FreshRSS

πŸ”’
β–½ πŸ”ƒ
☐ β˜† βœ‡ Full Disclosure

Trojan-Ransom.Thanos / Code Execution

May 28th 2022 at 02:01

Posted by malvuln on May 27

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/be60e389a0108b2871dff12dfbb542ac.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan-Ransom.Thanos
Vulnerability: Code Execution
Description: Thanos looks for and executes DLLs in its current directory.
Therefore, we can potentially hijack a vuln DLL execute our own code,
control and terminate the malware...
☐ β˜† βœ‡ Full Disclosure

[CVE-2022-0779] User Meta "um_show_uploaded_file" Path Traversal / Local File Enumeration

May 28th 2022 at 02:01

Posted by Julien Ahrens (RCE Security) on May 27

RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: User Meta
Vendor URL: https://wordpress.org/plugins/user-meta
Type: Relative Path Traversal [CWE-23]
Date found: 2022-02-28
Date published: 2022-05-24
CVSSv3 Score: 4.3 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
CVE: CVE-2022-0779

2. CREDITS
==========
This vulnerability was discovered and...
☐ β˜† βœ‡ Full Disclosure

[CVE-2021-40150] Reolink E1 Zoom Camera <= 3.0.0.716 Unauthenticated Web Server Configuration Disclosure

June 3rd 2022 at 19:21

Posted by Julien Ahrens (RCE Security) on Jun 03

RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: Reolink E1 Zoom Camera
Vendor URL: https://reolink.com/product/e1-zoom/
Type: Exposure of Sensitive Information to an Unauthorized Actor [CWE-200]
Date found: 2021-08-26
Date published: 2022-06-01
CVSSv3 Score: 5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVE: CVE-2021-40150

2. CREDITS
==========...
☐ β˜† βœ‡ Full Disclosure

Re: Three vulnerabilities found in MikroTik's RouterOS

June 3rd 2022 at 19:21

Posted by Q C on Jun 03

[update 2022/05/30] Two CVEs have been assigned to these vulnerabilities.

CVE-2021-36613: Mikrotik RouterOs before stable 6.48.2 suffers from a
memory corruption vulnerability in the ptp process. An authenticated remote
attacker can cause a Denial of Service (NULL pointer dereference).

CVE-2021-36614: Mikrotik RouterOs before stable 6.48.2 suffers from a
memory corruption vulnerability in the tr069-client process. An
authenticated remote...
☐ β˜† βœ‡ Full Disclosure

[CVE-2021-40149] Reolink E1 Zoom Camera <= 3.0.0.716 Unauthenticated Private Key Disclosure

June 3rd 2022 at 19:21

Posted by Julien Ahrens (RCE Security) on Jun 03

RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: Reolink E1 Zoom Camera
Vendor URL: https://reolink.com/product/e1-zoom/
Type: Exposure of Sensitive Information to an Unauthorized Actor [CWE-200]
Date found: 2021-08-26
Date published: 2022-06-01
CVSSv3 Score: 7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVE: CVE-2021-40149

2. CREDITS
==========...
☐ β˜† βœ‡ Full Disclosure

SEC Consult SA-20220602-0 :: Multiple Memory Corruption Vulnerabilities in dbus-broker

June 3rd 2022 at 19:23

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Jun 03

SEC Consult Vulnerability Lab Security Advisory < 20220602-0 >
=======================================================================
title: Multiple Memory Corruption Vulnerabilities
product: dbus-broker
vulnerable version: dbus-broker-29
fixed version: dbus-broker-31
CVE number: CVE-2022-31212, CVE-2022-31213
impact: medium
homepage:...
☐ β˜† βœ‡ Full Disclosure

SEC Consult SA-20220531-0 :: Backdoor account in Korenix JetPort 5601V3

June 3rd 2022 at 19:23

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Jun 03

SEC Consult Vulnerability Lab Security Advisory < 20220531-0 >
=======================================================================
title: Backdoor account
product: Korenix JetPort 5601V3
vulnerable version: Firmware version 1.0
fixed version: None
CVE number: CVE-2020-12501
impact: High
homepage: https://www.korenix.com/
found: 2020-04-06...
☐ β˜† βœ‡ Full Disclosure

