Friday, February 23, 2024
Home Tools

Tools

The latest hacking and hacker tools. Open source offensive and defensive security tools. Browse interactive maps of offensive security tools used by malicious actors and cybercriminals. Check out some live threat maps and malware intelligence databases.

This will be a curated list of mostly open source hacking tools. These can range from Red Teaming offensive security tools to fuzzers and debuggers for malware analysis. We are always looking for new state of the art tools that can be used for security professionals. Please feel free to send us a tool via email or one of our social media accounts.

Kafka UI 0.7.1 Command Injection

0
Authored by h00die-gr3y, BobTheShopLifter, Thingstad | Site metasploit.com A command injection vulnerability exists in Kafka UI versions 0.4.0 through 0.7.1 that allows an attacker to inject and execute arbitrary shell...

WEBIGniter 28.7.23 Cross Site Scripting

0
Authored by Sagar Banwa WEBIGniter version 28.7.23 suffers from a persistent cross site scripting vulnerability. advisories | CVE-2023-46391 Change Mirror Download # Exploit Title: WEBIGniter v28.7.23 Stored Cross Site Scripting (XSS)# Exploit Author:...

ITFlow Cross Site Request Forgery

0
Authored by stehled | Site wp-pomoc.cz ITFlow versions prior to commit 432488eca3998c5be6b6b9e8f8ba01f54bc12378 suffer from a cross site request forgery vulnerability. advisories | CVE-2024-25344 Change Mirror Download # CVE: CVE-2024-25344# CWE: CWE-352# Vendor: ITFlow.org#...

Fuelflow 1.0 SQL Injection

0
Authored by nu11secur1ty Fuelflow version 1.0 suffers from a remote SQL injection vulnerability. Change Mirror Download ## Title: fuelflow-1.0-Copyright-©-2024-Project-Develop-by-Mayuri-K-Multiple-SQLi## Author: nu11secur1ty## Date: 02/21/24## Vendor: https://www.mayurik.com/## Software: https://www.mayurik.com/source-code/P3584/best-petrol-pump-management-software## Reference: https://portswigger.net/web-security/sql-injection## Description:The email parameter...

WordPress 6.4.3 Username Disclosure

0
Authored by h4shur WordPress versions 6.4.3 and below appear to suffer from a REST API related username disclosure vulnerability. Change Mirror Download # Title: wordpress 6.4.3 - Username Disclosure# Author: h4shur# date:2024-02-21#...

Ivanti Connect Secure Unauthenticated Remote Code Execution

0
Authored by sfewer-r7 | Site metasploit.com This Metasploit module chains a server side request forgery (SSRF) vulnerability (CVE-2024-21893) and a command injection vulnerability (CVE-2024-21887) to exploit vulnerable instances of either...

Yealink Configuration Encrypt Tool Static AES Key

0
Authored by Jeroen J.A.W. Hermans A single, vendorwide, hardcoded AES key in the Yealink Configuration Encrypt Tool used to encrypt provisioning documents was leaked leading to a compromise of confidentiality...

OpenOLAT 18.1.5 Cross Site Scripting / Privilege Escalation

0
Authored by Johannes Volpel, Mike Klostermaier | Site sec-consult.com OpenOLAT versions 18.1.4 and below and versions 18.1.5 and below suffer from multiple persistent cross site scripting vulnerabilities. advisories | CVE-2024-25973, CVE-2024-25974 Change...

Online Library Management System 3 Password Reset

0
Authored by SoSPiro Online Library Management System version 3 suffers from a password reset vulnerability due to a logic flaw of allowing the same email address to be set for...

SureMDM On-Premise CAPTCHA Bypass / User Enumeration

0
Authored by Jonas Benjamin Friedli SureMDM On-Premise versions prior to 6.31 suffer from CAPTCHA bypass and user enumeration vulnerabilities. advisories | CVE-2023-3897 Change Mirror Download # Exploit Title: SureMDM On-premise < 6.31 -...
Error decoding the Instagram API json