Security News

Backdoor.Win32.Cafeini.08.b / Missing Authentication

Full Disclosure - 16 February, 2021 - 19:12

Posted by malvuln on Feb 16

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/8225bb6b430d5cdf523c4d0cabbe5793.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Cafeini.08.b
Vulnerability: Missing Authentication
Description: The backdoor is written in Polish and listens on TCP port
51966, anyone who can reach the infected system can telnet in and
execute any commands leading to malware...

Backdoor.Win32.Backlash.101 / Missing Authentication

Full Disclosure - 16 February, 2021 - 19:12

Posted by malvuln on Feb 16

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/4ba3c08d8ad964328f2b6f618f714df2.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Backlash.101
Vulnerability: Missing Authentication
Description: BackLash Server 1.0 Alpha drops an executable named
"d3d8thk.exe" under Windows dir and listens on TCP ports 11831 and
29559. Telnet to port 11831 allows...

Recon-Informer v1.3 - Intel for offensive systems anti-reconnaissance (nmap) tool

Full Disclosure - 16 February, 2021 - 19:12

Posted by hyp3rlinx on Feb 16

# -*- coding: utf-8 -*-
import logging,os,ctypes,sys,argparse,time,re
from subprocess import *
from datetime import datetime
from pkgutil import iter_modules
import pkg_resources

#ReconInformer v1.3 Copyright (c) MIT License
#By John Page (aka hyp3rlinx)
#ApparitionSec
#hyp3rlinx.altervista.org
#twitter.com/hyp3rlinx
#apparitionsec () gmail com
#PoC Video URL: https://www.youtube.com/watch?v=XM-G9Udbphc...

APPLE-SA-2021-02-09-1 macOS Big Sur 11.2.1, macOS Catalina 10.15.7 Supplemental Update, and macOS Mojave 10.14.6 Security Update 2021-002

Full Disclosure - 11 February, 2021 - 19:51

Posted by Apple Product Security via Fulldisclosure on Feb 11

APPLE-SA-2021-02-09-1 macOS Big Sur 11.2.1, macOS Catalina 10.15.7
Supplemental Update, and macOS Mojave 10.14.6 Security Update
2021-002

macOS Big Sur 11.2.1, macOS Catalina 10.15.7 Supplemental
Update, and macOS Mojave 10.14.6 Security Update 2021-002 addresses
the following issues. Information about the security content is also
available at https://support.apple.com/HT212177.

macOS Big Sur 11.2.1, macOS Catalina 10.15.7 Supplemental Update*,...

Backdoor.Win32.BackAttack.18 / Multiple Vulnerabilities

Full Disclosure - 11 February, 2021 - 19:51

Posted by malvuln on Feb 11

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/c806d23f4343ab40cf897e9c38b5c1c3.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.BackAttack.18
Vulnerability: Multiple Vulnerabilities
Description: BackAttack.18 (v1.8) listens on TCP ports 80 and 11131.
It has remote features you can enable like take screenshot, restart
the infected system, enable FTP or even...

Backdoor.Win32.Augudor.a / Unauthenticated Remote File Write Code Execution

Full Disclosure - 11 February, 2021 - 19:50

Posted by malvuln on Feb 11

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/1b557d4f923b0de75e397686053a9022.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Augudor.a
Vulnerability: Unauthenticated Remote File Write Code Execution
Description: Augudor.a drops an empty file named "zy.exe" and listens
on TCP port 1011. Attackers who can reach the infected host can write
any...

Backdoor.Win32.Aphexdoor.LiteSock / Remote Stack Buffer Overflow

Full Disclosure - 11 February, 2021 - 19:50

Posted by malvuln on Feb 11

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/a8bb1744bedf43849ed808b7dfa32da4.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Aphexdoor.LiteSock
Vulnerability: Remote Stack Buffer Overflow
Description: Aphexdoor.LiteSock drops an extensionless executable
named "moo" in the Windows dir and listens on TCP ports 113 and 1415.
Sending a specially...

Backdoor.Win32.NetTerrorist / Unauthorized Remote Command Execution

Full Disclosure - 11 February, 2021 - 19:50

Posted by malvuln on Feb 11

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/5131a9b441c9f9b20228f171c327a4f5.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.NetTerrorist
Vulnerability: Unauthorized Remote Command Execution
Description: NetTerrorist listens on TCP port 785, it seemingly uses
authentication like USER [user], PASS [pass]. Interestingly, you can
just bypass authentication...

Trojan.Win32.Cafelom.bu / Heap Corruption

Full Disclosure - 11 February, 2021 - 19:50

Posted by malvuln on Feb 11

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/146ce177ab03b8f62a9fc6e7bbf40dc1.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan.Win32.Cafelom.bu
Vulnerability: Heap Corruption
Description: This malware drops two executables DNF-II.exe and xx.exe,
then looks for and loads a text-file named "GamePath.txt" under c:\
drive. Placing a corrupt text-file with...

Backdoor.Win32.Wollf.15 / Missing Authentication

Full Disclosure - 11 February, 2021 - 19:50

Posted by malvuln on Feb 11

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/ffa917e74406b8b77252be2c4f71f6d3.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Wollf.15
Vulnerability: Missing Authentication
Description: Wollf backdoor creates a service named "wrm" and opens
TCP port 7614, there is no authentication allowing anyone to take over
the infected system.
Type: PE32
MD5:...

