seclist.org

Subscribe to seclist.org hírcsatorna
A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.
Frissítve: 1 óra 57 perc
2021. április 14.

SEC Consult SA-20210414-0 :: Reflected cross-site scripting in Microsoft Azure DevOps Server

Posted by SEC Consult Vulnerability Lab on Apr 14

SEC Consult Vulnerability Lab Security Advisory < 20210414-0 >
=======================================================================
title: Reflected cross-site scripting
product: Microsoft Azure DevOps Server
vulnerable version: 2020.0.1
fixed version: 2020.0.1 Patch 2
CVE number: CVE-2021-28459
impact: medium
homepage:...
2021. április 10.

CFP ZeroNights 2021

Posted by CFP ZeroNights on Apr 09

ZeroNights 2021 CFP is OPEN: Offensive and defensive research
(15/30/45min). Submit your talk!

# About conference

Place: Saint-Petersburg, Russia
Date: 30 June
Timeslots: 15/30/45 min
Site: https://zeronights.org

# CFP Timeline

CFP start: 1 March
CFP end: 15 May
CFP page: https://01x.cfp.zeronights.ru/zn2021/

# Conditions:

A speaker may deliver either a long or a short talk. The terms and
conditions for each of the options are listed below....
2021. április 8.

Backdoor.Win32.Small.n / Unauthenticated Remote Command Execution (SYSTEM)

Posted by malvuln on Apr 08

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/fb24c3509180f463c9deaf2ee6705062.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Small.n
Vulnerability: Unauthenticated Remote Command Execution (SYSTEM)
Description: The backdoor malware listens on TCP Port 1337, upon successful
connection we get handed a remote shell from the infected host with SYSTEM...
2021. április 8.

[SYSS-2020-032] Open Redirect in Tableau Server (CVE-2021-1629)

Posted by Vladimir Bostanov on Apr 08

Advisory ID: SYSS-2020-032
Product: Tableau Server
Manufacturer: Tableau Software, LLC, a Salesforce Company
Affected Version(s): 2019.4-2019.4.17, 2020.1-2020.1.13,
2020.2-2020.2.10, 2020.3-2020.3.6, 2020.4-2020.4.2
Tested Version(s): 2020.2.1 (20202.20.0525.1210) 64-bit Windows
Vulnerability Type: URL Redirection to Untrusted Site (CWE-601)
Risk Level: Medium
Solution Status: Fixed
Manufacturer Notification: 2020-07-29
Solution Date:...
2021. április 8.

Backdoor.Win32.Hupigon.das / Unauthenticated Open Proxy

Posted by malvuln on Apr 08

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/7afe56286039faf56d4184c476683340.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Hupigon.das
Vulnerability: Unauthenticated Open Proxy
Description: The malware drops an hidden executable named "winserv.com"
under Windows dir, which accepts TCP connections on port 8080. Afterwards,
it connects to a...
2021. április 8.

Trojan.Win32.Hotkeychick.d / Insecure Permissions

Posted by malvuln on Apr 08

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/aff493ed1f98ed05c360b462192d2853.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan.Win32.Hotkeychick.d
Vulnerability: Insecure Permissions
Description: creates an insecure dir named "Sniperscan" under c:\ drive and
grants change (C) permissions to the authenticated user group. Standard
users can rename the...
2021. április 8.

Trojan-Downloader.Win32.Genome.qiw / Insecure Permissions

Posted by malvuln on Apr 08

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/5cddc4647fb1c59f5dc7f414ada7fad4.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan-Downloader.Win32.Genome.qiw
Vulnerability: Insecure Permissions
Description: Genome.qiw creates an insecure dir named "tmp" under c:\ drive
and grants change (C) permissions to the authenticated user group. Standard
users can...
2021. április 8.

Trojan-Downloader.Win32.Genome.omht / Insecure Permissions

Posted by malvuln on Apr 08

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/01055838361f534ab596b56a19c70fef.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan-Downloader.Win32.Genome.omht
Vulnerability: Insecure Permissions
Description: Genome.omht creates an insecure dir named "wjmd97" under c:\
drive and grants change (C) permissions to the authenticated user group.
Standard users can...
2021. április 8.

Trojan.Win32.Hosts2.yqf / Insecure Permissions

Posted by malvuln on Apr 08

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/274a6e846c5a4a2b3281198556e5568b.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan.Win32.Hosts2.yqf
Vulnerability: Insecure Permissions
Description: Hosts2.yqf creates an insecure dir named "mlekaocYUmaae" under
c:\ drive and grants change (C) permissions to the authenticated user
group. Standard users can...
2021. április 8.

usd20210005: Privileged File Write in Check Point Identity Agent < R81.018.0000

Posted by Responsible Disclosure via Fulldisclosure on Apr 08

### Advisory: Privileged File Write

Description

===========

The Check Point Identity Agent allows low privileged users to write files to protected locations of the file system.

Details

=======

Advisory ID: usd-2021-0005

Product: Check Point Identity Agent

Affected Version: < R81.018.0000

Vulnerability Type: Symlink Vulnerability

Security Risk: High

Vendor URL: https://www.checkpoint.com

Vendor Status: Fixed

Advisory URL:...
2021. április 8.

