Full Disclosure

Syndicate content
A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.
Updated: 2 min 24 sec ago

Windows NT Command-line Interpreter "cmd.exe" / Stack Buffer Overflow

21 September, 2021 - 11:02

Posted by hyp3rlinx on Sep 21

[+] Credits: John Page (aka hyp3rlinx, malvuln)
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-CMD.EXE-STACK-BUFFER-OVERFLOW.txt
[+] twitter.com/hyp3rlinx
[+] ISR: ApparitionSec

[Vendor]
www.microsoft.com

[Product]
cmd.exe is the default command-line interpreter for the OS/2,
eComStation, ArcaOS, Microsoft Windows (Windows NT family and Windows
CE family), and ReactOS operating...

APPLE-SA-2021-09-13-5 Safari 14.1.2

17 September, 2021 - 11:10

Posted by Apple Product Security via Fulldisclosure on Sep 17

APPLE-SA-2021-09-13-5 Safari 14.1.2

Safari 14.1.2 addresses the following issues. Information about
the security content is also available at
https://support.apple.com/HT212808.

WebKit
Available for: macOS Catalina and macOS Mojave
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Apple is aware of a report that this issue
may have been actively exploited.
Description: A use after free issue was addressed...

APPLE-SA-2021-09-13-4 Security Update 2021-005 Catalina

17 September, 2021 - 11:10

Posted by Apple Product Security via Fulldisclosure on Sep 17

APPLE-SA-2021-09-13-4 Security Update 2021-005 Catalina

Security Update 2021-005 Catalina addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT212805.

CoreGraphics
Available for: macOS Catalina
Impact: Processing a maliciously crafted PDF may lead to arbitrary
code execution. Apple is aware of a report that this issue may have
been actively exploited.
Description: An integer...

APPLE-SA-2021-09-13-3 macOS Big Sur 11.6

17 September, 2021 - 11:10

Posted by Apple Product Security via Fulldisclosure on Sep 17

APPLE-SA-2021-09-13-3 macOS Big Sur 11.6

macOS Big Sur 11.6 addresses the following issues. Information about
the security content is also available at
https://support.apple.com/HT212804.

CoreGraphics
Available for: macOS Big Sur
Impact: Processing a maliciously crafted PDF may lead to arbitrary
code execution. Apple is aware of a report that this issue may have
been actively exploited.
Description: An integer overflow was addressed with...

APPLE-SA-2021-09-13-2 watchOS 7.6.2

17 September, 2021 - 11:10

Posted by Apple Product Security via Fulldisclosure on Sep 17

APPLE-SA-2021-09-13-2 watchOS 7.6.2

watchOS 7.6.2 addresses the following issues. Information about
the security content is also available at
https://support.apple.com/HT212806.

CoreGraphics
Available for: Apple Watch Series 3 and later
Impact: Processing a maliciously crafted PDF may lead to arbitrary
code execution. Apple is aware of a report that this issue may have
been actively exploited.
Description: An integer overflow was addressed with...

APPLE-SA-2021-09-13-1 iOS 14.8 and iPadOS 14.8

17 September, 2021 - 11:10

Posted by Apple Product Security via Fulldisclosure on Sep 17

APPLE-SA-2021-09-13-1 iOS 14.8 and iPadOS 14.8

iOS 14.8 and iPadOS 14.8 addresses the following issues. Information
about the security content is also available at
https://support.apple.com/HT212807.

CoreGraphics
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted PDF may lead to arbitrary...

AMD Chipset Driver Information Disclosure Vulnerability [CVE-2021-26333]

17 September, 2021 - 11:08

Posted by disclosure on Sep 17

We recently discovered a critical information disclosure vulnerability that affected the AMD Platform Security
Processor (PSP) chipset driver for multiple CPU architectures.

The vulnerability allowed non-privileged users to read uninitialised physical memory pages, where the original data was
either moved or paged out.

https://zeroperil.co.uk/cve-2021-26333/

Regards,

<https://zeroperil.com/>

Kyriakos Economou | Co-Founder

kye ()...

Microsoft Windows Command-line Interpreter "cmd.exe" / Stack Buffer Overflow

17 September, 2021 - 11:08

Posted by hyp3rlinx on Sep 17

[+] Credits: John Page (aka hyp3rlinx, malvuln)
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-CMD.EXE-STACK-BUFFER-OVERFLOW.txt
[+] twitter.com/hyp3rlinx
[+] ISR: ApparitionSec

[Vendor]
www.microsoft.com

[Product]
cmd.exe is the default command-line interpreter for the OS/2,
eComStation, ArcaOS, Microsoft Windows (Windows NT family and Windows
CE family), and ReactOS operating...

