Category Archives: Advisories

Backdoor.Win32.Amatu.a / Remote Arbitrary File Write (RCE)

Read Time:17 Second

Posted by malvuln on Sep 28

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024
Original source:
https://malvuln.com/advisory/1e2d0b90ffc23e00b743c41064bdcc6b.txt
Contact: malvuln13 () gmail com
Media: x.com/malvuln

Threat: Backdoor.Win32.Amatu.a
Vulnerability: Remote Arbitrary File Write (RCE)
Family: Amatu
Type: PE32
MD5: 1e2d0b90ffc23e00b743c41064bdcc6b
SHA256: 77fff9931013ab4de6d4be66ca4fda47be37b6f706a7062430ee8133c7521297
Vuln ID: MVID-2024-0698
Dropped…

Read More

Backdoor.Win32.Agent.pw / Remote Stack Buffer Overflow (SEH)

Read Time:20 Second

Posted by malvuln on Sep 28

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024
Original source:
https://malvuln.com/advisory/68dd7df213674e096d6ee255a7b90088.txt
Contact: malvuln13 () gmail com
Media: x.com/malvuln

Threat: Backdoor.Win32.Agent.pw
Vulnerability: Remote Stack Buffer Overflow (SEH)
Description: The malware listens on TCP port 21111. Third-party
attackers who can reach an infected machine can send specially crafted
sequential packetz triggering a…

Read More

Backdoor.Win32.Boiling / Remote Command Execution

Read Time:20 Second

Posted by malvuln on Sep 28

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024
Original source:
https://malvuln.com/advisory/80cb490e5d3c4205434850eff6ef5f8f.txt
Contact: malvuln13 () gmail com
Media: x.com/malvuln

Threat: Backdoor.Win32.Boiling
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware listens on TCP port 4369. Third party
adversaries who can reach an infected host, can issue single OS
commands to takeover the system…

Read More

Defense in depth — the Microsoft way (part 88): a SINGLE command line shows about 20, 000 instances of CWE-73

Read Time:25 Second

Posted by Stefan Kanthak on Sep 28

Hi @ll,

<https://cwe.mitre.org/data/definitions/73.html>
CWE-73: External Control of File Name or Path
is a well-known and well-documented weakness.

<https://seclists.org/fulldisclosure/2020/Mar/48> as well as
<https://skanthak.homepage.t-online.de/offender.html> demonstrate how to
(ab)use just one instance of this weakness (introduced about 7 years ago
with Microsoft Defender, so-called “security software”) due to…

Read More

SEC Consult SA-20240925-0 :: Uninstall Password Bypass in BlackBerry CylanceOPTICS Windows Installer Package (CVE-2024-35214)

Read Time:15 Second

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Sep 28

SEC Consult Vulnerability Lab Security Advisory < 20240925-0 >
=======================================================================
title: Uninstall Password Bypass
product: BlackBerry CylanceOPTICS Windows Installer Package
vulnerable version: CylanceOPTICS <3.3 MR2
                    CylanceOPTICS <3.2 MR5
      fixed version: CylanceOPTICS 3.3 MR2
CylanceOPTICS…

Read More

Apple iOS 17.2.1 – Screen Time Passcode Retrieval (Mitigation Bypass)

Read Time:21 Second

Posted by Patrick via Fulldisclosure on Sep 28

Document Title:
===============
Apple iOS 17.2.1 – Screen Time Passcode Retrieval (Mitigation Bypass)

Release Date:
=============
2024-09-24

Affected Product(s):
====================
Vendor: Apple Inc.
Product: Apple iOS 17.2.1 (possibly all < 18.0 excluding 18.0)

References:
====================
VIDEO PoC: https://www.youtube.com/watch?v=vVvk9TR7qMo

The vulnerability has been patched in the latest release of the operating
system (iOS…

Read More