exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 207 RSS Feed

Files from Core Security Technologies

Email addressinfo at coresecurity.com
First Active2002-07-12
Last Active2020-06-09
Pydio Cells 2.0.4 XSS / File Write / Code Execution
Posted Jun 9, 2020
Authored by Core Security Technologies, Ramiro Molina, Ivan Koiffman | Site coresecurity.com

Pydio Cells version 2.0.4 suffers from cross site scripting, file write, code execution, and various other vulnerabilities.

tags | exploit, vulnerability, code execution, xss
advisories | CVE-2020-12847, CVE-2020-12848, CVE-2020-12849, CVE-2020-12850, CVE-2020-12851, CVE-2020-12852, CVE-2020-12853
SHA-256 | ec35943a76a3c284d24b95110cd826800beebfcbda0fb782c4dc64877ec72836
CipherMail Community Virtual Appliance 4.6.2 Code Execution
Posted Jun 9, 2020
Authored by Core Security Technologies, Fernando Diaz, Fernando Catoira, Ivan Koiffman | Site coresecurity.com

CipherMail Community Virtual Appliance version 4.6.2 suffers from remote command execution and file injection vulnerabilities.

tags | exploit, remote, vulnerability
advisories | CVE-2020-12713, CVE-2020-12714
SHA-256 | 8f19790f62e3ddd9f325c2b8bdab7552d76c9c096306b5c140c6286c884f3672
Open-AudIT 3.2.2 Command Injection / SQL Injection
Posted Apr 29, 2020
Authored by Core Security Technologies, Ivan Huertas, Pablo A. Zurro | Site coresecurity.com

Open-AudIT version 3.2.2 suffers from OS command injection, arbitrary file upload, and remote SQL injection vulnerabilities.

tags | exploit, remote, arbitrary, vulnerability, sql injection, file upload
advisories | CVE-2020-11941, CVE-2020-11942, CVE-2020-11943
SHA-256 | d8e9402b9604c3706a2115909b60726c461d0262c2196626918539a2164e5352
Cisco WebEx Meetings Privilege Escalation
Posted Feb 28, 2019
Authored by Core Security Technologies, Marcos Accossatto | Site coresecurity.com

A vulnerability in the update service of Cisco Webex Meetings Desktop App for Windows could allow a local attacker to elevate privileges. Cisco Webex Meetings Desktop App versions 33.6.4.15, 33.6.5.2, 33.7.0.694, 33.7.1.15, 33.7.2.24, 33.7.3.7, 33.8.0.779, 33.8.1.13, and 33.8.2.7 are affected.

tags | exploit, local
systems | cisco, windows
advisories | CVE-2019-1674
SHA-256 | 9d1274a1cd79b05c5388dac3dae49ae0bd47e790ca5b08b896914d7cc2998ca8
GIGABYTE Driver Privilege Escalation
Posted Dec 21, 2018
Authored by Core Security Technologies, Diego Juarez | Site coresecurity.com

Multiple vulnerabilities were found in the GPCIDrv and GDrv drivers as bundled with several GIGABYTE and AORUS branded motherboard and graphics card utilities, which could allow a local attacker to elevate privileges. Affected versions include GIGABYTE APP Center 1.05.21 and below, AORUS GRAPHICS ENGINE 1.33 and below, XTREME GAMING ENGINE 1.25 and below, and OC GURU II 2.08.

tags | exploit, local, vulnerability
advisories | CVE-2018-19320, CVE-2018-19321, CVE-2018-19322, CVE-2018-19323
SHA-256 | 48d96c0c3430d878112464f31d6eeadae2c2f83b0d2533746e74c9f17d8e0f36
ASUS Driver Privilege Escalation
Posted Dec 21, 2018
Authored by Core Security Technologies, Diego Juarez | Site coresecurity.com

Multiple vulnerabilities were found in the GLCKIo and Asusgio drivers installed by ASUS Aura Sync, which could allow a local attacker to elevate privileges. ASUS Aura Sync versions 1.07.22 and below are affected.

tags | exploit, local, vulnerability
advisories | CVE-2018-18535, CVE-2018-18536, CVE-2018-18537
SHA-256 | 255511782c79945ab6f218abd699801864552a7945b1791b84b548a8c0971a6a
Cisco WebEx Meetings Privilege Escalation
Posted Nov 28, 2018
Authored by Core Security Technologies, Marcos Accossatto | Site coresecurity.com

A vulnerability in the update service of Cisco Webex Meetings Desktop App for Windows could allow a local attacker to elevate privileges. This vulnerability is related to a previous security issue fixed by Cisco in October. Affected versions include Cisco Webex Meetings Desktop App releases prior to 33.6.4 and Cisco Webex Productivity Tools releases 32.6.0 and later prior to 33.0.6.

