Backdoor.Win32.GateHell.21 / Port Bounce Scan

Read Time:21 Second

Posted by malvuln on Apr 18

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/5aa81ddc996be64116754efac0e4f55d_B.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.GateHell.21
Vulnerability: Port Bounce Scan
Description: The malware runs an FTP server on TCP ports
5301,5432,5300,5299,5298,5297,5296 and 5295. Third-party adversaries who
successfully logon can abuse the backdoor FTP server as…

Read More

Backdoor.Win32.GateHell.21 / Authentication Bypass

Read Time:21 Second

Posted by malvuln on Apr 18

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/5aa81ddc996be64116754efac0e4f55d.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.GateHell.21
Vulnerability: Authentication Bypass
Description: The malware runs an FTP server on TCP ports
5301,5432,5300,5299,5298,5297,5296 and 5295. Third-party attackers who can
reach infected systems can logon using any…

Read More

Backdoor.Win32.Delf.zn / Insecure Credential Storage

Read Time:18 Second

Posted by malvuln on Apr 18

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/9acdbfc9f7c1f6e589485b30aa91bfd2.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Delf.zn
Vulnerability: Insecure Credential Storage
Description: The default credentials for the backdoor are stored in
cleartext within the “Firefly.ini” file.
Family: Delf
Type: PE32
MD5: 9acdbfc9f7c1f6e589485b30aa91bfd2…

Read More

Backdoor.Win32.Psychward.03.a / Weak Hardcoded Password

Read Time:19 Second

Posted by malvuln on Apr 18

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/4b9a42ca1e65cf0a7febbe18f397ef24.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Psychward.03.a
Vulnerability: Weak Hardcoded Password
Description: The malware listens on TCP port 13013. Authentication is
required, however the password “m4sturb4t10n” is weak and hardcoded in
cleartext within the PE…

Read More

Backdoor.Win32.Hupigon.haqj / Insecure Service Path

Read Time:20 Second

Posted by malvuln on Apr 18

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/d9542df20f8df457747451dd9e16d1c0.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Hupigon.haqj
Vulnerability: Insecure Service Path
Description: The malware creates a service with an unquoted path. Third
party attackers who can place an arbitrary executable under c: drive can
potentially undermine the integrity…

Read More

Trojan.Win32.TScash.c / Insecure Permissions

Read Time:20 Second

Posted by malvuln on Apr 18

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/9d18d318e017b513b9c6cd193ccdc6ff.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan.Win32.TScash.c
Vulnerability: Insecure Permissions
Description: The malware writes a PE file with insecure permissions to c
drive granting change (C) permissions to the authenticated user group.
Standard users can rename the executable…

Read More

Backdoor.Win32.Loselove / Denial of Service

Read Time:21 Second

Posted by malvuln on Apr 18

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/9a8150938bff3a17fa0169c3dc6dae85.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Loselove
Vulnerability: Denial of Service
Description: The malware listens on UDP ports 9329, 8329, 8322, 8131 and
8130. Attackers can send a large junk payload to UDP port 8131 causing it
to crash.
Family: Loselove
Type: PE32
MD5:…

Read More

HackTool.Win32.Delf.vs / Insecure Credential Storage

Read Time:19 Second

Posted by malvuln on Apr 18

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/92f7f9495ffd56d05a5acf395c9e0097.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: HackTool.Win32.Delf.vs
Vulnerability: Insecure Credential Storage
Description: The malware credentials are stored in cleartext within the
sysinfo.ini file.
Family: Delf
Type: PE32
MD5: 92f7f9495ffd56d05a5acf395c9e0097
Vuln ID: MVID-2022-0553…

Read More

git-2.34.3-1.fc34

Read Time:50 Second

FEDORA-2022-2fec5f30be

Packages in this update:

git-2.34.3-1.fc34

Update description:

Update to 2.34.3 (release notes)

This release addresses CVE-2022-24765. Per the release announcement:

On multi-user machines, Git users might find themselves unexpectedly in a Git worktree, e.g. when another user created a repository in C:.git, in a mounted network drive or in a scratch space. Merely having a Git-aware prompt that runs git status (or git diff) and navigating to a directory which is supposedly not a Git worktree, or opening such a directory in an editor or IDE such as VS Code or Atom, will potentially run commands defined by that other user.

A broad “escape hatch” is available in cases where all the repositories you may enter are considered safe, regardless of their ownership. Quoting another release announcement:

* can be used as the value for the safe.directory variable to signal that the user considers that any directory is safe.

