Full Disclosure

Syndicate content
A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.
Updated: 50 sec ago

Backdoor.Win32.Whisper.b / Remote Stack Corruption

22 January, 2021 - 13:16

Posted by malvuln on Jan 22

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/a0edb91f62c8c083ec35b32a922168d1.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Whisper.b
Vulnerability: Remote Stack Corruption
Description: Whisper.b listens on TCP port 113 and connects to port
6667, deletes itself drops executable named rundll32.exe in
Windows\System dir. The malware is prone to stack...

Backdoor.Win32.Whirlpool.10 / Remote Stack Buffer Overflow

22 January, 2021 - 13:16

Posted by malvuln on Jan 22

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/bf0682b674ef23cf8ba0deeaf546f422.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Whirlpool.10
Vulnerability: Remote Stack Buffer Overflow
Description: Whirlpool listens on UDP Datagram ports 8848 and 8864.
Sending a 192 byte payload to port 8864 triggers a stack buffer
overflow overwriting both EIP and SEH. This...

Backdoor.Win32.Zombam.geq / Remote Buffer Overflow

22 January, 2021 - 13:16

Posted by malvuln on Jan 22

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/fd14cc7f025f49a3e08b4169d44a774e.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Zombam.geq
Vulnerability: Remote Buffer Overflow
Description: Zombam.geq listens for connections on TCP port 80 and
trys connect to SMTP port 25. By sending a HTTP GET request of about
2000 bytes triggers buffer overflow corrupting...

[REVIVE-SA-2021-001] Revive Adserver Vulnerabilities

22 January, 2021 - 13:14

Posted by Matteo Beccati via Fulldisclosure on Jan 22

========================================================================
Revive Adserver Security Advisory REVIVE-SA-2021-001
------------------------------------------------------------------------
https://www.revive-adserver.com/security/revive-sa-2021-001
------------------------------------------------------------------------
CVE-IDs: CVE-2021-22871, CVE-2021-22872, CVE-2021-22873
Date:...

CVE-2020-20269 - Caret Editor v4.0.0-rc21 Remote Code Execution

22 January, 2021 - 13:13

Posted by Manuel Bua on Jan 22

Details
================

Product: Caret Editor
Product URL: https://caret.io/
Vendor: Caret.io Ltd.
Vulnerability: Remote Code Execution
Vulnerable version: Caret Editor v4.0.0-rc21
Fixed version: Caret Editor v4.0.0-rc22
CVE Number: CVE-2020-20269
CVE URL: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-20269
Author: Manuel Bua (dudez)

Vulnerability Description
================

A specially crafted Markdown document could cause the...

Re: Constructor.Win32.SMWG.a / Insecure Permissions

22 January, 2021 - 13:13

Posted by Garrett Skjelstad on Jan 22

Are we tracking vulnerabilities in malware now? Improve the malware to be
more resilient?

I'm just as likely to remove malware without vulnerabilities, as I am
malware WITH vulnerabilities.

Surely there are no bug bounties or upcoming patches (lol) for these.

I guess I'm confused about the purpose of these disclosures.

Backdoor.Win32.NetBull.11.a / Remote Buffer Overflow

19 January, 2021 - 12:17

Posted by malvuln on Jan 19

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/80e98fdf726a3e727f3414bdbf2e86bb.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.NetBull.11.a
Vulnerability: Remote Buffer Overflow
Description: Netbull listens on both TCP ports 23444 and 23445,
sending a large string of junk chars causes stack corruption
overwriting EDX register.
Type: PE32
MD5:...

Email-Worm.Win32.Agent.gi / Remote Stack Buffer Overflow - (UDP Datagram)

19 January, 2021 - 12:17

Posted by malvuln on Jan 19

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/74e65773735f977185f6a09f1472ea46.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Email-Worm.Win32.Agent.gi
Vulnerability: Remote Stack Buffer Overflow - (UDP Datagram)
Description: Creates a service "Microsoft ASPI Manager" and listens on
TCP ports 80, 81 and UDP 53. The service process is a dropped
executable named...

Constructor.Win32.SMWG.c / Insecure Permissions

19 January, 2021 - 12:17

Posted by malvuln on Jan 19

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/47e819a6ce3d5e93819f4842cfbe23d6.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Constructor.Win32.SMWG.c
Vulnerability: Insecure Permissions
Description: Description: SMWG - P2P VBS.sucke.gen worm generator by
sevenC / N0:7 outputs its malicious VBS script granting change (C)
permissions to authenticated users group.
Type:...

Constructor.Win32.SMWG.a / Insecure Permissions

19 January, 2021 - 12:17

Posted by malvuln on Jan 19

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/07cd532823d6ab05d6e5e3a56f7afbfd.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Constructor.Win32.SMWG.a
Vulnerability: Insecure Permissions
Description: Win32.SMWG VBS.sucke.gen worm generator by sevenC / N0:7
outputs its malicious VBS script granting change (C) permissions to
authenticated users group.

Type: PE32
MD5:...