SEC Consult SA-20220601-1 :: Authenticated Command Injection in Poly Studio

June 3rd 2022 at 19:23

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Jun 03

SEC Consult Vulnerability Lab Security Advisory < 20220601-1 >
=======================================================================
title: Authenticated Command Injection
product: Poly Studio X30, Studio X50, Studio X70, G7500
vulnerable version: 3.4.0-292042, 3.5.0-344025, 3.6.0
fixed version: 3.7.0 or higher
CVE number: CVE-2022-26481
impact: critical
homepage:...
☐ β˜† βœ‡ Full Disclosure

SEC Consult SA-20220601-0 :: Multiple Critical Vulnerabilities in Poly EagleEye Director II

June 3rd 2022 at 19:23

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Jun 03

SEC Consult Vulnerability Lab Security Advisory < 20220601-0 >
=======================================================================
title: Multiple Critical Vulnerabilities
product: Poly EagleEye Director II
vulnerable version: 2.2.1.1 (Jul 1, 2021)
fixed version: 2.2.2.1 or higher
CVE number: CVE-2022-26479, CVE-2022-26482
impact: critical
homepage:...
☐ β˜† βœ‡ Full Disclosure

[SYSS-2022-014]: Verbatim Fingerprint Secure Portable Hard Drive - Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28387)

June 11th 2022 at 06:05

Posted by Matthias Deeg on Jun 10

Advisory ID: SYSS-2022-014
Product: Fingerprint Secure Portable Hard Drive
Manufacturer: Verbatim
Affected Version(s): #53650
Tested Version(s): #53650
Vulnerability Type: Use of a Cryptographic Primitive with a Risky
Implementation (CWE-1240)
Risk Level: High
Solution Status: Open
Manufacturer Notification: 2022-02-03
Solution...
☐ β˜† βœ‡ Full Disclosure

[SYSS-2022-024]: Lepin EP-KP001 - Violation of Secure Design Principles (CWE-657) (CVE-2022-29948)

June 11th 2022 at 06:06

Posted by Matthias Deeg on Jun 10

Advisory ID: SYSS-2022-024
Product: EP-KP001
Manufacturer: Lepin
Affected Version(s): KP001_V19
Tested Version(s): KP001_V19
Vulnerability Type: Violation of Secure Design Principles (CWE-657)
Risk Level: High
Solution Status: Open
Manufacturer Notification: 2022-04-12
Solution Date: -
Public Disclosure: 2022-06-10
CVE Reference:...
☐ β˜† βœ‡ Full Disclosure

[SYSS-2022-015]: Verbatim Fingerprint Secure Portable Hard Drive - Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28382)

June 11th 2022 at 06:06

Posted by Matthias Deeg on Jun 10

Advisory ID: SYSS-2022-015
Product: Fingerprint Secure Portable Hard Drive
Manufacturer: Verbatim
Affected Version(s): #53650
Tested Version(s): #53650
Vulnerability Type: Use of a Cryptographic Primitive with a Risky
Implementation (CWE-1240)
Risk Level: Low
Solution Status: Open
Manufacturer Notification: 2022-02-03
Solution...
☐ β˜† βœ‡ Full Disclosure

[SYSS-2022-017]: Verbatim Fingerprint Secure Portable Hard Drive - Insufficient Verification of Data Authenticity (CWE-345) (CVE-2022-28385)

June 11th 2022 at 06:06

Posted by Matthias Deeg on Jun 10

Advisory ID: SYSS-2022-017
Product: Fingerprint Secure Portable Hard Drive
Manufacturer: Verbatim
Affected Version(s): #53650
Tested Version(s): #53650
Vulnerability Type: Insufficient Verification of Data
Authenticity (CWE-345)
Risk Level: Low
Solution Status: Open
Manufacturer Notification: 2022-02-03
Solution Date: -
Public Disclosure:...
☐ β˜† βœ‡ Full Disclosure

[SYSS-2022-016]: Verbatim Fingerprint Secure Portable Hard Drive - Missing Immutable Root of Trust in Hardware (CWE-1326) (CVE-2022-28383)

June 11th 2022 at 06:06

Posted by Matthias Deeg on Jun 10

Advisory ID: SYSS-2022-016
Product: Fingerprint Secure Portable Hard Drive
Manufacturer: Verbatim
Affected Version(s): #53650
Tested Version(s): #53650
Vulnerability Type: Missing Immutable Root of Trust in Hardware
(CWE-1326)
Risk Level: Medium
Solution Status: Open
Manufacturer Notification: 2022-02-03
Solution Date: -
Public Disclosure:...
☐ β˜† βœ‡ Full Disclosure

