This archive contains all of the 231 exploits added to Packet Storm in January, 2021.
c09ffdcad779e862d3bb6da44fbb3b11
Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.
7988932a5e3930fa6035b8f8b584f0d8
AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire(tm). It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determining which files get added to the database. You can use several message digest algorithms to ensure that the files have not been tampered with.
9b342a313d3b0e7a610868be32becc72
There is a heap buffer overflow in libgcrypt due to an incorrect assumption in the block buffer management code. Just decrypting some data can overflow a heap buffer with attacker controlled data and no verification or signature is validated before the vulnerability occurs.
9a0ae509391275947c719943ee40c587
Ubuntu Security Notice 4716-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.23 in Ubuntu 20.04 LTS and Ubuntu 20.10. Ubuntu 16.04 LTS and Ubuntu 18.04 LTS have been updated to MySQL 5.7.33. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.
232f9df9fd2f512eaa9e63bde6253675
Gentoo Linux Security Advisory 202102-2 - Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. Versions less than 78.7.0 are affected.
ebc98d5b25ce0c41703e4d2f27db7413
Sudo versions prior to 1.9.5p2 suffer from buffer overflow and privilege escalation vulnerabilities.
c0008b896a425c3f34261956bc495cb7
Elena Petrova discovered that the pin controller device tree implementation in the Linux kernel did not properly handle string references. A local attacker could use this to expose sensitive information (kernel memory). Andy Nguyen discovered that the Bluetooth A2MP implementation in the Linux kernel did not properly initialize memory in some situations. A physically proximate remote attacker could use this to expose sensitive information (kernel memory). Various other issues were also addressed.
6330d3eeacc7aa6e678f919eefeb140b
Park Ticketing Management System version 1 suffers from a remote SQL injection vulnerability.
d0d5c121468b888a93aeb66c74437799
Red Hat Security Advisory 2021-0319-01 - Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.4.5 on RHEL 7 serves as a replacement for Red Hat Single Sign-On 7.4.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a server-side request forgery vulnerability.
7e19184c1fb89a4762666157c182fbdf
Roundcube Webmail version 1.2 suffers from a file disclosure vulnerability.
54dd50b15366a62edb0ed7b4f25ca1e9
Online Reviewer System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
20c3cd4b0de30023d5d5f0aeb1627597
Red Hat Security Advisory 2021-0320-01 - Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.4.5 on RHEL 8 serves as a replacement for Red Hat Single Sign-On 7.4.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a server-side request forgery vulnerability.
f2e307c2f2dc5e0111a10a35e2793a8e
Vehicle Parking Tracker System version 1.0 suffers from a persistent cross site scripting vulnerability.
fe18efa4af11644e0c9dc4d6e8276644
Ubuntu Security Notice 4715-1 - Wang Baohua discovered that Django incorrectly extracted archive files. A remote attacker could possibly use this issue to extract files outside of their expected location.
400d566318bb5ab2a7d7f0157ba9981d
Red Hat Security Advisory 2021-0318-01 - Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.4.5 on RHEL 6 serves as a replacement for Red Hat Single Sign-On 7.4.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a server-side request forgery vulnerability.
0914f7d50b6b71e0ae8fcc6b38297ec1
Whitepaper called Malware Hunting 101. Written in Vietnamese.
b494e839cb504d3ad4f845d155647ba4
Online Reviewer System version 1.0 remote shell upload exploit that also leverages a remote SQL injection vulnerability that allows for authentication bypass.
51109808c0a78c3656ec6d9759f49a77
User Management System version 1 suffers from a remote authenticated blind SQL injection vulnerability.
a373c5cdacb9b136cd4f1c30404c520b
Red Hat Security Advisory 2021-0317-01 - This is a cumulative patch release zip for the JBoss EAP XP 1.0.4 runtime distribution. Issues addressed include a memory leak vulnerability.
0b1276f81484a6bc90d7620292a454db
MyBB Delete Account plugin version 1.4 suffers from a cross site scripting vulnerability.
cd806dffeb02e4788423dc2948e7844b
MyBB Trending Widget plugin version 1.2 suffers from a cross site scripting vulnerability.
c1a97ec1461c0790acb78cf9f0564b70
MyBB Thread Redirect plugin version 0.2.1 suffers from a cross site scripting vulnerability.
05e67e18d45785761cd520d48cd42fba
WordPress versions 5.0.0 and 4.9.8 and below remote code execution exploit that leverages path traversal and file inclusion vulnerabilities.
87ecab4766942bdc35c24a3b4d93d1dd
Red Hat Security Advisory 2021-0307-01 - Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux.
857ba634ee43a300313a02074d82881e