Security News

Backdoor.Win32.DarkKomet.bhfh / Insecure Permissions

Full Disclosure - 19 February, 2021 - 12:31

Posted by malvuln on Feb 19

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/2e507b75c0df0fcb2f9a85f4a0c1bc04.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.DarkKomet.bhfh
Vulnerability: Insecure Permissions
Description: DarkKomet.bhfh creates a hidden insecure directory under c:\
drive granting change (C) permissions to the authenticated user group. The
backdoor also drops an EXE named...

Multiple remote memory corruptions in Telegram's handling of animated stickers

Full Disclosure - 19 February, 2021 - 12:31

Posted by polict of Shielder on Feb 19

I have recently found and reported 13 memory corruptions to Telegram
(https://telegram.org), you can find the just-published technical blog
post at
https://www.shielder.it/blog/2021/02/hunting-for-bugs-in-telegrams-animated-stickers-remote-attack-surface/
and advisories at https://www.shielder.it/advisories/

The vulnerable official clients for android, ios and macos have already
been patched on september 30 and october 2, have a look at the blog...

[CSA-2021-001] Cross-Site Request Forgery in Apache MyFaces

Full Disclosure - 19 February, 2021 - 12:31

Posted by Certitude - Advisories on Feb 19

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~ Ceritude Securiy Advisory - CSA-2021-001 ~
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
PRODUCT : Apache MyFaces
VENDOR : The Apache Software Foundation
SEVERITY : High
AFFECTED VERSION : <=2.2.13, <=2.3.7, <=2.3-next-M4, <=2.1 branches
IDENTIFIERS :...

Backdoor.Win32.Agent.aak / Remote Buffer Overflow

Full Disclosure - 18 February, 2021 - 19:25

Posted by malvuln on Feb 18

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/64f2fd4dbd9039e5bc054f475eaa582a_C.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Agent.aak
Vulnerability: Remote Buffer Overflow
Description: The HTTP backdoor server HBKDR v0.3 listens on TCP port 8080
and accepts HTTP POST requests, by sending a specially crafted HTTP HEAD
request payload we can trigger...

Backdoor.Win32.Agent.aak / Cross Site Request Forgery (CSRF) - Code Execution

Full Disclosure - 18 February, 2021 - 19:25

Posted by malvuln on Feb 18

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/64f2fd4dbd9039e5bc054f475eaa582a_B.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Agent.aak
Vulnerability: Cross Site Request Forgery (CSRF) - Code Execution
Description: Backdoor HTTP server HBKDR v0.3 executes commands on the
infected host using an HTML form with POST method. The HTML web form
component fails...

Backdoor.Win32.Agent.aak / Weak Hardcoded Credentials

Full Disclosure - 18 February, 2021 - 19:25

Posted by malvuln on Feb 18

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/64f2fd4dbd9039e5bc054f475eaa582a.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Agent.aak
Vulnerability: Weak Hardcoded Credentials
Description: The HTTP backdoor server HBKDR v0.3 listens on TCP port 8080
and accepts HTTP POST requests in order to execute commands on the infected
system. The malware hardcodes...

Rigged Race Against Firejail for Local Root: Using pipes/ptys to win races

Full Disclosure - 18 February, 2021 - 19:24

Posted by Roman Fiedler on Feb 18

Hello List,

100% reliable exploitation of file system time races (TOCTOU
vulnerabilities) may be hard as the timing depends on numerous
target system parameters (CPU cores, load, memory pressure, file
system type, ...). Instead of optimizing the exploit to win the
real race, the timing of Firejail stderr and stdout output was
analyzed. With the correct parameters known the Firejail process
can be frozen exactly in the right moment when...

AST-2021-005: Remote Crash Vulnerability in PJSIP channel driver

Full Disclosure - 18 February, 2021 - 12:38

Posted by Asterisk Security Team on Feb 18

Asterisk Project Security Advisory - AST-2021-005

Product Asterisk
Summary Remote Crash Vulnerability in PJSIP channel driver
Nature of Advisory Denial of Service
Susceptibility Remote Unauthenticated Sessions
Severity Moderate...

AST-2021-004: An unsuspecting user could crash Asterisk with multiple hold/unhold requests

Full Disclosure - 18 February, 2021 - 12:38

Posted by Asterisk Security Team on Feb 18

Asterisk Project Security Advisory - AST-2021-004

Product Asterisk
Summary An unsuspecting user could crash Asterisk with
multiple hold/unhold requests
Nature of Advisory Denial of Service
Susceptibility Remote authenticated sessions...

AST-2021-003: Remote attacker could prematurely tear down SRTP calls

Full Disclosure - 18 February, 2021 - 12:38

Posted by Asterisk Security Team on Feb 18

Asterisk Project Security Advisory - AST-2021-003

Product Asterisk
Summary Remote attacker could prematurely tear down SRTP
calls
Nature of Advisory Denial of Service
Susceptibility Remote unauthenticated sessions...

