Category Archives: Advisories

ZDI-22-1616: Trend Micro Apex One Unauthorized Change Prevention Service Memory Corruption Local Privilege Escalation Vulnerability

November 21, 2022

Read Time:12 Second

This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Advisories

ZDI-22-1615: TP-Link TL-WR940N httpd Incorrect Implementation of Authentication Algorithm Information Disclosure Vulnerability

November 21, 2022

Read Time:8 Second

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR940N routers. Authentication is not required to exploit this vulnerability.

Advisories

ZDI-22-1614: TP-Link TL-WR940N httpd Use of Insufficiently Random Values Authentication Bypass Vulnerability

November 21, 2022

Read Time:8 Second

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of TP-Link TL-WR940N routers. Authentication is not required to exploit this vulnerability.

Advisories

ZDI-22-1613: ManageEngine ServiceDesk Plus MSP generateSQLReport Improper Input Validation Privilege Escalation Vulnerability

November 21, 2022

Read Time:7 Second

This vulnerability allows remote attackers to escalate privileges on affected installations of ManageEngine ServiceDesk Plus MSP. Authentication is required to exploit this vulnerability.

Advisories

ZDI-22-1623: Hewlett Packard Enterprise OfficeConnect 1820 Authentication Bypass Vulnerability

November 21, 2022

Read Time:8 Second

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Hewlett Packard Enterprise OfficeConnect 1820 switches. Authentication is not required to exploit this vulnerability.

Advisories

Backdoor.Win32.Oblivion.01.a / Insecure Transit Password Disclosure

November 20, 2022

Read Time:20 Second

Posted by malvuln on Nov 20

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/aef85cf0d521eaa6aade11f95ea07ebe.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Oblivion.01.a
Vulnerability: Insecure Transit Password Disclosure
Description: The malware listens on TCP port 7826 and makes HTTP GET
requests to port 80 for “/scripts/WWPMsg.dll”. The system logon credentials…

Advisories

Backdoor.Win32.Oblivion.01.a / Insecure Transit Password Disclosure

November 20, 2022

Read Time:20 Second

Posted by malvuln on Nov 20

Advisories

Trojan.Win32.Platinum.gen / Arbitrary Code Execution

November 20, 2022

Read Time:20 Second

Posted by malvuln on Nov 20

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/71a76adeadc7b51218d265771fc2b0d1.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan.Win32.Platinum.gen
Vulnerability: Arbitrary Code Execution
Description: The malware looks for and executes DLLs in its current
directory. Therefore, we can potentially hijack a vuln DLL execute our own
code, control and…

Advisories

Trojan.Win32.Platinum.gen / Arbitrary Code Execution

November 20, 2022

Read Time:20 Second

Posted by malvuln on Nov 20

Advisories

Backdoor.Win32.Quux / Weak Hardcoded Credentials

November 20, 2022

Read Time:19 Second

Posted by malvuln on Nov 20

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/13ce53de9ca4c4e6c58f990b442cb419.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Quux
Vulnerability: Weak Hardcoded Credentials
Family: Quux
Type: PE32
MD5: 13ce53de9ca4c4e6c58f990b442cb419
Vuln ID: MVID-2022-0656
Dropped files: quux32.exe
Disclosure: 11/15/2022
Description: The malware listens on…

News, Advisories and much more

Exit mobile version