92 matches found
Threatpost News Wrap, August 18, 2017
Mike Mimoso and Tom Spring discuss this week’s security news, including recent abuse of Google Chrome extensions for fraud, a close look at Adobe’s decision to end of life Flash Player, and a backdoor discovered in NetSarang server management software’s update mechanism. Download: Threatpost News...
Backdoor Found in Popular Server Management Software used by Hundreds of Companies
Cyber criminals are becoming more adept, innovative, and stealthy with each passing day. They are now adopting more clandestine techniques that come with limitless attack vectors and are harder to detect. Recently, cyber crooks managed to infiltrate the update mechanism for a popular server...
ShadowPad in corporate networks
ShadowPad, part 2: Technical Details PDF In July 2017, during an investigation, suspicious DNS requests were identified in a partner's network. The partner, which is a financial institution, discovered the requests originating on systems involved in the processing of financial transactions. Furth...
Attackers Backdoor NetSarang Software Update Mechanism
Attackers infiltrated the update mechanism for a popular server management software package as recently as last month and modified it to include a backdoor. NetSarang, which has headquarters in South Korea and the United States, has removed the backdoored update, but not before it was activated o...
VulnCheck KEV: CVE-2017-20203
NetSarang Xmanager Enterprise 5.0 Build 1232, Xmanager 5.0 Build 1045, Xshell 5.0 Build 1322, Xftp 5.0 Build 1218, and Xlpd 5.0 Build 1220 contain a malicious nssock2.dll that implements a multi-stage, DNS-based backdoor. The dormant library contacts a C2 DNS server via a specially crafted TXT...
CNNVD on the United States Netsarang company multi software the presence of malicious code briefings-vulnerability warning-the black bar safety net
Recently, the national information security vulnerabilities library CNNVD received about the the United States Netsarang company more software there malicious code in case the message send. The company Xshell And Xmanager remote connection use of the product nssock2.dll module in the presence of...
Backdoor in the nssock2.dll module of several products including NetSarang Xmanager and Xshell
NetSarang is a company that provides secure link solutions and Xshell is a terminal emulation software. The related nssock2.dll module, a component used for network communication, in the installation directories of Xshell, Xlpd, Xmanager, and Xftp has been found to contain backdoor-type code samp...
netsarang.com XSS vulnerability
Vulnerable URL: https://www.netsarang.com/forum/xftp/list?status=1=10type="'--!...
Xshell5 5.0 Build 1124 DLL Hijacking
Title: Xshell5 - "api-ms-win-appmodel-runtime-l1-1-0" DLL Loading Arbitrary Code Execution. + Credits / Discovery: Nassim Asrir + Author Email: [email protected] + Author Company: Henceforth Vendor: =============== https://www.netsarang.com/ Product Version: =============== 5.0 Build 1124...
NetSarang Xlpd Printer Daemon 4 Denial of Service Vulnerability
No description provided by source. Title : NetSarang Xlpd Printer Daemon Denial of Service Vulnerability Author : Prabhu S Angadi SecPod Technologies www.secpod.com Vendor : http://www.netsarang.com Advisory : http://secpod.org/blog/?p=457...
XLPD 3.0 - Remote DoS
No description provided by source. Application: XLPD 3.0 Remote DoS Platforms: Windows XP Professional SP2 crash: YES Exploitation: remote DoS Date: 2009-10-06 Author: Francis Provencher Protek Research Lab's 1 Introduction 2 Technical details 3 The Code =============== 1 Introduction...
XFTP 3.0 Build 0239 Long filename Buffer Overflow
No description provided by source. !/usr/bin/python import socket import sys |------------------------------------------------------------------| | | | / / / / | | / / / / / / / \ / / / / \ | | / // // / / / / / // / / / / / // / // / / / / / / | | /// //,// // //,// // // | | | |...
CVE-2012-1009
NetSarang Xlpd 4 Build 0100 and NetSarang Xmanager Enterprise 4 Build 0186 allow remote attackers to cause a denial of service daemon crash via a malformed LPD request...
Cross site request forgery (csrf)
NetSarang Xlpd 4 Build 0100 and NetSarang Xmanager Enterprise 4 Build 0186 allow remote attackers to cause a denial of service daemon crash via a malformed LPD request...
CVE-2012-1009
NetSarang Xlpd 4 (Build 0100) and NetSarang Xmanager Enterprise 4 (Build 0186) are affected by CVE-2012-1009. The issue allows remote attackers to trigger a denial-of-service (daemon crash) through a malformed LPD request, indicating a malformed protocol handling vulnerability in the LPD service....
CVE-2012-1009
NetSarang Xlpd 4 Build 0100 and NetSarang Xmanager Enterprise 4 Build 0186 allow remote attackers to cause a denial of service daemon crash via a malformed LPD request...
NetSarang Xlpd Printer Daemon 4 - Denial of Service
NetSarang Xlpd Printer Daemon 4 - Denial of Service Title : NetSarang Xlpd Printer Daemon Denial of Service Vulnerability Author : Prabhu S Angadi SecPod Technologies www.secpod.com Vendor : http://www.netsarang.com Advisory : http://secpod.org/blog/?p=457...
NetSarang Xlpd Printer Daemon 4 Denial of Service Vulnerability
Exploit for windows platform in category dos / poc Title : NetSarang Xlpd Printer Daemon Denial of Service Vulnerability Author : Prabhu S Angadi SecPod Technologies www.secpod.com Vendor : http://www.netsarang.com Advisory : http://secpod.org/blog/?p=457...
NetSarang Xlpd Printer Daemon 4 - Denial of Service
Title : NetSarang Xlpd Printer Daemon Denial of Service Vulnerability Author : Prabhu S Angadi SecPod Technologies www.secpod.com Vendor : http://www.netsarang.com Advisory : http://secpod.org/blog/?p=457 http://secpod.org/advisories/SecPodExploitNetSarangXlpdPrinterDaemonDoSVuln.txt...
Xftp < 3.0 Build 242 LIST Response Buffer Overflow
The version of Xftp, an FTP client for Windows, installed on the remote host is older than 3.0 Build 242. Such versions are reportedly affected by a buffer overflow vulnerability. By tricking a user into double-clicking on a file name included in the 'LIST' command response from a malicious FTP...