Security News

Trovent Security Advisory 2103-02 / Multiple XSS vulnerabilities in ERPNext 13.0.0/12.18.0

Full Disclosure - 11 May, 2021 - 11:00

Posted by Stefan Pietsch on May 11

# Trovent Security Advisory 2103-02 #
#####################################

Multiple XSS vulnerabilities in ERPNext 13.0.0/12.18.0
######################################################

Overview
########

Advisory ID: TRSA-2103-02
Advisory version: 1.0
Advisory status: Public
Advisory URL: https://trovent.io/security-advisory-2103-02
Affected product: ERPNext
Tested versions: 12.18.0 and 13.0.0 beta
Vendor: Frappé Technologies...

Trovent Security Advisory 2103-01 / Authenticated SQL injection in ERPNext 13.0.0/12.18.0

Full Disclosure - 11 May, 2021 - 11:00

Posted by Stefan Pietsch on May 11

# Trovent Security Advisory 2103-01 #
#####################################

Authenticated SQL injection in ERPNext 13.0.0/12.18.0
#####################################################

Overview
########

Advisory ID: TRSA-2103-01
Advisory version: 1.0
Advisory status: Public
Advisory URL: https://trovent.io/security-advisory-2103-01
Affected product: ERPNext
Tested versions: 12.18.0 and 13.0.0 beta
Vendor: Frappé Technologies https://frappe.io...

Backdoor.Win32.Antilam.13.a / Unauthenticated Remote Command Execution

Full Disclosure - 11 May, 2021 - 10:59

Posted by malvuln on May 11

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/1ef711b34cc278449f1997e4ed06334a.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Antilam.13.a
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware drops an executable named "scandisk.exe" that
listens on TCP ports 47891 and 29559. Third party attackers who can reach
infected...

Backdoor.Win32.MotivFTP.12 / Authentication Bypass RCE

Full Disclosure - 11 May, 2021 - 10:59

Posted by malvuln on May 11

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/88785a093b8fa00893214dd220ac255d.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.MotivFTP.12
Vulnerability: Authentication Bypass RCE
Description: The malware listens on TCP port 21. Third-party attackers who
can reach the system can logon using any username/password combination.
Attackers may then upload...

Re: Three vulnerabilities found in MikroTik's RouterOS

Full Disclosure - 11 May, 2021 - 10:45

Posted by Gynvael Coldwind on May 11

Got it! Thank you for the explanation!

Four vulnerabilities found in MikroTik's RouterOS

Full Disclosure - 11 May, 2021 - 10:45

Posted by Q C on May 11

Advisory: four vulnerabilities found in MikroTik's RouterOS

Details
=======

Product: MikroTik's RouterOS
Vendor URL: https://mikrotik.com/
Vendor Status: only CVE-2020-20227 is fixed
CVE: CVE-2020-20220, CVE-2020-20227, CVE-2020-20245, CVE-2020-20246
Credit: Qian Chen(@cq674350529) of Qihoo 360 Nirvan Team

Product Description
==================

RouterOS is the operating system used on the MikroTik's devices, such as
switch,...

Re: Three vulnerabilities found in MikroTik's RouterOS

Full Disclosure - 11 May, 2021 - 10:45

Posted by Q C on May 11

Hi,

In Mikrotik RouterOs, each user is assigned to a user group, which denotes
the rights of this user. A group policy is a combination of individual
policy items, and provides a convenient way to assign different permissions
and access rights to different user classes. (Reference:
https://help.mikrotik.com/docs/display/ROS/User)

Some common individual policy items are: web, winbox, read, write, reboot
and so on. Among of them, reboot is...

Re: Three vulnerabilities found in MikroTik's RouterOS

Full Disclosure - 11 May, 2021 - 10:44

Posted by Gynvael Coldwind on May 11

Hi,

I might be missing something, but how are these considered vulnerabilities?
My point is that these require authentication, and an already authenticated
user already has permissions to reboot the device anyway, right?

If the above assumption is correct, then there isn't really a security
boundary breach, so it would be a software bug, but not a vulnerability.
Or am I missing something?

Thanks,
Gynvael

SEC Consult SA-20210511-0 :: Cross-site Scripting Vulnerabilities in REWE GO

Full Disclosure - 11 May, 2021 - 01:36

Posted by SEC Consult Vulnerability Lab on May 10

SEC Consult Vulnerability Lab Security Advisory < 20210511-0 >
=======================================================================
title: Reflected Cross-site Scripting Vulnerabilities
product: SIS Informatik - REWE GO
vulnerable version: 7.5.0/12C
fixed version: 7.7 SP17
CVE number: CVE-2021-31537
impact: Medium
homepage:https://sisinformatik.com/rewe-go/...

Backdoor.Win32.NinjaSpy.c / Remote Command Execution

Full Disclosure - 7 May, 2021 - 10:52

Posted by malvuln on May 07

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/6eece319bc108576bd1f4a8364616264_B.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.NinjaSpy.c
Vulnerability: Remote Command Execution
Description: The malware listens on TCP ports 2003, 2004 and drops a DLL
named "cmd.dll" under Windows dir. Connecting to port 2003, you will get
back a number...

