Vuln Dev Mode:
(Page 8 of 75)  < Prev  3 4 5 6 7 8 9 10 11 12 13  Next >
HITBSecConf2007 - Malaysia: Call for Papers now Open 2007-03-05
Praburaajan (prabu hackinthebox org)
The CFP for HITBSecConf2007 - Malaysia is now open. HITBSecConf -
Malaysia is the premier network security event for the region and the
largest gathering of hackers in Asia. Our 2007 event is expected to
attract over 700 attendees from around the world and will see 4 keynote
speakers in addition to

[ more ]  [ reply ]
Re: Woltlab Burning Board (wbb) 2.3.6 CSRF/XSS - 0day 2007-03-02
MC Iglo (mc iglo googlemail com)
On my WBB 2.3.3 (and i think, this is the default setting) you cannot
access register.php when logged in (even as admin). So you need to be
logged off to open the evil site. And when you are logged off, the
cookie is simply useless.

Also, on my Forum, only r_dateformat and r_timeformat are affected

[ more ]  [ reply ]
Woltlab Burning Board (wbb) 2.3.6 CSRF/XSS - 0day 2007-03-02
SaMuschie (samuschie yahoo de)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

+--------------------------------------- - -- -
| SaMuschie Research Labs proudly presents . . .
+------------------------------------------- -- - -
| Application: Woltlab Burning Board (wbb)
| Version: 2.3.6 (others not testet)
| Vuln./Exploit Typ

[ more ]  [ reply ]
Black And White Ball (Con) - March Press Release 2007-03-02
Mark Hinge (mark hinge whitedust net)
For Immediate Release

Contacts

Mark Anderson
mark.anderson (at) whitedust (dot) net [email concealed]
+353 - (0)87-798-5482

Mark Hinge
mark.hinge (at) whitedust (dot) net [email concealed]
+44 - (0)07908-871-091

WHITEDUST.NET ANNOUNCES THE FIRST ANNUAL BLACK AND WHITE BALL

Call for Papers Ends March 30th, 2007

http://www.theblackandwhiteball.co.uk/

[ more ]  [ reply ]
Serendipity unauthenticated SQL-Injection 2007-03-01
SaMuschie (samuschie yahoo de)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

+--------------------------------------- - -- -
| SaMuschie Research Labs proudly presents . . .
+------------------------------------------- -- - -
| Application: serendipity
| Version: 1.1.1 (others not testet)
| Vuln./Exploit Type: SQL-Injection

[ more ]  [ reply ]
Nullsoft ShoutcastServer Persistant XSS - 0day 2007-02-27
SaMuschie (samuschie yahoo de)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

+--------------------------------------- - -- -
| SaMuschie Research Labs proudly presents . . .
+------------------------------------------- -- - -
| Application: Nullsoft ShoutcastServer
| Version: 1.9.7/Win32 (other versions/platforms not tested

[ more ]  [ reply ]
WordPress Search Function SQL-Injection 2007-02-27
SaMuschie (samuschie yahoo de)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

+--------------------------------------- - -- -
| SaMuschie Research Labs proudly presents . . .
+------------------------------------------- -- - -
| Application: wordpress
| Version: <= 2.1.1
| Vuln./Exploit Type: SQL-Injection
| Status: 0day
+--

[ more ]  [ reply ]
Re: WordPress Search Function SQL-Injection 2007-02-27
Justin Frydman - Thinkweb Media (justin thinkwebmedia com)

Can't replicate this in 2.0.7. Is this only for the 2.1.x branch then?

On Tue, 27 Feb 2007 21:39:55 +0100 (CET), SaMuschie <samuschie (at) yahoo (dot) de [email concealed]> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> +--------------------------------------- - -- -
> | SaMuschie Research Labs proudly present

[ more ]  [ reply ]
Re: WordPress Search Function SQL-Injection 2007-02-28
ascii (ascii katamail com)
Justin Frydman - Thinkweb Media wrote:
> Can't replicate this in 2.0.7. Is this only for the 2.1.x branch then?

i have the same feeling

tested on multiple wp instances and can't reproduce on >= 2.0.1 <= 2.0.7

regards, Francesco 'ascii' Ongaro
http://www.ush.it/

[ more ]  [ reply ]
WordPress AdminPanel CSRF/XSS - 0day 2007-02-26
SaMuschie (samuschie yahoo de)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

+-----------------------------------------------------------------------
----+
| SaMuschie Research Labs proudly presents . . . |
+-----------------------------------------------------------------------
----+
| Application: wo

[ more ]  [ reply ]
vd_proftpd.pm Metasploit module for ProFTPD stack overflow 2007-02-22
alessioalbani libero it
Blank to all.
Someone has tested vd_proftpd.pm Metasploit module for ProFTPD stack overflow?
What operating system has used?
Which version of proftpd?

