Mandriva Linux Security Advisory 2012-077 - Untrusted search path vulnerability in configure.c in ImageMagick before 6.6.5-5, when MAGICKCORE_INSTALLED_SUPPORT is defined, allows local users to gain privileges via a Trojan horse configuration file in the current working directory. A flaw was found in the way ImageMagick processed images with malformed Exchangeable image file format metadata. An attacker could create a specially-crafted image file that, when opened by a victim, would cause ImageMagick to crash or, potentially, execute arbitrary code. A denial of service flaw was found in the way ImageMagick processed images with malformed Exif metadata. An attacker could create a specially-crafted image file that, when opened by a victim, could cause ImageMagick to enter an infinite loop. Various other issues have also been addressed.
d7de3f7e0b80f09045f1b2c5f542725b115d3f5c08f7a893d8351dc7200e188a
HP Security Bulletin HPSBPV02754 SSRT100803 2 - A potential security vulnerability has been identified with certain HP ProCurve 5400 zl switches using a compact flash card which may contain malware content that is a PC trojan executable. The ProCurve switch operating system is not infected with the malware and the content on the compact flash card has no impact on the operation of the switch. Reuse of the compact flash card in a personal computer and manual execution of the malware content could result in a compromise of that system's integrity. Revision 2 of this advisory.
ce91c089270db6db060c9c1d7c9215979ae30446e5abfbcc9e91e77982f91126
Mandriva Linux Security Advisory 2011-169 - Security issues were identified and fixed in mozilla NSS, firefox and thunderbird. 22 weak 512-bit certificates issued by the DigiCert Sdn. Bhd certificate authority has been revoked from the root CA storage. Untrusted search path vulnerability in Mozilla Network Security Services might allow local users to gain privileges via a Trojan horse pkcs11.txt file in a top-level directory. Cross-site scripting vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 allows remote attackers to inject arbitrary web script or HTML via crafted text with Shift JIS encoding. Various other issues were also addressed.
1a5863158a5fd4cd434856d62ecc7ece84182035492db44cb1f4705128b08a17
Mandriva Linux Security Advisory 2011-138 - This advisory updates wireshark to the latest version (1.6.2), fixing several security issues. Untrusted search path vulnerability in Wireshark 1.4.x before 1.4.9 and 1.6.x before 1.6.2 allows local users to gain privileges via a Trojan horse Lua script in an unspecified directory. The csnStreamDissector function in epan/dissectors/packet-csn1.c in the CSN.1 dissector in Wireshark 1.6.x before 1.6.2 does not initialize a certain structure member, which allows remote attackers to cause a denial of service via a malformed packet. Wireshark 1.6.x before 1.6.2 allows remote attackers to cause a denial of service via a malformed capture file that leads to an invalid root tvbuff, related to a buffer exception handling vulnerability. The unxorFrame function in epan/dissectors/packet-opensafety.c in the OpenSafety dissector in Wireshark 1.6.x before 1.6.2 does not properly validate a certain frame size, which allows remote attackers to cause a denial of service via a malformed packet. The updated packages have been upgraded to the latest 1.6.x version which is not vulnerable to these issues.
1be2ff4344b88429c4b45236683821e4090a102fcfdcdb92236828617d266698
Whitepaper called Client-Side Threats - Anatomy of Reverse Trojan Attacks. Client-side vulnerabilities are among the biggest threats facing users. Attackers are going after weaknesses in desktop applications such as browsers, media players, common office applications and e-mail clients to install malicious software, often Trojan horses and rootkits. This document explains in detail these threats while how to prevent them.
2c1afb10f1f364d84902aa704ae75b54b7d538279adb0348248fba3c6e22acf9
Presentation slides from "SCADA Trojans: Attacking the Grid" as it was presented at RootedCon'11 in Madrid.
b859f48eb76310750d6445553c321c3c561679e19c67b8bde7dec9455c01c929
Mandriva Linux Security Advisory 2011-035 - The tomboy-panel scripts in GNOME Tomboy 1.5.2 and earlier place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. NOTE: vector 1 exists because of an incorrect fix for CVE-2005-4790.2. The updated packages have been patched to correct this issue.
bc3061e7437994cfa1e698306aec56aba5922b6fc005b13d7fec917c016f2077
Mandriva Linux Security Advisory 2011-034 - The muinshee scripts in Banshee 1.8.0 and earlier place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.
0e0448c4dc79cf12f21b404cb86c345195250fa43fb7acde3e837c7b56676625
ProFTPD version 1.3.3c compromised source remote root trojan code.
2b3de844c19ee4976c43fb307f8a5ad677fb8b4b2968ed884a2b2c49ff518797
Mandriva Linux Security Advisory 2010-241 - gnc-test-env in GnuCash 2.3.15 and earlier places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. The affected /usr/bin/gnc-test-env file has been removed to mitigate the vulnerability as gnc-test-env is only used for tests and while building gnucash. Additionally for Mandriva 2010.1 gnucash-2.2.9 was not compatible with guile. This update adapts gnucash to the new API of guile.
f6ba7fc2153de0d6d4e2127713a15491bdc57288a34cad682323920481676a39
Mandriva Linux Security Advisory 2010-240 - Untrusted search path vulnerability in metadata/loader.c in Mono 2.8 and earlier allows local users to gain privileges via a Trojan horse shared library in the current working directory.
