[CORE-2016-0007] - TP-LINK TDDP Multiple Vulnerabilities

2016-11-22 Thread CORE Advisories Team
are available for this device. 6. Credits This vulnerability was discovered and researched by Andres Lopez Luksenberg from Core Security Exploit Team. The publication of this advisory was coordinated by Joaquin Rodriguez Varela from Core Advisories Team. 7. Technical Description / Proof of Concept

[CORE-2016-0006] - SAP CAR Multiple Vulnerabilities

2016-08-10 Thread CORE Advisories Team
Services. The publication of this advisory was coordinated by Joaquin Rodriguez Varela from Core Advisories Team. 7. Technical Description / Proof of Concept Code SAP distributes software and packages using an archive program called SAPCAR. This program uses a custom archive file format

[CORE-2016-0003] - Samsung SW Update Tool MiTM

2016-03-09 Thread CORE Advisories Team
1. Advisory Information Title: Samsung SW Update Tool MiTM Advisory ID: CORE-2016-0003 Advisory URL: http://www.coresecurity.com/advisories/samsung-sw-update-tool-mitm Date published: 2016-03-07 Date of last update: 2016-03-04 Vendors contacted: Samsung Release mode: Coordinated release 2.

[CORE-2016-0004] - SAP Download Manager Password Weak Encryption

2016-03-09 Thread CORE Advisories Team
]. An updated version of SAP Download Manager can be found in their website [1]. 6. Credits This vulnerability was discovered and researched by Martin Gallo from Core Security Consulting Services. The publication of this advisory was coordinated by Joaquín Rodríguez Varela from Core Advisories Team

[CORE-2016-0002] - Lenovo ShareIT Multiple Vulnerabilities

2016-01-26 Thread CORE Advisories Team
1. Advisory Information Title: Lenovo ShareIT Multiple Vulnerabilities Advisory ID: CORE-2016-0002 Advisory URL: http://www.coresecurity.com/advisories/lenovo-shareit-multiple-vulnerabilities Date published: 2016-01-25 Date of last update: 2016-01-22 Vendors contacted: Lenovo Release mode:

[CORE-2016-0001] - Intel Driver Update Utility MiTM

2016-01-19 Thread CORE Advisories Team
1. Advisory Information Title: Intel Driver Update Utility MiTM Advisory ID: CORE-2016-0001 Advisory URL: http://www.coresecurity.com/advisories/intel-driver-update-utility-mitm Date published: 2016-01-19 Date of last update: 2016-01-14 Vendors contacted: Intel Release mode: Coordinated release

[CORE-2015-0014] - Microsoft Windows Media Center link file incorrectly resolved reference

2015-12-10 Thread CORE Advisories Team
and researched by Francisco Falcon from Core Exploits Team. The publication of this advisory was coordinated by Joaquín Rodríguez Varela from the Core Advisories Team. 7. Technical Description / Proof of Concept Code The ehexthost.exe binary, part of Windows Media Center, loads the given URL

[CORE-2015-0013] - FortiClient Antivirus Multiple Vulnerabilities

2015-09-01 Thread CORE Advisories Team
1. Advisory Information Title: FortiClient Antivirus Multiple Vulnerabilities Advisory ID: CORE-2015-0013 Advisory URL: http://www.coresecurity.com/advisories/forticlient-antivirus-multiple-vulnerabilities Date published: 2015-09-01 Date of last update: 2015-09-01 Vendors contacted: Fortinet

[CORE-2015-0011] - AirLink101 SkyIPCam1620W OS Command Injection

2015-07-08 Thread CORE Advisories Team
1. Advisory Information Title: AirLink101 SkyIPCam1620W OS Command Injection Advisory ID: CORE-2015-0011 Advisory URL: http://www.coresecurity.com/advisories/airlink101-skyipcam1620w-os-command-injection Date published: 2015-07-08 Date of last update: 2015-07-08 Vendors contacted: AirLink101

[CORE-2015-0012] - AirLive Multiple Products OS Command Injection

2015-07-06 Thread CORE Advisories Team
1. Advisory Information Title: AirLive Multiple Products OS Command Injection Advisory ID: CORE-2015-0012 Advisory URL: http://www.coresecurity.com/advisories/airlive-multiple-products-os-command-injection Date published: 2015-07-06 Date of last update: 2015-07-06 Vendors contacted: AirLive

