This archive contains all of the 217 exploits added to Packet Storm in June, 2021.
1d30ff4c0e12874de3a80ea317df99bee8d3f02ac5f3c70290da62e3dd119f24
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs). This is the source code release.
3423189ba455372021ed44e0be576d181f2908cbd9bdef202d9c11c950882e12
Sysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about falco as a mix between snort, ossec and strace.
6a0e257f6ac3aae6fb8e6e57bed718944310361b535e1edf30ef98c1b81106bd
This Metasploit module leverages a flaw in runc to escape a Docker container and get command execution on the host as root. This vulnerability is identified as CVE-2019-5736. It overwrites the runc binary with the payload and waits for someone to use docker exec to get into the container. This will trigger the payload execution. Note that executing this exploit carries important risks regarding the Docker installation integrity on the target and inside the container.
cccb41227aca832e89e9a6f586e66617bdec002e1dded9d5addd44548302edb1
Ubuntu Security Notice 4905-2 - USN-4905-1 fixed a vulnerability in X.Org. This update provides the corresponding update for Ubuntu 14.04 ESM. Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled certain lengths of XInput extension ChangeFeedbackControl requests. An attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
ddaa7cc761396fe87989a4450ee207afb429d851105cc15c59dc39dc67d7f8c1
WordPress XCloner plugin version 4.2.12 authenticated remote code execution exploit.
51efbd3b0d80695da5f2ea6b11516c3016521715f93c6235c7c98b89032ce059
WinWaste.NET version 1.0.6183.16475 allows a local unprivileged user to replace the executable with a malicious file that will be executed with LocalSystem privileges.
f138194908349f8509cd895a66bd8a4e906ecf14ebb462f8a8d1d9c962c5bf2f
Red Hat Security Advisory 2021-2634-01 - Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Issues addressed include a memory exhaustion vulnerability.
9668c4f8a851a0224ba5deda9125f6ae363a60519ca7f0122674ccdb31621dd3
Online Voting System version 1.0 suffers from an authenticated remote code execution vulnerability.
ad066a249fc7358db4436f7838c7d583e02f669e2c5a5ea46faeeedbacec2475
Online Voting System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
fdcc142ece435ec2a2cc183c341b75c34569e278447e6109f020e48d1f9e02ce
Red Hat Security Advisory 2021-2517-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.11.462. Issues addressed include XML injection, cross site request forgery, and denial of service vulnerabilities.
f0cc7cc7453112310b6e9a4cfd6847dd90f4a89758cd89cba7b0719660010c0b
Vianeos OctoPUS version 5 suffers from a remote time-based SQL injection vulnerability.
deffbaffb74f2a7a487cff2d9512642d4c3540e6df4ae7b5237e6534d336298c
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
bdb8a6488b759fe95ceeebf88694df69fbc77cb5b2be1390f21cfe378daef97e