Security News

a xss vulnerability in Jforum 2.7.0

Full Disclosure - 3 September, 2021 - 10:24

Posted by kun song on Sep 03

hi,

I found a vulnerability in the jforum 2.7.0. It is a storage cross site
script vulnerability. The place is the user's profile - signature. The
technique of the vulnerability is the same as that described in this
article "STORED CROSS SITE SCRIPTING IN BBCODE" (
https://mindedsecurity.com/advisories/msa130510/), and the POC is:

color tag:
[color=red" onMouseOver="alert('xss')]XSS[/color]...

Backdoor.Win32.MoonPie.40 / Unauthenticated Remote Command Execution

Full Disclosure - 3 September, 2021 - 10:24

Posted by malvuln on Sep 03

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/Backdoor.Win32.MoonPie.40.9dbb6d56bc9a7813305883acd0f9a355_C.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.MoonPie.40
Vulnerability: Unauthenticated Remote Command Execution
Description: listens on TCP port 25685. Third-party attackers who can reach
infected systems can execute OS commands and or run arbitrary...

Backdoor.Win32.MoonPie.40 / Port Bounce Scan

Full Disclosure - 3 September, 2021 - 10:24

Posted by malvuln on Sep 03

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/9dbb6d56bc9a7813305883acd0f9a355_B.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.MoonPie.40
Vulnerability: Port Bounce Scan
Description: The malware listens on TCP port 25686, its FTP component
accepts any username/password credentials. Third-party attackers who
successfully logon can abuse the backdoor FTP...

Backdoor.Win32.MoonPie.40 / Authentication Bypass RCE

Full Disclosure - 3 September, 2021 - 10:24

Posted by malvuln on Sep 03

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/9dbb6d56bc9a7813305883acd0f9a355.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.MoonPie.40
Vulnerability: Authentication Bypass RCE
Description: The malware runs an FTP server on TCP port 25686. Third-party
attackers who can reach infected systems can logon using any
username/password combination. Intruders may...

Artica Proxy VMWare Appliance 4.30.000000 <=[SP273]

Full Disclosure - 3 September, 2021 - 10:22

Posted by Heiko Feldhusen via Fulldisclosure on Sep 03

Advisory ID: RCS20210707-0
Product: Artica Proxy VMWare Appliance
Vendor/Manufacturer: ArticaTech (https://www.articatech.com)
Affected Version(s): 4.30.000000 <=[SP273]
Tested Version(s): 4.30.000000 [SP273]
Vulnerability Type: Relative path traversal [CWE-23], Improper...

Mirror on the Fly Attack

Full Disclosure - 3 September, 2021 - 10:22

Posted by Gökhan Muharremoglu on Sep 03

Dear all,

I’d like to share an attack concept study with you.

With the help of new technologies in the application engineering (especially in the web application area) now it is
possible to create man in the middle attacks that can bypass too many security countermeasures (2FA, OTP, CAPTCHA, SSL,
Security Picture, Browser Remembering, etc.) by utilizing an approach we called mirroring on the fly...

At the mirroring on the fly approach, man...

Windows Defender Application Guard DoS via Long Hostname

Full Disclosure - 3 September, 2021 - 10:21

Posted by Jonathan Gregson via Fulldisclosure on Sep 03

Windows Defender Application Guard (also known as "WDAG", Microsoft Defender Application Guard, and "MDAG") can be
closed by any script or website loaded in WDAG by redirecting the browser to a URL with a long hostname (e.g, 10,000
characters long). This can cause a denial-of-service condition.

Impact: 4.3
CVSS 3.1: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:H/RL:U/RC:C

## Details

Application Guard will immediately close if...

KL-001-2021-010:CyberArk Credential Provider Local Cache Can Be Decrypted

Full Disclosure - 1 September, 2021 - 13:22

Posted by KoreLogic Disclosures via Fulldisclosure on Sep 01

KL-001-2021-010:CyberArk Credential Provider Local Cache Can Be Decrypted

Title: CyberArk Credential Provider Local Cache Can Be Decrypted
Advisory ID: KL-001-2021-010
Publication Date: 2021.09.01
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2021-010.txt

1. Vulnerability Details

     Affected Vendor: CyberArk
     Affected Product: Application Access Manager/Credential Provider
     Affected Version: Prior to...

KL-001-2021-009: CyberArk Credential Provider Race Condition And Authorization Bypass

Full Disclosure - 1 September, 2021 - 13:21

Posted by KoreLogic Disclosures via Fulldisclosure on Sep 01

KL-001-2021-009: CyberArk Credential Provider Race Condition And Authorization Bypass

Title: CyberArk Credential Provider Race Condition And Authorization Bypass
Advisory ID: KL-001-2021-009
Publication Date: 2021.09.01
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2021-009.txt

1. Vulnerability Details

     Affected Vendor: CyberArk
     Affected Product: Application Access Manager/Credential Provider
    ...

