Category Archives: Advisories

Backdoor.Win32.Redkod.d / Weak Hardcoded Credentials

Read Time:19 Second

Posted by malvuln on Oct 20

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/bb309bdd071d5733efefe940a89fcbe8.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Redkod.d
Vulnerability: Weak Hardcoded Credentials
Description: The malware listens on TCP port 4820. Authentication is
required, however the password “redkod” is weak and hardcoded in cleartext
within the PE…

Read More

RRX IOB LP v1.0 – DNS Cache Snooping Vulnerability

Read Time:20 Second

Posted by info () vulnerability-lab com on Oct 20

Document Title:
===============
RRX IOB LP v1.0 – DNS Cache Snooping Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2261

Article:https://www.vulnerability-db.com/?q=articles/2022/10/11/rhein-ruhr-express-rrx-dns-cache-snooping-vulnerability-wifi-hotspot

Release Date:
=============
2022-10-11

Vulnerability Laboratory ID (VL-ID):
====================================
2261

Common…

Read More

MapTool v1.11.5 – Cross Site Scripting Vulnerabilities

Read Time:16 Second

Posted by info () vulnerability-lab com on Oct 20

Document Title:
===============
MapTool v1.11.5 – Cross Site Scripting Vulnerabilities

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2319

Release Date:
=============
2022-10-11

Vulnerability Laboratory ID (VL-ID):
====================================
2319

Common Vulnerability Scoring System:
====================================
5.6

Vulnerability Class:
====================
Cross Site Scripting…

Read More

MapTool v1.11.5 – Denial of Service Vulnerability

Read Time:16 Second

Posted by info () vulnerability-lab com on Oct 20

Document Title:
===============
MapTool v1.11.5 – Denial of Service Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2318

Release Date:
=============
2022-10-10

Vulnerability Laboratory ID (VL-ID):
====================================
2318

Common Vulnerability Scoring System:
====================================
5.7

Vulnerability Class:
====================
Denial of Service…

Read More

WiFi File Transfer v1.0.8 – Cross Site Scripting Vulnerabilities

Read Time:16 Second

Posted by info () vulnerability-lab com on Oct 20

Document Title:
===============
WiFi File Transfer v1.0.8 – Cross Site Scripting Vulnerabilities

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2322

Release Date:
=============
2022-10-17

Vulnerability Laboratory ID (VL-ID):
====================================
2322

Common Vulnerability Scoring System:
====================================
5.6

Vulnerability Class:
====================
Cross Site…

Read More

Webile v1.0.1 – Directory Traversal Web Vulnerability

Read Time:16 Second

Posted by info () vulnerability-lab com on Oct 20

Document Title:
===============
Webile v1.0.1 – Directory Traversal Web Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2320

Release Date:
=============
2022-10-10

Vulnerability Laboratory ID (VL-ID):
====================================
2320

Common Vulnerability Scoring System:
====================================
7.3

Vulnerability Class:
====================
Directory- or…

Read More

Stripe Green Downloads 2.03 – Cross Site Scripting Web Vulnerability

Read Time:16 Second

Posted by info () vulnerability-lab com on Oct 20

Document Title:
===============
Stripe Green Downloads 2.03 – Cross Site Web Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2287

Release Date:
=============
2022-10-17

Vulnerability Laboratory ID (VL-ID):
====================================
2287

Common Vulnerability Scoring System:
====================================
5.2

Vulnerability Class:
====================
Cross Site…

Read More

Vicidial v2.14-783a – Multiple XSS Web Vulnerabilities

Read Time:16 Second

Posted by info () vulnerability-lab com on Oct 20

Document Title:
===============
Vicidial v2.14-783a – Multiple XSS Web Vulnerabilities

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2311

Release Date:
=============
2022-10-11

Vulnerability Laboratory ID (VL-ID):
====================================
2311

Common Vulnerability Scoring System:
====================================
5.2

Vulnerability Class:
====================
Cross Site Scripting…

Read More

Knap (APL) v3.1.3 – Persistent Cross Site Vulnerability

Read Time:16 Second

Posted by info () vulnerability-lab com on Oct 20

Document Title:
===============
Knap (APL) v3.1.3 – Persistent Cross Site Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2307

Release Date:
=============
2022-10-10

Vulnerability Laboratory ID (VL-ID):
====================================
2307

Common Vulnerability Scoring System:
====================================
5.7

Vulnerability Class:
====================
Cross Site…

Read More

OpenStack Horizon, it is posible to trigger a POST Request to any address

Read Time:25 Second

Posted by Sven Anders on Oct 20

Hi,

we opened a bug at OpenStack, 3 month ago, but nobody takes care about it. Due
to the OpenStack guidlines the bug report is now public readable.

https://bugs.launchpad.net/horizon/+bug/1980349

I am not a security expert and do not know how bad this bug is, there is now
CVE and so on. Please be kind.

# Description of the bug

We use OpenStack horizon in the following version: `git+https://opendev.org/

Read More