what you don't know can hurt you

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 2 of 2

Files from Facundo Pantaleo

Advantech EKI-6340 2.05 Command Injection

Posted Nov 20, 2014

Authored by Core Security Technologies, Anibal Sacco, Facundo Pantaleo, Joaquin Rodriguez Varela, Flavio Cangini | Site coresecurity.com

Core Security Technologies Advisory - Advantech EKI-6340 series is vulnerable to an OS command injection, which can be exploited by remote attackers to execute arbitrary code and commands, by using a non privileged user against a vulnerable CGI file.

tags | exploit, remote, arbitrary, cgi

advisories | CVE-2014-8387

SHA-256 | a64726d244d547419fa3a47c114cb81761f6e477ec05f980a3199ab9e0a55aca

Download | Favorite | View

AVTECH DVR Buffer Overflow / CAPTCHA Bypass

Posted Aug 28, 2013

Authored by Core Security Technologies, Anibal Sacco, Facundo Pantaleo | Site coresecurity.com

Core Security Technologies Advisory - Multiple vulnerabilities have been found in AVTECH AVN801 DVR (and potentially other devices sharing the affected firmware) that could allow a remote attacker to exploit multiple buffer overflows resulting in arbitrary code execution or bypass CAPTCHA functionality for logging into the administrative console. Proof of concept code included.

tags | exploit, remote, overflow, arbitrary, vulnerability, code execution, proof of concept

advisories | CVE-2013-4980, CVE-2013-4981, CVE-2013-4982

SHA-256 | d69c855434e206ed106355a53d8a7790ee1a27b7581178dde7685f2ac8f54862

Download | Favorite | View