what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 8 of 8 RSS Feed

Files from Rene Freingruber

First Active2014-02-27
Last Active2018-02-07
InfoZip UnZip 6.00 / 6.1c22 Buffer Overflow
Posted Feb 7, 2018
Authored by Rene Freingruber | Site sec-consult.com

InfoZip UnZip versions 6.00 and below and 6.1c22 and below suffer from multiple buffer overflow vulnerabilities.

tags | exploit, overflow, vulnerability
advisories | CVE-2018-1000031, CVE-2018-1000032, CVE-2018-1000033, CVE-2018-1000034, CVE-2018-1000035
SHA-256 | dac731d2690cb1af2ab661aed3d50c9247b02e31917bc2d087907958bbe12e5e
Ubiquiti Networks EP-R6 / ER-X / ER-X-SFP Cross Site Scripting
Posted Jul 25, 2017
Authored by Rene Freingruber, T. Weber | Site sec-consult.com

Ubiquiti Networks EP-R6, ER-X, and ER-X-SFP with firmware version 1.9.1 suffer from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | ee8734a3380cb25e9501ce4ed4a9ee0bd8e9edf795998ee4d8a0ad875a88622b
Kerio Control Unified Threat Management Code Execution / XSS / Memory Corruption
Posted Sep 22, 2016
Authored by Rene Freingruber, Raschin Tavakoli | Site sec-consult.com

Kerio Control Unified Threat Management versions prior to 9.1.3 suffer from unsafe usage of the PHP unserialize function, code execution, memory corruption, cross site scripting, and various other vulnerabilities.

tags | exploit, php, vulnerability, code execution, xss
SHA-256 | c22171b8824d2b252b1a4ea012d4bc8d7cc2305a401acabe53ffb1f9885c3e3d
CryptWare CryptoPro Secure Disk For Bitlocker 5.1.0.6474 Manipulation
Posted Aug 31, 2016
Authored by Rene Freingruber, M. von Dach | Site sec-consult.com

CryptWare CryptoPro Secure Disk for Bitlocker version 5.1.0.6474 suffers from flaws that allows a malicious party to attack the boot process and backdoor the system to steal login credentials, the private 802.1x certificate, and the associated password.

tags | exploit
SHA-256 | f6c2bdd62d1577463dc9c79bb653feed9235e44736641fa6d88a9f5d0e6c8af7
Bypassing McAfee's Application Whitelisting For Critical Infrastructure Systems
Posted Jan 12, 2016
Authored by Rene Freingruber | Site sec-consult.com

This paper describes the results of the research conducted by SEC Consult Vulnerability Lab on the security of McAfee Application Control. This product is an example of an application whitelisting solution which can be used to further harden critical systems such as server systems in SCADA environments or client systems with high security requirements like administrative workstations. Application whitelisting is a concept which works by whitelisting all installed software on a system and after that prevent the execution of not whitelisted software. This should prevent the execution of malware and therefore protect against advanced persistent threat (APT) attacks. McAfee Application Control is an example of such a software. It can be installed on any system, however, the main field of application is the protection of highly critical infrastructures. While the core feature of the product is application whitelisting, it also supports additional security features including write and read protection as well as different memory corruption protections.

tags | paper
SHA-256 | 447953aeb8d3c594011048fcd1518b83478ae1bf8164d0159859893f8caa6b18
McAfee Application Control Bypass / Driver Issues
Posted Jul 28, 2015
Authored by Rene Freingruber | Site sec-consult.com

McAfee Application Control version 6.1.3.353 suffers from multiple vulnerabilities including insufficient whitelist protection and bypass issues.

tags | advisory, vulnerability
SHA-256 | 56a0d4447cb0bd7f7b3072dc871f8d24fc7433bff2511b0d379a1e91aadfd4dc
Polycom RealPresence Resource Manager (RPRM) Disclosure / Traversal
Posted Jun 26, 2015
Authored by Rene Freingruber | Site sec-consult.com

By combining all vulnerabilities documented in this advisory an unprivileged authenticated remote attacker can gain full system access (root) on the RPRM appliance. This has an impact on all conferences taking place via this RP Resource Manager. Attackers can steal all conference passcodes and join or record any conference. Versions prior to 8.4 are affected.

tags | exploit, remote, root, vulnerability
advisories | CVE-2015-4681, CVE-2015-4682, CVE-2015-4683, CVE-2015-4684, CVE-2015-4685
SHA-256 | 1d5b03ba6b9a7b0e1ff5623237c28661b4f890d43709aa901df21c57464f2cf6
SAS 9.2 / 9.3 / 9.4 Local Buffer Overflow
Posted Feb 27, 2014
Authored by Rene Freingruber | Site sec-consult.com

SAS for Windows versions 9.2, 9.3, and 9.4 suffer from a local buffer overflow vulnerability.

tags | advisory, overflow, local
systems | windows
SHA-256 | 24769861835016b127bed896f8ade5c050efa0a1c159a8540888d617d43db899
Page 1 of 1
Back1Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close