Security News

Backdoor.Win32.Noknok.60 / Insecure Permissions

Full Disclosure - 25 January, 2021 - 22:22

Posted by malvuln on Jan 25

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/ecaf6a123fdf1f5660692dfc4c67a933.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Noknok.60
Vulnerability: Insecure Permissions
Description: When generating an executable you can specify a directory
to write the file, the malware then grants change (C) permissions to
authenticated users group.
Type: PE32
MD5:...

Backdoor.Win32.Kraimer.11 / Missing Authentication

Full Disclosure - 25 January, 2021 - 22:22

Posted by malvuln on Jan 25

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/2a4fda4a6687981d32c2da7bdc1efcf1.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Kraimer.11
Vulnerability: Missing Authentication
Description: Kraimer listens for commands on TCP port 6668, due to a
lack of authentication anyone can telnet to the infected host. Seems
only one established connection at a time is...

Backdoor.Win32.Hupigon.adef / Remote Stack Buffer Overflow

Full Disclosure - 22 January, 2021 - 13:16

Posted by malvuln on Jan 22

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/c8f55ce7bbec784a97d7bfc6d7b1931f.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Hupigon.adef
Vulnerability: Remote Stack Buffer Overflow
Description: Backdoor Hupigon (Cracked by bartchen)
bartchen () vip sina com, listens on TCP ports 8001,8002,8003,8004 and
8005. Sending a large contaminated HTTP POST request...

Backdoor.Win32.Xel / Remote Authentication Buffer Overflow

Full Disclosure - 22 January, 2021 - 13:16

Posted by malvuln on Jan 22

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/3648c68bfe395fb9980ae547d881572c.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Xel
Vulnerability: Remote Authentication Buffer Overflow
Description: Xel listens on TCP port 8023 and requires authentication
good for them!, upon connecting you are greeted with a password
prompt:

XeL TROJAN based on ULTOR'S...

Backdoor.Win32.Verify.f / Missing Authentication

Full Disclosure - 22 January, 2021 - 13:16

Posted by malvuln on Jan 22

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/119cd00c48678d63ec07762a7ff08ac7.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Verify.f
Vulnerability: Missing Authentication
Description: Backdoor.Win32.Verify by pMK, yet another self-hating
backdoor as it lacks authentication granting access to whoever can
reach the infected system. This malware listens on...

Backdoor.Win32.Onalf / Missing Authentication

Full Disclosure - 22 January, 2021 - 13:16

Posted by malvuln on Jan 22

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/ba815d409cd714c0eac010b5970f6408.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Onalf
Vulnerability: Missing Authentication
Description: WinRemoteShell (Onalf) listens for commands on TCP port
2020. Interestingly, it will only start listening once it can connect
outbound to SMTP port 25. Not much of a self...

Backdoor.Win32.WinShell.30 / Remote Stack Buffer Overflow / Missing Authentication

Full Disclosure - 22 January, 2021 - 13:16

Posted by malvuln on Jan 22

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/56a2b135c8d35561ea5b04694155eb77.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.WinShell.30
Vulnerability: Remote Stack Buffer Overflow / Missing Authentication
Description: WinShell.30 listens on TCP port 5277 for commands.
Attackers or responders who can reach the infected host can trigger a
buffer overflow...

Backdoor.Win32.Zxman / Missing Authentication

Full Disclosure - 22 January, 2021 - 13:16

Posted by malvuln on Jan 22

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/6b2a9304d1c7a63365db0f9fd12d39b0.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Zxman
Vulnerability: Missing Authentication
Description: Backdoor.Win32.Zxman by Zx-man listens on TCP port 2048
for commands. However, anyone who can reach the infected host can take
control as there is no authentication in place....

Backdoor.Win32.Whisper.b / Remote Stack Corruption

Full Disclosure - 22 January, 2021 - 13:16

Posted by malvuln on Jan 22

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/a0edb91f62c8c083ec35b32a922168d1.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Whisper.b
Vulnerability: Remote Stack Corruption
Description: Whisper.b listens on TCP port 113 and connects to port
6667, deletes itself drops executable named rundll32.exe in
Windows\System dir. The malware is prone to stack...

Backdoor.Win32.Whirlpool.10 / Remote Stack Buffer Overflow

Full Disclosure - 22 January, 2021 - 13:16

Posted by malvuln on Jan 22

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/bf0682b674ef23cf8ba0deeaf546f422.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Whirlpool.10
Vulnerability: Remote Stack Buffer Overflow
Description: Whirlpool listens on UDP Datagram ports 8848 and 8864.
Sending a 192 byte payload to port 8864 triggers a stack buffer
overflow overwriting both EIP and SEH. This...

Backdoor.Win32.Zombam.geq / Remote Buffer Overflow

Full Disclosure - 22 January, 2021 - 13:16

Posted by malvuln on Jan 22

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/fd14cc7f025f49a3e08b4169d44a774e.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Zombam.geq
Vulnerability: Remote Buffer Overflow
Description: Zombam.geq listens for connections on TCP port 80 and
trys connect to SMTP port 25. By sending a HTTP GET request of about
2000 bytes triggers buffer overflow corrupting...

