Twenty Year Anniversary
Showing 1 - 8 of 8 RSS Feed

Files from Diego Juarez

First Active2008-04-04
Last Active2018-10-27
ASRock Drivers Privilege Escalation / Code Execution
Posted Oct 27, 2018
Authored by Core Security Technologies, Diego Juarez | Site secureauth.com

ASRock offers several utilities designed to give the user with an ASRock motherboard more control over certain settings and functions. These utilities include various features like the RGB LED control, hardware monitor, fan controls, and overclocking/voltage options. Multiple vulnerabilities were found in AsrDrv101.sys and AsrDrv102.sys low level drivers, installed by ASRock RGBLED and other ASRock branded utilities, which could allow a local attacker to elevate privileges. Vulnerable packages include ASRock RGBLED before version 1.0.35.1, A-Tuning before version 3.0.210, F-Stream before version 3.0.210, and RestartToUEFI before version 1.0.6.2.

tags | exploit, local, vulnerability
advisories | CVE-2018-10709, CVE-2018-10710, CVE-2018-10711, CVE-2018-10712
MD5 | 21d4d95e72ff845d830ec7e7c0d06a11
Orbit Downloader URL Unicode Conversion Overflow
Posted Feb 24, 2012
Authored by Diego Juarez, juan vazquez | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow in Orbit Downloader. The vulnerability is due to Orbit converting an URL ascii string to unicode in a insecure way with MultiByteToWideChar. The vulnerability is exploited with a specially crafted metalink file that should be opened with Orbit through the "File->Add Metalink..." option.

tags | exploit, overflow
advisories | CVE-2008-1602, OSVDB-44036
MD5 | 5017437ecf65f41b47492201c015d32c
Core Security Technologies Advisory 2011.0204
Posted May 12, 2011
Authored by Core Security Technologies, Diego Juarez, Eduardo Koch, Laura Balian | Site coresecurity.com

Core Security Technologies Advisory - Adobe Audition is vulnerable to numerous buffer overflows while parsing several fields inside the TRKM chunk on session (.ses) files. Then, a memory corruption can be leveraged to execute arbitrary code on vulnerable systems by enticing users to open specially crafted session files.

tags | exploit, overflow, arbitrary
advisories | CVE-2011-0615
MD5 | 7b91488b5d62aa1fd73cf0106c145262
Core Security Technologies Advisory 2010.0624
Posted Oct 13, 2010
Authored by Core Security Technologies, Diego Juarez | Site coresecurity.com

Core Security Technologies Advisory - While investigating the OpenType Compact Font Format vulnerability disclosed in MS10-037, Diego Juarez discovered another kernel bug in the parsing of OTF files. Loading a malformed OpenType font can cause the entire system to crash. The vulnerability could be used locally by attackers with access to an unprivileged account to elevate privileges to those of a System Administrator.

tags | advisory, kernel
advisories | CVE-2010-2741
MD5 | cbe3eef82d5ec07f0375e013a7f03a8e
Core Security Technologies Advisory 2009.0803
Posted Mar 16, 2010
Authored by Core Security Technologies, Diego Juarez, Nicolas A. Economou | Site coresecurity.com

Core Security Technologies Advisory - A vulnerability found in the memory management of the Virtual Machine Monitor makes memory pages mapped above the 2GB available with read or read/write access to user-space programs running in a Guest operating system.

tags | advisory
MD5 | 936c26e59571a54c68f677c92c973253
Core Security Technologies Advisory 2009.0913
Posted Mar 3, 2010
Authored by Core Security Technologies, Diego Juarez, Nadia Rodriguez

Core Security Technologies Advisory - Luxology Modo 401 suffers from an integer overflow vulnerability when parsing .LXO files.

tags | exploit, overflow
advisories | CVE-2010-0766
MD5 | 6b27a5167752806e3964c742d3583513
Core Security Technologies Advisory 2009.0519
Posted Jul 8, 2009
Authored by Core Security Technologies, Diego Juarez | Site coresecurity.com

Core Security Technologies Advisory - Awakening's Winds3D Viewer, which runs as a plugin within most popular web browsers, is vulnerable to a remotely exploitable arbitrary command execution vulnerability which can be triggered by making the user visit a malicious link/website. Versions 3.5.0.0 and 3.0.0.5 are vulnerable.

tags | exploit, web, arbitrary
advisories | CVE-2009-2386
MD5 | dd8314606e5d9fe5e80ed6775b92d050
Core Security Technologies Advisory 2008.0314
Posted Apr 4, 2008
Authored by Core Security Technologies, Diego Juarez | Site coresecurity.com

Core Security Technologies Advisory - Orbit Downloader is vulnerable to a buffer overflow attack which can be exploited to execute arbitrary code. Versions 2.6.3 and 2.6.4 are verified vulnerable.

tags | advisory, overflow, arbitrary
advisories | CVE-2008-1602
MD5 | 3cb9c129e128a6f459b5ce8739aaf7a1
Page 1 of 1
Back1Next

File Archive:

November 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    10 Files
  • 2
    Nov 2nd
    15 Files
  • 3
    Nov 3rd
    2 Files
  • 4
    Nov 4th
    2 Files
  • 5
    Nov 5th
    32 Files
  • 6
    Nov 6th
    27 Files
  • 7
    Nov 7th
    8 Files
  • 8
    Nov 8th
    9 Files
  • 9
    Nov 9th
    17 Files
  • 10
    Nov 10th
    2 Files
  • 11
    Nov 11th
    2 Files
  • 12
    Nov 12th
    33 Files
  • 13
    Nov 13th
    29 Files
  • 14
    Nov 14th
    23 Files
  • 15
    Nov 15th
    45 Files
  • 16
    Nov 16th
    11 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close