seclist.org

Posted by SEC Consult Vulnerability Lab on Apr 14

SEC Consult Vulnerability Lab Security Advisory < 20210414-0 >
=======================================================================
title: Reflected cross-site scripting
product: Microsoft Azure DevOps Server
vulnerable version: 2020.0.1
fixed version: 2020.0.1 Patch 2
CVE number: CVE-2021-28459
impact: medium
homepage:...

Posted by CFP ZeroNights on Apr 09

ZeroNights 2021 CFP is OPEN: Offensive and defensive research
(15/30/45min). Submit your talk!

# About conference

Place: Saint-Petersburg, Russia
Date: 30 June
Timeslots: 15/30/45 min
Site: https://zeronights.org

# CFP Timeline

CFP start: 1 March
CFP end: 15 May
CFP page: https://01x.cfp.zeronights.ru/zn2021/

# Conditions:

A speaker may deliver either a long or a short talk. The terms and
conditions for each of the options are listed below....

Posted by malvuln on Apr 08

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/fb24c3509180f463c9deaf2ee6705062.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Small.n
Vulnerability: Unauthenticated Remote Command Execution (SYSTEM)
Description: The backdoor malware listens on TCP Port 1337, upon successful
connection we get handed a remote shell from the infected host with SYSTEM...

Posted by Vladimir Bostanov on Apr 08

Advisory ID: SYSS-2020-032
Product: Tableau Server
Manufacturer: Tableau Software, LLC, a Salesforce Company
Affected Version(s): 2019.4-2019.4.17, 2020.1-2020.1.13,
2020.2-2020.2.10, 2020.3-2020.3.6, 2020.4-2020.4.2
Tested Version(s): 2020.2.1 (20202.20.0525.1210) 64-bit Windows
Vulnerability Type: URL Redirection to Untrusted Site (CWE-601)
Risk Level: Medium
Solution Status: Fixed
Manufacturer Notification: 2020-07-29
Solution Date:...

Posted by malvuln on Apr 08

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/7afe56286039faf56d4184c476683340.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Hupigon.das
Vulnerability: Unauthenticated Open Proxy
Description: The malware drops an hidden executable named "winserv.com"
under Windows dir, which accepts TCP connections on port 8080. Afterwards,
it connects to a...

Posted by malvuln on Apr 08

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/aff493ed1f98ed05c360b462192d2853.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan.Win32.Hotkeychick.d
Vulnerability: Insecure Permissions
Description: creates an insecure dir named "Sniperscan" under c:\ drive and
grants change (C) permissions to the authenticated user group. Standard
users can rename the...

Posted by malvuln on Apr 08

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/5cddc4647fb1c59f5dc7f414ada7fad4.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan-Downloader.Win32.Genome.qiw
Vulnerability: Insecure Permissions
Description: Genome.qiw creates an insecure dir named "tmp" under c:\ drive
and grants change (C) permissions to the authenticated user group. Standard
users can...

Posted by malvuln on Apr 08

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/01055838361f534ab596b56a19c70fef.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan-Downloader.Win32.Genome.omht
Vulnerability: Insecure Permissions
Description: Genome.omht creates an insecure dir named "wjmd97" under c:\
drive and grants change (C) permissions to the authenticated user group.
Standard users can...

Posted by malvuln on Apr 08

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/274a6e846c5a4a2b3281198556e5568b.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan.Win32.Hosts2.yqf
Vulnerability: Insecure Permissions
Description: Hosts2.yqf creates an insecure dir named "mlekaocYUmaae" under
c:\ drive and grants change (C) permissions to the authenticated user
group. Standard users can...

Posted by Responsible Disclosure via Fulldisclosure on Apr 08

### Advisory: Privileged File Write

Description

===========

The Check Point Identity Agent allows low privileged users to write files to protected locations of the file system.

Details

=======

Advisory ID: usd-2021-0005

Product: Check Point Identity Agent

Affected Version: < R81.018.0000

Vulnerability Type: Symlink Vulnerability

Security Risk: High

Vendor URL: https://www.checkpoint.com

Vendor Status: Fixed

Advisory URL:...