Backdoor.Win32.WinterLove.i / Hardcoded Weak Password

14 September, 2021 - 07:13

Posted by malvuln on Sep 14

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/c6c81e8ba0a7b9da6216a78dfeccec8d.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.WinterLove.i
Vulnerability: Hardcoded Weak Password
Description: The WinterLove malware requires authentication for remote user
access. However, the password "plunix" is weak and hardcoded in plaintext
within the...

Backdoor.Win32.Wollf.h / Unauthenticated Remote Command Execution

14 September, 2021 - 07:13

Posted by malvuln on Sep 14

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/d0fd60516d53b2ad602c460351dbaa85.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Wollf.h
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware listens on TCP port 7614 installs a service named
WRM. Third-party attackers who can reach the system can get a shell with
SYSTEM integrity,...

Backdoor.Win32.VB.awm / Authentication Bypass - Information Leakage

14 September, 2021 - 07:13

Posted by malvuln on Sep 14

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/2271d942a23a89d7adea524d4ac3c13f.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.VB.awm
Vulnerability: Authentication Bypass - Information Leakage
Description: The "Cryptech Heat" malware listens on TCP port 3786 and has
an option to set an remote access password. The malware also runs a
keylogger, we...

HEUR.Trojan.Win32.Generic / Insecure Permissions

14 September, 2021 - 07:13

Posted by malvuln on Sep 14

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/a6916fb9b824e3d2edfe46be69ca2501.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: HEUR.Trojan.Win32.Generic
Vulnerability: Insecure Permissions
Description: The malware creates an dir with insecure permissions under c:\
drive and grants change (C) permissions to the authenticated user group.
Standard users can rename the...

rencode 3-byte packet DoS

7 September, 2021 - 11:11

Posted by Antoine Martin on Sep 07

1) About Rencode
Rencode is a "Python module for fast (basic) object serialization
similar to bencode".
https://github.com/aresch/rencode
This library is used as a faster and more efficient data encoder than
bencode.
There are implementations in other languages: Golang, Javascript, Java,
Ruby, dart, etc
Some of these ports carry the same bug, the Go port does.
(as an aside - not all of these derived works have preserved the
original...

Dahua CVE-2021-33044, CVE-2021-33045

7 September, 2021 - 11:10

Posted by bashis on Sep 07

Greetings,

Two independent authentication bypass has been found in Dahua (and their OEMs) devices.
Due to the very high potential of another "Dahua mass hack", I will keep Full Disclosure details until October 6, 2021.
Highly recommend upgrading the firmware until then.

Dahua advisory: https://www.dahuasecurity.com/support/cybersecurity/details/957

Have a nice day,
https://github.com/mcw0/PoC
/bashis

Backdoor.Win32.Small.vjt / Unauthenticated Remote Command Execution

7 September, 2021 - 11:08

Posted by malvuln on Sep 07

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/92ea873a2bbdaf0799d572bc4f30dc79.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Small.vjt
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware listens on TCP port 31337. Third-party attackers
who can reach the system can execute OS commands or programs further
compromising the...

Backdoor.Win32.Small.gs / Unauthenticated Remote Command Execution

7 September, 2021 - 11:08

Posted by malvuln on Sep 07

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/551674fec6add7117c4be7f6b357e7cb.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Small.gs
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware listens on TCP port 1080. Third-party attackers
who can reach infected systems can execute OS commands and or run arbitrary
programs.
Type:...

Backdoor.Win32.Nyara.aq / Insecure Permissions

7 September, 2021 - 11:08

Posted by malvuln on Sep 07

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/dec17541412bbc744b9f458862349e34.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Nyara.aq
Vulnerability: Insecure Permissions
Description: The malware creates a dir with insecure permissions under c:\
drive and grants change (C) permissions to the authenticated user group.
Standard users can rename the...

Re: a xss vulnerability in Jforum 2.7.0

7 September, 2021 - 11:08

Posted by Henri Salo on Sep 07

CVE-2021-40509 has been assigned for this vulnerability.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40509

Re: Mirror on the Fly Attack

7 September, 2021 - 11:07

Posted by bo0od on Sep 07

yeah but nothing new with this, you are making it over no TLS connection.

if you make similar to this attack over hardened TLS (hardened mean
support hsts,hsts-preload,ocsp..supported) or Tor hidden services
(called onion services as well) or I2P eepsites .. yeah that would be
something new and interesting.

anyway thanks for sharing :) .

Gökhan Muharremoglu:

CVE-2021-3145: Biometric Authentication Bypass in Ionic Identity Vault

7 September, 2021 - 11:06

Posted by Advisories on Sep 07

#############################################################
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/research/advisories/
#
#############################################################
#
# Product: Identity Vault
# Vendor: Ionic
# CSNC ID: CSNC-2021-001
# CVE ID: CVE-2021-3145
# Subject: Biometric Authentication Bypass on Android
# Severity: Medium
# Effect: Authentication Bypass
# Author: Emanuel Duss...