tags | exploit, local
systems | cisco, windows
advisories | CVE-2018-15442
SHA-256 | 8a6363eac36d1c77af2c188b62cc8afc4fb79e8cc7205275d6c75b242a765b2a
ASRock Drivers Privilege Escalation / Code Execution
Posted Oct 27, 2018
Authored by Core Security Technologies, Diego Juarez | Site secureauth.com

ASRock offers several utilities designed to give the user with an ASRock motherboard more control over certain settings and functions. These utilities include various features like the RGB LED control, hardware monitor, fan controls, and overclocking/voltage options. Multiple vulnerabilities were found in AsrDrv101.sys and AsrDrv102.sys low level drivers, installed by ASRock RGBLED and other ASRock branded utilities, which could allow a local attacker to elevate privileges. Vulnerable packages include ASRock RGBLED before version 1.0.35.1, A-Tuning before version 3.0.210, F-Stream before version 3.0.210, and RestartToUEFI before version 1.0.6.2.

tags | exploit, local, vulnerability
advisories | CVE-2018-10709, CVE-2018-10710, CVE-2018-10711, CVE-2018-10712
SHA-256 | 3b57e1d843a64059edf1200acba22a276913db2838fb449328d307badda0ce0e
D-Link Central WiFiManager Software Controller Code Execution / XSS
Posted Oct 4, 2018
Authored by Core Security Technologies, Julian Munoz | Site coresecurity.com

D-Link Central WiFiManager Software Controller suffers from hard-coded credential, code execution, and cross site scripting vulnerabilities. Version 1.03 is affected.

tags | exploit, vulnerability, code execution, xss
advisories | CVE-2018-17440, CVE-2018-17441, CVE-2018-17442, CVE-2018-17443
SHA-256 | 0c727854c4a3a6e628258dcc738184e2861e8c1ad5dbd247e1a3630b27db5115
Opsview Monitor 5.x Command Execution
Posted Sep 5, 2018
Authored by Core Security Technologies, Fernando Diaz, Fernando Catoira | Site coresecurity.com

Opsview Monitor versions 5.2, 5.3, and 5.4 suffer from cross site scripting and multiple remote command execution vulnerabilities.

tags | exploit, remote, vulnerability, xss
advisories | CVE-2018-16144, CVE-2018-16145, CVE-2018-16146, CVE-2018-16147, CVE-2018-16148
SHA-256 | 953c9d49a6ad47c20e9a9acc6d55ebbeea2a239ede57f492f4be332d89519ed1
SoftNAS Cloud OS Command Injection
Posted Jul 27, 2018
Authored by Core Security Technologies, Fernando Diaz, Fernando Catoira | Site coresecurity.com

SoftNAS Cloud versions prior to 4.0.3 suffers from an OS command injection vulnerability.

tags | exploit
advisories | CVE-2018-14417
SHA-256 | b79184adec75f473b47197947faff63cfba84edcfe7f5a771347dd49fb829b26
QNAP Qcenter Virtual Appliance 1.6.x Information Disclosure / Command Injection
Posted Jul 11, 2018
Authored by Core Security Technologies, Ivan Huertas | Site coresecurity.com

QNAP Qcenter Virtual Appliance versions 1.6.1056 (20170825) and 1.6.1075 (20171123) suffer from information disclosure and command injection vulnerabilities.

tags | exploit, vulnerability, info disclosure
advisories | CVE-2018-0706, CVE-2018-0707, CVE-2018-0708, CVE-2018-0709, CVE-2018-0710
SHA-256 | d468f350b0e3bb3d4bd9bf10b3b49470163d611522cabc435f5fd39081341998
Quest KACE System Management Appliance 8.0 (Build 8.0.318) XSS / Traversal / Code Execution / SQL Injection
Posted May 31, 2018
Authored by Core Security Technologies, Leandro Barragan, Guido Leo | Site coresecurity.com

Quest KACE System Management Appliance version 8.0 (Build 8.0.318) suffers from code execution, cross site scripting, path traversal, remote SQL injection, and various other vulnerabilities.

tags | exploit, remote, vulnerability, code execution, xss, sql injection
advisories | CVE-2018-11132, CVE-2018-11133, CVE-2018-11134, CVE-2018-11135, CVE-2018-11136, CVE-2018-11137, CVE-2018-11138, CVE-2018-11139, CVE-2018-11140, CVE-2018-11141, CVE-2018-11142
SHA-256 | fd18c79b0364edc307ae0073788f224ea5fd016ba9223e6018267eb9911d3f41
Quest DR Series Disk Backup Software 4.0.3 Code Execution
Posted May 31, 2018
Authored by Core Security Technologies, Maximiliano Vidal | Site coresecurity.com

