Wordpress plugin - WPvivid Backup - CVE-2022-2863.

Posted by Rodolfo Tavares via Fulldisclosure on Oct 03

=====[ Tempest Security Intelligence - ADV-15/2022
]==========================

Wordpress plugin - WPvivid Backup - Version < 0.9.76

Author: Rodolfo Tavares

Tempest Security Intelligence - Recife, Pernambuco - Brazil

=====[ Table of Contents]==================================================
* Overview
* Detailed description
* Timeline of disclosure
* Thanks & Acknowledgements
* References

=====[ Vulnerability...

Backdoor.Win32.NTRC / Weak Hardcoded Credentials

Posted by malvuln on Oct 03

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/273fd3f33279cc9c0378a49cf63d7a06.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.NTRC
Vulnerability: Weak Hardcoded Credentials
Family: NTRC
Type: PE32
MD5: 273fd3f33279cc9c0378a49cf63d7a06
Vuln ID: MVID-2022-0646
Disclosure: 10/02/2022
Description: The malware listens on TCP port 6767....

Backdoor.Win32.Delf.eg / Unauthenticated Remote Command Execution

Posted by malvuln on Oct 03

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/de6220a8e8fcbbee9763fb10e0ca23d7.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Delf.eg
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware listens on TCP port 7401. Third-party adversarys
who can reach infected systems can issue commands made available by the...

Windows Kerberos RC4 MD4 Encryption Downgrade Privilege Escalation

The Windows KDC allows an interposing attacker to downgrade to RC4 MD4 encryption in compromising the user's TGT session key resulting in escalation of privilege.

Ubuntu Security Notice USN-5648-1

Ubuntu Security Notice 5648-1 - It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Duoming Zhou discovered that race conditions existed in the timer handling implementation of the Linux kernel's Rose X.25 protocol layer, resulting in use-after-free vulnerabilities. A local attacker could use this to cause a denial of service.

Ubuntu Security Notice USN-5650-1

Ubuntu Security Notice 5650-1 - It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the virtual terminal driver in the Linux kernel did not properly handle VGA console font changes, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

ZKBiosecurity - Authenticated SQL Injection resulting in RCE (CVE-2022-36635)

Posted by Caio B on Sep 30

#######################ADVISORY INFORMATION#######################

Product: ZKSecurity BIO

Vendor: ZKTeco (
https://www.zkteco.com/en/ZKBiosecurity/ZKBioSecurity_V5000_4.1.2)

Version Affected: 4.1.2

CVE: CVE-2022-36635

Vulnerability: SQL Injection (with a plus: RCE)

#######################CREDIT#######################

This vulnerability was discovered and researched by Caio Burgardt and
Silton Santos....

ZKBioSecurity 3.0.5- Privilege Escalation to Admin (CVE-2022-36634)

Posted by Caio B on Sep 30

#######################ADVISORY INFORMATION#######################

Product: ZKSecurity BIO

Vendor: ZKTeco

Version Affected: 3.0.5.0_R

CVE: CVE-2022-36634

Vulnerability: User privilege escalation

#######################CREDIT#######################

This vulnerability was discovered and researched by Caio Burgardt and
Silton Santos.

#######################INTRODUCTION#######################

Based on the hybrid biometric technology and...

Gentoo Linux Security Advisory 202209-25

Gentoo Linux Security Advisory 202209-25 - A vulnerability has been discovered in Zutty which could allow for arbitrary code execution. Versions less than 0.13 are affected.

Gentoo Linux Security Advisory 202209-27

Gentoo Linux Security Advisory 202209-27 - Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could result in arbitrary code execution. Versions less than 102.3.0:esr are affected.

Gentoo Linux Security Advisory 202209-23

Gentoo Linux Security Advisory 202209-23 - Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution. Versions less than 105.0.5195.125 are affected.

Gentoo Linux Security Advisory 202209-26

Gentoo Linux Security Advisory 202209-26 - Multiple vulnerabilities have been discovered in Go, the worst of which could result in denial of service. Versions less than 1.18.6 are affected.

Gentoo Linux Security Advisory 202209-22

Gentoo Linux Security Advisory 202209-22 - A vulnerability has been found in Kitty which could allow for arbitrary code execution with user input. Versions less than 0.26.2 are affected.

Gentoo Linux Security Advisory 202209-24

Gentoo Linux Security Advisory 202209-24 - Multiple vulnerabilities have been discovered in Expat, the worst of which could result in arbitrary code execution. Versions less than 2.4.9 are affected.

Gentoo Linux Security Advisory 202209-19

Gentoo Linux Security Advisory 202209-19 - Multiple vulnerabilities have been discovered in GraphicsMagick, the worst of which are fuzzing issues presumed to allow for arbitrary code execution. Versions less than 1.3.38 are affected.

Gentoo Linux Security Advisory 202209-21

Gentoo Linux Security Advisory 202209-21 - A vulnerability has been discovered in Poppler which could allow for arbitrary code execution. Versions less than 22.09.0 are affected.

Gentoo Linux Security Advisory 202209-20

Gentoo Linux Security Advisory 202209-20 - Multiple vulnerabilities have been discovered in PHP, the worst of which could result in local root privilege escalation. Versions less than 7.4.30:7.4 are affected.

