FreshRSS

πŸ”’
❌ About FreshRSS
☷
β–½ πŸ”ƒ
There are new available articles, click to refresh the page.
Before yesterdayFull Disclosure

Trojan-Ransom.Thanos / Code Execution

Posted by malvuln on May 27

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/be60e389a0108b2871dff12dfbb542ac.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan-Ransom.Thanos
Vulnerability: Code Execution
Description: Thanos looks for and executes DLLs in its current directory.
Therefore, we can potentially hijack a vuln DLL execute our own code,
control and terminate the malware...
  • May 28th 2022 at 02:01
  • β†—

[CVE-2022-0779] User Meta "um_show_uploaded_file" Path Traversal / Local File Enumeration

Posted by Julien Ahrens (RCE Security) on May 27

RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: User Meta
Vendor URL: https://wordpress.org/plugins/user-meta
Type: Relative Path Traversal [CWE-23]
Date found: 2022-02-28
Date published: 2022-05-24
CVSSv3 Score: 4.3 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
CVE: CVE-2022-0779

2. CREDITS
==========
This vulnerability was discovered and...
  • May 28th 2022 at 02:01
  • β†—

[CVE-2021-40150] Reolink E1 Zoom Camera <= 3.0.0.716 Unauthenticated Web Server Configuration Disclosure

Posted by Julien Ahrens (RCE Security) on Jun 03

RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: Reolink E1 Zoom Camera
Vendor URL: https://reolink.com/product/e1-zoom/
Type: Exposure of Sensitive Information to an Unauthorized Actor [CWE-200]
Date found: 2021-08-26
Date published: 2022-06-01
CVSSv3 Score: 5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVE: CVE-2021-40150

2. CREDITS
==========...
  • June 3rd 2022 at 19:21
  • β†—

Re: Three vulnerabilities found in MikroTik's RouterOS

Posted by Q C on Jun 03

[update 2022/05/30] Two CVEs have been assigned to these vulnerabilities.

CVE-2021-36613: Mikrotik RouterOs before stable 6.48.2 suffers from a
memory corruption vulnerability in the ptp process. An authenticated remote
attacker can cause a Denial of Service (NULL pointer dereference).

CVE-2021-36614: Mikrotik RouterOs before stable 6.48.2 suffers from a
memory corruption vulnerability in the tr069-client process. An
authenticated remote...
  • June 3rd 2022 at 19:21
  • β†—

[CVE-2021-40149] Reolink E1 Zoom Camera <= 3.0.0.716 Unauthenticated Private Key Disclosure

Posted by Julien Ahrens (RCE Security) on Jun 03

RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: Reolink E1 Zoom Camera
Vendor URL: https://reolink.com/product/e1-zoom/
Type: Exposure of Sensitive Information to an Unauthorized Actor [CWE-200]
Date found: 2021-08-26
Date published: 2022-06-01
CVSSv3 Score: 7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVE: CVE-2021-40149

2. CREDITS
==========...
  • June 3rd 2022 at 19:21
  • β†—

SEC Consult SA-20220602-0 :: Multiple Memory Corruption Vulnerabilities in dbus-broker

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Jun 03

SEC Consult Vulnerability Lab Security Advisory < 20220602-0 >
=======================================================================
title: Multiple Memory Corruption Vulnerabilities
product: dbus-broker
vulnerable version: dbus-broker-29
fixed version: dbus-broker-31
CVE number: CVE-2022-31212, CVE-2022-31213
impact: medium
homepage:...
  • June 3rd 2022 at 19:23
  • β†—

SEC Consult SA-20220531-0 :: Backdoor account in Korenix JetPort 5601V3

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Jun 03

SEC Consult Vulnerability Lab Security Advisory < 20220531-0 >
=======================================================================
title: Backdoor account
product: Korenix JetPort 5601V3
vulnerable version: Firmware version 1.0
fixed version: None
CVE number: CVE-2020-12501
impact: High
homepage: https://www.korenix.com/
found: 2020-04-06...
  • June 3rd 2022 at 19:23
  • β†—

