Security News

Backdoor.Win32.Wollf.12 / Unauthenticated Remote Command Execution

Full Disclosure - 8 June, 2021 - 11:48

Posted by malvuln on Jun 08

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/911e63e28b1d177120cca16eacf3b602.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Wollf.12
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware listens on TCP port 7614 and drops an executable
named "wrm.exe" that runs with SYSTEM integrity. Third-party attackers who
can...

Backdoor.Win32.Neakse.bit / Insecure Permissions

Full Disclosure - 8 June, 2021 - 11:48

Posted by malvuln on Jun 08

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/20863ba09c31037b1b3220fc6da100e1.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Neakse.bit
Vulnerability: Insecure Permissions
Description: The malware creates two insecure dirs housing DLLs under c:\
drive and grants change (C) permissions to the authenticated user group.
Standard users can rename the...

Backdoor.Win32.Androm.df / Unauthenticated Remote Command Execution

Full Disclosure - 4 June, 2021 - 11:08

Posted by malvuln on Jun 04

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/bf60f5b5c901bab08484838447f1b85e.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Androm.df
Vulnerability: Unauthenticated Remote Command Execution
Description: The Androm.df malware listens on TCP port 8000. Third-party
attackers who can reach the system can execute OS commands recompromising
the already...

Backdoor.Win32.Delf.acz / Remote Stack Buffer Overflow (SEH)

Full Disclosure - 4 June, 2021 - 11:08

Posted by malvuln on Jun 04

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/065d89c63fa1057de98c727d4b044b98.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Delf.acz
Vulnerability: Remote Stack Buffer Overflow (SEH)
Description: The malware listens on TCP ports
6060,6161,6262,6363,6464,6565,6767,6868,6969,7070,7171,7373. Attackers who
can reach the infected system can send a specially...

Backdoor.Win32.NetSpy.10 / Heap Corruption

Full Disclosure - 4 June, 2021 - 11:08

Posted by malvuln on Jun 04

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/e677149c35cbba118655d9b133da8827.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.NetSpy.10
Vulnerability: Heap Corruption
Description: The malware listens on TCP port 7306 and drops an executable
named "SPYNOTIFY.EXE" under SysWOW64 dir. Third-party attackers who can
reach the server can send a...

Backdoor.Win32.Wisell / Unauthenticated Remote Command Execution

Full Disclosure - 4 June, 2021 - 11:08

Posted by malvuln on Jun 04

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/eba4ce50a036a196484715f60c8a449b.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Wisell
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware listens on TCP port 5277, third-party attackers
who can reach the system can execute OS commands further compromising the
already infected...

Backdoor.Win32.WinShell.a / Unauthenticated Remote Command Execution

Full Disclosure - 4 June, 2021 - 11:08

Posted by malvuln on Jun 04

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/911a97737bd26e2a478f52e74b4fa01d.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.WinShell.a
Vulnerability: Unauthenticated Remote Command Execution
Description: WinShell listens on TCP port 1337, third-party attackers who
can reach the system can execute OS commands further compromising the
already infected...

Backdoor.Win32.Whirlpool.a / Remote Buffer Overflow - UDP Datagram

Full Disclosure - 4 June, 2021 - 11:08

Posted by malvuln on Jun 04

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/90171763d1cc62102b08482bac54ea8b.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Whirlpool.a
Vulnerability: Remote Buffer Overflow - UDP Datagram
Description: The malware listens on UDP Datagram ports 8848 and 8864.
Sending a 192 byte payload to port 8864 triggers a classic stack buffer
overflow overwriting ECX,...

Backdoor.Win32.NetControl2.293 / Unauthenticated Remote Command Execution

Full Disclosure - 4 June, 2021 - 11:08

Posted by malvuln on Jun 04

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/15ca804e4634d9586f85b1d15ebe91a0.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.NetControl2.293
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware listens on TCP port 2012. Attackers who can reach
infected hosts can run arbitrary OS commands using the DOSCMD command made
available...

Backdoor.Win32.Netbus.12 / Unauthenticated Information Disclosure

Full Disclosure - 4 June, 2021 - 11:08

Posted by malvuln on Jun 04

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/d9822984ed546cbf3ccffd149d1d2af5.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Netbus.12
Vulnerability: Unauthenticated Information Disclosure
Description: The malware listens on TCP ports 12345, 12346. Unauthenticated
third-party attackers who can reach infected system can grab screen
captures by simply...

Backdoor.Win32.NerTe.772 / Unauthenticated Remote Command Execution

Full Disclosure - 4 June, 2021 - 11:08

Posted by malvuln on Jun 04

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/464d7073f884b586b17950eef2908a6e_B.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.NerTe.772
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware listens on TCP ports 21, 80 and drops an
executable named "scanregs.exe" under Windows dir. Third-party attackers
who can reach...

