Hírolvasó

Posted by malvuln on Jan 22

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/ba815d409cd714c0eac010b5970f6408.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Onalf
Vulnerability: Missing Authentication
Description: WinRemoteShell (Onalf) listens for commands on TCP port
2020. Interestingly, it will only start listening once it can connect
outbound to SMTP port 25. Not much of a self...

Posted by malvuln on Jan 22

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/56a2b135c8d35561ea5b04694155eb77.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.WinShell.30
Vulnerability: Remote Stack Buffer Overflow / Missing Authentication
Description: WinShell.30 listens on TCP port 5277 for commands.
Attackers or responders who can reach the infected host can trigger a
buffer overflow...

Posted by malvuln on Jan 22

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/6b2a9304d1c7a63365db0f9fd12d39b0.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Zxman
Vulnerability: Missing Authentication
Description: Backdoor.Win32.Zxman by Zx-man listens on TCP port 2048
for commands. However, anyone who can reach the infected host can take
control as there is no authentication in place....

Posted by malvuln on Jan 22

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/a0edb91f62c8c083ec35b32a922168d1.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Whisper.b
Vulnerability: Remote Stack Corruption
Description: Whisper.b listens on TCP port 113 and connects to port
6667, deletes itself drops executable named rundll32.exe in
Windows\System dir. The malware is prone to stack...

Posted by malvuln on Jan 22

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/bf0682b674ef23cf8ba0deeaf546f422.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Whirlpool.10
Vulnerability: Remote Stack Buffer Overflow
Description: Whirlpool listens on UDP Datagram ports 8848 and 8864.
Sending a 192 byte payload to port 8864 triggers a stack buffer
overflow overwriting both EIP and SEH. This...

Posted by malvuln on Jan 22

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/fd14cc7f025f49a3e08b4169d44a774e.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Zombam.geq
Vulnerability: Remote Buffer Overflow
Description: Zombam.geq listens for connections on TCP port 80 and
trys connect to SMTP port 25. By sending a HTTP GET request of about
2000 bytes triggers buffer overflow corrupting...

This affects the package vis-timeline before 7.4.4. An attacker with the ability to control the items of a Timeline element can inject additional script code into the generated application.

Online Invoicing System (OIS) is open source software which is a lean invoicing system for small businesses, consultants and freelancers created using AppGini. In OIS version 4.0 there is a stored XSS which can enables an attacker takeover of the admin account through a payload that extracts a csrf token and sends a request to change password. It has been found that Item description is reflected without sanitization in app/items_view.php which enables the malicious scenario.

OctopusDSC is a PowerShell module with DSC resources that can be used to install and configure an Octopus Deploy Server and Tentacle agent. In OctopusDSC version 4.0.977 and earlier a customer API key used to connect to Octopus Server is exposed via logging in plaintext. This vulnerability is patched in version 4.0.1002.

Posted by Matteo Beccati via Fulldisclosure on Jan 22

========================================================================
Revive Adserver Security Advisory REVIVE-SA-2021-001
------------------------------------------------------------------------
https://www.revive-adserver.com/security/revive-sa-2021-001
------------------------------------------------------------------------
CVE-IDs: CVE-2021-22871, CVE-2021-22872, CVE-2021-22873
Date:...

Posted by Manuel Bua on Jan 22

Details
================

Product: Caret Editor
Product URL: https://caret.io/
Vendor: Caret.io Ltd.
Vulnerability: Remote Code Execution
Vulnerable version: Caret Editor v4.0.0-rc21
Fixed version: Caret Editor v4.0.0-rc22
CVE Number: CVE-2020-20269
CVE URL: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-20269
Author: Manuel Bua (dudez)

Vulnerability Description
================

A specially crafted Markdown document could cause the...

Posted by Garrett Skjelstad on Jan 22

Are we tracking vulnerabilities in malware now? Improve the malware to be
more resilient?

I'm just as likely to remove malware without vulnerabilities, as I am
malware WITH vulnerabilities.

Surely there are no bug bounties or upcoming patches (lol) for these.

I guess I'm confused about the purpose of these disclosures.

IBM MQ Internet Pass-Thru 2.1 and 9.2 could allow a remote user to cause a denial of service by sending malformed MQ data requests which would consume all available resources. IBM X-Force ID: 188093.

HedgeDoc is open source software which lets you create real-time collaborative markdown notes. In HedgeDoc before version 1.7.2, an attacker can inject arbitrary JavaScript into a HedgeDoc note, which is executed when the note is viewed in slide mode. Depending on the configuration of the instance, the attacker may not need authentication to create or edit notes. The problem is patched in HedgeDoc 1.7.2. ### Workarounds Disallow loading JavaScript from 3rd party sites using the `Content-Security-Policy` header. Note that this will break some embedded content. ### References This issue was discovered by @TobiasHoll and reported to hackmdio/codimd: https://github.com/hackmdio/codimd/issues/1648 ### For more information If you have any questions or comments about this advisory: * Open an topic on our community forum * Join our matrix room

The update for flatpak released as DSA 4830-1 introduced regressions with flatpak build and in the extra-data mechanism. Updated flatpak packages are now available to correct this issue.

An update that fixes three vulnerabilities is now available.

This affects all versions of package jquery-ui; all versions of package org.fujion.webjars:jquery-ui. When the "dialog" is injected into an HTML tag more than once, the browser and the application may crash.

Two vulnerabilities were discovered in the LLPD implementation of Open vSwitch, a software-based Ethernet virtual switch, which could result in denial of service.

Two vulnerabilities were discovered in the Tomcat servlet and JSP engine, which could result in information disclosure. For the stable distribution (buster), these problems have been fixed in

Multiple vulnerabilities were discovered in the VLC media player, which could result in the execution of arbitrary code or denial of service if a malformed media file is opened.