exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 20 of 20 RSS Feed

Files from Francisco Falcon

First Active2008-08-21
Last Active2016-03-17
FreeBSD Kernel amd64_set_ldt Heap Overflow
Posted Mar 17, 2016
Authored by Core Security Technologies, Francisco Falcon

Core Security Technologies Advisory - An integer signedness error has been found in the amd64_set_ldt() function in the FreeBSD kernel code (define d in the /sys/amd64/amd64/sys_machdep.c file), which implements the i386_set_ldt system call on the amd64 version of the OS. This integer signedness issue ultimately leads to a heap overflow in the kernel, allowing local unprivileged attackers to crash the system. FreeBSD 10.2 amd64 is affected.

tags | exploit, overflow, kernel
systems | freebsd, bsd
advisories | CVE-2016-1885
SHA-256 | d41fcb2fcfd845b70a122e20b1cbd17e3b183211e307eaf35331480595a9fc22
Microsoft Windows Media Center Incorrectly Resolved Reference
Posted Dec 9, 2015
Authored by Core Security Technologies, Francisco Falcon

Core Security Technologies Advisory - The 'application' tag in Microsoft Windows Media Center link files (.mcl extension) can include a 'run' parameter, which indicates the path of a file to be launched when opening the MCL file, or a 'url' parameter, which indicates the URL of a web page to be loaded within the Media Center's embedded web browser. A specially crafted MCL file having said 'url' parameter pointing to the MCL file itself can trick Windows Media Center into rendering the very same MCL file as a local HTML file within the Media Center's embedded web browser.

tags | exploit, web, local
systems | windows
advisories | CVE-2015-6127
SHA-256 | 9799e326c07a7ab71d9ef358d6f4d5e6a701d96b2706e59c7ebca20a69575734
FreeBSD Security Advisory - Kernel Memory Disclosure / Corruption
Posted Jan 28, 2015
Authored by Francisco Falcon, Clement LECIGNE | Site security.freebsd.org

FreeBSD Security Advisory - SCTP protocol provides reliable, flow-controlled, two-way transmission of data. It is a message oriented protocol and can support the SOCK_STREAM and SOCK_SEQPACKET abstractions. SCTP allows the user to choose between multiple scheduling algorithms to optimize the sending behavior of SCTP in scenarios with different requirements. Due to insufficient validation of the SCTP stream ID, which serves as an array index, a local unprivileged attacker can read or write 16-bits of kernel memory.

tags | advisory, kernel, local, protocol
systems | freebsd
advisories | CVE-2014-8612
SHA-256 | 94980381572f511b4697b2bf2b6d1b10dee3a0640f849037c8cd995bace01080
FreeBSD Kernel Crash / Code Execution / Disclosure
Posted Jan 28, 2015
Authored by Core Security Technologies, Francisco Falcon | Site coresecurity.com

Core Security Technologies Advisory - Multiple vulnerabilities have been found in the FreeBSD kernel code that implements the vt console driver (previously known as Newcons) and the code that implements SCTP sockets. These vulnerabilities could allow local unprivileged attackers to disclose kernel memory containing sensitive information, crash the system, and execute arbitrary code with superuser privileges.

tags | exploit, arbitrary, kernel, local, vulnerability
systems | freebsd
advisories | CVE-2014-0998, CVE-2014-8612
SHA-256 | ab4dd6486f4ee6eea333af5b0238b5e37c79372f03d28ec456d911e6e9c2a2f2
VirtualBox 3D Acceleration Virtual Machine Escape
Posted Aug 14, 2014
Authored by Francisco Falcon, juan vazquez, Florian Ledoux | Site metasploit.com

This Metasploit module exploits a vulnerability in the 3D Acceleration support for VirtualBox. The vulnerability exists in the remote rendering of OpenGL-based 3D graphics. By sending a sequence of specially crafted of rendering messages, a virtual machine can exploit an out of bounds array access to corrupt memory and escape to the host. This Metasploit module has been tested successfully on Windows 7 SP1 (64 bits) as Host running Virtual Box 4.3.6.

tags | exploit, remote
systems | windows
advisories | CVE-2014-0983
SHA-256 | 86c260fb68e437881ab16b483c4e49b6bc21fe1b4a46b94f446e6d346cda9dda
Oracle VirtualBox 3D Acceleration Memory Corruption
Posted Mar 11, 2014
Authored by Core Security Technologies, Andres Blanco, Francisco Falcon | Site coresecurity.com

Core Security Technologies Advisory - Multiple memory corruption vulnerabilities have been found in the code that implements 3D Acceleration for OpenGL graphics in Oracle VirtualBox. These vulnerabilities could allow an attacker who is already running code within a Guest OS to escape from the virtual machine and execute arbitrary code on the Host OS.

