what you don't know can hurt you
Showing 1 - 25 of 187 RSS Feed

Files from Core Security Technologies

Email addressinfo at coresecurity.com
First Active2002-07-12
Last Active2017-06-29
Kaspersky Anti-Virus File Server 8.0.3.297 XSS / CSRF / Code Execution
Posted Jun 29, 2017
Authored by Core Security Technologies, Maximiliano Vidal, Leandro Barragan | Site coresecurity.com

Kaspersky Anti-Virus for Linux File Server version 8.0.3.297 suffers from remote code execution, cross site request forgery, cross site scripting, security bypass, information disclosure, and path traversal vulnerabilities.

tags | exploit, remote, vulnerability, code execution, virus, xss, info disclosure, csrf
systems | linux
advisories | CVE-2017-9810, CVE-2017-9811, CVE-2017-9812, CVE-2017-9813
MD5 | 834309bd7c681fce682800c2b27a31c0
Trend Micro ServerProtect Disclosure / CSRF / XSS
Posted May 24, 2017
Authored by Alberto Solino, Core Security Technologies, Maximiliano Vidal, Leandro Barragan | Site coresecurity.com

Trend Micro ServerProtect suffers from information disclosure, manipulation, cross site request forgery, cross site scripting, and various other vulnerabilities.

tags | exploit, vulnerability, xss, info disclosure, csrf
advisories | CVE-2017-9032, CVE-2017-9033, CVE-2017-9034, CVE-2017-9035, CVE-2017-9036, CVE-2017-9037
MD5 | 351e7980ee3be97f07ceb95ec237ce90
SAP SAPCAR 721.510 Buffer Overflow
Posted May 10, 2017
Authored by Core Security Technologies, Martin Gallo, Maximiliano Vidal

Core Security Technologies Advisory - SAP distributes software and packages using an archive program called SAPCAR. This program uses a custom archive file format. A memory corruption vulnerability was found in the parsing of specially crafted archive files, that could lead to local code execution scenarios. Version 721.510 is affected.

tags | exploit, local, code execution
advisories | CVE-2017-8852
MD5 | 3d6f950a9eef0caafbc05be378131051
TP-LINK TDDP Buffer Overflow / Missing Authentication
Posted Nov 23, 2016
Authored by Core Security Technologies, Andres Lopez Luksenberg

Core Security Technologies Advisory - TP-LINK TDDP suffers from buffer overflow and missing authentication vulnerabilities.

tags | exploit, overflow, vulnerability
MD5 | 75bd302689d825abf438d908c7aeabce
SAP CAR Archive Tool Denial Of Service / Security Bypass
Posted Aug 11, 2016
Authored by Core Security Technologies, Martin Gallo, Joaquin Rodriguez Varela | Site coresecurity.com

Core Security Technologies Advisory - SAP CAR archive tool suffers from security bypass and denial of service vulnerabilities.

tags | exploit, denial of service, vulnerability
advisories | CVE-2016-5845, CVE-2016-5847
MD5 | e711534cc773eca194793a6b82ce5f46
FreeBSD Kernel amd64_set_ldt Heap Overflow
Posted Mar 17, 2016
Authored by Core Security Technologies, Francisco Falcon

Core Security Technologies Advisory - An integer signedness error has been found in the amd64_set_ldt() function in the FreeBSD kernel code (define d in the /sys/amd64/amd64/sys_machdep.c file), which implements the i386_set_ldt system call on the amd64 version of the OS. This integer signedness issue ultimately leads to a heap overflow in the kernel, allowing local unprivileged attackers to crash the system. FreeBSD 10.2 amd64 is affected.

tags | exploit, overflow, kernel
systems | freebsd, bsd
advisories | CVE-2016-1885
MD5 | 5fddced07d5ad899ebb2d9c6bf48f392
FreeBSD Security Advisory - FreeBSD-SA-16:15.sysarch
Posted Mar 17, 2016
Authored by Core Security Technologies | Site security.freebsd.org

