter implementation in the Linux kernel improperly performed sign extension in some situations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
  4. Ubuntu Security Notice USN-3632-1 - Ubuntu Security Notice 3632-1 - It was discovered that a race condition leading to a use-after-free vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the KVM implementation in the Linux kernel allowed passthrough of the diagnostic I/O port 0x80. An attacker in a guest VM could use this to cause a denial of service in the host OS. Various other issues were also addressed.
  5. Ubuntu Security Notice USN-3631-2 - Ubuntu Security Notice 3631-2 - USN-3631-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that a buffer overread vulnerability existed in the keyring subsystem of the Linux kernel. A local attacker could possibly use this to expose sensitive information. Various other issues were also addressed.
  6. Ubuntu Security Notice USN-3631-1 - Ubuntu Security Notice 3631-1 - It was discovered that a buffer overread vulnerability existed in the keyring subsystem of the Linux kernel. A local attacker could possibly use this to expose sensitive information. It was discovered that the DM04/QQBOX USB driver in the Linux kernel did not properly handle device attachment and warm-start. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
  7. Ubuntu Security Notice USN-3630-2 - Ubuntu Security Notice 3630-2 - USN-3630-1 fixed a vulnerability in the Linux kernel for Ubuntu 17.10. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS. It was discovered that the Broadcom UniMAC MDIO bus controller driver in the Linux kernel did not properly validate device resources. A local attacker could use this to cause a denial of service.
  8. Ubuntu Security Notice USN-3630-1 - Ubuntu Security Notice 3630-1 - It was discovered that the Broadcom UniMAC MDIO bus controller driver in the Linux kernel did not properly validate device resources. A local attacker could use this to cause a denial of service.
  9. Gentoo Linux Security Advisory 201804-22 - Gentoo Linux Security Advisory 201804-22 - Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the execution of arbitrary code. Versions less than 66.0.3359.117 are affected.
  10. Ubuntu Security Notice USN-3629-1 - Ubuntu Security Notice 3629-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.60 in Ubuntu 14.04 LTS. Ubuntu 16.04 LTS, and Ubuntu 17.10 have been updated to MySQL 5.7.22. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.

Packetstorm Tools

  1. BadParser 1.6.42218.0 - BadParser is a vulnerability parser designed to aid in the testing of fuzzers by simulating different kinds of memory corruption issues. Vulnerabilities are simulated by causing write-access violations at specific addresses, which serve as unique identifiers for the different issues. BadParser supports JSON and XML input files, with other file formats planned.
  2. Stegano 0.8.5 - Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit (LSB) technique. It is possible to use a more advanced LSB method based on integers sets. The sets (Sieve of Eratosthenes, Fermat, Carmichael numbers, etc.) are used to select the pixels used to hide the information.
  3. Ansvif 1.9.1 - Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.
  4. OpenStego Free Steganography Solution 0.7.3 - OpenStego is a tool implemented in Java for generic steganography, with support for password-based encryption of the data. It supports plugins for various steganographic algorithms (currently, only Least Significant Bit algorithm is supported for images).
  5. Ansvif 1.9 - Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.
  6. Aircrack-ng Wireless Network Tools 1.2 - aircrack-ng is a set of tools for auditing wireless networks. It's an enhanced/reborn version of aircrack. It consists of airodump (an 802.11 packet capture program), aireplay (an 802.11 packet injection program), aircrack (static WEP and WPA-PSK cracking), airdecap (decrypts WEP/WPA capture files), and some tools to handle capture files (merge, convert, etc.).
  7. TestSSL 2.9.5-5 - testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.
  8. XSSer Penetration Testing Tool 1.7-2 - XSSer is an open source penetration testing tool that automates the process of detecting and exploiting XSS injections against different applications. It contains several options to try to bypass certain filters, and various special techniques of code injection.
  9. Clam AntiVirus Toolkit 0.100.0 - Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.
  10. GNU Privacy Guard 2.2.6 - GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.

Packetstorm Exploits

  1. WSO2 Identity Server 5.3.0 Cross Site Scripting - WSO2 Identity Sever version 5.3.0 suffers from multiple persistent cross site scripting vulnerabilities.
  2. MyBB Threads To Link 1.3 Cross Site Scripting - MyBB Threads to Link plugin version 1.3 suffers from a cross site scripting vulnerability.
  3. Kaspersky KSN Remote Code Execution - Kaspersky KSN suffers from a remote code execution vulnerability.
  4. WordPress WD Instagram Feed Premium 1.3.0 Cross Site Scripting - WordPress WD Instagram Feed version 1.3.0 suffers from multiple cross site scripting vulnerabilities.
  5. phpMyAdmin Cross Site Request Forgery - phpMyAdmin versions 4.8.0 prior to 4.8.0-1 suffer from a cross site request forgery vulnerability.
  6. Apache CouchDB 1.7.0 / 2.x Remote Privilege Escalation - Apache CouchDB versions 1.7.0 and 2.x before 2.1.1 suffer from a remote privilege escalation vulnerability.
  7. Ncomputing vSPace Pro 10 / 11 Directory Traversal - Ncomputing vSpace Pro versions 10 and 11 suffer from a directory traversal vulnerability.
  8. Monstra CMS 3.0.4 Cross Site Scripting - Monstra CMS version 3.0.4 suffers from a persistent cross site scripting vulnerability.
  9. PRTG 18.1.39.1648 Stack Overflow - PRTG version 18.1.39.1648 suffers from a stack overflow vulnerability.
  10. Adobe Flash Blur Filtering Out-Of-Bounds Write - Adobe Flash suffers from a blur filtering out of bounds write vulnerability.

Securiteam Exploits

  1. Zziplib 0.13.62 discovered Denial Of Service Vulnerability - The zzip_mem_entry_extra_block function in memdisk.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted ZIP file.
  2. Oracle Advanced Outbound Telephony component unauthorized Remote Code Execution Vulnerability - Oracle Advanced Outbound Telephony is prone to a remote code-execution vulnerability.This allows a remote attacker to exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts may result in a denial-of-service condition.
  3. Oracle Flexcube Universal Banking 11.3.0 update Remote Code Execution Vulnerability - A local user can exploit a flaw in the Oracle FLEXCUBE Universal Banking Core component to partially access and partially modify data
  4. Oracle Knowledge Management 12.1.3 critical Remote Code Execution Vulnerability - Oracle Knowledge Management is prone to a remote code-execution vulnerability.This allows a remote attacker to exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts may result in a denial-of-service condition.
  5. Oracle Marketing 12.1.1 critical Remote Code Execution Vulnerability - Oracle Marketing is prone to a remote code-execution vulnerability.This allows a remote attacker to exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts may result in a denial-of-service condition.