SOLDIERX.COM Nobody Can Stop Information Insemination

Posted by malvuln on Mar 24

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/8df7527bd3446b89298c9c750394e0b6.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Worm.Win32.Detnat.c
Vulnerability: Insecure Permissions
Description: Detnat.c creates a dir named "Recycled" under c:\ drive and
grants change (C) permissions to the authenticated user group. Standard
users can rename the...

Posted by malvuln on Mar 24

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/423a5a63bed721e479c156b309bb58fd.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Virus.Win32.Sality.gen
Vulnerability: Insecure Permissions
Description: Sality.gen creates a dir named "z_Drivers" under c:\ drive and
grants change (C) permissions to the authenticated user group. Standard
users can rename the...

Posted by malvuln on Mar 23

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/db01783710e0c5aff92156a0e76deade.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan-Dropper.Win32.Demp.rft
Vulnerability: Insecure Permissions
Description: The specimen creates a dir named "tmp" under c:\ drive and
grants change (C) permissions to the authenticated user group. Standard
users can rename the...

Posted by malvuln on Mar 23

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/a2f1adfd7a35fd0e0207a24be169b4c1.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan-Dropper.Win32.Delf.da
Vulnerability: Remote Stack Buffer Overflow (UDP Datagram)
Description: Delf.da malware listens on UDP port 37031. Adversaries who can
reach the infected system can send a payload of just 999 bytes and trigger
a...

Posted by malvuln on Mar 23

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/c60f00700bd73ca369195bd32a3f16a3.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: HEUR.Trojan.Win32.Generic
Vulnerability: Insecure Permissions
Description: The specimen creates a dir named "RECYCLER" under c:\ drive
and grants change (C) permissions to the authenticated user group. Within
the RECYCLER dir exists an...

Posted by malvuln on Mar 23

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/06cbbff745c60c46e0996928c00ef28f.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan-Dropper.Win32.Dycler.vrp
Vulnerability: Insecure Permissions
Description: Dycler.vrp creates an insecure dir named "Drivers" under c:\
drive and grants change (C) permissions to the authenticated user group.
Standard users can...

Posted by Stefan Kanthak on Mar 23

Hi @ll,

more than 2 years ago I disclosed 2 vulnerabilities leading to
local escalation of privilege in the
Intel® Rapid Storage Technology (Intel® RST) User Interface and Driver:
see <https://seclists.org/fulldisclosure/2018/Nov/45>
and <https://seclists.org/fulldisclosure/2018/Nov/52>

Intel fixed this vulnerability only in their executable installer.

Some time later Intel rewrote or rebuilt this installer (see
<...

Posted by Andrew Zayine on Mar 23

Dear Cybersecurity Researchers,
Red || Yellow || Blue Teamers,

International Journal of Cyber Forensics and Advanced Threat
Investigations (IJCFATI) is the first open access, peer-reviewed,
scholarly journal, that is dedicated entirely to the study of tools,
techniques, procedures, and methodologies of Red, Yellow, and Blue
teamers.

IJCFATI is a gold-open access journal, which means it does not charge
fees neither to authors nor to...

Posted by malvuln on Mar 19

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/f589ae5fb7879eb0b98fb8096d7152a5.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Agent.mzn
Vulnerability: Remote SEH Buffer Overflow
Description: Agent.mzn drops an executable named "aspimgr.exe" that runs
with SYSTEM integrity, listening on TCP port 80 and UDP 53. Attackers who
can reach the infected...

Posted by malvuln on Mar 19

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/b02cc578d2e7f24fb67ec0afc42a9e13_B.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan-Dropper.Win32.Delf.p
Vulnerability: Remote Buffer Overflow
Description: Delf.p accepts connections on various TCP/UDP ports. Attackers
who can reach TCP port 3080 can send a specially crafted packet to trigger
a buffer overflow corrupting...

Posted by malvuln on Mar 19

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/b02cc578d2e7f24fb67ec0afc42a9e13.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan-Dropper.Win32.Delf.p
Vulnerability: Missing Authentication
Description: Delf.p drops an executable named "mmtask.exe" under system32
dir, it listens on TCP ports 3080,1180,1181,1182,1183 and UDP ports 53,
52304. The malware...