Quest DR Series Disk Backup Software version 4.0.3 suffers from multiple code execution vulnerabilities.

tags | exploit, vulnerability, code execution
advisories | CVE-2018-11143, CVE-2018-11144, CVE-2018-11145, CVE-2018-11146, CVE-2018-11147, CVE-2018-11148, CVE-2018-11149, CVE-2018-11150, CVE-2018-11151, CVE-2018-11152, CVE-2018-11153, CVE-2018-11154, CVE-2018-11155, CVE-2018-11156, CVE-2018-11157, CVE-2018-11158, CVE-2018-11159, CVE-2018-11160, CVE-2018-11161, CVE-2018-11162, CVE-2018-11163, CVE-2018-11164, CVE-2018-11165, CVE-2018-11166, CVE-2018-11167, CVE-2018-11168
SHA-256 | e313c1bcf4d85337e78155dc912283a22293cddaadd03f8b4acb51929c7e6e8c
TP-Link EAP Controller CSRF / Hard-Coded Key / XSS
Posted May 4, 2018
Authored by Core Security Technologies | Site coresecurity.com

TP-Link EAP suffers from hard-coded credential, cross site request forgery, cross site scripting, and other vulnerabilities.

tags | exploit, vulnerability, xss, csrf
advisories | CVE-2018-10164, CVE-2018-10165, CVE-2018-10166, CVE-2018-10167, CVE-2018-10168
SHA-256 | c5187235d9542ea658539bfb88cc9cb5ce9f82fc8cafd49e9eb8cb63664932db
MikroTik RouterOS SMB Buffer Overflow
Posted Mar 15, 2018
Authored by Core Security Technologies, Juan Caillava, Maximiliano Vidal | Site coresecurity.com

A buffer overflow was found in the MikroTik RouterOS SMB service when processing NetBIOS session request messages. Remote attackers with access to the service can exploit this vulnerability and gain code execution on the system. The overflow occurs before authentication takes place, so it is possible for an unauthenticated remote attacker to exploit it.

tags | exploit, remote, overflow, code execution
advisories | CVE-2018-7445
SHA-256 | f596977ec0c838a1e24c8e7b3ba40756d8c45733524c4820e426799d27f008d3
Trend Micro Email Encryption Gateway XSS / Code Execution
Posted Feb 21, 2018
Authored by Core Security Technologies, Maximiliano Vidal, Leandro Barragan | Site coresecurity.com

Trend Micro Email Encryption Gateway suffers from cleartext transmission of sensitive information, missing authentication, cross site request forgery, cross site scripting, and various other vulnerabilities.

tags | exploit, vulnerability, xss, csrf
advisories | CVE-2018-6219, CVE-2018-6220, CVE-2018-6221, CVE-2018-6222, CVE-2018-6223, CVE-2018-6224, CVE-2018-6225, CVE-2018-6226, CVE-2018-6227, CVE-2018-6228, CVE-2018-6229, CVE-2018-6230
SHA-256 | 5c0882e4ec54030fb98c7a6e8448db8a4938d363d703cac4986200aed680c428
Dell EMC Isilon OneFS XSS / Code Execution / CSRF
Posted Feb 14, 2018
Authored by Core Security Technologies, Ivan Huertas, Maximiliano Vidal | Site coresecurity.com

Dell EMC Isilon OneFS suffers from code execution, cross site request forgery, and cross site scripting vulnerabilities.

tags | exploit, vulnerability, code execution, xss, csrf
advisories | CVE-2018-1186, CVE-2018-1187, CVE-2018-1188, CVE-2018-1189, CVE-2018-1201, CVE-2018-1202, CVE-2018-1203, CVE-2018-1204, CVE-2018-1213
SHA-256 | 59ab98938a25d8249efefd24dd954dee7bc863a7a6ee5476a2d7d2db32b025ba
Kaspersky Secure Mail Gateway 1.1.0.379 CSRF / Code Execution
Posted Feb 6, 2018
Authored by Core Security Technologies, Leandro Barragan | Site coresecurity.com

Kaspersky Secure Mail Gateway version 1.1.0.379 suffers from code execution and cross site request forgery vulnerabilities.

tags | exploit, vulnerability, code execution, csrf
SHA-256 | 1b0dff497ed1d448eeffc8af638a0c8fcc1b7926b370e7184cbf5c1126f956f6
Trend Micro Smart Protection Server 3.2 XSS / Access Control / Disclosure
Posted Dec 22, 2017
Authored by Core Security Technologies, Maximiliano Vidal, Leandro Barragan | Site coresecurity.com