tags | exploit, arbitrary, vulnerability
advisories | CVE-2014-0981, CVE-2014-0982, CVE-2014-0983
SHA-256 | 21ec84e64e681dcbf21f5213bd3356433798b0d9e50c61ad3431bb54276c747d
Sophos Web Protection Appliance clear_keys.pl Local Privilege Escalation
Posted Sep 17, 2013
Authored by Francisco Falcon, juan vazquez | Site metasploit.com

This Metasploit module abuses a command injection on the clear_keys.pl perl script, installed with the Sophos Web Protection Appliance, to escalate privileges from the "spiderman" user to "root". This Metasploit module is useful for post exploitation of vulnerabilities on the Sophos Web Protection Appliance web ui, executed by the "spiderman" user. This Metasploit module has been tested successfully on Sophos Virtual Web Appliance 3.7.0.

tags | exploit, web, root, perl, vulnerability
advisories | CVE-2013-4984, OSVDB-97028
SHA-256 | 7b650af9e32cadfdd3be9e6255740c3a5d42d0ac1627d52bec5e8e35f7e5b29b
Sophos Web Protection Appliance sblistpack Arbitrary Command Execution
Posted Sep 17, 2013
Authored by Francisco Falcon, juan vazquez | Site metasploit.com

This Metasploit module exploits a command injection vulnerability on Sophos Web Protection Appliance 3.7.9, 3.8.0 and 3.8.1. The vulnerability exists on the sblistpack component, reachable from the web interface without authentication. This Metasploit module has been tested successfully on Sophos Virtual Web Appliance 3.7.0.

tags | exploit, web
advisories | CVE-2013-4983, OSVDB-97029
SHA-256 | bcde5e8d8f05d7b1ad0a9daef6977f314f81b4851a6c07b2830229371f0f0838
Sophos Web Protection Appliance Command Injection
Posted Sep 7, 2013
Authored by Core Security Technologies, Francisco Falcon | Site coresecurity.com

Core Security Technologies Advisory - Sophos Web Protection Appliance versions 3.7.9 and earlier, 3.8.1, and 3.8.0 suffer from multiple OS command injection vulnerabilities.

tags | exploit, web, vulnerability
advisories | CVE-2013-4983, CVE-2013-4984
SHA-256 | 9b18440c26f1295d0a92ba4d7e6ec1dd5c6560e29f7da1ea8bd466580e248550
TP-Link IP Camera Hardcoded Credentials / Command Injection
Posted May 28, 2013
Authored by Core Security Technologies, Nahuel Riva, Francisco Falcon | Site coresecurity.com

TP-Link IP cameras suffer from hard-coded credential and remote command execution vulnerabilities.

tags | exploit, remote, vulnerability
advisories | CVE-2013-2573, CVE-2013-2572
SHA-256 | d96b583866927f2f59a08545c251d956a2dfef2c6512197cefb588c1ac39997b
Zavio IP Camera Command Injection / Bypass
Posted May 28, 2013
Authored by Core Security Technologies, Nahuel Riva, Francisco Falcon | Site coresecurity.com

Core Security Technologies Advisory - Zavio IP cameras based on firmware versions 1.6.03 and below suffer from bypass, hard-coded credential, and arbitrary command execution vulnerabilities.

tags | exploit, arbitrary, vulnerability
advisories | CVE-2013-2567, CVE-2013-2568, CVE-2013-2569, CVE-2013-2570
SHA-256 | 78c356b2ffcb1e25d51e6592b9d5d73b842cdf1d53ab057c2850cde52d3c84c9
D-Link IP Cameras Injection / Bypass
Posted Apr 29, 2013
Authored by Core Security Technologies, Nahuel Riva, Francisco Falcon, Pablo Santamaria, Juan Cotta, Martin Rocha | Site coresecurity.com

Core Security Technologies Advisory - D-Link IP Cameras suffer from OS command injection, authentication, information leak, and hard-coded credential vulnerabilities.

tags | exploit, vulnerability
advisories | CVE-2013-1599, CVE-2013-1600, CVE-2013-1601, CVE-2013-1602, CVE-2013-1603
SHA-256 | c89524253ab599d8622f01400e1599d3a2ca11af0117966d4e4a0fe9ff04ad31
Vivotek IP Camera Buffer Overflow / Disclosure / Injection
Posted Apr 29, 2013
Authored by Core Security Technologies, Nahuel Riva, Francisco Falcon, Alejandro Leon Morales, Juan Cotta, Martin Rocha | Site coresecurity.com

Core Security Technologies Advisory - Vivotek IP Cameras suffer from information leak, buffer overflow, authentication, path traversal, and command injection vulnerabilities. Vulnerable are Vivotek PT7135 IP camera with firmware 0300a, Vivotek PT7135 IP camera with firmware 0400a, and possibly others.

tags | exploit, overflow, vulnerability
advisories | CVE-2013-1594, CVE-2013-1595, CVE-2013-1596, CVE-2013-1597, CVE-2013-1598
SHA-256 | fa7660e4a137a97602dd52a3f2f89792f4eba90870562d6329ab58bbcacf03d9
SAP Netweaver Message Server Buffer Overflow
Posted Feb 15, 2013
Authored by Core Security Technologies, Francisco Falcon, Martin Gallo | Site coresecurity.com