Trojan-Banker.Win32.Banker.agzg / Insecure Permissions

June 11th 2022 at 06:07

Posted by malvuln on Jun 10

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/ef1e59148c9a902ae5454760aaab73fe.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan-Banker.Win32.Banker.agzg
Vulnerability: Insecure Permissions
Description: The malware writes a PE file to c drive granting change (C)
permissions to the authenticated user group. Standard users can rename the
executable dropped...
☐ β˜† βœ‡ Full Disclosure

Ransom.Haron / Code Execution

June 11th 2022 at 06:07

Posted by malvuln on Jun 10

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/dedad693898bba0e4964e6c9a749d380.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Ransom.Haron
Vulnerability: Code Execution
Description: Haron looks for and executes DLLs in its current directory.
Therefore, we can potentially hijack a vuln DLL execute our own code,
control and terminate the malware pre-encryption....
☐ β˜† βœ‡ Full Disclosure

Trojan-Banker.Win32.Banbra.cyt / Insecure Permissions

June 11th 2022 at 06:07

Posted by malvuln on Jun 10

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/e0f2bee25dd103d92e91e895e313ec34.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan-Banker.Win32.Banbra.cyt
Vulnerability: Insecure Permissions
Description: The malware writes a batch script ".bat" file to c drive
granting change (C) permissions to the authenticated user group. Standard
users can...
☐ β˜† βœ‡ Full Disclosure

Backdoor.Win32.Cabrotor.10.d / Unauthenticated Remote Command Execution

June 11th 2022 at 06:07

Posted by malvuln on Jun 10

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/40acf109fa9621eae6930ef18f804909.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Cabrotor.10.d
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware listens on TCP port 1243. Attackers who can reach
infected systems can issue commands made up of single characters E.g....
☐ β˜† βœ‡ Full Disclosure

Trojan-Proxy.Win32.Symbab.o / Heap Corruption

June 11th 2022 at 06:07

Posted by malvuln on Jun 10

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/bffc519fbaf2d119bd307cd22368cdc7.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan-Proxy.Win32.Symbab.o
Vulnerability: Heap Corruption
Description: The malware listens on TCP port 8080. Attackers who can reach
an infected system can send a corrupt HTTP request for the "redirecturl"
parameter causing...
☐ β˜† βœ‡ Full Disclosure

Hidden Functionality (Backdoor) (CWE-912) / CVE-2022-29854, CVE-2022-29855

June 11th 2022 at 06:08

Posted by Moritz Abrell on Jun 10

Advisory ID: SYSS-2022-021
Product: Mitel 6800/6900 Series SIP Phones excluding 6970
Mitel 6900 Series IP (MiNet) Phones
Manufacturer: Mitel Networks Corporation
Affected Version(s): Rel 5.1 SP8 (5.1.0.8016) and earlier
Rel 6.0 (6.0.0.368) to 6.1 HF4 (6.1.0.165)
MiNet 1.8.0.12 and earlier
Tested Version(s):...
☐ β˜† βœ‡ Full Disclosure

HNS-2022-02 - HN Security Advisory - Multiple vulnerabilities in Zyxel zysh

June 11th 2022 at 06:09

Posted by Marco Ivaldi on Jun 10

Dear Full Disclosure,

Find attached a security advisory that details multiple
vulnerabilities we discovered in the zysh shell distributed with some
Zyxel products, including their security appliances.

* Title: Multiple vulnerabilities in Zyxel zysh
* Products: Zyxel firewalls, AP controllers, and APs
* Author: Marco Ivaldi <marco.ivaldi () hnsecurity it>
* Date: 2022-06-07
* CVE Names and Vendor CVSS Scores:
CVE-2022-26531:...
☐ β˜† βœ‡ Full Disclosure

SEC Consult SA-20220607-0 :: Multiple Vulnerabilities in Infiray IRAY-A8Z3 thermal camera

June 11th 2022 at 06:11

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Jun 10

SEC Consult Vulnerability Lab Security Advisory < 20220607-0 >
=======================================================================
title: Multiple Vulnerabilities
product: Infiray IRAY-A8Z3 thermal camera
vulnerable version: V1.0.957
fixed version: None
CVE number: CVE-2022-31208, CVE-2022-31209, CVE-2022-31210,
CVE-2022-31211
impact: Critical...
☐ β˜† βœ‡ Full Disclosure

SEC Consult SA-20220609-0 :: Multiple vulnerabilities in SoftGuard SNMP Network Management Extension

June 11th 2022 at 06:11

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Jun 10

SEC Consult Vulnerability Lab Security Advisory < 20220609-0 >
=======================================================================
title: Multiple vulnerabilities
product: SoftGuard SNMP Network Management Extension
vulnerable version: SoftGuard Web (SGW) < 5.1.5
fixed version: SoftGuard version 5.1.5 from 2022-06-01
CVE number: CVE-2022-31201, CVE-2022-31202
impact: High...
☐ β˜† βœ‡ Full Disclosure

SEC Consult SA-20220608-0 :: Stored Cross-Site Scripting & Unsafe Java Deserializiation in Gentics CMS

June 11th 2022 at 06:11

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Jun 10

SEC Consult Vulnerability Lab Security Advisory < 20220608-0 >
=======================================================================
title: Stored Cross-Site Scripting & Unsafe Java Deserializiation
product: Gentics CMS
vulnerable version: 5.36.29, see section below
fixed version: 5.40.27, 5.41.15, 5.42.7, 5.43.1 or higher
CVE number: CVE-2022-30981, CVE-2022-30982
impact:...
☐ β˜† βœ‡ Full Disclosure

SEC Consult SA-20220614-0 :: Reflected Cross Site Scripting in SIEMENS-SINEMA Remote Connect

June 14th 2022 at 22:44

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Jun 14

SEC Consult Vulnerability Lab Security Advisory < 20220614-0 >
=======================================================================
title: Reflected Cross Site Scripting
product: SIEMENS-SINEMA Remote Connect
vulnerable version: <=V3.0.1.0-01.01.00.02
fixed version: V3.1.0
CVE number: CVE-2022-29034
impact: medium
homepage: https://siemens.com...
☐ β˜† βœ‡ Full Disclosure

SEC Consult SA-20220615-0 :: Hardcoded Backdoor User and Outdated Software Components in Nexans FTTO GigaSwitch series

June 17th 2022 at 16:10

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Jun 17

SEC Consult Vulnerability Lab Security Advisory < 20220615-0 >
=======================================================================
title: Hardcoded Backdoor User and Outdated Software Components
product: Nexans FTTO GigaSwitch industrial/office switches HW version 5
vulnerable version: See "Vulnerable / tested versions"
fixed version: V6.02N, V7.02
CVE number: CVE-2022-32985...
☐ β˜† βœ‡ Full Disclosure

Onapsis Security Advisory 2022-0003: Cross-Site Scripting (XSS) vulnerability in SAP Focused Run (Real User Monitoring)

June 21st 2022 at 15:35

Posted by Onapsis Research via Fulldisclosure on Jun 21

# Onapsis Security Advisory 2022-0003: Cross-Site Scripting (XSS)
vulnerability in SAP Focused Run (Real User Monitoring)

## Impact on Business

Impact depends on the victim's privileges. In most cases, a successful
attack
allows an attacker to hijack a session, or force the victim to perform
undesired request
in SAP Focused Run.

## Advisory Information

- Public Release Date: 06/21/2022
- Security Advisory ID: ONAPSIS-2022-0003
-...
☐ β˜† βœ‡ Full Disclosure

# Onapsis Security Advisory 2022-0004: Missing Authentication check in SAP Focused Run (Simple Diagnostics Agent 1.0)

June 21st 2022 at 15:35

Posted by Onapsis Research via Fulldisclosure on Jun 21

# Onapsis Security Advisory 2022-0004: Missing Authentication check in SAP
Focused Run (Simple Diagnostics Agent 1.0)

## Impact on Business

Because the Simple Diagnostic Agent (SDA) handles several important
configuration and critical credential information, a successful attack
could lead to the control of the SDA, and therefore affect:
* Integrity, by modifying the configuration.
* Availability, by stopping the service.
* Confidentiality...
☐ β˜† βœ‡ Full Disclosure

Onapsis Security Advisory 2022-0005: Cross-Site Scripting (XSS) vulnerability in SAP Fiori launchpad

June 21st 2022 at 15:36

Posted by Onapsis Research via Fulldisclosure on Jun 21

# Onapsis Security Advisory 2022-0005: Cross-Site Scripting (XSS)
vulnerability in SAP Fiori launchpad

## Impact on Business

Impact depends on the victim's privileges. In most cases, a successful
attack
allows an attacker to hijack a session, or force the victim to perform
undesired
requests in the SAP System (CSRF) as well as redirected to arbitrary web
site
(Open Redirect).

