Full Disclosure

Syndicate content
A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.
Updated: 1 day 6 hours ago

SEC Consult SA-20240522-0 :: Broken access control & API Information Exposure in 4BRO App

23 May, 2024 - 12:35

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on May 23

SEC Consult Vulnerability Lab Security Advisory < 20240522-0 >
=======================================================================
title: Broken access control & API Information Exposure
product: 4BRO App
vulnerable version: before 2024-04-17
fixed version: 2024-04-17
CVE number: -
impact: Critical
homepage: https://www.4bro.de
found: 2023-05-07...

[CFP] Security BSides Ljubljana 0x7E8 | September 27, 2024

23 May, 2024 - 12:34

Posted by Andraz Sraka on May 23

MMMMMMMMMMMMMMMMNmddmNMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
MMN..-..--+MMNy:...-.-/yNMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
MMy..ymd-.:Mm::-:osyo-..-mMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
MM:..---.:dM/..+NNyyMN/..:MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
Mm../dds.-oy.-.dMh--mMds++MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
My:::::/ydMmo..-hMMMmo//omMs/+Mm+++++shNMN+//+//+oMNy+///ohM
MMMs//yMNo+hMh---m:-:hy+sMN..+Mo..os+.-:Ny--ossssdN-.:yyo+mM...

asterisk release 20.8.1

20 May, 2024 - 21:49

Posted by Asterisk Development Team via Fulldisclosure on May 20

The Asterisk Development Team would like to announce security release
Asterisk 20.8.1.

The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/20.8.1
and
https://downloads.asterisk.org/pub/telephony/asterisk

Repository: https://github.com/asterisk/asterisk
Tag: 20.8.1

## Change Log for Release asterisk-20.8.1

### Links:

- [Full ChangeLog](...

asterisk release 21.3.1

20 May, 2024 - 21:49

Posted by Asterisk Development Team via Fulldisclosure on May 20

The Asterisk Development Team would like to announce security release
Asterisk 21.3.1.

The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/21.3.1
and
https://downloads.asterisk.org/pub/telephony/asterisk

Repository: https://github.com/asterisk/asterisk
Tag: 21.3.1

## Change Log for Release asterisk-21.3.1

### Links:

- [Full ChangeLog](...

asterisk release 18.23.1

20 May, 2024 - 21:49

Posted by Asterisk Development Team via Fulldisclosure on May 20

The Asterisk Development Team would like to announce security release
Asterisk 18.23.1.

The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/18.23.1
and
https://downloads.asterisk.org/pub/telephony/asterisk

Repository: https://github.com/asterisk/asterisk
Tag: 18.23.1

## Change Log for Release asterisk-18.23.1

### Links:

- [Full ChangeLog](...

CVE-2024-34058: Nethserver 7 & 8 stored cross-site scripting (XSS) in WebTop package

20 May, 2024 - 21:48

Posted by Andrea Intilangelo on May 20

CVE-2024-34058: Nethserver 7 & 8 stored cross-site scripting (XSS) in WebTop package

Use CVE-2024-34058.

Additional info:

NethServer is an Open Source operating system for the Linux enthusiast, designed for small offices and medium
enterprises. From their website: "It's simple, secure and flexible" and "ready to deliver your messages, to protect
your network with the built-in firewall, share your files and much more,...

SEC Consult SA-20240513-0 :: Tolerating Self-Signed Certificates in SAP® Cloud Connector

14 May, 2024 - 15:04

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on May 14

SEC Consult Vulnerability Lab Security Advisory < 20240513-0 >
=======================================================================
title: Tolerating Self-Signed Certificates
product: SAP® Cloud Connector
vulnerable version: 2.15.0 - 2.16.1 (Portable and Installer)
fixed version: 2.16.2 (Portable and Installer)
CVE number: CVE-2024-25642
impact: high
homepage:...

TROJANSPY.WIN64.EMOTET.A / Arbitrary Code Execution

14 May, 2024 - 15:04

Posted by malvuln on May 14

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024
Original source:
https://malvuln.com/advisory/f917c77f60c3c1ac6dbbadbf366ddd30.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: TrojanSpy.Win64.EMOTET.A
Vulnerability: Arbitrary Code Execution
Description: The malware looks for and executes a x64-bit "CRYPTBASE.dll"
PE file in its current directory. Therefore, we can hijack the DLL and
execute our own...

BACKDOOR.WIN32.ASYNCRAT / Arbitrary Code Execution

14 May, 2024 - 15:04

Posted by malvuln on May 14

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024
Original source:
https://malvuln.com/advisory/2337b9a12ecf50b94fc95e6ac34b3ecc.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.AsyncRat
Vulnerability: Arbitrary Code Execution
Description: The malware looks for and executes a x32-bit "CRYPTSP.dll" PE
file in its current directory. Therefore, we can hijack the DLL and execute
our own...

Re: Panel.SmokeLoader / Cross Site Request Forgery (CSRF)

14 May, 2024 - 15:04

Posted by malvuln on May 14

Updated and fixed a payload typo and added additional info regarding the
stored persistent XSS see attached.

