Luigi Auriemma

15 May 2012 News: to avoid problems with my hosters I have protected the poc, fakep and pwdrec folders with an empty password or a simple sequence of usernames/passwords. for the moment this is an experiment so I will know if it works or not only in the next weeks/months. the alternatives were protecting the single zip files or removing the executables
13 May 2012 Advisories: released full details and PoC of my FlexNet License Server vulnerabilities fnplm_1, fnplm_2 and lmgrd_1
13 May 2012 Advisories: additional details about the SuiteLink bug
13 May 2012 Advisories: Vulnerabilities in Pro-face Pro-Server EX 1.30
13 May 2012 Fake_players_bug: SA:MP invisible Fake Players DoS 0.1.9: added compatibility with version 0.3e
11 May 2012 Advisories: Some bugs in QNX phrelay/phindows/phditto and Wonderware SuiteLink
01 May 2012 QuickBMS: QuickBMS generic files extractor and reimporter 0.5.12: added some compression algorithms and fixed get line
30 Apr 2012 MyToolz: myRTP command-line interface 0.1: basic tool that acts as an interface for the RTPatch patchw32.dll allowing to specify all the available options supported by this library
26 Apr 2012 MyToolz: wav4xm 0.1: simple tool I have written to clean my PCM wave instruments used in FastTracker and other music trackers: convert to mono 16bit, normalization and remove initial/final silence
26 Apr 2012 MyToolz: DTMF2NUM 0.1d: fixed a little bug in the normalization function
26 Apr 2012 News: libssp dependency: I have recompiled the following tools to avoid the libssp dll dependency (caused by gcc -fstack-protector-all): ttarchext, dpa_1, irm_1, samsux_1, skulltagfp and zdaemonfp
25 Apr 2012 QuickBMS: QuickBMS generic files extractor and reimporter 0.5.11: fixed -DDISABLE_SSL, added slz_03 and ntcompress30/40, filexor 0x11223344
25 Apr 2012 MyToolz: Proxocket 0.1.7a: added -fno-omit-frame-pointer and disabled the capturing of data in recv with MSG_PEEK flag
25 Apr 2012 Research: Telltale TTARCH files extractor/rebuilder 0.1.13a: added Walking Dead: A New Day
21 Apr 2012 Advisories: Endless loop in Samsung NET-i ware 1.37
19 Apr 2012 Advisories: Vulnerabilities in Samsung TV (remote controller protocol)
10 Apr 2012 Advisories: Denial of Service vulnerabilities in EMC IRM Server
05 Apr 2012 QuickBMS: QuickBMS generic files extractor and reimporter 0.5.10: fixed a bug in the reimporting in case of filenames starting with slash/backslash, added the RCN recompression, allowed the usage of the secure free() with non secure allocated memory (otherwise it's not possible to free memory allocated by external libraries)
29 Mar 2012 Advisories: Denial of Service in EMC Data Protection Advisor 5.8.1
22 Mar 2012 Advisories: Vulnerabilities in RealPlayer and Novell ZENworks
21 Mar 2012 QuickBMS: QuickBMS generic files extractor and reimporter 0.5.9b: fixed a rare bug with the binary type
21 Mar 2012 Research: Gslist 0.8.10d: micro fix in the web interface
20 Mar 2012 Advisories: released advisory and proof-of-concept for ms11-093 (OLE type confusion in XP/2003)
19 Mar 2012 Research: Gslist 0.8.10c: updated some components and added gsnatneg in the hearbeat function (-b), nothing new
19 Mar 2012 Research: GS natneg client 0.2: partially rewritten and added experimental server-side code
19 Mar 2012 Research: Gamespy NAT negotiation plugin for Proxocket 0.1: plugin for Proxocket for automatically applying the Gamespy NAT negotiation to existent tools
19 Mar 2012 Research: GS enctypeX servers list decoder/encoder 0.1.3b: added some checks in enctypex_wrapper
17 Mar 2012 QuickBMS: QuickBMS generic files extractor and reimporter 0.5.9a: fixed lzf recompression
16 Mar 2012 Advisories: Details about the ms12-020 proof-of-concept leak: I'm trying to build a resume of the story about the Microsoft leak and its details, it will be updated everytime I have more details
16 Mar 2012 Advisories: Use-after-free in Microsoft Remote Desktop: now that my proof-of-concept is out (yeah rdpclient.exe is the poc written by Microsoft in November 2011 using the example packet I sent to ZDI) I have decided to release my original advisory and proof-of-concept packet written the 16 May 2011... full-disclosure as usual :)
15 Mar 2012 Advisories: Code execution in Microsoft Remote Desktop (ms12-020) and vulnerabilities in GE iFix Profiy Historian and Portal: only the links to the original advisories released by the vendors the 13th March
