exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 33 RSS Feed

Files Date: 2021-02-01

Packet Storm New Exploits For January, 2021
Posted Feb 1, 2021
Authored by Todd J. | Site packetstormsecurity.com

This archive contains all of the 231 exploits added to Packet Storm in January, 2021.

tags | exploit
SHA-256 | 7cd2125f6c4866e1a36f09c05a6dddb980fa02f950983b794f462e761f335527
Wireshark Analyzer 3.4.3
Posted Feb 1, 2021
Authored by Gerald Combs | Site wireshark.org

Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.

Changes: Many bug fixes have been applied including two fixes for vulnerabilities.
tags | tool, sniffer, protocol
systems | windows, unix
advisories | CVE-2021-22173, CVE-2021-22174
SHA-256 | f467cc77f0fc73fce0b854cdbc292f132d4879fca69d417eccad5f967fbf262b
AIDE 0.17.1
Posted Feb 1, 2021
Authored by Rami Lehti | Site aide.github.io

AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire(tm). It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determining which files get added to the database. You can use several message digest algorithms to ensure that the files have not been tampered with.

Changes: Fixed typos in log messages and aide.conf man page. Fixed a messaging error and removed a leftover include.
tags | tool, intrusion detection
systems | unix
SHA-256 | a401c951938f1169ceaec868ce3594736e89c5c881578c263d8a824a06b0002d
GPG libgcrypt Heap Buffer Overflow
Posted Feb 1, 2021
Authored by Tavis Ormandy, Google Security Research

There is a heap buffer overflow in libgcrypt due to an incorrect assumption in the block buffer management code. Just decrypting some data can overflow a heap buffer with attacker controlled data and no verification or signature is validated before the vulnerability occurs.

tags | exploit, overflow
SHA-256 | 116febb937a201a0c4eba25cc3b30fe506befd25359b35fcac75d7c488a642f1
Ubuntu Security Notice USN-4716-1
Posted Feb 1, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4716-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.23 in Ubuntu 20.04 LTS and Ubuntu 20.10. Ubuntu 16.04 LTS and Ubuntu 18.04 LTS have been updated to MySQL 5.7.33. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2021-2002, CVE-2021-2021, CVE-2021-2032, CVE-2021-2048, CVE-2021-2061, CVE-2021-2076, CVE-2021-2122
SHA-256 | 3ed62d3245642529217bb79cf07c6580a1fd5c2cba0cf7edad2b1fede97c7f24
Gentoo Linux Security Advisory 202102-02
Posted Feb 1, 2021
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202102-2 - Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. Versions less than 78.7.0 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2020-15685, CVE-2020-26976, CVE-2021-23953, CVE-2021-23954, CVE-2021-23960, CVE-2021-23964
SHA-256 | bbdf99cb54c3b2c1ee68bf31b38cdb8100f6315ad49a138979310d9e5243bb55
Sudo Buffer Overflow / Privilege Escalation
Posted Feb 1, 2021
Authored by nu11secur1ty, Ventsislav Varbanovski, r4j, cts | Site nu11secur1ty.com

Sudo versions prior to 1.9.5p2 suffer from buffer overflow and privilege escalation vulnerabilities.

tags | exploit, overflow, vulnerability
advisories | CVE-2021-3156
SHA-256 | df2faf65c7a84b5633290e4d3a7d6958932b30e7692ccdb236b728a8b89c4678
Kernel Live Patch Security Notice LSN-0074-1
Posted Feb 1, 2021
Authored by Benjamin M. Romer

Elena Petrova discovered that the pin controller device tree implementation in the Linux kernel did not properly handle string references. A local attacker could use this to expose sensitive information (kernel memory). Andy Nguyen discovered that the Bluetooth A2MP implementation in the Linux kernel did not properly initialize memory in some situations. A physically proximate remote attacker could use this to expose sensitive information (kernel memory). Various other issues were also addressed.

tags | advisory, remote, kernel, local
systems | linux
advisories | CVE-2020-0427, CVE-2020-12352, CVE-2020-25645, CVE-2020-28374
SHA-256 | 682e52dd49535c7ff7a41efaf9cdf2164f511e0432317c6e2e9cafb8c2198527
Park Ticketing Management System 1 SQL Injection
Posted Feb 1, 2021
Authored by Zeyad Azima

Park Ticketing Management System version 1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 0bfc067b3054bbbbb218ec39c7a361ec9ba501f0aef65292e2c25c8beb26fb15
Red Hat Security Advisory 2021-0319-01
Posted Feb 1, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0319-01 - Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.4.5 on RHEL 7 serves as a replacement for Red Hat Single Sign-On 7.4.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a server-side request forgery vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2020-10770
SHA-256 | a55e3e9a66cbc84f03b7bf037fc55dbda7bb8359e914f763ad35ec34d385730f
Roundcube Webmail 1.2 File Disclosure
Posted Feb 1, 2021
Authored by stonepresto

