Category Archives: Advisories

Trojan-Downloader.Win32.Small.ahlq / Insecure Permissions

Read Time:19 Second

Posted by malvuln on Apr 27

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/d859ba54086fd0313dc34b73b5b1eccb.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan-Downloader.Win32.Small.ahlq
Vulnerability: Insecure Permissions
Description: the malware creates a directory with insecure permissions
under c drive granting change (C) permissions to the authenticated user
group. Standard users can rename…

Read More

Backdoor.Win32.GF.j / Unauthenticated Remote Command Execution

Read Time:20 Second

Posted by malvuln on Apr 27

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/fa00524d7289cdba327d5c34ab3d9bd7.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.GF.j
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware listens on TCP port 21554. Third-party adversaries
who can reach infected hosts can run commands made available by the
backdoor.

Eg. commands…

Read More

Virus.Win32.Qvod.b / Insecure Permissions

Read Time:20 Second

Posted by malvuln on Apr 27

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/c44a9580e17bad0aa27329e51b7d0ae0.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Virus.Win32.Qvod.b
Vulnerability: Insecure Permissions
Description: The malware writes a PE file with insecure permissions to c
drive granting change (C) permissions to the authenticated user group.
Standard users can rename the executable dropped…

Read More

Email-Worm.Win32.Sidex / Unauthenticated Remote Command Execution

Read Time:20 Second

Posted by malvuln on Apr 27

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/a98cdaa89da57bf269873db63e22a939.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Email-Worm.Win32.Sidex
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware listens on TCP port 5151 and creates a dir named
“vortex” with several PE files. Third-party adversaries who can reach an
infected…

Read More

Net-Worm.Win32.Kibuv.c / Authentication Bypass

Read Time:20 Second

Posted by malvuln on Apr 27

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/4243911d5ca5655d04de8895704fcae6.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Net-Worm.Win32.Kibuv.c
Vulnerability: Authentication Bypass
Description: The malware listens on TCP port 7955. Third-party adversaries
who can reach infected systems can logon using any username/password
combination.
Family: Kibuv
Type: PE32
MD5:…

Read More

Backdoor.Win32.Jokerdoor / Remote Stack Buffer Overflow

Read Time:20 Second

Posted by malvuln on Apr 27

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/94d1b2510bf96fa6190cd65876bf4c38.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Jokerdoor
Vulnerability: Remote Stack Buffer Overflow
Description: The malware listens on TCP port 2172. Third party attackers
who can reach an infected system can send a large payload and trigger a
classic stack buffer overflow…

Read More

Trojan-Banker.Win32.Banker.heq / Insecure Permissions

Read Time:20 Second

Posted by malvuln on Apr 27

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/f15d05f74899324ecb61ee29ad162fad.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan-Banker.Win32.Banker.heq
Vulnerability: Insecure Permissions
Description: The malware writes a BAT script file with insecure permissions
to c drive granting change (C) permissions to the authenticated user group.
Standard users can rename…

Read More

SEC Consult SA-20220427-0 :: Privilege Escalation in Miele Benchmark Programming Tool

Read Time:18 Second

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Apr 27

SEC Consult Vulnerability Lab Security Advisory < 20220427-0 >
=======================================================================
title: Privilege Escalation
product: Miele Benchmark Programming Tool
vulnerable version: at least 1.1.49 and 1.2.71
fixed version: 1.2.72
CVE number: CVE-2022-22521
impact: Medium
homepage: https://www.miele.com/
found:…

Read More

Trovent Security Advisory 2108-02 / Zepp: User account enumeration in password reset function

Read Time:18 Second

Posted by Stefan Pietsch on Apr 27

# Trovent Security Advisory 2108-02 #
#####################################

User account enumeration in password reset function
###################################################

Overview
########

Advisory ID: TRSA-2108-02
Advisory version: 1.0
Advisory status: Public
Advisory URL: https://trovent.io/security-advisory-2108-02
Affected product: Zepp Android mobile application (com.huami.watch.hmwatchmanager)
Tested versions: Zepp 6.1.4-play…

Read More

CVE-2021-34590

Read Time:10 Second

In Bender/ebee Charge Controllers in multiple versions are prone to Cross-site Scripting. An authenticated attacker could write HTML Code into configuration values. These values are not properly escaped when displayed.

Read More