[CORE-2015-0010] - Sendio ESP Information Disclosure Vulnerability

2015-05-22 Thread CORE Advisories Team
1. Advisory Information Title: Sendio ESP Information Disclosure Vulnerability Advisory ID: CORE-2015-0010 Advisory URL: http://www.coresecurity.com/advisories/sendio-esp-information-disclosure-vulnerability Date published: 2015-05-22 Date of last update: 2015-05-22 Vendors contacted: Sendio

[CORE-2015-0009] - SAP LZC/LZH Compression Multiple Vulnerabilities

2015-05-13 Thread CORE Advisories Team
Advisories Team. 7. Technical Description / Proof of Concept Code SAP products make use of LZC and LZH algorithms for compressing in-transit data for different services (Diag protocol, RFC protocol, MaxDB protocol) and for distributing files (SAPCAR program). The implementation

[CORE-2015-0008] - InFocus IN3128HD Projector Multiple Vulnerabilities

2015-04-27 Thread CORE Advisories Team
1. Advisory Information Title: InFocus IN3128HD Projector Multiple Vulnerabilities Advisory ID: CORE-2015-0008 Advisory URL: http://www.coresecurity.com/advisories/infocus-in3128hd-projector-multiple-vulnerabilities Date published: 2015-04-27 Date of last update: 2015-04-22 Vendors contacted:

[CORE-2015-0006] - Fortinet Single Sign On Stack Overflow

2015-03-18 Thread CORE Advisories Team
1. Advisory Information Title: Fortinet Single Sign On Stack Overflow Advisory ID: CORE-2015-0006 Advisory URL: http://www.coresecurity.com/advisories/fortinet-single-sign-on-stack-overflow Date published: 2015-03-18 Date of last update: 2015-03-18 Vendors contacted: Fortinet Release mode:

[CORE-2015-0003] - FreeBSD Kernel Multiple Vulnerabilities

2015-01-28 Thread CORE Advisories Team
. The publication of this advisory was coordinated by Joaquin Rodriguez Varela from Core Advisories Team. 8. *Technical Description / Proof of Concept Code* 8.1. *FreeBSD vt Driver VT_WAITACTIVE Sign Conversion Vulnerability* [CVE-2014-0998] FreeBSD 10.1-RELEASE added[1] the 'vt(4)'[2

[CORE-2015-0002] - Android WiFi-Direct Denial of Service

2015-01-27 Thread CORE Advisories Team
Blanco from the CoreLabs Team. The publication of this advisory was coordinated by the Core Advisories Team. 8. *Technical Description / Proof of Concept Code* Android makes use of a modified *wpa_supplicant*[1] in order to provide an interface between the wireless driver

Corel Software DLL Hijacking

2015-01-12 Thread CORE Advisories Team
. *Credits* This vulnerability was discovered and researched by Marcos Accossatto from Core Security Exploit Writers Team. The publication of this advisory was coordinated by Joaquin Rodriguez Varela from Core Advisories Team. 7. *Technical Description / Proof of Concept Code* [CVE-2014-8393

[CORE-2014-0009] - Advantech EKI-6340 Command Injection

2014-11-19 Thread CORE Advisories Team
that the 'admin' user doesn't has the default password as well. 6. *Credits* This vulnerability was discovered and researched by Facundo Pantaleo and Flavio Cangini from Core Security Engineering Team. The publication of this advisory was coordinated by Joaquín Rodríguez Varela from Core Advisories

[CORE-2014-0008] - Advantech AdamView Buffer Overflow

2014-11-19 Thread CORE Advisories Team
. The publication of this advisory was coordinated by Joaquín Rodríguez Varela from Core Advisories Team. 7. *Technical Description / Proof of Concept Code* This vulnerability is caused by a stack buffer overflow when parsing the display properties parameter. A malicious third party could trigger

[CORE-2014-0010] - Advantech WebAccess Stack-based Buffer Overflow

2014-11-19 Thread CORE Advisories Team
. *Credits* This vulnerability was discovered and researched by Ricardo Narvaja from Core Security Consulting Services. The publication of this advisory was coordinated by Joaquín Rodríguez Varela from Core Advisories Team. 7. *Technical Description / Proof of Concept Code* This vulnerability

[CORE-2014-0007] -SAP Netweaver Enqueue Server Trace Pattern Denial of Service Vulnerability

2014-10-17 Thread CORE Advisories Team
. 6. **Credits** This vulnerability was discovered and researched by Martin Gallo from Core Security Consulting Services. The publication of this advisory was coordinated by Joaquín Rodríguez Varela from Core Advisories Team. 7. **Technical Description / Proof of Concept Code

[CORE-2014-0006] - Delphi and C++ Builder VCL library Heap Buffer Overflow

2014-09-17 Thread CORE Advisories Team
of affected systems to some extent. Contact Embarcadero for further information. 6. *Credits* This vulnerability was discovered and researched by Marcos Accossatto from the Core Exploits Writers Team. The publication of this advisory was coordinated by Joaquín Rodríguez Varela from the Core Advisories

[CORE-2014-0005] - Advantech WebAccess Vulnerabilities

2014-09-03 Thread CORE Advisories Team
Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Advantech WebAccess Vulnerabilities 1. *Advisory Information* Title: Advantech WebAccess Vulnerabilities Advisory ID: CORE-2014-0005 Advisory URL:

[CORE-2014-0003] - SAP Router Password Timing Attack

2014-04-16 Thread CORE Advisories Team
Gallo from Core Security Consulting Services. The publication of this advisory was coordinated by Fernando Miranda from Core Advisories Team. 7. *Technical Description / Proof of Concept Code* SAP Router permits and/or forbids networks connections based on a Route

CORE-2014-0002 - Oracle VirtualBox 3D Acceleration Multiple Memory Corruption Vulnerabilities

2014-03-12 Thread CORE Advisories Team
* This vulnerability was discovered and researched by Francisco Falcon from Core Exploit Writers Team. The publication of this advisory was coordinated by Andres Blanco from Core Advisories Team. 7. *Technical Description / Proof of Concept Code* VirtualBox makes use of the *Chromium*[1] open-source

CORE-2014-0001 - Publish-It Buffer Overflow Vulnerability

2014-02-06 Thread CORE Advisories Team
Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Publish-It Buffer Overflow Vulnerability 1. *Advisory Information* Title: Publish-It Buffer Overflow Vulnerability Advisory ID: CORE-2014-0001 Advisory URL:

CORE-2013-0903 - RealPlayer Heap-based Buffer Overflow Vulnerability

2013-12-18 Thread CORE Advisories Team
. *Credits* This vulnerability was discovered and researched by Ricardo Narvaja from Core Exploit Writers Team. This report was coordinated by Fernando Miranda from Core Advisories Team. 7. *Technical Description / Proof of Concept Code* /- !-- # # Description

CORE-2013-0807 - Divide Error in Windows Kernel

2013-12-11 Thread CORE Advisories Team
and researched by Nicolas Economou from Core Exploit Writers Team. The publication of this advisory was coordinated by Fernando Miranda from Core Advisories Team. 6. *Technical Description / Proof of Concept Code* The vulnerable function is 'RFONTOBJ::bTextExtent', located in the Windows kernel

Re: CORE-2013-0807 - Divide Error in Windows Kernel

2013-12-11 Thread CORE Advisories Team
Advisory URL: http://www.coresecurity.com/advisories/divide-error-windows-kernel On 11/12/2013 06:38 p.m., CORE Advisories Team wrote: Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Divide Error in Windows Kernel 1. *Advisory Information* Title: Divide Error

CORE-2013-1107 - IcoFX Buffer Overflow Vulnerability

2013-12-10 Thread CORE Advisories Team
by Fernando Miranda from Core Advisories Team. 7. *Technical Description / Proof of Concept Code* Below is shown the result of opening the maliciously crafted file 'CORE-2013-1107-icofx-poc.ico'[2] on Windows XP SP3 (EN). The vulnerable function is located in 0x80D9F8. By loading the PoC, the loop

CORE-2013-0704 - Vivotek IP Cameras RTSP Authentication Bypass

2013-11-06 Thread CORE Advisories Team
) if possible. 6. *Credits* This vulnerability was discovered and researched by Martin Di Paola from Core Security QA Team. The PoC of was made by Martin Di Paola with help of Martin Rocha from Core Development Team. The publication of this advisory was coordinated by Fernando Miranda from Core Advisories

CORE-2013-0904 - PinApp Mail-SeCure Access Control Failure

2013-10-01 Thread CORE Advisories Team
by John Petrusa from Core Security. This report was coordinated by Fernando Miranda from Core Advisories Team. 7. *Technical Description / Proof of Concept Code* Open a Mail-SeCure console as 'pinapp' user and execute the following command: /- pa_cli system ping `/bin/sh/dev/tty

CORE-2013-0828 - PDFCool Studio Buffer Overflow Vulnerability

2013-10-01 Thread CORE Advisories Team
Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ PDFCool Studio Buffer Overflow Vulnerability 1. *Advisory Information* Title: PDFCool Studio Buffer Overflow Vulnerability Advisory ID: CORE-2013-0828 Advisory URL:

[CORE-2013-0809] Sophos Web Protection Appliance Multiple Vulnerabilities

2013-09-08 Thread CORE Advisories Team
by Core Security in tracking it down [2][3]. 7. *Credits* This vulnerability was discovered and researched by Francisco Falcon from Core Exploit Writers Team. The publication of this advisory was coordinated by Fernando Miranda from Core Advisories Team. 8. *Technical Description / Proof of Concept

[CORE-2013-0805] Aloaha PDF Suite Buffer Overflow Vulnerability

2013-08-28 Thread CORE Advisories Team
Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Aloaha PDF Suite Buffer Overflow Vulnerability 1. *Advisory Information* Title: Aloaha PDF Suite Buffer Overflow Vulnerability Advisory ID: CORE-2013-0805 Advisory URL:

CORE-2013-0808 - EPS Viewer Buffer Overflow Vulnerability

2013-08-28 Thread CORE Advisories Team
was coordinated by Fernando Miranda from Core Advisories Team. 7. *Technical Description / Proof of Concept Code* Below is shown the result of opening the maliciously crafted EPS file [3], which means the normal execution flow can be altered in order to execute arbitrary code. /- 10089B0E

CORE-2013-0708 - Hikvision IP Cameras Multiple Vulnerabilities

2013-08-07 Thread CORE Advisories Team
Miranda from Core Advisories Team. 7. *Technical Description / Proof of Concept Code* 7.1. *Privilege Escalation through ConfigurationData Request* [CVE-2013-4975] The following script allows obtaining the administrator password by requesting the camera's configuration data and breaking its

CORE-2013-0618 - Multiple Vulnerabilities in TP-Link TL-SC3171 IP Cameras

2013-08-01 Thread CORE Advisories Team
with the help of Andres Blanco from Core Security Technologies. The publication of this advisory was coordinated by Fernando Miranda from Core Advisories Team. 7. *Technical Description / Proof of Concept Code* 7.1. *OS Command Injection in servetest* [CVE-2013-2578] The file '/cgi-bin/admin/servetest' has

CORE-2013-0705 - XnView Buffer Overflow Vulnerability

2013-07-23 Thread CORE Advisories Team
of this advisory was coordinated by Fernando Miranda from Core Advisories Team. 7. *Technical Description / Proof of Concept Code* Below is shown the result of opening the maliciously crafted file 'CORE-2013-0705-xnview-poc-4895a357a242d3c78.PCT'[3]: /- 7C9108F38902MOV DWORD PTR DS:[EDX

CORE-2013-0701 - Artweaver Buffer Overflow Vulnerability

2013-07-23 Thread CORE Advisories Team
was discovered and researched by Daniel Kazimirow from Core Exploit Writers Team. The publication of this advisory was coordinated by Fernando Miranda from Core Advisories Team. 8. *Technical Description / Proof of Concept Code* Below is shown the result of opening the maliciously crafted file 'CORE

CORE-2013-0613 - FOSCAM IP-Cameras Improper Access Restrictions

2013-07-23 Thread CORE Advisories Team
* This vulnerability was discovered by Flavio de Cristofaro and researched with the help of Andres Blanco from Core Security Technologies. The publication of this advisory was coordinated by Fernando Miranda from Core Advisories Team. 8. *Technical Description / Proof of Concept Code* 8.1. *Accessing