Backdoor.Win32.Wollf.14 malware has a backdoor on TCP/7614 that does not require any authentication.
2f11b22f4a81eedb7df75e8958cdd82cecb3055d43ca8789947305c47f9b576a142 bytes small Linux/x64 shellcode that binds a password protected shell to TCP 0.0.0.0:4444.
333530589c154018011a1ee45adb6102c069fc8e7b0ef4eaecdb98fd693c95d6Backdoor.Win32.Kraimer.11 malware has a backdoor on TCP/6668 that does not require any authentication.
5f05a5534857a1ffa1de021039a3e94cc618d99cc6d1cf04bba6bde3ea222d6cBackdoor.Win32.Verify.f malware has backdoors running on TCP ports 1906 and 1907 that do not require any authentication.
cf0d05fad5bd20b1a4725f45b439683727f6fcb22ffc0ac1c0781c2dfad9a15fBackdoor.Win32.Onalf malware has a backdoor running on TCP/2020 that does not require any authentication.
11a484e66621a068144ad8f7018fb183228c9b73ab0087efdfb38ba9ac0ca945Backdoor.Win32.Zxman malware has a backdoor running on TCP/2048 that does not require any authentication.
7e36b3ed420235c9c2bb63db0969a3ca18598c9509d4fd42955a600687d7d9e8123 bytes small Linux/x64 reverse shell shellcode that connects to TCP/127.1.1.1:4444.
d489702cacf00b2cfb806769d32c8598c913a2c473ddd76a85a653c65a63168765 bytes small Linux/x86 bindshell shellcode that binds /bin/sh to TCP/0.0.0.0:13377.
0b6f0d113dff3fe9e7fd8830f15d89012a24c53b6fd740940fa27df4be7c06feBackdoor.Win32.NinjaSpy.c suffers from a remote stack buffer overflow vulnerability. The specimen drops a DLL named "cmd.dll" under C:\WINDOWS\ which listens on both TCP ports 2003 and 2004. By sending consecutive HTTP PUT requests with large payloads of characters, we can cause buffer overflow.
400bc171e968496bf6805e3f0060696d5ec13c5f875efa99884bbebe00d20df4114 bytes small Linux/x86 reverse TCP shellcode.
2683c644409206f0c3a9aae6d82afb5a6f04a316245fb265c0cdab4441651ee1An attacker armed with hardcoded API credentials from KL-001-2020-004 (CVE-2020-28329) can issue an authenticated query to display the admin password for the main web user interface listening on port 443/tcp for Barco wePresent WiPG-1600W version 2.5.1.8.
d17ea5576bc764da9307b56d3e500fe6c4d6a46a6d607ac07eeebd256034d86cGlobal Socket is a tool for moving data from here to there, securely, fast, and through NAT and firewalls. It uses the Global Socket Relay Network to connect TCP pipes, has end-to-end encryption (using OpenSSL's SRP / RFC-5054), AES-256 and key exchange using 4096-bit Prime, requires no PKI, has Perfect Forward Secrecy, and TOR support.
17eb30ef4d91991b265d5d93ab7f4ad6b58d43061a46ba3292142b962be95f7dAsterisk versions 17.5.1 and 17.6.0 were found vulnerability to a denial of service condition where Asterisk segfaults when receiving an INVITE flood over TCP.
16f54da5d3c7145bd5aa998e183688a666211433fed046580666ec3e14e0913eRed Hat Security Advisory 2020-4619-01 - FRRouting is free software that manages TCP/IP based routing protocols. It supports BGP4, OSPFv2, OSPFv3, ISIS, RIP, RIPng, PIM, NHRP, PBR, EIGRP and BFD. Issues addressed include denial of service and information leakage vulnerabilities.
d475983c42dcc5c3867aad810c12f3fdce4cde368c3c871b20cc730fbf94dd14Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
d39dd235b20123b43fb5cee5acd54edcf69e396c79fe833b6d59d98be7c3c7e9Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings.
9ecf2e93adad5a90c69fa7ab419937ef670398707dd4f97b12bf464d6b1e6cdaNmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings.
b118e8b223a875a88b725f3dcc2a68c41831b1cec67e4f6a41ff969667fccfbfThe installer component of Cisco AnyConnect Secure Mobility Client for Windows prior to 4.8.02042 is vulnerable to path traversal and allows local attackers to create/overwrite files in arbitrary locations with system level privileges. The installer component of Cisco AnyConnect Secure Mobility Client for Windows prior to 4.9.00086 is vulnerable to a DLL hijacking and allows local attackers to execute code on the affected machine with with system level privileges. Both attacks consist in sending a specially crafted IPC request to the TCP port 62522 on the loopback device, which is exposed by the Cisco AnyConnect Secure Mobility Agent service.
74ae12d312c6c46fa9f122b2a106d803de515d0b707dfe34720c066dd56a268084 bytes small Linux/x86 reverse TCP shellcode.
a9b8dde55f9a62b0ac5a12be1dac512db3965420f4d49dbeec8a6055fc68b62dEricom Access Server allows attackers to initiate SSRF requests making outbound connections to arbitrary hosts and TCP ports. Attackers, who can reach the AccessNow server can target internal systems that are behind firewalls that are typically not accessible. This can also be used to target third-party systems from the AccessNow server itself. Version 9.2.0 is affected.
be074654b32c8f5acc5a65ebfb2346bf9d5c96f828c3e11ce96a91c39d1bafefUbuntu Security Notice 4468-1 - Emanuel Almeida discovered that Bind incorrectly handled certain TCP payloads. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS. Joseph Gullo discovered that Bind incorrectly handled QNAME minimization when used in certain configurations. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS. Various other issues were also addressed.
e68968b54f06a09f60aaea3f86c5fd5e18688a0dc2013d6d8a0ac01245a43511Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
484fc9b660454f253984e2830015a52522fee4232ff0e81a34a5c5b6c0cf0b46The installer component of Cisco AnyConnect Secure Mobility Client for Windows prior to version 4.8.02042 is vulnerable to path traversal and allows local attackers to create/overwrite files in arbitrary locations with system level privileges. The attack consists in sending a specially crafted IPC request to the TCP port 62522 on the loopback device, which is exposed by the Cisco AnyConnect Secure Mobility Agent service. This service will then launch the vulnerable installer component (vpndownloader), which copies itself to an arbitrary location before being executed with system privileges. Since vpndownloader is also vulnerable to DLL hijacking, a specially crafted DLL (dbghelp.dll) is created at the same location vpndownloader will be copied to get code execution with system privileges. This exploit has been successfully tested against Cisco AnyConnect Secure Mobility Client versions 4.5.04029, 4.5.05030 and 4.7.04056 on Windows 10 version 1909 (x64) and Windows 7 SP1 (x86).
b6d44c2b494378ff342fef57be9d4be4564327103eadabb01ff166ae6dae9bff100 bytes small null-free Linux/ARM shellcode that binds /bin/sh to 0.0.0.0:1337/TCP.
7ee6a6fcc5e486b90d3866afa4de0159d3ef94aa1637076ecdb4c1ab24dbf700Red Hat Security Advisory 2020-2265-01 - HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments. Issues addressed include a HTTP request smuggling vulnerability.
0c0904de44986bd12f1e63e56e6c3667b84845a080c52245dc69f3aecca57230
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed