Category Archives: Advisories

Backdoor.Win32.Cafeini.b / Weak Hardcoded Credentials

Read Time:19 Second

Posted by malvuln on Mar 28

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/b24c56abb4bde960c2d51d4e509d2c68_B.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Cafeini.b
Vulnerability: Weak Hardcoded Credentials
Family: Cafeini
Type: PE32
MD5: b24c56abb4bde960c2d51d4e509d2c68
Vuln ID: MVID-2022-0526
Disclosure: 03/25/2022
Description: The malware listens on TCP port 51966. Authentication…

Read More

Backdoor.Win32.Cafeini.b / Denial of Service

Read Time:20 Second

Posted by malvuln on Mar 28

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/b24c56abb4bde960c2d51d4e509d2c68.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Cafeini.b
Vulnerability: Denial of Service
Family: Cafeini
Type: PE32
MD5: b24c56abb4bde960c2d51d4e509d2c68
Vuln ID: MVID-2022-0525
Disclosure: 03/25/2022
Description: The malware listens on TCP port 51966 and is packed by a…

Read More

Backdoor.Win32.Cyn.20 / Insecure Permissions

Read Time:19 Second

Posted by malvuln on Mar 28

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/3dd1da64e306cae0409e154e15dd1b80.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Cyn.20
Vulnerability: Insecure Permissions
Description: The malware writes a “.EXE” file with insecure permissions to
c drive granting change (C) permissions to the authenticated user group.
Standard users can rename the…

Read More

Re: ImpressCMS: from unauthenticated SQL injection to RCE

Read Time:19 Second

Posted by Egidio Romano on Mar 28

Hello again,

Just wanted to let you know I updated the blog post with some more details:
apparently, this technique could be abused to bypass WAFs such as OWASP
ModSecurity CRS (Paranoia Level 1) and Cloudflare, check it out!

/EgiX

On Wed, Mar 23, 2022 at 3:07 PM Egidio Romano <research () karmainsecurity com>
wrote:

Read More

PHP filter_var vulnerability

Read Time:24 Second

Posted by Jordy Zomer on Mar 28

Hello!

When the filter_var function is used in conjunction with the flags FILTER_VALIDATE_DOMAIN and FILTER_FLAG_HOSTNAME,
there is a vulnerability in PHP that allows the filter to be bypassed. This vulnerability could be used to introduce
vulnerabilities into code that would otherwise be safe to use.

Due to the lack of response from the PHP security team, I have decided to make this vulnerability publicly available
instead. Especially…

Read More

USN-5353-1: Linux kernel (OEM) vulnerability

Read Time:14 Second

It was discovered that the IPsec implementation in the Linux kernel did not
properly allocate enough memory when performing ESP transformations,
leading to a heap-based buffer overflow. A local attacker could use this to
cause a denial of service (system crash) or possibly execute arbitrary
code.

Read More

CVE-2005-10001

Read Time:22 Second

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Netegrity SiteMinder up to 4.5.1 and classified as critical. Affected by this issue is the file /siteminderagent/pwcgi/smpwservicescgi.exe of the component Login. The manipulation of the argument target leads to an open redirect. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Read More

CVE-2008-10001

Read Time:17 Second

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as problematic, has been found in Pro2col Stingray FTS. The manipulation of the argument Username leads to cross site scripting. The attack may be initiated remotely. It is recommended to upgrade the affected component. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Read More

CVE-2010-10001

Read Time:21 Second

A vulnerability, which was classified as problematic, was found in Shemes GrabIt up to 1.7.2 Beta 4. This affects the component NZB Date Parser. The manipulation of the argument date with the input 1000000000000000 as part of a NZB File leads to a denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Read More

CVE-2017-20011

Read Time:24 Second

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in WEKA INTEREST Security Scanner 1.8. It has been rated as problematic. This issue affects some unknown processing of the component HTTP Handler. The manipulation with an unknown input leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Read More