Core Security Technologies Advisory - Advantech EKI-6340 series is vulnerable to an OS command injection, which can be exploited by remote attackers to execute arbitrary code and commands, by using a non privileged user against a vulnerable CGI file.
a64726d244d547419fa3a47c114cb81761f6e477ec05f980a3199ab9e0a55acaCore Security Technologies Advisory - Multiple vulnerabilities have been found in AVTECH AVN801 DVR (and potentially other devices sharing the affected firmware) that could allow a remote attacker to exploit multiple buffer overflows resulting in arbitrary code execution or bypass CAPTCHA functionality for logging into the administrative console. Proof of concept code included.
d69c855434e206ed106355a53d8a7790ee1a27b7581178dde7685f2ac8f54862Core Security Technologies Advisory - Hikvision IP Cameras suffer from buffer overflow, authentication bypass, hard-coded credential, and privilege escalation vulnerabilities.
a4a4535ab067aafda1e020840c583034d91d05f5ea87d44f5643945fba43b443Core Security Technologies Advisory - Apple OS X suffered from a sandbox predefined profiles bypass vulnerability. Several of the default pre-defined sandbox profiles do not properly limit all the available mechanisms and therefore allow exercising part of the restricted functionality. Namely, sending Apple events is possible within the no-network sandbox (kSBXProfileNoNetwork). A compromised application hypothetically restricted by the use of the no-network profile may have access to network resources through the use of Apple events to invoke the execution of other applications not directly restricted by the sandbox.
a93c8053536e7abfedb811843ec4811b01921f6a36f6987012ab0bbdb0ab1c23Core Security Technologies Advisory - The Apple Type Services is prone to memory corruption due a sign mismatch vulnerability when handling the last offset value of the CharStrings INDEX structure. This vulnerability could be used by a remote attacker to execute arbitrary code, by enticing the user of Mac OS X v10.5.x to view or download a PDF document containing a embedded malicious CFF font.
68f4efdb58f840ab80355a23048b12dea182facc85054b76571b1964d5254a0eCore Security Technologies Advisory - The Sun xVM VirtualBox suffers from a privilege escalation vulnerability due to insufficient input validation in VboxDrv.sys. Proof of concept code included.
5b2b609eef7799da6366c7eee24f5704c537ed42e64f375f1f17a0cad4017929Core Security Technologies Advisory - Insufficient argument validation of hooked SSDT functions exists in BitDefender Antivirus 2008 Build 11.0.11, Comodo Firewall Pro 2.4.18.184, Sophos Antivirus 7.0.5, and Rising Antivirus 19.60.0.0 and 19.66.0.0. Older versions may be affected, but were not checked.
0fa04aa1e85e203b50c317ecfa9b306142897af5e26a38640049097c9eab79fdCore Security Technologies Advisory - The VideoLAN (VLC) media player package is vulnerable to an arbitrary memory corruption vulnerability, which can be exploited by malicious remote attackers to compromise a user's system. VLC versions 0.8.6d and below and Miro Player versions 1.1 and below are vulnerable. Proof of concept code included.
4256730c62805a313b1a0048df1338eafe6f939bf47a7756297bc4fe01f54383Core Security Technologies Advisory - The MPlayer package is vulnerable to an arbitrary pointer dereference vulnerability, which can be exploited by malicious remote attackers to compromise a user's system. The vulnerability is caused by the MPlayer libmpdemux ('demux_mov.c') library not properly sanitizing certain tags on a MOV file before using them to index an array on the heap. This can be exploited to execute arbitrary commands by opening a specially crafted file.
c3dbdf2e8f7ae8c5db2507b176551c4a741b53e50ee9905fe4920754fdc7507c
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed