Full Disclosure

Syndicate content
A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.
Updated: 19 hours 58 min ago

SEC Consult SA-20240226-0 :: Local Privilege Escalation via DLL Hijacking in Qognify VMS Client Viewer

2 March, 2024 - 19:54

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Mar 02

SEC Consult Vulnerability Lab Security Advisory < 20240226-0 >
=======================================================================
title: Local Privilege Escalation via DLL Hijacking
product: Qognify VMS Client Viewer
vulnerable version: >=7.1
fixed version: see solution
CVE number: CVE-2023-49114
impact: medium
homepage: https://www.qognify.com/...

JetStream Smart Switch - TL-SG2210P v5.0/ Improper Access Control / CVE-2023-43318

2 March, 2024 - 19:54

Posted by Shaikh Shahnawaz on Mar 02

[+] Credits: Shahnawaz Shaikh, Security Researcher at Cybergate Defense LLC
[+] twitter.com/_striv3r_

[Vendor]
Tp-Link (http://tp-link.com)

[Product]
JetStream Smart Switch - TL-SG2210P v5.0 Build 20211201

[Vulnerability Type]
Improper Access Control

[Affected Product Code Base]
JetStream Smart Switch - TL-SG2210P v5.0 Build 20211201

[Affected Component]
usermanagement, swtmactablecfg endpoints of webconsole

[CVE Reference]
CVE-2023-43318...

Multiple XSS Issues in boidcmsv2.0.1

2 March, 2024 - 19:53

Posted by Andrey Stoykov on Mar 02

# Exploit Title: Multiple XSS Issues in boidcmsv2.0.1
# Date: 3/2024
# Exploit Author: Andrey Stoykov
# Version: 2.0.1
# Tested on: Ubuntu 22.04
# Blog: http://msecureltd.blogspot.com

XSS via SVG File Upload

Steps to Reproduce:

1. Login with admin user
2. Visit "Media" page
3. Upload xss.svg
4. Click "View" and XSS payload will execute

// xss.svg contents

<?xml version="1.0" standalone="no"?>...

XAMPP 5.6.40 - Error Based SQL Injection

2 March, 2024 - 19:53

Posted by Andrey Stoykov on Mar 02

# Exploit Title: XAMPP - Error Based SQL Injection
# Date: 02/2024
# Exploit Author: Andrey Stoykov
# Version: 5.6.40
# Tested on: Ubuntu 22.04
# Blog: http://msecureltd.blogspot.com

Steps to Reproduce:

1. Login to phpmyadmin
2. Visit Export > New Template > test > Create
3. Navigate to "Existing Templates"
4. Select template "test" and click "Update"
5. Trap HTTP POST request
6. Place single quote to...

BACKDOOR.WIN32.AGENT.AMT / Authentication Bypass

2 March, 2024 - 19:52

Posted by malvuln on Mar 02

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024
Original source:
https://malvuln.com/advisory/2a442d3da88f721a786ff33179c664b7.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Agent.amt
Vulnerability: Authentication Bypass
Description: The malware can run an FTP server which listens on TCP port
2121. Third-party attackers who can reach infected systems can logon using
any username/password...

Backdoor.Win32.Jeemp.c / Cleartext Hardcoded Credentials

2 March, 2024 - 19:52

Posted by malvuln on Mar 02

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024
Original source:
https://malvuln.com/advisory/d6b192a4027c7d635499133ca6ce067f.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Jeemp.c
Vulnerability: Cleartext Hardcoded Credentials
Description: The malware listens on three TCP ports which are randomized
e.g. 9719,7562,8687,8948,7376,8396 so forth. There is an ESMTP server
component...

BACKDOOR.WIN32.AUTOSPY.10 / Unauthenticated Remote Command Execution

2 March, 2024 - 19:52

Posted by malvuln on Mar 02

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024
Original source:
https://malvuln.com/advisory/b012704cad2bae6edbd23135394b9127.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.AutoSpy.10
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware listens on TCP port 1008. Third party adversaries
who can reach an infected host can issue various commands made available by...

BACKDOOR.WIN32.ARMAGEDDON.R / Hardcoded Cleartext Credentials

2 March, 2024 - 19:52

Posted by malvuln on Mar 02

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024
Original source:
https://malvuln.com/advisory/68d135936512e88cc0704b90bb3839e0.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Armageddon.r
Vulnerability: Hardcoded Cleartext Credentials
Description: The malware listens on TCP port 5859 and requires
authentication. The password "KOrUPtIzEre" is stored in cleartext within
the PE file at...

Multilaser Router - Access Control Bypass through Cookie Manipulation - CVE-2023-38946

2 March, 2024 - 19:52

Posted by Vinícius Moraes on Mar 02

=====[Tempest Security Intelligence - Security Advisory -
CVE-2023-38946]=======

Access Control Bypass in Multilaser router's Web Management Interface

Author: Vinicius Moraes < vinicius.moraes.w () gmail com >

=====[Table of
Contents]========================================================

1. Overview
2. Detailed description
3. Other contexts & solutions
4. Acknowledgements
5. Timeline
6. References

=====[1....

Multilaser Router - Access Control Bypass through URL Manipulation - CVE-2023-38945

2 March, 2024 - 19:52

Posted by Vinícius Moraes on Mar 02

=====[Tempest Security Intelligence - Security Advisory -
CVE-2023-38945]=======

Access Control Bypass in Multilaser routers' Web Management Interface

Author: Vinicius Moraes < vinicius.moraes.w () gmail com >

=====[Table of
Contents]========================================================

1. Overview
2. Detailed description
3. Other contexts & solutions
4. Acknowledgements
5. Timeline
6. References

=====[1....

Multilaser Router - Access Control Bypass through Header Manipulation - CVE-2023-38944

2 March, 2024 - 19:52

Posted by Vinícius Moraes on Mar 02

=====[Tempest Security Intelligence - Security Advisory -
CVE-2023-38944]=======

Access Control Bypass in Multilaser routers' Web Management Interface

Author: Vinicius Moraes < vinicius.moraes.w () gmail com >

=====[Table of
Contents]========================================================

1. Overview
2. Detailed description
3. Other contexts & solutions
4. Acknowledgements
5. Timeline
6. References

=====[1....

SEC Consult SA-20240220-0 :: Multiple Stored Cross-Site Scripting Vulnerabilities in OpenOLAT (Frentix GmbH)

21 February, 2024 - 01:10

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Feb 20

SEC Consult Vulnerability Lab Security Advisory < 20240220-0 >
=======================================================================
title: Multiple Stored Cross-Site Scripting Vulnerabilities
product: OpenOLAT (Frentix GmbH)
vulnerable version: <= 18.1.4 and <= 18.1.5
    fixed version: 18.1.6 / 18.2
CVE number: CVE-2024-25973, CVE-2024-25974
           impact: High...

Re: Buffer Overflow in graphviz via via a crafted config6a file

21 February, 2024 - 01:09

Posted by Matthew Fernandez on Feb 20

The fix for this ended up landing in Graphviz 10.0.1, available at
https://graphviz.org/download/.

Details of this CVE (CVE-2023-46045) are now published, but the CPEs are
incomplete. For those who track such things, the affected range is
[2.36.0, 10.0.1).

CVE-2024-24681: Insecure AES key in Yealink Configuration Encrypt Tool

21 February, 2024 - 01:08

Posted by Jeroen J.A.W. Hermans via Fulldisclosure on Feb 20

CloudAware Security Advisory

CVE-2024-24681: Insecure AES key in Yealink Configuration Encrypt Tool

========================================================================
Summary
========================================================================
A single, vendorwide, hardcoded AES key in the configuration tool used to
encrypt provisioning documents was leaked leading to a compromise of
confidentiality of provisioning documents....

