Full Disclosure

Syndicate content
A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.
Updated: 18 hours 31 min ago

Panel.SmokeLoader / Cross Site Request Forgery (CSRF)

14 May, 2024 - 15:04

Posted by malvuln on May 14

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024
Original source:
https://malvuln.com/advisory/4b5fc3a2489985f314b81d35eac3560f_B.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Panel.SmokeLoader
Vulnerability: Cross Site Request Forgery (CSRF)
Family: SmokeLoader
Type: Web Panel
MD5: 4b5fc3a2489985f314b81d35eac3560f (control.php)
SHA256: 8d02238577081be74b9ebc1effcfbf3452ffdb51f130398b5ab875b9bfe17743
Vuln...

Panel.SmokeLoader C2 / Cross Site Scripting (XSS)

14 May, 2024 - 15:04

Posted by malvuln on May 14

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024
Original source:
https://malvuln.com/advisory/4b5fc3a2489985f314b81d35eac3560f.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Panel.SmokeLoader
Vulnerability: Cross Site Scripting (XSS)
Family: SmokeLoader
Type: Web Panel
MD5: 4b5fc3a2489985f314b81d35eac3560f (control.php)
SHA256: 8d02238577081be74b9ebc1effcfbf3452ffdb51f130398b5ab875b9bfe17743
Vuln ID:...

Panel.Amadey.d.c C2 / Cross Site Scripting (XSS)

14 May, 2024 - 15:04

Posted by malvuln on May 14

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024
Original source:
https://malvuln.com/advisory/50467c891bf7de34d2d65fa93ab8b558.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Panel Amadey.d.c
Vulnerability: Cross Site Scripting (XSS)
Family: Amadey
Type: Web Panel
MD5: 50467c891bf7de34d2d65fa93ab8b558 (Login.php)
SHA256: 65623eead2bcba66817861246e842386d712c38c5c5558e50eb49cffa2a1035d
Vuln ID:...

Re: RansomLord v3 / Anti-Ransomware Exploit Tool Released

14 May, 2024 - 15:04

Posted by malvuln on May 14

Updated, fixed typo
SHA256 : 810229C7E62D5EDDD3DA9FFA19D04A31D71F9C36D05B6A614FEF496E88656FF5

RansomLord v3 / Anti-Ransomware Exploit Tool Released

14 May, 2024 - 15:04

Posted by malvuln on May 14

Proof-of-concept tool that automates the creation of PE files, used to
exploit Ransomware pre-encryption. Updated v3:
https://github.com/malvuln/RansomLord/releases/tag/v3
Lang: C SHA256:
83f56d14671b912a9a68da2cd37607cac3e5b31560a6e30380e3c6bd093560f5

Video PoC (old v2):
https://www.youtube.com/watch?v=_Ho0bpeJWqI

RansomLord generated PE files are saved to disk in the x32 or x64
directories where the program is run from. Goal is to exploit...

APPLE-SA-05-13-2024-8 tvOS 17.5

14 May, 2024 - 15:04

Posted by Apple Product Security via Fulldisclosure on May 14

APPLE-SA-05-13-2024-8 tvOS 17.5

tvOS 17.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT214102.

Apple maintains a Security Releases page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

AppleAVD
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: An app may be able to execute arbitrary code with kernel...

APPLE-SA-05-13-2024-7 watchOS 10.5

14 May, 2024 - 15:04

Posted by Apple Product Security via Fulldisclosure on May 14

APPLE-SA-05-13-2024-7 watchOS 10.5

watchOS 10.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT214104.

Apple maintains a Security Releases page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

AppleAVD
Available for: Apple Watch Series 4 and later
Impact: An app may be able to execute arbitrary code with kernel
privileges...

Research about consistency of CVSSv4

14 May, 2024 - 15:04

Posted by Julia Wunder on May 14

Hello there,

The University of Erlangen-Nuremberg (Germany) is conducting a research
study to investigate the reliability of CVSSv4 (Common Vulnerability
Scoring System). We conducted a survey on CVSSv3.1 in winter 2020/21 and
found out that the ratings are not always consistent [1]. Now we want to
investigate the latest version CVSSv4. If you are currently assessing
vulnerabilities using CVSS, we would greatly appreciate your...

APPLE-SA-05-13-2024-6 macOS Monterey 12.7.5

14 May, 2024 - 15:04

Posted by Apple Product Security via Fulldisclosure on May 14

APPLE-SA-05-13-2024-6 macOS Monterey 12.7.5

macOS Monterey 12.7.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT214105.

Apple maintains a Security Releases page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Find My
Available for: macOS Monterey
Impact: A malicious application may be able to access Find My data...

APPLE-SA-05-13-2024-5 macOS Ventura 13.6.7

14 May, 2024 - 15:04

Posted by Apple Product Security via Fulldisclosure on May 14

APPLE-SA-05-13-2024-5 macOS Ventura 13.6.7

macOS Ventura 13.6.7 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT214107.

Apple maintains a Security Releases page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Foundation
Available for: macOS Ventura
Impact: An app may be able to access user-sensitive data
Description: A...

