[FD] Backdoor.Win32.Agent.mzn / Remote SEH Buffer Overflow

2021-03-19 Thread malvuln
Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/f589ae5fb7879eb0b98fb8096d7152a5.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: Backdoor.Win32.Agent.mzn Vulnerability: Remote SEH Buffer Overflow Description: Agent.mzn drops an

[FD] Trojan-Dropper.Win32.Delf.p / Remote Buffer Overflow

2021-03-19 Thread malvuln
Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/b02cc578d2e7f24fb67ec0afc42a9e13_B.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: Trojan-Dropper.Win32.Delf.p Vulnerability: Remote Buffer Overflow Description: Delf.p accepts

[FD] Trojan-Dropper.Win32.Delf.p / Missing Authentication

2021-03-19 Thread malvuln
Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/b02cc578d2e7f24fb67ec0afc42a9e13.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: Trojan-Dropper.Win32.Delf.p Vulnerability: Missing Authentication Description: Delf.p drops an

[FD] MS Made Simple - File upload bypass with .phar extension lead to RCE

2021-03-19 Thread riccardo krauter
1) Summary Affected software CMS Made Simple-2.2.15 Vendor URLhttp://www.cmsmadesimple.org/ Vulnerability File upload bypass with .phar extension lead to RCE 2) Vulnerability Description The vulnerability affect the `FilePicker` module, it is possible to

[FD] CMS Made Simple SQL injection on m1_sortby parameter

2021-03-19 Thread riccardo krauter
1) Summary Affected software CMS Made Simple-2.2.15 Vendor URLhttp://www.cmsmadesimple.org/ Vulnerability SQL injection 2) Vulnerability Description The affected software is vulnerable to SQL injection via the m1_sortby POST parameter of the News module,

[FD] [SYSS-2020-044]: Zoom - Exposure of Resource to Wrong Sphere (CWE-668) (CVE-2021-28133)

2021-03-19 Thread Matthias Deeg
Advisory ID: SYSS-2020-044 Product: Zoom Manufacturer: Zoom Video Communications, Inc. Affected Version(s): 5.4.3 (54779.1115) 5.5.4 (13142.0301) Tested Version(s): 5.4.3 (54779.1115) 5.5.4 (13142.0301) Vulnerability Type: Exposure of Resource to Wrong

[FD] CFP for Hardwear.io Security Conference is OPEN

2021-03-19 Thread Andrea Simonca
* CFP for Hardwear.io USA 2021 is OPEN! * If you have a groundbreaking embedded research or an awesome open-source tool you’d like to showcase before the global hardware security community, this is your chance. Send in your ideas on various hardware subjects, including but not limited to Chips,