[FD] [CFP-ESORICS 2022]: 27th European Symposium on Research in Computer Security (ESORICS) 2022

[Apologies for cross-posting] -- C a l l F o r P a p e r s I27th European Symposium on Research in Computer Security (ESORICS) 2022 26-30 September 2022, Copenhagen, Denmark URL: https://esorics2022.compute.dtu.dk/#

[FD] SEC Consult SA-20220124-0 :: Authenticated Path Traversal in Ethercreative Logs plugin for Craft CMS

SEC Consult Vulnerability Lab Security Advisory < 20220124-0 > === title: Authenticated Path Traversal product: Ethercreative Logs plugin for Craft CMS vulnerable version: <=3.0.3 fixe

[FD] SEC Consult SA-20220120-0 :: Local file inclusion vulnerability in Land Software - FAUST iServer

SEC Consult Vulnerability Lab Security Advisory < 20220120-0 > === title: Local file inclusion vulnerability product: Land Software - FAUST iServer vulnerable version: 9.0.017.017.1-3 - 9.0.018.018.4

[FD] Advisory:[CVE-2021-27971]Alps Alpine DLL Injection Issue

Summary: A vulnerability to DLL Injection attacks was found in the Alps Alpine Touchpad driver, which might allow an attacker to access the kernel area memory. Alps Alpine has released updates to mitigate this potential vulnerability. Vulnerability Details: The ALPS ALPINE Touchpad driver

[FD] SEC Consult SA-20220117-0 :: Stored Cross-Site Scripting vulnerability in TYPO3 extension "femanager"

SEC Consult Vulnerability Lab Security Advisory < 20220117-0 > === title: Stored Cross-Site Scripting vulnerability product: TYPO3 extension "femanager" vulnerable version: 6.0.0 - 6.3.0 and 5.5.0 and

[FD] Backdoor.Win32.Wollf.16 / Weak Hardcoded Credentials

Discovery / credits: Malvuln - malvuln.com (c) 2022 Original source: https://malvuln.com/advisory/204613443e555f73237ea43a2faecaa5_B.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: Backdoor.Win32.Wollf.16 Vulnerability: Weak Hardcoded Credentials Description: The malware runs

[FD] Backdoor.Win32.Wollf.16 / Authentication Bypass

Discovery / credits: Malvuln - malvuln.com (c) 2022 Original source: https://malvuln.com/advisory/204613443e555f73237ea43a2faecaa5.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: Backdoor.Win32.Wollf.16 Vulnerability: Authentication Bypass Description: The malware listens on

[FD] Ransomware Builder Babuk / Insecure Permissions

Discovery / credits: Malvuln - malvuln.com (c) 2022 Original source: https://malvuln.com/advisory/5dfa998f62612e10d5d28d26948dd50f.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: Ransomware Builder Babuk Vulnerability: Insecure Permissions Description: The malware creates

[FD] Backdoor.Win32.Wisell / Unauthenticated Remote Command Execution

Discovery / credits: Malvuln - malvuln.com (c) 2022 Original source: https://malvuln.com/advisory/57bda78cc5fd6a06017148bae28e8e39.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: Backdoor.Win32.Wisell Vulnerability: Unauthenticated Remote Command Execution Description: The

[FD] CollectorStealerBuilder v2.0.0 Panel / Man-in-the-Middle (MITM)

Discovery / credits: Malvuln - malvuln.com (c) 2022 Original source: https://malvuln.com/advisory/54530f88c8e4f4371c9418f00c256b1d_B.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: CollectorStealerBuilder v2.0.0 Panel Vulnerability: Man-in-the-Middle (MITM) Description: MITM

[FD] CollectorStealerBuilder v2.0.0 Panel / Insecure Credential Storage

Discovery / credits: Malvuln - malvuln.com (c) 2022 Original source: https://malvuln.com/advisory/54530f88c8e4f4371c9418f00c256b1d.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: CollectorStealerBuilder v2.0.0 Panel Vulnerability: Insecure Credential Storage Description: The

[FD] VulturiBuilder / Insecure Permissions

Discovery / credits: Malvuln - malvuln.com (c) 2022 Original source: https://malvuln.com/advisory/ca294b2f778abc14fef6313b3cea7155.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: VulturiBuilder Vulnerability: Insecure Permissions Description: The malware writes an .EXE with

[FD] Chaos Ransomeware Builder v4 / Insecure Permissions

Discovery / credits: Malvuln - malvuln.com (c) 2022 Original source: https://malvuln.com/advisory/8b855e56e41a6e10d28522a20c1e03 41.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: Chaos Ransomeware Builder v4 Vulnerability: Insecure Permissions Description: The malware writes

[FD] AgentTesla Builder Web Panel / SQL Injection

Discovery / credits: Malvuln - malvuln.com (c) 2022 Original source: https://malvuln.com/advisory/db9629508fda139f71f625d764c7ef f7_B.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: AgentTesla Builder Web Panel Vulnerability: SQL Injection Description: The AgentTeslaBuilder

[FD] AgentTesla Builder Web Panel / Cross Site Scripting (XSS)

Discovery / credits: Malvuln - malvuln.com (c) 2022 Original source: https://malvuln.com/advisory/db9629508fda139f71f625d764c7ef f7.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: AgentTesla Builder Web Panel Vulnerability: Cross Site Scripting (XSS) Description:

[FD] [TO-2021-001] WebACMS 2.1.0 - Cross-Site Scripting

Advisory ID: TO-2021-001 Product: WebACMS Vendor: AFI Solutions GmbH Tested Version: 2.1.0 Fixed Version: - Vulnerability Type: Cross-Site Scripting (CWE-79) CVSSv2 Severity: AV:N/AC:L/Au:N/C:P/I:P/A:N (Score 6.4) CVSSv3 Severity: AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N (Score 6.1) Solution Status:

[FD] Xerox vulnerability allows unauthenticated remote users to remotely brick network printers

[+] Credits: Mahmoud Al-Qudsi [+] Website: https://neosmart.net/ [+] Source: https://neosmart.net/blog/?p=4865 [+] Media: https://twitter.com/mqudsi and https://twitter.com/neosmart [Vendor] Xerox Corporation [Product] Xerox Versalink printers, other Xerox printers/copiers. [Vulnerability Type]

[FD] Unauthenticated RCE vuln in the H2 Database console: CVE-2022-23221.

Document Title === Unauthenticated RCE vuln in the H2 Database console: CVE-2022-23221. Product Description === The H2 Console Application The Console lets you access a SQL database using a browser interface. Homepage: http://www.h2database.com/html/quickstart.html