Category Archives: Advisories

USN-5485-2: Linux kernel (OEM) vulnerabilities

Read Time:29 Second

It was discovered that some Intel processors did not completely perform
cleanup actions on multi-core shared buffers. A local attacker could
possibly use this to expose sensitive information. (CVE-2022-21123)

It was discovered that some Intel processors did not completely perform
cleanup actions on microarchitectural fill buffers. A local attacker could
possibly use this to expose sensitive information. (CVE-2022-21125)

It was discovered that some Intel processors did not properly perform
cleanup during specific special register write operations. A local attacker
could possibly use this to expose sensitive information. (CVE-2022-21166)

Read More

CVE-2014-3648

Read Time:26 Second

The simplepush server iterates through the application installations and pushes a notification to the server provided by deviceToken. But this is user controlled. If a bogus applications is registered with bad deviceTokens, one can generate endless exceptions when those endpoints can’t be reached or can slow the server down by purposefully wasting it’s time with slow endpoints. Similarly, one can provide whatever HTTP end point they want. This turns the server into a DDOS vector or an anonymizer for the posting of malware and so on.

Read More

CVE-2014-3650

Read Time:10 Second

Multiple persistent cross-site scripting (XSS) flaws were found in the way Aerogear handled certain user-supplied content. A remote attacker could use these flaws to compromise the application with specially crafted input.

Read More

JAHx221 – RCE in copy/pasted PHP compat libraries, json_decode function

Read Time:15 Second

Posted by Eldar Marcussen on Jun 30

JAHx221 – RCE in copy/pasted PHP compat libraries, json_decode function
===============================================================================
Several PHP compatability libraries contain a potential remote code
execution
flaw in their `json_decode()` function based on having copy pasted existing
vulnerable code.

Identifiers
—————————————
* JAHx221 – http://www.justanotherhacker.com/advisories/JAHx221.txt

Read More

Backdoor.Win32.EvilGoat.b / Weak Hardcoded Credentials

Read Time:19 Second

Posted by malvuln on Jun 30

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/20daf01e941f966b21a7ae431faefc65.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.EvilGoat.b
Vulnerability: Weak Hardcoded Credentials
Description: The malware listens on TCP port 13014. Authentication is
required, however the credentials “evilgoat / penix” are weak and found
within the PE…

Read More

Backdoor.Win32.Coredoor.10.a / Authentication Bypass

Read Time:20 Second

Posted by malvuln on Jun 30

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/49da40a2ac819103da9dc5ed10d08ddb.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Coredoor.10.a
Vulnerability: Authentication Bypass
Description: The malware runs an FTP server on TCP port 21000. Third-party
attackers who can reach infected systems can logon using any
username/password combination….

Read More

Backdoor.Win32.Cafeini.b / Weak Hardcoded Credentials

Read Time:20 Second

Posted by malvuln on Jun 30

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/a8fc1b3f7a605dc06a319bf0e14ca68b.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Cafeini.b
Vulnerability: Weak Hardcoded Credentials
Description: The malware listens on TCP ports 51966 and 23. Authentication
is required, however the password “mama” is weak and found within the PE
file….

Read More

BigBlueButton – Stored XSS in username (CVE-2022-31064)

Read Time:22 Second

Posted by Rick Verdoes via Fulldisclosure on Jun 30

CVE-2022-31064 – Stored Cross-Site Scripting in BigBlueButton.

=========================

Exploit Title: Stored Cross-Site Scripting (XSS) in BigBlueButton

Product: BigBlueButton

Vendor: BigBlueButton

Vulnerable Versions: 2.3, <2.4.8, <2.5.0

Tested Version: 2.4.7

Advisory Publication: Jun 22, 2022

Latest Update: Jun 22, 2022

Vulnerability Type: Cross-Site Scripting [CWE-79]

CVE Reference: CVE-2022-31064

CVSS Severity: High

CVSS…

Read More

typeorm CVE-2022-33171

Read Time:25 Second

Posted by lixts via Fulldisclosure on Jun 30

typeorm CVE-2022-33171

findOne(id), findOneOrFail(id)

The findOne function in TypeORM before 0.3.0 can either be supplied with a string or a FindOneOptions object. When
input to the function is a user-controlled parsed JSON object, supplying a crafted FindOneOptions instead of an id
string leads to SQL injection.

The issue was already fixed from version 0.3.0 onward when we encountered it.

Maintainer does not consider this a vulnerability…

Read More