[FD] [CORE-2015-0013] - FortiClient Antivirus Multiple Vulnerabilities

1. Advisory Information Title: FortiClient Antivirus Multiple Vulnerabilities Advisory ID: CORE-2015-0013 Advisory URL: http://www.coresecurity.com/advisories/forticlient-antivirus-multiple-vulnerabilities Date published: 2015-09-01 Date of last update: 2015-09-01 Vendors contacted: Fortinet Rele

[FD] [CORE-2015-0014] - Microsoft Windows Media Center link file incorrectly resolved reference

[2] 6. Credits This vulnerability was discovered and researched by Francisco Falcon from Core Exploits Team. The publication of this advisory was coordinated by Joaquín Rodríguez Varela from the Core Advisories Team. 7. Technical Description / Proof of Concept Code The ehexthost.exe binary,

[FD] [CORE-2016-0001] - Intel Driver Update Utility MiTM

1. Advisory Information Title: Intel Driver Update Utility MiTM Advisory ID: CORE-2016-0001 Advisory URL: http://www.coresecurity.com/advisories/intel-driver-update-utility-mitm Date published: 2016-01-19 Date of last update: 2016-01-14 Vendors contacted: Intel Release mode: Coordinated release

[FD] [CORE-2016-0002] - Lenovo ShareIT Multiple Vulnerabilities

1. Advisory Information Title: Lenovo ShareIT Multiple Vulnerabilities Advisory ID: CORE-2016-0002 Advisory URL: http://www.coresecurity.com/advisories/lenovo-shareit-multiple-vulnerabilities Date published: 2016-01-25 Date of last update: 2016-01-22 Vendors contacted: Lenovo Release mode: Coordi

[FD] [CORE-2016-0003] - Samsung SW Update Tool MiTM

1. Advisory Information Title: Samsung SW Update Tool MiTM Advisory ID: CORE-2016-0003 Advisory URL: http://www.coresecurity.com/advisories/samsung-sw-update-tool-mitm Date published: 2016-03-07 Date of last update: 2016-03-04 Vendors contacted: Samsung Release mode: Coordinated release 2. Vulner

[FD] [CORE-2016-0004] - SAP Download Manager Password Weak Encryption

. An updated version of SAP Download Manager can be found in their website [1]. 6. Credits This vulnerability was discovered and researched by Martin Gallo from Core Security Consulting Services. The publication of this advisory was coordinated by Joaquín Rodríguez Varela from Core Advisories

[FD] [CORE-2016-0005] - FreeBSD Kernel amd64_set_ldt Heap Overflow

Rodriguez Varela from Core Advisories Team. 8. Technical Description / Proof of Concept Code 8.1. FreeBSD amd64_set_ldt Integer Signedness Vulnerability [CVE-2016-1885] FreeBSD exposes the i386_set_ldt[1] architecture-dependent system call for its Intel i386 version. This system call can be

[FD] [CORE-2016-0006] - SAP CAR Multiple Vulnerabilities

Services. The publication of this advisory was coordinated by Joaquin Rodriguez Varela from Core Advisories Team. 7. Technical Description / Proof of Concept Code SAP distributes software and packages using an archive program called SAPCAR. This program uses a custom archive file format

[FD] [CORE-2016-0007] - TP-LINK TDDP Multiple Vulnerabilities

rounds are available for this device. 6. Credits This vulnerability was discovered and researched by Andres Lopez Luksenberg from Core Security Exploit Team. The publication of this advisory was coordinated by Joaquin Rodriguez Varela from Core Advisories Team. 7. Technical Description / Proof

[FD] [CORE-2014-0003] - SAP Router Password Timing Attack

Gallo from Core Security Consulting Services. The publication of this advisory was coordinated by Fernando Miranda from Core Advisories Team. 7. *Technical Description / Proof of Concept Code* SAP Router permits and/or forbids networks connections based on a Route

[FD] [CORE-2014-0004] - Delphi and C++ Builder VCL library Buffer Overflow

arela from the Core Advisories Team in close coordination with the US-CERT. 7. *Technical Description / Proof of Concept Code* The library 'VCL.Graphics', may be used by applications developed using Embarcadero's Delphi and C++ Builder to process BMP files [4]. This

[FD] [CORE-2014-0005] - Advantech WebAccess Vulnerabilities

Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Advantech WebAccess Vulnerabilities 1. *Advisory Information* Title: Advantech WebAccess Vulnerabilities Advisory ID: CORE-2014-0005 Advisory URL: http://www.coresecurity.com/advisories/advantech-webaccess-vulnerabi

[FD] [CORE-2014-0006] - Delphi and C++ Builder VCL library Heap Buffer Overflow

m the Core Advisories Team in close coordination with the US-CERT. 7. *Technical Description / Proof of Concept Code* The library 'VCL.Graphics', may be used by applications developed using Embarcadero's Delphi and C++ Builder to process BMP files [4]. This library is vulnerable to a heap bu

[FD] [CORE-2014-0007] -SAP Netweaver Enqueue Server Trace Pattern Denial of Service Vulnerability

ote [3] with the fix. 6. **Credits** This vulnerability was discovered and researched by Martin Gallo from Core Security Consulting Services. The publication of this advisory was coordinated by Joaquín Rodríguez Varela from Core Advisories Team. 7. **Technical Descriptio

[FD] [CORE-2014-0008] - Advantech AdamView Buffer Overflow

d Fernando Paez from Core Security Exploit Writers Team. The publication of this advisory was coordinated by Joaquín Rodríguez Varela from Core Advisories Team. 7. *Technical Description / Proof of Concept Code* This vulnerability is caused by a stack buffer overflow when par

