Security News

Backdoor.Win32.Hupigon.abe / Unauthenticated Open Proxy

Full Disclosure - 31 August, 2021 - 03:37

Posted by malvuln on Aug 31

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/5d7908e7e95d0eb4a7351d24605e62a6.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Hupigon.abe
Vulnerability: Unauthenticated Open Proxy
Description: The malware listens on TCP port 8080. Third-party attackers
who can connect to the infected system can relay requests from the original
connection to the...

Trojan-Proxy.Win32.Raznew.gen / Unauthenticated Open Proxy

Full Disclosure - 31 August, 2021 - 03:37

Posted by malvuln on Aug 31

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/033ccd3a926441c49d3898dab97aefed.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan-Proxy.Win32.Raznew.gen
Vulnerability: Unauthenticated Open Proxy
Description: The malware listens on TCP port 8080. Third-party attackers
who can connect to the infected system can relay requests from the original
connection to the...

Backdoor.Win32.DarkKomet.aspl / Insecure Permissions

Full Disclosure - 31 August, 2021 - 03:37

Posted by malvuln on Aug 31

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/5c644104f96ccad7a8cf324c2e523530.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.DarkKomet.aspl
Vulnerability: Insecure Permissions
Description: The malware creates an insecure dir under c:\ drive and grants
change (C) permissions to the authenticated user group. Standard users can
rename the executables dropped...

LLVM based tool to audit Linux Kernel Modules Security

Full Disclosure - 31 August, 2021 - 03:37

Posted by Marcin Kozlowski on Aug 31

Hi List,

If you are into Linux Kernel Security, check this out. It is a LLVM based
tool to audit Linux Kernel Modules Security:
https://github.com/marcinguy/dr_checker_4_linux using both pointer and
taint analyses that are flow-sensitive, context-sensitive, and
fieldsensitive on kernel drivers. It is port of Dr. Checker (great work,
kudos to authors at "The Computer Security Group at UC Santa Barbara"), to
newer Clang/LLVM 10 and...

XSS in Apple ID Server idmsa.apple.com

Full Disclosure - 27 August, 2021 - 11:55

Posted by Zemn mez on Aug 27

Hi seclists! I wanted to try posting some of my research here, and I think
this is the right list.

I recently published some research into Apple ID security that culminated
in an XSS on the Apple ID server -- that is, an attacker can pop out an
Apple login page that autofills your credentials and 2FA :)

In particular, it has several really interesting components in the chain:

- a Content Security Policy injection / bypass to slacken Javascript...

SEC Consult SA-20210827-0 :: Authenticated RCE in BSCW Server

Full Disclosure - 27 August, 2021 - 09:02

Posted by SEC Consult Vulnerability Lab on Aug 27

SEC Consult Vulnerability Lab Security Advisory < 20210827-0 >
=======================================================================
title: Authenticated RCE
product: BSCW Server
vulnerable version: BSCW Server <=5.0.11, <=5.1.9, <=5.2.3, <=7.3.2, <=7.4.2
fixed version: 5.0.12, 5.1.10, 5.2.4, 7.3.3, 7.4.3
CVE number: CVE-2021-39271
impact: high...

SEC Consult SA-20210827-1 :: XML Tag injection in BSCW Server

Full Disclosure - 27 August, 2021 - 09:02

Posted by SEC Consult Vulnerability Lab on Aug 27

SEC Consult Vulnerability Lab Security Advisory < 20210827-1 >
=======================================================================
title: XML Tag injection
product: BSCW Server
vulnerable version: BSCW Server <=5.0.11, <=5.1.9, <=5.2.3, <=7.3.2, <=7.4.2
fixed version: 5.0.12, 5.1.10, 5.2.4, 7.3.3, 7.4.3
CVE number: CVE-2021-36359
impact: high...

SEC Consult SA-20210820-0 :: Multiple Vulnerabilities in NetModule Router Software

Full Disclosure - 20 August, 2021 - 06:44

Posted by SEC Consult Vulnerability Lab on Aug 20

SEC Consult Vulnerability Lab Security Advisory < 20210820-0 >
=======================================================================
title: Multiple Vulnerabilities in NetModule Router Software
product: NetModule Router Software (NRSW)
vulnerable version: Before 4.3.0.113, 4.4.0.111, 4.5.0.105
fixed version: 4.3.0.113, 4.4.0.111, 4.5.0.105
CVE number: CVE-2021-39289, CVE-2021-39290,...

SEC Consult SA-20210819-0 :: Multiple critical vulnerabilities in Altus Nexto and Hadron series

Full Disclosure - 19 August, 2021 - 04:16

Posted by SEC Consult Vulnerability Lab on Aug 19

SEC Consult Vulnerability Lab Security Advisory < 20210819-0 >
=======================================================================
title: Multiple Critical Vulnerabilities
product: Multiple Altus Sistemas de Automacao products:
Nexto NX30xx Series
Nexto NX5xxx Series
Nexto Xpress XP3xx Series
Hadron Xtorm HX3040 Series...

Cyberoam NetGenie (C0101B1-20141120-NG11VO) - Cross Site Scripting (XSS)

Full Disclosure - 16 August, 2021 - 22:53

Posted by Gionathan Reale via Fulldisclosure on Aug 16

# Title: Cyberoam NetGenie (C0101B1-20141120-NG11VO) - Reflected Cross Site Scripting (XSS)# Date: 14.08.2021 # Credit:
Gionathan "John" Reale # Firmware Version: C0101B1-20141120-NG11VO#
CVE-2021-38702##################################################################################################################################
DESCRIPTION:
Cyberoam NetGenie C0101B1-20141120-NG11VO devices through 2021-08-14 allow...

