Full Disclosure

A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.

Posted by malvuln on Jan 16

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/8abb41f6e7010d70c90f65fd9a740faa_C.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Win32.MarsStealer Web Panel
Vulnerability: Unauthenticated Remote Data Deletion
Description: The Mars-Stealer web interface has a "Grab Rules" component
area that lets a user specify which type of files to collect from a system
as…

Posted by malvuln on Jan 16

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/8abb41f6e7010d70c90f65fd9a740faa_B.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Win32.MarsStealer Web Panel
Vulnerability: Unauthenticated Remote Persistent XSS
Description: The Mars-Stealer web interface has a "Marker Rules" component
area. Third-party attackers who can reach the Mars-Stealer server can send
HTTP…

Posted by malvuln on Jan 16

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/8abb41f6e7010d70c90f65fd9a740faa.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Win32.MarsStealer Web Panel
Vulnerability: Unauthenticated Remote Information Disclosure
Description: The malware web interface stores screen captures named
"screenshot.jpg" in the panel directory, ZIP archived. Third-party
attackers who…

Posted by malvuln on Jan 16

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/9e44c10307aa8194753896ecf8102167.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Ab Stealer Web Panel
Vulnerability: Unauthenticated Remote Persistent XSS
Description: The "Ab Stealer" web Panel By KingDomSc for "AbBuild
v.1.0.exe" is used to browse victim information "Get All Victims Passwords,
With…

Posted by SEC Consult Vulnerability Lab, Research on Jan 14

SEC Consult Vulnerability Lab Security Advisory < 20220113-0 >
=======================================================================
title: Cleartext Storage of Phone Password
product: Cisco IP Phone Series 78×1, 88×5, 88×1, 7832,
8832, 8821 and 3905
vulnerable version: Firmware <14.1.1,
Firmware <11.0(6)SR2 (device model 8821),
Firmware…

Posted by Andrea Simonca on Jan 14

Hello,

We are happy to announce that the CFP for Hardwear.io USA 2022 is OPEN!
If you have a groundbreaking embedded research or an awesome open-source
tool you’d like to showcase before the global hardware security community,
this is your chance. Send in your ideas on various hardware subjects,
including but not limited to Chips, Processors, ICS/SCADA, Telecom,
Protocols & Cryptography.

✅ SUBMIT your research:…

Posted by Apple Product Security via Fulldisclosure on Jan 12

APPLE-SA-2022-01-12-1 iOS 15.2.1 and iPadOS 15.2.1

iOS 15.2.1 and iPadOS 15.2.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213043.

HomeKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted HomeKit accessory name…

Posted by Gionathan Reale via Fulldisclosure on Jan 12

# Product:  RLM 14.2
# Vendor:   Reprise Software
# CVE ID:   CVE-2021-45422
# Vulnerability Title: Reflected Cross-Site Scripting
# Severity: Medium
# Author(s): Giulia Melotti Garibaldi
# Date:     2022-01-11
#
#############################################################
Introduction:
An issue was discovered in Reprise License Manager 14.2, Reprise License Manager 14.2 is affected by a reflected
cross-site scripting vulnerability…

Posted by RedTeam Pentesting GmbH on Jan 12

Advisory: Credential Disclosure in Web Interface of Crestron Device

When the administrative web interface of the Crestron HDMI switcher is
accessed unauthenticated, user credentials are disclosed which are valid
to authenticate to the web interface.

Details
=======

Product: Crestron HD-MD4X2-4K-E
Affected Versions: 1.0.0.2159
Fixed Versions: –
Vulnerability Type: Information Disclosure
Security Risk: high
Vendor URL:…

Posted by malvuln on Jan 11

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/859aab793a42868343346163bd42f485.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Controlit.10
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware listens on TCP port 3347. Third-party attackers
who can reach an infected system can run any OS commands made available by
the malware…

Posted by WebSec B.V. on Jan 11

Publisher: Joel Aviad Ossi

Company: Pentest <https://websec.nl>company WebSec B.V.

Vulnerabilities: Improper access Control, Stored Cross-Site Scripting and
Improper Input Validation

Description: It is possible to inject javascript code into any DMCA account
and takeover the API Token in order to read support messages (It is also
possible to inject such code into the support ticket in order to target
administrators)

Additionally it is…

Posted by Marcin Kozlowski on Jan 11

Hi list,

Maybe you will find it interesting.

Forcedentry state of the art exploit (as I read) used by NSO made it
big. Libstagefright (Media Framework on Android) with OOB write on the
heap (with Scudo) which can possibly own your Mobile by playing an
audio file, didn't. Note: Not sure if you can do RCE with it. Leave it
to experts 😛

Here is the repo with reporoducer and possibly also code in the future
to create it when needed….

Posted by hyp3rlinx on Jan 11

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT_WINDOWS_DEFENDER_DETECTION_BYPASS.txt
[+] twitter.com/hyp3rlinx
[+] ISR: ApparitionSec

[Vendor]
www.microsoft.com

[Product]
Windows Defender

Microsoft Defender Antivirus is a major component of your
next-generation protection in Microsoft Defender for Endpoint. This
protection brings together
machine…

Posted by hyp3rlinx on Jan 11

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT_WINDOWS_REG_FILE_DIALOG_SPOOF_MITIGATION_BYPASS.txt
[+] twitter.com/hyp3rlinx
[+] ISR: ApparitionSec

[Vendor]
www.microsoft.com

A file with the .reg file extension is a Registration file used by the
Windows registry. These files can contain hives, keys, and values.
.reg files can be created from scratch…

Posted by malvuln on Jan 07

Discovery / credits: Malvuln – malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/bc7f4c4689f1b8ad395404d1e75c776f.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.SubSeven.c
Vulnerability: Remote Stack Buffer Overflow
Description: The malware listens on TCP port 1111. Third-party attackers
who can reach an infected system can send a specially crafted packet
prefixed with "DOS". This…