CVE-2021-26709 - Multiple Pre-Auth Stack Buffer Overflow in D-Link DSL-320B-D1 ADSL Modem

Posted by Gabriele Gristina on Apr 08

Multiple Pre-Auth Stack Buffer Overflow in D-Link DSL-320B-D1 ADSL Modem

======== < Table of Contents > =========================================

0. Overview
1. Details
2. Solution
3. Disclosure Timeline
4. Thanks & Acknowledgements
5. References
6. Credits
7. Legal Notices

======== < 0. Overview > ===============================================

Release Date: 7 March 2021

Revision: 1.0

Impact:

The ADSL modem DSL-320B-D1,...
2021. április 7.

SEC Consult SA-20210407-0 :: Arbitrary File Upload and Bypassing .htaccess Rules in Monospace Directus Headless CMS

Posted by SEC Consult Vulnerability Lab on Apr 07

SEC Consult Vulnerability Lab Security Advisory < 20210407-0 >
=======================================================================
title: Arbitrary File Upload and Bypassing .htaccess Rules
product: Monospace Directus Headless CMS
vulnerable version: < v8.8.2
fixed version: v8.8.2, v9 is not affected because of different architecture
CVE number: CVE-2021-29641
impact: High...
2021. április 6.

Trojan-Downloader.Win32.FraudLoad.xevn / Insecure Permissions

Posted by malvuln on Apr 06

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/17da6737cb94c11fa2363772d8eac0b1.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan-Downloader.Win32.FraudLoad.xevn
Vulnerability: Insecure Permissions
Description: FraudLoad.xevn creates an insecure dir named "usxxxxxxxx.exe"
under c:\ drive and grants change (C) permissions to the authenticated user
group....
2021. április 6.

Trojan.Win32.Sharer.h / Known Vulnerable Component - Heap Corruption

Posted by malvuln on Apr 06

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/9f80c3b1e7f5f6f7d0c8aea25fe83551_C.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan.Win32.Sharer.h
Vulnerability: Known Vulnerable Component - Heap Corruption
Description: Sharer.h by GOLDSWORD - www.daokers.cn can run several types
of services, one is a third-party component named "HFS HTTP File Server"
that...
2021. április 6.

Trojan.Win32.Sharer.h / Anonymous Logon MITM Port Bounce Scan

Posted by malvuln on Apr 06

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/9f80c3b1e7f5f6f7d0c8aea25fe83551_B.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan.Win32.Sharer.h
Vulnerability: Anonymous Logon MITM Port Bounce Scan
Description: Sharer.h by GOLDSWORD - www.daokers.cn can run several types
of services one is an FTP server named "20CN MINIFTP" TCP port 21.
Third-party...
2021. április 6.

Trojan.Win32.Sharer.h / Anonymous Logon RCE

Posted by malvuln on Apr 06

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/9f80c3b1e7f5f6f7d0c8aea25fe83551.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan.Win32.Sharer.h
Vulnerability: Anonymous Logon RCE
Description: Sharer.h by GOLDSWORD - www.daokers.cn can run several types
of services, one is an FTP server named "20CN MINIFTP" TCP port 21. The FTP
server default configuration...
2021. április 6.

Defense in depth -- The Microsoft way (part 74): Windows Defender SmartScreen is rather DUMP, it allows denial of service

Posted by Stefan Kanthak on Apr 06

Hi @ll,

the following is a shortened version of
<https://skanthak.homepage.t-online.de/offender.html#case64021>

With Windows 8, Microsoft introduced Windows Defender SmartScreen as
replacement for the Attachment Manager introduced with Windows XP SP2
(the first release of Windows after they started Trustworthy Computing).

The Attachment Manager adds an Alternate Data Stream named Zone.Identifier
to files downloaded from the Internet or...
2021. április 6.

python embedded program local arbitrary python script execution on windows

Posted by houjingyi on Apr 06

environment: windows 10, python3.8.7 installed to "C:\Program
Files\Python38".

datail info: According to https://docs.python.org/3/c-api/init.html:
"Py_SetPath() set the default module search path. If this function is
called before Py_Initialize(), then Py_GetPath() won’t attempt to compute a
default search path but uses the one provided instead."
Write following code that only call Py_Initialize():

#include...
2021. április 5.

Onapsis Security Advisory 2021-0004: [CVE-2020-26820] - SAP Java OS Remote Code Execution

Posted by Onapsis Research via Fulldisclosure on Apr 05

# Onapsis Security Advisory 2021-0004: [CVE-2020-26820] - SAP Java OS
Remote Code Execution

## Impact on Business

A malicious authenticated attacker could abuse some particular services
exposed
by the SAP JAVA Netweaver allowing them to execute commands in the
underlying
operating system.

## Advisory Information

- Security Advisory ID: ONAPSIS-2021-0004
- Vulnerability Submission ID: 847
- Researcher: Pablo Artuso

## Vulnerability...
2021. április 5.

Onapsis Security Advisory 2021-0003: [CVE-2020-6287] - [SAP RECON] SAP JAVA: Unauthenticated execution of configuration tasks

Posted by Onapsis Research via Fulldisclosure on Apr 05

# Onapsis Security Advisory 2021-0003: [CVE-2020-6287] - [SAP RECON] SAP
JAVA: Unauthenticated execution of configuration tasks

## Impact on Business

A malicious unauthenticated user could abuse the lack of authentication
check on a particular web service exposed by default in SAP Netweaver JAVA
stack, allowing them to fully compromise the targeted system.

## Advisory Information

- Security Advisory ID: ONAPSIS-2021-0003
- Vulnerability...