## Advisory Information

- Public Release Date: 06/21/2022
-...
☐ β˜† βœ‡ Full Disclosure

Onapsis Security Advisory 2022-0006: Information Disclosure vulnerability in SAP Focused Run (Simple Diagnostics Agent 1.0)

June 21st 2022 at 15:37

Posted by Onapsis Research via Fulldisclosure on Jun 21

# Onapsis Security Advisory 2022-0006: Information Disclosure vulnerability
in SAP Focused Run (Simple Diagnostics Agent 1.0)

## Impact on Business

Running unnecessary services, like a jetty webserver, may lead to increased
surface area for an attack and also it unnecessarily exposes underlying
vulnerabilities.

## Advisory Information

- Public Release Date: 06/21/2022
- Security Advisory ID: ONAPSIS-2022-0006
- Researcher(s): Yvan Genuer

##...
☐ β˜† βœ‡ Full Disclosure

Onapsis Security Advisory 2022-0007: Directory Traversal vulnerability in SAP Focused Run (Simple Diagnostics Agent 1.0)

June 21st 2022 at 15:37

Posted by Onapsis Research via Fulldisclosure on Jun 21

# Onapsis Security Advisory 2022-0007: Directory Traversal vulnerability in
SAP Focused Run (Simple Diagnostics Agent 1.0)

## Impact on Business

Exposing the contents of a directory can lead to a disclosure of useful
information
for the attacker to devise exploits, such as creation times of files or any
information that may be encoded in file names. The directory listing may
also
compromise private or confidential data.

## Advisory Information...
☐ β˜† βœ‡ Full Disclosure

CFP No cON Name 2022 - Barcelona

June 28th 2022 at 05:41

Posted by Jose Nicolas Castellano via Fulldisclosure on Jun 27

No cON Name 2022 - Barcelona

************************************
*****Β  Call For PapersΒ Β Β Β Β Β Β  ******
************************************

https://www.noconname.org/call-for-papers/

Exact place not disclosed until a few weeks before due celebration.

Β Β Β  * INTRODUCTION
The organization hasΒ  opened CFP proposals. No cON Name is the eldest
Hacking
and Security Conference in Span. Our goal is to get highly qualified
requests
for...
☐ β˜† βœ‡ Full Disclosure

SEC-T CFP ongoing

June 28th 2022 at 05:41

Posted by Mattias BΓ₯Γ₯th via Fulldisclosure on Jun 27

Hey all

It's now less than two weeks to submit a talk to SEC-T 2022, at least if
you want to be part of the first talk selection round (recommended) that
we kick off July first.

SEC-T is non-profit, non-corporate, two day, single track, con in
Stockholm, Sweden. We pay travel, accommodation and an honorary to all
speakers.

If you have something fun you'd like to present, send us a submission
before July 1st... or at least before...
☐ β˜† βœ‡ Full Disclosure

Backdoor.Win32.InfecDoor.17.c / Insecure Permissions

June 28th 2022 at 05:43

Posted by malvuln on Jun 27

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/1fd70e41918c3a75c634b1c234ec36fb.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.InfecDoor.17.c
Vulnerability: Insecure Permissions
Description: The malware writes a ".420" settings file type to c drive
granting change (C) permissions to the authenticated user group. Standard
users can...
☐ β˜† βœ‡ Full Disclosure

Trojan-Mailfinder.Win32.VB.p / Insecure Permissions

June 28th 2022 at 05:43

Posted by malvuln on Jun 27

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/20e438d84aa2828826d52540d80bf7f.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan-Mailfinder.Win32.VB.p
Vulnerability: Insecure Permissions
Description: The malware writes a dir with multiple PE files to c drive
granting change (C) permissions to the authenticated user group. Standard
users can rename the...
☐ β˜† βœ‡ Full Disclosure

Backdoor.Win32.Shark.btu / Insecure Permissions

June 28th 2022 at 05:43

Posted by malvuln on Jun 27

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/5a83f8b8c8a8b7a85b3ff632aa60e793.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Shark.btu
Vulnerability: Insecure Permissions
Description: The malware writes multiple PE files to c drive granting
change (C) permissions to the authenticated user group. Standard users can
rename the executable...
☐ β˜† βœ‡ Full Disclosure

Yashma Ransomware Builder v1.2 / Insecure Permissions

June 28th 2022 at 05:43

Posted by malvuln on Jun 27

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/13e878ed7e547523cffc5728f6ba4190.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Yashma Ransomware Builder v1.2
Vulnerability: Insecure Permissions
Description: The malware creates PE files with insecure permissions when
writing to c:\ drive, granting change (C) permissions to the authenticated
user group. Standard...
☐ β˜† βœ‡ Full Disclosure

AnyDesk Public Exploit Disclosure - Arbitrary file write by symbolic link attack lead to denial-of-service attack on local machine

June 28th 2022 at 05:43

Posted by chan chan on Jun 27

Hi FullDisclosure,

I would like to publish an exploit that I found on AnyDesk as follows.

