SOLDIERX.COM Nobody Can Stop Information Insemination

Posted by malvuln on Aug 31

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/2a366cea300b84b4e6f8204a8c229266_B.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Hupigon.aejq
Vulnerability: Port Bounce Scan
Description: The malware listens on TCP port 2121, its FTP component
accepts any username/password credentials. Third-party attackers who
successfully logon can abuse the backdoor FTP...

Posted by malvuln on Aug 31

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/2a366cea300b84b4e6f8204a8c229266.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Hupigon.aejq
Vulnerability: Authentication Bypass RCE
Description: The malware runs an FTP server on TCP port 2121. Third-party
attackers who can reach infected systems can logon using any
username/password combination. Intruders...

Posted by malvuln on Aug 31

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/abc6a590d237b8ee180638007f67089e.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.BO2K.11.d
Vulnerability: Local Stack Buffer Overflow
Description: Back Orifice 2000 by Cult of the Dead Cow, stack BOF on
corrupted DLL plugin import. Loading a specially crafted (DLL) file
triggers a stack buffer overflow...

Posted by malvuln on Aug 31

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/fc74e80ff2f49380972904d77df1c0f1_B.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Delf.wr
Vulnerability: Port Bounce Scan
Description: The CrazyInvadres Group⌐ bY SMURF_NS malware runs an FTP
server on TCP port 64554 and accepts any username/password credentials.
Third-party attackers who successfully logon...

Posted by malvuln on Aug 31

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/fc74e80ff2f49380972904d77df1c0f1.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Delf.wr
Vulnerability: Authentication Bypass RCE
Description: The CrazyInvadres Group⌐ bY SMURF_NS malware runs an FTP
server on TCP port 64554. Third-party attackers who can reach infected
systems can logon using any...

Posted by malvuln on Aug 31

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/d5256768a01a0e7c2ad5ba1264777f71.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Delf.um
Vulnerability: Authentication Bypass RCE
Description: The malware runs an FTP server on TCP port 21. Third-party
attackers who can reach infected systems can logon using any
username/password combination. Intruders may then...

Posted by malvuln on Aug 31

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/9adffcc98cd658a7f9c5419480013f72_B.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Antilam.11
Vulnerability: Unauthenticated Remote Code Execution
Description: The Win32.Antilam.11 malware aka "Backdoor.Win32.Latinus.b"
(MVID-2021-0029), listens on TCP ports 11831, 29559. Third-party attackers
who can...

Posted by malvuln on Aug 31

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/058ef1acc6456a924737d940f3cf81aa.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: HEUR.Trojan.Win32.Delf.gen
Vulnerability: Insecure Permissions
Description: The Batch VirusGen malware creates an .BAT script with
insecure permissions under c:\ drive and grants change (C) permissions to
the authenticated user group. Standard...

Posted by malvuln on Aug 31

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/5d7908e7e95d0eb4a7351d24605e62a6.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Hupigon.abe
Vulnerability: Unauthenticated Open Proxy
Description: The malware listens on TCP port 8080. Third-party attackers
who can connect to the infected system can relay requests from the original
connection to the...

Posted by malvuln on Aug 31

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/033ccd3a926441c49d3898dab97aefed.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan-Proxy.Win32.Raznew.gen
Vulnerability: Unauthenticated Open Proxy
Description: The malware listens on TCP port 8080. Third-party attackers
who can connect to the infected system can relay requests from the original
connection to the...

Posted by malvuln on Aug 31

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/5c644104f96ccad7a8cf324c2e523530.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.DarkKomet.aspl
Vulnerability: Insecure Permissions
Description: The malware creates an insecure dir under c:\ drive and grants
change (C) permissions to the authenticated user group. Standard users can
rename the executables dropped...