AST-2021-002: Remote crash possible when negotiating T.38

Full Disclosure - 18 February, 2021 - 12:38

Posted by Asterisk Security Team on Feb 18

Asterisk Project Security Advisory - AST-2021-002

Product Asterisk
Summary Remote crash possible when negotiating T.38
Nature of Advisory Denial of service
Susceptibility Remote authenticated sessions
Severity Minor...

AST-2021-001: Remote crash in res_pjsip_diversion

Full Disclosure - 18 February, 2021 - 12:37

Posted by Asterisk Security Team on Feb 18

Asterisk Project Security Advisory - AST-2021-001

Product Asterisk
Summary Remote crash in res_pjsip_diversion
Nature of Advisory Denial of service
Susceptibility Remote authenticated sessions
Severity Moderate...

SEC Consult SA-20210217-0 :: Multiple Vulnerabilities in Multiple Vulnerabilities

Full Disclosure - 17 February, 2021 - 05:26

Posted by SEC Consult Vulnerability Lab on Feb 17

SEC Consult Vulnerability Lab Security Advisory < 20210217-0 >
=======================================================================
title: Multiple Vulnerabilities
product: IrfanView - WPG.dll plugin
vulnerable version: IrfanView 4.57/WPG.dll version 2.0.0.0
fixed version: WPG.dll version 3.1.0.0
CVE number: CVE-2021-27224
impact: Medium
homepage: https://www.irfanview.com...

Backdoor.Win32.Burbul.b / Anonymous Logon

Full Disclosure - 16 February, 2021 - 19:13

Posted by malvuln on Feb 16

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/3ee4cb2e06eb1f7fe54c89db903f3e7a.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Burbul.b
Vulnerability: Anonymous Logon
Description: Backdoor Burbul.b listens on TCP port 2121 allowing
anonymous logon credentials to access the infected host E.g. USER
anonymous PASS anonymous.
Type: PE32
MD5:...

Backdoor.Win32.Indexer.a / Remote Denial Of Service

Full Disclosure - 16 February, 2021 - 19:13

Posted by malvuln on Feb 16

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/2b576e7551afe1c7575dc680396f1b5b_B.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Indexer.a
Vulnerability: Remote Denial Of Service
Description: Indexer.a runs an FTP server that listens on TCP port
47885, sending an unexpected payload of junk chars causes an exception
resulting in a crash an denial of service....

Backdoor.Win32.Indexer.a / Hardcoded Weak Credentials

Full Disclosure - 16 February, 2021 - 19:13

Posted by malvuln on Feb 16

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/2b576e7551afe1c7575dc680396f1b5b.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Indexer.a
Vulnerability: Hardcoded Weak Credentials
Description: Indexer.a backdoor runs an FTP server that listens on TCP
port 47885 and uses several weak hardcoded credentials "Ronald
Reagen", "Boris Becker",...

Backdoor.Win32.Bifrose.ahvb / Insecure Permissions

Full Disclosure - 16 February, 2021 - 19:13

Posted by malvuln on Feb 16

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/39e22b8b19f6aed59d2def00c4228d56.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Bifrose.ahvb
Vulnerability: Insecure Permissions
Description: The backdoor creates an insecure dir named "Temp" under
c:\ drive, granting change (C) permissions to the authenticated user
group.
Type: PE32
MD5:...

Backdoor.Win32.Azbreg.aant / Insecure Permissions

Full Disclosure - 16 February, 2021 - 19:13

Posted by malvuln on Feb 16

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/dcc1855744f2d740745f096e4f031143.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Azbreg.aant
Vulnerability: Insecure Permissions
Description: Azbreg.aant backdoor creates an insecure dir named
"RECYCLER" under c:\ drive, granting change (C) permissions to the
authenticated user group.
Type: PE32
MD5:...

Backdoor.Win32.Cabrotor.21 / Insecure Permissions

Full Disclosure - 16 February, 2021 - 19:12

Posted by malvuln on Feb 16

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/af7001c2d6284a1295638576bc138cb2.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Cabrotor.21
Vulnerability: Insecure Permissions
Description: Cabrotor.21 backdoor creates a dir named "ROBADO" under
c:\ drive granting change (C) permissions to the authenticated user
group.
Type: PE32
MD5:...

Trojan-Spy.Win32.WinSpy.wlt / Insecure Permissions

Full Disclosure - 16 February, 2021 - 19:12

Posted by malvuln on Feb 16

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/00e1c4a654756dd6c9c81437c01ee3dd.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan-Spy.Win32.WinSpy.wlt
Vulnerability: Insecure Permissions
Description: WinSpy.wlt trojan drops an four executables, one of them
"dlink.exe" listens on TCP port 443. It also creates a dir named "MsPaint"
under Program...
Syndicate content