Full Disclosure
A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.
Updated: 1 min 25 sec ago
Trojan.Win32.Pluder.o / Insecure Permissions
Posted by malvuln on Feb 23
Discovery / credits: Malvuln - malvuln.com (c) 2021Original source:
https://malvuln.com/advisory/ee22eea131c0e00162e4ba370f396a00.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: Trojan.Win32.Pluder.o
Vulnerability: Insecure Permissions
Description: Creates an insecure dir named "z_Drivers" under c:\ drive,
granting change (C) permissions to authenticated user group. Pluder.o also
creates several registry key...
Trojan.Win32.Pincav.cmfl / Insecure Permissions
Posted by malvuln on Feb 23
Discovery / credits: Malvuln - malvuln.com (c) 2021Original source:
https://malvuln.com/advisory/9d296ebd6b4f79457fcc61e38dcce61e.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: Trojan.Win32.Pincav.cmfl
Vulnerability: Insecure Permissions
Description: The trojan creates an insecure dir named "Windupdt" under c:\
drive, granting change (C) permissions to authenticated users group.
Standard users can rename the...
Trojan-Proxy.Win32.Daemonize.i / Remote Denial of Service
Posted by malvuln on Feb 23
Discovery / credits: Malvuln - malvuln.com (c) 2021Original source:
https://malvuln.com/advisory/61bec9f22a5955e076e0d5ddf6232f3f.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: Trojan-Proxy.Win32.Daemonize.i
Vulnerability: Remote Denial of Service
Description: Daemonize.i listens on TCP port 5823, sending some junk
packets to the trojan results in invalid pointer read leading to an access
violation and crash.
Type: PE32...
Backdoor.Win32.Ketch.h / Remote Stack Buffer Overflow (SEH)
Posted by malvuln on Feb 23
Discovery / credits: Malvuln - malvuln.com (c) 2021Original source:
https://malvuln.com/advisory/63c55ad21e0771c7f9ca71ec3bfcea0f.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: Backdoor.Win32.Ketch.h
Vulnerability: Remote Stack Buffer Overflow (SEH)
Description: Ketch makes HTTP request to port 80 for a file named
script.dat, after process the server response of 1,612 bytes or more it
triggers an SEH buffer overflow.
Our...
Backdoor.Win32.Inject.tyq / Insecure Permissions
Posted by malvuln on Feb 23
Discovery / credits: Malvuln - malvuln.com (c) 2021Original source:
https://malvuln.com/advisory/833868d3092bea833839a6b8ec196046.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: Backdoor.Win32.Inject.tyq
Vulnerability: Insecure Permissions
Description: The backdoor creates an dir named "hotfix" under c:\ drive
granting change (C) permissions to the authenticated user group.
Type: PE32
MD5:...
IBM(R) Db2(R) Windows client DLL Hijacking Vulnerability(0day)
Posted by houjingyi on Feb 23
A few months ago I disclosed Cisco Webex Teams Client for Windows DLLHijacking Vulnerability I found :
https://seclists.org/fulldisclosure/2020/Oct/16
In that post I mentioned "I will add more details 90 days after my report
or a security bulletin available". Here it comes.
NOTICE : This vulnerability seems did not get full patched!
After install IBM Db2 decompile C:\Program
Files\IBM\SQLLIB\BIN\db2swtchg.exe and we can find...
CIRA Canadian Shield iOS Application - MITM SSL Certificate Vulnerability (CVE-2021-27189)
Posted by David Coomber on Feb 23
CIRA Canadian Shield iOS Application - MITM SSL CertificateVulnerability (CVE-2021-27189)
[KIS-2021-02] docsify <= 4.11.6 DOM-based Cross-Site Scripting Vulnerability
Posted by research on Feb 19
--------------------------------------------------------------docsify <= 4.11.6 DOM-based Cross-Site Scripting Vulnerability
--------------------------------------------------------------
[-] Software Link:
https://docsify.js.org/
[-] Affected Versions:
Version 4.11.6 and prior versions.
[-] Vulnerability Description:
The vulnerability exists due to an incomplete fix for CVE-2020-7680.
When parsing HTML from remote URLs, the HTML code...
Backdoor.Win32.Bionet.10 / Anonymous Logon
Posted by malvuln on Feb 19
Discovery / credits: Malvuln - malvuln.com (c) 2021Original source:
https://malvuln.com/advisory/be559307f5cd055f123a637b1135c8d3.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: Backdoor.Win32.Bionet.10
Vulnerability: Anonymous Logon
Description: The backdoor listens on TCP port 12348 and allows anonymous
logon credentials to be used to access an infected host.
Type: PE32
MD5: be559307f5cd055f123a637b1135c8d3
Vuln ID:...
Backdoor.Win32.DarkKomet.apcc / Insecure Permissions
Posted by malvuln on Feb 19
Discovery / credits: Malvuln - malvuln.com (c) 2021Original source:
https://malvuln.com/advisory/8c82de32ab2b407451b9fc054c09f717.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: Backdoor.Win32.DarkKomet.apcc
Vulnerability: Insecure Permissions
Description: DarkKomet.apcc creates an insecure directory under c:\ drive
granting change (C) permissions to the authenticated user group and drops
an EXE named...
