Full Disclosure

Syndicate content
A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.
Updated: 34 sec ago

Re: Trovent Security Advisory 2010-01 [updated] / CVE-2020-28208: Rocket.Chat email address enumeration vulnerability

19 January, 2021 - 12:16

Posted by Stefan Pietsch on Jan 19

# Trovent Security Advisory 2010-01 #
#####################################

Email address enumeration in reset password
###########################################

Overview
########

Advisory ID: TRSA-2010-01
Advisory version: 1.2
Advisory status: Public
Advisory URL: https://trovent.io/security-advisory-2010-01
Affected product: Web application Rocket.Chat
Affected version: <= 3.9.1
Vendor: Rocket.Chat Technologies Corp.,...

Re: Backdoor.Win32.NinjaSpy.c / Remote Stack Buffer Overflow

19 January, 2021 - 12:14

Posted by network.mp4 via Fulldisclosure on Jan 19

Matthew Fernandez <matthew.fernandez () gmail com> at Fri, 8 Jan 2021 07:53:44 -0800:

I personally think that those malware vulnerabilities are a great way to detect malware, however, they may be used a
lot to infect vulnerable computers with even more malware. But it's still a backdoor and those are great for education
about how such backdoors can be prevented, as list subscribers can see what mistakes did the programmer do and...

Re: Backdoor.Win32.Xtreme.yvp / Insecure Permissions EoP

19 January, 2021 - 12:14

Posted by network.mp4 via Fulldisclosure on Jan 19

bo0od <bo0od () riseup net> at Fri, 8 Jan 2021 10:31:06 +0000:

No, the backdoor is referring to a specific Windows malware program that has a vulnerability that can be abused as a
backdoor. There is no proof that this malware was made by Microsoft and the email does not suggest that.

Regards!

SEC Consult SA-20210113-1 :: Multiple vulnerabilities in flatCore CMS

13 January, 2021 - 06:50

Posted by SEC Consult Vulnerability Lab on Jan 13

SEC Consult Vulnerability Lab Security Advisory < 20210113-1 >
=======================================================================
title: Multiple Vulnerabilities
product: flatCore CMS
vulnerable version: < 2.0.0 Build 139
fixed version: Release 2.0.0 Build 139
CVE number: CVE-2021-23835, CVE-2021-23836, CVE-2021-23837, CVE-2021-23838
impact: High
homepage:...

SEC Consult SA-20210113-0 :: Multiple vulnerabilities in Pepperl+Fuchs IO-Link Master Series

13 January, 2021 - 06:24

Posted by SEC Consult Vulnerability Lab on Jan 13

SEC Consult Vulnerability Lab Security Advisory < 20210113-0 >
=======================================================================
title: Multiple vulnerabilities
product: Pepperl+Fuchs IO-Link Master Series
See "Vulnerable / tested versions"
vulnerable version: System 1.36 / Application 1.5.28
fixed version: System 1.52 / Application 1.6.11
CVE number:...

Backdoor.Win32.Zombam.a / Remote Stack Buffer Overflow

12 January, 2021 - 21:59

Posted by malvuln on Jan 12

Discovery / credits: malvuln - Malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/6c5081e9b65a52963b0b1ae612ef7eb4.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Zombam.a
Vulnerability: Remote Stack Buffer Overflow
Description: The malware listens on TCP port 80, sending an HTTP GET
request with 300 or more bytes will trigger buffer overflow
overwriting EIP.
Type: PE32
MD5:...

Backdoor.Win32.Levelone.b / Remote Stack Buffer Overflow

12 January, 2021 - 21:59

Posted by malvuln on Jan 12

Discovery / credits: malvuln - Malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/3f82e6ddc9f5242f5af200d2fbae4ce4.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Levelone.b
Vulnerability: Remote Stack Buffer Overflow
Description: The backdoor listens on Port 7777, sending two large
consecutive HTTP OPTIONS requests trigger the buffer overflow
overwriting EIP.
Type: PE32
MD5:...

Backdoor.Win32.Levelone.a / Remote Stack Buffer Overflow

12 January, 2021 - 21:59

Posted by malvuln on Jan 12

Discovery / credits: malvuln - Malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/6a2d09c4527cf222e4e2571b074fcc0c.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Levelone.a
Vulnerability: Remote Stack Buffer Overflow
Description: The malware listens on Port 1500, sending a specially
crafted HTTP TRACE request causes a buffer overflow and overwrites EIP
with our payload. If testing you need...

Backdoor.Win32.Ketch.b / Remote Stack Buffer Overflow

12 January, 2021 - 21:59

Posted by malvuln on Jan 12

Discovery / credits: malvuln - Malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/9d7be3799594a82bf7056905f501af03.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Ketch.b
Vulnerability: Remote Stack Buffer Overflow

Description: Makes HTTP GET request for a file "script.dat", and writes the
server response to temporary file named "watchb.tmp" under c:\Windows dir.
At 1032...

Re: Backdoor.Win32.Xtreme.yvp / Insecure Permissions EoP

12 January, 2021 - 21:59

Posted by bo0od on Jan 12

When you say backdoor, you mean backdoor which microsoft remotely using
it or you mean a malware can take advantage of?

malvuln:

Advisory: ES2021-01 - Loopback access control bypass in coturn by using 0.0.0.0, [::1] or [::] as the peer address

12 January, 2021 - 21:59

Posted by Sandro Gauci on Jan 12

# Loopback access control bypass in coturn by using 0.0.0.0, [::1] or [::] as the peer address

- Fixed version: 4.5.2
- Enable Security Advisory:
https://github.com/EnableSecurity/advisories/tree/master/ES2021-01-coturn-access-control-bypass
- Coturn Security Advisory: https://github.com/coturn/coturn/security/advisories/GHSA-6g6j-r9rf-cm7p
- Other references:
- CVE-2020-26262
-...

