Two security issues were found in PHP, a widely-used open source general
purpose scripting language which could result in information disclosure
or denial of service.

Read More

Reginaldo Silva discovered a (Debian-specific) Lua sandbox escape in
Redis, a persistent key-value database.

Read More

Multiple vulnerabilties were discovered in snapd, a daemon and tooling
that enable Snap packages, which could result in bypass of access
restrictions or privilege escalation.

Read More

A reflected cross-site scripting (XSS) vulnerability in PHP-Fusion 7.02.07 allows remote attackers to inject arbitrary web script or HTML via the status parameter in the CMS admin panel.

Read More

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Feb 16

SEC Consult Vulnerability Lab Security Advisory < 20220215-0 >
=======================================================================
title: Multiple Critical Vulnerabilities
product: Multiple Zyxel devices
vulnerable version: For affected products see “Solution” section
fixed version: see “Solution” section
CVE number: –
impact: Critical
homepage:…

Read More

Posted by malvuln on Feb 16

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/fe0dacbc953d4301232b386fcb3afc23.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan-Spy.Win32.Zbot.aawo.Zeus-Builder
Vulnerability: Insecure Permissions
Description: ZeuS Builder saves PE files to the c drive with insecure
permissions granting change (C) permissions to the authenticated user
group. Standard users can…

Read More

Posted by malvuln on Feb 16

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/8201ba6b542fc91c004110b2fc5395aa.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Prosti.b
Vulnerability: Insecure Permissions
Description: The malware writes a “.dll” PE file with insecure permissions
under c drive granting change (C) permissions to the authenticated user
group. Standard users can…

Read More

Posted by malvuln on Feb 16

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/1c255ef6fd44877700867f94a59875d2.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Email-Worm.Win32.Lama
Vulnerability: Insecure Permissions
Description: The malware writes a “.BAT” file with insecure permissions
under c drive granting change (C) permissions to the authenticated user
group. Standard users can rename…

Read More

Posted by malvuln on Feb 16

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/65a53a37843db2b86a67a9e23277c1bf.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Prorat.lkt
Vulnerability: Weak Hardcoded Password
Description: The malware listens on TCP port 2121. Authentication is
required, however the password “special” is weak and hardcoded in cleartext
at offset 0040267C.
Type:…

Read More

Multiple security issues were discovered in Chromium, which could result
in the execution of arbitrary code, denial of service or information
disclosure.

Read More