Home / Exploit




  • 27 May 2017: Octopus Deploy Authenticated Code Execution - Files ≈ Packet Storm
    This Metasploit module can be used to execute a payload on an Octopus Deploy server given valid credentials or an API key. The payload is executed as a powershell script step on the Octopus Deploy server during a deployment.
  • 27 May 2017: Packet Fence 7.0.2 - Files ≈ Packet Storm
    PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
  • 27 May 2017: Samba is_known_pipename() Arbitrary Module Load - Files ≈ Packet Storm
    This Metasploit module triggers an arbitrary shared library load vulnerability in Samba versions 3.5.0 to 4.4.14, 4.5.10, and 4.6.4. This Metasploit module requires valid credentials, a writeable folder in an accessible share, and knowledge of the server-side path of the writeable folder. In some cases, anonymous access combined with common filesystem locations can be used to automatically exploit this vulnerability.
  • 27 May 2017: Faraday 2.5.0 - Files ≈ Packet Storm
    Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
  • 27 May 2017: WebKitGTK+ Code Execution / DoS / UXSS - Files ≈ Packet Storm
    WebKitGTK+ suffers from code execution, denial of service, memory corruption, and various other vulnerabilities.
  • 27 May 2017: JAD Java Decompiler 1.5.8e Buffer Overflow - Files ≈ Packet Storm
    JAD Java Decompiler version 1.5.8e suffers from a local buffer overflow vulnerability.
  • 27 May 2017: WordPress AffiliateWP 2.0.8 Cross Site Scripting - Files ≈ Packet Storm
    WordPress AffiliateWP plugin versions 2.0.8 and below suffer from a cross site scripting vulnerability.
  • 27 May 2017: WordPress Huge-IT Video Gallery 2.0.4 SQL Injection - Files ≈ Packet Storm
    WordPress Huge-IT Video Gallery plugin version 2.0.4 suffers from a remote SQL injection vulnerability.
  • 27 May 2017: WordPress All In One Schema.org Rich Snippets 1.4.1 XSS - Files ≈ Packet Storm
    WordPress All In One Schema.org Rich Snippets plugin versions 1.4.1 and below suffer from a cross site scripting vulnerability.
  • 27 May 2017: Aries QWR-1104 Wireless-N Cross Site Scripting - Files ≈ Packet Storm
    Aries QWR-1104 Wireless-N router suffers from a cross site scripting vulnerability.
  • 27 May 2017: OpenSSL Toolkit 1.0.2l - Files ≈ Packet Storm
    OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.
  • 27 May 2017: Microsoft Security Bulletin CVE Update For May, 2017 - Files ≈ Packet Storm
    This bulletin summary lists multiple CVE additions for the May, 2017 security bulletin release.
  • 27 May 2017: Microsoft MsMpEng Denial Of Service - Files ≈ Packet Storm
    Through fuzzing, a number of ways to crash the Microsoft MsMpEng service has been been discovered.
  • 27 May 2017: SambaCry Exploit / Vulnerable Container - Files ≈ Packet Storm
    This repo from github contains a SambaCry exploit and vulnerable container.
  • 27 May 2017: WordPress Social-Stream 1.6.0 Twitter API Secret Disclosure - Files ≈ Packet Storm
    WordPress Social-Stream versions 1.6.0 and below suffer from a Twitter API OAuth secret disclosure vulnerability.