Centos Web Panel 7 Unauthenticated Remote Code Execution - CVE-2022-44877

Posted by Numan TÜRLE on Jan 06

[+] Centos Web Panel 7 Unauthenticated Remote Code Execution
[+] Centos Web Panel 7 - < 0.9.8.1147
[+] Affected Component ip:2031/login/index.php?login=$(whoami)
[+] Discoverer: Numan Türle @ Gais Cyber Security
[+] Vendor: https://centos-webpanel.com/ - https://control-webpanel.com/changelog#1669855527714-450fb335-6194
[+] CVE: CVE-2022-44877

Description
--------------
Bash commands can be run because double quotes are used to log incorrect...

[tool] ModSecurity backdoor

Posted by Jozef Sudolsky on Jan 02

Announcing a backdoor tool running inside of ModSecurity WAF and
allowing remote command execution with privileges of the web server.

https://github.com/azurit/modsecurity-backdoor

SugarCRM 0-day Auth Bypass + RCE Exploit

Posted by sw33t.0day via Fulldisclosure on Dec 30

#!/usr/bin/env python
#
# SugarCRM 0-day Auth Bypass + RCE Exploit
#
# Dorks:
# https://www.google.com/search?q=site:sugarondemand.com&filter=0
# https://www.google.com/search?q=intitle:"SugarCRM"+inurl:index.php
# https://www.shodan.io/search?query=http.title:"SugarCRM&quot;
# https://search.censys.io/search?resource=hosts&q=services.http.response.html_title:"SugarCRM&quot;
#...

APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2

Posted by Apple Product Security via Fulldisclosure on Dec 20

APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2

iOS 15.7.2 and iPadOS 15.7.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213531.

AppleAVD
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone
SE (1st generation), iPad Pro (all models), iPad Air 2 and later,
iPad 5th generation and later, iPad mini 4 and later, and iPod touch
(7th generation)
Impact:...

APPLE-SA-2022-12-13-3 iOS 16.1.2

Posted by Apple Product Security via Fulldisclosure on Dec 20

APPLE-SA-2022-12-13-3 iOS 16.1.2

iOS 16.1.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213516.

WebKit
Available for: iPhone 8 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Apple is aware of a report that this issue
may have been actively exploited against versions of iOS released
before iOS 15.1.
Description: A type...

APPLE-SA-2022-12-13-4 macOS Ventura 13.1

Posted by Apple Product Security via Fulldisclosure on Dec 20

APPLE-SA-2022-12-13-4 macOS Ventura 13.1

macOS Ventura 13.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213532.

Accounts
Available for: macOS Ventura
Impact: A user may be able to view sensitive user information
Description: This issue was addressed with improved data protection.
CVE-2022-42843: Mickey Jin (@patch1t)

AMD
Available for: macOS Ventura
Impact: An app may...

APPLE-SA-2022-12-13-5 macOS Monterey 12.6.2

Posted by Apple Product Security via Fulldisclosure on Dec 20

APPLE-SA-2022-12-13-5 macOS Monterey 12.6.2

macOS Monterey 12.6.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213533.

Bluetooth
Available for: macOS Monterey
Impact: An app may be able to disclose kernel memory
Description: The issue was addressed with improved memory handling.
CVE-2022-42854: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte.
Ltd. (@starlabs_sg)

BOM...

APPLE-SA-2022-12-13-6 macOS Big Sur 11.7.2

Posted by Apple Product Security via Fulldisclosure on Dec 20

APPLE-SA-2022-12-13-6 macOS Big Sur 11.7.2

macOS Big Sur 11.7.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213534.

BOM
Available for: macOS Big Sur
Impact: An app may bypass Gatekeeper checks
Description: A logic issue was addressed with improved checks.
CVE-2022-42821: Jonathan Bar Or of Microsoft

DriverKit
Available for: macOS Big Sur
Impact: An app may be able to...

APPLE-SA-2022-12-13-8 watchOS 9.2

Posted by Apple Product Security via Fulldisclosure on Dec 20

APPLE-SA-2022-12-13-8 watchOS 9.2

watchOS 9.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213536.

Accounts
Available for: Apple Watch Series 4 and later
Impact: A user may be able to view sensitive user information
Description: This issue was addressed with improved data protection.
CVE-2022-42843: Mickey Jin (@patch1t)

AppleAVD
Available for: Apple Watch Series 4 and...

APPLE-SA-2022-12-13-9 Safari 16.2

Posted by Apple Product Security via Fulldisclosure on Dec 20

APPLE-SA-2022-12-13-9 Safari 16.2

Safari 16.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213537.

WebKit
Available for: macOS Big Sur and macOS Monterey
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
WebKit Bugzilla: 245521
CVE-2022-42867: Maddie...

APPLE-SA-2022-12-13-7 tvOS 16.2

Posted by Apple Product Security via Fulldisclosure on Dec 20

APPLE-SA-2022-12-13-7 tvOS 16.2

tvOS 16.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213535.

Accounts
Available for: Apple TV 4K, Apple TV 4K (2nd generation and later),
and Apple TV HD
Impact: A user may be able to view sensitive user information
Description: This issue was addressed with improved data protection.
CVE-2022-42843: Mickey Jin (@patch1t)

AppleAVD...

SEC Consult Vulnerability Lab publication: The enemy from within: Unauthenticated Buffer Overflows in Zyxel routers still haunting users & metasploit exploit

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Dec 20

Hi,

earlier this year in February 2022, we published a technical security advisory -
https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-multiple-zyxel-devices/ - on
different critical vulnerabilities in Zyxel devices, resulting from insecure coding practices and insecure
configuration.

Those also included a highly critical unauthenticated buffer overflow vulnerability in the proprietary Zyxel web server...

SEC Consult SA-20221216-0 :: Remote code execution bypass in Eclipse Business Intelligence Reporting Tool (BiRT)

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Dec 20

SEC Consult Vulnerability Lab Security Advisory < 20221216-0 >
=======================================================================
title: Remote code execution - CVE-2021-34427 bypass
product: Eclipse Business Intelligence Reporting Tool (BiRT)
vulnerable version: <= 4.11.0
fixed version: 4.12
CVE number: CVE-2021-34427
impact: High
homepage:...

APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2

Posted by Apple Product Security via Fulldisclosure on Dec 20

APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2

iOS 16.2 and iPadOS 16.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213530.

Accounts
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, and iPad
mini 5th generation and later
Impact: A user may be able to view sensitive user information
Description:...

Ransom.Win64.AtomSilo / Crypto Logic Flaw

Posted by malvuln on Dec 20

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/5559e9f5e1645f8554ea020a29a5a3ee.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Backup media: infosec.exchange/@malvuln

Threat: Ransom.Win64.AtomSilo
Vulnerability: Crypto Logic Flaw
Family: AtomSilo
Type: PE64
MD5: 5559e9f5e1645f8554ea020a29a5a3ee
Vuln ID: MVID-2022-0666
Disclosure: 12/14/2022
Description: AtomSilo...

Backdoor.Win32.InCommander.17.b / Hardcoded Cleartext Credentials

Posted by malvuln on Dec 20

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/dd76d8a5874bf8bf05279e35c68449ca.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Backup media: infosec.exchange/@malvuln

Threat: Backdoor.Win32.InCommander.17.b
Vulnerability: Hardcoded Cleartext Credentials
Family: InCommander
Type: PE32
MD5: dd76d8a5874bf8bf05279e35c68449ca
Vuln ID: MVID-2022-0665
Dropped files:...

Adversary3 updated / Malware vulnerability intel tool for third-party attackers

Posted by malvuln on Dec 20

The Adversary3 project has been updated, added a new vulnerability
category "Logic Flaw" and dozens of new malware vulnerabilities.

https://github.com/malvuln/Adversary3

[CFP] BSides San Francisco – April 2023

Posted by BSidesSF CFP via Fulldisclosure on Dec 20

BSidesSF is soliciting presentations, workshops, and villages for the 2023
annual BSidesSF conference.

Presentations: https://bsidessf.org/cfp
Workshops: https://bsidessf.org/cfp/workshops
Villages: https://bsidessf.org/cfp/villages

** Topics **

All topic areas related to reliability, application security, web security,
network security, privacy, cryptography, and information security are of
interest and in scope.

Let us help you get the word...

SEC Consult SA-20221213-0 :: Privilege Escalation Vulnerabilities (UNIX Insecure File Handling) in SAP Host Agent (saposcol)

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Dec 13

SEC Consult Vulnerability Lab Security Advisory < 20221213-0 >
=======================================================================
title: Privilege Escalation Vulnerabilities (UNIX Insecure File
Handling)
product: SAP® Host Agent (saposcol)
vulnerable version: see section "Vulnerable / tested versions"
fixed version: see SAP security note 3159736
CVE...

Re: CyberDanube Security Research 20221009-0 | Authenticated Command Injection in Intelbras WiFiber 120AC inMesh

Posted by Thomas Weber on Dec 13

CyberDanube Security Research 20221009-0
-------------------------------------------------------------------------------

               title| Authenticated Command Injection
             product| Intelbras WiFiber 120AC inMesh
  vulnerable version| 1.1-220216
       fixed version| 1-1-220826
          CVE number| CVE-2022-40005
              impact| High
           ...

Trojan-Dropper.Win32.Decay.dxv (CyberGate v1.00.0) / Insecure Proprietary Password Encryption

Posted by malvuln on Dec 13

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/618f28253d1268132a9f10819a6947f2.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Backup media: infosec.exchange/@malvuln

Threat: Trojan-Dropper.Win32.Decay.dxv (CyberGate v1.00.0)
Vulnerability: Insecure Proprietary Password Encryption
Family: CyberGate
Type: PE32
MD5: 618f28253d1268132a9f10819a6947f2
Vuln ID:...

Vulnerabilities Disclosure - Shoplazza Stored XSS

Posted by Andrey Stoykov on Dec 13

# Exploit Title: Shoplazza 1.1 - Stored Cross Site Scripting
# Exploit Author: Andrey Stoykov
# Software Link: https://github.com/Shoplazza/LifeStyle
# Version: 1.1
# Tested on: Ubuntu 20.04

Stored XSS #1:

To reproduce do the following:

1. Login as normal user account
2. Browse "Blog Posts" -> "Manage Blogs" -> "Add Blog Post"
3. Select "Title" and enter payload...

Microsoft PlayReady security research

Posted by Security Explorations on Dec 10

Hello,

Microsoft PlayReady is one of the key technologies used by PayTV
industry and OTT platforms for Digital Rights Management and content
security in general. According to Microsoft, PlayReady Server SDK has
several hundred service provider licensees.

Security Explorations conducted security analysis of Microsoft Play
Ready content protection technology in the environment of CANAL+ SAT
TV provider. As a result, complete access to movie...

CyberDanube Security Research 20221130-0 | Multiple Vulnerabilities in Delta Electronics DX-2100-L1-CN

Posted by Thomas Weber on Dec 08

CyberDanube Security Research 20221130-0
-------------------------------------------------------------------------------
               title| Multiple Vulnerabilities
             product| Delta Electronics DX-2100-L1-CN
  vulnerable version| V1.5.0.10
       fixed version| V1.5.0.12
          CVE number| -
              impact| High
            homepage|...

CyberDanube Security Research 20221130-1 | Authenticated Command Injection in Delta Electronics DVW-W02W2-E2

Posted by Thomas Weber on Dec 08

CyberDanube Security Research 20221130-1
-------------------------------------------------------------------------------
               title| Authenticated Command Injection
             product| Delta Electronics DVW-W02W2-E2
  vulnerable version| V2.42
       fixed version| V2.5.2
          CVE number| -
              impact| High
            homepage|...

SEC Consult SA-20221206-0 :: Multiple critical vulnerabilities in ILIAS eLearning platform

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Dec 08

SEC Consult Vulnerability Lab Security Advisory < 20221206-0 >
=======================================================================
title: Multiple critical vulnerabilities
product: ILIAS eLearning platform
vulnerable version: <= 7.15
fixed version: 7.16
CVE number: CVE-2022-45915, CVE-2022-45916, CVE-2022-45917,
CVE-2022-45918
impact: critical...

Backdoor.Win32.Delf.gj / Information Disclosure

Posted by malvuln on Dec 08

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/8872c2ec49ff3382240762a029631684.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Backup media: infosec.exchange/@malvuln

Threat: Backdoor.Win32.Delf.gj
Vulnerability: Information Disclosure
Description: The malware listens on TCP port 80. Third-party adversaries
who can reach an infected system can pass...

SEC Consult SA-20221201-0 :: Replay attacks & Displaying arbitrary contents in Zhuhai Suny Technology ESL Tag / ETAG-TECH protocol (electronic shelf labels)

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Dec 08

SEC Consult Vulnerability Lab Security Advisory < 20221201-0 >
=======================================================================
title: Replay attacks & Displaying arbitrary contents
product: Zhuhai Suny Technology ESL Tag / ETAG-TECH protocol
(electronic shelf labels)
vulnerable version: All
fixed version: -
CVE number: CVE-2022-45914
impact:...

SEC Consult SA-20221130-0 :: Multiple critical vulnerabilities in Planet Enterprises Ltd - Planet eStream

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Dec 08

SEC Consult Vulnerability Lab Security Advisory < 20221130-0 >
=======================================================================
title: Multiple critical vulnerabilities
product: Planet Enterprises Ltd - Planet eStream
vulnerable version: <6.72.10.07
fixed version: 6.72.10.07
CVE number: CVE-2022-45896, CVE-2022-45893, CVE-2022-45891,
CVE-2022-45889,...

Race condition in snap-confine's must_mkdir_and_open_with_perms() (CVE-2022-3328)

Posted by Qualys Security Advisory via Fulldisclosure on Dec 08

Qualys Security Advisory

Race condition in snap-confine's must_mkdir_and_open_with_perms()
(CVE-2022-3328)

========================================================================
Contents
========================================================================

Summary
Background
Exploitation
Acknowledgments
Timeline

I can't help but feel a missed opportunity to integrate lyrics from
one of the best songs ever: [SNAP! - The...

[CVE-2022-21225] Intel Data Center Manager Console <= 4.1 “getRoomRackData" Authenticated (Guest+) SQL Injection

Posted by Julien Ahrens (RCE Security) on Dec 08

RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: Intel Data Center Manager
Vendor URL: https://www.intel.com/content/www/us/en/developer/tools/data-center-manager-console/overview.html
Type: SQL Injection [CWE-89]
Date found: 2022-01-21
Date published: 2022-12-01
CVSSv3 Score: 9.9 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)
CVE: CVE-2022-21225

2....

Intel Data Center Manager <= 5.1 Local Privileges Escalation

Posted by Julien Ahrens (RCE Security) on Dec 08

RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: Intel Data Center Manager
Vendor URL: https://www.intel.com/content/www/us/en/developer/tools/data-center-manager-console/overview.html
Type: Incorrect Use of Privileged APIs [CWE-648]
Date found: 2022-07-16
Date published: 2022-12-07
CVSSv3 Score: 7.4 (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVE:...

Drupal H5P Module <= 2.0.0 (isValidPackage) Zip Slip Vulnerability

Posted by Egidio Romano on Dec 03

------------------------------------------------------------------
Drupal H5P Module <= 2.0.0 (isValidPackage) Zip Slip Vulnerability
------------------------------------------------------------------

[-] Software Link:

https://www.drupal.org/project/h5p

[-] Affected Versions:

Version 2.0.0-alpha2 and prior versions.
Version 7.x-1.50 and prior versions.

[-] Vulnerability Description:

The vulnerability is located within the...

CyberDanube Security Research 20221124-0 | Authenticated Command Injection Hirschmann BAT-C2

Posted by Thomas Weber on Nov 29

CyberDanube Security Research 20221124-0
-------------------------------------------------------------------------------
               title| Authenticated Command Injection
             product| Hirschmann (Belden) BAT-C2
  vulnerable version| 8.8.1.0R8
       fixed version| 09.13.01.00R04
          CVE number| CVE-2022-40282
              impact| High
           ...

Exploiting an N-day vBulletin PHP Object Injection Vulnerability

Posted by Egidio Romano on Nov 29

Hello list,

Just wanted to share with you my latest blog post:

http://karmainsecurity.com/exploiting-an-nday-vbulletin-php-object-injection

Best regards,
/EgiX

Win32.Ransom.Conti / Crypto Logic Flaw

Posted by malvuln on Nov 29

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/99e55ce93392068c970384ab24a0e13d.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Backup media: infosec.exchange/@malvuln

Threat: Win32.Ransom.Conti
Vulnerability: Crypto Logic Flaw
Description: Conti ransomware FAILS to encrypt non PE files that have a
".exe" in the filename. Creating specially crafted file names...

Backdoor.Win32.Autocrat.b / Weak Hardcoded Credentials

Posted by malvuln on Nov 29

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/4262a8b52b902aa2e6bf02a156d1b8d4.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Backup media: infosec.exchange/@malvuln

Threat: Backdoor.Win32.Autocrat.b
Vulnerability: Weak Hardcoded Credentials
Description: The malware is packed with PeCompact, listens on TCP port 8536
and requires authentication. However, the password...

Trojan.Win32.DarkNeuron.gen / Named Pipe Null DACL

Posted by malvuln on Nov 29

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/d891c9374ccb2a4cae2274170e8644d8.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Backup media: infosec.exchange/@malvuln

Threat: Trojan.Win32.DarkNeuron.gen
Vulnerability: Named Pipe Null DACL
Family: DarkNeuron (Turla Group)
Type: PE32
MD5: d891c9374ccb2a4cae2274170e8644d8
Vuln ID: MVID-2022-0661
Disclosure: 11/24/2022...

[CVE-2022-33942] Intel Data Center Manager Console <= 4.1.1.45749 ”UserMgmtHandler" Authentication Logic Error Leading to Authentication Bypass

Posted by Julien Ahrens (RCE Security) on Nov 29

RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: Intel Data Center Manager
Vendor URL: https://www.intel.com/content/www/us/en/developer/tools/data-center-manager-console/overview.html
Type: Authentication Bypass by Spoofing [CWE-290]
Date found: 2022-06-01
Date published: 2022-11-23
CVSSv3 Score: 10.0 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
CVE:...

Ransomware Deception Tactics Part 1

Posted by malvuln on Nov 29

Did you know? some Ransomware like CONTI and others will FAIL to encrypt
non PE files that have a ".exe" in the filename.

Test.exe.docx
Test.exe.pdf

Conti MD5: 9eb9197cd58f4417a27621c4e1b25a71

ATOMSILO MD5: 5559e9f5e1645f8554ea020a29a5a3ee

Open-Xchange Security Advisory 2022-11-24

Posted by Martin Heiland via Fulldisclosure on Nov 29

Dear subscribers,

we're sharing our latest advisory with you and like to thank everyone who contributed in finding and solving those
vulnerabilities. Feel free to join our bug bounty programs for OX AppSuite, Dovecot and PowerDNS at HackerOne and soon
at YesWeHack.

Yours sincerely,
Martin Heiland, Open-Xchange GmbH

Product: OX App Suite
Vendor: OX Software GmbH

Internal reference: OXUIB-1654
Vulnerability type: Cross-Site Scripting...

Backdoor.Win32.Serman.a / Unauthenticated Open Proxy

Posted by malvuln on Nov 29

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/f312e3a436995b86b205a1a37b1bf10f.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Backup media: infosec.exchange/@malvuln

Threat: Backdoor.Win32.Serman.a
Vulnerability: Unauthenticated Open Proxy
Family: Serman
Type: PE32
MD5: f312e3a436995b86b205a1a37b1bf10f
Vuln ID: MVID-2022-0659
Disclosure: 11/22/2022
Description: The...

crashing potplayer again

Posted by houjingyi on Nov 29

I disclosured a crash in potplayer last year :
https://seclists.org/fulldisclosure/2021/Mar/76
And I found a new one this year, this time is a mid file. Again I contacted
Korea Internet & Security Agency(first-team () krcert or kr), they shared
report to the onwer of the potplayer, Kakao Corp as they said. But I did
not get any update after about half a year. So this is a 0day.
I cannot debug or get any useful information about the crash...

Backdoor.Win32.Quux / Weak Hardcoded Credentials

Posted by malvuln on Nov 20

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/13ce53de9ca4c4e6c58f990b442cb419.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Quux
Vulnerability: Weak Hardcoded Credentials
Family: Quux
Type: PE32
MD5: 13ce53de9ca4c4e6c58f990b442cb419
Vuln ID: MVID-2022-0656
Dropped files: quux32.exe
Disclosure: 11/15/2022
Description: The malware listens on...

Backdoor.Win32.Oblivion.01.a / Insecure Transit Password Disclosure

Posted by malvuln on Nov 20

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/aef85cf0d521eaa6aade11f95ea07ebe.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Oblivion.01.a
Vulnerability: Insecure Transit Password Disclosure
Description: The malware listens on TCP port 7826 and makes HTTP GET
requests to port 80 for "/scripts/WWPMsg.dll". The system logon credentials...

Trojan.Win32.Platinum.gen / Arbitrary Code Execution

Posted by malvuln on Nov 20

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/71a76adeadc7b51218d265771fc2b0d1.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan.Win32.Platinum.gen
Vulnerability: Arbitrary Code Execution
Description: The malware looks for and executes DLLs in its current
directory. Therefore, we can potentially hijack a vuln DLL execute our own
code, control and...

[CVE-2022-3861] Betheme <= 26.5.1.4 - Authenticated (Contributor+) PHP Object Injection

Posted by Julien Ahrens (RCE Security) on Nov 20

RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: Betheme
Vendor URL: https://muffingroup.com/betheme/
Type: Deserialization of Untrusted Data [CWE-502]
Date found: 2022-11-02
Date published: 2022-11-18
CVSSv3 Score: 8.8 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVE: CVE-2022-3861

2. CREDITS
==========
This vulnerability was discovered and...

SEC Consult SA-20221110-0 :: HTML Injection in BMC Remedy ITSM-Suite

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Nov 15

SEC Consult Vulnerability Lab Security Advisory < 20221110-0 >
=======================================================================
title: HTML Injection
product: BMC Remedy ITSM-Suite
vulnerable version: 9.1.10 (= 20.02 in new versioning scheme)
fixed version: 22.1
CVE number: CVE-2022-26088
impact: Low
homepage: https://www.bmc.com/it-solutions/remedy-itsm.html...

SEC Consult SA-20221114-0 :: Path Traversal Vulnerability in Payara Platform

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Nov 15

SEC Consult Vulnerability Lab Security Advisory < 20221114-0 >
=======================================================================
title: Path Traversal Vulnerability
product: Payara Platform
vulnerable version: Enterprise: <5.45.0
Community: <6.2022.1, <5.2022.4, <4.1.2.191.38
fixed version: Enterprise: 5.45.0
Community: 6.2022.1, 5.2022.4,...

SEC Consult SA-20221109-0 :: Multiple Critical Vulnerabilities in Simmeth System GmbH Supplier manager (Lieferantenmanager)

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Nov 15

SEC Consult Vulnerability Lab Security Advisory < 20221109-0 >
=======================================================================
title: Multiple Critical Vulnerabilities
product: Simmeth System GmbH Supplier manager (Lieferantenmanager)
vulnerable version: < 5.6
fixed version: 5.6
CVE number: CVE-2022-44012, CVE-2022-44013, CVE-2022-44014,
CVE-2022-44015,...

APPLE-SA-2022-11-09-1 iOS 16.1.1 and iPadOS 16.1.1

Posted by Apple Product Security via Fulldisclosure on Nov 15

APPLE-SA-2022-11-09-1 iOS 16.1.1 and iPadOS 16.1.1

iOS 16.1.1 and iPadOS 16.1.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213505.

libxml2
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, and iPad
mini 5th generation and later
Impact: A remote user may be able to cause unexpected app termination...

Backdoor.Win32.RemServ.d / Unauthenticated Remote Command Execution

Posted by malvuln on Nov 15

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/05a082d441d9cf365749c0e1eb904c85.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.RemServ.d
Vulnerability: Unauthenticated Remote Command Execution
Family: RemServ
Type: PE32
MD5: 05a082d441d9cf365749c0e1eb904c85
Vuln ID: MVID-2022-0655
Disclosure: 11/11/2022
Description: The malware creates a service...

APPLE-SA-2022-11-09-2 macOS Ventura 13.0.1

Posted by Apple Product Security via Fulldisclosure on Nov 15

APPLE-SA-2022-11-09-2 macOS Ventura 13.0.1

macOS Ventura 13.0.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213504.

libxml2
Available for: macOS Ventura
Impact: A remote user may be able to cause unexpected app termination
or arbitrary code execution
Description: An integer overflow was addressed through improved input
validation.
CVE-2022-40303: Maddie Stone of Google...

Cisco Secure Email Gateways can easily be circumvented

Posted by FD on Nov 15

This report is being published within a coordinated disclosure
procedure. The researcher has been in contact with the vendor
but not received a satisfactory response within a given time
frame. As the attack complexity is low and exploits have already
been published by a third party there must be no further delay
in making the threads publicly known.

The researcher prefers not to take credit for their findings.

Evading Malware Detection by...

Backdoor.Win32.Aphexdoor.LiteSock / Remote Stack Buffer Overflow (SEH)

Posted by malvuln on Nov 15

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/2047ac6183da4dfb61d2562721ba0720.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Aphexdoor.LiteSock
Vulnerability: Remote Stack Buffer Overflow (SEH)
Description: The malware drops an extensionless PE file named "3" which
listens on TCP port 1080. Third-party attackers who can reach an...

HEUR:Trojan.MSIL.Agent.gen / Information Disclosure

Posted by malvuln on Nov 15

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/bc2ccf92bea475f828dcdcb1c8f6cc92.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: HEUR:Trojan.MSIL.Agent.gen
Vulnerability: Information Disclosure
Description: the malware runs an HTTP service on port 19334. Attackers who
can reach an infected host can make HTTP GET requests to download and or
stat arbitrary files...

[CVE-2022-3747] BeCustom <= 1.0.5.2 Generic Cross-Site Request Forgery

Posted by Julien Ahrens (RCE Security) on Nov 15

RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: BeCustom Wordpress Plugin
Vendor URL: https://muffingroup.com/betheme/features/be-custom/
Type: Cross-Site Request Forgery [CWE-253]
Date found: 2021-10-28
Date published: 2022-11-10
CVSSv3 Score: 5.7 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N)
CVE: CVE-2022-3747

2. CREDITS
==========
This...

CVE-2022-3602 and CVE-2022-3786 Critical OpenSSL 3.0.x security vulnerabilities

Posted by Turritopsis Dohrnii Teo En Ming on Nov 07

Subject: CVE-2022-3602 and CVE-2022-3786 Critical OpenSSL 3.0.x
security vulnerabilities

Good day from Singapore,

Please refer to the following posts. The story is developing.

[1] OpenSSL Gives Heads Up to Critical Vulnerability Disclosure, Check
Point Alerts Organizations to Prepare Now
Link:
https://blog.checkpoint.com/2022/10/30/openssl-gives-heads-up-to-critical-vulnerability-disclosure-check-point-alerts-organizations-to-prepare-now/...

APPLE-SA-2022-11-01-1 Xcode 14.1

Posted by Apple Product Security via Fulldisclosure on Nov 07

APPLE-SA-2022-11-01-1 Xcode 14.1

Xcode 14.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213496.

Git
Available for: macOS Monterey 12.5 and later
Impact: Multiple issues in git
Description: Multiple issues were addressed by updating to git
version 2.32.3.
CVE-2022-29187: Carlo Marcelo Arenas Belón and Johannes Schindelin

Git
Available for: macOS Monterey 12.5 and later...

APPLE-SA-2022-10-27-10 Additional information for APPLE-SA-2022-10-24-6 tvOS 16.1

Posted by Apple Product Security via Fulldisclosure on Oct 30

APPLE-SA-2022-10-27-10 Additional information for APPLE-SA-2022-10-24-6 tvOS 16.1

tvOS 16.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213492.

AppleMobileFileIntegrity
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple
TV HD
Impact: An app may be able to modify protected parts of the file
system
Description: This issue was addressed by removing...