SEC Consult SA-20220601-1 :: Authenticated Command Injection in Poly Studio

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Jun 03

SEC Consult Vulnerability Lab Security Advisory < 20220601-1 >
=======================================================================
title: Authenticated Command Injection
product: Poly Studio X30, Studio X50, Studio X70, G7500
vulnerable version: 3.4.0-292042, 3.5.0-344025, 3.6.0
fixed version: 3.7.0 or higher
CVE number: CVE-2022-26481
impact: critical
homepage:...
  • June 3rd 2022 at 19:23
  • β†—

SEC Consult SA-20220601-0 :: Multiple Critical Vulnerabilities in Poly EagleEye Director II

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Jun 03

SEC Consult Vulnerability Lab Security Advisory < 20220601-0 >
=======================================================================
title: Multiple Critical Vulnerabilities
product: Poly EagleEye Director II
vulnerable version: 2.2.1.1 (Jul 1, 2021)
fixed version: 2.2.2.1 or higher
CVE number: CVE-2022-26479, CVE-2022-26482
impact: critical
homepage:...
  • June 3rd 2022 at 19:23
  • β†—

[SYSS-2022-014]: Verbatim Fingerprint Secure Portable Hard Drive - Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28387)

Posted by Matthias Deeg on Jun 10

Advisory ID: SYSS-2022-014
Product: Fingerprint Secure Portable Hard Drive
Manufacturer: Verbatim
Affected Version(s): #53650
Tested Version(s): #53650
Vulnerability Type: Use of a Cryptographic Primitive with a Risky
Implementation (CWE-1240)
Risk Level: High
Solution Status: Open
Manufacturer Notification: 2022-02-03
Solution...
  • June 11th 2022 at 06:05
  • β†—

[SYSS-2022-024]: Lepin EP-KP001 - Violation of Secure Design Principles (CWE-657) (CVE-2022-29948)

Posted by Matthias Deeg on Jun 10

Advisory ID: SYSS-2022-024
Product: EP-KP001
Manufacturer: Lepin
Affected Version(s): KP001_V19
Tested Version(s): KP001_V19
Vulnerability Type: Violation of Secure Design Principles (CWE-657)
Risk Level: High
Solution Status: Open
Manufacturer Notification: 2022-04-12
Solution Date: -
Public Disclosure: 2022-06-10
CVE Reference:...
  • June 11th 2022 at 06:06
  • β†—

[SYSS-2022-015]: Verbatim Fingerprint Secure Portable Hard Drive - Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28382)

Posted by Matthias Deeg on Jun 10

Advisory ID: SYSS-2022-015
Product: Fingerprint Secure Portable Hard Drive
Manufacturer: Verbatim
Affected Version(s): #53650
Tested Version(s): #53650
Vulnerability Type: Use of a Cryptographic Primitive with a Risky
Implementation (CWE-1240)
Risk Level: Low
Solution Status: Open
Manufacturer Notification: 2022-02-03
Solution...
  • June 11th 2022 at 06:06
  • β†—

[SYSS-2022-017]: Verbatim Fingerprint Secure Portable Hard Drive - Insufficient Verification of Data Authenticity (CWE-345) (CVE-2022-28385)

Posted by Matthias Deeg on Jun 10

Advisory ID: SYSS-2022-017
Product: Fingerprint Secure Portable Hard Drive
Manufacturer: Verbatim
Affected Version(s): #53650
Tested Version(s): #53650
Vulnerability Type: Insufficient Verification of Data
Authenticity (CWE-345)
Risk Level: Low
Solution Status: Open
Manufacturer Notification: 2022-02-03
Solution Date: -
Public Disclosure:...
  • June 11th 2022 at 06:06
  • β†—

[SYSS-2022-016]: Verbatim Fingerprint Secure Portable Hard Drive - Missing Immutable Root of Trust in Hardware (CWE-1326) (CVE-2022-28383)

Posted by Matthias Deeg on Jun 10

Advisory ID: SYSS-2022-016
Product: Fingerprint Secure Portable Hard Drive
Manufacturer: Verbatim
Affected Version(s): #53650
Tested Version(s): #53650
Vulnerability Type: Missing Immutable Root of Trust in Hardware
(CWE-1326)
Risk Level: Medium
Solution Status: Open
Manufacturer Notification: 2022-02-03
Solution Date: -
Public Disclosure:...
  • June 11th 2022 at 06:06
  • β†—

