Full Disclosure

Syndicate content
A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.
Updated: 9 min 21 sec ago

Backdoor.Win32.Zaratustra / Unauthenticated Remote File Write (Remote Code Exec)

6 August, 2021 - 10:42

Posted by malvuln on Aug 06

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/f240c16af2189ea9c94f317281ce7e59.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Zaratustra
Vulnerability: Unauthenticated Remote File Write (Remote Code Exec)
Description: Zaratustra malware listens on TCP port 660. Third-party
attackers who can reach infected systems can use a socket program to write
binary...

Backdoor.Win32.Zdemon.126 / Unauthenticated Remote Command Execution

6 August, 2021 - 10:42

Posted by malvuln on Aug 06

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/cedc886b593f013133df39bb6b43a762.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Zdemon.126
Vulnerability: Unauthenticated Remote Command Execution
Description: Zdemon malware listens on TCP ports 31556, 6051. Third-party
attackers who can reach infected systems can execute commands made
available by the...

Backdoor.Win32.Zdemon.10 / Unauthenticated Remote Command Execution

6 August, 2021 - 10:42

Posted by malvuln on Aug 06

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/d12f38e959d70af76fd263aa1933033c.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Zdemon.10
Vulnerability: Unauthenticated Remote Command Execution
Description: Zdemon malware listens on TCP ports 31556, 6051. Third-party
attackers who can reach infected systems can execute commands made
available by the...

Trojan-Dropper.Win32.Small.fp / Unauthenticated Open Proxy

6 August, 2021 - 10:41

Posted by malvuln on Aug 06

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/07122dd3b069bbbb445e060c1249d5a2.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan-Dropper.Win32.Small.fp
Vulnerability: Unauthenticated Open Proxy
Description: The malware listens on random TCP ports like 2904, 1200 etc.
Third-party attackers who can connect to the infected system can relay
requests from the original...

Constructor.Win32.SS.11.c / Unauthenticated Open Proxy

6 August, 2021 - 10:41

Posted by malvuln on Aug 06

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/da60b92742abff72930879fa8560b3c3.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Constructor.Win32.SS.11.c
Vulnerability: Unauthenticated Open Proxy
Description: The malware listens on TCP port 9035. Third-party attackers
who can connect to the infected system can relay requests from the original
connection to the destination...

Connect-app (CDU) Version: 3.8 - Cross Site Scripting

6 August, 2021 - 10:41

Posted by merion44 via Fulldisclosure on Aug 06

app: connect-app (cdu) (version: 3.8)

cross-site scripting in the registration form name variables. Remote attackers can inject js payloads as name variables
to exploit the frontend in the profile view and potentially execute in the backend via the preview. Uncertainty in
validating object names in outbound emails, causing the context to be validated insecurely. This allows reflected
execution in the message body of the email where the name...

Re: Spammers Using storage[.]googleapis[.]com ?!!?

6 August, 2021 - 10:41

Posted by Adrien JOLIBERT on Aug 06

Quite an old trick becoming popular.
So yep, the stuff is hosted on one of the google services in private mode; redirections gives you a valid token to
access.

Backdoor.Win32.WinShell.40 / Unauthenticated Remote Command Execution

3 August, 2021 - 12:38

Posted by malvuln on Aug 03

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/c98e23742807f3cb5a095f34e0eb0e52.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.WinShell.40
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware listens on TCP port 5277, third-party attackers
who can reach the system can execute OS commands further compromising the
already infected...

Stb_truetype library heap buffer overflows (many CVEs, no CVEs yet)

3 August, 2021 - 12:38

Posted by Marcin Kozlowski on Aug 03

Hi list,

Posting here for transparency reasons. A 16k stars project, used in, I can
imagine game engines, UI, Android/iOS/embedded. Used in another 30k stars
project and 11k from even Google (also possibly not fixed). OpenCV 55k
stars seems to be also affected (new branch only). Attack vector through
malicious font. Buy me a beer if you will get bounty on it and initial
fuzzing person https://github.com/nothings/stb/issues/618

Should this have...

Spammers Using storage[.]googleapis[.]com ?!!?

3 August, 2021 - 12:34

Posted by Nick Boyce on Aug 03

I notice that among the spam in my Gmail spam folder, there are a
number of "address-check" type messages (i.e. that just seek
confirmation my address exists), which attempt to get their response
by performing a scripted redirect via a web property belonging to
Google ...... and I tend to think "Huh? ... Surely Google wouldn't let
that happen ... is this redirect something that by some chance they
don't know about...