Gentoo Linux Security Advisory 202209-17

Gentoo Linux Security Advisory 202209-17 - Multiple vulnerabilities have been found in Redis, the worst of which could result in arbitrary code execution. Versions less than 7.0.5 are affected.

Gentoo Linux Security Advisory 202209-18

Gentoo Linux Security Advisory 202209-18 - Multiple vulnerabilities have been found in Mozilla Thunderbird, the world of which could result in arbitrary code execution. Versions less than 102.3.0 are affected.

Gentoo Linux Security Advisory 202209-16

Gentoo Linux Security Advisory 202209-16 - Multiple vulnerabilities have been discovered in BlueZ, the worst of which could result in arbitrary code execution. Versions less than 5.63 are affected.

Red Hat Security Advisory 2022-6753-01

Red Hat Security Advisory 2022-6753-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include buffer overflow, denial of service, information leakage, null pointer, out of bounds read, out of bounds write, and server-side request forgery vulnerabilities.

Ubuntu Security Notice USN-5615-2

Ubuntu Security Notice 5615-2 - USN-5615-1 fixed several vulnerabilities in SQLite. This update provides the corresponding fix for CVE-2020-35525 for Ubuntu 16.04 ESM. It was discovered that SQLite incorrectly handled INTERSEC query processing. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code.

Ubuntu Security Notice USN-5647-1

Ubuntu Security Notice 5647-1 - It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Moshe Kol, Amit Klein and Yossi Gilad discovered that the IP implementation in the Linux kernel did not provide sufficient randomization when calculating port offsets. An attacker could possibly use this to expose sensitive information.

Red Hat Security Advisory 2022-6741-01

Red Hat Security Advisory 2022-6741-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a privilege escalation vulnerability.

Ubuntu Security Notice USN-5646-1

Ubuntu Security Notice 5646-1 - Tobias Stoeckmann discovered that libXi did not properly manage memory when handling X server responses. A remote attacker could use this issue to cause libXi to crash, resulting in a denial of service.

Ubuntu Security Notice USN-5645-1

Ubuntu Security Notice 5645-1 - Jacob Champion discovered that PostgreSQL incorrectly handled SSL certificate verification and encryption. A remote attacker could possibly use this issue to inject arbitrary SQL queries when a connection is first established. Tom Lane discovered that PostgreSQL incorrect handled certain array subscripting calculations. An authenticated attacker could possibly use this issue to overwrite server memory and escalate privileges.

Ubuntu Security Notice USN-5644-1

Ubuntu Security Notice 5644-1 - It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Duoming Zhou discovered that race conditions existed in the timer handling implementation of the Linux kernel's Rose X.25 protocol layer, resulting in use-after-free vulnerabilities. A local attacker could use this to cause a denial of service.

Red Hat Security Advisory 2022-6696-01

Red Hat Security Advisory 2022-6696-01 - Red Hat Advanced Cluster Management for Kubernetes 2.4.6 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. Issues addressed include crlf injection and denial of service vulnerabilities.

Ubuntu Security Notice USN-5643-1

Ubuntu Security Notice 5643-1 - It was discovered that GhostScript incorrectly handled certain PDF files. If a user or automated system were tricked into opening a specially crafted PDF file, a remote attacker could use this issue to cause GhostScript to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. It was discovered that GhostScript incorrectly handled certain PDF files. If a user or automated system were tricked into opening a specially crafted PDF file, a remote attacker could use this issue to cause GhostScript to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 22.04 LTS.

Ubuntu Security Notice USN-5642-1

Ubuntu Security Notice 5642-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

Ubuntu Security Notice USN-5641-1

Ubuntu Security Notice 5641-1 - Mikhail Evdokimov discovered that Squid incorrectly handled cache manager ACLs. A remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. It was discovered that Squid incorrectly handled SSPI and SMB authentication. A remote attacker could use this issue to cause Squid to crash, resulting in a denial of service, or possibly obtain sensitive information.

Red Hat Security Advisory 2022-6700-01

Red Hat Security Advisory 2022-6700-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.3.0 ESR. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2022-6701-01

Red Hat Security Advisory 2022-6701-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.3.0 ESR. Issues addressed include a bypass vulnerability.

Ubuntu Security Notice USN-5640-1

Ubuntu Security Notice 5640-1 - It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Duoming Zhou discovered that race conditions existed in the timer handling implementation of the Linux kernel's Rose X.25 protocol layer, resulting in use-after-free vulnerabilities. A local attacker could use this to cause a denial of service.

Red Hat Security Advisory 2022-6702-01

Red Hat Security Advisory 2022-6702-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.3.0 ESR. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2022-6703-01

Red Hat Security Advisory 2022-6703-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.3.0 ESR. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2022-6708-01

Red Hat Security Advisory 2022-6708-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.3.0. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2022-6707-01

Red Hat Security Advisory 2022-6707-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.3.0 ESR. Issues addressed include a bypass vulnerability.

