Red Hat Security Advisory 2021-0671-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Issues addressed include a buffer overflow vulnerability.

Google's American Fuzzy Lop is a brute-force fuzzer coupled with an exceedingly simple but rock-solid instrumentation-guided genetic algorithm. afl++ is a superior fork to Google's afl. It has more speed, more and better mutations, more and better instrumentation, custom module support, etc.

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.

This Metasploit module exploits an unauthenticated arbitrary file upload via an insecure POST request to Fortilogger. It has been tested on version 4.4.2.2 in Windows 10 Enterprise.

Concrete5 version 8.5.4 suffers from a persistent cross site scripting vulnerability.

Red Hat Security Advisory 2021-0672-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Issues addressed include a buffer overflow vulnerability.

Trojan-Spy.Win32.Stealer.osh malware suffers from an insecure permissions vulnerability.

Online Catering Reservation System version 1.0 suffers from an unauthenticated remote code execution vulnerability.

Genua GenuGate High Resistance Firewall versions prior to 10.1 p4, 9.6 p7, and 9.0 Z p19 suffer from an authentication bypass vulnerability.

Red Hat Security Advisory 2021-0681-01 - The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes.

Red Hat Security Advisory 2021-0670-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Issues addressed include a buffer overflow vulnerability.

Covid-19 Contact Tracing System version 1.0 suffers from a remote code execution vulnerability.

Code16 is a compilation of notes from research performed by Cody16. This issue discusses hunting zero days and NagiosXI version 5.8.1.

Code16 is a compilation of notes from research performed by Cody16. This issue discusses spelunking routers and learning rust.

VMware vCenter Server version 7.0 unauthenticated arbitrary file upload exploit.

Red Hat Security Advisory 2021-0663-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically.

Red Hat Security Advisory 2021-0669-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Issues addressed include a buffer overflow vulnerability.

Backdoor.Win32.RemoteManipulator.fdo malware suffers from an insecure permissions vulnerability.

WiFi Mouse version 1.7.8.5 suffers from a remote code execution vulnerability.

This whitepaper provides an overview of Autopsy, the graphical interface for the Sleuthkit.

Package Control suffers from an arbitrary file write vulnerability.

Microsoft DirectWrite suffers from a heap-based buffer overflow vulnerability in fsg_ExecuteGlyph while processing variable TTF fonts.

Chrome suffers from an out-of-bounds read vulnerability in network DataElement struct traits.

Ubuntu Security Notice 4754-2 - USN-4754-1 fixed a vulnerability in Python. The fix for CVE-2021-3177 introduced a regression in Python 2.7. This update reverts the security fix pending further investigation. It was discovered that Python incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service.