Full Disclosure

Syndicate content
A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.
Updated: 3 min 59 sec ago

Onapsis Security Advisory 2021-0009: Hard-coded Credentials in CA Introscope Enterprise Manager

14 June, 2021 - 11:32

Posted by Onapsis Research via Fulldisclosure on Jun 14

# Onapsis Security Advisory 2021-0009: Hard-coded Credentials in CA
Introscope Enterprise Manager

## Impact on Business

Unauthenticated attackers can bypass the authentication if the default
passwords for
Admin and Guest have not been changed by the administrator. This may impact the
confidentiality of the service.

## Advisory Information

- Public Release Date: 06/14/2021
- Security Advisory ID: ONAPSIS-2021-0009
- Researcher: Yvan Genuer

##...

Onapsis Security Advisory 2021-0008: OS Command Injection in CA Introscope Enterprise Manager

14 June, 2021 - 11:32

Posted by Onapsis Research via Fulldisclosure on Jun 14

# Onapsis Security Advisory 2021-0008: OS Command Injection in CA
Introscope Enterprise Manager

## Impact on Business

The vulnerability can allow an attacker to inject OS commands and thus
gain complete
control of the host running the CA Introscope Enterprise Manager. That
exploit can
be started remotely and does not require authentication or any privileges.

## Advisory Information

- Public Release Date: 06/14/2021
- Security Advisory ID:...

Onapsis Security Advisory 2021-0007: Exposure of Sensitive Information to an Unauthorized Actor

14 June, 2021 - 11:31

Posted by Onapsis Research via Fulldisclosure on Jun 14

# Onapsis Security Advisory 2021-0007: Exposure of Sensitive
Information to an Unauthorized Actor

## Impact on Business

An attacker can generate download-links sequentially targeting "impex"
directory
files. As a consequence, they will be able download most of these files,
potentially disclosing critical Hybris information such as credentials.

## Advisory Information

- Public Release Date: 06/14/2021
- Security Advisory ID:...

Onapsis Security Advisory 2021-0006: [CVE-2020-26811] - SAP Hybris eCommerce - SSRF in acceleratorservices module

14 June, 2021 - 11:31

Posted by Onapsis Research via Fulldisclosure on Jun 14

# Onapsis Security Advisory 2021-0006: [CVE-2020-26811] - SAP Hybris
eCommerce - SSRF in acceleratorservices module

## Impact on Business

SAP Hybris *acceleratorservices* module is vulnerable to be used to make custom
POST requests to any valid URL without authentication.

## Advisory Information

- Public Release Date: 06/14/2021
- Security Advisory ID: ONAPSIS-2021-006
- Researcher: Gaston Traberg

## Vulnerability Information

- Vendor: SAP...

Onapsis Security Advisory 2021-0005: SAP Solution Manager Open Redirect from Trace Analysis

14 June, 2021 - 11:30

Posted by Onapsis Research via Fulldisclosure on Jun 14

# Onapsis Security Advisory 2021-0005: SAP Solution Manager Open
Redirect from Trace Analysis

## Impact on Business

Under certain circumstances, an attacker might be able to steal a
cookie from the application.
It may impact the confidentiality of the service.

## Advisory Information

- Public Release Date: 06/14/2021
- Security Advisory ID: ONAPSIS-2021-0005
- Researcher: Yvan Genuer

## Vulnerability Information

- Vendor: SAP
- Affected...

Backdoor.Win32.Pazus.18 / Authentication Bypass RCE

13 June, 2021 - 02:20

Posted by malvuln on Jun 13

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/5be13eb16018ab69157f8c8e96e7d6bf.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Pazus.18
Vulnerability: Authentication Bypass RCE
Description: Pazus malware listens on TCP port 21. Third-party attackers
who can reach infected systems can logon using any username/password
combination. Intruders may then upload...

popo:: linux kernel vulns of it.

13 June, 2021 - 02:20

Posted by KJ Jung on Jun 13

I reproduce the report and i can audit it.
bond_do_ioctl funtion in the bonding net driver of linux kernel 5.4.
it has a bug of stack buffer overflow.
I will show it for you to know or understanding help to know kernel hacks.

buffer overflow in bonding drivers.
latest.

----
https://lxr.missinglinkelectronics.com/linux/drivers/net/bonding/bond_main.c#L1051
3
469static int bond_do_ioctl(struct net_device *bond_dev, struct ifreq *ifr,
int cmd)...

Backdoor.Win32.Zombam.gen / Remote Stack Buffer Overflow

11 June, 2021 - 06:15

Posted by malvuln on Jun 11

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/ff6516c881dee555b0cd253408b64404_C.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Zombam.gen
Vulnerability: Remote Stack Buffer Overflow
Description: Zombam malware listens on TCP port 80 to display an HTML Web
UI for basic remote administration capability. Third-party attackers who
can reach an infected system...

Backdoor.Win32.Zombam.gen / Unauthenticated URL Command Injection

11 June, 2021 - 06:15

Posted by malvuln on Jun 11

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/ff6516c881dee555b0cd253408b64404_B.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Zombam.gen
Vulnerability: Unauthenticated URL Command Injection
Description: Zombam malware listens on TCP port 80 and deploys a HTML Web
UI for basic remote administration capability. The RAT has option to kill
processes by...

Backdoor.Win32.Zombam.gen / Cross Site Scripting (XSS)

11 June, 2021 - 06:15

Posted by malvuln on Jun 11

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/ff6516c881dee555b0cd253408b64404.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Zombam.gen
Vulnerability: Cross Site Scripting (XSS)
Description: Zombam malware listens on TCP port 80 and deploys a HTML Web
UI for basic remote administration capability. One feature lists running
processes on the infected host...

Backdoor.Win32.XRat.d / Unauthenticated Remote Command Execution

11 June, 2021 - 06:15

Posted by malvuln on Jun 11

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/dc77b126b205b0f671e505766c607ef1.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.XRat.d
Vulnerability: Unauthenticated Remote Command Execution
Description: XRat malware runs with SYSTEM integrity and listens on TCP
port 20888. Third-party attackers who can reach the system can connect,
switch to DOS prompt mode...

Backdoor.Win32.Wuca.nz / Insecure Permissions

11 June, 2021 - 06:15

Posted by malvuln on Jun 11

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/378b225b07979e12062f86ab1fbaf2ed.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Wuca.nz
Vulnerability: Insecure Permissions
Description: The malware creates a VBS script "112.vbe" with insecure
permissions under c:\ drive and grants change (C) permissions to the
authenticated user group. Standard...

secuvera-SA-2021-01: Privilege Escalation in NetSetMan Pro 4.7.2

11 June, 2021 - 06:15

Posted by Simon Bieber on Jun 11

Affected Products
NetSetManPro 4.7.2 (other/older releases have not been tested)

References
https://www.secuvera.de/advisories/secuvera-SA-2021-01.txt (used for
updates)
CVE-2021-34546
(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34546)

Summary:
"NetSetMan is a network settings manager software for easily
switching between
your preconfigured profiles."

The save file dialogue within the action...