Trojan.Win32.NanoBot.onh Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/9fff4c02274c0162880844f27ff91407.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan.Win32.NanoBot.onh Vulnerability: Insecure Permissions Description: NanoBot.onh creates an...

Trojan-Spy.Win32.WinSpy.vwl Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/0187e62ca40cb3d556a2c5825620bd8f.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan-Spy.Win32.WinSpy.vwl Vulnerability: Insecure Permissions EoP Description: WinSpy.vwl create t...

Wynis - Audit Windows Security With Best Practice

Just a powershell scripts for auditing security with CIS BEST Practices Windows 10 and Window Server 2016 You just need to run the script, it will create a directory named : AUDITCONF%DATE% The directory output will contain the files belows: -Antivirus-%COMPUTERNAME% : List installed Antivirus...

Overlay Malware Targets Windows Users with a DLL Hijack Twist

Brazilians are being warned of a new overlay malware targeting Windows users in order to siphon victims’ financial data and drain their bank accounts. Researchers say what the malware, dubbed Vizom, lacks in sophistication it makes up for in its creative abuse of the Windows ecosystem. Trusteer, ...

Acronis: DLL Hijacking when sending feedback and crash report leading to Privilege Escalation

Vulnerability description not provided...

April 25, 2019—KB4493437 (OS Build 17134.753)

April 25, 2019—KB4493437 OS Build 17134.753 Reminder: March 12th and April 9th will be the last two Delta updates for Windows 10, version 1803. Security and quality updates will continue to be available via the express and full cumulative update packages. For more information on this change pleas...

May 3, 2019—KB4495667 (OS Build 17763.475)

May 3, 2019—KB4495667 OS Build 17763.475 Improvements and fixes This update includes quality improvements. Key changes include: Allows the built-in Administrator account to run Microsoft Office setup after downloading the installer in Microsoft Edge. Addresses an issue that causes Internet Explor...

CVE-2020-11443

The Zoom IT installer for Windows ZoomInstallerFull.msi prior to version 4.6.10 deletes files located in %APPDATA%\Zoom before installing an updated version of the client. Standard users are able to write to this directory, and can write links to other directories on the machine. As the installer...

Code injection

The Zoom IT installer for Windows ZoomInstallerFull.msi prior to version 4.6.10 deletes files located in %APPDATA%\Zoom before installing an updated version of the client. Standard users are able to write to this directory, and can write links to other directories on the machine. As the installer...

Neowise CarbonFTP 1.4 - Insecure Proprietary Password Encryption

Title: Neowise CarbonFTP 1.4 - Insecure Proprietary Password Encryption Date: 2020-04-20 Author: hyp3rlinx Vendor: CVE: CVE-2020-6857 import time, string, sys, argparse, os, codecs Fixed: updated for Python 3, the hex decode function was not working in Python 3 version. This should be compatible...

Neowise CarbonFTP 1.4 - Insecure Proprietary Password Encryption Exploit

Title: Neowise CarbonFTP 1.4 - Insecure Proprietary Password Encryption Author: hyp3rlinx Vendor: CVE: CVE-2020-6857 import time, string, sys, argparse, os, codecs Fixed: updated for Python 3, the hex decode function was not working in Python 3 version. This should be compatible for Python 2 and ...

Sublime Text Privilege Vulnerability

Sublime Text is a cross-platform, extensible text editor. A power lifting vulnerability exists in Sublime Text 3 32-bit Windows platform version 3.1.1 build 3176, which can be exploited by an attacker by placing a malicious pi-ms-win-core-fibers-l1-1-1.dll or api-ms-win-core-localization-l1-2-1...

PT-2019-19370 · Sublime Text · Sublime Text

Name of the Vulnerable Software and Affected Versions: Sublime Text 3 version 3.1.1 build 3176 Description: DLL hijacking is possible because a Trojan horse api-ms-win-core-fibers-l1-1-1.dll or api-ms-win-core-localization-l1-2-1.dll file may be loaded if a victim uses sublime text.exe to open a...

Microsoft Windows - Desktop Bridge VFS Privilege Escalation

Microsoft Windows - Desktop Bridge VFS Privilege Escalation Windows: Windows: Desktop Bridge VFS EoP Platform: Windows 1709 not tested earlier version Class: Elevation of Privilege Summary: The handling of the VFS for desktop bridge applications can allow an application to create virtual files in...

Security update for libzypp (important)

The Software Update Stack was updated to receive fixes and enhancements. libzypp: - CVE-2017-7435, CVE-2017-7436, CVE-2017-9269: Fix GPG check workflows, mainly for unsigned repositories and packages. bsc1045735, bsc1038984 - Fix gpg-pubkey release creation time computation. bsc1036659 - Update...

SUSE-SU-2017:2264-1 Security update for libzypp

The Software Update Stack was updated to receive fixes and enhancements. libzypp: - CVE-2017-7435, CVE-2017-7436, CVE-2017-9269: Fix GPG check workflows, mainly for unsigned repositories and packages. bsc1045735, bsc1038984 - Fix gpg-pubkey release creation time computation. bsc1036659 - Update...

Sandboxie installer DLL hijacking vulnerability

Sandboxie is a virtualization software from the American company Sandboxie Holdings. The software supports running other applications in an isolated space and prevents programs from making changes to the system.Sandboxie installer is an installer for Sandboxie. A DLL hijacking vulnerability exist...

Security update for libzypp, zypper (important)

The Software Update Stack was updated to receive fixes and enhancements. libzypp: Security issues fixed: - CVE-2017-7435, CVE-2017-7436, CVE-2017-9269: Fix GPG check workflows, mainly for unsigned repositories and packages. bsc1045735, bsc1038984 Bug fixes: - Re-probe on refresh if the repository...

Directory traversal

Sandboxie installer 5071703 has a DLL Hijacking or Unsafe DLL Loading Vulnerability via a Trojan horse dwmapi.dll or profapi.dll file in an AppData\Local\Temp directory...

CVE-2017-12480

The CVE-2017-12480 entry concerns Sandboxie installer version 5071703 with a DLL hijacking/unsafe DLL loading vulnerability. An attacker could place a malicious dwmapi.dll or profapi.dll in an AppData\Local\Temp directory, leading to code execution when the installer loads the DLL. The issue is d...