Trojan-Spy.Win32.WinSpy.vwl / Insecure Permissions EoP

Full Disclosure - 11 February, 2021 - 19:50

Posted by malvuln on Feb 11

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/0187e62ca40cb3d556a2c5825620bd8f.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan-Spy.Win32.WinSpy.vwl
Vulnerability: Insecure Permissions EoP
Description: WinSpy.vwl create two directories "Accessories" and
"Netrix" under "Program Files (x86)". Netrix grants full permissions
(F) to everyone...

Stored XSS in SolarWinds Serv-U File Server <=15.2.1

Full Disclosure - 11 February, 2021 - 19:50

Posted by Jack Misiura via Fulldisclosure on Feb 11

Title: Stored XSS

Product: SolarWinds Serv-U FTP Server

Vendor Homepage: https://www.solarwinds.com/

Vulnerable Version: 15.2.1 and lower

Fixed Version: 15.2.2

CVE Number: CVE-2020-28001

Author: Jack Misiura from The Missing Link

Website: https://www.themissinglink.com.au

Timeline:

2020-10-30 Disclosed to Vendor

2021-01-21 Vendor releases patched version

2021-08-02 Publication

1. Vulnerability Description

SolarWinds Serv-U FTP...

Path traversal in SolarWinds Serv-U File Server <=15.2.1

Full Disclosure - 11 February, 2021 - 19:50

Posted by Jack Misiura via Fulldisclosure on Feb 11

Title: Path traversal

Product: SolarWinds Serv-U FTP Server

Vendor Homepage: https://www.solarwinds.com/

Vulnerable Version: 15.2.1 and lower

Fixed Version: 15.2.2

CVE Number: CVE-2020-27994

Author: Jack Misiura from The Missing Link

Website: https://www.themissinglink.com.au

Timeline:

2020-10-28 Disclosed to Vendor

2021-01-21 Vendor releases patched version

2021-08-02 Publication

1. Vulnerability Description

SolarWinds Serv-U File...

SEC Consult SA-20210210-0 :: Reflected Cross-Site Scripting in Adobe Magento Commerce

Full Disclosure - 10 February, 2021 - 08:52

Posted by SEC Consult Vulnerability Lab on Feb 10

SEC Consult Vulnerability Lab Security Advisory < 20210210-0 >
=======================================================================
title: Reflected Cross-Site Scripting (XSS)
product: Adobe Magento Commerce
vulnerable version: < 2.4.2
fixed version: 2.4.2
CVE number: CVE-2021-21029
impact: Medium
homepage: https://magento.com/
found: 2020-06-29...

Trojan-Spy.Win32.WebCenter.a / Information Disclosure

Full Disclosure - 7 February, 2021 - 21:53

Posted by malvuln on Feb 07

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/e3cf225a94c6be5a26fc21a1ec83f418.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan-Spy.Win32.WebCenter.a
Vulnerability: Information Disclosure
Description: The trojan creates a dir named "webcenter" under
"C:\Windows\SysWOW64" and drops various exes and html pages to return
information about the...

Trojan-Spy.Win32.SpyEyes.awow / Insecure Permissions EoP

Full Disclosure - 7 February, 2021 - 12:34

Posted by malvuln on Feb 07

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/e61a6755db1c59eb1d219b761de925f4.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan-Spy.Win32.SpyEyes.awow
Vulnerability: Insecure Permissions EoP
Description: SpyEyes.awow creates a insecure dir named "$Recycle$"
under the c:\ drive, granting change (C) permissions to the
authenticated users group. Also, drops...

Trojan.Win32.Delf.uq / Insecure Permissions EoP

Full Disclosure - 7 February, 2021 - 12:34

Posted by malvuln on Feb 07

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/a4ea99b54e171274795f14a4ac7f17ba.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan.Win32.Delf.uq
Vulnerability: Insecure Permissions EoP
Description: Malware creates an vulnerable dir named "downsoft" under
c:\ drive granting change (C) permissions to the authenticated users
group.
Type: PE32
MD5:...

Email-Worm.Win32.Sircam.eb / Insecure Permissions EoP

Full Disclosure - 7 February, 2021 - 12:34

Posted by malvuln on Feb 07

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/cd88a9b686acd9ccf23dba8d248129b4.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Email-Worm.Win32.Sircam.eb
Vulnerability: Insecure Permissions EoP
Description: Sircam.eb creates a vuln dir under c:\ drive named
"Windupdt" and drops an exe named "winupdate.exe". Grants change (C)
permissions to...

Trojan.Win32.Cospet.abg / Insecure Permissions EoP

Full Disclosure - 7 February, 2021 - 12:34

Posted by malvuln on Feb 07

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/5f5b308853b9aa9243390c135ff6ba1b.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan.Win32.Cospet.abg
Vulnerability: Insecure Permissions EoP
Description: Cospet.abg, creates an vulnerable dir named "dir" under
c:\ drive granting change (C) permissions to the authenticated users
group. Sends SYN packet to TCP port...

Trojan.Win32.Comei.pgo / Insecure Permissions EoP

Full Disclosure - 7 February, 2021 - 12:34

Posted by malvuln on Feb 07

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/7cb253cf47b6de8adfea559e51950c17.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan.Win32.Comei.pgo
Vulnerability: Insecure Permissions EoP
Description: Trojan malware creates an vulnerable dir named "dir"
under c:\ drive granting change (C) permissions to the authenticated
users group.
Type: PE32
MD5:...
Syndicate content