SOLDIERX.COM Nobody Can Stop Information Insemination

Posted by Stefan Pietsch on May 11

# Trovent Security Advisory 2103-02 #
#####################################

Multiple XSS vulnerabilities in ERPNext 13.0.0/12.18.0
######################################################

Overview
########

Advisory ID: TRSA-2103-02
Advisory version: 1.0
Advisory status: Public
Advisory URL: https://trovent.io/security-advisory-2103-02
Affected product: ERPNext
Tested versions: 12.18.0 and 13.0.0 beta
Vendor: Frappé Technologies...

Posted by Stefan Pietsch on May 11

# Trovent Security Advisory 2103-01 #
#####################################

Authenticated SQL injection in ERPNext 13.0.0/12.18.0
#####################################################

Overview
########

Advisory ID: TRSA-2103-01
Advisory version: 1.0
Advisory status: Public
Advisory URL: https://trovent.io/security-advisory-2103-01
Affected product: ERPNext
Tested versions: 12.18.0 and 13.0.0 beta
Vendor: Frappé Technologies https://frappe.io...

Posted by Marcel Keiffenheim on May 11

Posted by malvuln on May 11

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/1ef711b34cc278449f1997e4ed06334a.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Antilam.13.a
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware drops an executable named "scandisk.exe" that
listens on TCP ports 47891 and 29559. Third party attackers who can reach
infected...

Posted by malvuln on May 11

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/88785a093b8fa00893214dd220ac255d.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.MotivFTP.12
Vulnerability: Authentication Bypass RCE
Description: The malware listens on TCP port 21. Third-party attackers who
can reach the system can logon using any username/password combination.
Attackers may then upload...

Posted by Gynvael Coldwind on May 11

Got it! Thank you for the explanation!

Posted by Q C on May 11

Advisory: four vulnerabilities found in MikroTik's RouterOS

Details
=======

Product: MikroTik's RouterOS
Vendor URL: https://mikrotik.com/
Vendor Status: only CVE-2020-20227 is fixed
CVE: CVE-2020-20220, CVE-2020-20227, CVE-2020-20245, CVE-2020-20246
Credit: Qian Chen(@cq674350529) of Qihoo 360 Nirvan Team

Product Description
==================

RouterOS is the operating system used on the MikroTik's devices, such as
switch,...

Posted by Q C on May 11

Hi,

In Mikrotik RouterOs, each user is assigned to a user group, which denotes
the rights of this user. A group policy is a combination of individual
policy items, and provides a convenient way to assign different permissions
and access rights to different user classes. (Reference:
https://help.mikrotik.com/docs/display/ROS/User)

Some common individual policy items are: web, winbox, read, write, reboot
and so on. Among of them, reboot is...

Posted by Gynvael Coldwind on May 11

Hi,

I might be missing something, but how are these considered vulnerabilities?
My point is that these require authentication, and an already authenticated
user already has permissions to reboot the device anyway, right?

If the above assumption is correct, then there isn't really a security
boundary breach, so it would be a software bug, but not a vulnerability.
Or am I missing something?

Thanks,
Gynvael

Posted by SEC Consult Vulnerability Lab on May 10

SEC Consult Vulnerability Lab Security Advisory < 20210511-0 >
=======================================================================
title: Reflected Cross-site Scripting Vulnerabilities
product: SIS Informatik - REWE GO
vulnerable version: 7.5.0/12C
fixed version: 7.7 SP17
CVE number: CVE-2021-31537
impact: Medium
homepage:https://sisinformatik.com/rewe-go/...

Posted by malvuln on May 07

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/6eece319bc108576bd1f4a8364616264_B.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.NinjaSpy.c
Vulnerability: Remote Command Execution
Description: The malware listens on TCP ports 2003, 2004 and drops a DLL
named "cmd.dll" under Windows dir. Connecting to port 2003, you will get
back a number...

Posted by malvuln on May 07

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/3a36d7ab34b3241aa2a9072700e0cb7c.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Packed.Win32.Black.d
Vulnerability: Unauthenticated Open Proxy
Description: The malware listens on TCP ports 1080 and 8080 and drops a
hidden executable named "Hacker.com.cn.exe" under Windows dir" that runs
with SYSTEM integrity....

Posted by malvuln on May 07

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/0629e3b2ab8a973a3e37e4e97cb9cfea.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Floder.gqe
Vulnerability: Insecure Permissions
Description: The malware creates an hidden insecure dir named "RECYCLER"
under c:\ drive and grants change (C) permissions to the authenticated user
group. Standard users can...

Posted by malvuln on May 07

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/b4a35ae6dcceea6390769829b4e1506f.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan.Win32.Siscos.bqe
Vulnerability: Insecure Permissions
Description: The malware creates a insecure dir named "Windupdt" under c:\
drive and grants change (C) permissions to the authenticated user group.
Standard users can rename the...

Posted by malvuln on May 07

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/ffa9b76f9549a2c46415c855a0911e8a.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan.Win32.Agent.xdtv
Vulnerability: Insecure Permissions
Description: The malware creates an insecure installation dir under
"C:\Program Files (x86)" and grants full (F) permissions to the Everyone
user group. Standard users can...

Posted by Q C on May 07

Advisory: four vulnerabilities found in MikroTik's RouterOS

Details
=======

Product: MikroTik's RouterOS
Vendor URL: https://mikrotik.com/
Vendor Status: no fix yet
CVE: CVE-2020-20214, CVE-2020-20222, CVE-2020-20236, CVE-2020-20237
Credit: Qian Chen(@cq674350529) of Qihoo 360 Nirvan Team

Product Description
==================

RouterOS is the operating system used on the MikroTik's devices, such as
switch, router and access...

Posted by Q C on May 07

[Update 2021/05/05] Two CVEs have been assigned to two of these
vulnerabilities.

CVE-2020-20254: Mikrotik RouterOs before 6.47 (stable tree) suffers from a
memory corruption vulnerability in the /nova/bin/lcdstat process. An
authenticated remote attacker can cause a Denial of Service (NULL pointer
dereference).

CVE-2020-20253: Mikrotik RouterOs before 6.47 (stable tree) in the
/nova/bin/lcdstat process. An authenticated remote attacker can...

Posted by Q C on May 07

[Update 2021/05/05] Two CVEs have been assigned to these vulnerabilities.

CVE-2020-20267: Mikrotik RouterOs before 6.47 (stable tree) suffers from a
memory corruption vulnerability in the /nova/bin/resolver process. An
authenticated remote attacker can cause a Denial of Service due to invalid
memory access.

CVE-2020-20225: Mikrotik RouterOs before 6.47 (stable tree) suffers from an
assertion failure vulnerability in the /nova/bin/user process....

Posted by Q C on May 07

[Update 2021/05/04] Three CVEs have been assigned to these vulnerabilities.

CVE-2020-20266: Mikrotik RouterOs before 6.47 (stable tree) suffers from a
memory corruption vulnerability in the /nova/bin/dot1x process. An
authenticated remote attacker can cause a Denial of Service (NULL pointer
dereference).

CVE-2020-20264: Mikrotik RouterOs before 6.47 (stable tree) in the
/ram/pckg/advanced-tools/nova/bin/netwatch process. An authenticated remote...

Posted by Q C on May 07

[update 2021/05/04] Three CVEs have been assigned to these vulnerabilities.

CVE-2020-20215: Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a
memory corruption vulnerability in the /nova/bin/diskd process. An
authenticated remote attacker can cause a Denial of Service due to invalid
memory access.

CVE-2020-20216: Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a
memory corruption vulnerability in the /nova/bin/graphing process. An...