Vicidial v2.14-783a - Multiple XSS Web Vulnerabilities

Posted by info () vulnerability-lab com on Oct 20

Document Title:
===============
Vicidial v2.14-783a - Multiple XSS Web Vulnerabilities

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2311

Release Date:
=============
2022-10-11

Vulnerability Laboratory ID (VL-ID):
====================================
2311

Common Vulnerability Scoring System:
====================================
5.2

Vulnerability Class:
====================
Cross Site Scripting...

RRX IOB LP v1.0 - DNS Cache Snooping Vulnerability

Posted by info () vulnerability-lab com on Oct 20

Document Title:
===============
RRX IOB LP v1.0 - DNS Cache Snooping Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2261

Article:https://www.vulnerability-db.com/?q=articles/2022/10/11/rhein-ruhr-express-rrx-dns-cache-snooping-vulnerability-wifi-hotspot

Release Date:
=============
2022-10-11

Vulnerability Laboratory ID (VL-ID):
====================================
2261

Common...

WiFi File Transfer v1.0.8 - Cross Site Scripting Vulnerabilities

Posted by info () vulnerability-lab com on Oct 20

Document Title:
===============
WiFi File Transfer v1.0.8 - Cross Site Scripting Vulnerabilities

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2322

Release Date:
=============
2022-10-17

Vulnerability Laboratory ID (VL-ID):
====================================
2322

Common Vulnerability Scoring System:
====================================
5.6

Vulnerability Class:
====================
Cross Site...

Stripe Green Downloads 2.03 - Cross Site Scripting Web Vulnerability

Posted by info () vulnerability-lab com on Oct 20

Document Title:
===============
Stripe Green Downloads 2.03 - Cross Site Web Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2287

Release Date:
=============
2022-10-17

Vulnerability Laboratory ID (VL-ID):
====================================
2287

Common Vulnerability Scoring System:
====================================
5.2

Vulnerability Class:
====================
Cross Site...

MapTool v1.11.5 - Cross Site Scripting Vulnerabilities

Posted by info () vulnerability-lab com on Oct 20

Document Title:
===============
MapTool v1.11.5 - Cross Site Scripting Vulnerabilities

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2319

Release Date:
=============
2022-10-11

Vulnerability Laboratory ID (VL-ID):
====================================
2319

Common Vulnerability Scoring System:
====================================
5.6

Vulnerability Class:
====================
Cross Site Scripting...

Webile v1.0.1 - Directory Traversal Web Vulnerability

Posted by info () vulnerability-lab com on Oct 20

Document Title:
===============
Webile v1.0.1 - Directory Traversal Web Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2320

Release Date:
=============
2022-10-10

Vulnerability Laboratory ID (VL-ID):
====================================
2320

Common Vulnerability Scoring System:
====================================
7.3

Vulnerability Class:
====================
Directory- or...

MapTool v1.11.5 - Denial of Service Vulnerability

Posted by info () vulnerability-lab com on Oct 20

Document Title:
===============
MapTool v1.11.5 - Denial of Service Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2318

Release Date:
=============
2022-10-10

Vulnerability Laboratory ID (VL-ID):
====================================
2318

Common Vulnerability Scoring System:
====================================
5.7

Vulnerability Class:
====================
Denial of Service...

Knap (APL) v3.1.3 - Persistent Cross Site Vulnerability

Posted by info () vulnerability-lab com on Oct 20

Document Title:
===============
Knap (APL) v3.1.3 - Persistent Cross Site Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2307

Release Date:
=============
2022-10-10

Vulnerability Laboratory ID (VL-ID):
====================================
2307

Common Vulnerability Scoring System:
====================================
5.7

Vulnerability Class:
====================
Cross Site...

Backdoor.Win32.Redkod.d / Weak Hardcoded Credentials

Posted by malvuln on Oct 20

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/bb309bdd071d5733efefe940a89fcbe8.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Redkod.d
Vulnerability: Weak Hardcoded Credentials
Description: The malware listens on TCP port 4820. Authentication is
required, however the password "redkod" is weak and hardcoded in cleartext
within the PE...

