Builder XtremeRAT v3.7 / Insecure Crypto Bypass

Posted by malvuln on Jul 18

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/7f314e798c150aedd9ce41ed39318f65_B.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Builder XtremeRAT v3.7
Vulnerability: Insecure Crypto Bypass
Description: The malware builds backdoors and requires authentication to
access the GUI using credentials stored in the "user.info" config file.
XtremeRAT...

July 18^th 2022 at 16:28

Full Disclosure
Builder XtremeRAT v3.7 / Insecure Permissions
July 18^th 2022 at 16:28

Builder XtremeRAT v3.7 / Insecure Permissions

Posted by malvuln on Jul 18

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/7f314e798c150aedd9ce41ed39318f65.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Builder XtremeRAT v3.7
Vulnerability: Insecure Permissions
Description: The malware builds and writes a PE file to c drive granting
change (C) permissions to the authenticated user group. Standard users can
rename the executable...

July 18^th 2022 at 16:28

Full Disclosure
Backdoor.Win32.HoneyPot.a / Weak Hardcoded Password
July 18^th 2022 at 16:28

Backdoor.Win32.HoneyPot.a / Weak Hardcoded Password

Posted by malvuln on Jul 18

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/e3bb503f9b02cf57341695f30e31128f.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.HoneyPot.a
Vulnerability: Weak Hardcoded Password
Description: The malware listens on various TCP ports of which one can be
port 21 when enabled. Authentication is required, however the credentials...

July 18^th 2022 at 16:28

Full Disclosure
SCHUTZWERK-SA-2022-003: Remote Command Execution in Spryker Commerce OS
July 18^th 2022 at 16:26

SCHUTZWERK-SA-2022-003: Remote Command Execution in Spryker Commerce OS

Posted by David Brown via Fulldisclosure on Jul 18

Title
=====

SCHUTZWERK-SA-2022-003: Remote Command Execution in Spryker Commerce OS

Status
======

PUBLISHED

Version
=======

1.0

CVE reference
=============

CVE-2022-28888

Link
====

https://www.schutzwerk.com/en/43/advisories/schutzwerk-sa-2022-003/

Text-only version:
https://www.schutzwerk.com/advisories/SCHUTZWERK-SA-2022-003.txt

Affected products/vendor
========================

Spryker Commerce OS by Spryker Systems GmbH, with...

July 18^th 2022 at 16:26

FreshRSS

Builder XtremeRAT v3.7 / Insecure Crypto Bypass

Builder XtremeRAT v3.7 / Insecure Permissions

Backdoor.Win32.HoneyPot.a / Weak Hardcoded Password

SCHUTZWERK-SA-2022-003: Remote Command Execution in Spryker Commerce OS