Category Archives: Advisories

Advisories

Re: Panel.SmokeLoader / Cross Site Request Forgery (CSRF)

Read Time:19 Second

Posted by malvuln on May 14

Updated and fixed a payload typo and added additional info regarding the
stored persistent XSS see attached.

Thanks, Malvuln

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024
Original source: https://malvuln.com/advisory/4b5fc3a2489985f314b81d35eac3560f_B.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Panel.SmokeLoader
Vulnerability: Cross Site Request Forgery (CSRF) – Persistent XSS
Family: SmokeLoader…

Read More

Advisories

Panel.SmokeLoader / Cross Site Request Forgery (CSRF)

Read Time:16 Second

Posted by malvuln on May 14

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024
Original source:
https://malvuln.com/advisory/4b5fc3a2489985f314b81d35eac3560f_B.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Panel.SmokeLoader
Vulnerability: Cross Site Request Forgery (CSRF)
Family: SmokeLoader
Type: Web Panel
MD5: 4b5fc3a2489985f314b81d35eac3560f (control.php)
SHA256: 8d02238577081be74b9ebc1effcfbf3452ffdb51f130398b5ab875b9bfe17743
Vuln…

Read More

Advisories

Panel.SmokeLoader C2 / Cross Site Scripting (XSS)

Read Time:16 Second

Posted by malvuln on May 14

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024
Original source:
https://malvuln.com/advisory/4b5fc3a2489985f314b81d35eac3560f.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Panel.SmokeLoader
Vulnerability: Cross Site Scripting (XSS)
Family: SmokeLoader
Type: Web Panel
MD5: 4b5fc3a2489985f314b81d35eac3560f (control.php)
SHA256: 8d02238577081be74b9ebc1effcfbf3452ffdb51f130398b5ab875b9bfe17743
Vuln ID:…

Read More

Advisories

Panel.Amadey.d.c C2 / Cross Site Scripting (XSS)

Read Time:16 Second

Posted by malvuln on May 14

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024
Original source:
https://malvuln.com/advisory/50467c891bf7de34d2d65fa93ab8b558.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Panel Amadey.d.c
Vulnerability: Cross Site Scripting (XSS)
Family: Amadey
Type: Web Panel
MD5: 50467c891bf7de34d2d65fa93ab8b558 (Login.php)
SHA256: 65623eead2bcba66817861246e842386d712c38c5c5558e50eb49cffa2a1035d
Vuln ID:…

Read More

Advisories

RansomLord v3 / Anti-Ransomware Exploit Tool Released

Read Time:22 Second

Posted by malvuln on May 14

Proof-of-concept tool that automates the creation of PE files, used to
exploit Ransomware pre-encryption. Updated v3:
https://github.com/malvuln/RansomLord/releases/tag/v3
Lang: C SHA256:
83f56d14671b912a9a68da2cd37607cac3e5b31560a6e30380e3c6bd093560f5

Video PoC (old v2):
https://www.youtube.com/watch?v=_Ho0bpeJWqI

RansomLord generated PE files are saved to disk in the x32 or x64
directories where the program is run from. Goal is to exploit…

Read More

Advisories

APPLE-SA-05-13-2024-8 tvOS 17.5

Read Time:25 Second

Posted by Apple Product Security via Fulldisclosure on May 14

APPLE-SA-05-13-2024-8 tvOS 17.5

tvOS 17.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT214102.

Apple maintains a Security Releases page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

AppleAVD
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: An app may be able to execute arbitrary code with kernel…

Read More

Advisories

APPLE-SA-05-13-2024-7 watchOS 10.5

Read Time:25 Second

Posted by Apple Product Security via Fulldisclosure on May 14

APPLE-SA-05-13-2024-7 watchOS 10.5

watchOS 10.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT214104.

Apple maintains a Security Releases page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

AppleAVD
Available for: Apple Watch Series 4 and later
Impact: An app may be able to execute arbitrary code with kernel
privileges…

Read More

Advisories

Research about consistency of CVSSv4

Read Time:22 Second

Posted by Julia Wunder on May 14

Hello there,

The University of Erlangen-Nuremberg (Germany) is conducting a research
study to investigate the reliability of CVSSv4 (Common Vulnerability
Scoring System). We conducted a survey on CVSSv3.1 in winter 2020/21 and
found out that the ratings are not always consistent [1]. Now we want to
investigate the latest version CVSSv4. If you are currently assessing
vulnerabilities using CVSS, we would greatly appreciate your…

Read More

Advisories

APPLE-SA-05-13-2024-6 macOS Monterey 12.7.5

Read Time:25 Second

Posted by Apple Product Security via Fulldisclosure on May 14

APPLE-SA-05-13-2024-6 macOS Monterey 12.7.5

macOS Monterey 12.7.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT214105.

Apple maintains a Security Releases page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Find My
Available for: macOS Monterey
Impact: A malicious application may be able to access Find My data…

Read More