exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 101 - 125 of 207 RSS Feed

Files from Core Security Technologies

Email addressinfo at coresecurity.com
First Active2002-07-12
Last Active2020-06-09
Core Security Technologies Advisory 2010.0728
Posted Dec 13, 2010
Authored by Core Security Technologies, Nahuel Riva | Site coresecurity.com

Core Security Technologies Advisory - The Intel Alert Handler service ('hndlrsvc.exe') fails to correctly process the 'CommandLine' field in the AMS request. A source address in a 'MOV' instruction is calculated from values present in the request, causing a remote denial-of-service.

tags | advisory, remote
advisories | CVE-2010-3268
SHA-256 | 55e5c8b436e323fd3f97ab13849257975ad0f4264ec70be10dbcab9dc97bde9d
Core Security Technologies Advisory 2010.1109
Posted Dec 1, 2010
Authored by Core Security Technologies, Damian Saura, Alejandro Frydman | Site coresecurity.com

Core Security Technologies Advisory - BugTracker.NET version 3.4.4 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
advisories | CVE-2010-3266, CVE-2010-3267
SHA-256 | df62246969e76ce6e41b258ba8e60b03abae844da0cf2cafd62ae743eea6ad45
Core Security Technologies Advisory 2010.1018
Posted Nov 11, 2010
Authored by Core Security Technologies, Aureliano Calvo | Site coresecurity.com

Core Security Technologies Advisory - A security vulnerability was discovered in LANDesk Management Suite: The Landesk web application does not sufficiently verify if a well-formed request was provided by the user who submitted the request. Using this information an external remote attacker can run arbitrary code using the 'gsbadmin' user (that is the user running the web-server). In order to be able to successfully make the attack, the administrator must be logged in to the appliance with the browser that the attacker uses to make the attack (for instance, exploiting a XSS in a different tab in the browser).

tags | exploit, remote, web, arbitrary
advisories | CVE-2010-2892
SHA-256 | 3dc2b0c9c31c4becfd753be92f87f46eef1496e094193a2f7775f7b49bd1734b
Core Security Technologies Advisory 2010.0825
Posted Nov 9, 2010
Authored by Core Security Technologies, Anibal Sacco, Matias Eissler | Site coresecurity.com

Core Security Technologies Advisory - The Apple Type Services is prone to memory corruption due a sign mismatch vulnerability when handling the last offset value of the CharStrings INDEX structure. This vulnerability could be used by a remote attacker to execute arbitrary code, by enticing the user of Mac OS X v10.5.x to view or download a PDF document containing a embedded malicious CFF font.

tags | advisory, remote, arbitrary
systems | apple, osx
advisories | CVE-2010-1797
SHA-256 | 68f4efdb58f840ab80355a23048b12dea182facc85054b76571b1964d5254a0e
Core Security Technologies Advisory 2010.0819
Posted Oct 20, 2010
Authored by Core Security Technologies | Site coresecurity.com

Core Security Technologies Advisory - A statically allocated buffer is overwritten in the case that a very long Object Identifier is specified in stringified dotted notation to the smiGetNode function of libsmi. This may result in arbitrary code execution by cleverly overwriting key pointers in memory.

tags | advisory, arbitrary, code execution
advisories | CVE-2010-2891
SHA-256 | 16f418d01c3fe817c1a749abcd16851913080fe6ee2a92f1103496773afe342b
Core Security Technologies Advisory 2010.0517
Posted Oct 15, 2010
Authored by Core Security Technologies | Site coresecurity.com

Core Security Technologies Advisory - Microsoft Windows is prone to a memory corruption vulnerability when instantiating the 'HtmlDlgHelper Class Object' in a Microsoft Office Document (ie: .XLS, .DOC). The affected vulnerable module is part of Internet Explorer ('mshtmled.dll'). This vulnerability could be used by a remote attacker to execute arbitrary code with the privileges of the user that opened the malicious file.

