{"vulnerability": "CVE-2021-3939", "sightings": [{"uuid": "b03aa41d-696e-4dd2-9dc9-105d14a4df31", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39393", "type": "seen", "source": "https://t.me/cibsecurity/48852", "content": "\u203c CVE-2021-39393 \u203c\n\nmm-wiki v0.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the markdown editor.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-26T16:30:02.000000Z"}, {"uuid": "083dfa46-88d1-4aca-a8a7-35c7e6e38d32", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3939", "type": "published-proof-of-concept", "source": "https://t.me/hacker_trick/549", "content": "#CVE-2021-3939 #ubuntu #accountsservice\npoc\nhttps://github.com/github/securitylab/tree/b36e194556f956c3ec63bf9d8af454c8f620f33a/SecurityExploits/Ubuntu/accountsservice_CVE-2021-3939\n\nGetting root on Ubuntu through wishful thinking\nhttps://securitylab.github.com/research/ubuntu-accountsservice-CVE-2021-3939", "creation_timestamp": "2021-12-14T12:40:13.000000Z"}, {"uuid": "c50a1d6e-3631-4e07-861f-d3b7e220f35e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39394", "type": "seen", "source": "https://t.me/cibsecurity/48856", "content": "\u203c CVE-2021-39394 \u203c\n\nmm-wiki v0.2.1 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add user accounts and modify user information.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-26T16:30:11.000000Z"}, {"uuid": "e7da5bcc-02f6-492a-9871-279a5bbce389", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3939", "type": "seen", "source": "https://t.me/cibsecurity/32497", "content": "\u203c CVE-2021-3939 \u203c\n\nUbuntu-specific modifications to accountsservice (in patch file debian/patches/0010-set-language.patch) caused the fallback_locale variable, pointing to static storage, to be freed, in the user_change_language_authorized_cb function. This is reachable via the SetLanguage dbus function. This is fixed in versions 0.6.55-0ubuntu12~20.04.5, 0.6.55-0ubuntu13.3, 0.6.55-0ubuntu14.1.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-17T16:26:43.000000Z"}, {"uuid": "621342d2-6b12-4542-bcd9-5f001756694a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39390", "type": "seen", "source": "https://t.me/cibsecurity/41806", "content": "\u203c CVE-2021-39390 \u203c\n\nStored XSS in PartKeepr 1.4.0 Edit section in multiple api endpoints via name parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-04T14:44:11.000000Z"}, {"uuid": "41ba7d68-952a-413e-a596-e46934bd0163", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39392", "type": "seen", "source": "https://t.me/cibsecurity/28926", "content": "\u203c CVE-2021-39392 \u203c\n\nThe management tool in MyLittleBackup up to and including 1.7 allows remote attackers to execute arbitrary code because machineKey is hardcoded (the same for all customers' installations) in web.config, and can be used to send serialized ASP code.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-15T20:22:14.000000Z"}, {"uuid": "fca16713-ed3c-4fa4-9cb7-719f11c0ec04", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39391", "type": "seen", "source": "https://t.me/cibsecurity/28846", "content": "\u203c CVE-2021-39391 \u203c\n\nCross Site Scripting (XSS) vulnerability exists in the admin panel in Beego v2.0.1 via the URI path in an HTTP request, which is activated by administrators viewing the \"Request Statistics\" page.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-14T22:23:31.000000Z"}, {"uuid": "d3d3989d-b643-47be-8303-42e5e8d0e8ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3939", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/5102", "content": "#info\nHappy New Year 2022 !!!\nThank you what are you with us !!!\n\nThree most read posts in 2021:\n1. Over The Air Baseband Exploit: Gaining RCE on 5G Smartphones\n2.1. \"Evasion Adventures: A brief summary of modern offensive tradecraft\"\n2.2. A double-free bug in Ubuntu\u2019s accountsservice (CVE-2021-3939) + Driver-Based Attacks\n3.1. Windows 11 Security Book\n3.2. Undocumented Intel x86 CPU Instructions", "creation_timestamp": "2024-10-11T02:03:29.000000Z"}, {"uuid": "bfade19b-4c3c-4d4d-a603-382ef150802e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3939", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/4976", "content": "#Threat_Research\n1. A double-free bug in Ubuntu\u2019s accountsservice (CVE-2021-3939)\nhttps://securitylab.github.com/research/ubuntu-accountsservice-CVE-2021-3939\n2. Driver-Based Attacks: Past and Present\nhttps://www.rapid7.com/blog/post/2021/12/13/driver-based-attacks-past-and-present", "creation_timestamp": "2021-12-15T11:05:07.000000Z"}]}