New BlackArch Linux ISOs + OVA Image released!

Full Disclosure - 16 August, 2021 - 22:53

Posted by Black Arch on Aug 16

Black Arch <blackarchlinux () gmail com>
Tue, Dec 1, 2020, 11:20 PM
to fulldisclosure

Dear list,

We've released new BlackArch Linux ISOs and OVA image (version
2021.09.01). Many improvements and QA went through all packages and
tools Blackarch Linux offers! For details see the ChangeLog below. The
BlackArch repository, Full-ISO and OVA image include more than 2700
tools now. The aarch64 repository is filled with about 2500 tools.

A...

HackTool.Win32.HKit / Unauthenticated Remote Command Execution

Full Disclosure - 13 August, 2021 - 16:09

Posted by malvuln on Aug 13

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/6209db6e8cfd7c7a315ca858129bd226.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: HackTool.Win32.HKit
Vulnerability: Unauthenticated Remote Command Execution
Description: HaX0R'Z KiT -- v1.05 malware listens for telnet connections on
a specified port. Third-party attackers who can reach the system can
execute OS commands...

HackTool.Win32.Hidd.b / Remote Stack Buffer Overflow (UDP Datagram)

Full Disclosure - 13 August, 2021 - 16:09

Posted by malvuln on Aug 13

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/665a408981294ca49be23096363eec2f.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: HackTool.Win32.Hidd.b
Vulnerability: Remote Stack Buffer Overflow (UDP Datagram)
Description: The malware listens on UDP ports 52810 and 65423. Third-party
attackers who can reach an infected system can send a 479 byte payload to
port 65423 and...

Backdoor.Win32.IRCBot.gen / Hardcoded Weak Password

Full Disclosure - 13 August, 2021 - 16:09

Posted by malvuln on Aug 13

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/bcfc89ca07bd0ad7b9396a0815c9fc39.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.IRCBot.gen
Vulnerability: Hardcoded Weak Password
Description: The malware listens on TCP port 13013. Authentication is
required for remote user access. However, the password "sexjerx" is weak
and hardcoded in plaintext...

Trojan-Proxy.Win32.Raznew.gen / Unauthenticated Open Proxy

Full Disclosure - 13 August, 2021 - 16:09

Posted by malvuln on Aug 13

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/55ce4b6c2ec10838c54dca54d96801d6.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan-Proxy.Win32.Raznew.gen
Vulnerability: Unauthenticated Open Proxy
Description: The malware listens on TCP port 8080. Third-party attackers
who can connect to the infected system can relay requests from the original
connection to the...

firebase/php-jwt Algorithm Confusion with Key IDs

Full Disclosure - 13 August, 2021 - 16:09

Posted by Paragon Initiative Enterprises Security Team on Aug 13

__Background__

Once upon a time, the Auth0 team demonstrated several attacks against JWT
libraries that are still found to this day. You can read about their
research here:
https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/

Or for a more fun spin on the issue, you can just check
https://www.howmanydayssinceajwtalgnonevuln.com

The two issues that were identified there were alg=none and substituting
HMAC over an...

[SYSS-2021-042] TJWS - Reflected Cross-Site Scripting (CVE-2021-37573)

Full Disclosure - 13 August, 2021 - 16:07

Posted by Maurizio Ruchay on Aug 13

Advisory ID: SYSS-2021-042
Product: Tiny Java Web Server and Servlet Container
(TJWS)
Manufacturer: D. Rogatkin
Affected Versions: <= 1.115
Tested Versions: 1.107, 1.114
Vulnerability Type: Cross-Site Scripting (CWE-79)
Risk Level: Medium
Solution Status: Fixed
Manufacturer Notification: 2021-07-21
Solution Date: 2021-07-23...

[RT-SA-2021-002] XML External Entity Expansion in MobileTogether Server

Full Disclosure - 10 August, 2021 - 08:02

Posted by RedTeam Pentesting GmbH on Aug 10

Advisory: XML External Entity Expansion in MobileTogether Server

RedTeam Pentesting discovered a vulnerability in the MobileTogether
server which allows users with access to at least one app to read
arbitrary, non-binary files from the file system and perform server-side
requests. The vulnerability can also be used to deny availability of the
system. As an example, this advisory shows the compromise of the
server's certificate and private...

Re: Spammers Using storage[.]googleapis[.]com ?!!?

Full Disclosure - 10 August, 2021 - 07:59

Posted by Jeffrey Walton on Aug 10

That's nothing compared to Sharepoint and sharepointonline.com. I get
10 to 20 pieces of offensive emails daily from Microsoft's cesspool.
All using those useless redirects under the guise of "sharing a
document" with me and offering me sex.

Microsoft has more garbage spewing from their web properties than
Amazon, Google, IBM, Salesforce and Rackspace combined (based on my
experience).

sharepointonline.com is the crack...

Accept Facebook friend requests without unlocking your Android [Unpatched]

Full Disclosure - 10 August, 2021 - 07:56

Posted by Sivanesh Ashok on Aug 10

Author - Sivanesh Ashok | @sivaneshashok | stazot.com

Date : 2021-08-03
Vendor : https://facebook.com/
Version : *
Tested on : Version 329.0.0.29.120, Android 10
Last Modified : 2021-08-10

--[ Bug Description

Facebook for Android is vulnerable to a permission issue which allows
anyone with physical access to the Android device, to accept friend
requests without unlocking the phone. The bug works when the device's...
Syndicate content