OpenStack Horizon, it is posible to trigger a POST Request to any address

Posted by Sven Anders on Oct 20

Hi,

we opened a bug at OpenStack, 3 month ago, but nobody takes care about it. Due
to the OpenStack guidlines the bug report is now public readable.

https://bugs.launchpad.net/horizon/+bug/1980349

I am not a security expert and do not know how bad this bug is, there is now
CVE and so on. Please be kind.

# Description of the bug

We use OpenStack horizon in the following version: `git+https://opendev.org/...

Backdoor.Win32.DarkSky.23 / Remote Stack Buffer Overflow (SEH)

Posted by malvuln on Oct 16

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/1164ef21ef2af97e0339359c0dce5e7d.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.DarkSky.23
Vulnerability: Remote Stack Buffer Overflow (SEH)
Description: The malware listens on TCP port 5418. Third-party adversaries
who can reach the server can send a specially crafted payload triggering a
stack...

CyberDanube Security Research 20221009-0 | Authenticated Command Injection in Intelbras WiFiber 120AC inMesh

Posted by Thomas Weber on Oct 16

CyberDanube Security Research 20221009-0
-------------------------------------------------------------------------------
               title| Authenticated Command Injection
             product| Intelbras WiFiber 120AC inMesh
  vulnerable version| 1.1-220216
       fixed version| 1-1-220826
          CVE number|
              impact| High
            homepage|...

Re: over 2000 packages depend on abort()ing libgmp

Posted by Georgi Guninski on Oct 16

Observe that ubuntu issue advisory about libgmp crash
without mentioning potential exploitability.

quote:
https://ubuntu.com/security/notices/USN-5672-1

Details
12 October 2022

It was discovered that GMP did not properly manage memory
on 32-bit platforms when processing a specially crafted
input. An attacker could possibly use this issue to cause
applications using GMP to crash, resulting in a denial of
service.

References
CVE-2021-43618

APPLE-SA-2022-10-10-1 iOS 16.0.3

Posted by Apple Product Security via Fulldisclosure on Oct 16

APPLE-SA-2022-10-10-1 iOS 16.0.3

iOS 16.0.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213480.

Mail
Available for: iPhone 8 and later
Impact: Processing a maliciously crafted email message may lead to a
denial-of-service
Description: An input validation issue was addressed with improved
input validation.
CVE-2022-22658

This update is available through iTunes and...

Re: over 2000 packages depend on abort()ing libgmp

Posted by Matthew Fernandez on Oct 16

I am not quite sure what point you’re making. CVE-2021-43618 is a
different issue; a programming error that results in a segfault. I.e.
even if an application using libgmp supplied their own allocator,¹ they
could still experience segfaults when dealing with malicious input.

The case you brought to FD (IIUC) is an input including large numbers
that causes libgmp to exhaust memory when dealing with them. In this
case, an application...

Apple Music Android Application - MITM SSL Certificate Vulnerability (CVE-2022-32906)

Posted by David Coomber on Oct 16

Apple Music Android Application - MITM SSL Certificate Vulnerability
(CVE-2022-32906)

https://www.info-sec.ca/advisories/Apple-Music-Android.html

Overview

"Stream over 90 million songs, all ad-free."

(https://play.google.com/store/apps/details?id=com.apple.android.music)

Issue

The Apple Music Android application (versions 3.8.0 - 3.10.2 were
tested, versions 2.0.1 - 3.7.2 have not been tested
[...

[SYSS-2022-045]: Verbatim Store 'n' Go Secure Portable SSD - Missing Immutable Root of Trust in Hardware (CWE-1326) (CVE-2022-28383)

Posted by Matthias Deeg on Oct 08

Advisory ID: SYSS-2022-045
Product: Store 'n' Go Secure Portable SSD
Manufacturer: Verbatim
Affected Version(s): #53402 (GDMSLK02 C-INIC3637-V1.1)
Tested Version(s): #53402 (GDMSLK02 C-INIC3637-V1.1)
Vulnerability Type: Missing Immutable Root of Trust in Hardware
(CWE-1326)
Risk Level: Medium
Solution Status: Fixed
Manufacturer Notification:...