APPLE-SA-05-13-2024-4 macOS Sonoma 14.5

14 May, 2024 - 15:04

Posted by Apple Product Security via Fulldisclosure on May 14

APPLE-SA-05-13-2024-4 macOS Sonoma 14.5

macOS Sonoma 14.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT214106.

Apple maintains a Security Releases page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

AppleAVD
Available for: macOS Sonoma
Impact: An app may be able to execute arbitrary code with kernel
privileges...

Microsoft PlayReady - complete client identity compromise

9 May, 2024 - 03:02

Posted by Security Explorations on May 09

Hello All,

We have come up with two attack scenarios that make it possible to
extract private ECC keys used by a PlayReady client (Windows SW DRM
scenario) for the communication with a license server and identity
purposes.

More specifically, we successfully demonstrated the extraction of the
following keys:
- private signing key used to digitally sign license requests issued
by PlayReady client,
- private encryption key used to decrypt license...

secuvera-SA-2024-02: Multiple Persistent Cross-Site Scritping (XSS) flaws in Drupal-Wiki

6 May, 2024 - 18:37

Posted by Simon Bieber via Fulldisclosure on May 06

secuvera-SA-2024-02: Multiple Persistent Cross-Site Scritping (XSS) flaws in Drupal-Wiki

Affected Products
Drupal Wiki 8.31
Drupal Wiki 8.30 (older releases have not been tested)

References
https://www.secuvera.de/advisories/secuvera-SA-2024-02.txt (used for updates)
CVE-2024-34481
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSS-B: 6.4 (...

OXAS-ADV-2024-0002: OX App Suite Security Advisory

6 May, 2024 - 18:35

Posted by Martin Heiland via Fulldisclosure on May 06

Dear subscribers,

We're sharing our latest advisory with you and like to thank everyone who contributed in finding and solving those
vulnerabilities. Feel free to join our bug bounty programs for OX App Suite, Dovecot and PowerDNS at YesWeHack.

This advisory has also been published at
https://documentation.open-xchange.com/appsuite/security/advisories/html/2024/oxas-adv-2024-0002.html.

Yours sincerely,
Martin Heiland, Open-Xchange...

Microsoft PlayReady toolkit - codes release

6 May, 2024 - 03:52

Posted by Security Explorations on May 06

Hello All,

We released codes for "Microsoft PlayReady toolkit", a tool that has
been developed as part of our research from 2022:

https://security-explorations.com/microsoft-playready.html#details

The toolkit illustrates the following:
- fake client device identity generation,
- acquisition of license and content keys for encrypted content,
- downloading and decryption of content,
- content inspection (MPEG-4 file format),
- Manifest...

Live2D Cubism refusing to fix validation issue leading to heap corruption.

3 May, 2024 - 11:36

Posted by PT via Fulldisclosure on May 03

Live2D Cubism is the dominant "vtuber" software suite for 2D avatars for use in livestreaming and integrating them in
other software.
They publish various SDKs and a frameworks for integrating their libraries with your own program. You're supposed to
use those to deserialize and render/animate the models created with their main software - often untrusted files from
random people on the internet.
While their main java-based...

Microsoft PlayReady white-box cryptography weakness

1 May, 2024 - 07:01

Posted by Security Explorations on May 01

Hello All,

There is yet another attack possible against Protected Media Path
process beyond the one involving two global XOR keys [1]. The new
attack may also result in the extraction of a plaintext content key
value.

The attack has its origin in a white-box crypto [2] implementation.
More specifically, one can devise plaintext content key from white-box
crypto data structures of which goal is to make such a reconstruction
difficult / not...

Defense in depth -- the Microsoft way (part 87): shipping more rotten software to billions of unsuspecting customers

24 April, 2024 - 13:44

Posted by Stefan Kanthak on Apr 24

Hi @ll,

this post is a continuation of
<https://seclists.org/fulldisclosure/2023/Oct/17> and
<https://seclists.org/fulldisclosure/2021/Oct/17>

With the release of .NET Framework 4.8 in April 2019, Microsoft updated
the following paragraph of the MSDN article "What's new in .NET Framework"
<https://msdn.microsoft.com/en-us/library/ms171868.aspx>

| Starting with .NET Framework 4.5, the clrcompression.dll assembly...

Response to CVE-2023-26756 - Revive Adserver

24 April, 2024 - 13:43

Posted by Matteo Beccati on Apr 24

CVE-2023-26756 has been recently filed against the Revive Adserver project.

The action was taken without first contacting us, and it did not follow
the security process that is thoroughly documented on our website. The
project team has been given no notice before or after the disclosure.

Our team has been made aware of this report by a community member via a
GitHub issue. All of this resulted in an inability for us to produce an
appropriate...

BACKDOOR.WIN32.DUMADOR.C / Remote Stack Buffer Overflow (SEH)

19 April, 2024 - 08:47

Posted by malvuln on Apr 19

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024
Original source:
https://malvuln.com/advisory/6cc630843cabf23621375830df474bc5.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Dumador.c
Vulnerability: Remote Stack Buffer Overflow (SEH)
Description: The malware runs an FTP server on TCP port 10000. Third-party
adversaries who can reach the server can send a specially crafted payload
triggering...