Full Disclosure: by date

PreviousPrevious period
Next periodNext

77 messages starting Apr 02 21 and ending Apr 30 21
Date index | Thread index | Author index

Friday, 02 April

Backdoor.Win32.Burbul.b / Authentication Bypass MITM Port Bounce Scan malvuln
Trojan-Downloader.Win32.Delf.oxz / Insecure Permissions malvuln
Trojan-Downloader.Win32.Delf.ur / Insecure Permissions malvuln
Trojan-Downloader.Win32.Delf.nzg / Insecure Permissions malvuln

Monday, 05 April

Onapsis Security Advisory 2021-0001: [CVE-2020-6207] - Unauthenticated RCE in SAP all SMD Agents connected to SAP SolMan Onapsis Research via Fulldisclosure
Onapsis Security Advisory 2021-0002: [CVE-2020-6234] - SAP Multiple root LPE through SAP Host Control Onapsis Research via Fulldisclosure
Onapsis Security Advisory 2021-0003: [CVE-2020-6287] - [SAP RECON] SAP JAVA: Unauthenticated execution of configuration tasks Onapsis Research via Fulldisclosure
Onapsis Security Advisory 2021-0004: [CVE-2020-26820] - SAP Java OS Remote Code Execution Onapsis Research via Fulldisclosure

Tuesday, 06 April

python embedded program local arbitrary python script execution on windows houjingyi
Defense in depth -- The Microsoft way (part 74): Windows Defender SmartScreen is rather DUMP, it allows denial of service Stefan Kanthak
Trojan.Win32.Sharer.h / Anonymous Logon RCE malvuln
Trojan.Win32.Sharer.h / Anonymous Logon MITM Port Bounce Scan malvuln
Trojan.Win32.Sharer.h / Known Vulnerable Component - Heap Corruption malvuln
Trojan-Downloader.Win32.FraudLoad.xevn / Insecure Permissions malvuln

Wednesday, 07 April

SEC Consult SA-20210407-0 :: Arbitrary File Upload and Bypassing .htaccess Rules in Monospace Directus Headless CMS SEC Consult Vulnerability Lab

Thursday, 08 April

CVE-2021-26709 - Multiple Pre-Auth Stack Buffer Overflow in D-Link DSL-320B-D1 ADSL Modem Gabriele Gristina
usd20210005: Privileged File Write in Check Point Identity Agent < R81.018.0000 Responsible Disclosure via Fulldisclosure
Trojan.Win32.Hosts2.yqf / Insecure Permissions malvuln
Trojan-Downloader.Win32.Genome.omht / Insecure Permissions malvuln
Trojan-Downloader.Win32.Genome.qiw / Insecure Permissions malvuln
Trojan.Win32.Hotkeychick.d / Insecure Permissions malvuln
Backdoor.Win32.Hupigon.das / Unauthenticated Open Proxy malvuln
[SYSS-2020-032] Open Redirect in Tableau Server (CVE-2021-1629) Vladimir Bostanov
Backdoor.Win32.Small.n / Unauthenticated Remote Command Execution (SYSTEM) malvuln

Friday, 09 April

CFP ZeroNights 2021 CFP ZeroNights

Wednesday, 14 April

SEC Consult SA-20210414-0 :: Reflected cross-site scripting in Microsoft Azure DevOps Server SEC Consult Vulnerability Lab

Monday, 19 April

Plantronics HUB <= 3.21 EoP and DoS Red Timmy Security
[CVE-2021-20989, CVE-2021-20990, CVE-2021-20991, CVE-2021-20992] Multiple vulnerabilities in Fibaro Home Center research
Trojan.Win32.Jorik.qje / Insecure Permissions malvuln
Trojan.Win32.Agent.zfgh / Insecure Permissions malvuln
HEUR.Hoax.Win32.FrauDrop.gen / Insecure Permissions malvuln
Backdoor.Win32.Zombam.h / Remote Stack Buffer Overflow malvuln
Trojan.Win32.Agentb.iofv / Insecure Permissions malvuln
Trojan.Win32.NanoBot.onh / Insecure Permissions malvuln
Trojan-Dropper.Win32.Agent.bjtzcp / Insecure Permissions malvuln
Trojan.Win32.Bayrob.dtrg / Insecure Permissions malvuln
HEUR.Backdoor.Win32.Generic / Unauthenticated Open Proxy malvuln
Constructor.Win32.Bifrose.ag / Local Stack Buffer Overflow malvuln
Trojan.Win32.Agent.hsm / Insecure Permissions malvuln
[CVE-2021-1472/CVE-2021-1473] Cisco RV Series Authentication Bypass and Remote Command Execution Takeshi Shiomitsu
CVE-2021-28321-CVE-2021-28323: elevation of privileges in Microsoft Diaghub Imre Rad