[SYSS-2022-046]: Verbatim Store 'n' Go Secure Portable SSD - Expected Behavior Violation (CWE-440) (CVE-2022-28386)

Posted by Matthias Deeg on Oct 08

Advisory ID: SYSS-2022-046
Product: Store 'n' Go Secure Portable SSD
Manufacturer: Verbatim
Affected Version(s): #53402 (GDMSLK02 C-INIC3637-V1.1)
Tested Version(s): #53402 (GDMSLK02 C-INIC3637-V1.1)
Vulnerability Type: Expected Behavior Violation (CWE-440)
Risk Level: Low
Solution Status: Open
Manufacturer Notification: 2022-06-29
Solution Date:...

[SYSS-2022-043]: Verbatim Store 'n' Go Secure Portable SSD - Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28384)

Posted by Matthias Deeg on Oct 08

Advisory ID: SYSS-2022-043
Product: Store 'n' Go Secure Portable SSD
Manufacturer: Verbatim
Affected Version(s): #53402 (GDMSLK02 C-INIC3637-V1.1)
Tested Version(s): #53402 (GDMSLK02 C-INIC3637-V1.1)
Vulnerability Type: Use of a Cryptographic Primitive with a Risky
Implementation (CWE-1240)
Risk Level: High
Solution Status:...

[SYSS-2022-044]: Verbatim Store 'n' Go Secure Portable SSD - Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28382)

Posted by Matthias Deeg on Oct 08

Advisory ID: SYSS-2022-044
Product: Store 'n' Go Secure Portable SSD
Manufacturer: Verbatim
Affected Version(s): #53402 (GDMSLK02 C-INIC3637-V1.1)
Tested Version(s): #53402 (GDMSLK02 C-INIC3637-V1.1)
Vulnerability Type: Use of a Cryptographic Primitive with a Risky
Implementation (CWE-1240)
Risk Level: Low
Solution Status:...

Wordpress plugin - WPvivid Backup - CVE-2022-2863.

Posted by Rodolfo Tavares via Fulldisclosure on Oct 03

=====[ Tempest Security Intelligence - ADV-15/2022
]==========================

Wordpress plugin - WPvivid Backup - Version < 0.9.76

Author: Rodolfo Tavares

Tempest Security Intelligence - Recife, Pernambuco - Brazil

=====[ Table of Contents]==================================================
* Overview
* Detailed description
* Timeline of disclosure
* Thanks & Acknowledgements
* References

=====[ Vulnerability...

Backdoor.Win32.NTRC / Weak Hardcoded Credentials

Posted by malvuln on Oct 03

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/273fd3f33279cc9c0378a49cf63d7a06.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.NTRC
Vulnerability: Weak Hardcoded Credentials
Family: NTRC
Type: PE32
MD5: 273fd3f33279cc9c0378a49cf63d7a06
Vuln ID: MVID-2022-0646
Disclosure: 10/02/2022
Description: The malware listens on TCP port 6767....

Backdoor.Win32.Delf.eg / Unauthenticated Remote Command Execution

Posted by malvuln on Oct 03

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/de6220a8e8fcbbee9763fb10e0ca23d7.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Delf.eg
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware listens on TCP port 7401. Third-party adversarys
who can reach infected systems can issue commands made available by the...

ZKBiosecurity - Authenticated SQL Injection resulting in RCE (CVE-2022-36635)

Posted by Caio B on Sep 30

#######################ADVISORY INFORMATION#######################

Product: ZKSecurity BIO

Vendor: ZKTeco (
https://www.zkteco.com/en/ZKBiosecurity/ZKBioSecurity_V5000_4.1.2)

Version Affected: 4.1.2

CVE: CVE-2022-36635

Vulnerability: SQL Injection (with a plus: RCE)

#######################CREDIT#######################

This vulnerability was discovered and researched by Caio Burgardt and
Silton Santos....

ZKBioSecurity 3.0.5- Privilege Escalation to Admin (CVE-2022-36634)

Posted by Caio B on Sep 30

#######################ADVISORY INFORMATION#######################

Product: ZKSecurity BIO

Vendor: ZKTeco

Version Affected: 3.0.5.0_R

CVE: CVE-2022-36634

Vulnerability: User privilege escalation

#######################CREDIT#######################

This vulnerability was discovered and researched by Caio Burgardt and
Silton Santos.