Re: Trovent Security Advisory 2010-01 [updated] / CVE-2020-28208: Rocket.Chat email address enumeration vulnerability

12 January, 2021 - 21:59

Posted by Stefan Pietsch on Jan 12

# Trovent Security Advisory 2010-01 #
#####################################

Email address enumeration in reset password
###########################################

Overview
########

Advisory ID: TRSA-2010-01
Advisory version: 1.1
Advisory status: Public
Advisory URL: https://trovent.io/security-advisory-2010-01
Affected product: Web application Rocket.Chat
Affected version: <= 3.7.1
Vendor: Rocket.Chat Technologies Corp.,...

Envira Gallery - Lite Edition - Version 1.8.3.2 CVE-2020-35581 CVE-2020-35582

12 January, 2021 - 21:58

Posted by Rodolfo Augusto do Nascimento Tavares on Jan 12

==== [Tempest Security Intelligence - ADV-12/2020]
=============================

Envira Gallery - Lite Edition - Version 1.8.3.2
Author: Rodolfo Tavares
Tempest Security Intelligence - Recife, Pernambuco - Brazil

===== [Table of Contents] ================================================
• Overview
• Detailed description
• Disclosure timeline
• Acknowledgements
• References

===== [Vulnerability Information]...

Multiple vulnerabilities found in FiberHome HG6245D routers

12 January, 2021 - 21:58

Posted by Pierre Kim on Jan 12

## Advisory Information

Title: Multiple vulnerabilities found in FiberHome HG6245D routers
Advisory URL: https://pierrekim.github.io/advisories/2021-fiberhome-0x00-ont.txt
Blog URL: https://pierrekim.github.io/blog/2021-01-12-fiberhome-ont-0day-vulnerabilities.html
Date published: 2021-01-12
Vendors contacted: None
Release mode: Full-Disclosure
CVE: None yet assigned

## Product Description

FiberHome Technologies is a leading equipment vendor...

Re: Backdoor.Win32.NinjaSpy.c / Remote Stack Buffer Overflow

12 January, 2021 - 21:57

Posted by Matthew Fernandez on Jan 12

How should we be treating the stream of malware vulnerabilities you’ve reported recently? If something is malware,
surely I want to remove it from my machine anyway? I’m all for full disclosure, but I’m just trying to understand if
there’s anything actionable list members could do with this information. Thank you for your work on this, which is
quite interesting to follow by the way.

Trovent Security Advisory 2010-01 / CVE-2020-28208: Rocket.Chat email address enumeration vulnerability

8 January, 2021 - 00:53

Posted by Stefan Pietsch on Jan 07

# Trovent Security Advisory 2010-01 #
#####################################

Email address enumeration in reset password
###########################################

Overview
########

Advisory ID: TRSA-2010-01
Advisory version: 1.0
Advisory status: Public
Advisory URL: https://trovent.io/security-advisory-2010-01
Affected product: Web application Rocket.Chat
Affected version: <= 3.7.1
Vendor: Rocket.Chat Technologies Corp.,...

Open-Xchange Security Advisory 2021-01-07

8 January, 2021 - 00:53

Posted by Martin Heiland via Fulldisclosure on Jan 07

Dear subscribers,

we're sharing our latest advisory with you and like to thank everyone who contributed in finding and solving those
vulnerabilities. Feel free to join our bug bounty programs for OX AppSuite, Dovecot and PowerDNS at HackerOne.

Yours sincerely,
Martin Heiland, Open-Xchange GmbH

Product: OX App Suite / OX Documents
Vendor: OX Software GmbH

Internal reference: MWB-423
Vulnerability type: Server-Side Request Forgery...

Backdoor.Win32.NinjaSpy.c / Remote Stack Buffer Overflow

8 January, 2021 - 00:52

Posted by malvuln on Jan 07

Discovery / credits: malvuln - Malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/6eece319bc108576bd1f4a8364616264.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.NinjaSpy.c
Vulnerability: Remote Stack Buffer Overflow
Description: The specimen drops a DLL named "cmd.dll" under C:\WINDOWS\
which listens on both TCP ports 2003 and 2004. By sending consecutive HTTP
PUT requests with...

Backdoor.Win32.Xtreme.yvp / Insecure Permissions EoP

8 January, 2021 - 00:52

Posted by malvuln on Jan 07

Discovery / credits: malvuln - Malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/7bd93c10c9373cfc2bcc8eff712631f1.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Xtreme.yvp
Vulnerability: Insecure Permissions EoP
Description: Change permissions are granted to authenticated users,
allowing privilege escalation.
Type: PE32
MD5: 7bd93c10c9373cfc2bcc8eff712631f1
Vuln ID: MVID-2021-0017
Dropped...

Backdoor.Win32.Agent.dcbh / Insecure Permissions EoP

8 January, 2021 - 00:52

Posted by malvuln on Jan 07

Discovery / credits: malvuln - Malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/bba63df41adcf2cf80c74e4a62539d44.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Agent.dcbh
Vulnerability: Insecure Permissions EoP
Description: Drops an executable with a randomly generated numeric name
E.g. 674_674.exe. Change permissions are granted to authenticated users,
allowing privilege escalation.
Type:...