exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 9 of 9 RSS Feed

Files from Anibal Sacco

Email addressanibal.sacco at coresecurity.com
First Active2008-02-04
Last Active2014-11-20
Advantech EKI-6340 2.05 Command Injection
Posted Nov 20, 2014
Authored by Core Security Technologies, Anibal Sacco, Facundo Pantaleo, Joaquin Rodriguez Varela, Flavio Cangini | Site coresecurity.com

Core Security Technologies Advisory - Advantech EKI-6340 series is vulnerable to an OS command injection, which can be exploited by remote attackers to execute arbitrary code and commands, by using a non privileged user against a vulnerable CGI file.

tags | exploit, remote, arbitrary, cgi
advisories | CVE-2014-8387
SHA-256 | a64726d244d547419fa3a47c114cb81761f6e477ec05f980a3199ab9e0a55aca
AVTECH DVR Buffer Overflow / CAPTCHA Bypass
Posted Aug 28, 2013
Authored by Core Security Technologies, Anibal Sacco, Facundo Pantaleo | Site coresecurity.com

Core Security Technologies Advisory - Multiple vulnerabilities have been found in AVTECH AVN801 DVR (and potentially other devices sharing the affected firmware) that could allow a remote attacker to exploit multiple buffer overflows resulting in arbitrary code execution or bypass CAPTCHA functionality for logging into the administrative console. Proof of concept code included.

tags | exploit, remote, overflow, arbitrary, vulnerability, code execution, proof of concept
advisories | CVE-2013-4980, CVE-2013-4981, CVE-2013-4982
SHA-256 | d69c855434e206ed106355a53d8a7790ee1a27b7581178dde7685f2ac8f54862
Hikvision IP Cameras Overflow / Bypass / Privilege Escalation
Posted Aug 7, 2013
Authored by Alberto Solino, Core Security Technologies, Anibal Sacco, Alejandro Rodriguez | Site coresecurity.com

Core Security Technologies Advisory - Hikvision IP Cameras suffer from buffer overflow, authentication bypass, hard-coded credential, and privilege escalation vulnerabilities.

tags | exploit, overflow, vulnerability
advisories | CVE-2013-4975, CVE-2013-4976, CVE-2013-4977
SHA-256 | a4a4535ab067aafda1e020840c583034d91d05f5ea87d44f5643945fba43b443
Apple OS X Sandbox Predefined Profiles Bypass
Posted Nov 11, 2011
Authored by Core Security Technologies, Anibal Sacco, Matias Eissler | Site coresecurity.com

Core Security Technologies Advisory - Apple OS X suffered from a sandbox predefined profiles bypass vulnerability. Several of the default pre-defined sandbox profiles do not properly limit all the available mechanisms and therefore allow exercising part of the restricted functionality. Namely, sending Apple events is possible within the no-network sandbox (kSBXProfileNoNetwork). A compromised application hypothetically restricted by the use of the no-network profile may have access to network resources through the use of Apple events to invoke the execution of other applications not directly restricted by the sandbox.

tags | exploit, bypass
systems | apple, osx
advisories | CVE-2011-1516
SHA-256 | a93c8053536e7abfedb811843ec4811b01921f6a36f6987012ab0bbdb0ab1c23
Core Security Technologies Advisory 2010.0825
Posted Nov 9, 2010
Authored by Core Security Technologies, Anibal Sacco, Matias Eissler | Site coresecurity.com

Core Security Technologies Advisory - The Apple Type Services is prone to memory corruption due a sign mismatch vulnerability when handling the last offset value of the CharStrings INDEX structure. This vulnerability could be used by a remote attacker to execute arbitrary code, by enticing the user of Mac OS X v10.5.x to view or download a PDF document containing a embedded malicious CFF font.

tags | advisory, remote, arbitrary
systems | apple, osx
advisories | CVE-2010-1797
SHA-256 | 68f4efdb58f840ab80355a23048b12dea182facc85054b76571b1964d5254a0e
Core Security Technologies Advisory 2008.0716
Posted Aug 4, 2008
Authored by Core Security Technologies, Anibal Sacco | Site coresecurity.com

Core Security Technologies Advisory - The Sun xVM VirtualBox suffers from a privilege escalation vulnerability due to insufficient input validation in VboxDrv.sys. Proof of concept code included.

tags | exploit, proof of concept
advisories | CVE-2008-3431
SHA-256 | 5b2b609eef7799da6366c7eee24f5704c537ed42e64f375f1f17a0cad4017929
Core Security Technologies Advisory 2008.0320
Posted Apr 28, 2008
Authored by Core Security Technologies, Norberto Kueffner, Damian Saura, Anibal Sacco, Dario Menichelli, Andres Blanco, Rodrigo Carvalho | Site coresecurity.com

Core Security Technologies Advisory - Insufficient argument validation of hooked SSDT functions exists in BitDefender Antivirus 2008 Build 11.0.11, Comodo Firewall Pro 2.4.18.184, Sophos Antivirus 7.0.5, and Rising Antivirus 19.60.0.0 and 19.66.0.0. Older versions may be affected, but were not checked.

tags | advisory
advisories | CVE-2008-1735, CVE-2008-1736, CVE-2008-1737, CVE-2008-1738
SHA-256 | 0fa04aa1e85e203b50c317ecfa9b306142897af5e26a38640049097c9eab79fd
Core Security Technologies Advisory 2008.0130
Posted Feb 27, 2008
Authored by Core Security Technologies, Felipe Manzano, Anibal Sacco | Site coresecurity.com

Core Security Technologies Advisory - The VideoLAN (VLC) media player package is vulnerable to an arbitrary memory corruption vulnerability, which can be exploited by malicious remote attackers to compromise a user's system. VLC versions 0.8.6d and below and Miro Player versions 1.1 and below are vulnerable. Proof of concept code included.

tags | exploit, remote, arbitrary, proof of concept
advisories | CVE-2008-0984
SHA-256 | 4256730c62805a313b1a0048df1338eafe6f939bf47a7756297bc4fe01f54383
CORE-2008-122.txt
Posted Feb 4, 2008
Authored by Felipe Manzano, Anibal Sacco | Site coresecurity.com

Core Security Technologies Advisory - The MPlayer package is vulnerable to an arbitrary pointer dereference vulnerability, which can be exploited by malicious remote attackers to compromise a user's system. The vulnerability is caused by the MPlayer libmpdemux ('demux_mov.c') library not properly sanitizing certain tags on a MOV file before using them to index an array on the heap. This can be exploited to execute arbitrary commands by opening a specially crafted file.

tags | advisory, remote, arbitrary
advisories | CVE-2008-0485
SHA-256 | c3dbdf2e8f7ae8c5db2507b176551c4a741b53e50ee9905fe4920754fdc7507c
Page 1 of 1
Back1Next

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    17 Files
  • 8
    Oct 8th
    66 Files
  • 9
    Oct 9th
    25 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    21 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    14 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close