#
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/research/advisories/
#
#
#
# Product: Identity Vault
# Vendor: Ionic
# CSNC ID: CSNC-2021-001
# CVE ID:
Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/92ea873a2bbdaf0799d572bc4f30dc79.txt
Contact: malvul...@gmail.com
Media: twitter.com/malvuln
Threat: Backdoor.Win32.Small.vjt
Vulnerability: Unauthenticated Remote Command Execution
Description: The
Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/dec17541412bbc744b9f458862349e34.txt
Contact: malvul...@gmail.com
Media: twitter.com/malvuln
Threat: Backdoor.Win32.Nyara.aq
Vulnerability: Insecure Permissions
Description: The malware creates a dir
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Thu, Sep 02, 2021 at 04:55:24PM +0800, kun song wrote:
> hi,
>
>I found a vulnerability in the jforum 2.7.0. It is a storage cross site
> script vulnerability. The place is the user's profile - signature. The
> technique of the
Greetings,
Two independent authentication bypass has been found in Dahua (and their OEMs)
devices.
Due to the very high potential of another "Dahua mass hack", I will keep Full
Disclosure details until October 6, 2021.
Highly recommend upgrading the firmware until then.
Dahua advisory:
Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/551674fec6add7117c4be7f6b357e7cb.txt
Contact: malvul...@gmail.com
Media: twitter.com/malvuln
Threat: Backdoor.Win32.Small.gs
Vulnerability: Unauthenticated Remote Command Execution
Description: The
yeah but nothing new with this, you are making it over no TLS connection.
if you make similar to this attack over hardened TLS (hardened mean
support hsts,hsts-preload,ocsp..supported) or Tor hidden services
(called onion services as well) or I2P eepsites .. yeah that would be
something new
1) About Rencode
Rencode is a "Python module for fast (basic) object serialization
similar to bencode".
https://github.com/aresch/rencode
This library is used as a faster and more efficient data encoder than
bencode.
There are implementations in other languages: Golang, Javascript, Java,
Ruby,