Posted by Gabriele Gristina on Apr 08

Multiple Pre-Auth Stack Buffer Overflow in D-Link DSL-320B-D1 ADSL Modem

======== < Table of Contents > =========================================

0. Overview
1. Details
2. Solution
3. Disclosure Timeline
4. Thanks & Acknowledgements
5. References
6. Credits
7. Legal Notices

======== < 0. Overview > ===============================================

Release Date: 7 March 2021

Revision: 1.0

Impact:

The ADSL modem DSL-320B-D1,...

Posted by SEC Consult Vulnerability Lab on Apr 07

SEC Consult Vulnerability Lab Security Advisory < 20210407-0 >
=======================================================================
title: Arbitrary File Upload and Bypassing .htaccess Rules
product: Monospace Directus Headless CMS
vulnerable version: < v8.8.2
fixed version: v8.8.2, v9 is not affected because of different architecture
CVE number: CVE-2021-29641
impact: High...

Posted by malvuln on Apr 06

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/17da6737cb94c11fa2363772d8eac0b1.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan-Downloader.Win32.FraudLoad.xevn
Vulnerability: Insecure Permissions
Description: FraudLoad.xevn creates an insecure dir named "usxxxxxxxx.exe"
under c:\ drive and grants change (C) permissions to the authenticated user
group....

Posted by malvuln on Apr 06

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/9f80c3b1e7f5f6f7d0c8aea25fe83551_C.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan.Win32.Sharer.h
Vulnerability: Known Vulnerable Component - Heap Corruption
Description: Sharer.h by GOLDSWORD - www.daokers.cn can run several types
of services, one is a third-party component named "HFS HTTP File Server"
that...

Posted by malvuln on Apr 06

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/9f80c3b1e7f5f6f7d0c8aea25fe83551_B.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan.Win32.Sharer.h
Vulnerability: Anonymous Logon MITM Port Bounce Scan
Description: Sharer.h by GOLDSWORD - www.daokers.cn can run several types
of services one is an FTP server named "20CN MINIFTP" TCP port 21.
Third-party...

Posted by malvuln on Apr 06

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/9f80c3b1e7f5f6f7d0c8aea25fe83551.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan.Win32.Sharer.h
Vulnerability: Anonymous Logon RCE
Description: Sharer.h by GOLDSWORD - www.daokers.cn can run several types
of services, one is an FTP server named "20CN MINIFTP" TCP port 21. The FTP
server default configuration...

Posted by Stefan Kanthak on Apr 06

Hi @ll,

the following is a shortened version of
<https://skanthak.homepage.t-online.de/offender.html#case64021>

With Windows 8, Microsoft introduced Windows Defender SmartScreen as
replacement for the Attachment Manager introduced with Windows XP SP2
(the first release of Windows after they started Trustworthy Computing).

The Attachment Manager adds an Alternate Data Stream named Zone.Identifier
to files downloaded from the Internet or...

Posted by houjingyi on Apr 06

environment: windows 10, python3.8.7 installed to "C:\Program
Files\Python38".

datail info: According to https://docs.python.org/3/c-api/init.html:
"Py_SetPath() set the default module search path. If this function is
called before Py_Initialize(), then Py_GetPath() won’t attempt to compute a
default search path but uses the one provided instead."
Write following code that only call Py_Initialize():

#include...

Posted by Onapsis Research via Fulldisclosure on Apr 05

# Onapsis Security Advisory 2021-0004: [CVE-2020-26820] - SAP Java OS
Remote Code Execution

## Impact on Business

A malicious authenticated attacker could abuse some particular services
exposed
by the SAP JAVA Netweaver allowing them to execute commands in the
underlying
operating system.

## Advisory Information

- Security Advisory ID: ONAPSIS-2021-0004
- Vulnerability Submission ID: 847
- Researcher: Pablo Artuso

## Vulnerability...

Posted by Onapsis Research via Fulldisclosure on Apr 05

# Onapsis Security Advisory 2021-0003: [CVE-2020-6287] - [SAP RECON] SAP
JAVA: Unauthenticated execution of configuration tasks

## Impact on Business

A malicious unauthenticated user could abuse the lack of authentication
check on a particular web service exposed by default in SAP Netweaver JAVA
stack, allowing them to fully compromise the targeted system.

## Advisory Information

- Security Advisory ID: ONAPSIS-2021-0003
- Vulnerability...