SOLDIERX.COM Nobody Can Stop Information Insemination

Posted by hyp3rlinx on Sep 21

[+] Credits: John Page (aka hyp3rlinx, malvuln)
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-CMD.EXE-STACK-BUFFER-OVERFLOW.txt
[+] twitter.com/hyp3rlinx
[+] ISR: ApparitionSec

[Vendor]
www.microsoft.com

[Product]
cmd.exe is the default command-line interpreter for the OS/2,
eComStation, ArcaOS, Microsoft Windows (Windows NT family and Windows
CE family), and ReactOS operating...

Posted by Apple Product Security via Fulldisclosure on Sep 17

APPLE-SA-2021-09-13-5 Safari 14.1.2

Safari 14.1.2 addresses the following issues. Information about
the security content is also available at
https://support.apple.com/HT212808.

WebKit
Available for: macOS Catalina and macOS Mojave
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Apple is aware of a report that this issue
may have been actively exploited.
Description: A use after free issue was addressed...

Posted by Apple Product Security via Fulldisclosure on Sep 17

APPLE-SA-2021-09-13-4 Security Update 2021-005 Catalina

Security Update 2021-005 Catalina addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT212805.

CoreGraphics
Available for: macOS Catalina
Impact: Processing a maliciously crafted PDF may lead to arbitrary
code execution. Apple is aware of a report that this issue may have
been actively exploited.
Description: An integer...

Posted by Apple Product Security via Fulldisclosure on Sep 17

APPLE-SA-2021-09-13-3 macOS Big Sur 11.6

macOS Big Sur 11.6 addresses the following issues. Information about
the security content is also available at
https://support.apple.com/HT212804.

CoreGraphics
Available for: macOS Big Sur
Impact: Processing a maliciously crafted PDF may lead to arbitrary
code execution. Apple is aware of a report that this issue may have
been actively exploited.
Description: An integer overflow was addressed with...

Posted by Apple Product Security via Fulldisclosure on Sep 17

APPLE-SA-2021-09-13-2 watchOS 7.6.2

watchOS 7.6.2 addresses the following issues. Information about
the security content is also available at
https://support.apple.com/HT212806.

CoreGraphics
Available for: Apple Watch Series 3 and later
Impact: Processing a maliciously crafted PDF may lead to arbitrary
code execution. Apple is aware of a report that this issue may have
been actively exploited.
Description: An integer overflow was addressed with...

Posted by Apple Product Security via Fulldisclosure on Sep 17

APPLE-SA-2021-09-13-1 iOS 14.8 and iPadOS 14.8

iOS 14.8 and iPadOS 14.8 addresses the following issues. Information
about the security content is also available at
https://support.apple.com/HT212807.

CoreGraphics
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted PDF may lead to arbitrary...

Posted by disclosure on Sep 17

We recently discovered a critical information disclosure vulnerability that affected the AMD Platform Security
Processor (PSP) chipset driver for multiple CPU architectures.

The vulnerability allowed non-privileged users to read uninitialised physical memory pages, where the original data was
either moved or paged out.

https://zeroperil.co.uk/cve-2021-26333/

Regards,

<https://zeroperil.com/>

Kyriakos Economou | Co-Founder

kye ()...

Posted by hyp3rlinx on Sep 17

[+] Credits: John Page (aka hyp3rlinx, malvuln)
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-CMD.EXE-STACK-BUFFER-OVERFLOW.txt
[+] twitter.com/hyp3rlinx
[+] ISR: ApparitionSec

[Vendor]
www.microsoft.com

[Product]
cmd.exe is the default command-line interpreter for the OS/2,
eComStation, ArcaOS, Microsoft Windows (Windows NT family and Windows
CE family), and ReactOS operating...

Posted by malvuln on Sep 14

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/c6c81e8ba0a7b9da6216a78dfeccec8d.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.WinterLove.i
Vulnerability: Hardcoded Weak Password
Description: The WinterLove malware requires authentication for remote user
access. However, the password "plunix" is weak and hardcoded in plaintext
within the...

Posted by malvuln on Sep 14

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/d0fd60516d53b2ad602c460351dbaa85.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Wollf.h
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware listens on TCP port 7614 installs a service named
WRM. Third-party attackers who can reach the system can get a shell with
SYSTEM integrity,...

Posted by malvuln on Sep 14

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/2271d942a23a89d7adea524d4ac3c13f.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.VB.awm
Vulnerability: Authentication Bypass - Information Leakage
Description: The "Cryptech Heat" malware listens on TCP port 3786 and has
an option to set an remote access password. The malware also runs a
keylogger, we...

Posted by malvuln on Sep 14

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/a6916fb9b824e3d2edfe46be69ca2501.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: HEUR.Trojan.Win32.Generic
Vulnerability: Insecure Permissions
Description: The malware creates an dir with insecure permissions under c:\
drive and grants change (C) permissions to the authenticated user group.
Standard users can rename the...

Posted by Antoine Martin on Sep 07

1) About Rencode
Rencode is a "Python module for fast (basic) object serialization
similar to bencode".
https://github.com/aresch/rencode
This library is used as a faster and more efficient data encoder than
bencode.
There are implementations in other languages: Golang, Javascript, Java,
Ruby, dart, etc
Some of these ports carry the same bug, the Go port does.
(as an aside - not all of these derived works have preserved the
original...

Posted by bashis on Sep 07

Greetings,

Two independent authentication bypass has been found in Dahua (and their OEMs) devices.
Due to the very high potential of another "Dahua mass hack", I will keep Full Disclosure details until October 6, 2021.
Highly recommend upgrading the firmware until then.

Dahua advisory: https://www.dahuasecurity.com/support/cybersecurity/details/957

Have a nice day,
https://github.com/mcw0/PoC
/bashis

Posted by malvuln on Sep 07

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/92ea873a2bbdaf0799d572bc4f30dc79.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Small.vjt
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware listens on TCP port 31337. Third-party attackers
who can reach the system can execute OS commands or programs further
compromising the...

Posted by malvuln on Sep 07

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/551674fec6add7117c4be7f6b357e7cb.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Small.gs
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware listens on TCP port 1080. Third-party attackers
who can reach infected systems can execute OS commands and or run arbitrary
programs.
Type:...

Posted by malvuln on Sep 07

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/dec17541412bbc744b9f458862349e34.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Nyara.aq
Vulnerability: Insecure Permissions
Description: The malware creates a dir with insecure permissions under c:\
drive and grants change (C) permissions to the authenticated user group.
Standard users can rename the...

Posted by Henri Salo on Sep 07

CVE-2021-40509 has been assigned for this vulnerability.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40509

Posted by bo0od on Sep 07

yeah but nothing new with this, you are making it over no TLS connection.

if you make similar to this attack over hardened TLS (hardened mean
support hsts,hsts-preload,ocsp..supported) or Tor hidden services
(called onion services as well) or I2P eepsites .. yeah that would be
something new and interesting.

anyway thanks for sharing :) .

Gökhan Muharremoglu:

Posted by Advisories on Sep 07

#############################################################
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/research/advisories/
#
#############################################################
#
# Product: Identity Vault
# Vendor: Ionic
# CSNC ID: CSNC-2021-001
# CVE ID: CVE-2021-3145
# Subject: Biometric Authentication Bypass on Android
# Severity: Medium
# Effect: Authentication Bypass
# Author: Emanuel Duss...