Category Archives: Advisories

Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution

Read Time:1 Minute, 12 Second

Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution.

Adobe Acrobat is a family of application software and Web services used to view, create, manipulate, print and manage Portable Document Format (PDF) files.
Adobe Substance3D Painter is a 3D painting software that allows users to texture and add materials directly to 3D meshes in real-time.
Adobe Substance3D Designer is a 3D design software that generates textures from procedural patterns inside node-based graphs.
Adobe Aero is a cross platform solution that enables creatives with no coding and mininmal 3D experience to design, share, and view interactive augmented reality experiences.
Adobe FrameMaker lets you create structured or template-based documents, review and collaborate with multiple content management systems and publish to a multitude of devices.
Adobe Dreamweaver is a proprietary web development tool.
Adobe Illustrator is a vector graphics editor and design software.
Adobe Animate is used to create vector graphics and interactive content.

Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights

Read More

SEC Consult SA-20240513-0 :: Tolerating Self-Signed Certificates in SAP® Cloud Connector

Read Time:17 Second

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on May 14

SEC Consult Vulnerability Lab Security Advisory < 20240513-0 >
=======================================================================
title: Tolerating Self-Signed Certificates
product: SAP® Cloud Connector
vulnerable version: 2.15.0 – 2.16.1 (Portable and Installer)
fixed version: 2.16.2 (Portable and Installer)
CVE number: CVE-2024-25642
impact: high
homepage:…

Read More

TROJANSPY.WIN64.EMOTET.A / Arbitrary Code Execution

Read Time:21 Second

Posted by malvuln on May 14

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024
Original source:
https://malvuln.com/advisory/f917c77f60c3c1ac6dbbadbf366ddd30.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: TrojanSpy.Win64.EMOTET.A
Vulnerability: Arbitrary Code Execution
Description: The malware looks for and executes a x64-bit “CRYPTBASE.dll”
PE file in its current directory. Therefore, we can hijack the DLL and
execute our own…

Read More

BACKDOOR.WIN32.ASYNCRAT / Arbitrary Code Execution

Read Time:20 Second

Posted by malvuln on May 14

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024
Original source:
https://malvuln.com/advisory/2337b9a12ecf50b94fc95e6ac34b3ecc.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.AsyncRat
Vulnerability: Arbitrary Code Execution
Description: The malware looks for and executes a x32-bit “CRYPTSP.dll” PE
file in its current directory. Therefore, we can hijack the DLL and execute
our own…

Read More

Re: Panel.SmokeLoader / Cross Site Request Forgery (CSRF)

Read Time:19 Second

Posted by malvuln on May 14

Updated and fixed a payload typo and added additional info regarding the
stored persistent XSS see attached.

Thanks, Malvuln

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024
Original source: https://malvuln.com/advisory/4b5fc3a2489985f314b81d35eac3560f_B.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Panel.SmokeLoader
Vulnerability: Cross Site Request Forgery (CSRF) – Persistent XSS
Family: SmokeLoader…

Read More

Panel.SmokeLoader / Cross Site Request Forgery (CSRF)

Read Time:16 Second

Posted by malvuln on May 14

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024
Original source:
https://malvuln.com/advisory/4b5fc3a2489985f314b81d35eac3560f_B.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Panel.SmokeLoader
Vulnerability: Cross Site Request Forgery (CSRF)
Family: SmokeLoader
Type: Web Panel
MD5: 4b5fc3a2489985f314b81d35eac3560f (control.php)
SHA256: 8d02238577081be74b9ebc1effcfbf3452ffdb51f130398b5ab875b9bfe17743
Vuln…

Read More

Panel.SmokeLoader C2 / Cross Site Scripting (XSS)

Read Time:16 Second

Posted by malvuln on May 14

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024
Original source:
https://malvuln.com/advisory/4b5fc3a2489985f314b81d35eac3560f.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Panel.SmokeLoader
Vulnerability: Cross Site Scripting (XSS)
Family: SmokeLoader
Type: Web Panel
MD5: 4b5fc3a2489985f314b81d35eac3560f (control.php)
SHA256: 8d02238577081be74b9ebc1effcfbf3452ffdb51f130398b5ab875b9bfe17743
Vuln ID:…

Read More

Panel.Amadey.d.c C2 / Cross Site Scripting (XSS)

Read Time:16 Second

Posted by malvuln on May 14

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024
Original source:
https://malvuln.com/advisory/50467c891bf7de34d2d65fa93ab8b558.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Panel Amadey.d.c
Vulnerability: Cross Site Scripting (XSS)
Family: Amadey
Type: Web Panel
MD5: 50467c891bf7de34d2d65fa93ab8b558 (Login.php)
SHA256: 65623eead2bcba66817861246e842386d712c38c5c5558e50eb49cffa2a1035d
Vuln ID:…

Read More

RansomLord v3 / Anti-Ransomware Exploit Tool Released

Read Time:22 Second

Posted by malvuln on May 14

Proof-of-concept tool that automates the creation of PE files, used to
exploit Ransomware pre-encryption. Updated v3:
https://github.com/malvuln/RansomLord/releases/tag/v3
Lang: C SHA256:
83f56d14671b912a9a68da2cd37607cac3e5b31560a6e30380e3c6bd093560f5

Video PoC (old v2):
https://www.youtube.com/watch?v=_Ho0bpeJWqI

RansomLord generated PE files are saved to disk in the x32 or x64
directories where the program is run from. Goal is to exploit…

Read More