Category Archives: Advisories

SEC Consult SA-20221114-0 :: Path Traversal Vulnerability in Payara Platform

Read Time:19 Second

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Nov 15

SEC Consult Vulnerability Lab Security Advisory < 20221114-0 >
=======================================================================
title: Path Traversal Vulnerability
product: Payara Platform
vulnerable version: Enterprise: <5.45.0
Community: <6.2022.1, <5.2022.4, <4.1.2.191.38
fixed version: Enterprise: 5.45.0
Community: 6.2022.1, 5.2022.4,…

Read More

SEC Consult SA-20221110-0 :: HTML Injection in BMC Remedy ITSM-Suite

Read Time:19 Second

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Nov 15

SEC Consult Vulnerability Lab Security Advisory < 20221110-0 >
=======================================================================
title: HTML Injection
product: BMC Remedy ITSM-Suite
vulnerable version: 9.1.10 (= 20.02 in new versioning scheme)
fixed version: 22.1
CVE number: CVE-2022-26088
impact: Low
homepage: https://www.bmc.com/it-solutions/remedy-itsm.html

Read More

SEC Consult SA-20221109-0 :: Multiple Critical Vulnerabilities in Simmeth System GmbH Supplier manager (Lieferantenmanager)

Read Time:17 Second

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Nov 15

SEC Consult Vulnerability Lab Security Advisory < 20221109-0 >
=======================================================================
title: Multiple Critical Vulnerabilities
product: Simmeth System GmbH Supplier manager (Lieferantenmanager)
vulnerable version: < 5.6
fixed version: 5.6
CVE number: CVE-2022-44012, CVE-2022-44013, CVE-2022-44014,
CVE-2022-44015,…

Read More

APPLE-SA-2022-11-09-2 macOS Ventura 13.0.1

Read Time:25 Second

Posted by Apple Product Security via Fulldisclosure on Nov 15

APPLE-SA-2022-11-09-2 macOS Ventura 13.0.1

macOS Ventura 13.0.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213504.

libxml2
Available for: macOS Ventura
Impact: A remote user may be able to cause unexpected app termination
or arbitrary code execution
Description: An integer overflow was addressed through improved input
validation.
CVE-2022-40303: Maddie Stone of Google…

Read More

APPLE-SA-2022-11-09-1 iOS 16.1.1 and iPadOS 16.1.1

Read Time:28 Second

Posted by Apple Product Security via Fulldisclosure on Nov 15

APPLE-SA-2022-11-09-1 iOS 16.1.1 and iPadOS 16.1.1

iOS 16.1.1 and iPadOS 16.1.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213505.

libxml2
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, and iPad
mini 5th generation and later
Impact: A remote user may be able to cause unexpected app termination…

Read More

Backdoor.Win32.RemServ.d / Unauthenticated Remote Command Execution

Read Time:19 Second

Posted by malvuln on Nov 15

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/05a082d441d9cf365749c0e1eb904c85.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.RemServ.d
Vulnerability: Unauthenticated Remote Command Execution
Family: RemServ
Type: PE32
MD5: 05a082d441d9cf365749c0e1eb904c85
Vuln ID: MVID-2022-0655
Disclosure: 11/11/2022
Description: The malware creates a service…

Read More

HEUR:Trojan.MSIL.Agent.gen / Information Disclosure

Read Time:21 Second

Posted by malvuln on Nov 15

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/bc2ccf92bea475f828dcdcb1c8f6cc92.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: HEUR:Trojan.MSIL.Agent.gen
Vulnerability: Information Disclosure
Description: the malware runs an HTTP service on port 19334. Attackers who
can reach an infected host can make HTTP GET requests to download and or
stat arbitrary files…

Read More

Backdoor.Win32.Aphexdoor.LiteSock / Remote Stack Buffer Overflow (SEH)

Read Time:20 Second

Posted by malvuln on Nov 15

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/2047ac6183da4dfb61d2562721ba0720.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Aphexdoor.LiteSock
Vulnerability: Remote Stack Buffer Overflow (SEH)
Description: The malware drops an extensionless PE file named “3” which
listens on TCP port 1080. Third-party attackers who can reach an…

Read More