[FD] [CORE-2014-0009] - Advantech EKI-6340 Command Injection

- Check that the 'admin' user doesn't has the default password as well. 6. *Credits* This vulnerability was discovered and researched by Facundo Pantaleo and Flavio Cangini from Core Security Engineering Team. The publication of this advisory was coordinated by Joaqu

[FD] [CORE-2014-0010] - Advantech WebAccess Stack-based Buffer Overflow

rrect fix. 6. *Credits* This vulnerability was discovered and researched by Ricardo Narvaja from Core Security Consulting Services. The publication of this advisory was coordinated by Joaquín Rodríguez Varela from Core Advisories Team. 7. *Technical Description / Proof of Concept Code*

[FD] Corel Software DLL Hijacking

. *Credits* This vulnerability was discovered and researched by Marcos Accossatto from Core Security Exploit Writers Team. The publication of this advisory was coordinated by Joaquin Rodriguez Varela from Core Advisories Team. 7. *Technical Description / Proof of Concept Code* [CVE-2014-8393

[FD] Corel Software DLL Hijacking

vulnerability was discovered and researched by Marcos Accossatto from Core Security Exploit Writers Team. The publication of this advisory was coordinated by Joaquin Rodriguez Varela from Core Advisories Team. 7. *Technical Description / Proof of Concept Code* [CVE-2014-8393] This

[FD] [CORE-2015-0002] - Android WiFi-Direct Denial of Service

Blanco from the CoreLabs Team. The publication of this advisory was coordinated by the Core Advisories Team. 8. *Technical Description / Proof of Concept Code* Android makes use of a modified *wpa_supplicant*[1] in order to provide an interface between the wireless driver and the

[FD] [CORE-2015-0003] - FreeBSD Kernel Multiple Vulnerabilities

. The publication of this advisory was coordinated by Joaquin Rodriguez Varela from Core Advisories Team. 8. *Technical Description / Proof of Concept Code* 8.1. *FreeBSD vt Driver VT_WAITACTIVE Sign Conversion Vulnerability* [CVE-2014-0998] FreeBSD 10.1-RELEASE added[1] the 'vt(

[FD] [CORE-2015-0005] - Windows Pass-Through Authentication Methods Improper Validation

odríguez Varela from the Core Advisories Team. 7. *Technical Description / Proof of Concept Code* Pass-Through Authentication allows a domain-joined server machine to authenticate a domain user by forwarding the authentication material to the domain controller aiming

[FD] [CORE-2015-0006] - Fortinet Single Sign On Stack Overflow

1. Advisory Information Title: Fortinet Single Sign On Stack Overflow Advisory ID: CORE-2015-0006 Advisory URL: http://www.coresecurity.com/advisories/fortinet-single-sign-on-stack-overflow Date published: 2015-03-18 Date of last update: 2015-03-18 Vendors contacted: Fortinet Release mode: Coord

[FD] [CORE-2015-0007] - Schneider Vampset Stack and Heap Buffer Overflow

1. Advisory Information Title: Schneider Vampset Stack and Heap Buffer Overflow Advisory ID: CORE-2015-0007 Advisory URL: http://www.coresecurity.com/advisories/schneider-vampset-stack-and-heap-buffer-overflow Date published: 2015-03-30 Date of last update: 2015-03-27 Vendors contacted: Schneide

[FD] [CORE-2015-0008] - InFocus IN3128HD Projector Multiple Vulnerabilities

1. Advisory Information Title: InFocus IN3128HD Projector Multiple Vulnerabilities Advisory ID: CORE-2015-0008 Advisory URL: http://www.coresecurity.com/advisories/infocus-in3128hd-projector-multiple-vulnerabilities Date published: 2015-04-27 Date of last update: 2015-04-22 Vendors contacted: InF

[FD] [CORE-2015-0009] - SAP LZC/LZH Compression Multiple Vulnerabilities

Advisories Team. 7. Technical Description / Proof of Concept Code SAP products make use of LZC and LZH algorithms for compressing in-transit data for different services (Diag protocol, RFC protocol, MaxDB protocol) and for distributing files (SAPCAR program). The implementation of this

[FD] [CORE-2015-0010] - Sendio ESP Information Disclosure Vulnerability

1. Advisory Information Title: Sendio ESP Information Disclosure Vulnerability Advisory ID: CORE-2015-0010 Advisory URL: http://www.coresecurity.com/advisories/sendio-esp-information-disclosure-vulnerability Date published: 2015-05-22 Date of last update: 2015-05-22 Vendors contacted: Sendio Rele

[FD] [CORE-2015-0012] - AirLive Multiple Products OS Command Injection

1. Advisory Information Title: AirLive Multiple Products OS Command Injection Advisory ID: CORE-2015-0012 Advisory URL: http://www.coresecurity.com/advisories/airlive-multiple-products-os-command-injection Date published: 2015-07-06 Date of last update: 2015-07-06 Vendors contacted: AirLive Relea

[FD] [CORE-2015-0011] - AirLink101 SkyIPCam1620W OS Command Injection

1. Advisory Information Title: AirLink101 SkyIPCam1620W OS Command Injection Advisory ID: CORE-2015-0011 Advisory URL: http://www.coresecurity.com/advisories/airlink101-skyipcam1620w-os-command-injection Date published: 2015-07-08 Date of last update: 2015-07-08 Vendors contacted: AirLink101 Rele