#######################INTRODUCTION#######################

Based on the hybrid biometric technology and...

SEC Consult SA-20220923-0 :: Multiple Memory Corruption Vulnerabilities in COVESA (Connected Vehicle Systems Alliance) DLT daemon

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Sep 27

SEC Consult Vulnerability Lab Security Advisory < 20220923-0 >
=======================================================================
title: Multiple Memory Corruption Vulnerabilities
product: COVESA DLT daemon (Diagnostic Log and Trace)
Connected Vehicle Systems Alliance (COVESA), formerly GENIVI
vulnerable version: <= 2.18.8
fixed version: current master branch commit...

Backdoor.Win32.Bingle.b / Weak Hardcoded Credentials

Posted by malvuln on Sep 27

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/eacaa12336f50f1c395663fba92a4d32.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Bingle.b
Vulnerability: Weak Hardcoded Credentials
Description: The malware is packed using ASPack 2.11, listens on TCP port
22 and requires authentication. However, the password "let me in" is weak
and...

Backdoor.Win32.Psychward.b / Weak Hardcoded Credentials

Posted by malvuln on Sep 27

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/0b8cf90ab9820cb3fcb7f1d1b45e4e57.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Psychward.b
Vulnerability: Weak Hardcoded Credentials
Description: The malware listens on TCP port 8888 and requires
authentication. However, the password "4174" is weak and hardcoded in
cleartext within the PE...

Backdoor.Win32.Augudor.b / Remote File Write Code Execution

Posted by malvuln on Sep 27

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/94ccd337cbdd4efbbcc0a6c888abb87d.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Augudor.b
Vulnerability: Remote File Write Code Execution
Description: The malware drops an empty file named "zy.exe" and listens on
TCP port 810. Third-party adversaries who can reach the infected host can...

Backdoor.Win32.Hellza.120 / Unauthorized Remote Command Execution

Posted by malvuln on Sep 19

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/2cbd0fcf4d5fd5fb6c8014390efb0b21.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Hellza.120
Vulnerability: Unauthorized Remote Command Execution
Description: The malware listens on TCP ports 12122, 21. Third-party
adversarys who can reach infected systems can issue commands made available
by the...

Trojan-Dropper.Win32.Corty.10 / Insecure Credential Storage

Posted by malvuln on Sep 19

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/f72138e574743640bdcdb9f102dff0a5.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan-Dropper.Win32.Corty.10
Vulnerability: Insecure Credential Storage
Description: The malware stores its credentials in cleartext within the
Windows registry.
Family: Corty
Type: PE32
MD5: f72138e574743640bdcdb9f102dff0a5
Vuln ID:...

Trojan.Ransom.Ryuk.A / Arbitrary Code Execution

Posted by malvuln on Sep 19

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/5ac0f050f93f86e69026faea1fbb4450.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan.Ransom.Ryuk.A
Vulnerability: Arbitrary Code Execution
Description: The ransomware looks for and executes DLLs in its current
directory. Therefore, we can potentially hijack a vuln DLL execute our own
code, control and terminate...

Backdoor.Win32.Hellza.120 / Authentication Bypass

Posted by malvuln on Sep 19

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/2cbd0fcf4d5fd5fb6c8014390efb0b21_B.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Hellza.120
Vulnerability: Authentication Bypass
Description: The malware listens on TCP ports 12122, 21. Third-party
adversarys who can reach infected systems can logon using any
username/password combination....

Re: over 2000 packages depend on abort()ing libgmp

Posted by Matthew Fernandez on Sep 19

What is the security boundary being violated here? As a maintainer of
some of the packages implicated here, I’m unsure what my actionable
tasks are. The threat model(s) for my packages does not consider crashes
to be a security violation. On the other side, things like crypto code
frequently use their own non-GMP implementation of bignum arith for this
(and other) reason.

Not trying to brush this off. But I’m just trying to gain an...

