Full Disclosure

Syndicate content
A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.
Updated: 44 weeks 5 days ago

HackTool.Win32.Hidd.b / Remote Stack Buffer Overflow (UDP Datagram)

13 August, 2021 - 16:09

Posted by malvuln on Aug 13

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/665a408981294ca49be23096363eec2f.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: HackTool.Win32.Hidd.b
Vulnerability: Remote Stack Buffer Overflow (UDP Datagram)
Description: The malware listens on UDP ports 52810 and 65423. Third-party
attackers who can reach an infected system can send a 479 byte payload to
port 65423 and...

Backdoor.Win32.IRCBot.gen / Hardcoded Weak Password

13 August, 2021 - 16:09

Posted by malvuln on Aug 13

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/bcfc89ca07bd0ad7b9396a0815c9fc39.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.IRCBot.gen
Vulnerability: Hardcoded Weak Password
Description: The malware listens on TCP port 13013. Authentication is
required for remote user access. However, the password "sexjerx" is weak
and hardcoded in plaintext...

Trojan-Proxy.Win32.Raznew.gen / Unauthenticated Open Proxy

13 August, 2021 - 16:09

Posted by malvuln on Aug 13

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/55ce4b6c2ec10838c54dca54d96801d6.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan-Proxy.Win32.Raznew.gen
Vulnerability: Unauthenticated Open Proxy
Description: The malware listens on TCP port 8080. Third-party attackers
who can connect to the infected system can relay requests from the original
connection to the...

firebase/php-jwt Algorithm Confusion with Key IDs

13 August, 2021 - 16:09

Posted by Paragon Initiative Enterprises Security Team on Aug 13

__Background__

Once upon a time, the Auth0 team demonstrated several attacks against JWT
libraries that are still found to this day. You can read about their
research here:
https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/

Or for a more fun spin on the issue, you can just check
https://www.howmanydayssinceajwtalgnonevuln.com

The two issues that were identified there were alg=none and substituting
HMAC over an...

[SYSS-2021-042] TJWS - Reflected Cross-Site Scripting (CVE-2021-37573)

13 August, 2021 - 16:07

Posted by Maurizio Ruchay on Aug 13

Advisory ID: SYSS-2021-042
Product: Tiny Java Web Server and Servlet Container
(TJWS)
Manufacturer: D. Rogatkin
Affected Versions: <= 1.115
Tested Versions: 1.107, 1.114
Vulnerability Type: Cross-Site Scripting (CWE-79)
Risk Level: Medium
Solution Status: Fixed
Manufacturer Notification: 2021-07-21
Solution Date: 2021-07-23...

[RT-SA-2021-002] XML External Entity Expansion in MobileTogether Server

10 August, 2021 - 08:02

Posted by RedTeam Pentesting GmbH on Aug 10

Advisory: XML External Entity Expansion in MobileTogether Server

RedTeam Pentesting discovered a vulnerability in the MobileTogether
server which allows users with access to at least one app to read
arbitrary, non-binary files from the file system and perform server-side
requests. The vulnerability can also be used to deny availability of the
system. As an example, this advisory shows the compromise of the
server's certificate and private...

Re: Spammers Using storage[.]googleapis[.]com ?!!?

10 August, 2021 - 07:59

Posted by Jeffrey Walton on Aug 10

That's nothing compared to Sharepoint and sharepointonline.com. I get
10 to 20 pieces of offensive emails daily from Microsoft's cesspool.
All using those useless redirects under the guise of "sharing a
document" with me and offering me sex.

Microsoft has more garbage spewing from their web properties than
Amazon, Google, IBM, Salesforce and Rackspace combined (based on my
experience).

sharepointonline.com is the crack...

Accept Facebook friend requests without unlocking your Android [Unpatched]

10 August, 2021 - 07:56

Posted by Sivanesh Ashok on Aug 10

Author - Sivanesh Ashok | @sivaneshashok | stazot.com

Date : 2021-08-03
Vendor : https://facebook.com/
Version : *
Tested on : Version 329.0.0.29.120, Android 10
Last Modified : 2021-08-10

--[ Bug Description

Facebook for Android is vulnerable to a permission issue which allows
anyone with physical access to the Android device, to accept friend
requests without unlocking the phone. The bug works when the device's...