KL-001-2021-008: CyberArk Credential File Insufficient Effective Key Space

Full Disclosure - 1 September, 2021 - 13:20

Posted by KoreLogic Disclosures via Fulldisclosure on Sep 01

KL-001-2021-008: CyberArk Credential File Insufficient Effective Key Space

Title: CyberArk Credential File Insufficient Effective Key Space
Advisory ID: KL-001-2021-008
Publication Date: 2021.09.01
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2021-008.txt

1. Vulnerability Details

     Affected Vendor: CyberArk
     Affected Product: Application Access Manager/Credential Provider
     Affected Version: Prior to...

SEC Consult SA-20210901-0 :: Multiple vulnerabilities in MOXA devices

Full Disclosure - 1 September, 2021 - 05:58

Posted by SEC Consult Vulnerability Lab on Sep 01

SEC Consult Vulnerability Lab Security Advisory < 20210901-0 >
=======================================================================
title: Multiple vulnerabilities
product: see "Vulnerable / tested versions"
vulnerable version: see "Vulnerable / tested versions"
fixed version: see "Solution"
CVE number: CVE-2021-39278, CVE-2021-39279
impact: High...

Backdoor.Win32.Hupigon.aejq / Directory Traversal

Full Disclosure - 31 August, 2021 - 03:37

Posted by malvuln on Aug 31

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/2a366cea300b84b4e6f8204a8c229266_C.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Hupigon.aejq
Vulnerability: Directory Traversal
Description: The malware deploys a Web server listening on TCP port 80.
Third-party attackers who can reach an infected host can read any file on
the system using "../"...

Backdoor.Win32.Hupigon.aejq / Port Bounce Scan

Full Disclosure - 31 August, 2021 - 03:37

Posted by malvuln on Aug 31

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/2a366cea300b84b4e6f8204a8c229266_B.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Hupigon.aejq
Vulnerability: Port Bounce Scan
Description: The malware listens on TCP port 2121, its FTP component
accepts any username/password credentials. Third-party attackers who
successfully logon can abuse the backdoor FTP...

Backdoor.Win32.Hupigon.aejq / Authentication Bypass RCE

Full Disclosure - 31 August, 2021 - 03:37

Posted by malvuln on Aug 31

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/2a366cea300b84b4e6f8204a8c229266.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Hupigon.aejq
Vulnerability: Authentication Bypass RCE
Description: The malware runs an FTP server on TCP port 2121. Third-party
attackers who can reach infected systems can logon using any
username/password combination. Intruders...

Backdoor.Win32.BO2K.11.d (Back Orifice) / Local Stack Buffer Overflow

Full Disclosure - 31 August, 2021 - 03:37

Posted by malvuln on Aug 31

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/abc6a590d237b8ee180638007f67089e.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.BO2K.11.d
Vulnerability: Local Stack Buffer Overflow
Description: Back Orifice 2000 by Cult of the Dead Cow, stack BOF on
corrupted DLL plugin import. Loading a specially crafted (DLL) file
triggers a stack buffer overflow...

Backdoor.Win32.Delf.wr / Port Bounce Scan

Full Disclosure - 31 August, 2021 - 03:37

Posted by malvuln on Aug 31

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/fc74e80ff2f49380972904d77df1c0f1_B.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Delf.wr
Vulnerability: Port Bounce Scan
Description: The CrazyInvadres Group⌐ bY SMURF_NS malware runs an FTP
server on TCP port 64554 and accepts any username/password credentials.
Third-party attackers who successfully logon...

Backdoor.Win32.Delf.wr / Authentication Bypass RCE

Full Disclosure - 31 August, 2021 - 03:37

Posted by malvuln on Aug 31

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/fc74e80ff2f49380972904d77df1c0f1.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Delf.wr
Vulnerability: Authentication Bypass RCE
Description: The CrazyInvadres Group⌐ bY SMURF_NS malware runs an FTP
server on TCP port 64554. Third-party attackers who can reach infected
systems can logon using any...

Backdoor.Win32.Delf.um / Authentication Bypass RCE

Full Disclosure - 31 August, 2021 - 03:37

Posted by malvuln on Aug 31

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/d5256768a01a0e7c2ad5ba1264777f71.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Delf.um
Vulnerability: Authentication Bypass RCE
Description: The malware runs an FTP server on TCP port 21. Third-party
attackers who can reach infected systems can logon using any
username/password combination. Intruders may then...

Backdoor.Win32.Antilam.11 / Unauthenticated Remote Code Execution

Full Disclosure - 31 August, 2021 - 03:37

Posted by malvuln on Aug 31

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/9adffcc98cd658a7f9c5419480013f72_B.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Antilam.11
Vulnerability: Unauthenticated Remote Code Execution
Description: The Win32.Antilam.11 malware aka "Backdoor.Win32.Latinus.b"
(MVID-2021-0029), listens on TCP ports 11831, 29559. Third-party attackers
who can...

HEUR.Trojan.Win32.Delf.gen / Insecure Permissions

Full Disclosure - 31 August, 2021 - 03:37

Posted by malvuln on Aug 31

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/058ef1acc6456a924737d940f3cf81aa.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: HEUR.Trojan.Win32.Delf.gen
Vulnerability: Insecure Permissions
Description: The Batch VirusGen malware creates an .BAT script with
insecure permissions under c:\ drive and grants change (C) permissions to
the authenticated user group. Standard...
Syndicate content