what you don't know can hurt you
Showing 1 - 25 of 207 RSS Feed

Files from Core Security Technologies

Email addressinfo at coresecurity.com
First Active2002-07-12
Last Active2020-06-09
Pydio Cells 2.0.4 XSS / File Write / Code Execution
Posted Jun 9, 2020
Authored by Core Security Technologies, Ramiro Molina, Ivan Koiffman | Site coresecurity.com

Pydio Cells version 2.0.4 suffers from cross site scripting, file write, code execution, and various other vulnerabilities.

tags | exploit, vulnerability, code execution, xss
advisories | CVE-2020-12847, CVE-2020-12848, CVE-2020-12849, CVE-2020-12850, CVE-2020-12851, CVE-2020-12852, CVE-2020-12853
SHA-256 | ec35943a76a3c284d24b95110cd826800beebfcbda0fb782c4dc64877ec72836
CipherMail Community Virtual Appliance 4.6.2 Code Execution
Posted Jun 9, 2020
Authored by Core Security Technologies, Fernando Diaz, Fernando Catoira, Ivan Koiffman | Site coresecurity.com

CipherMail Community Virtual Appliance version 4.6.2 suffers from remote command execution and file injection vulnerabilities.

tags | exploit, remote, vulnerability
advisories | CVE-2020-12713, CVE-2020-12714
SHA-256 | 8f19790f62e3ddd9f325c2b8bdab7552d76c9c096306b5c140c6286c884f3672
Open-AudIT 3.2.2 Command Injection / SQL Injection
Posted Apr 29, 2020
Authored by Core Security Technologies, Ivan Huertas, Pablo A. Zurro | Site coresecurity.com

Open-AudIT version 3.2.2 suffers from OS command injection, arbitrary file upload, and remote SQL injection vulnerabilities.

tags | exploit, remote, arbitrary, vulnerability, sql injection, file upload
advisories | CVE-2020-11941, CVE-2020-11942, CVE-2020-11943
SHA-256 | d8e9402b9604c3706a2115909b60726c461d0262c2196626918539a2164e5352
Cisco WebEx Meetings Privilege Escalation
Posted Feb 28, 2019
Authored by Core Security Technologies, Marcos Accossatto | Site coresecurity.com

A vulnerability in the update service of Cisco Webex Meetings Desktop App for Windows could allow a local attacker to elevate privileges. Cisco Webex Meetings Desktop App versions 33.6.4.15, 33.6.5.2, 33.7.0.694, 33.7.1.15, 33.7.2.24, 33.7.3.7, 33.8.0.779, 33.8.1.13, and 33.8.2.7 are affected.

tags | exploit, local
systems | cisco, windows
advisories | CVE-2019-1674
SHA-256 | 9d1274a1cd79b05c5388dac3dae49ae0bd47e790ca5b08b896914d7cc2998ca8
GIGABYTE Driver Privilege Escalation
Posted Dec 21, 2018
Authored by Core Security Technologies, Diego Juarez | Site coresecurity.com

Multiple vulnerabilities were found in the GPCIDrv and GDrv drivers as bundled with several GIGABYTE and AORUS branded motherboard and graphics card utilities, which could allow a local attacker to elevate privileges. Affected versions include GIGABYTE APP Center 1.05.21 and below, AORUS GRAPHICS ENGINE 1.33 and below, XTREME GAMING ENGINE 1.25 and below, and OC GURU II 2.08.

tags | exploit, local, vulnerability
advisories | CVE-2018-19320, CVE-2018-19321, CVE-2018-19322, CVE-2018-19323
SHA-256 | 48d96c0c3430d878112464f31d6eeadae2c2f83b0d2533746e74c9f17d8e0f36
ASUS Driver Privilege Escalation
Posted Dec 21, 2018
Authored by Core Security Technologies, Diego Juarez | Site coresecurity.com

Multiple vulnerabilities were found in the GLCKIo and Asusgio drivers installed by ASUS Aura Sync, which could allow a local attacker to elevate privileges. ASUS Aura Sync versions 1.07.22 and below are affected.

tags | exploit, local, vulnerability
advisories | CVE-2018-18535, CVE-2018-18536, CVE-2018-18537
SHA-256 | 255511782c79945ab6f218abd699801864552a7945b1791b84b548a8c0971a6a
Cisco WebEx Meetings Privilege Escalation
Posted Nov 28, 2018
Authored by Core Security Technologies, Marcos Accossatto | Site coresecurity.com

A vulnerability in the update service of Cisco Webex Meetings Desktop App for Windows could allow a local attacker to elevate privileges. This vulnerability is related to a previous security issue fixed by Cisco in October. Affected versions include Cisco Webex Meetings Desktop App releases prior to 33.6.4 and Cisco Webex Productivity Tools releases 32.6.0 and later prior to 33.0.6.

tags | exploit, local
systems | cisco, windows
advisories | CVE-2018-15442
SHA-256 | 8a6363eac36d1c77af2c188b62cc8afc4fb79e8cc7205275d6c75b242a765b2a
ASRock Drivers Privilege Escalation / Code Execution
Posted Oct 27, 2018
Authored by Core Security Technologies, Diego Juarez | Site secureauth.com

ASRock offers several utilities designed to give the user with an ASRock motherboard more control over certain settings and functions. These utilities include various features like the RGB LED control, hardware monitor, fan controls, and overclocking/voltage options. Multiple vulnerabilities were found in AsrDrv101.sys and AsrDrv102.sys low level drivers, installed by ASRock RGBLED and other ASRock branded utilities, which could allow a local attacker to elevate privileges. Vulnerable packages include ASRock RGBLED before version 1.0.35.1, A-Tuning before version 3.0.210, F-Stream before version 3.0.210, and RestartToUEFI before version 1.0.6.2.

tags | exploit, local, vulnerability
advisories | CVE-2018-10709, CVE-2018-10710, CVE-2018-10711, CVE-2018-10712
SHA-256 | 3b57e1d843a64059edf1200acba22a276913db2838fb449328d307badda0ce0e
D-Link Central WiFiManager Software Controller Code Execution / XSS
Posted Oct 4, 2018
Authored by Core Security Technologies, Julian Munoz | Site coresecurity.com

D-Link Central WiFiManager Software Controller suffers from hard-coded credential, code execution, and cross site scripting vulnerabilities. Version 1.03 is affected.

tags | exploit, vulnerability, code execution, xss
advisories | CVE-2018-17440, CVE-2018-17441, CVE-2018-17442, CVE-2018-17443
SHA-256 | 0c727854c4a3a6e628258dcc738184e2861e8c1ad5dbd247e1a3630b27db5115
Opsview Monitor 5.x Command Execution
Posted Sep 5, 2018
Authored by Core Security Technologies, Fernando Diaz, Fernando Catoira | Site coresecurity.com

Opsview Monitor versions 5.2, 5.3, and 5.4 suffer from cross site scripting and multiple remote command execution vulnerabilities.

tags | exploit, remote, vulnerability, xss
advisories | CVE-2018-16144, CVE-2018-16145, CVE-2018-16146, CVE-2018-16147, CVE-2018-16148
SHA-256 | 953c9d49a6ad47c20e9a9acc6d55ebbeea2a239ede57f492f4be332d89519ed1
SoftNAS Cloud OS Command Injection
Posted Jul 27, 2018
Authored by Core Security Technologies, Fernando Diaz, Fernando Catoira | Site coresecurity.com

SoftNAS Cloud versions prior to 4.0.3 suffers from an OS command injection vulnerability.

tags | exploit
advisories | CVE-2018-14417
SHA-256 | b79184adec75f473b47197947faff63cfba84edcfe7f5a771347dd49fb829b26
QNAP Qcenter Virtual Appliance 1.6.x Information Disclosure / Command Injection
Posted Jul 11, 2018
Authored by Core Security Technologies, Ivan Huertas | Site coresecurity.com

QNAP Qcenter Virtual Appliance versions 1.6.1056 (20170825) and 1.6.1075 (20171123) suffer from information disclosure and command injection vulnerabilities.

tags | exploit, vulnerability, info disclosure
advisories | CVE-2018-0706, CVE-2018-0707, CVE-2018-0708, CVE-2018-0709, CVE-2018-0710
SHA-256 | d468f350b0e3bb3d4bd9bf10b3b49470163d611522cabc435f5fd39081341998
Quest KACE System Management Appliance 8.0 (Build 8.0.318) XSS / Traversal / Code Execution / SQL Injection
Posted May 31, 2018
Authored by Core Security Technologies, Leandro Barragan, Guido Leo | Site coresecurity.com

Quest KACE System Management Appliance version 8.0 (Build 8.0.318) suffers from code execution, cross site scripting, path traversal, remote SQL injection, and various other vulnerabilities.

