Hack Tools/Exploits


Packetstorm Last 10 Files

  1. OkayCMS 2.3.4 Remote Code Execution - OkayCMS versions 2.3.4 and below suffer from remote code execution vulnerability.
  2. SiteVision 4.x / 5.x Remote Code Execution - SiteVision suffers from an issue where attackers may execute arbitrary code as root on the target server after gaining access to a low-privilege account. All versions of SiteVision 4 until 4.5.6 and all versions of SiteVision 5 until 5.1.1 are vulnerable.
  3. SiteVision 4.x / 5.x Insufficient Module Access Control - SiteVision suffers from an issue where attacker may inject non-authorized module when editing pages using a lower privileged account, which can lead to cross site scripting and remote code execution. All versions of SiteVision 4 until 4.5.6 and all versions of SiteVision 5 until 5.1.1 are vulnerable.
  4. Yachtcontrol 2019-10-06 Remote Code Execution - Yachtcontrol versions dated 2019-10-06 suffer from an unauthenticated remote code execution vulnerability.
  5. Symantec Endpoint Protection Information Disclosure / Privilege Escalation - A malicious application can take advantage of a vulnerability in Symantec Endpoint Protection to leak privileged information and/or execute code with higher privileges, thus taking full control over the affected host. Symantec Endpoint Protection versions 14.x below 14.2 (RU1) and 12.x below 12.1 (RU6 MP10) are affected. Symantec Endpoint Protection Small Business Edition versions 12.x below 12.1 (RU6 MP10c) are affected.
  6. Trend Micro Deep Security Agent 11 Arbitrary File Overwrite - Trend Micro Deep Security Agent 11 suffers from an arbitrary file overwrite vulnerability.
  7. Integard Pro NoJs 2.2.0.9026 Remote Buffer Overflow - Integard Pro NoJs version 2.2.0.9026 suffers from a remote buffer overflow vulnerability.
  8. Verot 2.0.3 Remote Code Execution - Verot version 2.0.3 suffers from a remote code execution vulnerability.
  9. Microsoft Skype For Business DNS Query - Microsoft Skype for Business latest versions affected from external service interaction (DNS) vulnerability. A remote attacker could force the vulnerable server to send DNS request to any remote server attacker wants.
  10. Broadcom CA Privileged Access Manager 2.8.2 Remote Command Execution - Broadcom CA Privileged Access Manager version 2.8.2 suffers from a remote command execution vulnerability.

Packetstorm Tools

  1. Wireshark Analyzer 3.0.7 - Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.
  2. I2P 0.9.44 - I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.
  3. SQLMAP - Automatic SQL Injection Tool 1.3.12 - sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.
  4. Packet Fence 9.2.0 - PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
  5. GNU Privacy Guard 2.2.18 - GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.
  6. Clam AntiVirus Toolkit 0.102.1 - Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command-line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.
  7. Bing.com Hostname / IP Enumerator 1.0 - This tool enumerates hostnames from Bing.com for an IP address. Bing.com is Microsoft's search engine which has an IP: search parameter. Written in Bash for Linux. Requires wget.
  8. cryptmount Filesystem Manager 5.3.2 - cryptmount is a utility for creating and managing secure filing systems on GNU/Linux systems. After initial setup, it allows any user to mount or unmount filesystems on demand, solely by providing the decryption password, with any system devices needed to access the filing system being configured automatically. A wide variety of encryption schemes (provided by the kernel dm-crypt system and the libgcrypt library) can be used to protect both the filesystem and the access key. The protected filing systems can reside in either ordinary files or disk partitions. The package also supports encrypted swap partitions, and automatic configuration on system boot-up.
  9. XSSer Penetration Testing Tool 1.8-2 - XSSer is an open source penetration testing tool that automates the process of detecting and exploiting XSS injections against different applications. It contains several options to try to bypass certain filters, and various special techniques of code injection.
  10. Faraday 3.9.3 - Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.

Packetstorm Exploits

  1. OkayCMS 2.3.4 Remote Code Execution - OkayCMS versions 2.3.4 and below suffer from remote code execution vulnerability.
  2. SiteVision 4.x / 5.x Remote Code Execution - SiteVision suffers from an issue where attackers may execute arbitrary code as root on the target server after gaining access to a low-privilege account. All versions of SiteVision 4 until 4.5.6 and all versions of SiteVision 5 until 5.1.1 are vulnerable.
  3. SiteVision 4.x / 5.x Insufficient Module Access Control - SiteVision suffers from an issue where attacker may inject non-authorized module when editing pages using a lower privileged account, which can lead to cross site scripting and remote code execution. All versions of SiteVision 4 until 4.5.6 and all versions of SiteVision 5 until 5.1.1 are vulnerable.
  4. Yachtcontrol 2019-10-06 Remote Code Execution - Yachtcontrol versions dated 2019-10-06 suffer from an unauthenticated remote code execution vulnerability.
  5. Trend Micro Deep Security Agent 11 Arbitrary File Overwrite - Trend Micro Deep Security Agent 11 suffers from an arbitrary file overwrite vulnerability.
  6. Integard Pro NoJs 2.2.0.9026 Remote Buffer Overflow - Integard Pro NoJs version 2.2.0.9026 suffers from a remote buffer overflow vulnerability.
  7. Verot 2.0.3 Remote Code Execution - Verot version 2.0.3 suffers from a remote code execution vulnerability.
  8. Microsoft Skype For Business DNS Query - Microsoft Skype for Business latest versions affected from external service interaction (DNS) vulnerability. A remote attacker could force the vulnerable server to send DNS request to any remote server attacker wants.
  9. Broadcom CA Privileged Access Manager 2.8.2 Remote Command Execution - Broadcom CA Privileged Access Manager version 2.8.2 suffers from a remote command execution vulnerability.
  10. Qualys Security Advisory - OpenBSD Authentication Bypass / Privilege Escalation - Qualys has discovered that OpenBSD suffers from multiple authentication bypass and local privilege escalation vulnerabilities.

Securiteam Exploits