Thursday, 22 April

SEC Consult SA-20210422-0 :: Stored Cross Site Scripting (Outdated software library) in BMDWeb 2.0 SEC Consult Vulnerability Lab

Friday, 23 April

Executable installers are vulnerable^WEVIL (case 61): arbitrary code execution WITH escalation of privilege via Intel WiFi drivers Stefan Kanthak
HEUR.Trojan.Win32.Generic / Insecure Permissions malvuln
Trojan-Dropper.Win32.Agent.xtp / Insecure Permissions malvuln
IM-Worm.Win32.Bropia.aa / Insecure Permissions malvuln
Backdoor.Win32.DarkKomet.artr / Insecure Permissions malvuln
Packed.Win32.Black.d / Unauthenticated Open Proxy malvuln

Tuesday, 27 April

Supply Chain Attacks via GitHub.com Releases Nightwatch Cybersecurity Research
APPLE-SA-2021-04-26-1 iOS 14.5 and iPadOS 14.5 Apple Product Security via Fulldisclosure
APPLE-SA-2021-04-26-2 macOS Big Sur 11.3 Apple Product Security via Fulldisclosure
APPLE-SA-2021-04-26-3 Security Update 2021-002 Catalina Apple Product Security via Fulldisclosure
Virus.Win32.Banka.a / Insecure Permissions malvuln
Worm.Win32.Busan.k / Insecure Communication Protocol malvuln
APPLE-SA-2021-04-26-4 Security Update 2021-003 Mojave Apple Product Security via Fulldisclosure
APPLE-SA-2021-04-26-6 tvOS 14.5 Apple Product Security via Fulldisclosure
APPLE-SA-2021-04-26-5 watchOS 7.4 Apple Product Security via Fulldisclosure
APPLE-SA-2021-04-26-7 Safari 14.1 Apple Product Security via Fulldisclosure
APPLE-SA-2021-04-26-8 iCloud for Windows 12.3 Apple Product Security via Fulldisclosure
APPLE-SA-2021-04-26-9 iTunes 12.11.3 for Windows Apple Product Security via Fulldisclosure
APPLE-SA-2021-04-26-10 Xcode 12.5 Apple Product Security via Fulldisclosure
XSS stored in PFSense 2.5.0 CVE-2021-27933 William Costa

Wednesday, 28 April

Trojan-Dropper.Win32.Dycler.vrp / Insecure Permissions malvuln
Trojan-Dropper.Win32.Injector.aobl / Insecure Permissions malvuln
Backdoor.Win32.Agent.afq / Missing Authentication malvuln
Backdoor.Win32.Agent.afq / Directory Traversal malvuln
Backdoor.Win32.Agent.afq / Remote Heap Corruption malvuln

Friday, 30 April

Open-Xchange Security Advisory 2021-04-30 Martin Heiland via Fulldisclosure
Defense in depth -- the Microsoft way (part 75): Bypass of SAFER alias Software Restriction Policies NOT FIXED Stefan Kanthak
Defense in depth -- The Microsoft way (part 76): arbitrary code execution WITH elevation of privilege in user-writable directories below %SystemRoot% Stefan Kanthak
HEUR.Trojan.Win32.Bayrob.gen / Insecure Permissions malvuln
Worm.Win32.Delf.hu / Insecure Permissions malvuln
Backdoor.Win32.Agent.ggw / Authentication Bypass malvuln
Backdoor.Win32.Agent.gmug / Heap Corruption malvuln
Backdoor.Win32.Agent.kte / Remote Stack Buffer Overflow (UDP Datagram) malvuln
Backdoor.Win32.Agent.oj / Remote Stack Buffer Overflow malvuln
Backdoor.Win32.Agent.oj / Unauthenticated Remote Command Execution malvuln
PreviousPrevious period
Next periodNext