Packed.Win32.Black.d / Unauthenticated Open Proxy

Full Disclosure - 7 May, 2021 - 10:52

Posted by malvuln on May 07

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/3a36d7ab34b3241aa2a9072700e0cb7c.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Packed.Win32.Black.d
Vulnerability: Unauthenticated Open Proxy
Description: The malware listens on TCP ports 1080 and 8080 and drops a
hidden executable named "Hacker.com.cn.exe" under Windows dir" that runs
with SYSTEM integrity....

Backdoor.Win32.Floder.gqe / Insecure Permissions

Full Disclosure - 7 May, 2021 - 10:51

Posted by malvuln on May 07

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/0629e3b2ab8a973a3e37e4e97cb9cfea.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Floder.gqe
Vulnerability: Insecure Permissions
Description: The malware creates an hidden insecure dir named "RECYCLER"
under c:\ drive and grants change (C) permissions to the authenticated user
group. Standard users can...

Trojan.Win32.Siscos.bqe / Insecure Permissions

Full Disclosure - 7 May, 2021 - 10:51

Posted by malvuln on May 07

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/b4a35ae6dcceea6390769829b4e1506f.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan.Win32.Siscos.bqe
Vulnerability: Insecure Permissions
Description: The malware creates a insecure dir named "Windupdt" under c:\
drive and grants change (C) permissions to the authenticated user group.
Standard users can rename the...

Trojan.Win32.Agent.xdtv / Insecure Permissions

Full Disclosure - 7 May, 2021 - 10:51

Posted by malvuln on May 07

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/ffa9b76f9549a2c46415c855a0911e8a.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan.Win32.Agent.xdtv
Vulnerability: Insecure Permissions
Description: The malware creates an insecure installation dir under
"C:\Program Files (x86)" and grants full (F) permissions to the Everyone
user group. Standard users can...

Four vulnerabilities found in MikroTik's RouterOS

Full Disclosure - 7 May, 2021 - 10:50

Posted by Q C on May 07

Advisory: four vulnerabilities found in MikroTik's RouterOS

Details
=======

Product: MikroTik's RouterOS
Vendor URL: https://mikrotik.com/
Vendor Status: no fix yet
CVE: CVE-2020-20214, CVE-2020-20222, CVE-2020-20236, CVE-2020-20237
Credit: Qian Chen(@cq674350529) of Qihoo 360 Nirvan Team

Product Description
==================

RouterOS is the operating system used on the MikroTik's devices, such as
switch, router and access...

Re: Four vulnerabilities found in MikroTik's RouterOS

Full Disclosure - 7 May, 2021 - 10:49

Posted by Q C on May 07

[Update 2021/05/05] Two CVEs have been assigned to two of these
vulnerabilities.

CVE-2020-20254: Mikrotik RouterOs before 6.47 (stable tree) suffers from a
memory corruption vulnerability in the /nova/bin/lcdstat process. An
authenticated remote attacker can cause a Denial of Service (NULL pointer
dereference).

CVE-2020-20253: Mikrotik RouterOs before 6.47 (stable tree) in the
/nova/bin/lcdstat process. An authenticated remote attacker can...

Re: Two vulnerabilities found in MikroTik's RouterOS

Full Disclosure - 7 May, 2021 - 10:49

Posted by Q C on May 07

[Update 2021/05/05] Two CVEs have been assigned to these vulnerabilities.

CVE-2020-20267: Mikrotik RouterOs before 6.47 (stable tree) suffers from a
memory corruption vulnerability in the /nova/bin/resolver process. An
authenticated remote attacker can cause a Denial of Service due to invalid
memory access.

CVE-2020-20225: Mikrotik RouterOs before 6.47 (stable tree) suffers from an
assertion failure vulnerability in the /nova/bin/user process....

Re: Three vulnerabilities found in MikroTik's RouterOS

Full Disclosure - 7 May, 2021 - 10:49

Posted by Q C on May 07

[Update 2021/05/04] Three CVEs have been assigned to these vulnerabilities.

CVE-2020-20266: Mikrotik RouterOs before 6.47 (stable tree) suffers from a
memory corruption vulnerability in the /nova/bin/dot1x process. An
authenticated remote attacker can cause a Denial of Service (NULL pointer
dereference).

CVE-2020-20264: Mikrotik RouterOs before 6.47 (stable tree) in the
/ram/pckg/advanced-tools/nova/bin/netwatch process. An authenticated remote...

Re: Three vulnerabilities found in MikroTik's RouterOS

Full Disclosure - 7 May, 2021 - 10:49

Posted by Q C on May 07

[update 2021/05/04] Three CVEs have been assigned to these vulnerabilities.

CVE-2020-20215: Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a
memory corruption vulnerability in the /nova/bin/diskd process. An
authenticated remote attacker can cause a Denial of Service due to invalid
memory access.

CVE-2020-20216: Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a
memory corruption vulnerability in the /nova/bin/graphing process. An...
Syndicate content