Backdoor.Win32.NerTe.772 / Authentication Bypass RCE

Full Disclosure - 4 June, 2021 - 11:08

Posted by malvuln on Jun 04

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/464d7073f884b586b17950eef2908a6e.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.NerTe.772
Vulnerability: Authentication Bypass RCE
Description: The malware listens on TCP ports 21, 80 and drops an
executable named "scanregs.exe" under Windows dir. Third-party attackers
who can reach infected systems...

Trojan.Win32.Scar.dulk / Insecure Permissions

Full Disclosure - 4 June, 2021 - 11:08

Posted by malvuln on Jun 04

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/317cd84b5c0d11a9c3aacdfe2bb6031c.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan.Win32.Scar.dulk
Vulnerability: Insecure Permissions
Description: The malware creates an insecure dir named "xzzzs" under c:\
drive and grants change (C) permissions to the authenticated user group.
Standard users can rename the...

Trovent Security Advisory 2104-02 / HealthForYou & Sanitas HealthCoach: Account takeover with only email address possible

Full Disclosure - 4 June, 2021 - 11:08

Posted by Stefan Pietsch on Jun 04

# Trovent Security Advisory 2104-02 #
#####################################

Account takeover with only email address possible
#################################################

Overview
########

Advisory ID: TRSA-2104-02
Advisory version: 1.0
Advisory status: Public
Advisory URL: https://trovent.io/security-advisory-2104-02
Affected product: HealthForYou & Sanitas HealthCoach mobile and web applications
Tested versions: HealthForYou 1.11.1...

Trovent Security Advisory 2104-01 / HealthForYou & Sanitas HealthCoach: User enumeration through API

Full Disclosure - 4 June, 2021 - 11:08

Posted by Stefan Pietsch on Jun 04

# Trovent Security Advisory 2104-01 #
#####################################

User enumeration through API
############################

Overview
########

Advisory ID: TRSA-2104-01
Advisory version: 1.0
Advisory status: Public
Advisory URL: https://trovent.io/security-advisory-2104-01
Affected product: HealthForYou & Sanitas HealthCoach mobile and web applications
Tested versions: HealthForYou 1.11.1 (com.hansdinslage.connect.HealthForYou),...

SEC Consult SA-20210601-0 :: Multiple critical vulnerabilities in Korenix Technology JetNet Series

Full Disclosure - 1 June, 2021 - 02:06

Posted by SEC Consult Vulnerability Lab on Jun 01

SEC Consult Vulnerability Lab Security Advisory < 20210601-0 >
=======================================================================
title: Multiple Critical Vulnerabilities
product: Multiple Korenix Technology products:
Korenix: JetNet 5428G-20SFP, JetNet 5810G, JetNet 4706F,
JetNet 4706, JetNet 4706, JetNet 4510,
JetNet 5010,...

Re: [SECURITY] [DSA 4628-1] php7.0 security update

Bug Traq - 16 January, 2021 - 20:37

Posted by Timesportsall on Jan 16

------------------------------------------------------------------------
-
Debian Security Advisory DSA-4628-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
February 18, 2020 https://www.debian.org/security/faq
------------------------------------------------------------------------
-

Package : php7.0
CVE ID : CVE-2019-11045 CVE-2019-11046 CVE-2019-11047
CVE-2019-11050 CVE-2020-7059...

Re: BugTraq Shutdown

Bug Traq - 16 January, 2021 - 20:34

Posted by tommypickle on Jan 16

All old school hackers from UPT remember and want to show respect. Thanks for everything.

On Second Thought...

Bug Traq - 16 January, 2021 - 20:30

Posted by alias on Jan 16

Bugtraq has been a valuable institution within the Cyber Security community for
almost 30 years. Many of our own people entered the industry by subscribing to it
and learning from it. So, based on the feedback we’ve received both from the
community-at-large and internally, we’ve decided to keep the Bugtraq list running.
We’ll be working in the coming weeks to ensure that it can remain a valuable asset
to the community for years to...

BugTraq Shutdown

Bug Traq - 15 January, 2021 - 14:13

Posted by alias on Jan 15

2020 was quite the year, one that saw many changes. As we begin 2021, we wanted
to send one last note to our friends and supporters at the SecurityFocus BugTraq
mailing list. As many of you know, assets of Symantec were acquired by Broadcom
in late 2019, and some of those assets were then acquired by Accenture in 2020
(https://newsroom.accenture.com/news/accenture-completes-acquisition-of-broadco
ms-symantec-cyber-security-...
Syndicate content