SEC Consult SA-20220914-0 :: Improper Access Control in SAP® SAProuter

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Sep 15

SEC Consult Vulnerability Lab Security Advisory < 20220914-0 >
=======================================================================
title: Improper Access Control
product: SAP® SAProuter
vulnerable version: see section "Vulnerable / tested versions"
fixed version: see SAP security note 3158375
CVE number: CVE-2022-27668
impact: high
homepage:...

SEC Consult SA-20220915-0 :: Local Privilege Escalation im SAP® SAPControl Web Service Interface (sapuxuserchk)

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Sep 15

SEC Consult Vulnerability Lab Security Advisory < 20220915-0 >
=======================================================================
title: Local privilege escalation
product: SAP® SAPControl Web Service Interface (sapuxuserchk)
vulnerable version: see section "Vulnerable / tested versions"
fixed version: see SAP security note 3158619
CVE number: CVE-2022-29614...

over 2000 packages depend on abort()ing libgmp

Posted by Georgi Guninski on Sep 15

ping world

libgmp is library about big numbers.

it is not a library for very big numbers, because
if libgmp meets a very big number, it calls abort()
and coredumps.

2442 packages depend on libgmp on ubuntu20.

guest3@ubuntu20:~/prim$ apt-cache rdepends libgmp10 | wc -l
2442

gawk crash:

guest3@ubuntu20:~/prim$ gawk --bignum 'BEGIN { a = 2 ^ 2 ^41; print "a =", a }'
gmp: overflow in mpz type
Aborted (core dumped)...

APPLE-SA-2022-09-12-4 macOS Monterey 12.6

Posted by Apple Product Security via Fulldisclosure on Sep 12

APPLE-SA-2022-09-12-4 macOS Monterey 12.6

macOS Monterey 12.6 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213444.

ATS
Available for: macOS Monterey
Impact: An app may be able to bypass Privacy preferences
Description: A logic issue was addressed with improved state
management.
CVE-2022-32902: Mickey Jin (@patch1t)

iMovie
Available for: macOS Monterey
Impact: A user may...

APPLE-SA-2022-09-12-1 iOS 16

Posted by Apple Product Security via Fulldisclosure on Sep 12

APPLE-SA-2022-09-12-1 iOS 16

iOS 16 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213446.

Additional CVE entries to be added soon.

Contacts
Available for: iPhone 8 and later
Impact: An app may be able to bypass Privacy preferences
Description: This issue was addressed with improved checks.
CVE-2022-32854: Holger Fuhrmannek of Deutsche Telekom Security

Kernel
Available...

APPLE-SA-2022-09-12-2 iOS 15.7 and iPadOS 15.7

Posted by Apple Product Security via Fulldisclosure on Sep 12

APPLE-SA-2022-09-12-2 iOS 15.7 and iPadOS 15.7

iOS 15.7 and iPadOS 15.7 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213445.

Contacts
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An app may be able to bypass Privacy preferences
Description:...

APPLE-SA-2022-09-12-5 Safari 16

Posted by Apple Product Security via Fulldisclosure on Sep 12

APPLE-SA-2022-09-12-5 Safari 16

Safari 16 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213442.

Safari Extensions
Available for: macOS Big Sur and macOS Monterey
Impact: A website may be able to track users through Safari web
extensions
Description: A logic issue was addressed with improved state
management.
WebKit Bugzilla: 242278
CVE-2022-32868: Michael

WebKit...

Multiple vulnerabilities discovered in Qualys Cloud Agent

Posted by Daniel Wood via Fulldisclosure on Sep 12

The Unqork Security team discovered multiple security vulnerabilities in
the Qualys Cloud Agent, to include arbitrary code execution.

CVE-2022-29549 (Arbitrary Code Execution)
https://nvd.nist.gov/vuln/detail/CVE-2022-29549

CVE-2022-29550 (Sensitive Information Disclosure)
https://nvd.nist.gov/vuln/detail/CVE-2022-29550

Read more:
https://www.unqork.com/resources/unqork-and-qualys-partner-to-resolve-zero-day-vulnerabilities...