7f1d252e40f57defd531fbf90b1795ea402aacc78f6552c5d8e49a06c5af7fcd
Mandriva Linux Security Advisory 2010-203 - The distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete.
3a077d31230594aef7aca940db8c36c6ab4de647a616eec1b67edc7fa3a96b60
Web-based Local Management Interface (LMI) of IBM Proventia Network Mail Security System appliance (firmware 1.6 and 2.5) is vulnerable to multiple persistent and reflected XSS attacks. When exploited by an external/internal attacker, such identified vulnerabilities could lead to Session Hijack, Information Disclosure, force installation of malicious file or Trojan on users' PCs, etc.
7d77648766361a40b7d96f7ef892d0dab12d44b36490044262f591af031bf755
Go Null Yourself E-zine Issue 1 - Topics in this issue include RTLO Spoofing, Alternate Data Streams, Derandomizing Perl's RNG, Trojaning OpenSSH and more.
da764bb263f3ff2f6073ba91670651cedf533d2c37e234ff11609dae96d20245
This is a simple perl keylogger for Windows. Archive password is set to p4ssw0rd. Use at your own risk.
76d6846f0f060503c1b592ab6ef88766d6f3b09cd933aeddaee0d6e8adba9a4e
Weevely is a PHP trojan that hides a backdoor for communication using a fake HTTP_REFERER header. Archive password is set to p4ssw0rd. Use at your own risk.
cf94575c893708f95eb4a55035795ab332e4ea43d663319a5d7ef61efd4d7224
Unreal IRCD version 3.2.8.1 remote downloader / execute trojan.
4b48b6d7dd9b7a30c90dabc085b3db23fc600667602fe5e3f49415b7e925975e
Mandriva Linux Security Advisory 2010-091 - This update provides a new OpenOffice.org version 3.1.1. An integer underflow might allow remote attackers to execute arbitrary code via crafted records in the document table of a Word document, leading to a heap-based buffer overflow. A heap-based buffer overflow might allow remote attackers to execute arbitrary code via unspecified records in a crafted Word document, related to table parsing. A heap-based buffer overflow allows remote attackers to execute arbitrary code via a crafted EMF file. Multiple heap-based buffer overflows allow remote attackers to execute arbitrary code via a crafted EMF+ file. OpenOffice's xmlsec uses a bundled Libtool which might load.la file in the current working directory allowing local users to gain privileges via a Trojan horse file. For enabling such vulnerability xmlsec has to use --enable-crypto_dl building flag however it does not, although the fix keeps protected against this threat whenever that flag had been enabled.
8d9c5f17ff17abb01c346325d44694318ba9b0991da8314b424d66dd738fe7f5
Mandriva Linux Security Advisory 2010-078 - The command matching functionality in sudo 1.6.8 through 1.7.2p5 does not properly handle when a file in the current working directory has the same name as a pseudo-command in the sudoers file and the PATH contains an entry for ., which allows local users to execute arbitrary commands via a Trojan horse executable, as demonstrated using sudoedit, a different vulnerability than CVE-2010-0426. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue. Packages for 2009.0 are provided due to the Extended Maintenance Program.
434d5ae46530ca84b4e40cec180a734b59057077f1e870dbe4462b04e8ee1772
Mandriva Linux Security Advisory 2010-078 - The command matching functionality in sudo 1.6.8 through 1.7.2p5 does not properly handle when a file in the current working directory has the same name as a pseudo-command in the sudoers file and the PATH contains an entry for., which allows local users to execute arbitrary commands via a Trojan horse executable, as demonstrated using sudoedit, a different vulnerability than CVE-2010-0426. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue.
d73db4cce13f07558bb167bb1c09f7caf34a09bdb07a74b3921f8547fa6960e6
Mandriva Linux Security Advisory 2010-075 - OpenOffice's xmlsec uses a bundled Libtool which might load .la file in the current working directory allowing local users to gain privileges via a Trojan horse file. For enabling such vulnerability xmlsec has to use --enable-crypto_dl building flag however it does not, although the fix keeps protected against this threat whenever that flag had been enabled.
23ab26a558f6ee10fc5753b67472cba4b55f9540928eebeb46b588ba97cdd500
Whitepaper called Introduction to PHP Trojans. Written in Spanish.
8fcdc63bcd4fb561d922607d7923a7e2ab2bb726e95df7dc775a0befac9ff31d
This Metasploit module will execute an arbitrary payload against any system infected with the Arugizer trojan horse. This backdoor was shipped with the software package accompanying the Energizer Duo USB battery charger.
a1bf3f27171f32dee29233cb205cbdc4a03991a5c16306ba50e72d267e4f12e0
Small whitepaper detailing simple methodologies surrounding PHP trojans.
6af6687dfb6f63aecb232c3f8a37be1090352507eda4e8000e630ee071dcc16c
Mandriva Linux Security Advisory 2009-341 - Multiple untrusted search path vulnerabilities in dstat before 0.7.0 allow local users to gain privileges via a Trojan horse Python module in (1) the current working directory or (2) a certain subdirectory of the current working directory. This update provides a solution to these vulnerabilities.
c7d601c0b385dee4f628e53dbf3b2c25c6d716ab9e0c2200166d63493ea4ea8f