Microsoft Windows Defender / Backdoor:JS/Relvelshe.A / Detection Mitigation Bypass

21 February, 2024 - 01:07

Posted by hyp3rlinx on Feb 20

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
https://hyp3rlinx.altervista.org/advisories/Windows_Defender_Backdoor_JS.Relvelshe.A_Detection_Mitigation_Bypass.txt
[+] twitter.com/hyp3rlinx
[+] ISR: ApparitionSec

[Vendor]
www.microsoft.com

[Product]
Windows Defender

[Vulnerability Type]
Detection Mitigation Bypass
Backdoor:JS/Relvelshe.A

[CVE Reference]
N/A

[Security Issue]
Back in 2022 I released a...

Microsoft Windows Defender / VBScript Detection Bypass

21 February, 2024 - 01:07

Posted by hyp3rlinx on Feb 20

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
https://hyp3rlinx.altervista.org/advisories/MICROSOFT_WINDOWS_DEFENDER_VBSCRIPT_TROJAN_MITIGATION_BYPASS.txt
[+] twitter.com/hyp3rlinx
[+] ISR: ApparitionSec

[Vendor]
www.microsoft.com

[Product]
Windows Defender

[Vulnerability Type]
Windows Defender VBScript Detection Mitigation Bypass
TrojanWin32Powessere.G

[CVE Reference]
N/A

[Security Issue]...

Microsoft Windows Defender / Trojan.Win32/Powessere.G / Detection Mitigation Bypass Part 3

21 February, 2024 - 01:07

Posted by hyp3rlinx on Feb 20

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
https://hyp3rlinx.altervista.org/advisories/MICROSOFT_WINDOWS_DEFENDER_TROJAN.WIN32.POWESSERE.G_MITIGATION_BYPASS_PART_3.txt
[+] twitter.com/hyp3rlinx
[+] ISR: ApparitionSec

[Vendor]
www.microsoft.com

[Product]
Windows Defender

[Vulnerability Type]
Windows Defender Detection Mitigation Bypass
TrojanWin32Powessere.G

[CVE Reference]
N/A

[Security Issue]...

44CON 2024 September 18th - 20th CFP

15 February, 2024 - 06:45

Posted by Florent Daigniere via Fulldisclosure on Feb 15

44CON is the UK's largest combined annual Security Conference and
Training event. Taking place 18,19,20 of September at the
Novotel London West near Hammersmith, London. We will have a fully
dedicated conference facility, including catering, private bar, amazing
coffee and a daily Gin O’Clock break.

        _  _
/_//_//  / //\ /  | 18th - 20th September 2024
 /  //_,/_//  /   | Novotel London West, London

   -=-...

SEC Consult SA-20240212-0 :: Multiple Stored Cross-Site Scripting vulnerabilities in Statamic CMS

13 February, 2024 - 21:21

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Feb 13

SEC Consult Vulnerability Lab Security Advisory < 20240212-0 >
=======================================================================
title: Multiple Stored Cross-Site Scripting vulnerabilities
product: Statamic CMS
vulnerable version: <4.46.0, <3.4.17
fixed version: >=4.46.0, >=3.4.17
CVE number: CVE-2024-24570
impact: high
homepage: https://statamic.com/...

Stored XSS and RCE - adaptcmsv3.0.3

13 February, 2024 - 21:20

Posted by Andrey Stoykov on Feb 13

# Exploit Title: Stored XSS and RCE - adaptcmsv3.0.3
# Date: 02/2024
# Exploit Author: Andrey Stoykov
# Version: 3.0.3
# Tested on: Ubuntu 22.04
# Blog: http://msecureltd.blogspot.com

*Description*

- It was found that adaptcms v3.0.3 was vulnerable to stored cross
site scripting

- Also the application allowed the file upload functionality to upload
PHP files which resulted in remote code execution

*Stored XSS*

*Steps to Reproduce:*

1....