Category Archives: Advisories

Win32.Ransom.BlueSky / Arbitrary Code Execution

Read Time:20 Second

Posted by malvuln on Aug 15

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/961fa85207cdc4ef86a076bbff07a409.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Win32.Ransom.BlueSky
Vulnerability: Arbitrary Code Execution
Description: The BlueSky ransomware looks for and executes arbitrary DLLs
in its current working directory. Therefore, we can hijack a vuln DLL,
execute our own code, control…

Read More

Zyxel IPC 3605N & 4605N / Remote shell access

Read Time:24 Second

Posted by Eric Urban on Aug 15

Hello everyone,

I have identified that the Zyxel IPC 3605N and 4605N IP based security
cameras have multiple flaws. Combining these together leads to the ability
for an attacker to remotely install root shell access on the device.

A web server installed for UPnP purposes allows the plaintext passwords to
be retrieved by anyone. This grants access to the web administration
interface. From there, a tarball can be downloaded, modified with a…

Read More

Re: typeorm CVE-2022-33171

Read Time:28 Second

Posted by Andrii Kostenko via Fulldisclosure on Aug 15

I found what I think is a vulnerability in the latest typeorm 0.3.7.
TypeORM v0.3 has a new findOneBy method instead of findOneById() and it is
the only way to get a record by id

Sending undefined as a value in this method removes this parameter from the
query. This leads to the data exposure.

For example:
Users.findOneBy({id: req.query.id}) with /?id=12345 produces SELECT * FROM
Users WHERE id=12345 LIMIT 1 while removing id from the query…

Read More

CVE-2020-23622

Read Time:12 Second

** UNSUPPORTED WHEN ASSIGNED ** An issue in the UPnP protocol in 4thline cling 2.0.0 through 2.1.2 allows remote attackers to cause a denial of service via an unchecked CALLBACK parameter in the request header.

Read More

CVE-2020-21365

Read Time:9 Second

Directory traversal vulnerability in wkhtmltopdf through 0.12.5 allows remote attackers to read local files and disclose sensitive information via a crafted html file running with the default configurations.

Read More