[SYSS-2022-041] Remote Code Execution due to unsafe JMX default configuration in JasperReports Server

Posted by Moritz Bechler on Sep 12

Advisory ID: SYSS-2022-041
Product: JasperReports Server
Manufacturer: TIBCO Software Inc.
Tested Version(s): 8.0.2 Community Edition
Vulnerability Type: CWE-502: Deserialization of Untrusted Data
Risk Level: High
Solution Status: Fixed
Manufacturer Notification: 2022-06-10
Solution Date: 2022-08-10
Public Disclosure: 2022-09-09
CVE Reference:...

Trojan.Win32.Autoit.fhj / Named Pipe Null DACL

Posted by malvuln on Sep 08

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/d871836f77076eeed87eb0078c1911c7_B.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan.Win32.Autoit.fhj
Vulnerability: Named Pipe Null DACL
Family: Autoit
Type: PE32
MD5: d871836f77076eeed87eb0078c1911c7
Vuln ID: MVID-2022-0638
Disclosure: 09/06/2022
Description: The malware creates two processes...

Trojan.Win32.Autoit.fhj / Insecure Permissions

Posted by malvuln on Sep 08

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/d871836f77076eeed87eb0078c1911c7.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan.Win32.Autoit.fhj
Vulnerability: Insecure Permissions
Description: The malware writes two hidden DLL files "vp8decoder.dll" and
"vp8encoder.dll" to its installation directory granting full (F)
permissions to...

Backdoor.Win32.Winshell.5_0 / Weak Hardcoded Credentials

Posted by malvuln on Sep 08

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/5bc5f72d19019a2fa3b75896e82ae1e5.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Winshell.5_0
Vulnerability: Weak Hardcoded Credentials
Description: The malware is UPX packed, listens on TCP port 5277 and
requires authentication for remote access. However, the password
"123456789" is weak...

Backdoor.Win32.Hupigon.aspg / Insecure Service Path

Posted by malvuln on Sep 08

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/121bf601275e2aed0c3a6fe7910f9826.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Hupigon.aspg
Vulnerability: Insecure Service Path
Description: The malware creates a service with an unquoted path. Attackers
who can place an arbitrary executable named "Program.exe" under c:\ drive
can...

Trojan-Spy.Win32.Pophot.bsl / Insecure Permissions

Posted by malvuln on Sep 08

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/8c0e6ec6b8ac9eb1169e63df71f24456.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan-Spy.Win32.Pophot.bsl
Vulnerability: Insecure Permissions
Description: The malware writes a BATCH file ".bat" to c drive granting
change (C) permissions to the authenticated user group. Standard users can
rename the...

Trojan-Ransom.Win32.Hive.bv / Arbitrary Code Execution

Posted by malvuln on Sep 08

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/44aba241dd3f0d156c6ed82a0ab3a9e1.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan-Ransom.Win32.Hive.bv
Vulnerability: Arbitrary Code Execution
Description: Hive Ransomware will load and execute arbitrary .EXE PE files
if a third-party adversary or defender uses the vulnerable naming
convention of...

sagemath denial of service with abort() in gmp: overflow in mpz type

Posted by Georgi Guninski on Sep 08

sagemath 9.0 and reportedly later on ubuntu 20.

sagemath gives access to the python interpreter,
so code execution is trivial.

We give DoS attacks, which terminates the sagemath process
with abort(), when raising symbolic expression to large integer power.

We get abort() with stack:

gmp: overflow in mpz type

#6 0x00007f55c83ee72e in __GI_abort () at
/build/glibc-SzIz7B/glibc-2.31/stdlib/abort.c:79
#7 0x00007f55c56e0d20 in __gmpz_realloc ()...

AVEVA InTouch Access Anywhere Secure Gateway - Path Traversal

Posted by Jens Regel | CRISEC on Sep 08

Title:
======
AVEVA InTouch Access Anywhere Secure Gateway - Path Traversal

Author:
=======
Jens Regel, CRISEC IT-Security

CVE:
====
CVE-2022-23854

Advisory:
=========
https://crisec.de/advisory-aveva-intouch-access-anywhere-secure-gateway-path-traversal/

Timeline:
=========
25.06.2021 Vulnerability discovered
25.06.2021 Send details to custfirstsupport () aveva com
21.09.2021 Vendor response, fix is available until Q1/2022
25.09.2021 Vendor...

