Full Disclosure

Syndicate content
A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.
Updated: 7 min 33 sec ago

Backdoor.Win32.Zombam.l / Remote Stack Buffer Overflow

16 March, 2021 - 08:09

Posted by malvuln on Mar 16

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/56d356c5b1ae3a91caac511179159034.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Zombam.l
Vulnerability: Remote Stack Buffer Overflow
Description: Zombam.l creates files to serve as backdoors the default name
is "httpserver.exe" and listens on TCP port 80. Attackers who can reach the
backdoor can send...

Trojan-Dropper.Win32.Delf.xk / Remote Invalid Pointer Write DOS

16 March, 2021 - 08:09

Posted by malvuln on Mar 16

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/869c813722be90cf1b3708051103ce14.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan-Dropper.Win32.Delf.xk
Vulnerability: Remote Invalid Pointer Write DOS
Description: Win32.Delf.xk drops server.exe in AppData\Local\Temp dir and
listens on TCP ports 30005,30006 and 30007. Netcat to port 30005 and input
the number 9 it trys...

Trojan-Proxy.Win32.Wimain / Remote Stack Buffer Overflow

16 March, 2021 - 08:09

Posted by malvuln on Mar 16

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/8936c97e99799809812fa740076a2d7f.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan-Proxy.Win32.Wimain
Vulnerability: Remote Stack Buffer Overflow
Description: Win32.Wimain trojan listens on two random TCP ports only one
of the two ports seems vuln. Sending a specially crafted HTTP request will
trigger classic stack buffer...

4th BSides Hannover in the make, save the date and please submit your research in our CFP ( Focus Healthcare / medical devices / bionic )

16 March, 2021 - 08:08

Posted by BSides Hannover on Mar 16

Hi Folks,

We will do the 4th Security BSides Hannover on June 5th and 6th, fully virtual due to pandemia.

CFP is open and runs until middle of may.

Please follow us on twitter @2021bsides

or visit the website bsides-hannover.de

Best wishes from the BSides Hannover Team!

Re: Data Manipulation with X-Forwarded-For header at WordPress

16 March, 2021 - 08:07

Posted by jvoisin on Mar 16

I'm not sure I understand what's going on here: The "vulnerability" is
that "X-Forwarded-For" can be manipulated by the client?

This doesn't make any sense.

There is nothing on Wordpress' website (
https://wordpress.org/news/category/security/ ) about an issue like this
one, nor on the mitre's website (
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35539 ).

Can you please elaborate on...

SolarWinds TFTP Server 11.0.4.101: Remote Unauthenticated Reconfiguration

16 March, 2021 - 08:06

Posted by Harrison Neal on Mar 16

Older versions of SolarWinds' TFTP Server, which could have been installed
from a standalone download or bundled with certain paid products, may have
allowed unauthenticated remote users to change sensitive settings such as
the TFTP root directory or IP-based security settings.

In certain environments, this could lead to remote code execution, for
example by allowing attackers to modify a web application hosted on the
same server....

From Adobe AEM dispatcher filter rules bypass to successfully triggering XSS on 40+ Linkedin websites [ Youtube Video ]

16 March, 2021 - 08:05

Posted by Ateek khan on Mar 16

[+] Vulnerability Title:

"From Adobe AEM dispatcher filter rules bypass to Reflected XSS
vulnerability on 40+ Linkedin websites"

[+] Video URL:

https://www.youtube.com/watch?v=VwLSUHNhrOw

[+] Details:

This video demonstrates how I was able to find a working bypass of
currently enforced AEM dispatcher filter rules on all Linkedin AEM
instances. This bypass resulted in further escalation where I was able to
trigger an XSS...

[CSA-2021-002] DP API ineffective in Windows containers

16 March, 2021 - 08:04

Posted by Certitude - Advisories on Mar 16

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~ Certitude Security Advisory - CSA-2021-002 ~
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
PRODUCT : Windows Containers
VENDOR : Microsoft
SEVERITY : High
AFFECTED VERSION : Windows 10, Windows Server
IDENTIFIERS : CVE-2021-1645
PATCH VERSION : KB4598229,...

[KIS-2021-03] ExpressionEngine <= 6.0.2 (Translate::save) PHP Code Injection Vulnerability

15 March, 2021 - 14:13

Posted by research on Mar 15

----------------------------------------------------------------------------
ExpressionEngine <= 6.0.2 (Translate::save) PHP Code Injection
Vulnerability
----------------------------------------------------------------------------

[-] Software Link:

https://expressionengine.com/

[-] Affected Versions:

Version 6.0.2 and prior versions.
Version 5.4.1 and prior versions.

[-] Vulnerability Description:

The vulnerable code is located in the...

[AIT-SA-20210215-04] CVE-2020-24036: ForkCMS PHP Object Injection

12 March, 2021 - 08:05

Posted by sec-advisory on Mar 12

ForkCMS PHP Object Injection
=========================
| Identifier: | AIT-SA-20210215-04 |
| Target: | ForkCMS |
| Vendor: | ForkCMS |
| Version: | all versions below version 5.8.3 |
| CVE: | CVE-2020-24036 |
| Accessibility: | Remote |
| Severity: | Medium |
| Author: | Wolfgang Hotwagner (AIT Austrian Institute of Technology) |

SUMMARY
=========
[ForkCMS is an open source cms written in PHP.](https://www.fork-cms.com/)

VULNERABILITY...