Trojan-Banker.Win32.Banker.agzg / Insecure Permissions

Posted by malvuln on Jun 10

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/ef1e59148c9a902ae5454760aaab73fe.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan-Banker.Win32.Banker.agzg
Vulnerability: Insecure Permissions
Description: The malware writes a PE file to c drive granting change (C)
permissions to the authenticated user group. Standard users can rename the
executable dropped...
  • June 11th 2022 at 06:07
  • β†—

Ransom.Haron / Code Execution

Posted by malvuln on Jun 10

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/dedad693898bba0e4964e6c9a749d380.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Ransom.Haron
Vulnerability: Code Execution
Description: Haron looks for and executes DLLs in its current directory.
Therefore, we can potentially hijack a vuln DLL execute our own code,
control and terminate the malware pre-encryption....
  • June 11th 2022 at 06:07
  • β†—

Trojan-Banker.Win32.Banbra.cyt / Insecure Permissions

Posted by malvuln on Jun 10

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/e0f2bee25dd103d92e91e895e313ec34.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan-Banker.Win32.Banbra.cyt
Vulnerability: Insecure Permissions
Description: The malware writes a batch script ".bat" file to c drive
granting change (C) permissions to the authenticated user group. Standard
users can...
  • June 11th 2022 at 06:07
  • β†—

Backdoor.Win32.Cabrotor.10.d / Unauthenticated Remote Command Execution

Posted by malvuln on Jun 10

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/40acf109fa9621eae6930ef18f804909.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Cabrotor.10.d
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware listens on TCP port 1243. Attackers who can reach
infected systems can issue commands made up of single characters E.g....
  • June 11th 2022 at 06:07
  • β†—

Trojan-Proxy.Win32.Symbab.o / Heap Corruption

Posted by malvuln on Jun 10

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/bffc519fbaf2d119bd307cd22368cdc7.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan-Proxy.Win32.Symbab.o
Vulnerability: Heap Corruption
Description: The malware listens on TCP port 8080. Attackers who can reach
an infected system can send a corrupt HTTP request for the "redirecturl"
parameter causing...
  • June 11th 2022 at 06:07
  • β†—

Hidden Functionality (Backdoor) (CWE-912) / CVE-2022-29854, CVE-2022-29855

Posted by Moritz Abrell on Jun 10

Advisory ID: SYSS-2022-021
Product: Mitel 6800/6900 Series SIP Phones excluding 6970
Mitel 6900 Series IP (MiNet) Phones
Manufacturer: Mitel Networks Corporation
Affected Version(s): Rel 5.1 SP8 (5.1.0.8016) and earlier
Rel 6.0 (6.0.0.368) to 6.1 HF4 (6.1.0.165)
MiNet 1.8.0.12 and earlier
Tested Version(s):...
  • June 11th 2022 at 06:08
  • β†—

HNS-2022-02 - HN Security Advisory - Multiple vulnerabilities in Zyxel zysh

Posted by Marco Ivaldi on Jun 10

Dear Full Disclosure,

Find attached a security advisory that details multiple
vulnerabilities we discovered in the zysh shell distributed with some
Zyxel products, including their security appliances.

* Title: Multiple vulnerabilities in Zyxel zysh
* Products: Zyxel firewalls, AP controllers, and APs
* Author: Marco Ivaldi <marco.ivaldi () hnsecurity it>
* Date: 2022-06-07
* CVE Names and Vendor CVSS Scores:
CVE-2022-26531:...
  • June 11th 2022 at 06:09
  • β†—

SEC Consult SA-20220607-0 :: Multiple Vulnerabilities in Infiray IRAY-A8Z3 thermal camera

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Jun 10

SEC Consult Vulnerability Lab Security Advisory < 20220607-0 >
=======================================================================
title: Multiple Vulnerabilities
product: Infiray IRAY-A8Z3 thermal camera
vulnerable version: V1.0.957
fixed version: None
CVE number: CVE-2022-31208, CVE-2022-31209, CVE-2022-31210,
CVE-2022-31211
impact: Critical...
  • June 11th 2022 at 06:11
  • β†—

SEC Consult SA-20220609-0 :: Multiple vulnerabilities in SoftGuard SNMP Network Management Extension