123ADV-001: Stack Buffer Overflow in Lotus 1-2-3 R3 for UNIX/Linux

Posted by Tavis Ormandy on Sep 05

# About

The 123 command is a spreadsheet application for UNIX-based systems that
can be used in interactive mode to create and modify financial and
scientific models.

For more information, see https://123r3.net

# Advisory

A stack buffer overflow was reported in the cell format processing
routines. If a victim opens an untrusted malicious worksheet, code
execution could occur.

There have been no reports of this vulnerability being exploited...

Open-Xchange Security Advisory 2022-09-01

Posted by Martin Heiland via Fulldisclosure on Sep 01

Dear subscribers,

we're sharing our latest advisory with you and like to thank everyone who contributed in finding and solving those
vulnerabilities. Feel free to join our bug bounty programs for OX AppSuite, Dovecot and PowerDNS at HackerOne.

Yours sincerely,
Martin Heiland, Open-Xchange GmbH

Product: OX App Suite
Vendor: OX Software GmbH

Internal reference: MWB-1540
Vulnerability type: Cross-Site Scripting (CWE-80)
Vulnerable...

APPLE-SA-2022-08-31-1 iOS 12.5.6

Posted by Apple Product Security via Fulldisclosure on Aug 31

APPLE-SA-2022-08-31-1 iOS 12.5.6

iOS 12.5.6 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213428.

iOS 12 is not impacted by CVE-2022-32894.

WebKit
Available for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad
mini 2, iPad mini 3, and iPod touch (6th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Apple is aware of...

Re: typeorm CVE-2022-33171

Posted by Tobias Schneider on Aug 19

Someone should tell Snyk about the risks of "Supply Chain vulnerabilities"
...

(and yes this is a vulnerability, nice find!)

LoL'ing at Maintainer.

Cheers, @haxel0rd.

APPLE-SA-2022-08-17-1 iOS 15.6.1 and iPadOS 15.6.1

Posted by Apple Product Security via Fulldisclosure on Aug 19

APPLE-SA-2022-08-17-1 iOS 15.6.1 and iPadOS 15.6.1

iOS 15.6.1 and iPadOS 15.6.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213412.

Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application may be able to execute arbitrary code with...

APPLE-SA-2022-08-17-2 macOS Monterey 12.5.1

Posted by Apple Product Security via Fulldisclosure on Aug 19

APPLE-SA-2022-08-17-2 macOS Monterey 12.5.1

macOS Monterey 12.5.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213413.

Kernel
Available for: macOS Monterey
Impact: An application may be able to execute arbitrary code with
kernel privileges. Apple is aware of a report that this issue may
have been actively exploited.
Description: An out-of-bounds write issue was addressed...

[CVE-2022-2536] Transposh <= 1.0.8.1 “tp_translation” Authorization Bypass

Posted by Julien Ahrens (RCE Security) on Aug 19

RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: Transposh WordPress Translation
Vendor URL: https://wordpress.org/plugins/transposh-translation-filter-for-wordpress/
Type: Incorrect Authorization [CWE-863]
Date found: 2022-07-23
Date published: 2022-08-16
CVSSv3 Score: 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
CVE: CVE-2022-2536

2. CREDITS...

APPLE-SA-2022-08-18-1 Safari 15.6.1

Posted by Apple Product Security via Fulldisclosure on Aug 19

APPLE-SA-2022-08-18-1 Safari 15.6.1

Safari 15.6.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213414.

WebKit
Available for: macOS Big Sur and macOS Catalina
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Apple is aware of a report that this issue
may have been actively exploited.
Description: An out-of-bounds write issue was...

Trovent Security Advisory 2110-01 / Insecure data storage in Polar Flow Android application

Posted by Stefan Pietsch on Aug 19

# Trovent Security Advisory 2110-01 #
#####################################

Insecure data storage in Polar Flow Android application
#######################################################

Overview
########

Advisory ID: TRSA-2110-01
Advisory version: 1.0
Advisory status: Public
Advisory URL: https://trovent.io/security-advisory-2110-01
Affected product: Polar Flow Android mobile application (fi.polar.polarflow)
Affected version: 5.7.1
Vendor:...