tags | exploit, remote, arbitrary
systems | windows
advisories | CVE-2010-3329
SHA-256 | bb59f66cda31716061e9c2463f85b59f48bb279fd9de23460eb3a002793bbf7c
Core Security Technologies Advisory 2010.0624
Posted Oct 13, 2010
Authored by Core Security Technologies, Diego Juarez | Site coresecurity.com

Core Security Technologies Advisory - While investigating the OpenType Compact Font Format vulnerability disclosed in MS10-037, Diego Juarez discovered another kernel bug in the parsing of OTF files. Loading a malformed OpenType font can cause the entire system to crash. The vulnerability could be used locally by attackers with access to an unprivileged account to elevate privileges to those of a System Administrator.

tags | advisory, kernel
advisories | CVE-2010-2741
SHA-256 | 0e3069b48078cc6ce57a0ba9ae979121fd8801e0819abc6cd8b9765d2daa3a61
Core Security Technologies Advisory 2010.0701
Posted Oct 6, 2010
Authored by Core Security Technologies, Ricardo Narvaja | Site coresecurity.com

Core Security Technologies Advisory - Adobe Acrobat Reader is prone to a use-after-free vulnerability due to an invalid usage of a released memory chunk. This vulnerability could be used by a remote attacker to execute arbitrary code, by enticing the user of Adobe Acrobat Reader to open a specially crafted file and click on PAGES thumbnails.

tags | advisory, remote, arbitrary
advisories | CVE-2010-3627
SHA-256 | b904c5a6e5a8de97f43c56644b6a9ba52dae475e7eef0a3f2c048059d81b1e24
Core Security Technologies Advisory 2010.0407
Posted Aug 12, 2010
Authored by Core Security Technologies | Site coresecurity.com

Core Security Technologies Advisory - A stack based buffer overflow vulnerability in Microsoft Excel 2002 (Office XP) can be leveraged to execute arbitrary code on vulnerable systems by enticing users to open specially crafted spreadsheet files with the '.XLS' extension. The vulnerability results from improper parsing of a PivotTable Cache Data record. This vulnerability could be used by a remote attacker to execute arbitrary code with the privileges of the user that opened the malicious file.

tags | advisory, remote, overflow, arbitrary
advisories | CVE-2010-2562
SHA-256 | f8bad67514cb0de6d8919901fc373db0ca1c25d9dc3b5c3b98afbcfde550da3b
Core Security Technologies Advisory 2010.0623
Posted Aug 12, 2010
Authored by Core Security Technologies | Site coresecurity.com

Core Security Technologies Advisory - A crash due to an invalid read in the Windows kernel can be reliably leveraged into privileged code execution resulting in a privilege escalation local vulnerability. This happens because special values of 'hParent' where not sufficiently taken into account when patching 'xxxCreateWindowsEx' on MS010-032.

tags | exploit, kernel, local, code execution
systems | windows
advisories | CVE-2010-1897
SHA-256 | c2f855789ff44f904666245577f6f46e27ddae37467caa6a4c0b3a3878489bd5
Core Security Technologies Advisory 2010.0608
Posted Aug 5, 2010
Authored by Core Security Technologies | Site coresecurity.com

Core Security Technologies Advisory - There is a buffer overflow vulnerability in the webappmon.exe CGI application included with HP OpenView NNM. This bug can be exploited by sending a cookie header with a maliciously crafted 'OvJavaLocale' value. Code execution is likely achievable in a reliable way.

tags | exploit, overflow, cgi, code execution
advisories | CVE-2010-2709
SHA-256 | 48e7d6969af75120e25212535b0e4de84aa95958a93d04dd51c78c5ec17eb64f
Core Security Technologies Advisory 2010.0316
Posted Jun 25, 2010
Authored by Core Security Technologies | Site coresecurity.com

Core Security Technologies Advisory - Novell iManager is prone to a stack-based buffer overflow vulnerability that can be exploited by authenticated users to execute arbitrary code, and to an off-by-one error that can be abused by remote, unauthenticated attackers to cause a Denial of Service to the application.

tags | exploit, remote, denial of service, overflow, arbitrary
advisories | CVE-2010-1929, CVE-2010-1930
SHA-256 | 4431bff90a5014a67909643564ccdf6f2c96f97241cf56619c1b7f65fcef2ed2
Core Security Technologies Advisory 2010.0514
Posted Jun 16, 2010
Authored by Core Security Technologies | Site coresecurity.com

Core Security Technologies Advisory - XnView is prone to a security vulnerability when processing MBM files. This vulnerability could be exploited by a remote attacker to execute arbitrary code on the target machine, by enticing the user of XnView to open a specially crafted file.

tags | advisory, remote, arbitrary
advisories | CVE-2010-1932
SHA-256 | 1dd2d9c8da6455cc894ae24f9a350bb78d4a892c610a234754bd6d713da7fdb4
Core Security Technologies Advisory 2010.0415
Posted Jun 9, 2010
Authored by Core Security Technologies | Site coresecurity.com

Core Security Technologies Advisory - CubeCart PHP Free and Commercial Shopping Cart suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
advisories | CVE-2010-0415
SHA-256 | 94116a9626ca38c007de10d783111163c26361648b8b5ad6d2ed15e85a12245c
Core Security Technologies Advisory 2010.0405
Posted May 12, 2010
Authored by Core Security Technologies | Site coresecurity.com

Core Security Technologies Advisory - Adobe Director is prone to a vulnerability due to an invalid read in 'DIRAPI.DLL', when opening a malformed .dir file. This vulnerability could be used by a remote attacker to execute arbitrary code, by enticing the user of Adobe Director to open a specially crafted file.

tags | advisory, remote, arbitrary
advisories | CVE-2010-0128
SHA-256 | 7168bea5459b9ed347373ab8db050ec91b0f4575d1bcaa89f2013cb5eaab82f1
Core Security Technologies Advisory 2010.0427
Posted May 5, 2010
Authored by Core Security Technologies | Site coresecurity.com

Core Security Technologies Advisory - Prior to MS10-024 the Windows SMTP Service generated DNS queries with trivially guessable values in the transaction ID field. The issue was addressed in MS10-024 by adding a call to the 'CAsyncDns::GenerateRandWord' method when building the DNS query. Prior to MS10-024 the Windows SMTP Service did not check that the value of the ID field of a DNS response received from the network actually matched the value of the ID field of a corresponding DNS query packet previously sent. The issue was addressed in MS10-024 by adding validation logic to the 'CAsyncDns::ProcessReadIO' method.

tags | advisory
systems | windows
advisories | CVE-2010-1689, CVE-2010-1690
SHA-256 | f9f3d7f24dfb5f26df59a62a6054cd9aaf1939a9958a82a13d2f856165222d6a
Core Security Technologies Advisory 2010.0428
Posted May 5, 2010
Authored by Core Security Technologies | Site coresecurity.com

Core Security Technologies Advisory - Microsoft Office Visio is vulnerable to a buffer overflow in 'VISIODWG.DLL', a DLL which is loaded when inserting a DXF file into a Visio document, either using drag-and-drop or "Insert, CAD drawing" from the menu bar. This bug can be exploited to execute arbitrary code with the privileges of the user running Visio.

tags | advisory, overflow, arbitrary
advisories | CVE-2010-1681
SHA-256 | b4358c66d0edb8b6e387ca36af254ea94cf4d4de03c1e960a9dcd51f4284f961
Core Security Technologies Advisory 2010.0406
Posted Apr 22, 2010
Authored by Core Security Technologies | Site coresecurity.com

Core Security Technologies Advisory - A Cross Site Scripting (XSS) vulnerability has been discovered in CactuShop.

tags | exploit, xss
advisories | CVE-2010-1486
SHA-256 | 27b87383b836a5d421fa2c92b53e6cadc8c16ca54e451af91f467dfb9ae90f63
Core Security Technologies Advisory 2010.0323
Posted Apr 7, 2010
Authored by Core Security Technologies | Site coresecurity.com

Core Security Technologies Advisory - A cross site scripting vulnerability has been discovered in the NextGEN Gallery Wordpress plugin.

tags | exploit, xss
SHA-256 | c51f25002c6d814c1a3f04ebc9e036661057e0f14ccfd3859e18aa1db4234c3b
Core Security Technologies Advisory 2010.0311
Posted Mar 17, 2010
Authored by Core Security Technologies | Site coresecurity.com

Core Security Technologies Advisory - eFront is vulnerable to local file inclusion vulnerability, which allows an external remote attacker to upload an arbitrary file and execute code on the vulnerable website learning platform. Version 3.5.5 is vulnerable.

tags | exploit, remote, arbitrary, local, file inclusion
SHA-256 | 081afde05d12b92005d7bfde71c05dd46a4366480d51ddd27f4ef2b5ea755edf
Core Security Technologies Advisory 2009.0803
Posted Mar 16, 2010
Authored by Core Security Technologies, Diego Juarez, Nicolas A. Economou | Site coresecurity.com

Core Security Technologies Advisory - A vulnerability found in the memory management of the Virtual Machine Monitor makes memory pages mapped above the 2GB available with read or read/write access to user-space programs running in a Guest operating system.

tags | advisory
SHA-256 | 06e57ed0863415c369e25cbef95b7d726f955222074ae28cf5b2b20d11fdfe9d
Core Security Technologies Advisory 2009.1103
Posted Mar 9, 2010
Authored by Core Security Technologies, Damian Frizza | Site coresecurity.com

Core Security Technologies Advisory - A memory corruption occurs on Microsoft Office Excel 2002 when parsing a .XLS file with a malformed DbOrParamQry record. This vulnerability could be used by a remote attacker to execute arbitrary code in the context of the currently logged on user, by enticing the user to open a specially crafted file.

tags | advisory, remote, arbitrary
advisories | CVE-2010-0264
SHA-256 | 7467a687c181b918d29055d813fdff2b35ff940ae1ff53bb67f0cc1fd65c64a0
Core Security Technologies Advisory 2009.0813
Posted Mar 9, 2010
Authored by Core Security Technologies, Damian Frizza | Site coresecurity.com

Core Security Technologies Advisory - A vulnerability was found in Windows Movie Maker and Microsoft Producer, which can be triggered by a remote attacker by sending a specially crafted file and enticing the user to open it. This vulnerability results in a write access violation and can lead to remote code execution.

tags | advisory, remote, code execution
systems | windows
advisories | CVE-2010-0265
SHA-256 | 3ec9f74a6f8a7195243bbca53f5c261bb5ca7143376fade47aec9053e7b0c338
Core Security Technologies Advisory 2009.0913
Posted Mar 3, 2010
Authored by Core Security Technologies, Diego Juarez, Nadia Rodriguez

Core Security Technologies Advisory - Luxology Modo 401 suffers from an integer overflow vulnerability when parsing .LXO files.

tags | exploit, overflow
advisories | CVE-2010-0766
SHA-256 | 51b9cf82b285e0e429b33854d143984df2fb806fbb892adaa88ca3f6cc587050
Core Security Technologies Advisory 2009.0827
Posted Feb 9, 2010
Authored by Core Security Technologies, Damian Frizza | Site coresecurity.com

Core Security Technologies Advisory - A vulnerability exists in MSO.DLL affecting Excel 9 (Office 2000) and Excel 10 (Office XP) in the code responsible for parsing OfficeArtSpgr (recType 0xF003) containers that allows an attacker to cause a class pointer to be interpreted incorrectly, leading to code execution in the context of the currently logged on user.

tags | advisory, code execution
advisories | CVE-2010-0243
SHA-256 | d40c00bfca38691caa302cc240a65cfb4055b89ee51b20a1b18ce6051b11c60e
Page 5 of 9
Back34567Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close