Posted by Marcin Kozlowski on Aug 31

Hi List,

If you are into Linux Kernel Security, check this out. It is a LLVM based
tool to audit Linux Kernel Modules Security:
https://github.com/marcinguy/dr_checker_4_linux using both pointer and
taint analyses that are flow-sensitive, context-sensitive, and
fieldsensitive on kernel drivers. It is port of Dr. Checker (great work,
kudos to authors at "The Computer Security Group at UC Santa Barbara"), to
newer Clang/LLVM 10 and...

Posted by Zemn mez on Aug 27

Hi seclists! I wanted to try posting some of my research here, and I think
this is the right list.

I recently published some research into Apple ID security that culminated
in an XSS on the Apple ID server -- that is, an attacker can pop out an
Apple login page that autofills your credentials and 2FA :)

In particular, it has several really interesting components in the chain:

- a Content Security Policy injection / bypass to slacken Javascript...

Posted by SEC Consult Vulnerability Lab on Aug 27

SEC Consult Vulnerability Lab Security Advisory < 20210827-0 >
=======================================================================
title: Authenticated RCE
product: BSCW Server
vulnerable version: BSCW Server <=5.0.11, <=5.1.9, <=5.2.3, <=7.3.2, <=7.4.2
fixed version: 5.0.12, 5.1.10, 5.2.4, 7.3.3, 7.4.3
CVE number: CVE-2021-39271
impact: high...

Posted by SEC Consult Vulnerability Lab on Aug 27

SEC Consult Vulnerability Lab Security Advisory < 20210827-1 >
=======================================================================
title: XML Tag injection
product: BSCW Server
vulnerable version: BSCW Server <=5.0.11, <=5.1.9, <=5.2.3, <=7.3.2, <=7.4.2
fixed version: 5.0.12, 5.1.10, 5.2.4, 7.3.3, 7.4.3
CVE number: CVE-2021-36359
impact: high...

Posted by SEC Consult Vulnerability Lab on Aug 20

SEC Consult Vulnerability Lab Security Advisory < 20210820-0 >
=======================================================================
title: Multiple Vulnerabilities in NetModule Router Software
product: NetModule Router Software (NRSW)
vulnerable version: Before 4.3.0.113, 4.4.0.111, 4.5.0.105
fixed version: 4.3.0.113, 4.4.0.111, 4.5.0.105
CVE number: CVE-2021-39289, CVE-2021-39290,...

Posted by SEC Consult Vulnerability Lab on Aug 19

SEC Consult Vulnerability Lab Security Advisory < 20210819-0 >
=======================================================================
title: Multiple Critical Vulnerabilities
product: Multiple Altus Sistemas de Automacao products:
Nexto NX30xx Series
Nexto NX5xxx Series
Nexto Xpress XP3xx Series
Hadron Xtorm HX3040 Series...

Posted by Gionathan Reale via Fulldisclosure on Aug 16

# Title: Cyberoam NetGenie (C0101B1-20141120-NG11VO) - Reflected Cross Site Scripting (XSS)# Date: 14.08.2021 # Credit:
Gionathan "John" Reale # Firmware Version: C0101B1-20141120-NG11VO#
CVE-2021-38702##################################################################################################################################
DESCRIPTION:
Cyberoam NetGenie C0101B1-20141120-NG11VO devices through 2021-08-14 allow...

Posted by Black Arch on Aug 16

Black Arch <blackarchlinux () gmail com>
Tue, Dec 1, 2020, 11:20 PM
to fulldisclosure

Dear list,

We've released new BlackArch Linux ISOs and OVA image (version
2021.09.01). Many improvements and QA went through all packages and
tools Blackarch Linux offers! For details see the ChangeLog below. The
BlackArch repository, Full-ISO and OVA image include more than 2700
tools now. The aarch64 repository is filled with about 2500 tools.

A...

Posted by malvuln on Aug 13

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/6209db6e8cfd7c7a315ca858129bd226.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: HackTool.Win32.HKit
Vulnerability: Unauthenticated Remote Command Execution
Description: HaX0R'Z KiT -- v1.05 malware listens for telnet connections on
a specified port. Third-party attackers who can reach the system can
execute OS commands...