[AIT-SA-20210215-03] CVE-2020-24912: QCube Cross-Site-Scripting

12 March, 2021 - 08:05

Posted by sec-advisory on Mar 12

QCube Cross-Site-Scripting
======================
| Identifier: | AIT-SA-20210215-03 |
| Target: | QCubed Framework |
| Vendor: | QCubed |
| Version: | all versions including 3.1.1 |
| CVE: | CVE-2020-24912 |
| Accessibility: | Remote |
| Severity: | High |
| Author: | Wolfgang Hotwagner (AIT Austrian Institute of Technology) |

SUMMARY
=======
QCubed is a PHP Model-View-Controller Rappid Application Development framework. (...

[AIT-SA-20210215-02] CVE-2020-24913: QCubed SQL Injection

12 March, 2021 - 08:05

Posted by sec-advisory on Mar 12

QCubed SQL Injection
==================

| Identifier: | AIT-SA-20210215-02 |
| Target: | QCubed Framework |
| Vendor: | QCubed |
| Version: | all versions including 3.1.1 |
| CVE: | CVE-2020-24913 |
| Accessibility: | Remote |
| Severity: | Critical |
| Author: | Wolfgang Hotwagner (AIT Austrian Institute of Technology) |

SUMMARY
=======
QCubed is a PHP Model-View-Controller Rappid Application Development framework. (...

[AIT-SA-20210215-01] CVE-2020-24914: QCubed PHP Object Injection

12 March, 2021 - 08:05

Posted by sec-advisory on Mar 12

QCubed PHP Object Injection
===========================

| Identifier: | AIT-SA-20210215-01 |
| Target: | QCubed Framework |
| Vendor: | QCubed |
| Version: | all versions including 3.1.1 |
| CVE: | CVE-2020-24914 |
| Accessibility: | Remote |
| Severity: | Critical |
| Author: | Wolfgang Hotwagner (AIT Austrian Institute of Technology) |

SUMMARY
=======
QCubed is a PHP Model-View-Controller Rappid Application Development framework. (...

Re: [CDPWE-0001] - RocketReach

11 March, 2021 - 13:21

Posted by Thierry Zoller on Mar 11

===================================================================
Adapting the Mechanics of Vulnerability Disclosure to an area where
Privacy Rights need to be scrutinized and where transparency becomes
paramount.
===================================================================

On the 29.05.2020 I reported a way to bypass the GDPR as the Data
Protection Authorities claimed to not have a possibility to act against
such abuse.

I am happy...

Trojan-Dropper.Win32.Hamer.10 / Remote Floating-point Exception DoS

11 March, 2021 - 13:21

Posted by malvuln on Mar 11

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/afe4e5219829a286e0b84025b073c259.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan-Dropper.Win32.Hamer.10
Vulnerability: Remote Floating-point Exception DoS
Description: Trojan Hamer.10 listens on TCP port 890, after receiving a SYN
packet it also opens up TCP port 891. Sending an arbitrary junk payload to
port 891...

Trojan-Spy.Win32.KeyLogger.qt / Insecure Permissions

11 March, 2021 - 13:21

Posted by malvuln on Mar 11

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/de613b96174056ef22b42e112d0e61a5.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan-Spy.Win32.KeyLogger.qt
Vulnerability: Insecure Permissions
Description: KeyLogger.qt creates a hidden insecure dir named "config"
under c:\ drive and grants change (C) permissions to the authenticated user
group. Standard users...

Data Manipulation with X-Forwarded-For header at WordPress

11 March, 2021 - 13:19

Posted by Alphan YAVAS on Mar 11

I. VULNERABILITY
-------------------------
Data Manipulation with X-Forwarded-For header at WordPress

II. CVE REFERENCE
-------------------------
CVE-2020-35539

III. VENDOR
-------------------------
https://wordpress.org

IV. TIMELINE
-------------------------
20/12/2020 Vulnerability discovered
21/12/2020 Vendor contacted
09/03/2021 CVE Assigned

V. CREDIT
-------------------------
Alphan Yavas

VI. DESCRIPTION
-------------------------...

[CVE-2021-28144] Authenticated Command Injection in D-Link DIR-3060 Web Interface

11 March, 2021 - 13:19

Posted by research on Mar 11

IoT Inspector Research Lab Security Advisory IOT-20210311-0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
title: Authenticated Command Injection in D-Link DIR-3060 Web
Interface
vendor/product: D-Link DIR-3060 (https://www.dlink.com/)
vulnerable version: v1.11b04 & Below
fixed version: v1.11b04 Hotfix 2
CVE number: CVE-2021-28144
impact:...

Unholy CRAP: Moziila's executable installers

9 March, 2021 - 02:47

Posted by Stefan Kanthak on Mar 08

Hi @ll,

back in 2015 and 2016, I disclosed several BLOODY beginner's errors
alias epic failures in Mozilla's PERMANENTLY vulnerable executable
installers for Windows, built by completely incompetent tinkerers:

* Defense in depth -- the Mozilla way: return and exit codes are dispensable
<https://www.securityfocus.com/archive/1/534881> alias
<https://seclists.org/bugtraq/2015/Mar/74> and
<...