are available for this device.
6. Credits
This vulnerability was discovered and researched by Andres Lopez Luksenberg
from Core Security Exploit Team. The publication of this advisory was
coordinated by Joaquin Rodriguez Varela from Core Advisories Team.
7. Technical Description / Proof of Concept
Services. The publication of this advisory was coordinated
by Joaquin Rodriguez Varela from Core Advisories Team.
7. Technical Description / Proof of Concept Code
SAP distributes software and packages using an archive program called SAPCAR.
This program uses a custom archive file format
1. Advisory Information
Title: Samsung SW Update Tool MiTM
Advisory ID: CORE-2016-0003
Advisory URL: http://www.coresecurity.com/advisories/samsung-sw-update-tool-mitm
Date published: 2016-03-07
Date of last update: 2016-03-04
Vendors contacted: Samsung
Release mode: Coordinated release
2.
].
An updated version of SAP Download Manager can be found in their website [1].
6. Credits
This vulnerability was discovered and researched by Martin Gallo from Core
Security Consulting Services. The publication of this advisory was coordinated
by Joaquín Rodríguez Varela from Core Advisories Team
1. Advisory Information
Title: Lenovo ShareIT Multiple Vulnerabilities
Advisory ID: CORE-2016-0002
Advisory URL:
http://www.coresecurity.com/advisories/lenovo-shareit-multiple-vulnerabilities
Date published: 2016-01-25
Date of last update: 2016-01-22
Vendors contacted: Lenovo
Release mode:
1. Advisory Information
Title: Intel Driver Update Utility MiTM
Advisory ID: CORE-2016-0001
Advisory URL:
http://www.coresecurity.com/advisories/intel-driver-update-utility-mitm
Date published: 2016-01-19
Date of last update: 2016-01-14
Vendors contacted: Intel
Release mode: Coordinated release
and researched by Francisco Falcon from Core
Exploits Team. The publication of this advisory was coordinated by Joaquín
Rodríguez Varela from the Core Advisories Team.
7. Technical Description / Proof of Concept Code
The ehexthost.exe binary, part of Windows Media Center, loads the given URL
1. Advisory Information
Title: FortiClient Antivirus Multiple Vulnerabilities
Advisory ID: CORE-2015-0013
Advisory URL:
http://www.coresecurity.com/advisories/forticlient-antivirus-multiple-vulnerabilities
Date published: 2015-09-01
Date of last update: 2015-09-01
Vendors contacted: Fortinet
1. Advisory Information
Title: AirLink101 SkyIPCam1620W OS Command Injection
Advisory ID: CORE-2015-0011
Advisory URL:
http://www.coresecurity.com/advisories/airlink101-skyipcam1620w-os-command-injection
Date published: 2015-07-08
Date of last update: 2015-07-08
Vendors contacted: AirLink101
1. Advisory Information
Title: AirLive Multiple Products OS Command Injection
Advisory ID: CORE-2015-0012
Advisory URL:
http://www.coresecurity.com/advisories/airlive-multiple-products-os-command-injection
Date published: 2015-07-06
Date of last update: 2015-07-06
Vendors contacted: AirLive
1. Advisory Information
Title: Sendio ESP Information Disclosure Vulnerability
Advisory ID: CORE-2015-0010
Advisory URL:
http://www.coresecurity.com/advisories/sendio-esp-information-disclosure-vulnerability
Date published: 2015-05-22
Date of last update: 2015-05-22
Vendors contacted: Sendio
Advisories Team.
7. Technical Description / Proof of Concept Code
SAP products make use of LZC and LZH algorithms for compressing in-transit data
for different services (Diag protocol, RFC protocol, MaxDB protocol) and for
distributing files (SAPCAR program). The implementation
1. Advisory Information
Title: InFocus IN3128HD Projector Multiple Vulnerabilities
Advisory ID: CORE-2015-0008
Advisory URL:
http://www.coresecurity.com/advisories/infocus-in3128hd-projector-multiple-vulnerabilities
Date published: 2015-04-27
Date of last update: 2015-04-22
Vendors contacted:
1. Advisory Information
Title: Fortinet Single Sign On Stack Overflow
Advisory ID: CORE-2015-0006
Advisory URL:
http://www.coresecurity.com/advisories/fortinet-single-sign-on-stack-overflow
Date published: 2015-03-18
Date of last update: 2015-03-18
Vendors contacted: Fortinet
Release mode:
. The publication of this advisory was coordinated by
Joaquin Rodriguez Varela from Core Advisories Team.