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Jun 10

SEC Consult Vulnerability Lab Security Advisory < 20220609-0 >
=======================================================================
title: Multiple vulnerabilities
product: SoftGuard SNMP Network Management Extension
vulnerable version: SoftGuard Web (SGW) < 5.1.5
fixed version: SoftGuard version 5.1.5 from 2022-06-01
CVE number: CVE-2022-31201, CVE-2022-31202
impact: High...
  • June 11th 2022 at 06:11
  • β†—

SEC Consult SA-20220608-0 :: Stored Cross-Site Scripting & Unsafe Java Deserializiation in Gentics CMS

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Jun 10

SEC Consult Vulnerability Lab Security Advisory < 20220608-0 >
=======================================================================
title: Stored Cross-Site Scripting & Unsafe Java Deserializiation
product: Gentics CMS
vulnerable version: 5.36.29, see section below
fixed version: 5.40.27, 5.41.15, 5.42.7, 5.43.1 or higher
CVE number: CVE-2022-30981, CVE-2022-30982
impact:...
  • June 11th 2022 at 06:11
  • β†—

SEC Consult SA-20220614-0 :: Reflected Cross Site Scripting in SIEMENS-SINEMA Remote Connect

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Jun 14

SEC Consult Vulnerability Lab Security Advisory < 20220614-0 >
=======================================================================
title: Reflected Cross Site Scripting
product: SIEMENS-SINEMA Remote Connect
vulnerable version: <=V3.0.1.0-01.01.00.02
fixed version: V3.1.0
CVE number: CVE-2022-29034
impact: medium
homepage: https://siemens.com...
  • June 14th 2022 at 22:44
  • β†—

SEC Consult SA-20220615-0 :: Hardcoded Backdoor User and Outdated Software Components in Nexans FTTO GigaSwitch series

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Jun 17

SEC Consult Vulnerability Lab Security Advisory < 20220615-0 >
=======================================================================
title: Hardcoded Backdoor User and Outdated Software Components
product: Nexans FTTO GigaSwitch industrial/office switches HW version 5
vulnerable version: See "Vulnerable / tested versions"
fixed version: V6.02N, V7.02
CVE number: CVE-2022-32985...
  • June 17th 2022 at 16:10
  • β†—

Onapsis Security Advisory 2022-0003: Cross-Site Scripting (XSS) vulnerability in SAP Focused Run (Real User Monitoring)

Posted by Onapsis Research via Fulldisclosure on Jun 21

# Onapsis Security Advisory 2022-0003: Cross-Site Scripting (XSS)
vulnerability in SAP Focused Run (Real User Monitoring)

## Impact on Business

Impact depends on the victim's privileges. In most cases, a successful
attack
allows an attacker to hijack a session, or force the victim to perform
undesired request
in SAP Focused Run.

## Advisory Information

- Public Release Date: 06/21/2022
- Security Advisory ID: ONAPSIS-2022-0003
-...
  • June 21st 2022 at 15:35
  • β†—

# Onapsis Security Advisory 2022-0004: Missing Authentication check in SAP Focused Run (Simple Diagnostics Agent 1.0)

Posted by Onapsis Research via Fulldisclosure on Jun 21

# Onapsis Security Advisory 2022-0004: Missing Authentication check in SAP
Focused Run (Simple Diagnostics Agent 1.0)

## Impact on Business

Because the Simple Diagnostic Agent (SDA) handles several important
configuration and critical credential information, a successful attack
could lead to the control of the SDA, and therefore affect:
* Integrity, by modifying the configuration.
* Availability, by stopping the service.
* Confidentiality...
  • June 21st 2022 at 15:35
  • β†—

Onapsis Security Advisory 2022-0005: Cross-Site Scripting (XSS) vulnerability in SAP Fiori launchpad

Posted by Onapsis Research via Fulldisclosure on Jun 21

# Onapsis Security Advisory 2022-0005: Cross-Site Scripting (XSS)
vulnerability in SAP Fiori launchpad

## Impact on Business

Impact depends on the victim's privileges. In most cases, a successful
attack
allows an attacker to hijack a session, or force the victim to perform
undesired
requests in the SAP System (CSRF) as well as redirected to arbitrary web
site
(Open Redirect).

