Full Disclosure Mailing List

A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.

List Archives

Latest Posts

some details regarding CVE-2022-24422 / iDRAC VNC authentication christian mock (May 13)
The Dell advisory is a bit low on details, so:

The vulnerability is really just CVE-2006-2369 / CVE-2006-2450, but
wrapped in TLS (we're in the 2020s, our auth bypasses are secure now!)

That means that your vuln scanner might or might not detect it, Nessus
for example does, but Nexpose apparently doesn't.

It also means that metasploit's "realvnc_41_bypass" is not directly
usable, you need to use your favorite TLS...

SEC Consult SA-20220512-0 :: Sandbox Escape with Root Access & Clear-text passwords in Konica Minolta bizhub MFP Printer Terminals SEC Consult Vulnerability Lab, Research via Fulldisclosure (May 12)
SEC Consult Vulnerability Lab Security Advisory < 20220512-0 >
=======================================================================
title: Sandbox Escape with Root Access & Clear-text passwords
product: Multiple Konica Minolta bizhub MFP Printer Terminals
vulnerable version: see vulnerable / tested versions below
fixed version: see solution section below
CVE number: CVE-2022-29586,...

Re: Defense in depth -- the Microsoft way (part 80): 25 (in words: TWENTY-FIVE) year old TRIVIAL bug crashes CMD.exe Tavis Ormandy (May 12)
They're explaining that you need privileges to attack *other* users. I don't
think anyone is disputing you can "attack" yourself.

I know, I know - we've had this discussion before, and nothing will
convince you that this isn't a vulnerability :)

Tavis.

APT28 FancyBear / Code Execution malvuln (May 10)
Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/d6751b148461e0f863548be84020b879.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: APT28 FancyBear
Vulnerability: Code Execution
Description: FancyBear looks for and executes DLLs in its current
directory. Therefore, we can potentially hijack a vuln DLL execute our own
code, control and terminate the malware. The...

Defense in depth -- the Microsoft way (part 80): 25 (in words: TWENTY-FIVE) year old TRIVIAL bug crashes CMD.exe Stefan Kanthak (May 10)
Hi @ll,

the subject says it all: a 25 year old TRIVIAL signed integer
arithmetic bug (which may well have earned a PhD now) crashes
Windows' command interpreter CMD.exe via its builtin SET command.
See their documentation:
<https://technet.microsoft.com/en-us/library/cc771320.aspx>
<https://technet.microsoft.com/en-us/library/cc754250.aspx>

Classification
~~~~~~~~~~~~~~

<https://cwe.mitre.org/data/definitions/190.html>...

Ransom.Satana / Code Execution malvuln (May 07)
Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/46bfd4f1d581d7c0121d2b19a005d3df.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Ransom.Satana
Vulnerability: Code Execution
Description: Satana searches for and loads a DLL named "wow64log.dll" in
Windows\System32. Therefore, we can drop our own DLL to intercept and
terminate the malware pre-encryption....

Ransom.Conti / Code Execution malvuln (May 07)
Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/20f0c736a966142de88dee06a2e4a5b1.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Ransom.Conti
Vulnerability: Code Execution
Description: Conti looks for and executes DLLs in its current directory.
Therefore, we can potentially hijack a vuln DLL execute our own code,
control and terminate the malware pre-encryption....

Ransom.Petya / Code Execution malvuln (May 07)
Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/8ed9a60127aee45336102bf12059a850.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Ransom.Petya
Vulnerability: Code Execution
Description: Petya looks for and loads a DLL named "wow64log.dll" in
Windows\System32. Therefore, we can drop our own DLL to intercept and
terminate the malware pre-encryption. The...

Ransom.Cryakl / Code Execution malvuln (May 07)
Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/2aea3b217e6a3d08ef684594192cafc8.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Ransom.Cryakl
Vulnerability: Code Execution
Description: Cryakl looks for and loads a DLL named "wow64log.dll" in
Windows\System32. Therefore, we can drop our own DLL to intercept and
terminate the malware pre-encryption. The...

Trojan-Ransom.Radamant / Code Execution malvuln (May 07)
Discovery / credits: Malvuln - (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/6152709e741c4d5a5d793d35817b4c3d.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan-Ransom.Radamant
Vulnerability: Code Execution
Description: Radamant tries to load a DLL named "PROPSYS.dll" and execute a
hidden PE file "DirectX.exe" from the AppData\Roaming directory. Therefore,
we can...

Trojan-Ransom.LockerGoga / Code Execution malvuln (May 05)
Discovery / credits: Malvuln - (John Page - aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/3b200c8173a92c94441cb062d38012f6.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan-Ransom.LockerGoga
Vulnerability: Code Execution
Description: LockerGoga looks for and loads a DLL named "wow64log.dll" in
Windows\System32. Therefore, we can drop our own DLL to intercept and
terminate the malware...

Ransom.CTBLocker / Code Execution malvuln (May 05)
Discovery / credits: Malvuln - (John Page - aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/de25f04dedaffde1be47ef26dc9a8176.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Ransom.CTBLocker
Vulnerability: Code Execution
Description: CTBLocker looks for and executes DLLs in its current
directory. Therefore, we can hijack a vuln DLL, execute our own code,
control and terminate the malware...

Trojan-Ransom.Cerber / Code Execution malvuln (May 05)
Discovery / credits: Malvuln - (John Page - aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/ae99e6a451bc53830be799379f5c1104.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan-Ransom.Cerber
Vulnerability: Code Execution
Description: Cerber looks for and executes DLLs in its current directory.
Therefore, we can hijack a vuln DLL, execute our own code, control and
terminate the malware...

Trojan.Ransom.Cryptowall / Code Execution malvuln (May 05)
Discovery / credits: Malvuln - (John Page - aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/0CFFEE266A8F14103158465E2ECDD2C1.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan.Ransom.Cryptowall
Vulnerability: Code Execution
Description: Cryptowall looks for and executes DLLs in its current
directory. Therefore, we can hijack a vuln DLL, execute our own code,
control and terminate the malware...

REvil.Ransom / Code Execution malvuln (May 05)
Discovery / credits: Malvuln - (John Page - aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/4c5c1731481ea8d67ef6076810c49e00.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: REvil.Ransom
Vulnerability: Code Execution
Description: REvil looks for and executes DLLs in its current directory.
Therefore, we can hijack a vuln DLL, execute our own code, control and
terminate the malware pre-encryption. The...

More Lists

Dozens of other network security lists are archived at SecLists.Org.