8. *Technical Description / Proof of Concept Code*
8.1. *FreeBSD vt Driver VT_WAITACTIVE Sign Conversion Vulnerability*
[CVE-2014-0998]
FreeBSD 10.1-RELEASE added[1] the 'vt(4)'[2
Blanco
from the CoreLabs
Team. The publication of this advisory was coordinated by the Core
Advisories
Team.
8. *Technical Description / Proof of Concept Code*
Android makes use of a modified *wpa_supplicant*[1]
in order to provide an interface between the wireless driver
. *Credits*
This vulnerability was discovered and researched by Marcos Accossatto from Core
Security
Exploit Writers Team. The publication of this advisory was coordinated by
Joaquin Rodriguez
Varela from Core Advisories Team.
7. *Technical Description / Proof of Concept Code*
[CVE-2014-8393
that the 'admin' user doesn't has the default password
as well.
6. *Credits*
This vulnerability was discovered and researched by Facundo Pantaleo
and Flavio Cangini from Core Security Engineering Team. The publication
of this advisory was coordinated by Joaquín Rodríguez Varela from Core
Advisories
. The
publication of this advisory was coordinated by Joaquín Rodríguez Varela
from Core Advisories Team.
7. *Technical Description / Proof of Concept Code*
This vulnerability is caused by a stack buffer overflow when parsing
the display properties parameter. A malicious third party could trigger
. *Credits*
This vulnerability was discovered and researched by Ricardo Narvaja
from Core Security Consulting Services. The publication of this advisory
was coordinated by Joaquín Rodríguez Varela from Core Advisories Team.
7. *Technical Description / Proof of Concept Code*
This vulnerability
.
6. **Credits**
This vulnerability was discovered and researched by Martin Gallo from
Core Security Consulting
Services. The publication of this advisory was coordinated by Joaquín
Rodríguez Varela from Core
Advisories Team.
7. **Technical Description / Proof of Concept Code
of affected systems to some
extent.
Contact Embarcadero for further information.
6. *Credits*
This vulnerability was discovered and researched by Marcos Accossatto
from the Core
Exploits Writers Team. The publication of this advisory was coordinated by
Joaquín Rodríguez Varela from the Core Advisories
Core Security - Corelabs Advisory
http://corelabs.coresecurity.com/
Advantech WebAccess Vulnerabilities
1. *Advisory Information*
Title: Advantech WebAccess Vulnerabilities
Advisory ID: CORE-2014-0005
Advisory URL:
Gallo
from Core
Security Consulting Services. The publication of this advisory was
coordinated by Fernando Miranda from Core Advisories Team.
7. *Technical Description / Proof of Concept Code*
SAP Router permits and/or forbids networks connections based on a
Route
*
This vulnerability was discovered and researched by Francisco Falcon from
Core Exploit Writers Team. The publication of this advisory was coordinated
by Andres Blanco from Core Advisories Team.
7. *Technical Description / Proof of Concept Code*
VirtualBox makes use of the *Chromium*[1] open-source
Core Security - Corelabs Advisory
http://corelabs.coresecurity.com/
Publish-It Buffer Overflow Vulnerability
1. *Advisory Information*
Title: Publish-It Buffer Overflow Vulnerability
Advisory ID: CORE-2014-0001
Advisory URL:
. *Credits*
This vulnerability was discovered and researched by Ricardo Narvaja from
Core Exploit Writers Team. This report was coordinated by Fernando
Miranda from Core Advisories Team.
7. *Technical Description / Proof of Concept Code*
/-
!--
#
# Description
and researched by Nicolas Economou
from Core Exploit Writers Team. The publication of this advisory was
coordinated by Fernando Miranda from Core Advisories Team.