Thanks, Malvuln

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024
Original source: https://malvuln.com/advisory/4b5fc3a2489985f314b81d35eac3560f_B.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Panel.SmokeLoader
Vulnerability: Cross Site Request Forgery (CSRF) - Persistent XSS
Family: SmokeLoader...

Panel.SmokeLoader / Cross Site Request Forgery (CSRF)

14 May, 2024 - 15:04

Posted by malvuln on May 14

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024
Original source:
https://malvuln.com/advisory/4b5fc3a2489985f314b81d35eac3560f_B.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Panel.SmokeLoader
Vulnerability: Cross Site Request Forgery (CSRF)
Family: SmokeLoader
Type: Web Panel
MD5: 4b5fc3a2489985f314b81d35eac3560f (control.php)
SHA256: 8d02238577081be74b9ebc1effcfbf3452ffdb51f130398b5ab875b9bfe17743
Vuln...

Panel.SmokeLoader C2 / Cross Site Scripting (XSS)

14 May, 2024 - 15:04

Posted by malvuln on May 14

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024
Original source:
https://malvuln.com/advisory/4b5fc3a2489985f314b81d35eac3560f.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Panel.SmokeLoader
Vulnerability: Cross Site Scripting (XSS)
Family: SmokeLoader
Type: Web Panel
MD5: 4b5fc3a2489985f314b81d35eac3560f (control.php)
SHA256: 8d02238577081be74b9ebc1effcfbf3452ffdb51f130398b5ab875b9bfe17743
Vuln ID:...

Panel.Amadey.d.c C2 / Cross Site Scripting (XSS)

14 May, 2024 - 15:04

Posted by malvuln on May 14

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024
Original source:
https://malvuln.com/advisory/50467c891bf7de34d2d65fa93ab8b558.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Panel Amadey.d.c
Vulnerability: Cross Site Scripting (XSS)
Family: Amadey
Type: Web Panel
MD5: 50467c891bf7de34d2d65fa93ab8b558 (Login.php)
SHA256: 65623eead2bcba66817861246e842386d712c38c5c5558e50eb49cffa2a1035d
Vuln ID:...

Re: RansomLord v3 / Anti-Ransomware Exploit Tool Released

14 May, 2024 - 15:04

Posted by malvuln on May 14

Updated, fixed typo
SHA256 : 810229C7E62D5EDDD3DA9FFA19D04A31D71F9C36D05B6A614FEF496E88656FF5

RansomLord v3 / Anti-Ransomware Exploit Tool Released

14 May, 2024 - 15:04

Posted by malvuln on May 14

Proof-of-concept tool that automates the creation of PE files, used to
exploit Ransomware pre-encryption. Updated v3:
https://github.com/malvuln/RansomLord/releases/tag/v3
Lang: C SHA256:
83f56d14671b912a9a68da2cd37607cac3e5b31560a6e30380e3c6bd093560f5

Video PoC (old v2):
https://www.youtube.com/watch?v=_Ho0bpeJWqI

RansomLord generated PE files are saved to disk in the x32 or x64
directories where the program is run from. Goal is to exploit...

APPLE-SA-05-13-2024-8 tvOS 17.5

14 May, 2024 - 15:04

Posted by Apple Product Security via Fulldisclosure on May 14

APPLE-SA-05-13-2024-8 tvOS 17.5

tvOS 17.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT214102.

Apple maintains a Security Releases page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

AppleAVD
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: An app may be able to execute arbitrary code with kernel...

APPLE-SA-05-13-2024-7 watchOS 10.5

14 May, 2024 - 15:04

Posted by Apple Product Security via Fulldisclosure on May 14

APPLE-SA-05-13-2024-7 watchOS 10.5

watchOS 10.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT214104.

Apple maintains a Security Releases page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

AppleAVD
Available for: Apple Watch Series 4 and later
Impact: An app may be able to execute arbitrary code with kernel
privileges...

Research about consistency of CVSSv4

14 May, 2024 - 15:04

Posted by Julia Wunder on May 14

Hello there,

The University of Erlangen-Nuremberg (Germany) is conducting a research
study to investigate the reliability of CVSSv4 (Common Vulnerability
Scoring System). We conducted a survey on CVSSv3.1 in winter 2020/21 and
found out that the ratings are not always consistent [1]. Now we want to
investigate the latest version CVSSv4. If you are currently assessing
vulnerabilities using CVSS, we would greatly appreciate your...

APPLE-SA-05-13-2024-6 macOS Monterey 12.7.5

14 May, 2024 - 15:04

Posted by Apple Product Security via Fulldisclosure on May 14

APPLE-SA-05-13-2024-6 macOS Monterey 12.7.5

macOS Monterey 12.7.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT214105.

Apple maintains a Security Releases page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Find My
Available for: macOS Monterey
Impact: A malicious application may be able to access Find My data...

APPLE-SA-05-13-2024-5 macOS Ventura 13.6.7

14 May, 2024 - 15:04

Posted by Apple Product Security via Fulldisclosure on May 14

APPLE-SA-05-13-2024-5 macOS Ventura 13.6.7

macOS Ventura 13.6.7 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT214107.

Apple maintains a Security Releases page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Foundation
Available for: macOS Ventura
Impact: An app may be able to access user-sensitive data
Description: A...