Posted by CFP – ESORICS 2022 on Mar 20
[Apologies for cross-posting]
————————————————————————–
C a l l F o r P a p e r s
27th European Symposium on Research in Computer Security (ESORICS) 2022
26-30 September 2022, Copenhagen, Denmark
URL: https://esorics2022.compute.dtu.dk/#
————————————————————————–
===================
CONFERENCE OUTLINE:
===================
We are looking…
Posted by malvuln on Mar 20
Adversary3 v1.0 – Malware vulnerability intel tool for third-party
attackers.
Posted by malvuln on Mar 20
Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/531d8b4ac8f7eb827d62424169321b2b.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: BuilderRevengeRAT – (Revenge-RAT v0.3)
Vulnerability: XML External Entity Injection
Description: The malware listens on TCP port 333. There is a Config.xml
file used by the RAT builder to specify port, notification, webcam etc. The
XML parser used…
Posted by malvuln on Mar 20
Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/838f67d7a4b6824ec59892057aab3bb7_C.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: BuilderTorCTPHPRAT.b
Vulnerability: Remote Persistent XSS
Family: TorCTPHPRAT
Type: WebUI
MD5: 838f67d7a4b6824ec59892057aab3bb7 (Webremote TorCT Client.exe)
MD5: dc40fa699cfce01802213dbbd0cbe37e (SlaveOnline.php)
Vuln ID: MVID-2022-0520…
Posted by malvuln on Mar 20
Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/838f67d7a4b6824ec59892057aab3bb7_B.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: BuilderTorCTPHPRAT.b
Vulnerability: Arbitrary File Upload – RCE
Family: TorCTPHPRAT
Type: WebUI
MD5: 838f67d7a4b6824ec59892057aab3bb7 (Webremote TorCT Client.exe)
MD5: b54822058a3ed33c673d06113b453ebe (upload.php)
Vuln ID: MVID-2022-0519…
Posted by malvuln on Mar 20
Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/838f67d7a4b6824ec59892057aab3bb7.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: BuilderTorCTPHPRAT.b
Vulnerability: Insecure Credential Storage
Description: The default password for the TorCT client malwares web-panel
is “ww” and is stored in cleartext within the “password.php” file.
Family: TorCTPHPRAT…
Posted by malvuln on Mar 20
Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/ae4a409d217bbd538009fbbb5457e754.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: BuilderPandoraRat.b – (Pandora Rat 2.2 [Beta].exe)
Vulnerability: Insecure Credential Storage
Description: The malware listens on TCP port 6622. Credentials are stored
in plaintext in Settings.ini file and default password is blank.
Family:…
Posted by malvuln on Mar 20
Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/cc3670f1b3e60e00b43c86d787563a44_B.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: BuilderOrcus (Orcus.Administration-cracked.exe)
Vulnerability: Insecure Credential Storage
Description: The malware stores its password in plaintext in a
settings.json file.
Family: BuilderOrcus
Type: PE32
MD5: cc3670f1b3e60e00b43c86d787563a44…
Posted by malvuln on Mar 20
Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/cc3670f1b3e60e00b43c86d787563a44.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: BuilderOrcus (Orcus.Administration-cracked.exe)
Vulnerability: Insecure Permissions
Description: When building backdoor servers, the malware writes PE files
with insecure permissions to c drive granting change (C) permissions to the
authenticated…
Posted by Julien Ahrens (RCE Security) on Mar 20
RCE Security Advisory
https://www.rcesecurity.com
1. ADVISORY INFORMATION
=======================
Product: SAP Knowledge Warehouse
Vendor URL:
https://help.sap.com/viewer/816f1f952d244bbf9dd5063e2a0e66b0/7.5.21/en-US/4dc9605e4a9d6522e10000000a15822b.html
Type: Cross-Site Scripting [CWE-79]
Date found: 2021-09-21
Date published: 2022-03-17
CVSSv3 Score: 6.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
CVE:…