Trend Micro Smart Protection Server version 3.2 suffers from access control bypass, cross site scripting, information disclosure, and various other vulnerabilities.

tags | exploit, vulnerability, xss, info disclosure
advisories | CVE-2017-11398, CVE-2017-14094, CVE-2017-14095, CVE-2017-14096, CVE-2017-14097
SHA-256 | 149823a62c0b55b825b4c969054429d6a9537f6a010bb018f45e836ab0ce649f
Kaspersky Anti-Virus File Server 8.0.3.297 XSS / CSRF / Code Execution
Posted Jun 29, 2017
Authored by Core Security Technologies, Maximiliano Vidal, Leandro Barragan | Site coresecurity.com

Kaspersky Anti-Virus for Linux File Server version 8.0.3.297 suffers from remote code execution, cross site request forgery, cross site scripting, security bypass, information disclosure, and path traversal vulnerabilities.

tags | exploit, remote, vulnerability, code execution, virus, xss, info disclosure, csrf
systems | linux
advisories | CVE-2017-9810, CVE-2017-9811, CVE-2017-9812, CVE-2017-9813
SHA-256 | 1011f2188afe2cfa015134b365c225eb892ed298b59a2beb4cc63a8e09cdc1b0
Trend Micro ServerProtect Disclosure / CSRF / XSS
Posted May 24, 2017
Authored by Alberto Solino, Core Security Technologies, Maximiliano Vidal, Leandro Barragan | Site coresecurity.com

Trend Micro ServerProtect suffers from information disclosure, manipulation, cross site request forgery, cross site scripting, and various other vulnerabilities.

tags | exploit, vulnerability, xss, info disclosure, csrf
advisories | CVE-2017-9032, CVE-2017-9033, CVE-2017-9034, CVE-2017-9035, CVE-2017-9036, CVE-2017-9037
SHA-256 | 8e879696170b8b1f6b2ecc8c0d882967bb47bb12e348f1e061c984909eef85df
SAP SAPCAR 721.510 Buffer Overflow
Posted May 10, 2017
Authored by Core Security Technologies, Martin Gallo, Maximiliano Vidal

Core Security Technologies Advisory - SAP distributes software and packages using an archive program called SAPCAR. This program uses a custom archive file format. A memory corruption vulnerability was found in the parsing of specially crafted archive files, that could lead to local code execution scenarios. Version 721.510 is affected.

tags | exploit, local, code execution
advisories | CVE-2017-8852
SHA-256 | a3d3c8ab85600ad227bf0c9e7815c6b6891b9a726516893c8a904650f83bd791
TP-LINK TDDP Buffer Overflow / Missing Authentication
Posted Nov 23, 2016
Authored by Core Security Technologies, Andres Lopez Luksenberg

Core Security Technologies Advisory - TP-LINK TDDP suffers from buffer overflow and missing authentication vulnerabilities.

tags | exploit, overflow, vulnerability
SHA-256 | 8e640691cd560b9d8302f132c35c2970fee8d3dd24deecaf9bd5bc9e5f327fb7
SAP CAR Archive Tool Denial Of Service / Security Bypass
Posted Aug 11, 2016
Authored by Core Security Technologies, Martin Gallo, Joaquin Rodriguez Varela | Site coresecurity.com

Core Security Technologies Advisory - SAP CAR archive tool suffers from security bypass and denial of service vulnerabilities.

tags | exploit, denial of service, vulnerability
advisories | CVE-2016-5845, CVE-2016-5847
SHA-256 | e526bc68dd7fc857147e1bbe8e921f1d4110eece04020dc4932d94850a062701
Page 1 of 9
Back12345Next

File Archive:

January 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    0 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    5 Files
  • 4
    Jan 4th
    5 Files
  • 5
    Jan 5th
    9 Files
  • 6
    Jan 6th
    5 Files
  • 7
    Jan 7th
    0 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    18 Files
  • 10
    Jan 10th
    31 Files
  • 11
    Jan 11th
    30 Files
  • 12
    Jan 12th
    33 Files
  • 13
    Jan 13th
    25 Files
  • 14
    Jan 14th
    0 Files
  • 15
    Jan 15th
    0 Files
  • 16
    Jan 16th
    7 Files
  • 17
    Jan 17th
    25 Files
  • 18
    Jan 18th
    38 Files
  • 19
    Jan 19th
    6 Files
  • 20
    Jan 20th
    21 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    24 Files
  • 24
    Jan 24th
    68 Files
  • 25
    Jan 25th
    22 Files
  • 26
    Jan 26th
    20 Files
  • 27
    Jan 27th
    17 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close