This archive contains all of the 189 exploits added to Packet Storm in February, 2021.
eec06bab2a2731c58940811e1b9d902dc51e2e33472cf7d6224e696049cdb303
Red Hat Security Advisory 2021-0671-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Issues addressed include a buffer overflow vulnerability.
1d23c4e4f2758de7aaa84c8dba3edacae62fd96882dd870d90605511073800e1
Google's American Fuzzy Lop is a brute-force fuzzer coupled with an exceedingly simple but rock-solid instrumentation-guided genetic algorithm. afl++ is a superior fork to Google's afl. It has more speed, more and better mutations, more and better instrumentation, custom module support, etc.
162148cb689565aa3facf63edacf85555fe2403151a0c65479ee9303639bb7f8
Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
580226c1a76ccecf504a09e1ec5e92234e3dfd26d0242401c414f08073b8faea
This Metasploit module exploits an unauthenticated arbitrary file upload via an insecure POST request to Fortilogger. It has been tested on version 4.4.2.2 in Windows 10 Enterprise.
971cb73286c116af5ac4963ebdfc76a9c041ad0cc83639cbcc0c74e784971471
Concrete5 version 8.5.4 suffers from a persistent cross site scripting vulnerability.
ac19392af3a74934edad1a97ba2e0362afa7cc9ca0161dbd106631cf67d66b6b
Red Hat Security Advisory 2021-0672-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Issues addressed include a buffer overflow vulnerability.
b7f20f6de38f3b42806b6f5cda045c86a233bccd35d0412cd67cd3e3f57460a4
Trojan-Spy.Win32.Stealer.osh malware suffers from an insecure permissions vulnerability.
d80ccaf54b800a91c40ce85d06189cb291b54b037cf18a227ca159bda3cd3e62
Online Catering Reservation System version 1.0 suffers from an unauthenticated remote code execution vulnerability.
a0a4cddbd2ffd5b07cd91a4037e9f8a71130249b611cfbfd1cc3a91d8b3da4c2
Genua GenuGate High Resistance Firewall versions prior to 10.1 p4, 9.6 p7, and 9.0 Z p19 suffer from an authentication bypass vulnerability.
641799a20f14a534fe3b512213475065884772c8836ce0753bf88afc37aa5ea8
Red Hat Security Advisory 2021-0681-01 - The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes.
eb7c29c07fa46e239a92b7ee519e9f98248907b70be7e71d60c2c42a00ef9883
Red Hat Security Advisory 2021-0670-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Issues addressed include a buffer overflow vulnerability.
d2eb04c5f1d2aa8e6342acc20bf9360a544ec363b28ca2175836a4f2414177ee
Covid-19 Contact Tracing System version 1.0 suffers from a remote code execution vulnerability.
278525b50c4bd28a56257e6c7cdc3733fb9e864dae0b4e3e4d77473f61c14d90
Code16 is a compilation of notes from research performed by Cody16. This issue discusses hunting zero days and NagiosXI version 5.8.1.
9d08170ca7e8368c7ed6054ce28231b1a7a290e48949e6483a5248bac54fd78d
Code16 is a compilation of notes from research performed by Cody16. This issue discusses spelunking routers and learning rust.
0224af1974f4d7cd636ca5d5c883b0d52174f1800ca47ba4a1ba4146652613d8
VMware vCenter Server version 7.0 unauthenticated arbitrary file upload exploit.
799c1c46954c9683e557c8e1a417d133206fb6622b8109abd3fd919820dc39a2
Red Hat Security Advisory 2021-0663-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically.
2f8918d6731c8c968757500f7666f71aa88939aa60aa9e8c59ab8798ab503f93
Red Hat Security Advisory 2021-0669-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Issues addressed include a buffer overflow vulnerability.
67e663a58b935ad770a30ce931e227cdbfa6bbb0b523b99932fbe9e9f065ffa4
Backdoor.Win32.RemoteManipulator.fdo malware suffers from an insecure permissions vulnerability.
f03b984afd871be05dd70256a7ef70a8107c5b1d226619887279108cf6fc9994