# Exploit Title: AnyDesk allow arbitrary file write by symbolic link
attack lead to denial-of-service attack on local machine
# Google Dork: [if applicable]
# Date: 24/5/2022
# Exploit Author: Erwin Chan
# Vendor Homepage: https://anydesk.com/en
# Software Link: https://anydesk.com/en
# Version: 7.0.9
# Tested on: Windows 11

It was found that AnyDesk...
☐ β˜† βœ‡ Full Disclosure

🐞 CFP for Hardwear.io NL 2022 is OPEN!

July 1st 2022 at 06:12

Posted by Andrea Simonca on Jun 30

*🐞 CFP for Hardwear.io NL 2022 is OPEN!*
If you have groundbreaking embedded research or an awesome open-source tool
you’d like to showcase before the global hardware security community, this
is your chance. Send in your ideas on various hardware subjects, including
but not limited to Chips, Processors, ICS/SCADA, Telecom, Protocols &
Cryptography.

CFP is open until: 15 August 2022
Conference: 27-28 October 2022, The Hague (NL)

βœ…...
☐ β˜† βœ‡ Full Disclosure

[Extension: CPSIoTSec 2022] The Workshop on CPS&IoT Security and Privacy **Submission Deadline: July 25, 2022**

July 1st 2022 at 06:12

Posted by alcaraz on Jun 30

[Apologies for cross-posting]

--------------------------------------------------------------------------
C a l l F o r P a p e r s

The Workshop on CPS&IoT Security and Privacy (CPSIoTSec 2022), in
conjunction with the ACM Conference on Computer and Communications
Security (ACM CCS)
November 7-11, 2022, Los Angeles, U.S.A.
https://cpsiotsec2022.github.io/cpsiotsec/...
☐ β˜† βœ‡ Full Disclosure

Backdoor.Win32.EvilGoat.b / Weak Hardcoded Credentials

July 1st 2022 at 06:14

Posted by malvuln on Jun 30

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/20daf01e941f966b21a7ae431faefc65.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.EvilGoat.b
Vulnerability: Weak Hardcoded Credentials
Description: The malware listens on TCP port 13014. Authentication is
required, however the credentials "evilgoat / penix" are weak and found
within the PE...
☐ β˜† βœ‡ Full Disclosure

BigBlueButton - Stored XSS in username (CVE-2022-31064)

July 1st 2022 at 06:14

Posted by Rick Verdoes via Fulldisclosure on Jun 30

CVE-2022-31064 - Stored Cross-Site Scripting in BigBlueButton.

=========================

Exploit Title: Stored Cross-Site Scripting (XSS) in BigBlueButton

Product: BigBlueButton

Vendor: BigBlueButton

Vulnerable Versions: 2.3, <2.4.8, <2.5.0

Tested Version: 2.4.7

Advisory Publication: Jun 22, 2022

Latest Update: Jun 22, 2022

Vulnerability Type: Cross-Site Scripting [CWE-79]

CVE Reference: CVE-2022-31064

CVSS Severity: High

CVSS...
☐ β˜† βœ‡ Full Disclosure

Backdoor.Win32.Coredoor.10.a / Authentication Bypass

July 1st 2022 at 06:14

Posted by malvuln on Jun 30

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/49da40a2ac819103da9dc5ed10d08ddb.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Coredoor.10.a
Vulnerability: Authentication Bypass
Description: The malware runs an FTP server on TCP port 21000. Third-party
attackers who can reach infected systems can logon using any
username/password combination....
☐ β˜† βœ‡ Full Disclosure

Backdoor.Win32.Cafeini.b / Weak Hardcoded Credentials

July 1st 2022 at 06:14

Posted by malvuln on Jun 30

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/a8fc1b3f7a605dc06a319bf0e14ca68b.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Cafeini.b
Vulnerability: Weak Hardcoded Credentials
Description: The malware listens on TCP ports 51966 and 23. Authentication
is required, however the password "mama" is weak and found within the PE
file....
☐ β˜† βœ‡ Full Disclosure

typeorm CVE-2022-33171

July 1st 2022 at 06:14

Posted by lixts via Fulldisclosure on Jun 30

typeorm CVE-2022-33171

findOne(id), findOneOrFail(id)

The findOne function in TypeORM before 0.3.0 can either be supplied with a string or a FindOneOptions object. When
input to the function is a user-controlled parsed JSON object, supplying a crafted FindOneOptions instead of an id
string leads to SQL injection.

The issue was already fixed from version 0.3.0 onward when we encountered it.

Maintainer does not consider this a vulnerability...
☐ β˜† βœ‡ Full Disclosure

JAHx221 - RCE in copy/pasted PHP compat libraries, json_decode function

July 1st 2022 at 06:15

Posted by Eldar Marcussen on Jun 30

JAHx221 - RCE in copy/pasted PHP compat libraries, json_decode function
===============================================================================
Several PHP compatability libraries contain a potential remote code
execution
flaw in their `json_decode()` function based on having copy pasted existing
vulnerable code.

Identifiers
---------------------------------------
* JAHx221 - http://www.justanotherhacker.com/advisories/JAHx221.txt...
☐ β˜† βœ‡ Full Disclosure

CVE-2022-30550: Privilege escalation possible in dovecot when similar master and non-master passdbs are used

July 7th 2022 at 05:14

Posted by Aki Tuomi via Fulldisclosure on Jul 06

Affected product: Dovecot IMAP Server
Internal reference: DOV-5320
Vulnerability type: Improper Access Control (CWE-284)
Vulnerable version: 2.2
Vulnerable component: submission
Report confidence: Confirmed
Solution status: Fixed in main
Researcher credits: Julian Brook (julezman)
Vendor notification: 2022-05-06
CVE reference: CVE-2022-30550
CVSS: 6.8 (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N)

Vulnerability Details:
When two passdb...
☐ β˜† βœ‡ Full Disclosure

EQS Integrity Line: Multiple Vulnerabilities

July 7th 2022 at 05:14

Posted by Giovanni Pellerano on Jul 06

EQS Integrity Line: Multiple Vulnerabilities

Name Multiple Vulnerabilities in EQS Integrity Line
Systems Affected EQS Integrity Line through 2022-07-01
Severity High
Impact (CVSSv2) High 8.8/10, score: (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
Vendor EQS Group AG (https://www.eqs.com/)
Advisory
http://www.ush.it/team/ush/advisory-eqs-integrity-line/eqs_integrity_line.txt
Authors Giovanni...
☐ β˜† βœ‡ Full Disclosure

Ransom Lockbit 3.0 / Code Execution

July 7th 2022 at 05:15

Posted by malvuln on Jul 06

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/38745539b71cf201bb502437f891d799_B.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Ransom Lockbit 3.0
Vulnerability: Code Execution
Description: The ransomware apparently now requires a password to execute
as noted by "@vxunderground" E.g. "-pass db66023ab2abcb9957fb01ed50cdfa6a".
Lockbit looks...
☐ β˜† βœ‡ Full Disclosure

Ransom Lockbit 3.0 / Local Unicode Buffer Overflow (SEH)

July 7th 2022 at 05:15

Posted by malvuln on Jul 06

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/38745539b71cf201bb502437f891d799.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Ransom Lockbit 3.0
Vulnerability: Local Unicode Buffer Overflow (SEH)
Description: The ransomware apparently now requires a password to execute
as noted by "@vxunderground" E.g. "-pass...
☐ β˜† βœ‡ Full Disclosure

SCHUTZWERK-SA-2022-003: Remote Command Execution in Spryker Commerce OS

July 18th 2022 at 16:26

Posted by David Brown via Fulldisclosure on Jul 18

Title
=====

SCHUTZWERK-SA-2022-003: Remote Command Execution in Spryker Commerce OS

Status
======

PUBLISHED

Version
=======

1.0

CVE reference
=============

CVE-2022-28888

Link
====

https://www.schutzwerk.com/en/43/advisories/schutzwerk-sa-2022-003/

Text-only version:
https://www.schutzwerk.com/advisories/SCHUTZWERK-SA-2022-003.txt

Affected products/vendor
========================

Spryker Commerce OS by Spryker Systems GmbH, with...
☐ β˜† βœ‡ Full Disclosure

Backdoor.Win32.HoneyPot.a / Weak Hardcoded Password

July 18th 2022 at 16:28

Posted by malvuln on Jul 18

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/e3bb503f9b02cf57341695f30e31128f.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.HoneyPot.a
Vulnerability: Weak Hardcoded Password
Description: The malware listens on various TCP ports of which one can be
port 21 when enabled. Authentication is required, however the credentials...
☐ β˜† βœ‡ Full Disclosure

