Posted by malvuln on Mar 20

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/838f67d7a4b6824ec59892057aab3bb7.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: BuilderTorCTPHPRAT.b
Vulnerability: Insecure Credential Storage
Description: The default password for the TorCT client malwares web-panel
is “ww” and is stored in cleartext within the “password.php” file.
Family: TorCTPHPRAT…

Read More

Posted by malvuln on Mar 20

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/ae4a409d217bbd538009fbbb5457e754.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: BuilderPandoraRat.b – (Pandora Rat 2.2 [Beta].exe)
Vulnerability: Insecure Credential Storage
Description: The malware listens on TCP port 6622. Credentials are stored
in plaintext in Settings.ini file and default password is blank.
Family:…

Read More

Posted by malvuln on Mar 20

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/cc3670f1b3e60e00b43c86d787563a44_B.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: BuilderOrcus (Orcus.Administration-cracked.exe)
Vulnerability: Insecure Credential Storage
Description: The malware stores its password in plaintext in a
settings.json file.
Family: BuilderOrcus
Type: PE32
MD5: cc3670f1b3e60e00b43c86d787563a44…

Read More

Posted by malvuln on Mar 20

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/cc3670f1b3e60e00b43c86d787563a44.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: BuilderOrcus (Orcus.Administration-cracked.exe)
Vulnerability: Insecure Permissions
Description: When building backdoor servers, the malware writes PE files
with insecure permissions to c drive granting change (C) permissions to the
authenticated…

Read More

Posted by Julien Ahrens (RCE Security) on Mar 20

RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: SAP Knowledge Warehouse
Vendor URL:
https://help.sap.com/viewer/816f1f952d244bbf9dd5063e2a0e66b0/7.5.21/en-US/4dc9605e4a9d6522e10000000a15822b.html
Type: Cross-Site Scripting [CWE-79]
Date found: 2021-09-21
Date published: 2022-03-17
CVSSv3 Score: 6.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
CVE:…

Read More

Posted by Emanuel DUSS on Mar 20

#############################################################
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/research/advisories/
#
#############################################################
#
# Product: 3CX Phone System
# Vendor: 3CX
# CSNC ID: CSNC-2021-022
# CVE ID: CVE-2021-45491
# Subject: Exportable Cleartext Passwords
# CWE-ID: CWE-257 (Storing Passwords in a Recoverable Format)
# Severity: Medium
# Effect:…

Read More

Posted by Emanuel DUSS on Mar 20

#############################################################
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/research/advisories/
#
#############################################################
#
# Product: 3CX Client for Windows (legacy), Android & iOS
# Vendor: 3CX
# CSNC ID: CSNC-2021-021
# CVE ID: CVE-2021-45490
# Subject: Missing Certificate Verification
# CWE-ID: CWE-295 (Improper Certificate Validation)
#…

Read More

Post Content

Read More

Multiple security issues were discovered in Thunderbird, which could
result in the execution of arbitrary code or information disclosure.

Read More

An arbitrary file upload vulnerability in the upload payment plugin of ShopXO v1.9.0 allows attackers to execute arbitrary code via uploading a crafted PHP file.

Read More