accept no compromises
Showing 1 - 20 of 20 RSS Feed

Files from Francisco Falcon

First Active2008-08-21
Last Active2016-03-17
FreeBSD Kernel amd64_set_ldt Heap Overflow
Posted Mar 17, 2016
Authored by Core Security Technologies, Francisco Falcon

Core Security Technologies Advisory - An integer signedness error has been found in the amd64_set_ldt() function in the FreeBSD kernel code (define d in the /sys/amd64/amd64/sys_machdep.c file), which implements the i386_set_ldt system call on the amd64 version of the OS. This integer signedness issue ultimately leads to a heap overflow in the kernel, allowing local unprivileged attackers to crash the system. FreeBSD 10.2 amd64 is affected.

tags | exploit, overflow, kernel
systems | freebsd, bsd
advisories | CVE-2016-1885
MD5 | 5fddced07d5ad899ebb2d9c6bf48f392
Microsoft Windows Media Center Incorrectly Resolved Reference
Posted Dec 9, 2015
Authored by Core Security Technologies, Francisco Falcon

Core Security Technologies Advisory - The 'application' tag in Microsoft Windows Media Center link files (.mcl extension) can include a 'run' parameter, which indicates the path of a file to be launched when opening the MCL file, or a 'url' parameter, which indicates the URL of a web page to be loaded within the Media Center's embedded web browser. A specially crafted MCL file having said 'url' parameter pointing to the MCL file itself can trick Windows Media Center into rendering the very same MCL file as a local HTML file within the Media Center's embedded web browser.

tags | exploit, web, local
systems | windows
advisories | CVE-2015-6127
MD5 | 74ea83d965e529488bfa6515c1580c14
FreeBSD Security Advisory - Kernel Memory Disclosure / Corruption
Posted Jan 28, 2015
Authored by Francisco Falcon, Clement LECIGNE | Site security.freebsd.org

FreeBSD Security Advisory - SCTP protocol provides reliable, flow-controlled, two-way transmission of data. It is a message oriented protocol and can support the SOCK_STREAM and SOCK_SEQPACKET abstractions. SCTP allows the user to choose between multiple scheduling algorithms to optimize the sending behavior of SCTP in scenarios with different requirements. Due to insufficient validation of the SCTP stream ID, which serves as an array index, a local unprivileged attacker can read or write 16-bits of kernel memory.

tags | advisory, kernel, local, protocol
systems | freebsd
advisories | CVE-2014-8612
MD5 | d91dfbcc12d71302de651badd86e3a5f
FreeBSD Kernel Crash / Code Execution / Disclosure
Posted Jan 28, 2015
Authored by Core Security Technologies, Francisco Falcon | Site coresecurity.com

Core Security Technologies Advisory - Multiple vulnerabilities have been found in the FreeBSD kernel code that implements the vt console driver (previously known as Newcons) and the code that implements SCTP sockets. These vulnerabilities could allow local unprivileged attackers to disclose kernel memory containing sensitive information, crash the system, and execute arbitrary code with superuser privileges.

tags | exploit, arbitrary, kernel, local, vulnerability
systems | freebsd
advisories | CVE-2014-0998, CVE-2014-8612
MD5 | dd8c3fcef37258dd9b8bfea7c1a546f1
VirtualBox 3D Acceleration Virtual Machine Escape
Posted Aug 14, 2014
Authored by Francisco Falcon, juan vazquez, Florian Ledoux | Site metasploit.com

This Metasploit module exploits a vulnerability in the 3D Acceleration support for VirtualBox. The vulnerability exists in the remote rendering of OpenGL-based 3D graphics. By sending a sequence of specially crafted of rendering messages, a virtual machine can exploit an out of bounds array access to corrupt memory and escape to the host. This Metasploit module has been tested successfully on Windows 7 SP1 (64 bits) as Host running Virtual Box 4.3.6.

tags | exploit, remote
systems | windows, 7
advisories | CVE-2014-0983
MD5 | dcc77fac6866efe74508b6b9429587dc
Oracle VirtualBox 3D Acceleration Memory Corruption
Posted Mar 11, 2014
Authored by Core Security Technologies, Andres Blanco, Francisco Falcon | Site coresecurity.com

Core Security Technologies Advisory - Multiple memory corruption vulnerabilities have been found in the code that implements 3D Acceleration for OpenGL graphics in Oracle VirtualBox. These vulnerabilities could allow an attacker who is already running code within a Guest OS to escape from the virtual machine and execute arbitrary code on the Host OS.

