Full Disclosure

Syndicate content
A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.
Updated: 3 min 19 sec ago

Worm.Win32.Detnat.c / Insecure Permissions

25 March, 2021 - 01:32

Posted by malvuln on Mar 24

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/8df7527bd3446b89298c9c750394e0b6.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Worm.Win32.Detnat.c
Vulnerability: Insecure Permissions
Description: Detnat.c creates a dir named "Recycled" under c:\ drive and
grants change (C) permissions to the authenticated user group. Standard
users can rename the...

Virus.Win32.Sality.gen / Insecure Permissions

25 March, 2021 - 01:32

Posted by malvuln on Mar 24

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/423a5a63bed721e479c156b309bb58fd.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Virus.Win32.Sality.gen
Vulnerability: Insecure Permissions
Description: Sality.gen creates a dir named "z_Drivers" under c:\ drive and
grants change (C) permissions to the authenticated user group. Standard
users can rename the...

Trojan-Dropper.Win32.Demp.rft / Insecure Permissions

23 March, 2021 - 13:39

Posted by malvuln on Mar 23

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/db01783710e0c5aff92156a0e76deade.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan-Dropper.Win32.Demp.rft
Vulnerability: Insecure Permissions
Description: The specimen creates a dir named "tmp" under c:\ drive and
grants change (C) permissions to the authenticated user group. Standard
users can rename the...

Trojan-Dropper.Win32.Delf.da / Remote Stack Buffer Overflow (UDP Datagram)

23 March, 2021 - 13:39

Posted by malvuln on Mar 23

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/a2f1adfd7a35fd0e0207a24be169b4c1.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan-Dropper.Win32.Delf.da
Vulnerability: Remote Stack Buffer Overflow (UDP Datagram)
Description: Delf.da malware listens on UDP port 37031. Adversaries who can
reach the infected system can send a payload of just 999 bytes and trigger
a...

HEUR.Trojan.Win32.Generic / Insecure Permissions

23 March, 2021 - 13:39

Posted by malvuln on Mar 23

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/c60f00700bd73ca369195bd32a3f16a3.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: HEUR.Trojan.Win32.Generic
Vulnerability: Insecure Permissions
Description: The specimen creates a dir named "RECYCLER" under c:\ drive
and grants change (C) permissions to the authenticated user group. Within
the RECYCLER dir exists an...

Trojan-Dropper.Win32.Dycler.vrp / Insecure Permissions

23 March, 2021 - 13:39

Posted by malvuln on Mar 23

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/06cbbff745c60c46e0996928c00ef28f.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan-Dropper.Win32.Dycler.vrp
Vulnerability: Insecure Permissions
Description: Dycler.vrp creates an insecure dir named "Drivers" under c:\
drive and grants change (C) permissions to the authenticated user group.
Standard users can...

CVE-2018-3635 revisited: executable installers are vulnerable^WEVIL (case 60): again arbitrary code execution WITH escalation of privilege via Intel Rapid Storage Technology User Interface and Driver

23 March, 2021 - 13:38

Posted by Stefan Kanthak on Mar 23

Hi @ll,

more than 2 years ago I disclosed 2 vulnerabilities leading to
local escalation of privilege in the
Intel® Rapid Storage Technology (Intel® RST) User Interface and Driver:
see <https://seclists.org/fulldisclosure/2018/Nov/45>
and <https://seclists.org/fulldisclosure/2018/Nov/52>

Intel fixed this vulnerability only in their executable installer.

Some time later Intel rewrote or rebuilt this installer (see
<...

Inaugural Issue of the Journal of Cyber Forensics and Advanced Threat Investigations

23 March, 2021 - 13:33

Posted by Andrew Zayine on Mar 23

Dear Cybersecurity Researchers,
Red || Yellow || Blue Teamers,

International Journal of Cyber Forensics and Advanced Threat
Investigations (IJCFATI) is the first open access, peer-reviewed,
scholarly journal, that is dedicated entirely to the study of tools,
techniques, procedures, and methodologies of Red, Yellow, and Blue
teamers.

IJCFATI is a gold-open access journal, which means it does not charge
fees neither to authors nor to...

Backdoor.Win32.Agent.mzn / Remote SEH Buffer Overflow

19 March, 2021 - 11:42

Posted by malvuln on Mar 19

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/f589ae5fb7879eb0b98fb8096d7152a5.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Agent.mzn
Vulnerability: Remote SEH Buffer Overflow
Description: Agent.mzn drops an executable named "aspimgr.exe" that runs
with SYSTEM integrity, listening on TCP port 80 and UDP 53. Attackers who
can reach the infected...

Trojan-Dropper.Win32.Delf.p / Remote Buffer Overflow

19 March, 2021 - 11:42

Posted by malvuln on Mar 19

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/b02cc578d2e7f24fb67ec0afc42a9e13_B.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan-Dropper.Win32.Delf.p
Vulnerability: Remote Buffer Overflow
Description: Delf.p accepts connections on various TCP/UDP ports. Attackers
who can reach TCP port 3080 can send a specially crafted packet to trigger
a buffer overflow corrupting...

Trojan-Dropper.Win32.Delf.p / Missing Authentication

19 March, 2021 - 11:42

Posted by malvuln on Mar 19

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/b02cc578d2e7f24fb67ec0afc42a9e13.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan-Dropper.Win32.Delf.p
Vulnerability: Missing Authentication
Description: Delf.p drops an executable named "mmtask.exe" under system32
dir, it listens on TCP ports 3080,1180,1181,1182,1183 and UDP ports 53,
52304. The malware...

