exploit the possibilities
Showing 1 - 25 of 33 RSS Feed

Files Date: 2021-02-01

Packet Storm New Exploits For January, 2021
Posted Feb 1, 2021
Authored by Todd J. | Site packetstormsecurity.com

This archive contains all of the 231 exploits added to Packet Storm in January, 2021.

tags | exploit
MD5 | c09ffdcad779e862d3bb6da44fbb3b11
Wireshark Analyzer 3.4.3
Posted Feb 1, 2021
Authored by Gerald Combs | Site wireshark.org

Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.

Changes: Many bug fixes have been applied including two fixes for vulnerabilities.
tags | tool, sniffer, protocol
systems | windows, unix
advisories | CVE-2021-22173, CVE-2021-22174
MD5 | 7988932a5e3930fa6035b8f8b584f0d8
AIDE 0.17.1
Posted Feb 1, 2021
Authored by Rami Lehti | Site aide.github.io

AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire(tm). It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determining which files get added to the database. You can use several message digest algorithms to ensure that the files have not been tampered with.

Changes: Fixed typos in log messages and aide.conf man page. Fixed a messaging error and removed a leftover include.
tags | tool, intrusion detection
systems | unix
MD5 | 9b342a313d3b0e7a610868be32becc72
GPG libgcrypt Heap Buffer Overflow
Posted Feb 1, 2021
Authored by Tavis Ormandy, Google Security Research

There is a heap buffer overflow in libgcrypt due to an incorrect assumption in the block buffer management code. Just decrypting some data can overflow a heap buffer with attacker controlled data and no verification or signature is validated before the vulnerability occurs.

tags | exploit, overflow
MD5 | 9a0ae509391275947c719943ee40c587
Ubuntu Security Notice USN-4716-1
Posted Feb 1, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4716-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.23 in Ubuntu 20.04 LTS and Ubuntu 20.10. Ubuntu 16.04 LTS and Ubuntu 18.04 LTS have been updated to MySQL 5.7.33. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2021-2002, CVE-2021-2021, CVE-2021-2032, CVE-2021-2048, CVE-2021-2061, CVE-2021-2076, CVE-2021-2122
MD5 | 232f9df9fd2f512eaa9e63bde6253675
Gentoo Linux Security Advisory 202102-02
Posted Feb 1, 2021
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202102-2 - Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. Versions less than 78.7.0 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2020-15685, CVE-2020-26976, CVE-2021-23953, CVE-2021-23954, CVE-2021-23960, CVE-2021-23964
MD5 | ebc98d5b25ce0c41703e4d2f27db7413
Sudo Buffer Overflow / Privilege Escalation
Posted Feb 1, 2021
Authored by nu11secur1ty, Ventsislav Varbanovski, r4j, cts | Site nu11secur1ty.com

Sudo versions prior to 1.9.5p2 suffer from buffer overflow and privilege escalation vulnerabilities.

tags | exploit, overflow, vulnerability
advisories | CVE-2021-3156
MD5 | c0008b896a425c3f34261956bc495cb7
Kernel Live Patch Security Notice LSN-0074-1
Posted Feb 1, 2021
Authored by Benjamin M. Romer

Elena Petrova discovered that the pin controller device tree implementation in the Linux kernel did not properly handle string references. A local attacker could use this to expose sensitive information (kernel memory). Andy Nguyen discovered that the Bluetooth A2MP implementation in the Linux kernel did not properly initialize memory in some situations. A physically proximate remote attacker could use this to expose sensitive information (kernel memory). Various other issues were also addressed.

tags | advisory, remote, kernel, local
systems | linux
advisories | CVE-2020-0427, CVE-2020-12352, CVE-2020-25645, CVE-2020-28374
MD5 | 6330d3eeacc7aa6e678f919eefeb140b
Park Ticketing Management System 1 SQL Injection
Posted Feb 1, 2021
Authored by Zeyad Azima

Park Ticketing Management System version 1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | d0d5c121468b888a93aeb66c74437799
Red Hat Security Advisory 2021-0319-01
Posted Feb 1, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0319-01 - Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.4.5 on RHEL 7 serves as a replacement for Red Hat Single Sign-On 7.4.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a server-side request forgery vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2020-10770
MD5 | 7e19184c1fb89a4762666157c182fbdf
Roundcube Webmail 1.2 File Disclosure
Posted Feb 1, 2021
Authored by stonepresto

Roundcube Webmail version 1.2 suffers from a file disclosure vulnerability.

tags | exploit, info disclosure
advisories | CVE-2017-16651
MD5 | 54dd50b15366a62edb0ed7b4f25ca1e9
Online Reviewer System 1.0 SQL Injection
Posted Feb 1, 2021
Authored by Richard Jones

