Mail Thread Index

• Date Index

• [FD] IRC-Worm.Win32.Silentium.a / Insecure Permissions, malvuln
• [FD] Backdoor.Win32.Burbul.b / Authentication Bypass MITM Port Bounce Scan, malvuln
  • <Possible follow-ups>
  • [FD] Backdoor.Win32.Burbul.b / Authentication Bypass MITM Port Bounce Scan, malvuln
• [FD] Trojan-Downloader.Win32.Delf.oxz / Insecure Permissions, malvuln
• [FD] Trojan-Downloader.Win32.Delf.ur / Insecure Permissions, malvuln
• [FD] Trojan-Downloader.Win32.Delf.nzg / Insecure Permissions, malvuln
• [FD] Onapsis Security Advisory 2021-0001: [CVE-2020-6207] - Unauthenticated RCE in SAP all SMD Agents connected to SAP SolMan, Onapsis Research via Fulldisclosure
• [FD] Onapsis Security Advisory 2021-0002: [CVE-2020-6234] - SAP Multiple root LPE through SAP Host Control, Onapsis Research via Fulldisclosure
• [FD] Onapsis Security Advisory 2021-0003: [CVE-2020-6287] - [SAP RECON] SAP JAVA: Unauthenticated execution of configuration tasks, Onapsis Research via Fulldisclosure
• [FD] Onapsis Security Advisory 2021-0004: [CVE-2020-26820] - SAP Java OS Remote Code Execution, Onapsis Research via Fulldisclosure
• [FD] python embedded program local arbitrary python script execution on windows, houjingyi
• [FD] Defense in depth -- The Microsoft way (part 74): Windows Defender SmartScreen is rather DUMP, it allows denial of service, Stefan Kanthak
• [FD] Trojan.Win32.Sharer.h / Anonymous Logon RCE, malvuln
• [FD] Trojan.Win32.Sharer.h / Anonymous Logon MITM Port Bounce Scan, malvuln
• [FD] Trojan.Win32.Sharer.h / Known Vulnerable Component - Heap Corruption, malvuln
• [FD] Trojan-Downloader.Win32.FraudLoad.xevn / Insecure Permissions, malvuln
• [FD] SEC Consult SA-20210407-0 :: Arbitrary File Upload and Bypassing .htaccess Rules in Monospace Directus Headless CMS, SEC Consult Vulnerability Lab
• [FD] CVE-2021-26709 - Multiple Pre-Auth Stack Buffer Overflow in D-Link DSL-320B-D1 ADSL Modem, Gabriele Gristina
• [FD] usd20210005: Privileged File Write in Check Point Identity Agent < R81.018.0000, Responsible Disclosure via Fulldisclosure
• [FD] Trojan.Win32.Hosts2.yqf / Insecure Permissions, malvuln
• [FD] Trojan-Downloader.Win32.Genome.omht / Insecure Permissions, malvuln
• [FD] Trojan-Downloader.Win32.Genome.qiw / Insecure Permissions, malvuln
• [FD] Trojan.Win32.Hotkeychick.d / Insecure Permissions, malvuln
• [FD] Backdoor.Win32.Hupigon.das / Unauthenticated Open Proxy, malvuln
• [FD] [SYSS-2020-032] Open Redirect in Tableau Server (CVE-2021-1629), Vladimir Bostanov
• [FD] Backdoor.Win32.Small.n / Unauthenticated Remote Command Execution (SYSTEM), malvuln
• [FD] CFP ZeroNights 2021, CFP ZeroNights
• [FD] SEC Consult SA-20210414-0 :: Reflected cross-site scripting in Microsoft Azure DevOps Server, SEC Consult Vulnerability Lab
• [FD] Plantronics HUB <= 3.21 EoP and DoS, Red Timmy Security
• [FD] [CVE-2021-20989, CVE-2021-20990, CVE-2021-20991, CVE-2021-20992] Multiple vulnerabilities in Fibaro Home Center, research
• [FD] Trojan.Win32.Jorik.qje / Insecure Permissions, malvuln
• [FD] Trojan.Win32.Agent.zfgh / Insecure Permissions, malvuln
• [FD] HEUR.Hoax.Win32.FrauDrop.gen / Insecure Permissions, malvuln
• [FD] Backdoor.Win32.Zombam.h / Remote Stack Buffer Overflow, malvuln
• [FD] Trojan.Win32.Agentb.iofv / Insecure Permissions, malvuln
• [FD] Trojan.Win32.NanoBot.onh / Insecure Permissions, malvuln
• [FD] Trojan-Dropper.Win32.Agent.bjtzcp / Insecure Permissions, malvuln
• [FD] Trojan.Win32.Bayrob.dtrg / Insecure Permissions, malvuln