6. *Technical Description / Proof of Concept Code*
The vulnerable function is 'RFONTOBJ::bTextExtent', located in the
Windows kernel
Advisory URL:
http://www.coresecurity.com/advisories/divide-error-windows-kernel
On 11/12/2013 06:38 p.m., CORE Advisories Team wrote:
Core Security - Corelabs Advisory
http://corelabs.coresecurity.com/
Divide Error in Windows Kernel
1. *Advisory Information*
Title: Divide Error
by Fernando Miranda from Core Advisories Team.
7. *Technical Description / Proof of Concept Code*
Below is shown the result of opening the maliciously crafted file
'CORE-2013-1107-icofx-poc.ico'[2] on Windows XP SP3 (EN).
The vulnerable function is located in 0x80D9F8. By loading the PoC, the
loop
) if possible.
6. *Credits*
This vulnerability was discovered and researched by Martin Di Paola from
Core Security QA Team. The PoC of was made by Martin Di Paola with help
of Martin Rocha from Core Development Team. The publication of this
advisory was coordinated by Fernando Miranda from Core Advisories
by John Petrusa from
Core Security.
This report was coordinated by Fernando Miranda from Core Advisories Team.
7. *Technical Description / Proof of Concept Code*
Open a Mail-SeCure console as 'pinapp' user and execute the following
command:
/-
pa_cli system ping `/bin/sh/dev/tty
Core Security - Corelabs Advisory
http://corelabs.coresecurity.com/
PDFCool Studio Buffer Overflow Vulnerability
1. *Advisory Information*
Title: PDFCool Studio Buffer Overflow Vulnerability
Advisory ID: CORE-2013-0828
Advisory URL:
by Core Security in tracking it down
[2][3].
7. *Credits*
This vulnerability was discovered and researched by Francisco Falcon
from Core Exploit Writers Team. The publication of this advisory was
coordinated by Fernando Miranda from Core Advisories Team.
8. *Technical Description / Proof of Concept
Core Security - Corelabs Advisory
http://corelabs.coresecurity.com/
Aloaha PDF Suite Buffer Overflow Vulnerability
1. *Advisory Information*
Title: Aloaha PDF Suite Buffer Overflow Vulnerability
Advisory ID: CORE-2013-0805
Advisory URL:
was
coordinated by Fernando Miranda from Core Advisories Team.
7. *Technical Description / Proof of Concept Code*
Below is shown the result of opening the maliciously crafted EPS file
[3], which means the normal execution flow can be altered in order to
execute arbitrary code.
/-
10089B0E
Miranda from Core Advisories Team.
7. *Technical Description / Proof of Concept Code*
7.1. *Privilege Escalation through ConfigurationData Request*
[CVE-2013-4975] The following script allows obtaining the administrator
password by requesting the camera's configuration data and breaking its
with the help of Andres Blanco from Core Security
Technologies. The publication of this advisory was coordinated by
Fernando Miranda from Core Advisories Team.
7. *Technical Description / Proof of Concept Code*
7.1. *OS Command Injection in servetest*
[CVE-2013-2578] The file '/cgi-bin/admin/servetest' has
of this advisory was
coordinated by Fernando Miranda from Core Advisories Team.
7. *Technical Description / Proof of Concept Code*
Below is shown the result of opening the maliciously crafted file
'CORE-2013-0705-xnview-poc-4895a357a242d3c78.PCT'[3]:
/-
7C9108F38902MOV DWORD PTR DS:[EDX
was discovered and researched by Daniel Kazimirow
from Core Exploit Writers Team. The publication of this advisory was
coordinated by Fernando Miranda from Core Advisories Team.
8. *Technical Description / Proof of Concept Code*
Below is shown the result of opening the maliciously crafted file
'CORE
*
This vulnerability was discovered by Flavio de Cristofaro and researched
with the help of Andres Blanco from Core Security Technologies. The
publication of this advisory was coordinated by Fernando Miranda from
Core Advisories Team.
8. *Technical Description / Proof of Concept Code*
8.1. *Accessing
41 matches
Mail list logo