tags | exploit, remote, vulnerability, code execution, xss, sql injection
advisories | CVE-2018-11132, CVE-2018-11133, CVE-2018-11134, CVE-2018-11135, CVE-2018-11136, CVE-2018-11137, CVE-2018-11138, CVE-2018-11139, CVE-2018-11140, CVE-2018-11141, CVE-2018-11142
SHA-256 | fd18c79b0364edc307ae0073788f224ea5fd016ba9223e6018267eb9911d3f41
Quest DR Series Disk Backup Software 4.0.3 Code Execution
Posted May 31, 2018
Authored by Core Security Technologies, Maximiliano Vidal | Site coresecurity.com

Quest DR Series Disk Backup Software version 4.0.3 suffers from multiple code execution vulnerabilities.

tags | exploit, vulnerability, code execution
advisories | CVE-2018-11143, CVE-2018-11144, CVE-2018-11145, CVE-2018-11146, CVE-2018-11147, CVE-2018-11148, CVE-2018-11149, CVE-2018-11150, CVE-2018-11151, CVE-2018-11152, CVE-2018-11153, CVE-2018-11154, CVE-2018-11155, CVE-2018-11156, CVE-2018-11157, CVE-2018-11158, CVE-2018-11159, CVE-2018-11160, CVE-2018-11161, CVE-2018-11162, CVE-2018-11163, CVE-2018-11164, CVE-2018-11165, CVE-2018-11166, CVE-2018-11167, CVE-2018-11168
SHA-256 | e313c1bcf4d85337e78155dc912283a22293cddaadd03f8b4acb51929c7e6e8c
TP-Link EAP Controller CSRF / Hard-Coded Key / XSS
Posted May 4, 2018
Authored by Core Security Technologies | Site coresecurity.com

TP-Link EAP suffers from hard-coded credential, cross site request forgery, cross site scripting, and other vulnerabilities.

tags | exploit, vulnerability, xss, csrf
advisories | CVE-2018-10164, CVE-2018-10165, CVE-2018-10166, CVE-2018-10167, CVE-2018-10168
SHA-256 | c5187235d9542ea658539bfb88cc9cb5ce9f82fc8cafd49e9eb8cb63664932db
MikroTik RouterOS SMB Buffer Overflow
Posted Mar 15, 2018
Authored by Core Security Technologies, Juan Caillava, Maximiliano Vidal | Site coresecurity.com

A buffer overflow was found in the MikroTik RouterOS SMB service when processing NetBIOS session request messages. Remote attackers with access to the service can exploit this vulnerability and gain code execution on the system. The overflow occurs before authentication takes place, so it is possible for an unauthenticated remote attacker to exploit it.

tags | exploit, remote, overflow, code execution
advisories | CVE-2018-7445
SHA-256 | f596977ec0c838a1e24c8e7b3ba40756d8c45733524c4820e426799d27f008d3
Trend Micro Email Encryption Gateway XSS / Code Execution
Posted Feb 21, 2018
Authored by Core Security Technologies, Maximiliano Vidal, Leandro Barragan | Site coresecurity.com

Trend Micro Email Encryption Gateway suffers from cleartext transmission of sensitive information, missing authentication, cross site request forgery, cross site scripting, and various other vulnerabilities.

tags | exploit, vulnerability, xss, csrf
advisories | CVE-2018-6219, CVE-2018-6220, CVE-2018-6221, CVE-2018-6222, CVE-2018-6223, CVE-2018-6224, CVE-2018-6225, CVE-2018-6226, CVE-2018-6227, CVE-2018-6228, CVE-2018-6229, CVE-2018-6230
SHA-256 | 5c0882e4ec54030fb98c7a6e8448db8a4938d363d703cac4986200aed680c428
Dell EMC Isilon OneFS XSS / Code Execution / CSRF
Posted Feb 14, 2018
Authored by Core Security Technologies, Ivan Huertas, Maximiliano Vidal | Site coresecurity.com

Dell EMC Isilon OneFS suffers from code execution, cross site request forgery, and cross site scripting vulnerabilities.

tags | exploit, vulnerability, code execution, xss, csrf
advisories | CVE-2018-1186, CVE-2018-1187, CVE-2018-1188, CVE-2018-1189, CVE-2018-1201, CVE-2018-1202, CVE-2018-1203, CVE-2018-1204, CVE-2018-1213
SHA-256 | 59ab98938a25d8249efefd24dd954dee7bc863a7a6ee5476a2d7d2db32b025ba
Kaspersky Secure Mail Gateway 1.1.0.379 CSRF / Code Execution
Posted Feb 6, 2018
Authored by Core Security Technologies, Leandro Barragan | Site coresecurity.com

