Security News
rencode 3-byte packet DoS
Posted by Antoine Martin on Sep 07
1) About RencodeRencode is a "Python module for fast (basic) object serialization
similar to bencode".
https://github.com/aresch/rencode
This library is used as a faster and more efficient data encoder than
bencode.
There are implementations in other languages: Golang, Javascript, Java,
Ruby, dart, etc
Some of these ports carry the same bug, the Go port does.
(as an aside - not all of these derived works have preserved the
original...
Dahua CVE-2021-33044, CVE-2021-33045
Posted by bashis on Sep 07
Greetings,Two independent authentication bypass has been found in Dahua (and their OEMs) devices.
Due to the very high potential of another "Dahua mass hack", I will keep Full Disclosure details until October 6, 2021.
Highly recommend upgrading the firmware until then.
Dahua advisory: https://www.dahuasecurity.com/support/cybersecurity/details/957
Have a nice day,
https://github.com/mcw0/PoC
/bashis
Backdoor.Win32.Small.vjt / Unauthenticated Remote Command Execution
Posted by malvuln on Sep 07
Discovery / credits: Malvuln - malvuln.com (c) 2021Original source:
https://malvuln.com/advisory/92ea873a2bbdaf0799d572bc4f30dc79.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: Backdoor.Win32.Small.vjt
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware listens on TCP port 31337. Third-party attackers
who can reach the system can execute OS commands or programs further
compromising the...
Backdoor.Win32.Small.gs / Unauthenticated Remote Command Execution
Posted by malvuln on Sep 07
Discovery / credits: Malvuln - malvuln.com (c) 2021Original source:
https://malvuln.com/advisory/551674fec6add7117c4be7f6b357e7cb.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: Backdoor.Win32.Small.gs
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware listens on TCP port 1080. Third-party attackers
who can reach infected systems can execute OS commands and or run arbitrary
programs.
Type:...
Backdoor.Win32.Nyara.aq / Insecure Permissions
Posted by malvuln on Sep 07
Discovery / credits: Malvuln - malvuln.com (c) 2021Original source:
https://malvuln.com/advisory/dec17541412bbc744b9f458862349e34.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: Backdoor.Win32.Nyara.aq
Vulnerability: Insecure Permissions
Description: The malware creates a dir with insecure permissions under c:\
drive and grants change (C) permissions to the authenticated user group.
Standard users can rename the...
Re: a xss vulnerability in Jforum 2.7.0
Posted by Henri Salo on Sep 07
CVE-2021-40509 has been assigned for this vulnerability.https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40509
Re: Mirror on the Fly Attack
Posted by bo0od on Sep 07
yeah but nothing new with this, you are making it over no TLS connection.if you make similar to this attack over hardened TLS (hardened mean
support hsts,hsts-preload,ocsp..supported) or Tor hidden services
(called onion services as well) or I2P eepsites .. yeah that would be
something new and interesting.
anyway thanks for sharing :) .
Gökhan Muharremoglu:
CVE-2021-3145: Biometric Authentication Bypass in Ionic Identity Vault
Posted by Advisories on Sep 07
##############################################################
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/research/advisories/
#
#############################################################
#
# Product: Identity Vault
# Vendor: Ionic
# CSNC ID: CSNC-2021-001
# CVE ID: CVE-2021-3145
# Subject: Biometric Authentication Bypass on Android
# Severity: Medium
# Effect: Authentication Bypass
# Author: Emanuel Duss...
a xss vulnerability in Jforum 2.7.0
Posted by kun song on Sep 03
hi,I found a vulnerability in the jforum 2.7.0. It is a storage cross site
script vulnerability. The place is the user's profile - signature. The
technique of the vulnerability is the same as that described in this
article "STORED CROSS SITE SCRIPTING IN BBCODE" (
https://mindedsecurity.com/advisories/msa130510/), and the POC is:
color tag:
[color=red" onMouseOver="alert('xss')]XSS[/color]...
Backdoor.Win32.MoonPie.40 / Unauthenticated Remote Command Execution
Posted by malvuln on Sep 03
Discovery / credits: Malvuln - malvuln.com (c) 2021Original source:
https://malvuln.com/advisory/Backdoor.Win32.MoonPie.40.9dbb6d56bc9a7813305883acd0f9a355_C.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: Backdoor.Win32.MoonPie.40
Vulnerability: Unauthenticated Remote Command Execution
Description: listens on TCP port 25685. Third-party attackers who can reach
infected systems can execute OS commands and or run arbitrary...
Backdoor.Win32.MoonPie.40 / Port Bounce Scan
Posted by malvuln on Sep 03
Discovery / credits: Malvuln - malvuln.com (c) 2021Original source:
https://malvuln.com/advisory/9dbb6d56bc9a7813305883acd0f9a355_B.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: Backdoor.Win32.MoonPie.40
Vulnerability: Port Bounce Scan
Description: The malware listens on TCP port 25686, its FTP component
accepts any username/password credentials. Third-party attackers who
successfully logon can abuse the backdoor FTP...
