Full Disclosure

Syndicate content
A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.
Updated: 19 min 41 sec ago

Backdoor.Win32.Burbul.b / Authentication Bypass MITM Port Bounce Scan

2 April, 2021 - 13:51

Posted by malvuln on Apr 02

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/3ee4cb2e06eb1f7fe54c89db903f3e7a_B.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Burbul.b
Vulnerability: Authentication Bypass MITM Port Bounce Scan
Description: The backdoor runs an FTP server that listens on TCP port 2121.
Third-party adversaries can abuse the server as a man-in-the-middle machine
allowing...

Backdoor.Win32.Burbul.b / Authentication Bypass MITM Port Bounce Scan

31 March, 2021 - 14:17

Posted by malvuln on Mar 31

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/3ee4cb2e06eb1f7fe54c89db903f3e7a_B.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Burbul.b
Vulnerability: Authentication Bypass MITM Port Bounce Scan
Description: The backdoor runs an FTP server that listens on TCP port 2121.
Third-party adversaries can abuse the server as a man-in-the-middle machine
allowing...

IRC-Worm.Win32.Silentium.a / Insecure Permissions

31 March, 2021 - 14:17

Posted by malvuln on Mar 31

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/7a3c4ec00ba952207f25d1189c86ce22.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: IRC-Worm.Win32.Silentium.a
Vulnerability: Insecure Permissions
Description: Silentium.a creates an insecure dir named "Games" under c:\
drive and grants change (C) permissions to the authenticated user group.
Standard users can rename...

IRC-Worm.Win32.Jane.a / Authentication Bypass MITM Port Bounce Scan

30 March, 2021 - 01:35

Posted by malvuln on Mar 29

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/2d1d6b0fd55eca12f58b8b6d80f8153f_B.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: IRC-Worm.Win32.Jane.a
Vulnerability: Authentication Bypass MITM Port Bounce Scan
Description: The backdoor FTP server listens on TCP port 21, upon
connecting the server responds with banner "JANE_FTP Server is ready to be
hacked !!! thx...

IRC-Worm.Win32.Jane.a / Authentication Bypass RCE

30 March, 2021 - 01:35

Posted by malvuln on Mar 29

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/2d1d6b0fd55eca12f58b8b6d80f8153f.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: IRC-Worm.Win32.Jane.a
Vulnerability: Authentication Bypass RCE
Description: The backdoor FTP server listens on TCP port 21, upon
connecting the server responds with banner "JANE_FTP Server is ready to be
hacked !!! thx Del_Armg0 ... ;...

PotPlayer denial of service vulnerability

30 March, 2021 - 01:34

Posted by houjingyi on Mar 29

PotPlayer is a multimedia software player developed for the Microsoft
Windows operating system by South Korean Internet company Kakao (formerly
Daum Communications). It competes with other popular Windows media players
such as VLC media player, GOM Player, KMPlayer, SMPlayer and Media Player
Classic. PotPlayer's reception has been positive with reviewers
complimenting its wide range of settings and customizations, as well as its
lightweight...

APPLE-SA-2021-03-26-3 watchOS 7.3.3

26 March, 2021 - 15:04

Posted by Apple Product Security via Fulldisclosure on Mar 26

APPLE-SA-2021-03-26-3 watchOS 7.3.3

watchOS 7.3.3 addresses the following issue.
Information about the security content is also available at
https://support.apple.com/HT212258.

WebKit
Available for: Apple Watch Series 3 and later
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting. Apple is aware of a report that this
issue may have been actively exploited.
Description: This issue was addressed by...

APPLE-SA-2021-03-26-2 iOS 12.5.2

26 March, 2021 - 15:04

Posted by Apple Product Security via Fulldisclosure on Mar 26

APPLE-SA-2021-03-26-2 iOS 12.5.2

iOS 12.5.2 addresses the following issue. Information about
the security content is also available at
https://support.apple.com/HT212257.

WebKit
Available for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad
mini 2, iPad mini 3, and iPod touch (6th generation)
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting. Apple is aware of a report that this
issue may have...

APPLE-SA-2021-03-26-1 iOS 14.4.2 and iPadOS 14.4.2

26 March, 2021 - 15:04

Posted by Apple Product Security via Fulldisclosure on Mar 26

APPLE-SA-2021-03-26-1 iOS 14.4.2 and iPadOS 14.4.2

iOS 14.4.2 and iPadOS 14.4.2 addresses the following issue.
Information about the security content is also available at
https://support.apple.com/HT212256.

WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to...

Backdoor.Win32.Delf.zs / Unauthenticated Remote Command Execution

26 March, 2021 - 15:04

Posted by malvuln on Mar 26

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/911e96073cfe807289366343aa8d97ac.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Delf.zs
Vulnerability: Unauthenticated Remote Command Execution
Description: Backdoor Delf.zs c0ded By Eb0La, is used to build backdoors
that listen on TCP port 2005. Upon building it drops an executable named...

