Full Disclosure

Syndicate content
A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.
Updated: 54 sec ago

Trojan.Win32.Hotkeychick.d / Insecure Permissions

8 April, 2021 - 03:41

Posted by malvuln on Apr 08

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/aff493ed1f98ed05c360b462192d2853.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan.Win32.Hotkeychick.d
Vulnerability: Insecure Permissions
Description: creates an insecure dir named "Sniperscan" under c:\ drive and
grants change (C) permissions to the authenticated user group. Standard
users can rename the...

Trojan-Downloader.Win32.Genome.qiw / Insecure Permissions

8 April, 2021 - 03:41

Posted by malvuln on Apr 08

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/5cddc4647fb1c59f5dc7f414ada7fad4.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan-Downloader.Win32.Genome.qiw
Vulnerability: Insecure Permissions
Description: Genome.qiw creates an insecure dir named "tmp" under c:\ drive
and grants change (C) permissions to the authenticated user group. Standard
users can...

Trojan-Downloader.Win32.Genome.omht / Insecure Permissions

8 April, 2021 - 03:41

Posted by malvuln on Apr 08

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/01055838361f534ab596b56a19c70fef.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan-Downloader.Win32.Genome.omht
Vulnerability: Insecure Permissions
Description: Genome.omht creates an insecure dir named "wjmd97" under c:\
drive and grants change (C) permissions to the authenticated user group.
Standard users can...

Trojan.Win32.Hosts2.yqf / Insecure Permissions

8 April, 2021 - 03:41

Posted by malvuln on Apr 08

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/274a6e846c5a4a2b3281198556e5568b.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan.Win32.Hosts2.yqf
Vulnerability: Insecure Permissions
Description: Hosts2.yqf creates an insecure dir named "mlekaocYUmaae" under
c:\ drive and grants change (C) permissions to the authenticated user
group. Standard users can...

usd20210005: Privileged File Write in Check Point Identity Agent < R81.018.0000

8 April, 2021 - 03:41

Posted by Responsible Disclosure via Fulldisclosure on Apr 08

### Advisory: Privileged File Write

Description

===========

The Check Point Identity Agent allows low privileged users to write files to protected locations of the file system.

Details

=======

Advisory ID: usd-2021-0005

Product: Check Point Identity Agent

Affected Version: < R81.018.0000

Vulnerability Type: Symlink Vulnerability

Security Risk: High

Vendor URL: https://www.checkpoint.com

Vendor Status: Fixed

Advisory URL:...

CVE-2021-26709 - Multiple Pre-Auth Stack Buffer Overflow in D-Link DSL-320B-D1 ADSL Modem

8 April, 2021 - 03:40

Posted by Gabriele Gristina on Apr 08

Multiple Pre-Auth Stack Buffer Overflow in D-Link DSL-320B-D1 ADSL Modem

======== < Table of Contents > =========================================

0. Overview
1. Details
2. Solution
3. Disclosure Timeline
4. Thanks & Acknowledgements
5. References
6. Credits
7. Legal Notices

======== < 0. Overview > ===============================================

Release Date: 7 March 2021

Revision: 1.0

Impact:

The ADSL modem DSL-320B-D1,...

SEC Consult SA-20210407-0 :: Arbitrary File Upload and Bypassing .htaccess Rules in Monospace Directus Headless CMS

7 April, 2021 - 05:10

Posted by SEC Consult Vulnerability Lab on Apr 07

SEC Consult Vulnerability Lab Security Advisory < 20210407-0 >
=======================================================================
title: Arbitrary File Upload and Bypassing .htaccess Rules
product: Monospace Directus Headless CMS
vulnerable version: < v8.8.2
fixed version: v8.8.2, v9 is not affected because of different architecture
CVE number: CVE-2021-29641
impact: High...

Trojan-Downloader.Win32.FraudLoad.xevn / Insecure Permissions

6 April, 2021 - 06:02

Posted by malvuln on Apr 06

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/17da6737cb94c11fa2363772d8eac0b1.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan-Downloader.Win32.FraudLoad.xevn
Vulnerability: Insecure Permissions
Description: FraudLoad.xevn creates an insecure dir named "usxxxxxxxx.exe"
under c:\ drive and grants change (C) permissions to the authenticated user
group....

Trojan.Win32.Sharer.h / Known Vulnerable Component - Heap Corruption

6 April, 2021 - 06:02

Posted by malvuln on Apr 06

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/9f80c3b1e7f5f6f7d0c8aea25fe83551_C.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan.Win32.Sharer.h
Vulnerability: Known Vulnerable Component - Heap Corruption
Description: Sharer.h by GOLDSWORD - www.daokers.cn can run several types
of services, one is a third-party component named "HFS HTTP File Server"
that...

Trojan.Win32.Sharer.h / Anonymous Logon MITM Port Bounce Scan

6 April, 2021 - 06:02

Posted by malvuln on Apr 06

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/9f80c3b1e7f5f6f7d0c8aea25fe83551_B.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan.Win32.Sharer.h
Vulnerability: Anonymous Logon MITM Port Bounce Scan
Description: Sharer.h by GOLDSWORD - www.daokers.cn can run several types
of services one is an FTP server named "20CN MINIFTP" TCP port 21.
Third-party...

Trojan.Win32.Sharer.h / Anonymous Logon RCE

6 April, 2021 - 06:02

Posted by malvuln on Apr 06

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/9f80c3b1e7f5f6f7d0c8aea25fe83551.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan.Win32.Sharer.h
Vulnerability: Anonymous Logon RCE
Description: Sharer.h by GOLDSWORD - www.daokers.cn can run several types
of services, one is an FTP server named "20CN MINIFTP" TCP port 21. The FTP
server default configuration...

Defense in depth -- The Microsoft way (part 74): Windows Defender SmartScreen is rather DUMP, it allows denial of service

6 April, 2021 - 06:02

Posted by Stefan Kanthak on Apr 06

Hi @ll,

the following is a shortened version of
<https://skanthak.homepage.t-online.de/offender.html#case64021>

With Windows 8, Microsoft introduced Windows Defender SmartScreen as
replacement for the Attachment Manager introduced with Windows XP SP2
(the first release of Windows after they started Trustworthy Computing).

The Attachment Manager adds an Alternate Data Stream named Zone.Identifier
to files downloaded from the Internet or...

python embedded program local arbitrary python script execution on windows

6 April, 2021 - 06:02

Posted by houjingyi on Apr 06

environment: windows 10, python3.8.7 installed to "C:\Program
Files\Python38".

datail info: According to https://docs.python.org/3/c-api/init.html:
"Py_SetPath() set the default module search path. If this function is
called before Py_Initialize(), then Py_GetPath() won’t attempt to compute a
default search path but uses the one provided instead."
Write following code that only call Py_Initialize():

#include...

Onapsis Security Advisory 2021-0004: [CVE-2020-26820] - SAP Java OS Remote Code Execution

5 April, 2021 - 11:09

Posted by Onapsis Research via Fulldisclosure on Apr 05

# Onapsis Security Advisory 2021-0004: [CVE-2020-26820] - SAP Java OS
Remote Code Execution

## Impact on Business

A malicious authenticated attacker could abuse some particular services
exposed
by the SAP JAVA Netweaver allowing them to execute commands in the
underlying
operating system.

## Advisory Information

- Security Advisory ID: ONAPSIS-2021-0004
- Vulnerability Submission ID: 847
- Researcher: Pablo Artuso

## Vulnerability...

Onapsis Security Advisory 2021-0003: [CVE-2020-6287] - [SAP RECON] SAP JAVA: Unauthenticated execution of configuration tasks

5 April, 2021 - 11:06

Posted by Onapsis Research via Fulldisclosure on Apr 05

# Onapsis Security Advisory 2021-0003: [CVE-2020-6287] - [SAP RECON] SAP
JAVA: Unauthenticated execution of configuration tasks

## Impact on Business

A malicious unauthenticated user could abuse the lack of authentication
check on a particular web service exposed by default in SAP Netweaver JAVA
stack, allowing them to fully compromise the targeted system.

## Advisory Information

- Security Advisory ID: ONAPSIS-2021-0003
- Vulnerability...

Onapsis Security Advisory 2021-0002: [CVE-2020-6234] - SAP Multiple root LPE through SAP Host Control

5 April, 2021 - 11:03

Posted by Onapsis Research via Fulldisclosure on Apr 05

# Onapsis Security Advisory 2021-0002: [CVE-2020-6234] - SAP Multiple root
LPE through SAP Host Control

## Impact on Business

A malicious authenticated attacker, with privileges of SAP SMD Agent
access, can exploit
certain SAP Host Control functions due to missing input checking, in order
to escalate its
privileges and execute commands as root/system user.

## Advisory Information

- Security Advisory ID: ONAPSIS-2021-0002
- Vulnerability...

Onapsis Security Advisory 2021-0001: [CVE-2020-6207] - Unauthenticated RCE in SAP all SMD Agents connected to SAP SolMan

5 April, 2021 - 11:01

Posted by Onapsis Research via Fulldisclosure on Apr 05

# Onapsis Security Advisory 2021-0001: [CVE-2020-6207] - Unauthenticated
RCE in SAP all SMD Agents connected to SAP SolMan

## Impact on Business

A malicious unauthenticated user could abuse the lack of authentication
check on SAP Solution Manager User-Experience Monitoring web service,
allowing them to remotely execute commands in all hosts connected to the
targeted SolMan through these SMD Agents.

## Advisory Information

- Security Advisory...

Trojan-Downloader.Win32.Delf.nzg / Insecure Permissions

2 April, 2021 - 13:51

Posted by malvuln on Apr 02

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/3c5c6f0f6f78af12d6b76119696a4074.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan-Downloader.Win32.Delf.nzg
Vulnerability: Insecure Permissions
Description: Win32.Delf.nzg creates an insecure dir named "Arquivos de
Programas" under c:\ drive and grants change (C) permissions to the
authenticated user group....

Trojan-Downloader.Win32.Delf.ur / Insecure Permissions

2 April, 2021 - 13:51

Posted by malvuln on Apr 02

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/5b63a6e730f094d182c9030e3a57bcb8.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan-Downloader.Win32.Delf.ur
Vulnerability: Insecure Permissions
Description: Win32.Delf.ur creates an insecure dir named "Messenger" under
c:\ drive and grants change (C) permissions to the authenticated user
group. Standard users...

Trojan-Downloader.Win32.Delf.oxz / Insecure Permissions

2 April, 2021 - 13:51

Posted by malvuln on Apr 02

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/373b1d95ccdbbc6531dff43bbbe43534.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan-Downloader.Win32.Delf.oxz
Vulnerability: Insecure Permissions
Description: Win32.Delf.oxz creates an insecure dir named "RECYCLER" under
c:\ drive and grants change (C) permissions to the authenticated user
group. Standard users...