SOLDIERX.COM Nobody Can Stop Information Insemination

On Second Thought...

Re: BugTraq Shutdown

Re: [SECURITY] [DSA 4628-1] php7.0 security update

BugTraq Shutdown

News, Infocus, Columns, Vulnerabilities, Bugtraq ...

Posted by Dave Aitel via Dailydave on Jan 20

Recently I read this post from Maddie Stone of Google's Project Zero:
https://googleprojectzero.blogspot.com/2020/07/detection-deficit-year-in-review-of-0.html
. In particular, it has a bolded line of "*As a community, our ability to
detect 0-days being used in the wild is severely lacking to the point that
we can’t draw significant conclusions due to the lack of (and biases in)
the data we have collected.*" which is the most...

Posted by malvuln on Jan 19

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/80e98fdf726a3e727f3414bdbf2e86bb.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.NetBull.11.a
Vulnerability: Remote Buffer Overflow
Description: Netbull listens on both TCP ports 23444 and 23445,
sending a large string of junk chars causes stack corruption
overwriting EDX register.
Type: PE32
MD5:...

Posted by malvuln on Jan 19

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/74e65773735f977185f6a09f1472ea46.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Email-Worm.Win32.Agent.gi
Vulnerability: Remote Stack Buffer Overflow - (UDP Datagram)
Description: Creates a service "Microsoft ASPI Manager" and listens on
TCP ports 80, 81 and UDP 53. The service process is a dropped
executable named...

Posted by malvuln on Jan 19

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/47e819a6ce3d5e93819f4842cfbe23d6.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Constructor.Win32.SMWG.c
Vulnerability: Insecure Permissions
Description: Description: SMWG - P2P VBS.sucke.gen worm generator by
sevenC / N0:7 outputs its malicious VBS script granting change (C)
permissions to authenticated users group.
Type:...

Posted by malvuln on Jan 19

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/07cd532823d6ab05d6e5e3a56f7afbfd.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Constructor.Win32.SMWG.a
Vulnerability: Insecure Permissions
Description: Win32.SMWG VBS.sucke.gen worm generator by sevenC / N0:7
outputs its malicious VBS script granting change (C) permissions to
authenticated users group.

Type: PE32
MD5:...

Posted by malvuln on Jan 19

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/4f9376824718ff23a6238c877f73ff73.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Newfuture Trojan V.1.0 BETA 1
Vulnerability: Insecure Permissions
Description: Newfuture by Wider is a remote access client and has a
(Fast_sms) server component, it is written in spanish. On installation
it grants (C) change privileges to...

Posted by malvuln on Jan 19

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/1e42493dcef54a62bc28e0a1338c1142.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Mnets
Vulnerability: Remote Stack Buffer Overflow - (UDP Datagram Proto)
Description: The backdoor listens for commands on UDP ports 2222 and
4444. Sending a mere 323 bytes we can overwrite the instruction
pointer (EIP), potentially...

Posted by malvuln on Jan 19

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/eb6fd418cd3b52132ffb029b52839edf.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Whgrx
Vulnerability: Remote Host Header Stack Buffer Overflow
Description: The specimen listens on datagram UDP port 65000, by
sending a specially crafted HTTP PUT request and specifying a large
string of characters for the HOST...

Posted by malvuln on Jan 19

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/9adffcc98cd658a7f9c5419480013f72.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Latinus.b
Vulnerability: Remote Buffer Overflow
Description: Malware listens on both TCP ports 11831 and 29559, by
sending an HTTP OPTIONS request with about 8945 bytes we trigger
buffer overflow and overwriting stack registers....

Posted by malvuln on Jan 19

Discovery / credits: Malvuln - malvuln.com (c) 20211
Original source:
https://malvuln.com/advisory/170d3ccf9f036c552aef6690bf419b2e.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Nucleroot.t - MaskPE 1.6
Vulnerability: File Based Buffer Overflow
Description: Description: MaskPE by yzkzero is a tool for implanting
backdoors in existing PE files. The Backdoor tool doesnt properly check the
files it loads and...

Posted by malvuln on Jan 19

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/25e0570cc803cd77abc2268b41237937.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Nucleroot.bi - MaskPE 2.0
Vulnerability: File Based Buffer Overflow
Description: MaskPE by yzkzero is a tool for implanting backdoors in
existing PE files. The Backdoor tool doesnt properly check the files
it loads and falls victim...

Posted by malvuln on Jan 19

Discovery / credits: malvuln - Malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/ad5c01b3e6d0254adfe0898c6d16f927.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Ncx.bt
Vulnerability: Remote Stack Buffer Overflow
Description: The malware listens on TCP port 42, sending a single HTTP
GET request with a packet size of 10140 bytes, will trigger the buffer
overflow overwriting both EIP and...

Posted by malvuln on Jan 19

Discovery / credits: malvuln - Malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/1149c42fd8cf3ca7d00ef55a6337befe.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Ketch.a
Vulnerability: Remote SEH Stack Buffer Overflow
Description: Ketch makes HTTP request to port 80 for a file named
script.dat, upon processing the server response of 1,612 bytes or more
we can trigger SEH buffer overflow.
Our...

Posted by malvuln on Jan 19

Discovery / credits: malvuln - Malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/ee314e1b913a09ec86c63d7186d8f0b8.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Ketch.i
Vulnerability: SEH Remote Stack Buffer Overflow
Description: Ketch makes HTTP request to port 80 for a file named
script.dat, upon processing the server response of 1,612 bytes or more
we can trigger SEH buffer overflow.
Our...

Posted by malvuln on Jan 19

Discovery / credits: malvuln - Malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/821d3d5a9b15dc3388fe17f233cce296.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Kurbadur.a
Vulnerability: Remote Stack Buffer Overflow
Description: The malware listens on TCP port 21220, by sending
incrementing HTTP TRACE requests with an increasing payload size, we
trigger buffer overflow overwriting EIP.
Upon...