Backdoor.Win32.Kwak.12 / Remote Command Execution

26 March, 2021 - 04:57

Posted by malvuln on Mar 26

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/c25393545e5ead3a35996ef9a887bd34.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Kwak.12
Vulnerability: Remote Command Execution
Description: The backdoor runs an FTP server that listens on TCP port
37885. The malware is packed using UPX which is trivial to unpack by using
upx -d command, after observe various...

Backdoor.Win32.Kwak.12 / Authentication Bypass

26 March, 2021 - 04:57

Posted by malvuln on Mar 26

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/c25393545e5ead3a35996ef9a887bd34_B.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Kwak.12
Vulnerability: Authentication Bypass
Description: The backdoor runs an FTP server that listens on TCP port
37885. The program acts like a typical FTP server and prompts for logon.
However, anyone can seemingly use any...

Backdoor.Win32.Kwak.12 / Port Bounce Scan

26 March, 2021 - 04:57

Posted by malvuln on Mar 26

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/c25393545e5ead3a35996ef9a887bd34_D.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Kwak.12
Vulnerability: Port Bounce Scan
Description: The backdoor runs an FTP server that listens on TCP port
37885. Third-party adversaries can abuse the server as a man-in-the-middle
machine allowing PORT Command bounce scan...

Backdoor.Win32.Kwak.12 / Remote Denial of Service

26 March, 2021 - 04:57

Posted by malvuln on Mar 26

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/c25393545e5ead3a35996ef9a887bd34_C.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Kwak.12
Vulnerability: Remote Denial of Service
Description: The backdoor runs an FTP server that listens on TCP port
37885. Attackers who can reach the infected host can send a payload of
around 6500 bytes using socket program to...

CVE-2021-3275 : Unauthenticated Stored Cross-site Scripting in Multiple TP-Link Devices

26 March, 2021 - 04:57

Posted by Smriti Gaba on Mar 26

==============================================================
Unauthenticated Stored Cross-site Scripting in Multiple TP-Link Devices
==============================================================

Overview
========

Title:- Unauthenticated Stored Cross-site Scripting in TP-Link Devices.
CVE-ID :- CVE-2021-3275
Author: Smriti Gaba, Kaustubh Padwad
Vendor: TP-LINK (https://www.tp-link.com)
Products:
1. DSL and DSL Gateway
2. Access Points
3. WIFI...

BACKDOOR.WIN32.DARKKOMET.GOZU / Insecure Permissions

25 March, 2021 - 01:33

Posted by malvuln on Mar 24

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/00199eb3fd1a0aa6771b7f12fad895a0.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.DarkKomet.gozu
Vulnerability: Insecure Permissions
Description: Creates a hidden dir named "AQIpWUAQIpWU" under c:\ drive and
grants change (C) permissions to the authenticated user group. Standard
users can rename the...

Worm.Win32.Ngrbot.acno / Insecure Permissions

25 March, 2021 - 01:32

Posted by malvuln on Mar 24

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/0b3c2053a7c09aa25ba81f2bdebbb873.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Worm.Win32.Ngrbot.acno
Vulnerability: Insecure Permissions
Description: Creates a dir named "ffffd76" under c:\ drive and grants
change (C) permissions to the authenticated user group. Standard users can
rename the executables dropped by...

Worm.Win32.Recyl.dp / Insecure Permissions

25 March, 2021 - 01:32

Posted by malvuln on Mar 24

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/e4737fb6c231bfb84d1a55ec2fb61641.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Worm.Win32.Recyl.dp
Vulnerability: Insecure Permissions
Description: creates a dir named "RECYCLER" under c:\ drive and grants
change (C) permissions to the authenticated user group. Standard users can
rename the executables dropped by...

Worm.Win32.Ngrbot.abpr / Insecure Permissions

25 March, 2021 - 01:32

Posted by malvuln on Mar 24

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/ed1e47f62fa93f2fd2f4fbcfdd0f1c10.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Worm.Win32.Ngrbot.abpr
Vulnerability: Insecure Permissions
Description: Ngrbot.abpr creates a dir named "Win.Msi" under c:\ drive and
grants change (C) permissions to the authenticated user group. Standard
users can rename several of the...

Trojan-Dropper.Win32.Dycler.yhb / Insecure Permissions

25 March, 2021 - 01:32

Posted by malvuln on Mar 24

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/04a5a52f12d2a130bb88f98c3bc14aa8.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan-Dropper.Win32.Dycler.yhb
Vulnerability: Insecure Permissions
Description: Dycler.yhb creates a dir named "RECYCLER" under c:\ drive and
grants change (C) permissions to the authenticated user group. Standard
users can rename the...