Kaspersky Secure Mail Gateway version 1.1.0.379 suffers from code execution and cross site request forgery vulnerabilities.

tags | exploit, vulnerability, code execution, csrf
SHA-256 | 1b0dff497ed1d448eeffc8af638a0c8fcc1b7926b370e7184cbf5c1126f956f6
Trend Micro Smart Protection Server 3.2 XSS / Access Control / Disclosure
Posted Dec 22, 2017
Authored by Core Security Technologies, Maximiliano Vidal, Leandro Barragan | Site coresecurity.com

Trend Micro Smart Protection Server version 3.2 suffers from access control bypass, cross site scripting, information disclosure, and various other vulnerabilities.

tags | exploit, vulnerability, xss, info disclosure
advisories | CVE-2017-11398, CVE-2017-14094, CVE-2017-14095, CVE-2017-14096, CVE-2017-14097
SHA-256 | 149823a62c0b55b825b4c969054429d6a9537f6a010bb018f45e836ab0ce649f
Kaspersky Anti-Virus File Server 8.0.3.297 XSS / CSRF / Code Execution
Posted Jun 29, 2017
Authored by Core Security Technologies, Maximiliano Vidal, Leandro Barragan | Site coresecurity.com

Kaspersky Anti-Virus for Linux File Server version 8.0.3.297 suffers from remote code execution, cross site request forgery, cross site scripting, security bypass, information disclosure, and path traversal vulnerabilities.

tags | exploit, remote, vulnerability, code execution, virus, xss, info disclosure, csrf
systems | linux
advisories | CVE-2017-9810, CVE-2017-9811, CVE-2017-9812, CVE-2017-9813
SHA-256 | 1011f2188afe2cfa015134b365c225eb892ed298b59a2beb4cc63a8e09cdc1b0
Trend Micro ServerProtect Disclosure / CSRF / XSS
Posted May 24, 2017
Authored by Alberto Solino, Core Security Technologies, Maximiliano Vidal, Leandro Barragan | Site coresecurity.com

Trend Micro ServerProtect suffers from information disclosure, manipulation, cross site request forgery, cross site scripting, and various other vulnerabilities.

tags | exploit, vulnerability, xss, info disclosure, csrf
advisories | CVE-2017-9032, CVE-2017-9033, CVE-2017-9034, CVE-2017-9035, CVE-2017-9036, CVE-2017-9037
SHA-256 | 8e879696170b8b1f6b2ecc8c0d882967bb47bb12e348f1e061c984909eef85df
SAP SAPCAR 721.510 Buffer Overflow
Posted May 10, 2017
Authored by Core Security Technologies, Martin Gallo, Maximiliano Vidal

Core Security Technologies Advisory - SAP distributes software and packages using an archive program called SAPCAR. This program uses a custom archive file format. A memory corruption vulnerability was found in the parsing of specially crafted archive files, that could lead to local code execution scenarios. Version 721.510 is affected.

tags | exploit, local, code execution
advisories | CVE-2017-8852
SHA-256 | a3d3c8ab85600ad227bf0c9e7815c6b6891b9a726516893c8a904650f83bd791
TP-LINK TDDP Buffer Overflow / Missing Authentication
Posted Nov 23, 2016
Authored by Core Security Technologies, Andres Lopez Luksenberg

Core Security Technologies Advisory - TP-LINK TDDP suffers from buffer overflow and missing authentication vulnerabilities.

tags | exploit, overflow, vulnerability
SHA-256 | 8e640691cd560b9d8302f132c35c2970fee8d3dd24deecaf9bd5bc9e5f327fb7
SAP CAR Archive Tool Denial Of Service / Security Bypass
Posted Aug 11, 2016
Authored by Core Security Technologies, Martin Gallo, Joaquin Rodriguez Varela | Site coresecurity.com

Core Security Technologies Advisory - SAP CAR archive tool suffers from security bypass and denial of service vulnerabilities.

tags | exploit, denial of service, vulnerability
advisories | CVE-2016-5845, CVE-2016-5847
SHA-256 | e526bc68dd7fc857147e1bbe8e921f1d4110eece04020dc4932d94850a062701
Page 1 of 9
Back12345Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    6 Files
  • 24
    May 24th
    19 Files
  • 25
    May 25th
    5 Files
  • 26
    May 26th
    12 Files
  • 27
    May 27th
    12 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close