tags | exploit, arbitrary, vulnerability
advisories | CVE-2014-0981, CVE-2014-0982, CVE-2014-0983
MD5 | e64c663a75df61c063ab412dac73acc8
Sophos Web Protection Appliance clear_keys.pl Local Privilege Escalation
Posted Sep 17, 2013
Authored by Francisco Falcon, juan vazquez | Site metasploit.com

This Metasploit module abuses a command injection on the clear_keys.pl perl script, installed with the Sophos Web Protection Appliance, to escalate privileges from the "spiderman" user to "root". This Metasploit module is useful for post exploitation of vulnerabilities on the Sophos Web Protection Appliance web ui, executed by the "spiderman" user. This Metasploit module has been tested successfully on Sophos Virtual Web Appliance 3.7.0.

tags | exploit, web, root, perl, vulnerability
advisories | CVE-2013-4984, OSVDB-97028
MD5 | 045d7706a83f11ef97ef77f137a6d58b
Sophos Web Protection Appliance sblistpack Arbitrary Command Execution
Posted Sep 17, 2013
Authored by Francisco Falcon, juan vazquez | Site metasploit.com

This Metasploit module exploits a command injection vulnerability on Sophos Web Protection Appliance 3.7.9, 3.8.0 and 3.8.1. The vulnerability exists on the sblistpack component, reachable from the web interface without authentication. This Metasploit module has been tested successfully on Sophos Virtual Web Appliance 3.7.0.

tags | exploit, web
advisories | CVE-2013-4983, OSVDB-97029
MD5 | efad4b08bc7895d76145207b6fc9645d
Sophos Web Protection Appliance Command Injection
Posted Sep 7, 2013
Authored by Core Security Technologies, Francisco Falcon | Site coresecurity.com

Core Security Technologies Advisory - Sophos Web Protection Appliance versions 3.7.9 and earlier, 3.8.1, and 3.8.0 suffer from multiple OS command injection vulnerabilities.

tags | exploit, web, vulnerability
advisories | CVE-2013-4983, CVE-2013-4984
MD5 | c9fb5b1637c2dd01fd25290497647bc7
TP-Link IP Camera Hardcoded Credentials / Command Injection
Posted May 28, 2013
Authored by Core Security Technologies, Nahuel Riva, Francisco Falcon | Site coresecurity.com

TP-Link IP cameras suffer from hard-coded credential and remote command execution vulnerabilities.

tags | exploit, remote, vulnerability
advisories | CVE-2013-2573, CVE-2013-2572
MD5 | 0397c9178afefc912805b6d1eaa763a1
Zavio IP Camera Command Injection / Bypass
Posted May 28, 2013
Authored by Core Security Technologies, Nahuel Riva, Francisco Falcon | Site coresecurity.com

Core Security Technologies Advisory - Zavio IP cameras based on firmware versions 1.6.03 and below suffer from bypass, hard-coded credential, and arbitrary command execution vulnerabilities.

tags | exploit, arbitrary, vulnerability
advisories | CVE-2013-2567, CVE-2013-2568, CVE-2013-2569, CVE-2013-2570
MD5 | 4034e4e1cb09253908be504ce863394f
D-Link IP Cameras Injection / Bypass
Posted Apr 29, 2013
Authored by Core Security Technologies, Nahuel Riva, Francisco Falcon, Pablo Santamaria, Juan Cotta, Martin Rocha | Site coresecurity.com

Core Security Technologies Advisory - D-Link IP Cameras suffer from OS command injection, authentication, information leak, and hard-coded credential vulnerabilities.

tags | exploit, vulnerability
advisories | CVE-2013-1599, CVE-2013-1600, CVE-2013-1601, CVE-2013-1602, CVE-2013-1603
MD5 | c9bc857db464de16f8f840ad447d5881
Vivotek IP Camera Buffer Overflow / Disclosure / Injection
Posted Apr 29, 2013
Authored by Core Security Technologies, Nahuel Riva, Francisco Falcon, Alejandro Leon Morales, Juan Cotta, Martin Rocha | Site coresecurity.com

Core Security Technologies Advisory - Vivotek IP Cameras suffer from information leak, buffer overflow, authentication, path traversal, and command injection vulnerabilities. Vulnerable are Vivotek PT7135 IP camera with firmware 0300a, Vivotek PT7135 IP camera with firmware 0400a, and possibly others.

tags | exploit, overflow, vulnerability
advisories | CVE-2013-1594, CVE-2013-1595, CVE-2013-1596, CVE-2013-1597, CVE-2013-1598
MD5 | b85b1ef6c99144cbd2edd7812d06158b
SAP Netweaver Message Server Buffer Overflow
Posted Feb 15, 2013
Authored by Core Security Technologies, Francisco Falcon, Martin Gallo | Site coresecurity.com

