Microsoft Windows Defender / Trojan.Win32/Powessere.G VBScript Detection Bypass

[+] Credits: John Page (aka hyp3rlinx) [+] Website: hyp3rlinx.altervista.org [+] Source: https://hyp3rlinx.altervista.org/advisories/MICROSOFT_WINDOWS_DEFENDER_VBSCRIPT_TROJAN_MITIGATION_BYPASS.txt [+] twitter.com/hyp3rlinx [+] ISR: ApparitionSec [Vendor] www.microsoft.com [Product] Windows Defender [Vulnerability Type] Windows Defender VBScript Detection Mitigation Bypass TrojanWin32Powessere.G [CVE Reference] N/A [Security Issue] Typically, Windows Defender detects and prevents TrojanWin32Powessere.G aka “POWERLIKS” type execution that leverages rundll32.exe. Attempts at execution fail and…

https://afaghhosting.net/blog/microsoft-windows-defender-trojan-win32-powessere-g-vbscript-detection-bypass/

آموزش Veeam Backup Enterprise Manager

کاربرد Veeam Backup Enterprise Manager زمانی که شما مسئول چندین سرور Veeam Backup می باشید و برای بررسی اینکه آیا Job ها با موفقت انجام شده یا خیر مجبور هستید به هرکدام از این سرور ها تک تک متصل شوید و چک کنید، اما با استفاده از Veeam Backup Enterprise Manager این امکان را خواهید…

https://afaghhosting.net/blog/آموزش-veeam-backup-enterprise-manager/

Ubuntu Security Notice USN-6636-1 clamav

========================================================================== Ubuntu Security Notice USN-6636-1 February 14, 2024 clamav vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: – Ubuntu 23.10 Summary: Several security issues were fixed in ClamAV. Software Description: – clamav: Anti-virus utility for Unix Details: It was discovered that ClamAV incorrectly handled parsing certain OLE2 files. A remote…

https://afaghhosting.net/blog/ubuntu-security-notice-usn-6636-1-clamav/

چطور LockBit توسط FBI هک و متوقف شد

زمان مطالعه: 3 دقیقه مجریان قانون از 11 کشور دنیا، طی عملیاتی بنام Operation Cronos ، در فعالیت های گروه باج افزاری لاک بیت اختلال ایجاد کردن. براساس بنری که روی سایت نشت داده این گروه قرار گرفته، این سایت تحت کنترل آژانس جرائم ملی بریتانیا هستش. در این بنر نوشته شده : این سایت…

https://afaghhosting.net/blog/چطور-lockbit-توسط-fbi-هک-و-متوقف-شد/

Ubuntu Security Notice USN-6644-1

========================================================================== Ubuntu Security Notice USN-6644-1 February 19, 2024 tiff vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: – Ubuntu 23.10 – Ubuntu 20.04 LTS – Ubuntu 18.04 LTS (Available with Ubuntu Pro) – Ubuntu 16.04 LTS (Available with Ubuntu Pro) – Ubuntu 14.04 LTS (Available with Ubuntu Pro) Summary: Several…

https://afaghhosting.net/blog/ubuntu-security-notice-usn-6644-1/

Ubuntu Security Notice USN-6625-3 raspi

========================================================================== Ubuntu Security Notice USN-6625-3 February 20, 2024 linux-raspi, linux-raspi-5.4 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: – Ubuntu 20.04 LTS – Ubuntu 18.04 LTS (Available with Ubuntu Pro) Summary: Several security issues were fixed in the Linux kernel. Software Description: – linux-raspi: Linux kernel for Raspberry Pi systems…

https://afaghhosting.net/blog/ubuntu-security-notice-usn-6625-3-raspi/

Ubuntu Security Notice USN-6642-1 bind9

========================================================================== Ubuntu Security Notice USN-6642-1 February 19, 2024 bind9 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: – Ubuntu 20.04 LTS Summary: Several security issues were fixed in Bind. Software Description: – bind9: Internet Domain Name Server Details: Shoham Danino, Anat Bremler-Barr, Yehuda Afek, and Yuval Shavitt discovered that Bind…

https://afaghhosting.net/blog/ubuntu-security-notice-usn-6642-1-bind9/

MongoDB 2.0.1 / 2.1.1 / 2.1.4 / 2.1.5 Local Password Disclosure

MongoDB versions 2.0.1, 2.1.1, 2.1.4, and 2.1.5 appear to suffer from multiple localized password disclosure issues.

https://afaghhosting.net/blog/mongodb-2-0-1-2-1-1-2-1-4-2-1-5-local-password-disclosure/