Online Reviewer System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
MD5 | 20c3cd4b0de30023d5d5f0aeb1627597
Red Hat Security Advisory 2021-0320-01
Posted Feb 1, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0320-01 - Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.4.5 on RHEL 8 serves as a replacement for Red Hat Single Sign-On 7.4.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a server-side request forgery vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2020-10770
MD5 | f2e307c2f2dc5e0111a10a35e2793a8e
Vehicle Parking Tracker System 1.0 Cross Site Scripting
Posted Feb 1, 2021
Authored by Anmol K Sachan

Vehicle Parking Tracker System version 1.0 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | fe18efa4af11644e0c9dc4d6e8276644
Ubuntu Security Notice USN-4715-1
Posted Feb 1, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4715-1 - Wang Baohua discovered that Django incorrectly extracted archive files. A remote attacker could possibly use this issue to extract files outside of their expected location.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2021-3281
MD5 | 400d566318bb5ab2a7d7f0157ba9981d
Red Hat Security Advisory 2021-0318-01
Posted Feb 1, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0318-01 - Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.4.5 on RHEL 6 serves as a replacement for Red Hat Single Sign-On 7.4.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a server-side request forgery vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2020-10770
MD5 | 0914f7d50b6b71e0ae8fcc6b38297ec1
Malware Hunting 101
Posted Feb 1, 2021
Authored by SunCSR

Whitepaper called Malware Hunting 101. Written in Vietnamese.

tags | paper
MD5 | b494e839cb504d3ad4f845d155647ba4
Online Reviewer System 1.0 SQL Injection / Shell Upload
Posted Feb 1, 2021
Authored by Richard Jones

Online Reviewer System version 1.0 remote shell upload exploit that also leverages a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, shell, sql injection
MD5 | 51109808c0a78c3656ec6d9759f49a77
User Management System 1 SQL Injection
Posted Feb 1, 2021
Authored by Zeyad Azima

User Management System version 1 suffers from a remote authenticated blind SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | a373c5cdacb9b136cd4f1c30404c520b
Red Hat Security Advisory 2021-0317-01
Posted Feb 1, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0317-01 - This is a cumulative patch release zip for the JBoss EAP XP 1.0.4 runtime distribution. Issues addressed include a memory leak vulnerability.

tags | advisory, memory leak
systems | linux, redhat
advisories | CVE-2020-27822
MD5 | 0b1276f81484a6bc90d7620292a454db
MyBB Delete Account 1.4 Cross Site Scripting
Posted Feb 1, 2021
Authored by 0xB9

MyBB Delete Account plugin version 1.4 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | cd806dffeb02e4788423dc2948e7844b
MyBB Trending Widget 1.2 Cross Site Scripting
Posted Feb 1, 2021
Authored by 0xB9

MyBB Trending Widget plugin version 1.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | c1a97ec1461c0790acb78cf9f0564b70
MyBB Thread Redirect 0.2.1 Cross Site Scripting
Posted Feb 1, 2021
Authored by 0xB9

MyBB Thread Redirect plugin version 0.2.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 05e67e18d45785761cd520d48cd42fba
WordPress 5.0.0 Remote Code Execution
Posted Feb 1, 2021
Authored by OUSSAMA Rahali | Site blog.ripstech.com

WordPress versions 5.0.0 and 4.9.8 and below remote code execution exploit that leverages path traversal and file inclusion vulnerabilities.

tags | exploit, remote, vulnerability, code execution, file inclusion
advisories | CVE-2019-8943
MD5 | 87ecab4766942bdc35c24a3b4d93d1dd
Red Hat Security Advisory 2021-0307-01
Posted Feb 1, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0307-01 - Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-21261
MD5 | 857ba634ee43a300313a02074d82881e
Page 1 of 2
Back12Next

File Archive:

February 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    33 Files
  • 2
    Feb 2nd
    30 Files
  • 3
    Feb 3rd
    15 Files
  • 4
    Feb 4th
    8 Files
  • 5
    Feb 5th
    11 Files
  • 6
    Feb 6th
    2 Files
  • 7
    Feb 7th
    1 Files
  • 8
    Feb 8th
    37 Files
  • 9
    Feb 9th
    15 Files
  • 10
    Feb 10th
    11 Files
  • 11
    Feb 11th
    26 Files
  • 12
    Feb 12th
    8 Files
  • 13
    Feb 13th
    1 Files
  • 14
    Feb 14th
    1 Files
  • 15
    Feb 15th
    9 Files
  • 16
    Feb 16th
    33 Files
  • 17
    Feb 17th
    6 Files
  • 18
    Feb 18th
    10 Files
  • 19
    Feb 19th
    20 Files
  • 20
    Feb 20th
    1 Files
  • 21
    Feb 21st
    1 Files
  • 22
    Feb 22nd
    17 Files
  • 23
    Feb 23rd
    15 Files
  • 24
    Feb 24th
    16 Files
  • 25
    Feb 25th
    28 Files
  • 26
    Feb 26th
    25 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close