## Advisory Information

- Public Release Date: 06/21/2022
-...
  • June 21st 2022 at 15:36
  • β†—

Onapsis Security Advisory 2022-0006: Information Disclosure vulnerability in SAP Focused Run (Simple Diagnostics Agent 1.0)

Posted by Onapsis Research via Fulldisclosure on Jun 21

# Onapsis Security Advisory 2022-0006: Information Disclosure vulnerability
in SAP Focused Run (Simple Diagnostics Agent 1.0)

## Impact on Business

Running unnecessary services, like a jetty webserver, may lead to increased
surface area for an attack and also it unnecessarily exposes underlying
vulnerabilities.

## Advisory Information

- Public Release Date: 06/21/2022
- Security Advisory ID: ONAPSIS-2022-0006
- Researcher(s): Yvan Genuer

##...
  • June 21st 2022 at 15:37
  • β†—

Onapsis Security Advisory 2022-0007: Directory Traversal vulnerability in SAP Focused Run (Simple Diagnostics Agent 1.0)

Posted by Onapsis Research via Fulldisclosure on Jun 21

# Onapsis Security Advisory 2022-0007: Directory Traversal vulnerability in
SAP Focused Run (Simple Diagnostics Agent 1.0)

## Impact on Business

Exposing the contents of a directory can lead to a disclosure of useful
information
for the attacker to devise exploits, such as creation times of files or any
information that may be encoded in file names. The directory listing may
also
compromise private or confidential data.

## Advisory Information...
  • June 21st 2022 at 15:37
  • β†—

CFP No cON Name 2022 - Barcelona

Posted by Jose Nicolas Castellano via Fulldisclosure on Jun 27

No cON Name 2022 - Barcelona

************************************
*****Β  Call For PapersΒ Β Β Β Β Β Β  ******
************************************

https://www.noconname.org/call-for-papers/

Exact place not disclosed until a few weeks before due celebration.

Β Β Β  * INTRODUCTION
The organization hasΒ  opened CFP proposals. No cON Name is the eldest
Hacking
and Security Conference in Span. Our goal is to get highly qualified
requests
for...
  • June 28th 2022 at 05:41
  • β†—

SEC-T CFP ongoing

Posted by Mattias BΓ₯Γ₯th via Fulldisclosure on Jun 27

Hey all

It's now less than two weeks to submit a talk to SEC-T 2022, at least if
you want to be part of the first talk selection round (recommended) that
we kick off July first.

SEC-T is non-profit, non-corporate, two day, single track, con in
Stockholm, Sweden. We pay travel, accommodation and an honorary to all
speakers.

If you have something fun you'd like to present, send us a submission
before July 1st... or at least before...
  • June 28th 2022 at 05:41
  • β†—

Backdoor.Win32.InfecDoor.17.c / Insecure Permissions

Posted by malvuln on Jun 27

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/1fd70e41918c3a75c634b1c234ec36fb.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.InfecDoor.17.c
Vulnerability: Insecure Permissions
Description: The malware writes a ".420" settings file type to c drive
granting change (C) permissions to the authenticated user group. Standard
users can...
  • June 28th 2022 at 05:43
  • β†—

Trojan-Mailfinder.Win32.VB.p / Insecure Permissions

Posted by malvuln on Jun 27

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/20e438d84aa2828826d52540d80bf7f.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan-Mailfinder.Win32.VB.p
Vulnerability: Insecure Permissions
Description: The malware writes a dir with multiple PE files to c drive
granting change (C) permissions to the authenticated user group. Standard
users can rename the...
  • June 28th 2022 at 05:43
  • β†—

Backdoor.Win32.Shark.btu / Insecure Permissions

Posted by malvuln on Jun 27

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/5a83f8b8c8a8b7a85b3ff632aa60e793.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Shark.btu
Vulnerability: Insecure Permissions
Description: The malware writes multiple PE files to c drive granting
change (C) permissions to the authenticated user group. Standard users can
rename the executable...
  • June 28th 2022 at 05:43
  • β†—

Yashma Ransomware Builder v1.2 / Insecure Permissions

Posted by malvuln on Jun 27

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/13e878ed7e547523cffc5728f6ba4190.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Yashma Ransomware Builder v1.2
Vulnerability: Insecure Permissions
Description: The malware creates PE files with insecure permissions when
writing to c:\ drive, granting change (C) permissions to the authenticated
user group. Standard...
  • June 28th 2022 at 05:43
  • β†—

AnyDesk Public Exploit Disclosure - Arbitrary file write by symbolic link attack lead to denial-of-service attack on local machine

Posted by chan chan on Jun 27

Hi FullDisclosure,

I would like to publish an exploit that I found on AnyDesk as follows.