14 Mar 2012 Advisories: Directory traversal in Sockso 1.5
14 Mar 2012 Advisories: Vulnerabilities in Presto! PageManager 9.01
14 Mar 2012 Advisories: Denial of Service in EMC NetWorker 7.6 sp3
14 Mar 2012 Advisories: Denial of Service in Epson EventManager 2.50
11 Mar 2012 Research: Telltale TTARCH files extractor/rebuilder 0.1.13: added the keys of Hector 102/103 and Law and Order Legacies
11 Mar 2012 MyToolz: Mydown 0.2.8 and mydownlib 0.2.6: gzip fix, added proxy support and some enhancements
08 Mar 2012 TestingToolz: FindBits 0.2.2a: fixed the -m option and allowed the visualization of the latest bits in the files (for example a file of one byte)
07 Mar 2012 Advisories: Directory traversal in NetDecision 4.6.1
02 Mar 2012 Advisories: Vulnerabilities in xArrow 3.2
02 Mar 2012 QuickBMS: QuickBMS generic files extractor and reimporter 0.5.9: added some new compression algorithms, optimization and customization of the secure allocation functions (they can be disabled using the option -9, needed in some occasions due to some limitations of this feature), fixed a bug that specified an input folder in case of selection of multiple files
24 Feb 2012 Research: Unigine ung files extractor 0.1: files extractor for the ung archives used by the Unigine game engine
21 Feb 2012 Advisories: Heap corruption in Unity 3d Web Player 3.2.0.61061
20 Feb 2012 QuickBMS: QuickBMS generic files extractor and reimporter 0.5.8: added the Include command and some checks
18 Feb 2012 Advisories: Vulnerabilities in Psycle 1.10.0
16 Feb 2012 Advisories: Vulnerabilities in Novell GroupWise Messenger 2.1.0 and some quick bugs in XnView
12 Feb 2012 QuickBMS: QuickBMS generic files extractor and reimporter 0.5.7: speed and resource optimizations for the memory
12 Feb 2012 News: website up & down: my website is and has ever been aluigi.org from the 2006 so check your bookmarks because lately aluigi.altervista.org has continuos problems (temporary up & down from about 2 weeks). note that it's a backup/mirror website that I switch as primary when needed so using aluigi.org you will catch ever the working website or alternatively mirror.aluigi.org if the main one fails
09 Feb 2012 Advisories: Vulnerabilities in R4 1.25
09 Feb 2012 Advisories: Vulnerabilities in R2 1.65
02 Feb 2012 QuickBMS: QuickBMS generic files extractor and reimporter 0.5.6d: customizations of the tea, xtea and xxtea algorithms and some fixes
28 Jan 2012 Research: Online cd-key verifier for games that use the Gamespy cd-key SDK 0.1.2a: modified to meet the *printf %n out-of-standard in use from Windows Vista, it's a shame that I must modify a perfectly working program for this reason moreover because the tool is linked to msvcrt.dll and not 8.0 or 9.0... no comment
27 Jan 2012 QuickBMS: QuickBMS generic files extractor and reimporter 0.5.6c: fixed a compability problem with the gcc optimizations regarding the patch for kzip
27 Jan 2012 QuickBMS: QuickBMS generic files extractor and reimporter 0.5.6b
27 Jan 2012 QuickBMS: QuickBMS generic files extractor and reimporter 0.5.6: added various other compression algorithms and optimized the usage of kzip
23 Jan 2012 QuickBMS: QuickBMS generic files extractor and reimporter 0.5.5: added the EXECUTE method for both Comtype and Encryption, String scanf/strstr/strrstr, various new compression algorithms, usage of kzip.exe in reimport mode if the compressed size is bigger than the original one, fixes and optimizations
17 Jan 2012 Advisories: Two Denials of Service in Rockwell RNADiagReceiver 2.40.0.12 (SCADA): just an old test I did in the far September 2011 and planned to do better when inspired, I have released it now only to free my bugs queue and return on this product later without rush
15 Jan 2012 Advisories: Directory traversal in NeoAxis Web Player 1.4
15 Jan 2012 MyToolz: Calcc 0.1.5: added support for strings and chars, FILETIME/time64 visualization
11 Jan 2012 Advisories: some bugs in SumatraPDF and ExpressView
09 Jan 2012 QuickBMS: QuickBMS generic files extractor and reimporter 0.5.4a: added a slower but more secure way to manage the allocated memory, it's a crazy experiment I had in mind and may help during the debugging of some scripts
09 Jan 2012 MyToolz: Signsrch 0.1.7: added only the possibility of scanning folders, the rest is unchanged
09 Jan 2012 MyToolz: QuickRVA 0.2.3a: micro fix if e_lfanew is minor than the size of IMAGE_DOS_HEADER and updated distorm library
... old news