Security News

Bugtraq: On Second Thought...

Security Focus Vulnerabilities - 5 min 31 sec ago
On Second Thought...

Bugtraq: Re: BugTraq Shutdown

Security Focus Vulnerabilities - 5 min 31 sec ago
Re: BugTraq Shutdown

Bugtraq: Re: [SECURITY] [DSA 4628-1] php7.0 security update

Security Focus Vulnerabilities - 5 min 31 sec ago
Re: [SECURITY] [DSA 4628-1] php7.0 security update

Bugtraq: BugTraq Shutdown

Security Focus Vulnerabilities - 5 min 31 sec ago
BugTraq Shutdown

More rss feeds from SecurityFocus

Security Focus Vulnerabilities - 5 min 31 sec ago
News, Infocus, Columns, Vulnerabilities, Bugtraq ...

"Severely lacking".

Daily Dave - 20 January, 2021 - 11:15

Posted by Dave Aitel via Dailydave on Jan 20

Recently I read this post from Maddie Stone of Google's Project Zero:
https://googleprojectzero.blogspot.com/2020/07/detection-deficit-year-in-review-of-0.html
. In particular, it has a bolded line of "*As a community, our ability to
detect 0-days being used in the wild is severely lacking to the point that
we can’t draw significant conclusions due to the lack of (and biases in)
the data we have collected.*" which is the most...

Backdoor.Win32.NetBull.11.a / Remote Buffer Overflow

Full Disclosure - 19 January, 2021 - 12:17

Posted by malvuln on Jan 19

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/80e98fdf726a3e727f3414bdbf2e86bb.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.NetBull.11.a
Vulnerability: Remote Buffer Overflow
Description: Netbull listens on both TCP ports 23444 and 23445,
sending a large string of junk chars causes stack corruption
overwriting EDX register.
Type: PE32
MD5:...

Email-Worm.Win32.Agent.gi / Remote Stack Buffer Overflow - (UDP Datagram)

Full Disclosure - 19 January, 2021 - 12:17

Posted by malvuln on Jan 19

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/74e65773735f977185f6a09f1472ea46.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Email-Worm.Win32.Agent.gi
Vulnerability: Remote Stack Buffer Overflow - (UDP Datagram)
Description: Creates a service "Microsoft ASPI Manager" and listens on
TCP ports 80, 81 and UDP 53. The service process is a dropped
executable named...

Constructor.Win32.SMWG.c / Insecure Permissions

Full Disclosure - 19 January, 2021 - 12:17

Posted by malvuln on Jan 19

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/47e819a6ce3d5e93819f4842cfbe23d6.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Constructor.Win32.SMWG.c
Vulnerability: Insecure Permissions
Description: Description: SMWG - P2P VBS.sucke.gen worm generator by
sevenC / N0:7 outputs its malicious VBS script granting change (C)
permissions to authenticated users group.
Type:...

Constructor.Win32.SMWG.a / Insecure Permissions

Full Disclosure - 19 January, 2021 - 12:17

Posted by malvuln on Jan 19

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/07cd532823d6ab05d6e5e3a56f7afbfd.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Constructor.Win32.SMWG.a
Vulnerability: Insecure Permissions
Description: Win32.SMWG VBS.sucke.gen worm generator by sevenC / N0:7
outputs its malicious VBS script granting change (C) permissions to
authenticated users group.

Type: PE32
MD5:...

Newfuture Trojan V.1.0 BETA 1 / Insecure Permissions

Full Disclosure - 19 January, 2021 - 12:17

Posted by malvuln on Jan 19

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/4f9376824718ff23a6238c877f73ff73.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Newfuture Trojan V.1.0 BETA 1
Vulnerability: Insecure Permissions
Description: Newfuture by Wider is a remote access client and has a
(Fast_sms) server component, it is written in spanish. On installation
it grants (C) change privileges to...

Backdoor.Win32.Mnets / Remote Stack Buffer Overflow - (UDP Datagram Proto)

Full Disclosure - 19 January, 2021 - 12:17

Posted by malvuln on Jan 19

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/1e42493dcef54a62bc28e0a1338c1142.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Mnets
Vulnerability: Remote Stack Buffer Overflow - (UDP Datagram Proto)
Description: The backdoor listens for commands on UDP ports 2222 and
4444. Sending a mere 323 bytes we can overwrite the instruction
pointer (EIP), potentially...