Debian Security Advisory 5637-1 Squid

Debian Linux Security Advisory 5637-1 – Several security vulnerabilities have been discovered in Squid, a full featured web proxy cache. Due to programming errors in Squid’s HTTP request parsing, remote attackers may be able to execute a denial of service attack by sending large X-Forwarded-For header or trigger a stack buffer overflow while performing HTTP…

https://afaghhosting.net/blog/debian-security-advisory-5637-1/

Splunk Enterprise 9.2.0.1 +ES

با نرم افزار بروز شده Splunk Enterprise در خدمت شما هستیم که سه روز پیش منتشر شده و یکی از بهترین ، کاملترین و ارزشمند ترین نرم افزار تو حوزه جمع آوری اطلاعات ، آنالیز و اعمال عملیات بر روی داده ها. Download Splunk Enterprise 9.2.0.1 x64 For Windows Link: Splunk Enterprise 9.2.0.1 x64 Size:…

https://afaghhosting.net/blog/splunk-enterprise-9-2-0-1-es/

Akaunting 3.1.3 Remote Command Execution

# Exploit Title: Akaunting

https://afaghhosting.net/blog/akaunting-3-1-3-remote-command-execution/

DataCube3 1.0 Shell Upload

# Exploit Title: DataCube3 v1.0 – Unrestricted file upload ‘RCE’ # Date: 7/28/2022 # Exploit Author: Samy Younsi – NS Labs (https://neroteam.com) # Vendor Homepage: https://www.f-logic.jp # Software Link: https://www.f-logic.jp/pdf/support/manual_product/manual_product_datacube3_ver1.0_sc.pdf # Version: Ver1.0 # Tested on: DataCube3 version 1.0 (Ubuntu) # CVE : CVE-2024-25830 + CVE-2024-25832 # Exploit chain reverse shell, information disclosure (root password…

https://afaghhosting.net/blog/datacube3-1-0-shell-upload/

Ubuntu Security Notice USN-6687-1

========================================================================== Ubuntu Security Notice USN-6687-1 March 11, 2024 accountsservice vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: – Ubuntu 22.04 LTS – Ubuntu 20.04 LTS Summary: AccountsService could be made to expose sensitive information. Software Description: – accountsservice: query and manipulate user account information Details: It was discovered that AccountsService…

https://afaghhosting.net/blog/ubuntu-security-notice-usn-6687-1/

WordPress Hide My WP SQL Injection

# Exploit Title: WordPress Plugin Hide My WP

https://afaghhosting.net/blog/wordpress-hide-my-wp-sql-injection/

Backdoor.Win32.Beastdoor.oq MVID-2024-0674 Remote Command Execution

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024 Original source: https://malvuln.com/advisory/6268df4c9c805c90725dde4fe5ef6fea.txt Contact: malvuln13@gmail.com Media: twitter.com/malvuln Threat: Backdoor.Win32.Beastdoor.oq Vulnerability: Unauthenticated Remote Command Execution Description: The malware listens on TCP port 1332, makes outbound connections to SMTP port 25 and executes a PE file named svchost.exe dropped in Windows directory. Third party adversaries who can…

https://afaghhosting.net/blog/backdoor-win32-beastdoor-oq-mvid-2024-0674-remote-command-execution/

Ubuntu Security Notice USN-6695-1 texlive-bin

========================================================================== Ubuntu Security Notice USN-6695-1 March 14, 2024 texlive-bin vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: – Ubuntu 23.10 – Ubuntu 22.04 LTS – Ubuntu 20.04 LTS Summary: Several security issues were fixed in TeX Live. Software Description: – texlive-bin: Binaries for TeX Live Details: It was discovered that…

https://afaghhosting.net/blog/ubuntu-security-notice-usn-6695-1-texlive-bin/

Red Hat Security Advisory 2024-1334-03 dnsmasq

The following advisory data is extracted from: https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1334.json Red Hat officially shut down their mailing list notifications October 10, 2023. Due to this, Packet Storm has recreated the below data as a reference point to raise awareness. It must be noted that due to an inability to easily track revision updates without crawling Red Hat’s…

https://afaghhosting.net/blog/red-hat-security-advisory-2024-1334-03-dnsmasq/

Red Hat Security Advisory 2024-1333-03 OpenShift Serverless

The following advisory data is extracted from: https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1333.json Red Hat officially shut down their mailing list notifications October 10, 2023. Due to this, Packet Storm has recreated the below data as a reference point to raise awareness. It must be noted that due to an inability to easily track revision updates without crawling Red Hat’s…

https://afaghhosting.net/blog/red-hat-security-advisory-2024-1333-03-openshift-serverless/

Backdoor.Win32.Emegrab.b MVID-2024-0675 Buffer Overflow

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024 Original source: https://malvuln.com/advisory/19a14d0414aec62ef38378de2e8b259d.txt Contact: malvuln13@gmail.com Media: twitter.com/malvuln Threat: Backdoor.Win32.Emegrab.b Vulnerability: Remote Stack Buffer Overflow (SEH) Family: Emegrab Type: PE32 MD5: 19a14d0414aec62ef38378de2e8b259d Vuln ID: MVID-2024-0675 ASLR: False DEP: False CFG: False Safe SEH: False Disclosure: 03/13/2024 Description: The malware listens on TCP port 2323 (typically) however,…

https://afaghhosting.net/blog/backdoor-win32-emegrab-b-mvid-2024-0675-buffer-overflow/

WordPress Gutenberg 18.0.0 Cross Site Scripting

## Exploit Title: WordPress Gutenberg Plugin Version 18.0.0 Stored XSS ### Date: 2024-3-29 ### Exploit Author: tmrswrr ### Category: Webapps ### Vendor Homepage: https://wordpress.org/plugins/gutenberg/ ### Version 18.0.0 1 ) Go to Gutenberg Plugin edit page : https://127.0.0.1/WordPress/2024/03/29/welcome-to-the-gutenberg-editor/#comment-4 2 ) Write Leave a Reply place your payload :

https://afaghhosting.net/blog/wordpress-gutenberg-18-0-0-cross-site-scripting/