45 matches found
CVE-2005-1578
EnCase Forensic Edition 4.18a does not support Device Configuration Overlays DCO, which allows attackers to hide information without detection...
EUVD-2005-1581
Malware in sbrugna...
EUVD-2007-4184
Malware in sbrugna...
EUVD-2007-4177
Malware in sbrugna...
EUVD-2007-4185
Malware in sbrugna...
CIRTKit - Tools For The Computer Incident Response Team
One DFIR console to rule them all. Built on top of theViper Framework Documentation Please see the wiki for more information about CIRTKit and documentation Roadmap Future integrations Bit9 Palo Alto Networks EnCase/FTK Future modules Packet Analysis possibly Dshell Javascript...
EnCase Forensic Imager 7.10 Buffer Overflow Vulnerability
Guidance Software EnCase Forensic Imager versions 7.10 and below suffer from a stack-based buffer overflow vulnerability. title: Stack based buffer overflow product: Guidance Software EnCase Forensic Imager vulnerable version: EnCase Forensic Imager = 7.10 fixed version: - CVE number: - impact:...
EnCase Forensic Imager 7.10 Buffer Overflow
A blog post with additional information is available here: http://blog.sec-consult.com/2017/05/chainsaw-of-custody-manipulating.html We have also released a video showing arbitrary code execution: https://www.youtube.com/watch?v=1EngNIXSNQw SEC Consult Vulnerability Lab Security Advisory...
Multiple Vulnerabilities in Guidance Software EnCase
A denial of service and heap buffer overflow vulnerability in Guidance Software EnCase 7.0 and earlier can be exploited by an attacker to execute arbitrary code within the user context of an affected application. A failed exploit attempt may result in a denial of service condition...
EnCase Forensic Imager Buffer Overflow Vulnerability
EnCase Forensic Imager is a free data acquisition tool from EnCase. A buffer overflow vulnerability exists in EnCase Forensic Imager version 7.10, which can be exploited by an attacker to execute arbitrary code in the context of an affected application, potentially also resulting in a denial of...
EnCase Forensic Imager 7.10 Denial Of Service / Heap Buffer Overflow
EnCase Forensic Imager versions 7.10 and below suffer from denial of service and heap-based buffer overflow vulnerabilities. title: Denial of service & heap-based buffer overflow product: Guidance Software EnCase Forensic Imager & EnCase Forensic vulnerable version: EnCase Forensic Imager= 7.10...
EnCase Forensic Imager 7.10 Denial Of Service / Heap Buffer Overflow
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Denial of service & heap-based buffer overflow product: Guidance Software EnCase Forensic Imager & EnCase Forensic vulnerable version: EnCase Forensic Imager= 7.10 EnCase...
Guidance EnCase Enterprise uses weak authentication to identify target machines
Overview Guidance Software's EnCase Enterprise uses IP authentication to identify target machines. An attacker may be able to provide the EnCase SAFE server with a disk image from a different machine than an investigator requested. Description Guidance Software's EnCase Enterprise allows...
Guidance EnCase fails to detect more than 25 partitions
Overview Guidance Software's EnCase Forensic can only detect the first 25 partitions on a volume. Description Guidance Software's EnCase Forensic is a tool that allows an investigator to acquire and analyze a disk image. EnCase names partitions either c: through z:, with an additional partition...
Design/Logic Flaw
Guidance Software EnCase Enterprise Edition EEE 6 does not properly verify the identity of the acquisition target during communication with the EnCase Servlet EEE servlet, which might allow remote attackers to spoof the disk image...
Design/Logic Flaw
Guidance Software EnCase 6.2 and 6.5 does not properly handle a volume with more than 25 partitions, which might allow remote attackers to prevent examination of certain data, a related issue to CVE-2007-4035...
CVE-2007-4201
Guidance Software EnCase 6.2 and 6.5 does not properly handle a volume with more than 25 partitions, which might allow remote attackers to prevent examination of certain data, a related issue to CVE-2007-4035...
CVE-2007-4194
Guidance Software EnCase 5.0 allows user-assisted remote attackers to cause a denial of service stack memory consumption and possibly have other unspecified impact via a malformed file, related to "EnCase's file system parsing." NOTE: this information is based upon a vague pre-advisory. It might...
CVE-2007-4202
Guidance Software EnCase Enterprise Edition EEE 6 does not properly verify the identity of the acquisition target during communication with the EnCase Servlet EEE servlet, which might allow remote attackers to spoof the disk image...
CVE-2007-4201
CVE-2007-4201 concerns Guidance Software’s EnCase (versions 6.2/6.5). The issue: EnCase may fail to properly handle a volume with more than 25 partitions, making hidden or extra partitions potentially inaccessible for examination. The root cause is a limitation in partition visibility that preven...