Full Disclosure

Syndicate content
A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.
Updated: 38 weeks 1 day ago

rencode 3-byte packet DoS

7 September, 2021 - 11:11

Posted by Antoine Martin on Sep 07

1) About Rencode
Rencode is a "Python module for fast (basic) object serialization
similar to bencode".
https://github.com/aresch/rencode
This library is used as a faster and more efficient data encoder than
bencode.
There are implementations in other languages: Golang, Javascript, Java,
Ruby, dart, etc
Some of these ports carry the same bug, the Go port does.
(as an aside - not all of these derived works have preserved the
original...

Dahua CVE-2021-33044, CVE-2021-33045

7 September, 2021 - 11:10

Posted by bashis on Sep 07

Greetings,

Two independent authentication bypass has been found in Dahua (and their OEMs) devices.
Due to the very high potential of another "Dahua mass hack", I will keep Full Disclosure details until October 6, 2021.
Highly recommend upgrading the firmware until then.

Dahua advisory: https://www.dahuasecurity.com/support/cybersecurity/details/957

Have a nice day,
https://github.com/mcw0/PoC
/bashis

Backdoor.Win32.Small.vjt / Unauthenticated Remote Command Execution

7 September, 2021 - 11:08

Posted by malvuln on Sep 07

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/92ea873a2bbdaf0799d572bc4f30dc79.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Small.vjt
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware listens on TCP port 31337. Third-party attackers
who can reach the system can execute OS commands or programs further
compromising the...

Backdoor.Win32.Small.gs / Unauthenticated Remote Command Execution

7 September, 2021 - 11:08

Posted by malvuln on Sep 07

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/551674fec6add7117c4be7f6b357e7cb.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Small.gs
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware listens on TCP port 1080. Third-party attackers
who can reach infected systems can execute OS commands and or run arbitrary
programs.
Type:...

Backdoor.Win32.Nyara.aq / Insecure Permissions

7 September, 2021 - 11:08

Posted by malvuln on Sep 07

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/dec17541412bbc744b9f458862349e34.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Nyara.aq
Vulnerability: Insecure Permissions
Description: The malware creates a dir with insecure permissions under c:\
drive and grants change (C) permissions to the authenticated user group.
Standard users can rename the...

Re: a xss vulnerability in Jforum 2.7.0

7 September, 2021 - 11:08

Posted by Henri Salo on Sep 07

CVE-2021-40509 has been assigned for this vulnerability.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40509

Re: Mirror on the Fly Attack

7 September, 2021 - 11:07

Posted by bo0od on Sep 07

yeah but nothing new with this, you are making it over no TLS connection.

if you make similar to this attack over hardened TLS (hardened mean
support hsts,hsts-preload,ocsp..supported) or Tor hidden services
(called onion services as well) or I2P eepsites .. yeah that would be
something new and interesting.

anyway thanks for sharing :) .

Gökhan Muharremoglu:

CVE-2021-3145: Biometric Authentication Bypass in Ionic Identity Vault

7 September, 2021 - 11:06

Posted by Advisories on Sep 07

#############################################################
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/research/advisories/
#
#############################################################
#
# Product: Identity Vault
# Vendor: Ionic
# CSNC ID: CSNC-2021-001
# CVE ID: CVE-2021-3145
# Subject: Biometric Authentication Bypass on Android
# Severity: Medium
# Effect: Authentication Bypass
# Author: Emanuel Duss...

a xss vulnerability in Jforum 2.7.0

3 September, 2021 - 10:24

Posted by kun song on Sep 03

hi,

I found a vulnerability in the jforum 2.7.0. It is a storage cross site
script vulnerability. The place is the user's profile - signature. The
technique of the vulnerability is the same as that described in this
article "STORED CROSS SITE SCRIPTING IN BBCODE" (
https://mindedsecurity.com/advisories/msa130510/), and the POC is:

color tag:
[color=red" onMouseOver="alert('xss')]XSS[/color]...

Backdoor.Win32.MoonPie.40 / Unauthenticated Remote Command Execution

3 September, 2021 - 10:24

Posted by malvuln on Sep 03

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/Backdoor.Win32.MoonPie.40.9dbb6d56bc9a7813305883acd0f9a355_C.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.MoonPie.40
Vulnerability: Unauthenticated Remote Command Execution
Description: listens on TCP port 25685. Third-party attackers who can reach
infected systems can execute OS commands and or run arbitrary...

Backdoor.Win32.MoonPie.40 / Port Bounce Scan

3 September, 2021 - 10:24

Posted by malvuln on Sep 03

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/9dbb6d56bc9a7813305883acd0f9a355_B.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.MoonPie.40
Vulnerability: Port Bounce Scan
Description: The malware listens on TCP port 25686, its FTP component
accepts any username/password credentials. Third-party attackers who
successfully logon can abuse the backdoor FTP...

