Home Tools Page 273

Tools

The latest hacking and hacker tools. Open source offensive and defensive security tools. Browse interactive maps of offensive security tools used by malicious actors and cybercriminals. Check out some live threat maps and malware intelligence databases.

This will be a curated list of mostly open source hacking tools. These can range from Red Teaming offensive security tools to fuzzers and debuggers for malware analysis. We are always looking for new state of the art tools that can be used for security professionals. Please feel free to send us a tool via email or one of our social media accounts.

PrestaShop 1.7.6.7 Cross Site Scripting

Authored by Priyanka Samak PrestaShop version 1.7.6.7 suffers from a cross site scripting vulnerability via the file upload functionality. advisories | CVE-2020-21967

Xen TLB Flush Bypass

Authored by Jann Horn, Google Security Research Xen's _get_page_type() contains an ABAC cmpxchg() race, where the code incorrectly assumes that if it reads a specific type_info value, and then later...

Chrome PaintImage Deserialization Out-Of-Bounds Read

Authored by Google Security Research, Mark Brand The code in cc::PaintImageReader::Read (cc::PaintImage*) does not properly check the incoming data when handling embedded image data, resulting in an out-of-bounds copy into...

Nginx 1.20.0 Denial Of Service

Authored by Mohammed Alshehri Nginx version 1.20.0 suffers from a denial of service vulnerability. advisories | CVE-2021-23017 Change Mirror Download # Exploit Title: Nginx 1.20.0 - Denial of Service (DOS)# Date: 2022-6-29# Exploit...

Sashimi Evil OctoBot Tentacle

Authored by Samy Younsi, Thomas Knudsen | Site github.com Sashimi Evil OctoBot Tentacle is a python script that exploits a vulnerability that lies in the Tentacles upload functionality of the...

WordPress Visual Slide Box Builder 3.2.9 SQL Injection

Authored by nu11secur1ty WordPress Visual Slide Box Builder plugin version 3.2.9 suffers from a remote SQL injection vulnerability. Change Mirror Download ## Title: WordPress 6.0 - Visual Slide Box Builder 3.2.9 SQLi##...

JBOSS EAP/AS 6.x Remote Code Execution

Authored by Heyder Andrade, Marcio Almeida, Joao Matos | Site metasploit.com An unauthenticated attacker with network access to the JBOSS EAP/AS versions 6.x and below Remoting Unified Invoker interface can...

Windows Kerberos KerbRetrieveEncodedTicketMessage AppContainer Privilege Escalation

Authored by James Forshaw, Google Security Research On Windows 11, the Kerberos SSP's KerbRetrieveEncodedTicketMessage message can be used to get an arbitrary service ticket and session key from an AppContainer...

Mutt mutt_decode_uuencoded() Memory Disclosure

Authored by Tavis Ormandy, Google Security Research In mutt_decode_uuencoded(), the line length is read from the untrusted uuencoded part without validation. This could result in including private memory in replys,...

Windows Kerberos Redirected Logon Buffer Privilege Escalation

Authored by James Forshaw, Google Security Research On Windows, the buffer for redirected logon context does not protect against spoofing resulting in arbitrary code execution in the LSA leading to...