MS Made Simple - File upload bypass with .phar extension lead to RCE

19 March, 2021 - 11:42

Posted by riccardo krauter on Mar 19

1) Summary

Affected software CMS Made Simple-2.2.15
Vendor URLhttp://www.cmsmadesimple.org/ <http://www.cmsmadesimple.org/>
Vulnerability File upload bypass with .phar extension lead to RCE

2) Vulnerability Description

The vulnerability affect the `FilePicker` module,
it is possible to bypass the restriction and upload a malicious file with `.phar` extension to gain Remote Code
Execution.
This vulnerability is remotely...

CMS Made Simple SQL injection on m1_sortby parameter

19 March, 2021 - 11:42

Posted by riccardo krauter on Mar 19

1) Summary

Affected software CMS Made Simple-2.2.15
Vendor URLhttp://www.cmsmadesimple.org/ <http://www.cmsmadesimple.org/>
Vulnerability SQL injection

2) Vulnerability Description

The affected software is vulnerable to SQL injection via the m1_sortby POST parameter of the News module, reachable via
the moduleinterface.php page.
The `sortby` parameter is sanitized by replacing the `'` with the `_` character, anyway it is...

[SYSS-2020-044]: Zoom - Exposure of Resource to Wrong Sphere (CWE-668) (CVE-2021-28133)

19 March, 2021 - 11:41

Posted by Matthias Deeg on Mar 19

Advisory ID: SYSS-2020-044
Product: Zoom
Manufacturer: Zoom Video Communications, Inc.
Affected Version(s): 5.4.3 (54779.1115)
5.5.4 (13142.0301)
Tested Version(s): 5.4.3 (54779.1115)
5.5.4 (13142.0301)
Vulnerability Type: Exposure of Resource to Wrong Sphere (CWE-668)
Risk Level: Medium
Solution Status: Open
Manufacturer Notification: 2020-12-02
Solution Date: -
Public Disclosure: 2021-03-18
CVE Reference:...

ES2021-04: VoIPmonitor static builds are compiled without any standard memory corruption protection

16 March, 2021 - 08:10

Posted by Sandro Gauci on Mar 16

# VoIPmonitor static builds are compiled without any standard memory corruption protection

- Fixed versions: N/A
- Enable Security Advisory:
https://github.com/EnableSecurity/advisories/tree/master/ES2021-04-voipmonitor-staticbuild-memory-corruption-protection
- VoIPmonitor Security Advisory: none
- Tested vulnerable versions: 27.5
- Timeline:
- Report date: 2021-02-10 & 2021-02-13
- Enable Security advisory: 2021-03-15

##...

ES2021-03: VoIPmonitor is vulnerable to a buffer overflow when using the live sniffer

16 March, 2021 - 08:10

Posted by Sandro Gauci on Mar 16

# VoIPmonitor is vulnerable to a buffer overflow when using the live sniffer

- Fixed versions: 27.6
- Enable Security Advisory:
https://github.com/EnableSecurity/advisories/tree/master/ES2021-03-voipmonitor-livesniffer-buffer-overflow
- VoIPmonitor Security Advisory: none, changelog references fixes at https://www.voipmonitor.org/changelog-sniffer
- Tested vulnerable versions: 27.5
- Timeline:
- Report date: 2021-02-10
- Triaged:...

ES2021-02: VoIPmonitor WEB GUI vulnerable to Cross-Site Scripting via SIP messages

16 March, 2021 - 08:10

Posted by Sandro Gauci on Mar 16

# VoIPmonitor WEB GUI vulnerable to Cross-Site Scripting via SIP messages

- Fixed versions: VoIPmonitor WEB GUI 24.56
- Enable Security Advisory: https://github.com/EnableSecurity/advisories/tree/master/ES2021-02-voipmonitor-gui-xss
- VoIPmonitor Security Advisory: none, changelog references fixes at https://www.voipmonitor.org/changelog-gui?major=5
- Tested vulnerable versions: 24.53, 24.54, 24.55
- Timeline:
- Report date: 2021-02-10...

Trojan-Banker.Win32.Delf.ac / Insecure Permissions

16 March, 2021 - 08:09

Posted by malvuln on Mar 16

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/81301fecc7d9ff6b28ac779d2f819673.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan-Banker.Win32.Delf.ac
Vulnerability: Insecure Permissions
Description: Banker Win32.Delf.ac creates an insecure dir named
"BancoBrasil" under c:\ drive, granting change (C) permissions to the
authenticated user group. Standard...

Trojan.Win32.Siscos.bqe / Insecure Permissions

16 March, 2021 - 08:09

Posted by malvuln on Mar 16

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/a41431099989b44359273216072f8295.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan.Win32.Siscos.bqe
Vulnerability: Insecure Permissions
Description: creates an insecure dir named "Windupdt" under c:\ drive and
grants change (C) permissions to the authenticated user group. Standard
users can rename...

Trojan.Win32.Scar.dxir / Insecure Permissions

16 March, 2021 - 08:09

Posted by malvuln on Mar 16

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/68ed9d6e4f3e917ab4b91689e2890754.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan.Win32.Scar.dxir
Vulnerability: Insecure Permissions
Description: Scar.dxir creates an insecure dir named "P2" under c:\ drive
and grants change (C) permissions to the authenticated user group. Standard
users can rename the hidden...