SOLDIERX.COM Nobody Can Stop Information Insemination

Posted by malvuln on Feb 16

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/8225bb6b430d5cdf523c4d0cabbe5793.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Cafeini.08.b
Vulnerability: Missing Authentication
Description: The backdoor is written in Polish and listens on TCP port
51966, anyone who can reach the infected system can telnet in and
execute any commands leading to malware...

Posted by malvuln on Feb 16

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/4ba3c08d8ad964328f2b6f618f714df2.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Backlash.101
Vulnerability: Missing Authentication
Description: BackLash Server 1.0 Alpha drops an executable named
"d3d8thk.exe" under Windows dir and listens on TCP ports 11831 and
29559. Telnet to port 11831 allows...

Posted by hyp3rlinx on Feb 16

# -*- coding: utf-8 -*-
import logging,os,ctypes,sys,argparse,time,re
from subprocess import *
from datetime import datetime
from pkgutil import iter_modules
import pkg_resources

#ReconInformer v1.3 Copyright (c) MIT License
#By John Page (aka hyp3rlinx)
#ApparitionSec
#hyp3rlinx.altervista.org
#twitter.com/hyp3rlinx
#apparitionsec () gmail com
#PoC Video URL: https://www.youtube.com/watch?v=XM-G9Udbphc...

Posted by Apple Product Security via Fulldisclosure on Feb 11

APPLE-SA-2021-02-09-1 macOS Big Sur 11.2.1, macOS Catalina 10.15.7
Supplemental Update, and macOS Mojave 10.14.6 Security Update
2021-002

macOS Big Sur 11.2.1, macOS Catalina 10.15.7 Supplemental
Update, and macOS Mojave 10.14.6 Security Update 2021-002 addresses
the following issues. Information about the security content is also
available at https://support.apple.com/HT212177.

macOS Big Sur 11.2.1, macOS Catalina 10.15.7 Supplemental Update*,...

Posted by malvuln on Feb 11

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/c806d23f4343ab40cf897e9c38b5c1c3.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.BackAttack.18
Vulnerability: Multiple Vulnerabilities
Description: BackAttack.18 (v1.8) listens on TCP ports 80 and 11131.
It has remote features you can enable like take screenshot, restart
the infected system, enable FTP or even...

Posted by malvuln on Feb 11

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/1b557d4f923b0de75e397686053a9022.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Augudor.a
Vulnerability: Unauthenticated Remote File Write Code Execution
Description: Augudor.a drops an empty file named "zy.exe" and listens
on TCP port 1011. Attackers who can reach the infected host can write
any...

Posted by malvuln on Feb 11

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/a8bb1744bedf43849ed808b7dfa32da4.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Aphexdoor.LiteSock
Vulnerability: Remote Stack Buffer Overflow
Description: Aphexdoor.LiteSock drops an extensionless executable
named "moo" in the Windows dir and listens on TCP ports 113 and 1415.
Sending a specially...

Posted by malvuln on Feb 11

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/5131a9b441c9f9b20228f171c327a4f5.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.NetTerrorist
Vulnerability: Unauthorized Remote Command Execution
Description: NetTerrorist listens on TCP port 785, it seemingly uses
authentication like USER [user], PASS [pass]. Interestingly, you can
just bypass authentication...

Posted by malvuln on Feb 11

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/146ce177ab03b8f62a9fc6e7bbf40dc1.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan.Win32.Cafelom.bu
Vulnerability: Heap Corruption
Description: This malware drops two executables DNF-II.exe and xx.exe,
then looks for and loads a text-file named "GamePath.txt" under c:\
drive. Placing a corrupt text-file with...

Posted by malvuln on Feb 11

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/ffa917e74406b8b77252be2c4f71f6d3.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Wollf.15
Vulnerability: Missing Authentication
Description: Wollf backdoor creates a service named "wrm" and opens
TCP port 7614, there is no authentication allowing anyone to take over
the infected system.
Type: PE32
MD5:...

Posted by malvuln on Feb 11

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/0187e62ca40cb3d556a2c5825620bd8f.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan-Spy.Win32.WinSpy.vwl
Vulnerability: Insecure Permissions EoP
Description: WinSpy.vwl create two directories "Accessories" and
"Netrix" under "Program Files (x86)". Netrix grants full permissions
(F) to everyone...

Posted by Jack Misiura via Fulldisclosure on Feb 11

Title: Stored XSS

Product: SolarWinds Serv-U FTP Server

Vendor Homepage: https://www.solarwinds.com/

Vulnerable Version: 15.2.1 and lower

Fixed Version: 15.2.2

CVE Number: CVE-2020-28001

Author: Jack Misiura from The Missing Link

Website: https://www.themissinglink.com.au

Timeline:

2020-10-30 Disclosed to Vendor

2021-01-21 Vendor releases patched version

2021-08-02 Publication

1. Vulnerability Description

SolarWinds Serv-U FTP...

Posted by Jack Misiura via Fulldisclosure on Feb 11

Title: Path traversal

Product: SolarWinds Serv-U FTP Server

Vendor Homepage: https://www.solarwinds.com/

Vulnerable Version: 15.2.1 and lower

Fixed Version: 15.2.2

CVE Number: CVE-2020-27994

Author: Jack Misiura from The Missing Link

Website: https://www.themissinglink.com.au

Timeline:

2020-10-28 Disclosed to Vendor

2021-01-21 Vendor releases patched version

2021-08-02 Publication

1. Vulnerability Description

SolarWinds Serv-U File...

Posted by SEC Consult Vulnerability Lab on Feb 10

SEC Consult Vulnerability Lab Security Advisory < 20210210-0 >
=======================================================================
title: Reflected Cross-Site Scripting (XSS)
product: Adobe Magento Commerce
vulnerable version: < 2.4.2
fixed version: 2.4.2
CVE number: CVE-2021-21029
impact: Medium
homepage: https://magento.com/
found: 2020-06-29...

Posted by malvuln on Feb 07

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/e3cf225a94c6be5a26fc21a1ec83f418.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan-Spy.Win32.WebCenter.a
Vulnerability: Information Disclosure
Description: The trojan creates a dir named "webcenter" under
"C:\Windows\SysWOW64" and drops various exes and html pages to return
information about the...

Posted by malvuln on Feb 07

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/e61a6755db1c59eb1d219b761de925f4.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan-Spy.Win32.SpyEyes.awow
Vulnerability: Insecure Permissions EoP
Description: SpyEyes.awow creates a insecure dir named "$Recycle$"
under the c:\ drive, granting change (C) permissions to the
authenticated users group. Also, drops...

Posted by malvuln on Feb 07

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/a4ea99b54e171274795f14a4ac7f17ba.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan.Win32.Delf.uq
Vulnerability: Insecure Permissions EoP
Description: Malware creates an vulnerable dir named "downsoft" under
c:\ drive granting change (C) permissions to the authenticated users
group.
Type: PE32
MD5:...

Posted by malvuln on Feb 07

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/cd88a9b686acd9ccf23dba8d248129b4.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Email-Worm.Win32.Sircam.eb
Vulnerability: Insecure Permissions EoP
Description: Sircam.eb creates a vuln dir under c:\ drive named
"Windupdt" and drops an exe named "winupdate.exe". Grants change (C)
permissions to...

Posted by malvuln on Feb 07

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/5f5b308853b9aa9243390c135ff6ba1b.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan.Win32.Cospet.abg
Vulnerability: Insecure Permissions EoP
Description: Cospet.abg, creates an vulnerable dir named "dir" under
c:\ drive granting change (C) permissions to the authenticated users
group. Sends SYN packet to TCP port...

Posted by malvuln on Feb 07

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/7cb253cf47b6de8adfea559e51950c17.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan.Win32.Comei.pgo
Vulnerability: Insecure Permissions EoP
Description: Trojan malware creates an vulnerable dir named "dir"
under c:\ drive granting change (C) permissions to the authenticated
users group.
Type: PE32
MD5:...