[REVIVE-SA-2021-001] Revive Adserver Vulnerabilities

Full Disclosure - 22 January, 2021 - 13:14

Posted by Matteo Beccati via Fulldisclosure on Jan 22

========================================================================
Revive Adserver Security Advisory REVIVE-SA-2021-001
------------------------------------------------------------------------
https://www.revive-adserver.com/security/revive-sa-2021-001
------------------------------------------------------------------------
CVE-IDs: CVE-2021-22871, CVE-2021-22872, CVE-2021-22873
Date:...

CVE-2020-20269 - Caret Editor v4.0.0-rc21 Remote Code Execution

Full Disclosure - 22 January, 2021 - 13:13

Posted by Manuel Bua on Jan 22

Details
================

Product: Caret Editor
Product URL: https://caret.io/
Vendor: Caret.io Ltd.
Vulnerability: Remote Code Execution
Vulnerable version: Caret Editor v4.0.0-rc21
Fixed version: Caret Editor v4.0.0-rc22
CVE Number: CVE-2020-20269
CVE URL: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-20269
Author: Manuel Bua (dudez)

Vulnerability Description
================

A specially crafted Markdown document could cause the...

Re: Constructor.Win32.SMWG.a / Insecure Permissions

Full Disclosure - 22 January, 2021 - 13:13

Posted by Garrett Skjelstad on Jan 22

Are we tracking vulnerabilities in malware now? Improve the malware to be
more resilient?

I'm just as likely to remove malware without vulnerabilities, as I am
malware WITH vulnerabilities.

Surely there are no bug bounties or upcoming patches (lol) for these.

I guess I'm confused about the purpose of these disclosures.

"Severely lacking".

Daily Dave - 20 January, 2021 - 11:15

Posted by Dave Aitel via Dailydave on Jan 20

Recently I read this post from Maddie Stone of Google's Project Zero:
https://googleprojectzero.blogspot.com/2020/07/detection-deficit-year-in-review-of-0.html
. In particular, it has a bolded line of "*As a community, our ability to
detect 0-days being used in the wild is severely lacking to the point that
we can’t draw significant conclusions due to the lack of (and biases in)
the data we have collected.*" which is the most...

Backdoor.Win32.NetBull.11.a / Remote Buffer Overflow

Full Disclosure - 19 January, 2021 - 12:17

Posted by malvuln on Jan 19

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/80e98fdf726a3e727f3414bdbf2e86bb.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.NetBull.11.a
Vulnerability: Remote Buffer Overflow
Description: Netbull listens on both TCP ports 23444 and 23445,
sending a large string of junk chars causes stack corruption
overwriting EDX register.
Type: PE32
MD5:...

Email-Worm.Win32.Agent.gi / Remote Stack Buffer Overflow - (UDP Datagram)

Full Disclosure - 19 January, 2021 - 12:17

Posted by malvuln on Jan 19

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/74e65773735f977185f6a09f1472ea46.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Email-Worm.Win32.Agent.gi
Vulnerability: Remote Stack Buffer Overflow - (UDP Datagram)
Description: Creates a service "Microsoft ASPI Manager" and listens on
TCP ports 80, 81 and UDP 53. The service process is a dropped
executable named...

Constructor.Win32.SMWG.c / Insecure Permissions

Full Disclosure - 19 January, 2021 - 12:17

Posted by malvuln on Jan 19

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/47e819a6ce3d5e93819f4842cfbe23d6.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Constructor.Win32.SMWG.c
Vulnerability: Insecure Permissions
Description: Description: SMWG - P2P VBS.sucke.gen worm generator by
sevenC / N0:7 outputs its malicious VBS script granting change (C)
permissions to authenticated users group.
Type:...

Constructor.Win32.SMWG.a / Insecure Permissions

Full Disclosure - 19 January, 2021 - 12:17

Posted by malvuln on Jan 19

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/07cd532823d6ab05d6e5e3a56f7afbfd.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Constructor.Win32.SMWG.a
Vulnerability: Insecure Permissions
Description: Win32.SMWG VBS.sucke.gen worm generator by sevenC / N0:7
outputs its malicious VBS script granting change (C) permissions to
authenticated users group.

Type: PE32
MD5:...

Newfuture Trojan V.1.0 BETA 1 / Insecure Permissions

Full Disclosure - 19 January, 2021 - 12:17

Posted by malvuln on Jan 19

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/4f9376824718ff23a6238c877f73ff73.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Newfuture Trojan V.1.0 BETA 1
Vulnerability: Insecure Permissions
Description: Newfuture by Wider is a remote access client and has a
(Fast_sms) server component, it is written in spanish. On installation
it grants (C) change privileges to...
Syndicate content