seclist.org

Posted by Apple Product Security via Fulldisclosure on Jan 12

APPLE-SA-2022-01-12-1 iOS 15.2.1 and iPadOS 15.2.1

iOS 15.2.1 and iPadOS 15.2.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213043.

HomeKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted HomeKit accessory name...

Posted by Gionathan Reale via Fulldisclosure on Jan 12

# Product:  RLM 14.2
# Vendor:   Reprise Software
# CVE ID:   CVE-2021-45422
# Vulnerability Title: Reflected Cross-Site Scripting
# Severity: Medium
# Author(s): Giulia Melotti Garibaldi
# Date:     2022-01-11
#
#############################################################
Introduction:
An issue was discovered in Reprise License Manager 14.2, Reprise License Manager 14.2 is affected by a reflected
cross-site scripting vulnerability...

Posted by RedTeam Pentesting GmbH on Jan 12

Advisory: Credential Disclosure in Web Interface of Crestron Device

When the administrative web interface of the Crestron HDMI switcher is
accessed unauthenticated, user credentials are disclosed which are valid
to authenticate to the web interface.

Details
=======

Product: Crestron HD-MD4X2-4K-E
Affected Versions: 1.0.0.2159
Fixed Versions: -
Vulnerability Type: Information Disclosure
Security Risk: high
Vendor URL:...

Posted by malvuln on Jan 11

Discovery / credits: Malvuln - malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/859aab793a42868343346163bd42f485.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Controlit.10
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware listens on TCP port 3347. Third-party attackers
who can reach an infected system can run any OS commands made available by
the malware...

Posted by WebSec B.V. on Jan 11

Publisher: Joel Aviad Ossi

Company: Pentest <https://websec.nl>company WebSec B.V.

Vulnerabilities: Improper access Control, Stored Cross-Site Scripting and
Improper Input Validation

Description: It is possible to inject javascript code into any DMCA account
and takeover the API Token in order to read support messages (It is also
possible to inject such code into the support ticket in order to target
administrators)

Additionally it is...

Posted by Marcin Kozlowski on Jan 11

Hi list,

Maybe you will find it interesting.

Forcedentry state of the art exploit (as I read) used by NSO made it
big. Libstagefright (Media Framework on Android) with OOB write on the
heap (with Scudo) which can possibly own your Mobile by playing an
audio file, didn't. Note: Not sure if you can do RCE with it. Leave it
to experts :P

Here is the repo with reporoducer and possibly also code in the future
to create it when needed....

Posted by hyp3rlinx on Jan 11

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT_WINDOWS_DEFENDER_DETECTION_BYPASS.txt
[+] twitter.com/hyp3rlinx
[+] ISR: ApparitionSec

[Vendor]
www.microsoft.com

[Product]
Windows Defender

Microsoft Defender Antivirus is a major component of your
next-generation protection in Microsoft Defender for Endpoint. This
protection brings together
machine...

Posted by hyp3rlinx on Jan 11

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT_WINDOWS_REG_FILE_DIALOG_SPOOF_MITIGATION_BYPASS.txt
[+] twitter.com/hyp3rlinx
[+] ISR: ApparitionSec

[Vendor]
www.microsoft.com

A file with the .reg file extension is a Registration file used by the
Windows registry. These files can contain hives, keys, and values.
.reg files can be created from scratch...

Posted by malvuln on Jan 07

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/bc7f4c4689f1b8ad395404d1e75c776f.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.SubSeven.c
Vulnerability: Remote Stack Buffer Overflow
Description: The malware listens on TCP port 1111. Third-party attackers
who can reach an infected system can send a specially crafted packet
prefixed with "DOS". This...

Posted by malvuln on Jan 07

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/011961a42700e7385a106d362eb661c7_B.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.SVC
Vulnerability: Directory Traversal
Description: The malware listens on TCP port 9997. Third-party attackers
who can reach an infected host can read any file on the system using "../"
path traversal characters to...

Posted by malvuln on Jan 07

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/011961a42700e7385a106d362eb661c7.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.SVC
Vulnerability: Remote Stack Buffer Overflow
Description: The malware listens on TCP port 9997. Third-party attackers
who can reach an infected system can make an specially crafted HTTP GET
request to trigger a classic stack...

Posted by malvuln on Jan 07

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/6c9665de78ae60a8e057d2c9cdb91596_B.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Dsklite.a
Vulnerability: Insecure Transit
Description: The malware listens on TCP ports 890, 891 and makes an
outbound HTTP request passing the ip-address, username and credentials of
the infected system in cleartext as part of...

Posted by malvuln on Jan 07

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/6c9665de78ae60a8e057d2c9cdb91596.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Dsklite.a
Vulnerability: Remote Denial of Service
Description: The malware listens on TCP ports 890, 891. Third-party
attackers who can reach an infected system can connect to port 890, this
will in turn open the vuln port 891....

Posted by malvuln on Jan 07

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/596882dfba543b23ad3225d24ee5e800_B.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Jtram.a
Vulnerability: Port Bounce Scan
Description: The malware listens on TCP port 1321. Third-party intruders
who successfully logon can abuse the backdoor FTP server as a
man-in-the-middle machine allowing PORT Command bounce...

Posted by malvuln on Jan 07

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/596882dfba543b23ad3225d24ee5e800.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Jtram.a
Vulnerability: Insecure Credential Storage
Description: The malware listens on TCP port 1321 as an FTP server. The
credentials are stored in cleartext in a file named "rconnect.conf.
Type: PE32
MD5:...

Posted by info () vulnerability-lab com on Jan 07

Document Title:
===============
Affiliate Pro v1.7 - Multiple Cross Site Vulnerabilities

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2281

Release Date:
=============
2022-01-05

Vulnerability Laboratory ID (VL-ID):
====================================
2281

Common Vulnerability Scoring System:
====================================
5.1

Vulnerability Class:
====================
Cross Site...

Posted by info () vulnerability-lab com on Jan 07

Document Title:
===============
Rocket LMS v1.1 - (History) Persistent XSS Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2305

Release Date:
=============
2021-12-29

Vulnerability Laboratory ID (VL-ID):
====================================
2305

Common Vulnerability Scoring System:
====================================
5.4

Vulnerability Class:
====================
Cross Site...

Posted by info () vulnerability-lab com on Jan 07

Document Title:
===============
uDoctorAppointment v2.1.1 - Multiple XSS Vulnerabilities

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2288

Release Date:
=============
2021-12-15

Vulnerability Laboratory ID (VL-ID):
====================================
2288

Common Vulnerability Scoring System:
====================================
5

Vulnerability Class:
====================
Cross Site Scripting...

Posted by info () vulnerability-lab com on Jan 07

Document Title:
===============
Easy Cart Shopping Cart - (Search) Persistent Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2298

Release Date:
=============
2021-12-15

Vulnerability Laboratory ID (VL-ID):
====================================
2298

Common Vulnerability Scoring System:
====================================
5.1

Vulnerability Class:
====================
Cross Site...

Posted by info () vulnerability-lab com on Jan 07

Document Title:
===============
cWifi Hotspot Wireless CP - Code Execution Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2310

Release Date:
=============
2021-12-15

Vulnerability Laboratory ID (VL-ID):
====================================
2310

Common Vulnerability Scoring System:
====================================
8.2

Vulnerability Class:
====================
Code Execution...