# Exploit Title: AnyDesk allow arbitrary file write by symbolic link
attack lead to denial-of-service attack on local machine
# Google Dork: [if applicable]
# Date: 24/5/2022
# Exploit Author: Erwin Chan
# Vendor Homepage: https://anydesk.com/en
# Software Link: https://anydesk.com/en
# Version: 7.0.9
# Tested on: Windows 11

It was found that AnyDesk...
  • June 28th 2022 at 05:43
  • β†—

🐞 CFP for Hardwear.io NL 2022 is OPEN!

Posted by Andrea Simonca on Jun 30

*🐞 CFP for Hardwear.io NL 2022 is OPEN!*
If you have groundbreaking embedded research or an awesome open-source tool
you’d like to showcase before the global hardware security community, this
is your chance. Send in your ideas on various hardware subjects, including
but not limited to Chips, Processors, ICS/SCADA, Telecom, Protocols &
Cryptography.

CFP is open until: 15 August 2022
Conference: 27-28 October 2022, The Hague (NL)

βœ…...
  • July 1st 2022 at 06:12
  • β†—

[Extension: CPSIoTSec 2022] The Workshop on CPS&IoT Security and Privacy **Submission Deadline: July 25, 2022**

Posted by alcaraz on Jun 30

[Apologies for cross-posting]

--------------------------------------------------------------------------
C a l l F o r P a p e r s

The Workshop on CPS&IoT Security and Privacy (CPSIoTSec 2022), in
conjunction with the ACM Conference on Computer and Communications
Security (ACM CCS)
November 7-11, 2022, Los Angeles, U.S.A.
https://cpsiotsec2022.github.io/cpsiotsec/...
  • July 1st 2022 at 06:12
  • β†—

Backdoor.Win32.EvilGoat.b / Weak Hardcoded Credentials

Posted by malvuln on Jun 30

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/20daf01e941f966b21a7ae431faefc65.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.EvilGoat.b
Vulnerability: Weak Hardcoded Credentials
Description: The malware listens on TCP port 13014. Authentication is
required, however the credentials "evilgoat / penix" are weak and found
within the PE...
  • July 1st 2022 at 06:14
  • β†—

BigBlueButton - Stored XSS in username (CVE-2022-31064)

Posted by Rick Verdoes via Fulldisclosure on Jun 30

CVE-2022-31064 - Stored Cross-Site Scripting in BigBlueButton.

=========================

Exploit Title: Stored Cross-Site Scripting (XSS) in BigBlueButton

Product: BigBlueButton

Vendor: BigBlueButton

Vulnerable Versions: 2.3, <2.4.8, <2.5.0

Tested Version: 2.4.7

Advisory Publication: Jun 22, 2022

Latest Update: Jun 22, 2022

Vulnerability Type: Cross-Site Scripting [CWE-79]

CVE Reference: CVE-2022-31064

CVSS Severity: High

CVSS...
  • July 1st 2022 at 06:14
  • β†—

Backdoor.Win32.Coredoor.10.a / Authentication Bypass

Posted by malvuln on Jun 30

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/49da40a2ac819103da9dc5ed10d08ddb.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Coredoor.10.a
Vulnerability: Authentication Bypass
Description: The malware runs an FTP server on TCP port 21000. Third-party
attackers who can reach infected systems can logon using any
username/password combination....
  • July 1st 2022 at 06:14
  • β†—

Backdoor.Win32.Cafeini.b / Weak Hardcoded Credentials

Posted by malvuln on Jun 30

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/a8fc1b3f7a605dc06a319bf0e14ca68b.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Cafeini.b
Vulnerability: Weak Hardcoded Credentials
Description: The malware listens on TCP ports 51966 and 23. Authentication
is required, however the password "mama" is weak and found within the PE
file....
  • July 1st 2022 at 06:14
  • β†—

typeorm CVE-2022-33171

Posted by lixts via Fulldisclosure on Jun 30

typeorm CVE-2022-33171

findOne(id), findOneOrFail(id)

The findOne function in TypeORM before 0.3.0 can either be supplied with a string or a FindOneOptions object. When
input to the function is a user-controlled parsed JSON object, supplying a crafted FindOneOptions instead of an id
string leads to SQL injection.