Core Security Technologies Advisory - Multiple vulnerabilities have been found in SAP Netweaver that could allow an unauthenticated remote attacker to execute arbitrary code and lead to denial of service conditions. The vulnerabilities are triggered sending specially crafted SAP Message Server packets to remote TCP ports 36NN and/or 39NN (being NN the SAP system number) of a host running the 'Message Server' service, part of SAP Netweaver Application Server ABAP. By sending different messages, the different vulnerabilities can be triggered.

tags | exploit, remote, denial of service, arbitrary, tcp, vulnerability
advisories | CVE-2013-1592, CVE-2013-1593
MD5 | 388e913d89cf47a904c336f1112889bc
Foxit Reader 3.0 Open Execute Action Stack Based Buffer Overflow
Posted May 22, 2012
Authored by bannedit, Francisco Falcon | Site metasploit.com

This Metasploit module exploits a buffer overflow in Foxit Reader 3.0 builds 1301 and earlier. Due to the way Foxit Reader handles the input from an "Launch" action, it is possible to cause a stack-based buffer overflow, allowing an attacker to gain arbitrary code execution under the context of the user.

tags | exploit, overflow, arbitrary, code execution
advisories | OSVDB-55614
MD5 | dd101f060050f721d607dcf105579673
Core Security Technologies Advisory 2010.1021
Posted Jun 16, 2011
Authored by Core Security Technologies, Francisco Falcon | Site coresecurity.com

Core Security Technologies Advisory - The administrative console of IBM WebSphere Application Server is vulnerable to Cross-Site Request Forgery (CSRF) attacks, which can be exploited by remote attackers to force a logged-in administrator to perform unwanted actions on the IBM WebSphere administrative console, by enticing him to visit a malicious web page. Versions 7.0.0.11 and 7.0.0.13 are confirmed vulnerable.

tags | exploit, remote, web, csrf
advisories | CVE-2010-3271
MD5 | c6e94c1666d5f9b7df4619d5fdd8bf28
Core Security Technologies Advisory 2010.1118
Posted May 12, 2011
Authored by Core Security Technologies, Francisco Falcon | Site coresecurity.com

Core Security Technologies Advisory - The Administration Console of Oracle GlassFish Server, which is listening by default on port 4848/TCP, is prone to an authentication bypass vulnerability. This vulnerability can be exploited by remote attackers to access sensitive data on the server without being authenticated, by making 'TRACE' requests against the Administration Console. Oracle GlassFish Server version 3.0.1 and Sun GlassFish Enterprise Server version 2.1.1 are affected.

tags | exploit, remote, tcp, bypass
advisories | CVE-2011-1511
MD5 | aed0efb7e4049f02a715c1bc2c2c7a4a
Core Security Technologies Advisory 2009.1126
Posted Feb 2, 2010
Authored by Core Security Technologies, Francisco Falcon | Site coresecurity.com

Core Security Technologies Advisory - Corel Paint Shop Pro Photo X2 is prone to a heap-based buffer overflow when processing malformed FPX files, because it trusts user-controlled data located inside a FPX file and uses it as a loop counter when copying data from a FPX file into a fixed-size buffer located in the heap. This vulnerability can be exploited to overwrite adjacent heap chunks metadata, and possibly to gain arbitrary code execution.

tags | advisory, overflow, arbitrary, code execution
MD5 | c2a7e082be81a97c93087c88540a9f94
Core Security Technologies Advisory 2009.0218
Posted Mar 9, 2009
Authored by Core Security Technologies, Francisco Falcon | Site coresecurity.com

Foxit Reader versions 3.0 build 1120 and build 1301 suffer from authorization bypass and buffer overflow vulnerabilities.

tags | advisory, overflow, vulnerability
advisories | CVE-2009-0836, CVE-2009-0837
MD5 | e3819ef2f892e318f47ff55dff405400
Core Security Technologies Advisory 2008.0624
Posted Aug 21, 2008
Authored by Core Security Technologies, Francisco Falcon | Site coresecurity.com

Core Security Technologies Advisory - Anzio Web Print Object (WePO) is a Windows ActiveX web page component that suffers from a buffer overflow vulnerability.

tags | exploit, web, overflow, activex
systems | windows
advisories | CVE-2008-3480
MD5 | 2f9bb16efa2c023574ae39cd5fde147b
Page 1 of 1
Back1Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    16 Files
  • 17
    Oct 17th
    16 Files
  • 18
    Oct 18th
    14 Files
  • 19
    Oct 19th
    8 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close