FreeBSD Security Advisory - A special combination of sysarch(2) arguments, specify a request to uninstall a set of descriptors from the LDT. The start descriptor is cleared and the number of descriptors are provided. Due to invalid use of a signed intermediate value in the bounds checking during argument validity verification, unbound zero'ing of the process LDT and adjacent memory can be initiated from usermode. This vulnerability could cause the kernel to panic. In addition it is possible to perform a local Denial of Service against the system by unprivileged processes.

tags | advisory, denial of service, kernel, local
systems | freebsd
advisories | CVE-2016-1885
MD5 | 708f3ca1de7547e635db4e1854a95614
SAP Download Manager 2.1.142 Weak Encryption
Posted Mar 11, 2016
Authored by Core Security Technologies, Martin Gallo | Site coresecurity.com

SAP Download Manager is a Java application offered by SAP that allows downloading software packages and support notes. This program stores the user's settings in a configuration file. Sensitive values, such as the proxy username and password if set, are stored encrypted using a fixed static key. Versions up to 2.1.142.

tags | exploit, java
MD5 | 229590470a8be1c064d928eb9d902bc6
Samsung SW Update Tool 2.2.5.16 Man-In-The-Middle
Posted Mar 11, 2016
Authored by Core Security Technologies, Joaquin Rodriguez Varela | Site coresecurity.com

The Samsung SW Update tool version 2.2.5.16 suffers from a man-in-the-middle vulnerability.

tags | exploit
MD5 | 60159a622a73952074ae7f293204a463
Lenovo ShareIT Information Disclosure / Hardcoded Password
Posted Jan 25, 2016
Authored by Core Security Technologies, Ivan Huertas | Site coresecurity.com

Lenovo ShareIT suffers from hard-coded password, information exposure, missing encryption, and missing authorization vulnerabilities.

tags | exploit, vulnerability
advisories | CVE-2016-1489, CVE-2016-1490, CVE-2016-1491, CVE-2016-1492
MD5 | 498b12c9f26fa23e69a5e2b0a2958b51
Intel Driver Update Utility 2.2.0.5 Man-In-The-Middle
Posted Jan 19, 2016
Authored by Core Security Technologies

Intel Driver Update Utility version 2.2.0.5 suffers from a man-in-the-middle vulnerability..

tags | exploit
advisories | CVE-2016-1493
MD5 | 806cf80769dbf0b3c70df852390390ae
Microsoft Windows Media Center Incorrectly Resolved Reference
Posted Dec 9, 2015
Authored by Core Security Technologies, Francisco Falcon

Core Security Technologies Advisory - The 'application' tag in Microsoft Windows Media Center link files (.mcl extension) can include a 'run' parameter, which indicates the path of a file to be launched when opening the MCL file, or a 'url' parameter, which indicates the URL of a web page to be loaded within the Media Center's embedded web browser. A specially crafted MCL file having said 'url' parameter pointing to the MCL file itself can trick Windows Media Center into rendering the very same MCL file as a local HTML file within the Media Center's embedded web browser.

tags | exploit, web, local
systems | windows
advisories | CVE-2015-6127
MD5 | 74ea83d965e529488bfa6515c1580c14
FortiClient Antivirus Information Exposure / Access Control
Posted Sep 2, 2015
Authored by Core Security Technologies, Enrique Nissim

Core Security Technologies Advisory - FortiClient drivers are prone to multiple attacks and expose a wide surface that allows users to easily get SYSTEM privileges.

tags | advisory
advisories | CVE-2015-4077, CVE-2015-5735, CVE-2015-5736, CVE-2015-5737
MD5 | 473ad536ac1c73e9f90a7e23fabae2e6
AirLink101 SkyIPCam1620W OS Command Injection
Posted Jul 8, 2015
Authored by Core Security Technologies, Nahuel Riva | Site coresecurity.com

Core Security Technologies Advisory - The AirLink101 SkyIPCam1620W Wireless N MPEG4 3GPP network camera is vulnerable to an OS command injection vulnerability in the snwrite.cgi binary.