Roundcube Webmail version 1.2 suffers from a file disclosure vulnerability.

tags | exploit, info disclosure
advisories | CVE-2017-16651
SHA-256 | 3ea9d4b9d2c7673808c4851506092371bb0861ff694274c0cd863aa7631d642e
Online Reviewer System 1.0 SQL Injection
Posted Feb 1, 2021
Authored by Richard Jones

Online Reviewer System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
SHA-256 | 186f123ee6c4254ebc697e59e0e4a4c6e92fbdb8571b68ce663456f5b1d0f0ef
Red Hat Security Advisory 2021-0320-01
Posted Feb 1, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0320-01 - Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.4.5 on RHEL 8 serves as a replacement for Red Hat Single Sign-On 7.4.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a server-side request forgery vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2020-10770
SHA-256 | ff69e46c55c8c3332d31e76b072d88def9eef6f7c5c3f9f2b75024200000211a
Vehicle Parking Tracker System 1.0 Cross Site Scripting
Posted Feb 1, 2021
Authored by Anmol K Sachan

Vehicle Parking Tracker System version 1.0 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | a26b9d643d39e43805dc0736db3da52f09a7202ee884a51c1c59ae060de154d9
Ubuntu Security Notice USN-4715-1
Posted Feb 1, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4715-1 - Wang Baohua discovered that Django incorrectly extracted archive files. A remote attacker could possibly use this issue to extract files outside of their expected location.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2021-3281
SHA-256 | 3c1b2ddbb607d17a935031efc630c2f408994493a1853996df23f8f92e372e62
Red Hat Security Advisory 2021-0318-01
Posted Feb 1, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0318-01 - Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.4.5 on RHEL 6 serves as a replacement for Red Hat Single Sign-On 7.4.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a server-side request forgery vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2020-10770
SHA-256 | 687bba15490d210774d47fc4cf86121dd1f3bc5b9e6caef56043b3e963e43244
Malware Hunting 101
Posted Feb 1, 2021
Authored by SunCSR

Whitepaper called Malware Hunting 101. Written in Vietnamese.

tags | paper
SHA-256 | 4c7c6fc0b06cba7e2b4fb8988f1c690f57a0745feb25e07266255d76ec474755
Online Reviewer System 1.0 SQL Injection / Shell Upload
Posted Feb 1, 2021
Authored by Richard Jones

Online Reviewer System version 1.0 remote shell upload exploit that also leverages a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, shell, sql injection
SHA-256 | c27ceecbccfe8bf7fc03cb26477fb8dcd6de73f5604921deb0e4440389300d65
User Management System 1 SQL Injection
Posted Feb 1, 2021
Authored by Zeyad Azima

User Management System version 1 suffers from a remote authenticated blind SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 95cf921110a313c53a96bfe898fdd250fb38688ec3c0b051d40a6f2fffae1f1d
Red Hat Security Advisory 2021-0317-01
Posted Feb 1, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0317-01 - This is a cumulative patch release zip for the JBoss EAP XP 1.0.4 runtime distribution. Issues addressed include a memory leak vulnerability.

tags | advisory, memory leak
systems | linux, redhat
advisories | CVE-2020-27822
SHA-256 | d9e69e7b9f28ed76885136cb5c0a2aa281658a80d4a162ff4d320792cb9e50f7
MyBB Delete Account 1.4 Cross Site Scripting
Posted Feb 1, 2021
Authored by 0xB9

MyBB Delete Account plugin version 1.4 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | da9c98a4f0376ad3a2f6f981575d67668164692bba1d3a848f2e0f67c8cbf18d
MyBB Trending Widget 1.2 Cross Site Scripting
Posted Feb 1, 2021
Authored by 0xB9

MyBB Trending Widget plugin version 1.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 465eaf226e298bd3740f808d19bea4982f49d49d0134a451ad334ebec79bc760
MyBB Thread Redirect 0.2.1 Cross Site Scripting
Posted Feb 1, 2021
Authored by 0xB9

MyBB Thread Redirect plugin version 0.2.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 1ca021935c54e06e0238791cd6bff3a75ebea809b7706cf200aaaadfcb2d8695
WordPress 5.0.0 Remote Code Execution
Posted Feb 1, 2021
Authored by OUSSAMA Rahali | Site blog.ripstech.com

WordPress versions 5.0.0 and 4.9.8 and below remote code execution exploit that leverages path traversal and file inclusion vulnerabilities.

tags | exploit, remote, vulnerability, code execution, file inclusion
advisories | CVE-2019-8943
SHA-256 | bb6f7aee36ddb293349af62bd1858446988f1a4ecb1355fe08c968139063e05a
Red Hat Security Advisory 2021-0307-01
Posted Feb 1, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0307-01 - Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-21261
SHA-256 | 88d7bcf1bbc67ce845486499df0172b230e20c04b5b62166c1b883f143280773
Page 1 of 2
Back12Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close