Ubuntu Security Notice USN-5639-1

Ubuntu Security Notice 5639-1 - It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Moshe Kol, Amit Klein and Yossi Gilad discovered that the IP implementation in the Linux kernel did not provide sufficient randomization when calculating port offsets. An attacker could possibly use this to expose sensitive information.

Red Hat Security Advisory 2022-6713-01

Red Hat Security Advisory 2022-6713-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.3.0. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2022-6711-01

Red Hat Security Advisory 2022-6711-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.3.0 ESR. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2022-6710-01

Red Hat Security Advisory 2022-6710-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.3.0. Issues addressed include a bypass vulnerability.

Ubuntu Security Notice USN-5638-1

Ubuntu Security Notice 5638-1 - Rhodri James discovered that Expat incorrectly handled memory when processing certain malformed XML files. An attacker could possibly use this issue to cause a crash or execute arbitrary code.

Red Hat Security Advisory 2022-6714-01

Red Hat Security Advisory 2022-6714-01 - Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). The updated image includes new features and bug fixes.

Red Hat Security Advisory 2022-6717-01

Red Hat Security Advisory 2022-6717-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.3.0. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2022-6716-01

Red Hat Security Advisory 2022-6716-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.3.0. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2022-6715-01

Red Hat Security Advisory 2022-6715-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.3.0. Issues addressed include a bypass vulnerability.

SEC Consult SA-20220923-0 :: Multiple Memory Corruption Vulnerabilities in COVESA (Connected Vehicle Systems Alliance) DLT daemon

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Sep 27

SEC Consult Vulnerability Lab Security Advisory < 20220923-0 >
=======================================================================
title: Multiple Memory Corruption Vulnerabilities
product: COVESA DLT daemon (Diagnostic Log and Trace)
Connected Vehicle Systems Alliance (COVESA), formerly GENIVI
vulnerable version: <= 2.18.8
fixed version: current master branch commit...

Backdoor.Win32.Bingle.b / Weak Hardcoded Credentials

Posted by malvuln on Sep 27

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/eacaa12336f50f1c395663fba92a4d32.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Bingle.b
Vulnerability: Weak Hardcoded Credentials
Description: The malware is packed using ASPack 2.11, listens on TCP port
22 and requires authentication. However, the password "let me in" is weak
and...

Backdoor.Win32.Psychward.b / Weak Hardcoded Credentials

Posted by malvuln on Sep 27

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/0b8cf90ab9820cb3fcb7f1d1b45e4e57.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Psychward.b
Vulnerability: Weak Hardcoded Credentials
Description: The malware listens on TCP port 8888 and requires
authentication. However, the password "4174" is weak and hardcoded in
cleartext within the PE...

Backdoor.Win32.Augudor.b / Remote File Write Code Execution

Posted by malvuln on Sep 27

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/94ccd337cbdd4efbbcc0a6c888abb87d.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Augudor.b
Vulnerability: Remote File Write Code Execution
Description: The malware drops an empty file named "zy.exe" and listens on
TCP port 810. Third-party adversaries who can reach the infected host can...

Ubuntu Security Notice USN-5637-1

Ubuntu Security Notice 5637-1 - It was discovered that libvpx incorrectly handled certain WebM media files. A remote attacker could use this issue to crash an application using libvpx under certain conditions, resulting in a denial of service.

Gentoo Linux Security Advisory 202209-15

Gentoo Linux Security Advisory 202209-15 - Multiple vulnerabilities have been found in Oracle JDK and JRE, the worst of which could result in the arbitrary execution of code. Versions less than or equal to 11.0.2 are affected.

Ubuntu Security Notice USN-5636-1

Ubuntu Security Notice 5636-1 - It was discovered that SoS incorrectly handled certain data. An attacker could possibly use this issue to expose sensitive information.

Gentoo Linux Security Advisory 202209-14

Gentoo Linux Security Advisory 202209-14 - Multiple vulnerabilities have been discovered in Fetchmail, the worst of which could result in email disclosure to third parties. Versions less than 6.4.22 are affected.

Red Hat Security Advisory 2022-6560-01

Red Hat Security Advisory 2022-6560-01 - An update is now available for OpenShift Logging 5.3.12 Red Hat Product Security has rated this update as having a security impact of Moderate.

Gentoo Linux Security Advisory 202209-13

Gentoo Linux Security Advisory 202209-13 - Multiple vulnerabilities have been discovered in libaacplus, the worst of which could result in denial of service. Versions less than or equal to 2.0.2-r3 are affected.

Gentoo Linux Security Advisory 202209-12

Gentoo Linux Security Advisory 202209-12 - Multiple vulnerabilities have been discovered in GRUB, the worst of which may allow for secureboot bypass. Versions less than 2.06 are affected.

Gentoo Linux Security Advisory 202209-11

Gentoo Linux Security Advisory 202209-11 - Multiple vulnerabilities have been discovered in HarfBuzz, the worst of which could result in arbitrary code execution. Versions less than 4.4.0 are affected.

Gentoo Linux Security Advisory 202209-10

Gentoo Linux Security Advisory 202209-10 - A vulnerability has been discovered in Logcheck's ebuilds which could allow for root privilege escalation. Versions less than or equal to 1.3.23 are affected.