Builder XtremeRAT v3.7 / Insecure Permissions

July 18th 2022 at 16:28

Posted by malvuln on Jul 18

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/7f314e798c150aedd9ce41ed39318f65.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Builder XtremeRAT v3.7
Vulnerability: Insecure Permissions
Description: The malware builds and writes a PE file to c drive granting
change (C) permissions to the authenticated user group. Standard users can
rename the executable...
☐ β˜† βœ‡ Full Disclosure

Builder XtremeRAT v3.7 / Insecure Crypto Bypass

July 18th 2022 at 16:28

Posted by malvuln on Jul 18

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/7f314e798c150aedd9ce41ed39318f65_B.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Builder XtremeRAT v3.7
Vulnerability: Insecure Crypto Bypass
Description: The malware builds backdoors and requires authentication to
access the GUI using credentials stored in the "user.info" config file.
XtremeRAT...
☐ β˜† βœ‡ Full Disclosure

[CFP] 2nd International Workshop on Cyber Forensics and Threat Investigations Challenges CFTIC 2022 (Virtual)

July 18th 2022 at 16:30

Posted by Andrew Zayine on Jul 18

2nd International Workshop on Cyber Forensics and Threat
Investigations Challenges
October 10-11, 2022, Taking Place Virtually from the UK
https://easychair.org/cfp/CFTIC2022

Cyber forensics and threat investigations has rapidly emerged as a new
field of research to provide the key elements for maintaining
security, reliability, and trustworthiness of the next generation of
emerging technologies such as the internet of things, cyber-physical...
☐ β˜† βœ‡ Full Disclosure

Re: AnyDesk Public Exploit Disclosure - Arbitrary file write by symbolic link attack lead to denial-of-service attack on local machine

July 18th 2022 at 16:32

Posted by chan chan on Jul 18

Hi FullDisclosure,

May I know if there is any update?
Please note that Mitre has assigned and reserved a CVE number
"CVE-2022-32450" for this vulnerability.

Regards,
Erwin

chan chan <siuchunc.03 () gmail com> ζ–Ό 2022εΉ΄6月22ζ—₯ι€±δΈ‰ δΈ‹εˆ5:42ε―«ι“οΌš
☐ β˜† βœ‡ Full Disclosure

Open-Xchange Security Advisory 2022-07-21

July 22nd 2022 at 03:45

Posted by Martin Heiland via Fulldisclosure on Jul 21

Dear subscribers,

we're sharing our latest advisory with you and like to thank everyone who contributed in finding and solving those
vulnerabilities. Feel free to join our bug bounty programs for OX AppSuite, Dovecot and PowerDNS at HackerOne.

Yours sincerely,
Martin Heiland, Open-Xchange GmbH

Product: OX App Suite
Vendor: OX Software GmbH

Internal reference: DOCS-4106
Vulnerability type: OS Command Injection (CWE-78)
Vulnerable...
☐ β˜† βœ‡ Full Disclosure

APPLE-SA-2022-07-20-1 iOS 15.6 and iPadOS 15.6

July 22nd 2022 at 03:45

Posted by Apple Product Security via Fulldisclosure on Jul 21

APPLE-SA-2022-07-20-1 iOS 15.6 and iPadOS 15.6

iOS 15.6 and iPadOS 15.6 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213346.

APFS
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An app with root privileges may be able to execute arbitrary
code...
☐ β˜† βœ‡ Full Disclosure

Backdoor.Win32.Eclipse.h / Weak Hardcoded Credentials

July 22nd 2022 at 03:45

Posted by malvuln on Jul 21

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/8b470931114527b4dce42034a95ebf46.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Eclipse.h
Vulnerability: Weak Hardcoded Credentials
Family: Eclipse
Type: PE32
MD5: 8b470931114527b4dce42034a95ebf46
Vuln ID: MVID-2022-0625
Disclosure: 07/21/2022
Description: The malware listens on TCP port 6210 and...
☐ β˜† βœ‡ Full Disclosure

APPLE-SA-2022-07-20-3 macOS Big Sur 11.6.8

July 22nd 2022 at 03:46

Posted by Apple Product Security via Fulldisclosure on Jul 21

APPLE-SA-2022-07-20-3 macOS Big Sur 11.6.8

macOS Big Sur 11.6.8 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213344.

APFS
Available for: macOS Big Sur
Impact: An app with root privileges may be able to execute arbitrary
code with kernel privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-32832: Tommy Muir (@Muirey03)...
❌