Security News

Backdoor.Win32.Hupigon.afjk / Directory Traversal

Full Disclosure - 28 September, 2021 - 11:12

Posted by malvuln on Sep 28

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/8dc8abc99c1e7908fe9d048a4e360960_B.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Hupigon.afjk
Vulnerability: Directory Traversal
Description: The malware deploys a Web server listening on TCP port 80.
Third-party attackers who can reach an infected host can read any file on
the system using "../"...

Backdoor.Win32.Hupigon.afjk / Authentication Bypass RCE

Full Disclosure - 28 September, 2021 - 11:12

Posted by malvuln on Sep 28

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/8dc8abc99c1e7908fe9d048a4e360960.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Hupigon.afjk
Vulnerability: Authentication Bypass RCE
Description: The malware runs an FTP server on TCP port 2121. Third-party
attackers who can reach infected systems can logon using any
username/password combination. Intruders...

Backdoor.Win32.Hupigon.fjcd / Unauthenticated Open Proxy

Full Disclosure - 28 September, 2021 - 11:12

Posted by malvuln on Sep 28

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/284f36e35db6a0aa9a493f39d834367e.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Hupigon.fjcd
Vulnerability: Unauthenticated Open Proxy
Description: The malware listens on TCP ports 8080, 1080. Third-party
attackers who can connect to the infected system can relay requests from
the original connection to the...

Backdoor.Win32.RmtSvc.l / Remote Denial of Service

Full Disclosure - 28 September, 2021 - 11:12

Posted by malvuln on Sep 28

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/38f9ee3ce51ead0ce6bf2edcaa462611.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.RmtSvc.l
Vulnerability: Remote Denial of Service
Description: The malware listens on TCP port 7778. Third-party attackers
who can reach infected systems can send a specially crafted junk HTTP
CONNECT request to trigger an access...

Backdoor.Win32.Agent.aer / Insecure Transit Password Disclosure

Full Disclosure - 28 September, 2021 - 11:12

Posted by malvuln on Sep 28

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/9576a6a59715a69be499fa41d6383a64_B.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Agent.aer
Vulnerability: Insecure Transit Password Disclosure
Description: The malware listens on TCP port 1080 and passes logon
credentials in plaintext via a URL query string using the HTTP GET request
method.
Third party...

Backdoor.Win32.Agent.aer / Remote Denial of Service

Full Disclosure - 28 September, 2021 - 11:12

Posted by malvuln on Sep 28

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/9576a6a59715a69be499fa41d6383a64.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Agent.aer
Vulnerability: Remote Denial of Service
Description: The malware listens on TCP port 1080. Third-party attackers
who can reach infected systems can send a specially crafted junk payload
for the logon credentials to trigger...

Trojan-Downloader.Win32.VB.abb / Insecure Permissions

Full Disclosure - 28 September, 2021 - 11:12

Posted by malvuln on Sep 28

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/8f81373b0f0e6f60206a1a707de2ed77.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan-Downloader.Win32.VB.abb
Vulnerability: Insecure Permissions
Description: The malware creates an executable with an ".axd" extension and
insecure permissions under c:\ drive granting change (C) permissions to the
authenticated user...

Google Extensible Service Proxy v1 - CWE-287 Improper Authentication

Full Disclosure - 28 September, 2021 - 11:12

Posted by Imre Rad on Sep 28

Extensible Service Proxy (a.k.a. ESP) is an open source software by
Google assisting Cloud Endpoints, a product on Google Cloud Platform.
ESPv1 is an nginx based proxy which enables API management
capabilities for JSON/REST or gRPC API services.

In a typical deployment, ESP is running and fronting the backend
service on the same host (the backend listening in a private network
namespace which is accessible to the public only through ESP). In...

APPLE-SA-2021-09-23-1 iOS 12.5.5

Full Disclosure - 24 September, 2021 - 09:15

Posted by Apple Product Security via Fulldisclosure on Sep 24

APPLE-SA-2021-09-23-1 iOS 12.5.5

iOS 12.5.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT212824.

CoreGraphics
Available for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad
mini 2, iPad mini 3, and iPod touch (6th generation)
Impact: Processing a maliciously crafted PDF may lead to arbitrary
code execution. Apple is aware of a report that this issue may have
been...

APPLE-SA-2021-09-23-2 Security Update 2021-006 Catalina

Full Disclosure - 24 September, 2021 - 09:15

Posted by Apple Product Security via Fulldisclosure on Sep 24

APPLE-SA-2021-09-23-2 Security Update 2021-006 Catalina

Security Update 2021-006 Catalina addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT212825.

XNU
Available for: macOS Catalina
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges. Apple is aware of reports that an exploit for
this issue exists in the wild.
Description: A type...

openvpn-monitor Cross-Site Request Forgery (CSRF)

Full Disclosure - 24 September, 2021 - 09:11

Posted by Advisories on Sep 24

#############################################################
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/research/advisories/
#
#############################################################
#
# Product: openvpn-monitor
# Vendor: https://github.com/furlongm/openvpn-monitor
# CSNC ID: CSNC-2021-011
# CVE ID: CVE-2021-31604
# Subject: Cross-Site Request Forgery (CSRF)
# Severity: Medium
# Effect: Denial of Service
#...

openvpn-monitor OpenVPN Management Socket Command Injection

Full Disclosure - 24 September, 2021 - 09:11

Posted by Advisories on Sep 24

#############################################################
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/research/advisories/
#
#############################################################
#
# Product: openvpn-monitor
# Vendor: https://github.com/furlongm/openvpn-monitor
# CSNC ID: CSNC-2021-010
# CVE ID: CVE-2021-31605
# Subject: OpenVPN Management Socket Command Injection
# Severity: High
# Effect: Denial of...

openvpn-monitor Authorization Bypass

Full Disclosure - 24 September, 2021 - 09:11

Posted by Advisories on Sep 24

#############################################################
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/research/advisories/
#
#############################################################
#
# Product: openvpn-monitor
# Vendor: https://github.com/furlongm/openvpn-monitor
# CSNC ID: CSNC-2021-009
# CVE ID: CVE-2021-31606
# Subject: Authorization Bypass
# Severity: Medium
# Effect: Denial of Service
# Author:...

Backdoor.Win32.Minilash.10.b / Remote Denial of Service (UDP Datagram)

Full Disclosure - 21 September, 2021 - 11:04

Posted by malvuln on Sep 21

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/3c407448a00b2d53b2418f53b66d5b6b.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Minilash.10.b
Vulnerability: Remote Denial of Service (UDP Datagram)
Description: The Minilash malware listens on TCP 6711 and UDP port 60000.
Third-party attackers who can reach infected systems can send a specially
crafted junk...

Backdoor.Win32.Hupigon.asqx / Unauthenticated Open Proxy

Full Disclosure - 21 September, 2021 - 11:04

Posted by malvuln on Sep 21

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/a344b767d58b6c83b92bb868727e021c.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Hupigon.asqx
Vulnerability: Unauthenticated Open Proxy
Description: The malware listens on TCP port 8080. Third-party attackers
who can connect to the infected system can relay requests from the original
connection to the...

Trojan.Win32.Agent.xaamkd / Insecure Permissions

Full Disclosure - 21 September, 2021 - 11:04

Posted by malvuln on Sep 21

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/095651e1704b501123b41ea2e9736820.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan.Win32.Agent.xaamkd
Vulnerability: Insecure Permissions
Description: The malware creates an dir with insecure permissions under c:\
drive and grants change (C) permissions to the authenticated user group.
Standard users can rename the...

APPLE-SA-2021-09-20-10 iTunes 12.12 for Windows

Full Disclosure - 21 September, 2021 - 11:04

Posted by product-security-noreply--- via Fulldisclosure on Sep 21

APPLE-SA-2021-09-20-10 iTunes 12.12 for Windows

iTunes 12.12 for Windows addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT212817.

ImageIO
Available for: Windows 10 and later
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: This issue was addressed with improved checks.
CVE-2021-30835: Ye Zhang of Baidu Security
CVE-2021-30847:...

APPLE-SA-2021-09-20-9 iTunes U 3.8.3

Full Disclosure - 21 September, 2021 - 11:04

Posted by product-security-noreply--- via Fulldisclosure on Sep 21

APPLE-SA-2021-09-20-9 iTunes U 3.8.3

iTunes U 3.8.3 addresses the following issues. Information about
the security content is also available at
https://support.apple.com/HT212809.

iTunes U
Available for: iOS 12.4 and later or iPadOS 12.4 and later
Impact: Processing a maliciously crafted URL may lead to arbitrary
javascript code execution
Description: A validation issue was addressed with improved input
sanitization.
CVE-2021-30862: Giyas...

APPLE-SA-2021-09-20-8 Additional information for APPLE-SA-2021-09-13-4 Security Update 2021-005 Catalina

Full Disclosure - 21 September, 2021 - 11:04

Posted by product-security-noreply--- via Fulldisclosure on Sep 21

APPLE-SA-2021-09-20-8 Additional information for
APPLE-SA-2021-09-13-4 Security Update 2021-005 Catalina

Security Update 2021-005 Catalina addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT212805.

CoreGraphics
Available for: macOS Catalina
Impact: Processing a maliciously crafted PDF may lead to arbitrary
code execution. Apple is aware of a report that this issue may have...

APPLE-SA-2021-09-20-7 Additional information for APPLE-SA-2021-09-13-3 macOS Big Sur 11.6

Full Disclosure - 21 September, 2021 - 11:04

Posted by product-security-noreply--- via Fulldisclosure on Sep 21

APPLE-SA-2021-09-20-7 Additional information for
APPLE-SA-2021-09-13-3 macOS Big Sur 11.6

macOS Big Sur 11.6 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT212804.

CoreGraphics
Available for: macOS Big Sur
Impact: Processing a maliciously crafted PDF may lead to arbitrary
code execution. Apple is aware of a report that this issue may have
been actively exploited....
Syndicate content