Category Archives: Advisories

Ransom Lockbit 3.0 / Code Execution

July 7, 2022

Read Time:18 Second

Posted by malvuln on Jul 06

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/38745539b71cf201bb502437f891d799_B.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Ransom Lockbit 3.0
Vulnerability: Code Execution
Description: The ransomware apparently now requires a password to execute
as noted by “@vxunderground” E.g. “-pass db66023ab2abcb9957fb01ed50cdfa6a”.
Lockbit looks…

Advisories

Ransom Lockbit 3.0 / Local Unicode Buffer Overflow (SEH)

July 7, 2022

Read Time:18 Second

Posted by malvuln on Jul 06

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/38745539b71cf201bb502437f891d799.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Ransom Lockbit 3.0
Vulnerability: Local Unicode Buffer Overflow (SEH)
Description: The ransomware apparently now requires a password to execute
as noted by “@vxunderground” E.g. “-pass…

Advisories

EQS Integrity Line: Multiple Vulnerabilities

July 7, 2022

Read Time:24 Second

Posted by Giovanni Pellerano on Jul 06

EQS Integrity Line: Multiple Vulnerabilities

Name Multiple Vulnerabilities in EQS Integrity Line
Systems Affected EQS Integrity Line through 2022-07-01
Severity High
Impact (CVSSv2) High 8.8/10, score: (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
Vendor EQS Group AG (https://www.eqs.com/)
Advisory
http://www.ush.it/team/ush/advisory-eqs-integrity-line/eqs_integrity_line.txt
Authors Giovanni…

Advisories

CVE-2022-30550: Privilege escalation possible in dovecot when similar master and non-master passdbs are used

July 7, 2022

Read Time:25 Second

Posted by Aki Tuomi via Fulldisclosure on Jul 06

Affected product: Dovecot IMAP Server
Internal reference: DOV-5320
Vulnerability type: Improper Access Control (CWE-284)
Vulnerable version: 2.2
Vulnerable component: submission
Report confidence: Confirmed
Solution status: Fixed in main
Researcher credits: Julian Brook (julezman)
Vendor notification: 2022-05-06
CVE reference: CVE-2022-30550
CVSS: 6.8 (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N)

Vulnerability Details:
When two passdb…

Advisories

ZDI-22-952: Foxit PDF Reader Annotation modDate Out-Of-Bounds Read Information Disclosure Vulnerability

July 7, 2022

Read Time:12 Second

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

Advisories

ZDI-22-951: Foxit PDF Reader Doc Object color Out-Of-Bounds Read Information Disclosure Vulnerability

July 7, 2022

Read Time:12 Second

Advisories

ZDI-22-950: Foxit PDF Reader newConnection Out-Of-Bounds Read Information Disclosure Vulnerability

July 7, 2022

Read Time:12 Second

Advisories

ZDI-22-958: SAP 3D Visual Enterprise Viewer EPS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

July 7, 2022

Read Time:12 Second

This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

Advisories

ZDI-22-957: SAP 3D Visual Enterprise Viewer BPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

July 7, 2022

Read Time:12 Second

Advisories

ZDI-22-956: SAP 3D Visual Enterprise Viewer HDR File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

July 7, 2022

Read Time:12 Second

Cyber Security News

Category Archives: Advisories

Ransom Lockbit 3.0 / Code Execution

Ransom Lockbit 3.0 / Local Unicode Buffer Overflow (SEH)

EQS Integrity Line: Multiple Vulnerabilities

CVE-2022-30550: Privilege escalation possible in dovecot when similar master and non-master passdbs are used

ZDI-22-952: Foxit PDF Reader Annotation modDate Out-Of-Bounds Read Information Disclosure Vulnerability

ZDI-22-951: Foxit PDF Reader Doc Object color Out-Of-Bounds Read Information Disclosure Vulnerability

ZDI-22-950: Foxit PDF Reader newConnection Out-Of-Bounds Read Information Disclosure Vulnerability

ZDI-22-958: SAP 3D Visual Enterprise Viewer EPS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

ZDI-22-957: SAP 3D Visual Enterprise Viewer BPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

ZDI-22-956: SAP 3D Visual Enterprise Viewer HDR File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

News, Advisories and much more