Posted by malvuln on Feb 24
Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/c3e2bbe5dca96687422f2b4e8c80f4ce.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: Backdoor.Win32.Acropolis.10
Vulnerability: Insecure Permissions
Description: The malware writes a PE file with insecure permissions under c
drive granting change (C) permissions to the authenticated user group.
Standard users can rename the…
More Stories
golang-github-nats-io-1.30.1-1.fc40 golang-github-protobuf-1.5.3-3.fc40 nats-server-2.10.1-3.fc40
FEDORA-2023-5f904f4dd4 Packages in this update: golang-github-nats-io-1.30.1-1.fc40 golang-github-protobuf-1.5.3-3.fc40 nats-server-2.10.1-3.fc40 Update description: Contains updates to address CVE-2022-{28357,41717} Read More
[tool] WatchGuard Firebox Web Update Unpacker
Posted by retset on Sep 25 A small utility for extracting file system images from "sysa-dl" update files. https://github.com/ret5et/Watchguard_WebUI_Unpacker Read...
CVE-2022-4244
A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and...
CVE-2022-4245
A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that...
CVE-2022-4137
A reflected cross-site scripting (XSS) vulnerability was found in the 'oob' OAuth endpoint due to incorrect null-byte handling. This issue...
bind-9.18.19-1.fc40 bind-dyndb-ldap-11.10-21.fc40
FEDORA-2023-687525fcca Packages in this update: bind-9.18.19-1.fc40 bind-dyndb-ldap-11.10-21.fc40 Update description: BIND 9.18.19 Security Fixes Previously, sending a specially crafted message over...