SOLDIERX.COM Nobody Can Stop Information Insemination

Posted by malvuln on Apr 02

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/3ee4cb2e06eb1f7fe54c89db903f3e7a_B.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Burbul.b
Vulnerability: Authentication Bypass MITM Port Bounce Scan
Description: The backdoor runs an FTP server that listens on TCP port 2121.
Third-party adversaries can abuse the server as a man-in-the-middle machine
allowing...

Posted by malvuln on Mar 31

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/3ee4cb2e06eb1f7fe54c89db903f3e7a_B.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Burbul.b
Vulnerability: Authentication Bypass MITM Port Bounce Scan
Description: The backdoor runs an FTP server that listens on TCP port 2121.
Third-party adversaries can abuse the server as a man-in-the-middle machine
allowing...

Posted by malvuln on Mar 31

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/7a3c4ec00ba952207f25d1189c86ce22.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: IRC-Worm.Win32.Silentium.a
Vulnerability: Insecure Permissions
Description: Silentium.a creates an insecure dir named "Games" under c:\
drive and grants change (C) permissions to the authenticated user group.
Standard users can rename...

Posted by malvuln on Mar 29

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/2d1d6b0fd55eca12f58b8b6d80f8153f_B.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: IRC-Worm.Win32.Jane.a
Vulnerability: Authentication Bypass MITM Port Bounce Scan
Description: The backdoor FTP server listens on TCP port 21, upon
connecting the server responds with banner "JANE_FTP Server is ready to be
hacked !!! thx...

Posted by malvuln on Mar 29

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/2d1d6b0fd55eca12f58b8b6d80f8153f.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: IRC-Worm.Win32.Jane.a
Vulnerability: Authentication Bypass RCE
Description: The backdoor FTP server listens on TCP port 21, upon
connecting the server responds with banner "JANE_FTP Server is ready to be
hacked !!! thx Del_Armg0 ... ;...

Posted by houjingyi on Mar 29

PotPlayer is a multimedia software player developed for the Microsoft
Windows operating system by South Korean Internet company Kakao (formerly
Daum Communications). It competes with other popular Windows media players
such as VLC media player, GOM Player, KMPlayer, SMPlayer and Media Player
Classic. PotPlayer's reception has been positive with reviewers
complimenting its wide range of settings and customizations, as well as its
lightweight...

Posted by Apple Product Security via Fulldisclosure on Mar 26

APPLE-SA-2021-03-26-3 watchOS 7.3.3

watchOS 7.3.3 addresses the following issue.
Information about the security content is also available at
https://support.apple.com/HT212258.

WebKit
Available for: Apple Watch Series 3 and later
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting. Apple is aware of a report that this
issue may have been actively exploited.
Description: This issue was addressed by...

Posted by Apple Product Security via Fulldisclosure on Mar 26

APPLE-SA-2021-03-26-2 iOS 12.5.2

iOS 12.5.2 addresses the following issue. Information about
the security content is also available at
https://support.apple.com/HT212257.

WebKit
Available for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad
mini 2, iPad mini 3, and iPod touch (6th generation)
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting. Apple is aware of a report that this
issue may have...

Posted by Apple Product Security via Fulldisclosure on Mar 26

APPLE-SA-2021-03-26-1 iOS 14.4.2 and iPadOS 14.4.2

iOS 14.4.2 and iPadOS 14.4.2 addresses the following issue.
Information about the security content is also available at
https://support.apple.com/HT212256.

WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to...

Posted by malvuln on Mar 26

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/911e96073cfe807289366343aa8d97ac.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Delf.zs
Vulnerability: Unauthenticated Remote Command Execution
Description: Backdoor Delf.zs c0ded By Eb0La, is used to build backdoors
that listen on TCP port 2005. Upon building it drops an executable named...

Posted by malvuln on Mar 26

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/c25393545e5ead3a35996ef9a887bd34.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Kwak.12
Vulnerability: Remote Command Execution
Description: The backdoor runs an FTP server that listens on TCP port
37885. The malware is packed using UPX which is trivial to unpack by using
upx -d command, after observe various...

Posted by malvuln on Mar 26

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/c25393545e5ead3a35996ef9a887bd34_B.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Kwak.12
Vulnerability: Authentication Bypass
Description: The backdoor runs an FTP server that listens on TCP port
37885. The program acts like a typical FTP server and prompts for logon.
However, anyone can seemingly use any...

Posted by malvuln on Mar 26

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/c25393545e5ead3a35996ef9a887bd34_D.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Kwak.12
Vulnerability: Port Bounce Scan
Description: The backdoor runs an FTP server that listens on TCP port
37885. Third-party adversaries can abuse the server as a man-in-the-middle
machine allowing PORT Command bounce scan...

Posted by malvuln on Mar 26

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/c25393545e5ead3a35996ef9a887bd34_C.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Kwak.12
Vulnerability: Remote Denial of Service
Description: The backdoor runs an FTP server that listens on TCP port
37885. Attackers who can reach the infected host can send a payload of
around 6500 bytes using socket program to...

Posted by Smriti Gaba on Mar 26

==============================================================
Unauthenticated Stored Cross-site Scripting in Multiple TP-Link Devices
==============================================================

Overview
========

Title:- Unauthenticated Stored Cross-site Scripting in TP-Link Devices.
CVE-ID :- CVE-2021-3275
Author: Smriti Gaba, Kaustubh Padwad
Vendor: TP-LINK (https://www.tp-link.com)
Products:
1. DSL and DSL Gateway
2. Access Points
3. WIFI...

Posted by malvuln on Mar 24

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/00199eb3fd1a0aa6771b7f12fad895a0.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.DarkKomet.gozu
Vulnerability: Insecure Permissions
Description: Creates a hidden dir named "AQIpWUAQIpWU" under c:\ drive and
grants change (C) permissions to the authenticated user group. Standard
users can rename the...

Posted by malvuln on Mar 24

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/0b3c2053a7c09aa25ba81f2bdebbb873.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Worm.Win32.Ngrbot.acno
Vulnerability: Insecure Permissions
Description: Creates a dir named "ffffd76" under c:\ drive and grants
change (C) permissions to the authenticated user group. Standard users can
rename the executables dropped by...

Posted by malvuln on Mar 24

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/e4737fb6c231bfb84d1a55ec2fb61641.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Worm.Win32.Recyl.dp
Vulnerability: Insecure Permissions
Description: creates a dir named "RECYCLER" under c:\ drive and grants
change (C) permissions to the authenticated user group. Standard users can
rename the executables dropped by...

Posted by malvuln on Mar 24

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/ed1e47f62fa93f2fd2f4fbcfdd0f1c10.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Worm.Win32.Ngrbot.abpr
Vulnerability: Insecure Permissions
Description: Ngrbot.abpr creates a dir named "Win.Msi" under c:\ drive and
grants change (C) permissions to the authenticated user group. Standard
users can rename several of the...

Posted by malvuln on Mar 24

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/04a5a52f12d2a130bb88f98c3bc14aa8.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan-Dropper.Win32.Dycler.yhb
Vulnerability: Insecure Permissions
Description: Dycler.yhb creates a dir named "RECYCLER" under c:\ drive and
grants change (C) permissions to the authenticated user group. Standard
users can rename the...