Hack Tools/Exploits


Packetstorm Last 10 Files

  1. Ubuntu Security Notice USN-4610-1 - Ubuntu Security Notice 4610-1 - It was discovered that fastd did not properly handle receive buffers under certain circumstances. A remote attacker could possibly use this issue to cause a memory leak, resulting in a denial of service.
  2. Oracle WebLogic Server Remote Code Execution - Oracle WebLogic Server versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0 remote code execution exploit.
  3. Microsoft Edge Information Disclosure / Remote Code Execution - Microsoft Edge suffers from information disclosure and remote code execution vulnerabilities. Affected builds include 85.0.564.83, 85.0.564.86, 85.0.564.70, 86.0.622.38, 86.0.622.43, 86.0.622.48, 86.0.622.51, and 86.0.622.56.
  4. Red Hat Security Advisory 2020-4401-01 - Red Hat Security Advisory 2020-4401-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 6, 7, and 8. Issues addressed include an XML injection vulnerability.
  5. Genexis Platinum-4410 P4410-V2-1.28 Cross Site Request Forgery - Genexis Platinum-4410 version P4410-V2-1.28 suffers from a cross site request forgery vulnerability.
  6. Lot Reservation Management System 1.0 Cross Site Scripting - Lot Reservation Management System version 1.0 suffers from a persistent cross site scripting vulnerability.
  7. Lot Reservation Management System 1.0 SQL Injection - Lot Reservation Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
  8. Icewarp WebMail 11.4.5.0 Cross Site Scripting - Icewarp WebMail version 11.4.5.0 suffers from a cross site scripting vulnerability.
  9. Ubuntu Security Notice USN-4609-1 - Ubuntu Security Notice 4609-1 - Fabian Henneke discovered that GOsa incorrectly handled client cookies. An authenticated user could exploit this with a crafted cookie to perform file deletions in the context of the user account that runs the web server. It was discovered that GOsa incorrectly handled user access control. A remote attacker could use this issue to log into any account with a username containing the word "success". Various other issues were also addressed.
  10. Mailman 2.1.23 Cross Site Scripting - Mailman versions 1.x up through 2.1.23 suffer from a cross site scripting vulnerability.

Packetstorm Tools

  1. Unicorn 1.0.2 - Unicorn is a lightweight multi-platform, multi-architecture CPU emulator framework.
  2. Sifter 10.5f - Sifter is a osint, recon, and vulnerability scanner. It combines a plethora of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the blue vulnerabilities within Microsoft systems and if unpatched, exploits them.
  3. nfstream 6.2.0 - nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python. Additionally, it has the broader goal of becoming a common network data processing framework for researchers providing data reproducibility across experiments.
  4. Sifter 10.4g - Sifter is a osint, recon, and vulnerability scanner. It combines a plethora of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the blue vulnerabilities within Microsoft systems and if unpatched, exploits them.
  5. GRR 3.4.2.4 - GRR Rapid Response is an incident response framework focused on remote live forensics. The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely. GRR consists of 2 parts: client and server. GRR client is deployed on systems that one might want to investigate. On every such system, once deployed, GRR client periodically polls GRR frontend servers for work. "Work" means running a specific action: downloading file, listing a directory, etc. GRR server infrastructure consists of several components (frontends, workers, UI servers) and provides web-based graphical user interface and an API endpoint that allows analysts to schedule actions on clients and view and process collected data.
  6. See-SURF 2.0 - See-SURF is a python-based scanner to find potential SSRF parameters in a web application.
  7. Taken 1.0 - Taken is a script that enables you to actively attempt to take over priorly assigned DNS to a given EC2 instance.
  8. Sifter 10.21g - Sifter is a osint, recon, and vulnerability scanner. It combines a plethora of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the blue vulnerabilities within Microsoft systems and if unpatched, exploits them.
  9. Raptor WAF 0.61 - Raptor is a web application firewall written in C that uses DFA to block SQL injection, cross site scripting, and path traversals.
  10. Nmap Port Scanner 7.91 - Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings.

Packetstorm Exploits

  1. Oracle WebLogic Server Remote Code Execution - Oracle WebLogic Server versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0 remote code execution exploit.
  2. Genexis Platinum-4410 P4410-V2-1.28 Cross Site Request Forgery - Genexis Platinum-4410 version P4410-V2-1.28 suffers from a cross site request forgery vulnerability.
  3. Lot Reservation Management System 1.0 Cross Site Scripting - Lot Reservation Management System version 1.0 suffers from a persistent cross site scripting vulnerability.
  4. Lot Reservation Management System 1.0 SQL Injection - Lot Reservation Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
  5. Icewarp WebMail 11.4.5.0 Cross Site Scripting - Icewarp WebMail version 11.4.5.0 suffers from a cross site scripting vulnerability.
  6. Mailman 2.1.23 Cross Site Scripting - Mailman versions 1.x up through 2.1.23 suffer from a cross site scripting vulnerability.
  7. Point Of Sales 1.0 Cross Site Scripting - Point of Sales version 1.0 suffers from a persistent cross site scripting vulnerability.
  8. Online Examination System 1.0 Cross Site Scripting - Online Examination System version 1.0 suffers from a persistent cross site scripting vulnerability.
  9. FreeType Load_SBit_Png Heap Buffer Overflow - FreeType suffers from a heap buffer overflow vulnerability due to integer truncation in Load_SBit_Png.
  10. Oracle Business Intelligence Enterprise Edition 5.5.0.0.0 / 12.2.1.3.0 / 12.2.1.4.0 LFI - Oracle Business Intelligence Enterprise Edition versions 5.5.0.0.0, 12.2.1.3.0, and 12.2.1.4.0 suffer from local file inclusion and directory traversal vulnerabilities.

Securiteam Exploits