Backdoor.Win32.MoonPie.40 / Authentication Bypass RCE

3 September, 2021 - 10:24

Posted by malvuln on Sep 03

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/9dbb6d56bc9a7813305883acd0f9a355.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.MoonPie.40
Vulnerability: Authentication Bypass RCE
Description: The malware runs an FTP server on TCP port 25686. Third-party
attackers who can reach infected systems can logon using any
username/password combination. Intruders may...

Artica Proxy VMWare Appliance 4.30.000000 <=[SP273]

3 September, 2021 - 10:22

Posted by Heiko Feldhusen via Fulldisclosure on Sep 03

Advisory ID: RCS20210707-0
Product: Artica Proxy VMWare Appliance
Vendor/Manufacturer: ArticaTech (https://www.articatech.com)
Affected Version(s): 4.30.000000 <=[SP273]
Tested Version(s): 4.30.000000 [SP273]
Vulnerability Type: Relative path traversal [CWE-23], Improper...

Mirror on the Fly Attack

3 September, 2021 - 10:22

Posted by Gökhan Muharremoglu on Sep 03

Dear all,

I’d like to share an attack concept study with you.

With the help of new technologies in the application engineering (especially in the web application area) now it is
possible to create man in the middle attacks that can bypass too many security countermeasures (2FA, OTP, CAPTCHA, SSL,
Security Picture, Browser Remembering, etc.) by utilizing an approach we called mirroring on the fly...

At the mirroring on the fly approach, man...

Windows Defender Application Guard DoS via Long Hostname

3 September, 2021 - 10:21

Posted by Jonathan Gregson via Fulldisclosure on Sep 03

Windows Defender Application Guard (also known as "WDAG", Microsoft Defender Application Guard, and "MDAG") can be
closed by any script or website loaded in WDAG by redirecting the browser to a URL with a long hostname (e.g, 10,000
characters long). This can cause a denial-of-service condition.

Impact: 4.3
CVSS 3.1: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:H/RL:U/RC:C

## Details

Application Guard will immediately close if...

KL-001-2021-010:CyberArk Credential Provider Local Cache Can Be Decrypted

1 September, 2021 - 13:22

Posted by KoreLogic Disclosures via Fulldisclosure on Sep 01

KL-001-2021-010:CyberArk Credential Provider Local Cache Can Be Decrypted

Title: CyberArk Credential Provider Local Cache Can Be Decrypted
Advisory ID: KL-001-2021-010
Publication Date: 2021.09.01
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2021-010.txt

1. Vulnerability Details

     Affected Vendor: CyberArk
     Affected Product: Application Access Manager/Credential Provider
     Affected Version: Prior to...

KL-001-2021-009: CyberArk Credential Provider Race Condition And Authorization Bypass

1 September, 2021 - 13:21

Posted by KoreLogic Disclosures via Fulldisclosure on Sep 01

KL-001-2021-009: CyberArk Credential Provider Race Condition And Authorization Bypass

Title: CyberArk Credential Provider Race Condition And Authorization Bypass
Advisory ID: KL-001-2021-009
Publication Date: 2021.09.01
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2021-009.txt

1. Vulnerability Details

     Affected Vendor: CyberArk
     Affected Product: Application Access Manager/Credential Provider
    ...

KL-001-2021-008: CyberArk Credential File Insufficient Effective Key Space

1 September, 2021 - 13:20

Posted by KoreLogic Disclosures via Fulldisclosure on Sep 01

KL-001-2021-008: CyberArk Credential File Insufficient Effective Key Space

Title: CyberArk Credential File Insufficient Effective Key Space
Advisory ID: KL-001-2021-008
Publication Date: 2021.09.01
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2021-008.txt

1. Vulnerability Details

     Affected Vendor: CyberArk
     Affected Product: Application Access Manager/Credential Provider
     Affected Version: Prior to...

SEC Consult SA-20210901-0 :: Multiple vulnerabilities in MOXA devices

1 September, 2021 - 05:58

Posted by SEC Consult Vulnerability Lab on Sep 01

SEC Consult Vulnerability Lab Security Advisory < 20210901-0 >
=======================================================================
title: Multiple vulnerabilities
product: see "Vulnerable / tested versions"
vulnerable version: see "Vulnerable / tested versions"
fixed version: see "Solution"
CVE number: CVE-2021-39278, CVE-2021-39279
impact: High...

Backdoor.Win32.Hupigon.aejq / Directory Traversal

31 August, 2021 - 03:37

Posted by malvuln on Aug 31

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/2a366cea300b84b4e6f8204a8c229266_C.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Hupigon.aejq
Vulnerability: Directory Traversal
Description: The malware deploys a Web server listening on TCP port 80.
Third-party attackers who can reach an infected host can read any file on
the system using "../"...