Newfuture Trojan V.1.0 BETA 1 / Insecure Permissions

19 January, 2021 - 12:17

Posted by malvuln on Jan 19

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/4f9376824718ff23a6238c877f73ff73.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Newfuture Trojan V.1.0 BETA 1
Vulnerability: Insecure Permissions
Description: Newfuture by Wider is a remote access client and has a
(Fast_sms) server component, it is written in spanish. On installation
it grants (C) change privileges to...

Backdoor.Win32.Mnets / Remote Stack Buffer Overflow - (UDP Datagram Proto)

19 January, 2021 - 12:17

Posted by malvuln on Jan 19

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/1e42493dcef54a62bc28e0a1338c1142.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Mnets
Vulnerability: Remote Stack Buffer Overflow - (UDP Datagram Proto)
Description: The backdoor listens for commands on UDP ports 2222 and
4444. Sending a mere 323 bytes we can overwrite the instruction
pointer (EIP), potentially...

Backdoor.Win32.Whgrx / Remote Host Header Stack Buffer Overflow

19 January, 2021 - 12:17

Posted by malvuln on Jan 19

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/eb6fd418cd3b52132ffb029b52839edf.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Whgrx
Vulnerability: Remote Host Header Stack Buffer Overflow
Description: The specimen listens on datagram UDP port 65000, by
sending a specially crafted HTTP PUT request and specifying a large
string of characters for the HOST...

Backdoor.Win32.Latinus.b / Remote Buffer Overflow

19 January, 2021 - 12:17

Posted by malvuln on Jan 19

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/9adffcc98cd658a7f9c5419480013f72.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Latinus.b
Vulnerability: Remote Buffer Overflow
Description: Malware listens on both TCP ports 11831 and 29559, by
sending an HTTP OPTIONS request with about 8945 bytes we trigger
buffer overflow and overwriting stack registers....

Backdoor.Win32.Nucleroot.t - MaskPE 1.6 / File Based Buffer Overflow

19 January, 2021 - 12:17

Posted by malvuln on Jan 19

Discovery / credits: Malvuln - malvuln.com (c) 20211
Original source:
https://malvuln.com/advisory/170d3ccf9f036c552aef6690bf419b2e.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Nucleroot.t - MaskPE 1.6
Vulnerability: File Based Buffer Overflow
Description: Description: MaskPE by yzkzero is a tool for implanting
backdoors in existing PE files. The Backdoor tool doesnt properly check the
files it loads and...

Backdoor.Win32.Nucleroot.bi - MaskPE 2.0 / File Based Buffer Overflow

19 January, 2021 - 12:17

Posted by malvuln on Jan 19

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/25e0570cc803cd77abc2268b41237937.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Nucleroot.bi - MaskPE 2.0
Vulnerability: File Based Buffer Overflow
Description: MaskPE by yzkzero is a tool for implanting backdoors in
existing PE files. The Backdoor tool doesnt properly check the files
it loads and falls victim...

Backdoor.Win32.Ncx.bt / Remote Stack Buffer Overflow

19 January, 2021 - 12:17

Posted by malvuln on Jan 19

Discovery / credits: malvuln - Malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/ad5c01b3e6d0254adfe0898c6d16f927.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Ncx.bt
Vulnerability: Remote Stack Buffer Overflow
Description: The malware listens on TCP port 42, sending a single HTTP
GET request with a packet size of 10140 bytes, will trigger the buffer
overflow overwriting both EIP and...

BACKDOOR.WIN32.KETCH.A / Remote SEH Stack Buffer Overflow

19 January, 2021 - 12:17

Posted by malvuln on Jan 19

Discovery / credits: malvuln - Malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/1149c42fd8cf3ca7d00ef55a6337befe.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Ketch.a
Vulnerability: Remote SEH Stack Buffer Overflow
Description: Ketch makes HTTP request to port 80 for a file named
script.dat, upon processing the server response of 1,612 bytes or more
we can trigger SEH buffer overflow.
Our...

Backdoor.Win32.Ketch.i / SEH Remote Stack Buffer Overflow

19 January, 2021 - 12:17

Posted by malvuln on Jan 19

Discovery / credits: malvuln - Malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/ee314e1b913a09ec86c63d7186d8f0b8.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Ketch.i
Vulnerability: SEH Remote Stack Buffer Overflow
Description: Ketch makes HTTP request to port 80 for a file named
script.dat, upon processing the server response of 1,612 bytes or more
we can trigger SEH buffer overflow.
Our...

BACKDOOR.WIN32.KURBADUR.A / Remote Stack Buffer Overflow

19 January, 2021 - 12:16

Posted by malvuln on Jan 19

Discovery / credits: malvuln - Malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/821d3d5a9b15dc3388fe17f233cce296.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Kurbadur.a
Vulnerability: Remote Stack Buffer Overflow
Description: The malware listens on TCP port 21220, by sending
incrementing HTTP TRACE requests with an increasing payload size, we
trigger buffer overflow overwriting EIP.
Upon...