Backdoor.Win32.Zaratustra / Unauthenticated Remote File Write (Remote Code Exec)

6 August, 2021 - 10:42

Posted by malvuln on Aug 06

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/f240c16af2189ea9c94f317281ce7e59.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Zaratustra
Vulnerability: Unauthenticated Remote File Write (Remote Code Exec)
Description: Zaratustra malware listens on TCP port 660. Third-party
attackers who can reach infected systems can use a socket program to write
binary...

Backdoor.Win32.Zdemon.126 / Unauthenticated Remote Command Execution

6 August, 2021 - 10:42

Posted by malvuln on Aug 06

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/cedc886b593f013133df39bb6b43a762.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Zdemon.126
Vulnerability: Unauthenticated Remote Command Execution
Description: Zdemon malware listens on TCP ports 31556, 6051. Third-party
attackers who can reach infected systems can execute commands made
available by the...

Backdoor.Win32.Zdemon.10 / Unauthenticated Remote Command Execution

6 August, 2021 - 10:42

Posted by malvuln on Aug 06

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/d12f38e959d70af76fd263aa1933033c.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Zdemon.10
Vulnerability: Unauthenticated Remote Command Execution
Description: Zdemon malware listens on TCP ports 31556, 6051. Third-party
attackers who can reach infected systems can execute commands made
available by the...

Trojan-Dropper.Win32.Small.fp / Unauthenticated Open Proxy

6 August, 2021 - 10:41

Posted by malvuln on Aug 06

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/07122dd3b069bbbb445e060c1249d5a2.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan-Dropper.Win32.Small.fp
Vulnerability: Unauthenticated Open Proxy
Description: The malware listens on random TCP ports like 2904, 1200 etc.
Third-party attackers who can connect to the infected system can relay
requests from the original...

Constructor.Win32.SS.11.c / Unauthenticated Open Proxy

6 August, 2021 - 10:41

Posted by malvuln on Aug 06

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/da60b92742abff72930879fa8560b3c3.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Constructor.Win32.SS.11.c
Vulnerability: Unauthenticated Open Proxy
Description: The malware listens on TCP port 9035. Third-party attackers
who can connect to the infected system can relay requests from the original
connection to the destination...

Connect-app (CDU) Version: 3.8 - Cross Site Scripting

6 August, 2021 - 10:41

Posted by merion44 via Fulldisclosure on Aug 06

app: connect-app (cdu) (version: 3.8)

cross-site scripting in the registration form name variables. Remote attackers can inject js payloads as name variables
to exploit the frontend in the profile view and potentially execute in the backend via the preview. Uncertainty in
validating object names in outbound emails, causing the context to be validated insecurely. This allows reflected
execution in the message body of the email where the name...

Re: Spammers Using storage[.]googleapis[.]com ?!!?

6 August, 2021 - 10:41

Posted by Adrien JOLIBERT on Aug 06

Quite an old trick becoming popular.
So yep, the stuff is hosted on one of the google services in private mode; redirections gives you a valid token to
access.

Backdoor.Win32.WinShell.40 / Unauthenticated Remote Command Execution

3 August, 2021 - 12:38

Posted by malvuln on Aug 03

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/c98e23742807f3cb5a095f34e0eb0e52.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.WinShell.40
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware listens on TCP port 5277, third-party attackers
who can reach the system can execute OS commands further compromising the
already infected...

Stb_truetype library heap buffer overflows (many CVEs, no CVEs yet)

3 August, 2021 - 12:38

Posted by Marcin Kozlowski on Aug 03

Hi list,

Posting here for transparency reasons. A 16k stars project, used in, I can
imagine game engines, UI, Android/iOS/embedded. Used in another 30k stars
project and 11k from even Google (also possibly not fixed). OpenCV 55k
stars seems to be also affected (new branch only). Attack vector through
malicious font. Buy me a beer if you will get bounty on it and initial
fuzzing person https://github.com/nothings/stb/issues/618

Should this have...

Spammers Using storage[.]googleapis[.]com ?!!?

3 August, 2021 - 12:34

Posted by Nick Boyce on Aug 03

I notice that among the spam in my Gmail spam folder, there are a
number of "address-check" type messages (i.e. that just seek
confirmation my address exists), which attempt to get their response
by performing a scripted redirect via a web property belonging to
Google ...... and I tend to think "Huh? ... Surely Google wouldn't let
that happen ... is this redirect something that by some chance they
don't know about...