Read More

bettercap-2.28-9.fc34 chisel-1.7.7-2.fc34 commit-stream-0.1.2-6.fc34 containerd-1.6.2-3.fc34 gobuster-3.1.0-2.fc34 golang-contrib-opencensus-resource-0.1.2-6.fc34 golang-gioui-0-7.20201225git18d4dbf.fc34 golang-github-appc-docker2aci-0.17.2-8.fc34 golang-github-appc-goaci-0.1.1-10.fc34 golang-github-appc-spec-0.8.11-13.fc34 golang-github-containerd-continuity-0.2.2-2.fc34 golang-github-containerd-stargz-snapshotter-0.7.0-4.fc34 golang-github-coredns-corefile-migration-1.0.11-5.fc34 golang-github-envoyproxy-protoc-gen-validate-0.4.1-5.fc34 golang-github-francoispqt-gojay-1.2.13-6.fc34 golang-github-gogo-googleapis-1.4.1-3.fc34 golang-github-gohugoio-testmodbuilder-0-0.9.20201030git72e1e0c.fc34 golang-github-google-containerregistry-0.5.1-4.fc34 golang-github-google-slothfs-0-0.10.20200727git59c1163.fc34 golang-github-googleapis-gnostic-0.5.3-5.fc34 golang-github-googlecloudplatform-cloudsql-proxy-1.19.1-5.fc34 golang-github-instrumenta-kubeval-0.15.0-7.fc34 golang-github-intel-goresctrl-0.2.0-4.fc34 golang-github-oklog-0.3.2-9.20190701gitca7cdf5.fc34 golang-github-pact-foundation-1.5.1-5.fc34 golang-github-prometheus-2.32.1-4.fc34 golang-github-prometheus-alertmanager-0.23.0-8.fc34 golang-github-prometheus-node-exporter-1.3.1-7.fc34 golang-github-prometheus-tsdb-0.10.0-6.fc34 golang-github-redteampentesting-monsoon-0.6.0-5.fc34 golang-github-spf13-cobra-1.4.0-2.fc34 golang-github-theupdateframework-notary-0.7.0-4.fc34 golang-github-xordataexchange-crypt-0.0.2-11.20190412gitb2862e3.fc34 golang-gopkg-src-d-git-4-4.13.1-7.fc34 golang-k8s-apiextensions-apiserver-1.22.0-5.fc34 golang-k8s-code-generator-1.22.0-3.fc34 golang-k8s-kube-aggregator-1.22.0-3.fc34 golang-k8s-sample-apiserver-1.22.0-4.fc34 golang-k8s-sample-controller-1.22.0-3.fc34 golang-mongodb-mongo-driver-1.4.5-5.fc34 golang-storj-drpc-0.0.16-5.fc34 golang-x-perf-0-0.14.20210123gitbdcc622.fc34 grpcurl-1.8.6-2.fc34 onionscan-0.2-6.fc34 shellz-1.5.0-6.fc34 shhgit-0.2-6.fc34 snowcrash-0-0.6.20201119git49b99ad.fc34 xq-0.0.7-3.fc34

Read Time:2 Minute, 4 Second

FEDORA-2022-5cbd6de569

Packages in this update:

bettercap-2.28-9.fc34
chisel-1.7.7-2.fc34
commit-stream-0.1.2-6.fc34
containerd-1.6.2-3.fc34
gobuster-3.1.0-2.fc34
golang-contrib-opencensus-resource-0.1.2-6.fc34
golang-gioui-0-7.20201225git18d4dbf.fc34
golang-github-appc-docker2aci-0.17.2-8.fc34
golang-github-appc-goaci-0.1.1-10.fc34
golang-github-appc-spec-0.8.11-13.fc34
golang-github-containerd-continuity-0.2.2-2.fc34
golang-github-containerd-stargz-snapshotter-0.7.0-4.fc34
golang-github-coredns-corefile-migration-1.0.11-5.fc34
golang-github-envoyproxy-protoc-gen-validate-0.4.1-5.fc34
golang-github-francoispqt-gojay-1.2.13-6.fc34
golang-github-gogo-googleapis-1.4.1-3.fc34
golang-github-gohugoio-testmodbuilder-0-0.9.20201030git72e1e0c.fc34
golang-github-googleapis-gnostic-0.5.3-5.fc34
golang-github-googlecloudplatform-cloudsql-proxy-1.19.1-5.fc34
golang-github-google-containerregistry-0.5.1-4.fc34
golang-github-google-slothfs-0-0.10.20200727git59c1163.fc34
golang-github-instrumenta-kubeval-0.15.0-7.fc34
golang-github-intel-goresctrl-0.2.0-4.fc34
golang-github-oklog-0.3.2-9.20190701gitca7cdf5.fc34
golang-github-pact-foundation-1.5.1-5.fc34
golang-github-prometheus-2.32.1-4.fc34
golang-github-prometheus-alertmanager-0.23.0-8.fc34
golang-github-prometheus-node-exporter-1.3.1-7.fc34
golang-github-prometheus-tsdb-0.10.0-6.fc34
golang-github-redteampentesting-monsoon-0.6.0-5.fc34
golang-github-spf13-cobra-1.4.0-2.fc34
golang-github-theupdateframework-notary-0.7.0-4.fc34
golang-github-xordataexchange-crypt-0.0.2-11.20190412gitb2862e3.fc34
golang-gopkg-src-d-git-4-4.13.1-7.fc34
golang-k8s-apiextensions-apiserver-1.22.0-5.fc34
golang-k8s-code-generator-1.22.0-3.fc34
golang-k8s-kube-aggregator-1.22.0-3.fc34
golang-k8s-sample-apiserver-1.22.0-4.fc34
golang-k8s-sample-controller-1.22.0-3.fc34
golang-mongodb-mongo-driver-1.4.5-5.fc34
golang-storj-drpc-0.0.16-5.fc34
golang-x-perf-0-0.14.20210123gitbdcc622.fc34
grpcurl-1.8.6-2.fc34
onionscan-0.2-6.fc34
shellz-1.5.0-6.fc34
shhgit-0.2-6.fc34
snowcrash-0-0.6.20201119git49b99ad.fc34
xq-0.0.7-3.fc34

Update description:

Rebuild for CVE-2022-27191

Read More