This archive contains all of the 231 exploits added to Packet Storm in January, 2021.
7cd2125f6c4866e1a36f09c05a6dddb980fa02f950983b794f462e761f335527Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.
f467cc77f0fc73fce0b854cdbc292f132d4879fca69d417eccad5f967fbf262bAIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire(tm). It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determining which files get added to the database. You can use several message digest algorithms to ensure that the files have not been tampered with.
a401c951938f1169ceaec868ce3594736e89c5c881578c263d8a824a06b0002dThere is a heap buffer overflow in libgcrypt due to an incorrect assumption in the block buffer management code. Just decrypting some data can overflow a heap buffer with attacker controlled data and no verification or signature is validated before the vulnerability occurs.
116febb937a201a0c4eba25cc3b30fe506befd25359b35fcac75d7c488a642f1Ubuntu Security Notice 4716-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.23 in Ubuntu 20.04 LTS and Ubuntu 20.10. Ubuntu 16.04 LTS and Ubuntu 18.04 LTS have been updated to MySQL 5.7.33. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.
3ed62d3245642529217bb79cf07c6580a1fd5c2cba0cf7edad2b1fede97c7f24Gentoo Linux Security Advisory 202102-2 - Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. Versions less than 78.7.0 are affected.
bbdf99cb54c3b2c1ee68bf31b38cdb8100f6315ad49a138979310d9e5243bb55Sudo versions prior to 1.9.5p2 suffer from buffer overflow and privilege escalation vulnerabilities.
df2faf65c7a84b5633290e4d3a7d6958932b30e7692ccdb236b728a8b89c4678Elena Petrova discovered that the pin controller device tree implementation in the Linux kernel did not properly handle string references. A local attacker could use this to expose sensitive information (kernel memory). Andy Nguyen discovered that the Bluetooth A2MP implementation in the Linux kernel did not properly initialize memory in some situations. A physically proximate remote attacker could use this to expose sensitive information (kernel memory). Various other issues were also addressed.
682e52dd49535c7ff7a41efaf9cdf2164f511e0432317c6e2e9cafb8c2198527Park Ticketing Management System version 1 suffers from a remote SQL injection vulnerability.
0bfc067b3054bbbbb218ec39c7a361ec9ba501f0aef65292e2c25c8beb26fb15Red Hat Security Advisory 2021-0319-01 - Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.4.5 on RHEL 7 serves as a replacement for Red Hat Single Sign-On 7.4.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a server-side request forgery vulnerability.
a55e3e9a66cbc84f03b7bf037fc55dbda7bb8359e914f763ad35ec34d385730fRoundcube Webmail version 1.2 suffers from a file disclosure vulnerability.
3ea9d4b9d2c7673808c4851506092371bb0861ff694274c0cd863aa7631d642eOnline Reviewer System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
186f123ee6c4254ebc697e59e0e4a4c6e92fbdb8571b68ce663456f5b1d0f0efRed Hat Security Advisory 2021-0320-01 - Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.4.5 on RHEL 8 serves as a replacement for Red Hat Single Sign-On 7.4.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a server-side request forgery vulnerability.
ff69e46c55c8c3332d31e76b072d88def9eef6f7c5c3f9f2b75024200000211aVehicle Parking Tracker System version 1.0 suffers from a persistent cross site scripting vulnerability.
a26b9d643d39e43805dc0736db3da52f09a7202ee884a51c1c59ae060de154d9Ubuntu Security Notice 4715-1 - Wang Baohua discovered that Django incorrectly extracted archive files. A remote attacker could possibly use this issue to extract files outside of their expected location.
3c1b2ddbb607d17a935031efc630c2f408994493a1853996df23f8f92e372e62Red Hat Security Advisory 2021-0318-01 - Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.4.5 on RHEL 6 serves as a replacement for Red Hat Single Sign-On 7.4.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a server-side request forgery vulnerability.
687bba15490d210774d47fc4cf86121dd1f3bc5b9e6caef56043b3e963e43244Whitepaper called Malware Hunting 101. Written in Vietnamese.
4c7c6fc0b06cba7e2b4fb8988f1c690f57a0745feb25e07266255d76ec474755Online Reviewer System version 1.0 remote shell upload exploit that also leverages a remote SQL injection vulnerability that allows for authentication bypass.
c27ceecbccfe8bf7fc03cb26477fb8dcd6de73f5604921deb0e4440389300d65User Management System version 1 suffers from a remote authenticated blind SQL injection vulnerability.
95cf921110a313c53a96bfe898fdd250fb38688ec3c0b051d40a6f2fffae1f1dRed Hat Security Advisory 2021-0317-01 - This is a cumulative patch release zip for the JBoss EAP XP 1.0.4 runtime distribution. Issues addressed include a memory leak vulnerability.
d9e69e7b9f28ed76885136cb5c0a2aa281658a80d4a162ff4d320792cb9e50f7MyBB Delete Account plugin version 1.4 suffers from a cross site scripting vulnerability.
da9c98a4f0376ad3a2f6f981575d67668164692bba1d3a848f2e0f67c8cbf18dMyBB Trending Widget plugin version 1.2 suffers from a cross site scripting vulnerability.
465eaf226e298bd3740f808d19bea4982f49d49d0134a451ad334ebec79bc760MyBB Thread Redirect plugin version 0.2.1 suffers from a cross site scripting vulnerability.
1ca021935c54e06e0238791cd6bff3a75ebea809b7706cf200aaaadfcb2d8695WordPress versions 5.0.0 and 4.9.8 and below remote code execution exploit that leverages path traversal and file inclusion vulnerabilities.
bb6f7aee36ddb293349af62bd1858446988f1a4ecb1355fe08c968139063e05aRed Hat Security Advisory 2021-0307-01 - Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux.
88d7bcf1bbc67ce845486499df0172b230e20c04b5b62166c1b883f143280773
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed