APPLE-SA-2022-05-16-6 tvOS 15.5

Posted by Apple Product Security via Fulldisclosure on May 16

APPLE-SA-2022-05-16-6 tvOS 15.5

tvOS 15.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213254.

AppleAVD
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple
TV HD
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2022-26702: an anonymous...

APPLE-SA-2022-05-16-2 macOS Monterey 12.4

Posted by Apple Product Security via Fulldisclosure on May 16

APPLE-SA-2022-05-16-2 macOS Monterey 12.4

macOS Monterey 12.4 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213257.

AMD
Available for: macOS Monterey
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2022-26772: an anonymous researcher

AMD
Available...

APPLE-SA-2022-05-16-5 watchOS 8.6

Posted by Apple Product Security via Fulldisclosure on May 16

APPLE-SA-2022-05-16-5 watchOS 8.6

watchOS 8.6 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213253.

AppleAVD
Available for: Apple Watch Series 3 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2022-26702: an anonymous researcher

AppleAVD...

APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6

Posted by Apple Product Security via Fulldisclosure on May 16

APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6

macOS Big Sur 11.6.6 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213256.

apache
Available for: macOS Big Sur
Impact: Multiple issues in apache
Description: Multiple issues were addressed by updating apache to
version 2.4.53.
CVE-2021-44224
CVE-2021-44790
CVE-2022-22719
CVE-2022-22720
CVE-2022-22721

AppKit
Available for: macOS...

APPLE-SA-2022-05-16-1 iOS 15.5 and iPadOS 15.5

Posted by Apple Product Security via Fulldisclosure on May 16

APPLE-SA-2022-05-16-1 iOS 15.5 and iPadOS 15.5

iOS 15.5 and iPadOS 15.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213258.

AppleAVD
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application may be able to execute arbitrary code with
kernel...

APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina

Posted by Apple Product Security via Fulldisclosure on May 16

APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina

Security Update 2022-004 Catalina addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213255.

apache
Available for: macOS Catalina
Impact: Multiple issues in apache
Description: Multiple issues were addressed by updating apache to
version 2.4.53.
CVE-2021-44224
CVE-2021-44790
CVE-2022-22719
CVE-2022-22720
CVE-2022-22721...

APPLE-SA-2022-05-16-7 Safari 15.5

Posted by Apple Product Security via Fulldisclosure on May 16

APPLE-SA-2022-05-16-7 Safari 15.5

Safari 15.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213260.

WebKit
Available for: macOS Big Sur and macOS Catalina
Impact: Processing maliciously crafted web content may lead to code
execution
Description: A memory corruption issue was addressed with improved
state management.
WebKit Bugzilla: 238178
CVE-2022-26700: ryuzaki

WebKit...

APPLE-SA-2022-05-16-8 Xcode 13.4

Posted by Apple Product Security via Fulldisclosure on May 16

APPLE-SA-2022-05-16-8 Xcode 13.4

Xcode 13.4 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213261.

Git
Available for: macOS Monterey 12 or later
Impact: On multi-user machines Git users might find themselves
unexpectedly in a Git worktree
Description: A logic issue was addressed with improved state
management.
CVE-2022-24765: 俞晨东

IDE
Available for: macOS Monterey 12...

CVE-2022-24108: OpenCart's plugin "So Listing Tabs" <= 2.2.0 Deserialization of Untrusted Data

Posted by Denis Mironov on May 16

[-] Affected Versions:

Version 2.2.0 is affected, and prior versions are likely affected too.

[-] Vulnerabilities Description:

Vulnerable component is switching to another tab. To exploit
vulnerability, an attacker may send a POST request (with
application/x-www-form-urlencoded content-type) to AJAX endpoint
(usually "/index.php") with "is_ajax_listing_tabs" parameter set to
"1" and "setting" parameter...

github.com/malvuln/RansomDLLs / Catalog of current DLLs affecting vulnerable Ransomware strains.

Posted by malvuln on May 18

Reference list for my Ransomware exploitation research. Lists current DLLs
I have seen to date that some ransomware search for, which I have used
successfully to hijack and intercept vulnerable strains executing arbitrary
code pre-encryption.

https://github.com/malvuln/RansomDLLs

SEC Consult SA-20220518-0 :: Multiple Critical Vulnerabilities in SAP® Application Server, ABAP and ABAP® Platform (Different Software Components)

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on May 18

SEC Consult Vulnerability Lab Security Advisory < 20220518-0 >
=======================================================================
title: Multiple Critical Vulnerabilities
product: SAP® Application Server
ABAP and ABAP® Platform (Different Software Components)
vulnerable version: see section "Vulnerable / tested versions"
fixed version: see SAP security notes...

LiquidFiles - 3.4.15 - Stored XSS - CVE-2021-30140

Posted by Rodolfo Augusto do Nascimento Tavares via Fulldisclosure on May 18

=====[ Tempest Security Intelligence - ADV-12/2021
]==========================

LiquidFiles - 3.4.15

Author: Rodolfo Tavares

Tempest Security Intelligence - Recife, Pernambuco - Brazil

=====[ Table of Contents]==================================================
* Overview
* Detailed description
* Timeline of disclosure
* Thanks & Acknowledgements
* References

=====[ Vulnerability...

Watch multiple LockBit Ransom get DESTROYED Mass PWNAGE at scale!

Posted by malvuln on May 18

Watch multiple LockBit Ransom get DESTROYED Mass PWNAGE at scale!

https://www.youtube.com/watch?v=eg3l8a_HSSU

PHPIPAM 1.4.4 - CVE-2021-46426

Posted by Rodolfo Augusto do Nascimento Tavares via Fulldisclosure on May 18

=====[ Tempest Security Intelligence - ADV-03/2022
]==========================

PHPIPAM - Version 1.4.4

Author: Rodolfo Tavares

Tempest Security Intelligence - Recife, Pernambuco - Brazil

=====[ Table of Contents ]==================================================

* Overview
* Detailed description
* Timeline of disclosure
* Thanks & Acknowledgements
* References

=====[ Vulnerability Information...

[tool] tplink backup decryptor.

Posted by retset on May 23

Yet another "tool" to decrypt a backup configs for some tplink wifi
routers.
Only tested on latest fw for "Archer C7".
I hope that it will be useful for someone.

https://github.com/ret5et/tplink_backup_decrypt_2022.bin

Disclosing Vulnerability of CLink Office 2.0

Posted by chan chan on May 23

Dear Sir/Madam,

I would like to submit a vulnerability found on CLink Office 2.0. I had
contacted the vendor 60 days before but in vain.

# Exploit Title: Multiple blind SQL injection vulnerabilities in in CLink
Office 2.0 Anti-Spam management console

# Date: 30 Mar 2022

# Exploit Author: Erwin Chan, Stephen Tsoi

# Vendor Homepage: https://www.communilink.net/

# Softwar: CLink Office

# Version: 2.0

# Tested on: CLink Office 2.0 Anti-Spam...

Trojan-Ransom.Thanos / Code Execution

Posted by malvuln on May 27

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/be60e389a0108b2871dff12dfbb542ac.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan-Ransom.Thanos
Vulnerability: Code Execution
Description: Thanos looks for and executes DLLs in its current directory.
Therefore, we can potentially hijack a vuln DLL execute our own code,
control and terminate the malware...

[CVE-2022-0779] User Meta "um_show_uploaded_file" Path Traversal / Local File Enumeration

Posted by Julien Ahrens (RCE Security) on May 27

RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: User Meta
Vendor URL: https://wordpress.org/plugins/user-meta
Type: Relative Path Traversal [CWE-23]
Date found: 2022-02-28
Date published: 2022-05-24
CVSSv3 Score: 4.3 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
CVE: CVE-2022-0779

2. CREDITS
==========
This vulnerability was discovered and...

[CVE-2021-40150] Reolink E1 Zoom Camera <= 3.0.0.716 Unauthenticated Web Server Configuration Disclosure

Posted by Julien Ahrens (RCE Security) on Jun 03

RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: Reolink E1 Zoom Camera
Vendor URL: https://reolink.com/product/e1-zoom/
Type: Exposure of Sensitive Information to an Unauthorized Actor [CWE-200]
Date found: 2021-08-26
Date published: 2022-06-01
CVSSv3 Score: 5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVE: CVE-2021-40150

2. CREDITS
==========...

Re: Three vulnerabilities found in MikroTik's RouterOS

Posted by Q C on Jun 03

[update 2022/05/30] Two CVEs have been assigned to these vulnerabilities.

CVE-2021-36613: Mikrotik RouterOs before stable 6.48.2 suffers from a
memory corruption vulnerability in the ptp process. An authenticated remote
attacker can cause a Denial of Service (NULL pointer dereference).

CVE-2021-36614: Mikrotik RouterOs before stable 6.48.2 suffers from a
memory corruption vulnerability in the tr069-client process. An
authenticated remote...

[CVE-2021-40149] Reolink E1 Zoom Camera <= 3.0.0.716 Unauthenticated Private Key Disclosure

Posted by Julien Ahrens (RCE Security) on Jun 03

RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: Reolink E1 Zoom Camera
Vendor URL: https://reolink.com/product/e1-zoom/
Type: Exposure of Sensitive Information to an Unauthorized Actor [CWE-200]
Date found: 2021-08-26
Date published: 2022-06-01
CVSSv3 Score: 7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVE: CVE-2021-40149

2. CREDITS
==========...

SEC Consult SA-20220602-0 :: Multiple Memory Corruption Vulnerabilities in dbus-broker

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Jun 03

SEC Consult Vulnerability Lab Security Advisory < 20220602-0 >
=======================================================================
title: Multiple Memory Corruption Vulnerabilities
product: dbus-broker
vulnerable version: dbus-broker-29
fixed version: dbus-broker-31
CVE number: CVE-2022-31212, CVE-2022-31213
impact: medium
homepage:...

SEC Consult SA-20220531-0 :: Backdoor account in Korenix JetPort 5601V3

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Jun 03

SEC Consult Vulnerability Lab Security Advisory < 20220531-0 >
=======================================================================
title: Backdoor account
product: Korenix JetPort 5601V3
vulnerable version: Firmware version 1.0
fixed version: None
CVE number: CVE-2020-12501
impact: High
homepage: https://www.korenix.com/
found: 2020-04-06...

SEC Consult SA-20220601-1 :: Authenticated Command Injection in Poly Studio

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Jun 03

SEC Consult Vulnerability Lab Security Advisory < 20220601-1 >
=======================================================================
title: Authenticated Command Injection
product: Poly Studio X30, Studio X50, Studio X70, G7500
vulnerable version: 3.4.0-292042, 3.5.0-344025, 3.6.0
fixed version: 3.7.0 or higher
CVE number: CVE-2022-26481
impact: critical
homepage:...

SEC Consult SA-20220601-0 :: Multiple Critical Vulnerabilities in Poly EagleEye Director II

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Jun 03

SEC Consult Vulnerability Lab Security Advisory < 20220601-0 >
=======================================================================
title: Multiple Critical Vulnerabilities
product: Poly EagleEye Director II
vulnerable version: 2.2.1.1 (Jul 1, 2021)
fixed version: 2.2.2.1 or higher
CVE number: CVE-2022-26479, CVE-2022-26482
impact: critical
homepage:...

[SYSS-2022-014]: Verbatim Fingerprint Secure Portable Hard Drive - Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28387)

Posted by Matthias Deeg on Jun 10

Advisory ID: SYSS-2022-014
Product: Fingerprint Secure Portable Hard Drive
Manufacturer: Verbatim
Affected Version(s): #53650
Tested Version(s): #53650
Vulnerability Type: Use of a Cryptographic Primitive with a Risky
Implementation (CWE-1240)
Risk Level: High
Solution Status: Open
Manufacturer Notification: 2022-02-03
Solution...

[SYSS-2022-024]: Lepin EP-KP001 - Violation of Secure Design Principles (CWE-657) (CVE-2022-29948)

Posted by Matthias Deeg on Jun 10

Advisory ID: SYSS-2022-024
Product: EP-KP001
Manufacturer: Lepin
Affected Version(s): KP001_V19
Tested Version(s): KP001_V19
Vulnerability Type: Violation of Secure Design Principles (CWE-657)
Risk Level: High
Solution Status: Open
Manufacturer Notification: 2022-04-12
Solution Date: -
Public Disclosure: 2022-06-10
CVE Reference:...

[SYSS-2022-015]: Verbatim Fingerprint Secure Portable Hard Drive - Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28382)

Posted by Matthias Deeg on Jun 10

Advisory ID: SYSS-2022-015
Product: Fingerprint Secure Portable Hard Drive
Manufacturer: Verbatim
Affected Version(s): #53650
Tested Version(s): #53650
Vulnerability Type: Use of a Cryptographic Primitive with a Risky
Implementation (CWE-1240)
Risk Level: Low
Solution Status: Open
Manufacturer Notification: 2022-02-03
Solution...

[SYSS-2022-017]: Verbatim Fingerprint Secure Portable Hard Drive - Insufficient Verification of Data Authenticity (CWE-345) (CVE-2022-28385)

Posted by Matthias Deeg on Jun 10

Advisory ID: SYSS-2022-017
Product: Fingerprint Secure Portable Hard Drive
Manufacturer: Verbatim
Affected Version(s): #53650
Tested Version(s): #53650
Vulnerability Type: Insufficient Verification of Data
Authenticity (CWE-345)
Risk Level: Low
Solution Status: Open
Manufacturer Notification: 2022-02-03
Solution Date: -
Public Disclosure:...

[SYSS-2022-016]: Verbatim Fingerprint Secure Portable Hard Drive - Missing Immutable Root of Trust in Hardware (CWE-1326) (CVE-2022-28383)

Posted by Matthias Deeg on Jun 10

Advisory ID: SYSS-2022-016
Product: Fingerprint Secure Portable Hard Drive
Manufacturer: Verbatim
Affected Version(s): #53650
Tested Version(s): #53650
Vulnerability Type: Missing Immutable Root of Trust in Hardware
(CWE-1326)
Risk Level: Medium
Solution Status: Open
Manufacturer Notification: 2022-02-03
Solution Date: -
Public Disclosure:...

Trojan-Banker.Win32.Banker.agzg / Insecure Permissions

Posted by malvuln on Jun 10

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/ef1e59148c9a902ae5454760aaab73fe.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan-Banker.Win32.Banker.agzg
Vulnerability: Insecure Permissions
Description: The malware writes a PE file to c drive granting change (C)
permissions to the authenticated user group. Standard users can rename the
executable dropped...

Ransom.Haron / Code Execution

Posted by malvuln on Jun 10

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/dedad693898bba0e4964e6c9a749d380.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Ransom.Haron
Vulnerability: Code Execution
Description: Haron looks for and executes DLLs in its current directory.
Therefore, we can potentially hijack a vuln DLL execute our own code,
control and terminate the malware pre-encryption....

Trojan-Banker.Win32.Banbra.cyt / Insecure Permissions

Posted by malvuln on Jun 10

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/e0f2bee25dd103d92e91e895e313ec34.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan-Banker.Win32.Banbra.cyt
Vulnerability: Insecure Permissions
Description: The malware writes a batch script ".bat" file to c drive
granting change (C) permissions to the authenticated user group. Standard
users can...

Backdoor.Win32.Cabrotor.10.d / Unauthenticated Remote Command Execution

Posted by malvuln on Jun 10

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/40acf109fa9621eae6930ef18f804909.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Cabrotor.10.d
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware listens on TCP port 1243. Attackers who can reach
infected systems can issue commands made up of single characters E.g....

Trojan-Proxy.Win32.Symbab.o / Heap Corruption

Posted by malvuln on Jun 10

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/bffc519fbaf2d119bd307cd22368cdc7.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan-Proxy.Win32.Symbab.o
Vulnerability: Heap Corruption
Description: The malware listens on TCP port 8080. Attackers who can reach
an infected system can send a corrupt HTTP request for the "redirecturl"
parameter causing...

Hidden Functionality (Backdoor) (CWE-912) / CVE-2022-29854, CVE-2022-29855

Posted by Moritz Abrell on Jun 10

Advisory ID: SYSS-2022-021
Product: Mitel 6800/6900 Series SIP Phones excluding 6970
Mitel 6900 Series IP (MiNet) Phones
Manufacturer: Mitel Networks Corporation
Affected Version(s): Rel 5.1 SP8 (5.1.0.8016) and earlier
Rel 6.0 (6.0.0.368) to 6.1 HF4 (6.1.0.165)
MiNet 1.8.0.12 and earlier
Tested Version(s):...

HNS-2022-02 - HN Security Advisory - Multiple vulnerabilities in Zyxel zysh

Posted by Marco Ivaldi on Jun 10

Dear Full Disclosure,

Find attached a security advisory that details multiple
vulnerabilities we discovered in the zysh shell distributed with some
Zyxel products, including their security appliances.

* Title: Multiple vulnerabilities in Zyxel zysh
* Products: Zyxel firewalls, AP controllers, and APs
* Author: Marco Ivaldi <marco.ivaldi () hnsecurity it>
* Date: 2022-06-07
* CVE Names and Vendor CVSS Scores:
CVE-2022-26531:...

SEC Consult SA-20220607-0 :: Multiple Vulnerabilities in Infiray IRAY-A8Z3 thermal camera

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Jun 10

SEC Consult Vulnerability Lab Security Advisory < 20220607-0 >
=======================================================================
title: Multiple Vulnerabilities
product: Infiray IRAY-A8Z3 thermal camera
vulnerable version: V1.0.957
fixed version: None
CVE number: CVE-2022-31208, CVE-2022-31209, CVE-2022-31210,
CVE-2022-31211
impact: Critical...

SEC Consult SA-20220609-0 :: Multiple vulnerabilities in SoftGuard SNMP Network Management Extension

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Jun 10

SEC Consult Vulnerability Lab Security Advisory < 20220609-0 >
=======================================================================
title: Multiple vulnerabilities
product: SoftGuard SNMP Network Management Extension
vulnerable version: SoftGuard Web (SGW) < 5.1.5
fixed version: SoftGuard version 5.1.5 from 2022-06-01
CVE number: CVE-2022-31201, CVE-2022-31202
impact: High...

SEC Consult SA-20220608-0 :: Stored Cross-Site Scripting & Unsafe Java Deserializiation in Gentics CMS

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Jun 10

SEC Consult Vulnerability Lab Security Advisory < 20220608-0 >
=======================================================================
title: Stored Cross-Site Scripting & Unsafe Java Deserializiation
product: Gentics CMS
vulnerable version: 5.36.29, see section below
fixed version: 5.40.27, 5.41.15, 5.42.7, 5.43.1 or higher
CVE number: CVE-2022-30981, CVE-2022-30982
impact:...

SEC Consult SA-20220614-0 :: Reflected Cross Site Scripting in SIEMENS-SINEMA Remote Connect

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Jun 14

SEC Consult Vulnerability Lab Security Advisory < 20220614-0 >
=======================================================================
title: Reflected Cross Site Scripting
product: SIEMENS-SINEMA Remote Connect
vulnerable version: <=V3.0.1.0-01.01.00.02
fixed version: V3.1.0
CVE number: CVE-2022-29034
impact: medium
homepage: https://siemens.com...

SEC Consult SA-20220615-0 :: Hardcoded Backdoor User and Outdated Software Components in Nexans FTTO GigaSwitch series

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Jun 17

SEC Consult Vulnerability Lab Security Advisory < 20220615-0 >
=======================================================================
title: Hardcoded Backdoor User and Outdated Software Components
product: Nexans FTTO GigaSwitch industrial/office switches HW version 5
vulnerable version: See "Vulnerable / tested versions"
fixed version: V6.02N, V7.02
CVE number: CVE-2022-32985...

Onapsis Security Advisory 2022-0003: Cross-Site Scripting (XSS) vulnerability in SAP Focused Run (Real User Monitoring)

Posted by Onapsis Research via Fulldisclosure on Jun 21

# Onapsis Security Advisory 2022-0003: Cross-Site Scripting (XSS)
vulnerability in SAP Focused Run (Real User Monitoring)

## Impact on Business

Impact depends on the victim's privileges. In most cases, a successful
attack
allows an attacker to hijack a session, or force the victim to perform
undesired request
in SAP Focused Run.

## Advisory Information

- Public Release Date: 06/21/2022
- Security Advisory ID: ONAPSIS-2022-0003
-...

# Onapsis Security Advisory 2022-0004: Missing Authentication check in SAP Focused Run (Simple Diagnostics Agent 1.0)

Posted by Onapsis Research via Fulldisclosure on Jun 21

# Onapsis Security Advisory 2022-0004: Missing Authentication check in SAP
Focused Run (Simple Diagnostics Agent 1.0)

## Impact on Business

Because the Simple Diagnostic Agent (SDA) handles several important
configuration and critical credential information, a successful attack
could lead to the control of the SDA, and therefore affect:
* Integrity, by modifying the configuration.
* Availability, by stopping the service.
* Confidentiality...

Onapsis Security Advisory 2022-0005: Cross-Site Scripting (XSS) vulnerability in SAP Fiori launchpad

Posted by Onapsis Research via Fulldisclosure on Jun 21

# Onapsis Security Advisory 2022-0005: Cross-Site Scripting (XSS)
vulnerability in SAP Fiori launchpad

## Impact on Business

Impact depends on the victim's privileges. In most cases, a successful
attack
allows an attacker to hijack a session, or force the victim to perform
undesired
requests in the SAP System (CSRF) as well as redirected to arbitrary web
site
(Open Redirect).

## Advisory Information

- Public Release Date: 06/21/2022
-...

Onapsis Security Advisory 2022-0006: Information Disclosure vulnerability in SAP Focused Run (Simple Diagnostics Agent 1.0)

Posted by Onapsis Research via Fulldisclosure on Jun 21

# Onapsis Security Advisory 2022-0006: Information Disclosure vulnerability
in SAP Focused Run (Simple Diagnostics Agent 1.0)

## Impact on Business

Running unnecessary services, like a jetty webserver, may lead to increased
surface area for an attack and also it unnecessarily exposes underlying
vulnerabilities.

## Advisory Information

- Public Release Date: 06/21/2022
- Security Advisory ID: ONAPSIS-2022-0006
- Researcher(s): Yvan Genuer

##...

Onapsis Security Advisory 2022-0007: Directory Traversal vulnerability in SAP Focused Run (Simple Diagnostics Agent 1.0)

Posted by Onapsis Research via Fulldisclosure on Jun 21

# Onapsis Security Advisory 2022-0007: Directory Traversal vulnerability in
SAP Focused Run (Simple Diagnostics Agent 1.0)

## Impact on Business

Exposing the contents of a directory can lead to a disclosure of useful
information
for the attacker to devise exploits, such as creation times of files or any
information that may be encoded in file names. The directory listing may
also
compromise private or confidential data.

## Advisory Information...

CFP No cON Name 2022 - Barcelona

Posted by Jose Nicolas Castellano via Fulldisclosure on Jun 27

No cON Name 2022 - Barcelona

************************************
*****  Call For Papers        ******
************************************

https://www.noconname.org/call-for-papers/

Exact place not disclosed until a few weeks before due celebration.

    * INTRODUCTION
The organization has  opened CFP proposals. No cON Name is the eldest
Hacking
and Security Conference in Span. Our goal is to get highly qualified
requests
for...

SEC-T CFP ongoing

Posted by Mattias Bååth via Fulldisclosure on Jun 27

Hey all

It's now less than two weeks to submit a talk to SEC-T 2022, at least if
you want to be part of the first talk selection round (recommended) that
we kick off July first.

SEC-T is non-profit, non-corporate, two day, single track, con in
Stockholm, Sweden. We pay travel, accommodation and an honorary to all
speakers.

If you have something fun you'd like to present, send us a submission
before July 1st... or at least before...

Backdoor.Win32.InfecDoor.17.c / Insecure Permissions

Posted by malvuln on Jun 27

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/1fd70e41918c3a75c634b1c234ec36fb.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.InfecDoor.17.c
Vulnerability: Insecure Permissions
Description: The malware writes a ".420" settings file type to c drive
granting change (C) permissions to the authenticated user group. Standard
users can...

Trojan-Mailfinder.Win32.VB.p / Insecure Permissions

Posted by malvuln on Jun 27

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/20e438d84aa2828826d52540d80bf7f.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan-Mailfinder.Win32.VB.p
Vulnerability: Insecure Permissions
Description: The malware writes a dir with multiple PE files to c drive
granting change (C) permissions to the authenticated user group. Standard
users can rename the...

Backdoor.Win32.Shark.btu / Insecure Permissions

Posted by malvuln on Jun 27

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/5a83f8b8c8a8b7a85b3ff632aa60e793.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Shark.btu
Vulnerability: Insecure Permissions
Description: The malware writes multiple PE files to c drive granting
change (C) permissions to the authenticated user group. Standard users can
rename the executable...

Yashma Ransomware Builder v1.2 / Insecure Permissions

Posted by malvuln on Jun 27

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/13e878ed7e547523cffc5728f6ba4190.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Yashma Ransomware Builder v1.2
Vulnerability: Insecure Permissions
Description: The malware creates PE files with insecure permissions when
writing to c:\ drive, granting change (C) permissions to the authenticated
user group. Standard...

AnyDesk Public Exploit Disclosure - Arbitrary file write by symbolic link attack lead to denial-of-service attack on local machine

Posted by chan chan on Jun 27

Hi FullDisclosure,

I would like to publish an exploit that I found on AnyDesk as follows.

# Exploit Title: AnyDesk allow arbitrary file write by symbolic link
attack lead to denial-of-service attack on local machine
# Google Dork: [if applicable]
# Date: 24/5/2022
# Exploit Author: Erwin Chan
# Vendor Homepage: https://anydesk.com/en
# Software Link: https://anydesk.com/en
# Version: 7.0.9
# Tested on: Windows 11

It was found that AnyDesk...

🐞 CFP for Hardwear.io NL 2022 is OPEN!

Posted by Andrea Simonca on Jun 30

*🐞 CFP for Hardwear.io NL 2022 is OPEN!*
If you have groundbreaking embedded research or an awesome open-source tool
you’d like to showcase before the global hardware security community, this
is your chance. Send in your ideas on various hardware subjects, including
but not limited to Chips, Processors, ICS/SCADA, Telecom, Protocols &
Cryptography.

CFP is open until: 15 August 2022
Conference: 27-28 October 2022, The Hague (NL)

✅...

[Extension: CPSIoTSec 2022] The Workshop on CPS&IoT Security and Privacy **Submission Deadline: July 25, 2022**

Posted by alcaraz on Jun 30

[Apologies for cross-posting]

--------------------------------------------------------------------------
C a l l F o r P a p e r s

The Workshop on CPS&IoT Security and Privacy (CPSIoTSec 2022), in
conjunction with the ACM Conference on Computer and Communications
Security (ACM CCS)
November 7-11, 2022, Los Angeles, U.S.A.
https://cpsiotsec2022.github.io/cpsiotsec/...

Backdoor.Win32.EvilGoat.b / Weak Hardcoded Credentials

Posted by malvuln on Jun 30

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/20daf01e941f966b21a7ae431faefc65.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.EvilGoat.b
Vulnerability: Weak Hardcoded Credentials
Description: The malware listens on TCP port 13014. Authentication is
required, however the credentials "evilgoat / penix" are weak and found
within the PE...

BigBlueButton - Stored XSS in username (CVE-2022-31064)

Posted by Rick Verdoes via Fulldisclosure on Jun 30

CVE-2022-31064 - Stored Cross-Site Scripting in BigBlueButton.

=========================

Exploit Title: Stored Cross-Site Scripting (XSS) in BigBlueButton

Product: BigBlueButton

Vendor: BigBlueButton

Vulnerable Versions: 2.3, <2.4.8, <2.5.0

Tested Version: 2.4.7

Advisory Publication: Jun 22, 2022

Latest Update: Jun 22, 2022

Vulnerability Type: Cross-Site Scripting [CWE-79]

CVE Reference: CVE-2022-31064

CVSS Severity: High

CVSS...

Backdoor.Win32.Coredoor.10.a / Authentication Bypass

Posted by malvuln on Jun 30

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/49da40a2ac819103da9dc5ed10d08ddb.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Coredoor.10.a
Vulnerability: Authentication Bypass
Description: The malware runs an FTP server on TCP port 21000. Third-party
attackers who can reach infected systems can logon using any
username/password combination....

Backdoor.Win32.Cafeini.b / Weak Hardcoded Credentials

Posted by malvuln on Jun 30

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/a8fc1b3f7a605dc06a319bf0e14ca68b.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Cafeini.b
Vulnerability: Weak Hardcoded Credentials
Description: The malware listens on TCP ports 51966 and 23. Authentication
is required, however the password "mama" is weak and found within the PE
file....