Backdoor.Win32.MoonPie.40 / Authentication Bypass RCE
Posted by malvuln on Sep 03
Discovery / credits: Malvuln - malvuln.com (c) 2021Original source:
https://malvuln.com/advisory/9dbb6d56bc9a7813305883acd0f9a355.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: Backdoor.Win32.MoonPie.40
Vulnerability: Authentication Bypass RCE
Description: The malware runs an FTP server on TCP port 25686. Third-party
attackers who can reach infected systems can logon using any
username/password combination. Intruders may...
Artica Proxy VMWare Appliance 4.30.000000 <=[SP273]
Posted by Heiko Feldhusen via Fulldisclosure on Sep 03
Advisory ID: RCS20210707-0Product: Artica Proxy VMWare Appliance
Vendor/Manufacturer: ArticaTech (https://www.articatech.com)
Affected Version(s): 4.30.000000 <=[SP273]
Tested Version(s): 4.30.000000 [SP273]
Vulnerability Type: Relative path traversal [CWE-23], Improper...
Mirror on the Fly Attack
Posted by Gökhan Muharremoglu on Sep 03
Dear all,I’d like to share an attack concept study with you.
With the help of new technologies in the application engineering (especially in the web application area) now it is
possible to create man in the middle attacks that can bypass too many security countermeasures (2FA, OTP, CAPTCHA, SSL,
Security Picture, Browser Remembering, etc.) by utilizing an approach we called mirroring on the fly...
At the mirroring on the fly approach, man...
Windows Defender Application Guard DoS via Long Hostname
Posted by Jonathan Gregson via Fulldisclosure on Sep 03
Windows Defender Application Guard (also known as "WDAG", Microsoft Defender Application Guard, and "MDAG") can beclosed by any script or website loaded in WDAG by redirecting the browser to a URL with a long hostname (e.g, 10,000
characters long). This can cause a denial-of-service condition.
Impact: 4.3
CVSS 3.1: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:H/RL:U/RC:C
## Details
Application Guard will immediately close if...
KL-001-2021-010:CyberArk Credential Provider Local Cache Can Be Decrypted
Posted by KoreLogic Disclosures via Fulldisclosure on Sep 01
KL-001-2021-010:CyberArk Credential Provider Local Cache Can Be DecryptedTitle: CyberArk Credential Provider Local Cache Can Be Decrypted
Advisory ID: KL-001-2021-010
Publication Date: 2021.09.01
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2021-010.txt
1. Vulnerability Details
Affected Vendor: CyberArk
Affected Product: Application Access Manager/Credential Provider
Affected Version: Prior to...
KL-001-2021-009: CyberArk Credential Provider Race Condition And Authorization Bypass
Posted by KoreLogic Disclosures via Fulldisclosure on Sep 01
KL-001-2021-009: CyberArk Credential Provider Race Condition And Authorization BypassTitle: CyberArk Credential Provider Race Condition And Authorization Bypass
Advisory ID: KL-001-2021-009
Publication Date: 2021.09.01
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2021-009.txt
1. Vulnerability Details
Affected Vendor: CyberArk
Affected Product: Application Access Manager/Credential Provider
...
KL-001-2021-008: CyberArk Credential File Insufficient Effective Key Space
Posted by KoreLogic Disclosures via Fulldisclosure on Sep 01
KL-001-2021-008: CyberArk Credential File Insufficient Effective Key SpaceTitle: CyberArk Credential File Insufficient Effective Key Space
Advisory ID: KL-001-2021-008
Publication Date: 2021.09.01
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2021-008.txt
1. Vulnerability Details
Affected Vendor: CyberArk
Affected Product: Application Access Manager/Credential Provider
Affected Version: Prior to...
SEC Consult SA-20210901-0 :: Multiple vulnerabilities in MOXA devices
Posted by SEC Consult Vulnerability Lab on Sep 01
SEC Consult Vulnerability Lab Security Advisory < 20210901-0 >=======================================================================
title: Multiple vulnerabilities
product: see "Vulnerable / tested versions"
vulnerable version: see "Vulnerable / tested versions"
fixed version: see "Solution"
CVE number: CVE-2021-39278, CVE-2021-39279
impact: High...
Backdoor.Win32.Hupigon.aejq / Directory Traversal
Posted by malvuln on Aug 31
Discovery / credits: Malvuln - malvuln.com (c) 2021Original source:
https://malvuln.com/advisory/2a366cea300b84b4e6f8204a8c229266_C.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: Backdoor.Win32.Hupigon.aejq
Vulnerability: Directory Traversal
Description: The malware deploys a Web server listening on TCP port 80.
Third-party attackers who can reach an infected host can read any file on
the system using "../"...
