Files from Core Security Technologies ≈ Packet Storm

Channel: Files from Core Security Technologies ≈ Packet Storm

SAP CAR Archive Tool Denial Of Service / Security Bypass

August 10, 2016, 5:42 pm

Core Security Technologies Advisory - SAP CAR archive tool suffers from security bypass and denial of service vulnerabilities.

View Article

TP-LINK TDDP Buffer Overflow / Missing Authentication

November 22, 2016, 4:49 pm

Core Security Technologies Advisory - TP-LINK TDDP suffers from buffer overflow and missing authentication vulnerabilities.

View Article

SAP SAPCAR 721.510 Buffer Overflow

May 10, 2017, 4:23 pm

Core Security Technologies Advisory - SAP distributes software and packages using an archive program called SAPCAR. This program uses a custom archive file format. A memory corruption vulnerability was...

View Article

Trend Micro ServerProtect Disclosure / CSRF / XSS

May 23, 2017, 7:07 pm

Trend Micro ServerProtect suffers from information disclosure, manipulation, cross site request forgery, cross site scripting, and various other vulnerabilities.

View Article

Kaspersky Anti-Virus File Server 8.0.3.297 XSS / CSRF / Code Execution

June 29, 2017, 7:15 am

Kaspersky Anti-Virus for Linux File Server version 8.0.3.297 suffers from remote code execution, cross site request forgery, cross site scripting, security bypass, information disclosure, and path...

View Article

Trend Micro Smart Protection Server 3.2 XSS / Access Control / Disclosure

December 22, 2017, 8:19 am

Trend Micro Smart Protection Server version 3.2 suffers from access control bypass, cross site scripting, information disclosure, and various other vulnerabilities.

View Article

Kaspersky Secure Mail Gateway 1.1.0.379 CSRF / Code Execution

February 6, 2018, 9:36 am

Kaspersky Secure Mail Gateway version 1.1.0.379 suffers from code execution and cross site request forgery vulnerabilities.

View Article

Dell EMC Isilon OneFS XSS / Code Execution / CSRF

February 14, 2018, 3:23 pm

Dell EMC Isilon OneFS suffers from code execution, cross site request forgery, and cross site scripting vulnerabilities.

View Article

Trend Micro Email Encryption Gateway XSS / Code Execution

February 21, 2018, 2:22 pm

Trend Micro Email Encryption Gateway suffers from cleartext transmission of sensitive information, missing authentication, cross site request forgery, cross site scripting, and various other...

View Article

MikroTik RouterOS SMB Buffer Overflow

March 15, 2018, 4:23 pm

A buffer overflow was found in the MikroTik RouterOS SMB service when processing NetBIOS session request messages. Remote attackers with access to the service can exploit this vulnerability and gain...

View Article

TP-Link EAP Controller CSRF / Hard-Coded Key / XSS

May 3, 2018, 6:20 pm

TP-Link EAP suffers from hard-coded credential, cross site request forgery, cross site scripting, and other vulnerabilities.

View Article

Quest DR Series Disk Backup Software 4.0.3 Code Execution

May 31, 2018, 1:49 pm

Quest DR Series Disk Backup Software version 4.0.3 suffers from multiple code execution vulnerabilities.

View Article

Quest KACE System Management Appliance 8.0 (Build 8.0.318) XSS / Traversal /...

May 31, 2018, 1:52 pm

Quest KACE System Management Appliance version 8.0 (Build 8.0.318) suffers from code execution, cross site scripting, path traversal, remote SQL injection, and various other vulnerabilities.

View Article

QNAP Qcenter Virtual Appliance 1.6.x Information Disclosure / Command Injection

July 11, 2018, 3:10 pm

QNAP Qcenter Virtual Appliance versions 1.6.1056 (20170825) and 1.6.1075 (20171123) suffer from information disclosure and command injection vulnerabilities.

View Article

SoftNAS Cloud OS Command Injection

July 26, 2018, 6:34 pm

SoftNAS Cloud versions prior to 4.0.3 suffers from an OS command injection vulnerability.

View Article

Opsview Monitor 5.x Command Execution

September 5, 2018, 10:57 am

Opsview Monitor versions 5.2, 5.3, and 5.4 suffer from cross site scripting and multiple remote command execution vulnerabilities.

View Article

D-Link Central WiFiManager Software Controller Code Execution / XSS

October 4, 2018, 4:23 pm

D-Link Central WiFiManager Software Controller suffers from hard-coded credential, code execution, and cross site scripting vulnerabilities. Version 1.03 is affected.

View Article

ASRock Drivers Privilege Escalation / Code Execution

October 26, 2018, 5:16 pm

ASRock offers several utilities designed to give the user with an ASRock motherboard more control over certain settings and functions. These utilities include various features like the RGB LED control,...

View Article

Cisco WebEx Meetings Privilege Escalation

November 28, 2018, 9:49 am

A vulnerability in the update service of Cisco Webex Meetings Desktop App for Windows could allow a local attacker to elevate privileges. This vulnerability is related to a previous security issue...

View Article

ASUS Driver Privilege Escalation

December 21, 2018, 12:32 pm

Multiple vulnerabilities were found in the GLCKIo and Asusgio drivers installed by ASUS Aura Sync, which could allow a local attacker to elevate privileges. ASUS Aura Sync versions 1.07.22 and below...

View Article

GIGABYTE Driver Privilege Escalation

December 21, 2018, 3:23 pm

Multiple vulnerabilities were found in the GPCIDrv and GDrv drivers as bundled with several GIGABYTE and AORUS branded motherboard and graphics card utilities, which could allow a local attacker to...

View Article

Cisco WebEx Meetings Privilege Escalation

February 28, 2019, 3:44 pm

A vulnerability in the update service of Cisco Webex Meetings Desktop App for Windows could allow a local attacker to elevate privileges. Cisco Webex Meetings Desktop App versions 33.6.4.15, 33.6.5.2,...

View Article