The issue was already fixed from version 0.3.0 onward when we encountered it.

Maintainer does not consider this a vulnerability...
  • July 1st 2022 at 06:14
  • β†—

JAHx221 - RCE in copy/pasted PHP compat libraries, json_decode function

Posted by Eldar Marcussen on Jun 30

JAHx221 - RCE in copy/pasted PHP compat libraries, json_decode function
===============================================================================
Several PHP compatability libraries contain a potential remote code
execution
flaw in their `json_decode()` function based on having copy pasted existing
vulnerable code.

Identifiers
---------------------------------------
* JAHx221 - http://www.justanotherhacker.com/advisories/JAHx221.txt...
  • July 1st 2022 at 06:15
  • β†—

CVE-2022-30550: Privilege escalation possible in dovecot when similar master and non-master passdbs are used

Posted by Aki Tuomi via Fulldisclosure on Jul 06

Affected product: Dovecot IMAP Server
Internal reference: DOV-5320
Vulnerability type: Improper Access Control (CWE-284)
Vulnerable version: 2.2
Vulnerable component: submission
Report confidence: Confirmed
Solution status: Fixed in main
Researcher credits: Julian Brook (julezman)
Vendor notification: 2022-05-06
CVE reference: CVE-2022-30550
CVSS: 6.8 (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N)

Vulnerability Details:
When two passdb...
  • July 7th 2022 at 05:14
  • β†—

EQS Integrity Line: Multiple Vulnerabilities

Posted by Giovanni Pellerano on Jul 06

EQS Integrity Line: Multiple Vulnerabilities

Name Multiple Vulnerabilities in EQS Integrity Line
Systems Affected EQS Integrity Line through 2022-07-01
Severity High
Impact (CVSSv2) High 8.8/10, score: (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
Vendor EQS Group AG (https://www.eqs.com/)
Advisory
http://www.ush.it/team/ush/advisory-eqs-integrity-line/eqs_integrity_line.txt
Authors Giovanni...
  • July 7th 2022 at 05:14
  • β†—

Ransom Lockbit 3.0 / Code Execution

Posted by malvuln on Jul 06

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/38745539b71cf201bb502437f891d799_B.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Ransom Lockbit 3.0
Vulnerability: Code Execution
Description: The ransomware apparently now requires a password to execute
as noted by "@vxunderground" E.g. "-pass db66023ab2abcb9957fb01ed50cdfa6a".
Lockbit looks...
  • July 7th 2022 at 05:15
  • β†—

Ransom Lockbit 3.0 / Local Unicode Buffer Overflow (SEH)

Posted by malvuln on Jul 06

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/38745539b71cf201bb502437f891d799.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Ransom Lockbit 3.0
Vulnerability: Local Unicode Buffer Overflow (SEH)
Description: The ransomware apparently now requires a password to execute
as noted by "@vxunderground" E.g. "-pass...
  • July 7th 2022 at 05:15
  • β†—

SCHUTZWERK-SA-2022-003: Remote Command Execution in Spryker Commerce OS

Posted by David Brown via Fulldisclosure on Jul 18

Title
=====

SCHUTZWERK-SA-2022-003: Remote Command Execution in Spryker Commerce OS

Status
======

PUBLISHED

Version
=======

1.0

CVE reference
=============

CVE-2022-28888

Link
====

https://www.schutzwerk.com/en/43/advisories/schutzwerk-sa-2022-003/

Text-only version:
https://www.schutzwerk.com/advisories/SCHUTZWERK-SA-2022-003.txt

Affected products/vendor
========================

Spryker Commerce OS by Spryker Systems GmbH, with...
  • July 18th 2022 at 16:26
  • β†—

Backdoor.Win32.HoneyPot.a / Weak Hardcoded Password

Posted by malvuln on Jul 18

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/e3bb503f9b02cf57341695f30e31128f.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.HoneyPot.a
Vulnerability: Weak Hardcoded Password
Description: The malware listens on various TCP ports of which one can be
port 21 when enabled. Authentication is required, however the credentials...
  • July 18th 2022 at 16:28
  • β†—