• [FD] HEUR.Backdoor.Win32.Generic / Unauthenticated Open Proxy, malvuln
• [FD] Constructor.Win32.Bifrose.ag / Local Stack Buffer Overflow, malvuln
• [FD] Trojan.Win32.Agent.hsm / Insecure Permissions, malvuln
• [FD] [CVE-2021-1472/CVE-2021-1473] Cisco RV Series Authentication Bypass and Remote Command Execution, Takeshi Shiomitsu
• [FD] CVE-2021-28321-CVE-2021-28323: elevation of privileges in Microsoft Diaghub, Imre Rad
• [FD] SEC Consult SA-20210422-0 :: Stored Cross Site Scripting (Outdated software library) in BMDWeb 2.0, SEC Consult Vulnerability Lab
• [FD] Executable installers are vulnerable^WEVIL (case 61): arbitrary code execution WITH escalation of privilege via Intel WiFi drivers, Stefan Kanthak
• [FD] HEUR.Trojan.Win32.Generic / Insecure Permissions, malvuln
• [FD] Trojan-Dropper.Win32.Agent.xtp / Insecure Permissions, malvuln
• [FD] IM-Worm.Win32.Bropia.aa / Insecure Permissions, malvuln
• [FD] Backdoor.Win32.DarkKomet.artr / Insecure Permissions, malvuln
• [FD] Packed.Win32.Black.d / Unauthenticated Open Proxy, malvuln
• [FD] Supply Chain Attacks via GitHub.com Releases, Nightwatch Cybersecurity Research
• [FD] APPLE-SA-2021-04-26-1 iOS 14.5 and iPadOS 14.5, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2021-04-26-2 macOS Big Sur 11.3, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2021-04-26-3 Security Update 2021-002 Catalina, Apple Product Security via Fulldisclosure
• [FD] Virus.Win32.Banka.a / Insecure Permissions, malvuln
• [FD] Worm.Win32.Busan.k / Insecure Communication Protocol, malvuln
• [FD] APPLE-SA-2021-04-26-4 Security Update 2021-003 Mojave, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2021-04-26-6 tvOS 14.5, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2021-04-26-5 watchOS 7.4, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2021-04-26-7 Safari 14.1, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2021-04-26-8 iCloud for Windows 12.3, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2021-04-26-9 iTunes 12.11.3 for Windows, Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2021-04-26-10 Xcode 12.5, Apple Product Security via Fulldisclosure
• [FD] XSS stored in PFSense 2.5.0 CVE-2021-27933, William Costa
• [FD] Trojan-Dropper.Win32.Dycler.vrp / Insecure Permissions, malvuln
• [FD] Trojan-Dropper.Win32.Injector.aobl / Insecure Permissions, malvuln
• [FD] Backdoor.Win32.Agent.afq / Missing Authentication, malvuln
• [FD] Backdoor.Win32.Agent.afq / Directory Traversal, malvuln
• [FD] Backdoor.Win32.Agent.afq / Remote Heap Corruption, malvuln
• [FD] Open-Xchange Security Advisory 2021-04-30, Martin Heiland via Fulldisclosure
• [FD] Defense in depth -- the Microsoft way (part 75): Bypass of SAFER alias Software Restriction Policies NOT FIXED, Stefan Kanthak
• [FD] Defense in depth -- The Microsoft way (part 76): arbitrary code execution WITH elevation of privilege in user-writable directories below %SystemRoot%, Stefan Kanthak
• [FD] HEUR.Trojan.Win32.Bayrob.gen / Insecure Permissions, malvuln
• [FD] Worm.Win32.Delf.hu / Insecure Permissions, malvuln
• [FD] Backdoor.Win32.Agent.ggw / Authentication Bypass, malvuln
• [FD] Backdoor.Win32.Agent.gmug / Heap Corruption, malvuln
• [FD] Backdoor.Win32.Agent.kte / Remote Stack Buffer Overflow (UDP Datagram), malvuln
• [FD] Backdoor.Win32.Agent.oj / Remote Stack Buffer Overflow, malvuln
• [FD] Backdoor.Win32.Agent.oj / Unauthenticated Remote Command Execution, malvuln