Hack Tools/Exploits


Packetstorm Last 10 Files

  1. Drupal Drupalgeddon 2 Forms API Property Injection - This Metasploit module exploits a Drupal property injection in the Forms API. Drupal versions 6.x, less than 7.58, 8.2.x, less than 8.3.9, less than 8.4.6, and less than 8.5.1 are vulnerable.
  2. GitList 0.6 Remote Code Execution - GitList version 0.6 unauthenticated remote code execution exploit.
  3. Red Hat Security Advisory 2018-1254-01 - Red Hat Security Advisory 2018-1254-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs. The following packages have been upgraded to a later upstream version: rh-mysql56-mysql. Issues addressed include a ridiculous amount of unspecified vulnerabilities.
  4. Red Hat Security Advisory 2018-1252-01 - Red Hat Security Advisory 2018-1252-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed relate to speculative execution.
  5. Google Chrome V8 AwaitedPromise Update Bug - Google Chrome V8 Await methods call ResolveNativePromise which calls InternalResolvePromise which can invoke a user JavaScript code through a "then" getter. If the AwaitedPromise is replaced by the user script, the AwaitedPromise will be immediately overwritten after the call to Await, this may lead the generator to an incorrect state.
  6. Debian Security Advisory 4180-1 - Debian Linux Security Advisory 4180-1 - A remote code execution vulnerability has been found in Drupal, a fully-featured content management framework.
  7. Red Hat Security Advisory 2018-1251-01 - Red Hat Security Advisory 2018-1251-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 7.1.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution and traversal vulnerabilities.
  8. HRSALE The Ultimate HRM 1.0.2 Cross Site Scripting - HRSALE The Ultimate HRM version 1.0.2 suffers from a cross site scripting vulnerability.
  9. HRSALE The Ultimate HRM 1.0.2 Local File Inclusion - HRSALE The Ultimate HRM version 1.0.2 suffers from a local file inclusion vulnerability.
  10. Oracle Outside In Technology 8.5.3 Use-After-Free - Secunia Research has discovered a vulnerability in Oracle Outside In Technology, which can be exploited by malicious people to compromise a vulnerable system. Version 8.5.3 is affected.

Packetstorm Tools

  1. Wireshark Analyzer 2.6.0 - Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.
  2. Falco 0.10.0 - Sysdig falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about falco as a mix between snort, ossec and strace.
  3. BadParser 1.6.42218.0 - BadParser is a vulnerability parser designed to aid in the testing of fuzzers by simulating different kinds of memory corruption issues. Vulnerabilities are simulated by causing write-access violations at specific addresses, which serve as unique identifiers for the different issues. BadParser supports JSON and XML input files, with other file formats planned.
  4. Linux Exploit Suggester 0.9 - Linux Exploit Suggester is a tool to help identify possible privilege escalation attack vectors on target Linux machine by suggesting possible exploits.
  5. Stegano 0.8.5 - Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit (LSB) technique. It is possible to use a more advanced LSB method based on integers sets. The sets (Sieve of Eratosthenes, Fermat, Carmichael numbers, etc.) are used to select the pixels used to hide the information.
  6. Ansvif 1.9.1 - Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.
  7. OpenStego Free Steganography Solution 0.7.3 - OpenStego is a tool implemented in Java for generic steganography, with support for password-based encryption of the data. It supports plugins for various steganographic algorithms (currently, only Least Significant Bit algorithm is supported for images).
  8. Ansvif 1.9 - Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.
  9. Aircrack-ng Wireless Network Tools 1.2 - aircrack-ng is a set of tools for auditing wireless networks. It's an enhanced/reborn version of aircrack. It consists of airodump (an 802.11 packet capture program), aireplay (an 802.11 packet injection program), aircrack (static WEP and WPA-PSK cracking), airdecap (decrypts WEP/WPA capture files), and some tools to handle capture files (merge, convert, etc.).
  10. TestSSL 2.9.5-5 - testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.

Packetstorm Exploits

  1. Drupal Drupalgeddon 2 Forms API Property Injection - This Metasploit module exploits a Drupal property injection in the Forms API. Drupal versions 6.x, less than 7.58, 8.2.x, less than 8.3.9, less than 8.4.6, and less than 8.5.1 are vulnerable.
  2. GitList 0.6 Remote Code Execution - GitList version 0.6 unauthenticated remote code execution exploit.
  3. Google Chrome V8 AwaitedPromise Update Bug - Google Chrome V8 Await methods call ResolveNativePromise which calls InternalResolvePromise which can invoke a user JavaScript code through a "then" getter. If the AwaitedPromise is replaced by the user script, the AwaitedPromise will be immediately overwritten after the call to Await, this may lead the generator to an incorrect state.
  4. HRSALE The Ultimate HRM 1.0.2 Cross Site Scripting - HRSALE The Ultimate HRM version 1.0.2 suffers from a cross site scripting vulnerability.
  5. HRSALE The Ultimate HRM 1.0.2 Local File Inclusion - HRSALE The Ultimate HRM version 1.0.2 suffers from a local file inclusion vulnerability.
  6. Drupal drupgeddon3 Remote Code Execution - This is a simple proof of concept exploit for Drupal versions prior to 7.58 that demonstrate the drupalgeddon3 authenticated remote code execution vulnerability.
  7. Jfrog Artifactory Code Execution / Shell Upload - Jfrog Artifactory versions prior to 4.16 suffer from unauthenticated arbitrary file upload and remote command execution vulnerabilities.
  8. WordPress WP With Spritz 1.0 File Inclusion - WordPress WP with Spritz plugin version 1.0 suffers from local and remote file inclusion vulnerabilities.
  9. SickRage Credential Disclosure - SickRage versions prior to 2018.03.09 return clear-text credentials in HTTP responses.
  10. October CMS User 1.4.5 Cross Site Scripting - October CMS User plugin version 1.4.5 suffers from a persistent cross site scripting vulnerability.

Securiteam Exploits

  1. Zziplib 0.13.62 discovered Denial Of Service Vulnerability - The zzip_mem_entry_extra_block function in memdisk.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted ZIP file.
  2. Oracle Advanced Outbound Telephony component unauthorized Remote Code Execution Vulnerability - Oracle Advanced Outbound Telephony is prone to a remote code-execution vulnerability.This allows a remote attacker to exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts may result in a denial-of-service condition.
  3. Oracle Flexcube Universal Banking 11.3.0 update Remote Code Execution Vulnerability - A local user can exploit a flaw in the Oracle FLEXCUBE Universal Banking Core component to partially access and partially modify data
  4. Oracle Knowledge Management 12.1.3 critical Remote Code Execution Vulnerability - Oracle Knowledge Management is prone to a remote code-execution vulnerability.This allows a remote attacker to exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts may result in a denial-of-service condition.
  5. Oracle Marketing 12.1.1 critical Remote Code Execution Vulnerability - Oracle Marketing is prone to a remote code-execution vulnerability.This allows a remote attacker to exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts may result in a denial-of-service condition.