Backdoor.Win32.DarkKomet.bhfh / Insecure Permissions
Posted by malvuln on Feb 19
Discovery / credits: Malvuln - malvuln.com (c) 2021Original source:
https://malvuln.com/advisory/2e507b75c0df0fcb2f9a85f4a0c1bc04.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: Backdoor.Win32.DarkKomet.bhfh
Vulnerability: Insecure Permissions
Description: DarkKomet.bhfh creates a hidden insecure directory under c:\
drive granting change (C) permissions to the authenticated user group. The
backdoor also drops an EXE named...
Multiple remote memory corruptions in Telegram's handling of animated stickers
Posted by polict of Shielder on Feb 19
I have recently found and reported 13 memory corruptions to Telegram(https://telegram.org), you can find the just-published technical blog
post at
https://www.shielder.it/blog/2021/02/hunting-for-bugs-in-telegrams-animated-stickers-remote-attack-surface/
and advisories at https://www.shielder.it/advisories/
The vulnerable official clients for android, ios and macos have already
been patched on september 30 and october 2, have a look at the blog...
[CSA-2021-001] Cross-Site Request Forgery in Apache MyFaces
Posted by Certitude - Advisories on Feb 19
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Ceritude Securiy Advisory - CSA-2021-001 ~
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
PRODUCT : Apache MyFaces
VENDOR : The Apache Software Foundation
SEVERITY : High
AFFECTED VERSION : <=2.2.13, <=2.3.7, <=2.3-next-M4, <=2.1 branches
IDENTIFIERS :...
Backdoor.Win32.Agent.aak / Remote Buffer Overflow
Posted by malvuln on Feb 18
Discovery / credits: Malvuln - malvuln.com (c) 2021Original source:
https://malvuln.com/advisory/64f2fd4dbd9039e5bc054f475eaa582a_C.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: Backdoor.Win32.Agent.aak
Vulnerability: Remote Buffer Overflow
Description: The HTTP backdoor server HBKDR v0.3 listens on TCP port 8080
and accepts HTTP POST requests, by sending a specially crafted HTTP HEAD
request payload we can trigger...
Backdoor.Win32.Agent.aak / Cross Site Request Forgery (CSRF) - Code Execution
Posted by malvuln on Feb 18
Discovery / credits: Malvuln - malvuln.com (c) 2021Original source:
https://malvuln.com/advisory/64f2fd4dbd9039e5bc054f475eaa582a_B.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: Backdoor.Win32.Agent.aak
Vulnerability: Cross Site Request Forgery (CSRF) - Code Execution
Description: Backdoor HTTP server HBKDR v0.3 executes commands on the
infected host using an HTML form with POST method. The HTML web form
component fails...
Backdoor.Win32.Agent.aak / Weak Hardcoded Credentials
Posted by malvuln on Feb 18
Discovery / credits: Malvuln - malvuln.com (c) 2021Original source:
https://malvuln.com/advisory/64f2fd4dbd9039e5bc054f475eaa582a.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: Backdoor.Win32.Agent.aak
Vulnerability: Weak Hardcoded Credentials
Description: The HTTP backdoor server HBKDR v0.3 listens on TCP port 8080
and accepts HTTP POST requests in order to execute commands on the infected
system. The malware hardcodes...
Rigged Race Against Firejail for Local Root: Using pipes/ptys to win races
Posted by Roman Fiedler on Feb 18
Hello List,100% reliable exploitation of file system time races (TOCTOU
vulnerabilities) may be hard as the timing depends on numerous
target system parameters (CPU cores, load, memory pressure, file
system type, ...). Instead of optimizing the exploit to win the
real race, the timing of Firejail stderr and stdout output was
analyzed. With the correct parameters known the Firejail process
can be frozen exactly in the right moment when...
AST-2021-005: Remote Crash Vulnerability in PJSIP channel driver
Posted by Asterisk Security Team on Feb 18
Asterisk Project Security Advisory - AST-2021-005Product Asterisk
Summary Remote Crash Vulnerability in PJSIP channel driver
Nature of Advisory Denial of Service
Susceptibility Remote Unauthenticated Sessions
Severity Moderate...
AST-2021-004: An unsuspecting user could crash Asterisk with multiple hold/unhold requests
Posted by Asterisk Security Team on Feb 18
Asterisk Project Security Advisory - AST-2021-004Product Asterisk
Summary An unsuspecting user could crash Asterisk with
multiple hold/unhold requests
Nature of Advisory Denial of Service
Susceptibility Remote authenticated sessions...
AST-2021-003: Remote attacker could prematurely tear down SRTP calls
Posted by Asterisk Security Team on Feb 18
Asterisk Project Security Advisory - AST-2021-003Product Asterisk
Summary Remote attacker could prematurely tear down SRTP
calls
Nature of Advisory Denial of Service
Susceptibility Remote unauthenticated sessions...