Builder XtremeRAT v3.7 / Insecure Permissions

Posted by malvuln on Jul 18

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/7f314e798c150aedd9ce41ed39318f65.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Builder XtremeRAT v3.7
Vulnerability: Insecure Permissions
Description: The malware builds and writes a PE file to c drive granting
change (C) permissions to the authenticated user group. Standard users can
rename the executable...
  • July 18th 2022 at 16:28
  • β†—

Builder XtremeRAT v3.7 / Insecure Crypto Bypass

Posted by malvuln on Jul 18

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/7f314e798c150aedd9ce41ed39318f65_B.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Builder XtremeRAT v3.7
Vulnerability: Insecure Crypto Bypass
Description: The malware builds backdoors and requires authentication to
access the GUI using credentials stored in the "user.info" config file.
XtremeRAT...
  • July 18th 2022 at 16:28
  • β†—

[CFP] 2nd International Workshop on Cyber Forensics and Threat Investigations Challenges CFTIC 2022 (Virtual)

Posted by Andrew Zayine on Jul 18

2nd International Workshop on Cyber Forensics and Threat
Investigations Challenges
October 10-11, 2022, Taking Place Virtually from the UK
https://easychair.org/cfp/CFTIC2022

Cyber forensics and threat investigations has rapidly emerged as a new
field of research to provide the key elements for maintaining
security, reliability, and trustworthiness of the next generation of
emerging technologies such as the internet of things, cyber-physical...
  • July 18th 2022 at 16:30
  • β†—

Re: AnyDesk Public Exploit Disclosure - Arbitrary file write by symbolic link attack lead to denial-of-service attack on local machine

Posted by chan chan on Jul 18

Hi FullDisclosure,

May I know if there is any update?
Please note that Mitre has assigned and reserved a CVE number
"CVE-2022-32450" for this vulnerability.

Regards,
Erwin

chan chan <siuchunc.03 () gmail com> ζ–Ό 2022εΉ΄6月22ζ—₯ι€±δΈ‰ δΈ‹εˆ5:42ε―«ι“οΌš
  • July 18th 2022 at 16:32
  • β†—

Open-Xchange Security Advisory 2022-07-21

Posted by Martin Heiland via Fulldisclosure on Jul 21

Dear subscribers,

we're sharing our latest advisory with you and like to thank everyone who contributed in finding and solving those
vulnerabilities. Feel free to join our bug bounty programs for OX AppSuite, Dovecot and PowerDNS at HackerOne.

Yours sincerely,
Martin Heiland, Open-Xchange GmbH

Product: OX App Suite
Vendor: OX Software GmbH

Internal reference: DOCS-4106
Vulnerability type: OS Command Injection (CWE-78)
Vulnerable...
  • July 22nd 2022 at 03:45
  • β†—

APPLE-SA-2022-07-20-1 iOS 15.6 and iPadOS 15.6

Posted by Apple Product Security via Fulldisclosure on Jul 21

APPLE-SA-2022-07-20-1 iOS 15.6 and iPadOS 15.6

iOS 15.6 and iPadOS 15.6 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213346.

APFS
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An app with root privileges may be able to execute arbitrary
code...
  • July 22nd 2022 at 03:45
  • β†—

Backdoor.Win32.Eclipse.h / Weak Hardcoded Credentials

Posted by malvuln on Jul 21

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/8b470931114527b4dce42034a95ebf46.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Eclipse.h
Vulnerability: Weak Hardcoded Credentials
Family: Eclipse
Type: PE32
MD5: 8b470931114527b4dce42034a95ebf46
Vuln ID: MVID-2022-0625
Disclosure: 07/21/2022
Description: The malware listens on TCP port 6210 and...
  • July 22nd 2022 at 03:45
  • β†—

APPLE-SA-2022-07-20-3 macOS Big Sur 11.6.8

Posted by Apple Product Security via Fulldisclosure on Jul 21

APPLE-SA-2022-07-20-3 macOS Big Sur 11.6.8

macOS Big Sur 11.6.8 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213344.

APFS
Available for: macOS Big Sur
Impact: An app with root privileges may be able to execute arbitrary
code with kernel privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-32832: Tommy Muir (@Muirey03)...
  • July 22nd 2022 at 03:46
  • β†—
❌