Core Security Technologies Advisory - Multiple vulnerabilities have been found in SAP Netweaver that could allow an unauthenticated remote attacker to execute arbitrary code and lead to denial of service conditions. The vulnerabilities are triggered sending specially crafted SAP Message Server packets to remote TCP ports 36NN and/or 39NN (being NN the SAP system number) of a host running the 'Message Server' service, part of SAP Netweaver Application Server ABAP. By sending different messages, the different vulnerabilities can be triggered.

tags | exploit, remote, denial of service, arbitrary, tcp, vulnerability
advisories | CVE-2013-1592, CVE-2013-1593
SHA-256 | 287b3598e1016bac4e6bbe89252ab94d7ee5e39ea5592c228fff16f1c08ce946
Foxit Reader 3.0 Open Execute Action Stack Based Buffer Overflow
Posted May 22, 2012
Authored by bannedit, Francisco Falcon | Site metasploit.com

This Metasploit module exploits a buffer overflow in Foxit Reader 3.0 builds 1301 and earlier. Due to the way Foxit Reader handles the input from an "Launch" action, it is possible to cause a stack-based buffer overflow, allowing an attacker to gain arbitrary code execution under the context of the user.

tags | exploit, overflow, arbitrary, code execution
advisories | OSVDB-55614
SHA-256 | 009165bbb7f39c130705ca1779b5bf21f2c3fd6f324d13329ecce60c590e0dcc
Core Security Technologies Advisory 2010.1021
Posted Jun 16, 2011
Authored by Core Security Technologies, Francisco Falcon | Site coresecurity.com

Core Security Technologies Advisory - The administrative console of IBM WebSphere Application Server is vulnerable to Cross-Site Request Forgery (CSRF) attacks, which can be exploited by remote attackers to force a logged-in administrator to perform unwanted actions on the IBM WebSphere administrative console, by enticing him to visit a malicious web page. Versions 7.0.0.11 and 7.0.0.13 are confirmed vulnerable.

tags | exploit, remote, web, csrf
advisories | CVE-2010-3271
SHA-256 | c5935cba98df6fe3be07143a413aa1c7d1b1b171f7643b662db9f9dff22ce27e
Core Security Technologies Advisory 2010.1118
Posted May 12, 2011
Authored by Core Security Technologies, Francisco Falcon | Site coresecurity.com

Core Security Technologies Advisory - The Administration Console of Oracle GlassFish Server, which is listening by default on port 4848/TCP, is prone to an authentication bypass vulnerability. This vulnerability can be exploited by remote attackers to access sensitive data on the server without being authenticated, by making 'TRACE' requests against the Administration Console. Oracle GlassFish Server version 3.0.1 and Sun GlassFish Enterprise Server version 2.1.1 are affected.

tags | exploit, remote, tcp, bypass
advisories | CVE-2011-1511
SHA-256 | 3069091a5a304083556b231d526f0d1b73792c5176a24a96007d6fd9dee86cb0
Core Security Technologies Advisory 2009.1126
Posted Feb 2, 2010
Authored by Core Security Technologies, Francisco Falcon | Site coresecurity.com

Core Security Technologies Advisory - Corel Paint Shop Pro Photo X2 is prone to a heap-based buffer overflow when processing malformed FPX files, because it trusts user-controlled data located inside a FPX file and uses it as a loop counter when copying data from a FPX file into a fixed-size buffer located in the heap. This vulnerability can be exploited to overwrite adjacent heap chunks metadata, and possibly to gain arbitrary code execution.

tags | advisory, overflow, arbitrary, code execution
SHA-256 | a6f2c88aa2e79b669f40a3e754b153097c2a704191671ee32dc54d20f872330a
Core Security Technologies Advisory 2009.0218
Posted Mar 9, 2009
Authored by Core Security Technologies, Francisco Falcon | Site coresecurity.com

Foxit Reader versions 3.0 build 1120 and build 1301 suffer from authorization bypass and buffer overflow vulnerabilities.

tags | advisory, overflow, vulnerability
advisories | CVE-2009-0836, CVE-2009-0837
SHA-256 | fbe7a9965a2887b415c01e3fe3490d016b1b5248398aa3b9b36bb9c0f1de6607
Core Security Technologies Advisory 2008.0624
Posted Aug 21, 2008
Authored by Core Security Technologies, Francisco Falcon | Site coresecurity.com

Core Security Technologies Advisory - Anzio Web Print Object (WePO) is a Windows ActiveX web page component that suffers from a buffer overflow vulnerability.

tags | exploit, web, overflow, activex
systems | windows
advisories | CVE-2008-3480
SHA-256 | a318beb516a48eb0fd3989f69c6622849d755284631c5cf5b2afe2b098a5098b
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close