tags | exploit, cgi
advisories | CVE-2015-2280
MD5 | 7124f8f0393514cbd2c400fe16bf5ced
AirLive Remote Command Injection
Posted Jul 6, 2015
Authored by Core Security Technologies, Nahuel Riva | Site coresecurity.com

Core Security Technologies Advisory - AirLive MD-3025, BU-3026, BU-2015, WL-2000CAM, and POE-200CAM are IP cameras designed for professional surveillance and security applications. The built-in IR LEDs provide high quality nighttime monitoring. These AirLive devices are vulnerable to an OS Command Injection Vulnerability. In the case of the MD-3025, BU-3026 and BU-2015 cameras, the vulnerability lies in the cgi_test.cgi binary file. In the case of the WL-2000CAM and POE-200CAM cameras, the command injection can be performed using the vulnerable wireless_mft.cgi binary file.

tags | exploit, cgi
advisories | CVE-2014-8389, CVE-2015-2279
MD5 | fc263c324b380d578253500cb911f7ee
Sendio ESP Information Disclosure
Posted May 22, 2015
Authored by Core Security Technologies, Martin Gallo | Site coresecurity.com

Core Security Technologies Advisory - Sendio ESP (E-mail Security Platform) is a network appliance which provides anti-spam and anti-virus solutions for enterprises. Two information disclosure issues were found affecting some versions of this software, and can lead to leakage of sensitive information such as user's session identifiers and/or user's email messages.

tags | exploit, virus, info disclosure
advisories | CVE-2014-0999, CVE-2014-8391
MD5 | 3aa3978a27fa3acaea9ec52e47ed4150
SAP LZC/LZH Compression Denial Of Service
Posted May 13, 2015
Authored by Core Security Technologies, Martin Gallo | Site coresecurity.com

Core Security Technologies Advisory - SAP products make use of a proprietary implementation of the Lempel-Ziv-Thomas (LZC) adaptive dictionary compression algorithm and the Lempel-Ziv-Huffman (LZH) compression algorithm. These compression algorithms are used across several SAP products and programs. Vulnerabilities were found in the decompression routines that could be triggered in different scenarios, and could lead to execution of arbitrary code and denial of service conditions.

tags | advisory, denial of service, arbitrary, vulnerability
advisories | CVE-2015-2278, CVE-2015-2282
MD5 | ffabd0e87a44868591f2822fc712f644
InFocus IN3128HD Projector Missing Authentication
Posted Apr 28, 2015
Authored by Core Security Technologies, Joaquin Rodriguez Varela | Site coresecurity.com

Core Security Technologies Advisory - The InFocus IN3128HD Projector is vulnerable to an authentication bypass in its web interface login page, and is missing authentication for the "webctrl.cgi.elf" CGI file, which allows several actions to be performed or configured inside the device. Firmware 0.26 is verified vulnerable.

tags | exploit, web, cgi
advisories | CVE-2014-8383, CVE-2014-8384
MD5 | e263ea03f930df38de1f6bc467a26735
VAMPSET 2.2.145 Stack / Heap Buffer Overflow
Posted Mar 30, 2015
Authored by Core Security Technologies, Ricardo Narvaja | Site coresecurity.com

Core Security Technologies Advisory - VAMPSET version 2.2.145 is vulnerable to a stack-based and heap-based buffer overflow attack, which can be exploited by attackers to execute arbitrary code, by providing a malicious CFG or DAT file with specific parameters.

tags | advisory, overflow, arbitrary
advisories | CVE-2014-8390
MD5 | 3d889804e96aef041e76e55fec51792a
Fortinet Single Sign On Stack Overflow
Posted Mar 19, 2015
Authored by Core Security Technologies, Andres Lopez Luksenberg, Enrique Nissim

Core Security Technologies Advisory - There is a vulnerability in the message dispatcher used by FSSO Windows Active Directory and FSSO Novell eDirectory. Exploitation of this vulnerability might lead to a full network compromise.