Posted by riccardo krauter on Mar 19

1) Summary

Affected software CMS Made Simple-2.2.15
Vendor URLhttp://www.cmsmadesimple.org/ <http://www.cmsmadesimple.org/>
Vulnerability File upload bypass with .phar extension lead to RCE

2) Vulnerability Description

The vulnerability affect the `FilePicker` module,
it is possible to bypass the restriction and upload a malicious file with `.phar` extension to gain Remote Code
Execution.
This vulnerability is remotely...

Posted by riccardo krauter on Mar 19

1) Summary

Affected software CMS Made Simple-2.2.15
Vendor URLhttp://www.cmsmadesimple.org/ <http://www.cmsmadesimple.org/>
Vulnerability SQL injection

2) Vulnerability Description

The affected software is vulnerable to SQL injection via the m1_sortby POST parameter of the News module, reachable via
the moduleinterface.php page.
The `sortby` parameter is sanitized by replacing the `'` with the `_` character, anyway it is...

Posted by Matthias Deeg on Mar 19

Advisory ID: SYSS-2020-044
Product: Zoom
Manufacturer: Zoom Video Communications, Inc.
Affected Version(s): 5.4.3 (54779.1115)
5.5.4 (13142.0301)
Tested Version(s): 5.4.3 (54779.1115)
5.5.4 (13142.0301)
Vulnerability Type: Exposure of Resource to Wrong Sphere (CWE-668)
Risk Level: Medium
Solution Status: Open
Manufacturer Notification: 2020-12-02
Solution Date: -
Public Disclosure: 2021-03-18
CVE Reference:...

Posted by Sandro Gauci on Mar 16

# VoIPmonitor static builds are compiled without any standard memory corruption protection

- Fixed versions: N/A
- Enable Security Advisory:
https://github.com/EnableSecurity/advisories/tree/master/ES2021-04-voipmonitor-staticbuild-memory-corruption-protection
- VoIPmonitor Security Advisory: none
- Tested vulnerable versions: 27.5
- Timeline:
- Report date: 2021-02-10 & 2021-02-13
- Enable Security advisory: 2021-03-15

##...

Posted by Sandro Gauci on Mar 16

# VoIPmonitor is vulnerable to a buffer overflow when using the live sniffer

- Fixed versions: 27.6
- Enable Security Advisory:
https://github.com/EnableSecurity/advisories/tree/master/ES2021-03-voipmonitor-livesniffer-buffer-overflow
- VoIPmonitor Security Advisory: none, changelog references fixes at https://www.voipmonitor.org/changelog-sniffer
- Tested vulnerable versions: 27.5
- Timeline:
- Report date: 2021-02-10
- Triaged:...

Posted by Sandro Gauci on Mar 16

# VoIPmonitor WEB GUI vulnerable to Cross-Site Scripting via SIP messages

- Fixed versions: VoIPmonitor WEB GUI 24.56
- Enable Security Advisory: https://github.com/EnableSecurity/advisories/tree/master/ES2021-02-voipmonitor-gui-xss
- VoIPmonitor Security Advisory: none, changelog references fixes at https://www.voipmonitor.org/changelog-gui?major=5
- Tested vulnerable versions: 24.53, 24.54, 24.55
- Timeline:
- Report date: 2021-02-10...

Posted by malvuln on Mar 16

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/81301fecc7d9ff6b28ac779d2f819673.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan-Banker.Win32.Delf.ac
Vulnerability: Insecure Permissions
Description: Banker Win32.Delf.ac creates an insecure dir named
"BancoBrasil" under c:\ drive, granting change (C) permissions to the
authenticated user group. Standard...

Posted by malvuln on Mar 16

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/a41431099989b44359273216072f8295.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan.Win32.Siscos.bqe
Vulnerability: Insecure Permissions
Description: creates an insecure dir named "Windupdt" under c:\ drive and
grants change (C) permissions to the authenticated user group. Standard
users can rename...

Posted by malvuln on Mar 16

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/68ed9d6e4f3e917ab4b91689e2890754.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan.Win32.Scar.dxir
Vulnerability: Insecure Permissions
Description: Scar.dxir creates an insecure dir named "P2" under c:\ drive
and grants change (C) permissions to the authenticated user group. Standard
users can rename the hidden...