Category Archives: Advisories

Backdoor.Win32.Plugx / Insecure Permissions

Read Time:17 Second

Posted by malvuln on Jun 23

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024
Original source:
https://malvuln.com/advisory/eeb631127f1b9fb3d13d209d8e675634.txt
Contact: malvuln13 () gmail com
Media: x.com/malvuln

Threat: Backdoor.Win32.Plugx
Vulnerability: Insecure Permissions
Family: Plugx
Type: PE32
MD5: eeb631127f1b9fb3d13d209d8e675634
SHA256: c2804080c3f45e8232b3e955611f56c9ba513a7845ddad56a588c4191d139990
Vuln ID: MVID-2024-0686
Disclosure: 06/17/2024…

Read More

[SBA-ADV-20240321-01] CVE-2024-5676: Paradox IP150 Internet Module Cross-Site Request Forgery

Read Time:24 Second

Posted by SBA Research Security Advisory via Fulldisclosure on Jun 23

# Paradox IP150 Internet Module Cross-Site Request Forgery #

Link: https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20240321-01_Paradox_Cross_Site_Request_Forgery

## Vulnerability Overview ##

The Paradox IP150 Internet Module in version 1.40.00 is vulnerable to
Cross-Site Request Forgery (CSRF) attacks due to
a lack of countermeasures and the use of the HTTP method `GET` to introduce
changes in the system.

* **Identifier**…

Read More

mingw-gstreamer1-1.22.9-1.fc39 mingw-gstreamer1-plugins-bad-free-1.22.9-1.fc39 mingw-gstreamer1-plugins-base-1.22.9-2.fc39 mingw-gstreamer1-plugins-good-1.22.9-1.fc39

Read Time:17 Second

FEDORA-2024-919bc7e512

Packages in this update:

mingw-gstreamer1-1.22.9-1.fc39
mingw-gstreamer1-plugins-bad-free-1.22.9-1.fc39
mingw-gstreamer1-plugins-base-1.22.9-2.fc39
mingw-gstreamer1-plugins-good-1.22.9-1.fc39

Update description:

Update to gstreamer-1.22.9.

Backport fix for CVE-2024-0444.

Read More

libreswan-4.15-2.fc41

Read Time:30 Second

FEDORA-2024-342c3cc98f

Packages in this update:

libreswan-4.15-2.fc41

Update description:

Automatic update for libreswan-4.15-2.fc41.

Changelog

* Sat Jun 22 2024 Paul Wouters <paul.wouters@aiven.io> – 4.15-2
– Add libreswan-4.15-ipsec_import.patch
* Sat Jun 22 2024 Paul Wouters <paul.wouters@aiven.io> – 4.15-1
– Update libreswan to 4.15 for CVE-2024-3652
– Resolves rhbz#2274448 CVE-2024-3652 libreswan: IKEv1 default AH/ESP
responder can crash and restart
– Allow “ipsec import” to try importing PKCS#12 non-interactively if there
is no password

Read More