Backdoor.Win32.Whgrx / Remote Host Header Stack Buffer Overflow

Full Disclosure - 19 January, 2021 - 12:17

Posted by malvuln on Jan 19

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/eb6fd418cd3b52132ffb029b52839edf.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Whgrx
Vulnerability: Remote Host Header Stack Buffer Overflow
Description: The specimen listens on datagram UDP port 65000, by
sending a specially crafted HTTP PUT request and specifying a large
string of characters for the HOST...

Backdoor.Win32.Latinus.b / Remote Buffer Overflow

Full Disclosure - 19 January, 2021 - 12:17

Posted by malvuln on Jan 19

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/9adffcc98cd658a7f9c5419480013f72.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Latinus.b
Vulnerability: Remote Buffer Overflow
Description: Malware listens on both TCP ports 11831 and 29559, by
sending an HTTP OPTIONS request with about 8945 bytes we trigger
buffer overflow and overwriting stack registers....

Backdoor.Win32.Nucleroot.t - MaskPE 1.6 / File Based Buffer Overflow

Full Disclosure - 19 January, 2021 - 12:17

Posted by malvuln on Jan 19

Discovery / credits: Malvuln - malvuln.com (c) 20211
Original source:
https://malvuln.com/advisory/170d3ccf9f036c552aef6690bf419b2e.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Nucleroot.t - MaskPE 1.6
Vulnerability: File Based Buffer Overflow
Description: Description: MaskPE by yzkzero is a tool for implanting
backdoors in existing PE files. The Backdoor tool doesnt properly check the
files it loads and...

Backdoor.Win32.Nucleroot.bi - MaskPE 2.0 / File Based Buffer Overflow

Full Disclosure - 19 January, 2021 - 12:17

Posted by malvuln on Jan 19

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/25e0570cc803cd77abc2268b41237937.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Nucleroot.bi - MaskPE 2.0
Vulnerability: File Based Buffer Overflow
Description: MaskPE by yzkzero is a tool for implanting backdoors in
existing PE files. The Backdoor tool doesnt properly check the files
it loads and falls victim...

Backdoor.Win32.Ncx.bt / Remote Stack Buffer Overflow

Full Disclosure - 19 January, 2021 - 12:17

Posted by malvuln on Jan 19

Discovery / credits: malvuln - Malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/ad5c01b3e6d0254adfe0898c6d16f927.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Ncx.bt
Vulnerability: Remote Stack Buffer Overflow
Description: The malware listens on TCP port 42, sending a single HTTP
GET request with a packet size of 10140 bytes, will trigger the buffer
overflow overwriting both EIP and...

BACKDOOR.WIN32.KETCH.A / Remote SEH Stack Buffer Overflow

Full Disclosure - 19 January, 2021 - 12:17

Posted by malvuln on Jan 19

Discovery / credits: malvuln - Malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/1149c42fd8cf3ca7d00ef55a6337befe.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Ketch.a
Vulnerability: Remote SEH Stack Buffer Overflow
Description: Ketch makes HTTP request to port 80 for a file named
script.dat, upon processing the server response of 1,612 bytes or more
we can trigger SEH buffer overflow.
Our...

Backdoor.Win32.Ketch.i / SEH Remote Stack Buffer Overflow

Full Disclosure - 19 January, 2021 - 12:17

Posted by malvuln on Jan 19

Discovery / credits: malvuln - Malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/ee314e1b913a09ec86c63d7186d8f0b8.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Ketch.i
Vulnerability: SEH Remote Stack Buffer Overflow
Description: Ketch makes HTTP request to port 80 for a file named
script.dat, upon processing the server response of 1,612 bytes or more
we can trigger SEH buffer overflow.
Our...

BACKDOOR.WIN32.KURBADUR.A / Remote Stack Buffer Overflow

Full Disclosure - 19 January, 2021 - 12:16

Posted by malvuln on Jan 19

Discovery / credits: malvuln - Malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/821d3d5a9b15dc3388fe17f233cce296.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Kurbadur.a
Vulnerability: Remote Stack Buffer Overflow
Description: The malware listens on TCP port 21220, by sending
incrementing HTTP TRACE requests with an increasing payload size, we
trigger buffer overflow overwriting EIP.
Upon...
Syndicate content