tags | exploit
systems | windows
advisories | CVE-2015-2281
MD5 | 364a74b173679d6c23119f93cd7f0e6e
Windows Pass-Through Authentication Methods Improper Validation
Posted Mar 11, 2015
Authored by Core Security Technologies | Site coresecurity.com

Core Security Technologies Advisory - The Microsoft Netlogon Remote Protocol is a remote procedure call (RPC) interface that is used, among other things, for user and machine authentication on domain-based networks. In a scenario where a client machine connects to a domain-joined server, a pass-through authentication must be performed in order for the server to verify the client's Credentials with the domain controller. This logon request must be delivered to the domain controller over a secure channel. This secure channel is achieved by encrypting the server to DC communication using a shared secret, commonly known as a server's machine account password. On successful authentication, the domain controller returns the UserSessionKey back to the server. This key is used for cryptographic operations on a session. Examples of the use of this key are generating the keys needed to signing SMB packets, and the keys needed for encryption/decryption of SMB sessions. Improper validation between the account used to secure the communication channel and the logon request data being sent to the domain controller allows third parties to obtain the UserSessionKey for communications that were not meant for them.

tags | exploit, remote, protocol
systems | windows
advisories | CVE-2015-0005
MD5 | b2b8740843fe391023b6c152b27fe322
FreeBSD Kernel Crash / Code Execution / Disclosure
Posted Jan 28, 2015
Authored by Core Security Technologies, Francisco Falcon | Site coresecurity.com

Core Security Technologies Advisory - Multiple vulnerabilities have been found in the FreeBSD kernel code that implements the vt console driver (previously known as Newcons) and the code that implements SCTP sockets. These vulnerabilities could allow local unprivileged attackers to disclose kernel memory containing sensitive information, crash the system, and execute arbitrary code with superuser privileges.

tags | exploit, arbitrary, kernel, local, vulnerability
systems | freebsd
advisories | CVE-2014-0998, CVE-2014-8612
MD5 | dd8c3fcef37258dd9b8bfea7c1a546f1
Android WiFi-Direct Denial Of Service
Posted Jan 26, 2015
Authored by Core Security Technologies, Andres Blanco | Site coresecurity.com

Core Security Technologies Advisory - Some Android devices are affected by a denial of service attack when scanning for WiFi Direct devices. An attacker could send a specially crafted 802.11 Probe Response frame causing the Dalvik subsystem to reboot because of an Unhandle Exception on WiFiMonitor class.

tags | exploit, denial of service
advisories | CVE-2014-0997
MD5 | ff7d9bcc00d2a18a43f7fc849c98b473
Corel Software DLL Hijacking
Posted Jan 13, 2015
Authored by Core Security Technologies, Marcos Accossatto | Site coresecurity.com

Various Corel software suffers from a DLL hijacking vulnerability. When a file associated with the Corel software is opened, the directory of that document is first used to locate DLLs, which could allow an attacker to execute arbitrary commands by inserting malicious DLLs into the same directory as the document.

tags | exploit, arbitrary
systems | windows
advisories | CVE-2014-8393, CVE-2014-8394, CVE-2014-8395, CVE-2014-8396, CVE-2014-8397, CVE-2014-8398
MD5 | 74b9b0456e1bc2ec9edc9f1342760a4d
Advantech WebAccess 7.2 Stack-Based Buffer Overflow
Posted Nov 20, 2014
Authored by Core Security Technologies, Joaquin Rodriguez Varela, Ricardo Narvaj | Site coresecurity.com

Core Security Technologies Advisory - Advantech WebAccess version 7.2 is vulnerable to a stack-based buffer overflow attack, which can be exploited by remote attackers to execute arbitrary code, by providing a malicious html file with specific parameters for an ActiveX component.

tags | advisory, remote, overflow, arbitrary, activex
advisories | CVE-2014-8388
MD5 | 235685a5967719a6453d6269c1a81c40
Page 1 of 8
Back12345Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close