[ more ]  [ reply ]
SyScan'07 CFP 2007-02-25
organiser (at) syscan (dot) org [email concealed] (organiser syscan org)
*CALL FOR PAPER/TRAINING*

*ABOUT SYSCAN'07*

The Symposium on Security for Asia Network (SyScan) aims to be a very
different security conference from the rest of the security conferences
that the information security community in Asia has come to be so
familiar and frustrated with. SyScan intend

[ more ]  [ reply ]
Hacking the Oracle SYS password 2007-02-16
pete petefinnigan com
Hi Everyone,

I have just posted a new paper written by Miladin Modrakovic to my website that demonstrates how to use the BBED Block Editor tool to change the SYS password to a known hash value without connecting to the database. The paper is at http://www.petefinnigan.com/bbed_used_to_change_sys_pa

[ more ]  [ reply ]
Linkifier Plus executing JS? 2007-02-12
John Richard Moser (nigelenki comcast net)
I'm using Linkifier Plus[1] and it keeps replacing 'undefined' with
'ftp://ftp.' anywhere it sees it. I am starting to wonder if there's
some way to get it to execute arbitrary Java Script, but I don't know
quite how to try to trick it; I would imagine all one word things like
alert('Luser!') would

[ more ]  [ reply ]
PAKCON III: Call for Papers [cfp] 2007-02-09
Ayaz Ahmed Khan (ayaz pakcon org)
P A K C O N - I I I

May, 2007
Pearl Continental Hotel
Karachi
www.pakcon.org

``P A K C O N

[ more ]  [ reply ]
Re: Good references to enhance security programming 2007-01-29
Marco Ivaldi (raptor 0xdeadbeef info) (2 replies)
Wayne,

On Sun, 27 Jan 2007, wayneho123 (at) gmail (dot) com [email concealed] wrote:

> Does anyone know any good references (books, website, training) for
> programming skills targeting for security professionals? I want to find
> some good references to accelerate my programming skills (c, Assembly)
> targeting kernel, wr

[ more ]  [ reply ]
Re: Good references to enhance security programming 2007-02-09
Dominic Chell (dmc digitalapocalypse net) (1 replies)
RE: Good references to enhance security programming 2007-02-13
David Maynor (dave erratasec com)
Re: Good references to enhance security programming 2007-01-30
crazy frog crazy frog (i m crazy frog gmail com)
Good references to enhance security programming 2007-01-27
wayneho123 gmail com
Does anyone know any good references (books, website, training) for programming skills targeting for security professionals? I want to find some good references to accelerate my programming skills (c, Assembly) targeting kernel, writing exploits, or to understand security research papers.

Thanks,

[ more ]  [ reply ]
CA brightstor msgeng.exe heap overflow exploit (win2k SP0) 2007-01-27
WINNY THOMAS (winnymthomas yahoo com)
Hi there,
Here is a remote exploit for the heap overflow
issue in msgeng.exe as described in ls-20060313.pdf. I
needed to analyze this and could not find any reliable
exploit anywhere that would work on my test machines
and so came up with this one.

Cheers,

________________________________

[ more ]  [ reply ]
Possible McAfee GroupShield Vulnerability 2007-01-25
jwrights grahamengineering com
I have found a possible GroupShield vulnerability involving protected Windows operating system files with a .sys extension. I am currently blocking by extension and it is allowing the files to come through successfully our Exchange server system from the outside. I have been working closely with M

[ more ]  [ reply ]
Call for Paper - SyScan'07 2007-01-23
organiser (at) syscan (dot) org [email concealed] (organiser syscan org)
*CALL FOR PAPER/TRAINING*

* *

*ABOUT SYSCAN?07*

The Symposium on Security for Asia Network (SyScan) aims to be a very
different security conference from the rest of the security conferences
that the information security community in Asia has come to be so
familiar and frustrated with. SyScan i

[ more ]  [ reply ]
EUSecWest 2007 Papers 2007-01-19
Dragos Ruiu (dr kyx net)
Hi,

For those who asked, we are still processing the submissions for CanSecWest
and the call closed, please stand by. The paper selections are back from the
reviewers for EUSecWest, in London on March 1-2.

In absolutely random order:

Threats against and protection of Microsoft's internal network

[ more ]  [ reply ]
JavaScript inLine Debugger - The fastest web site debugger (technique, to a tool) 2007-01-17
sirdarckcat gmail com
- JavaScript inLine Debugger -
The fastest web site debugger

JavaScript is one of the most powerful languages, it is just not seen this way. With the new wave of people using AJAX they now realize how powerful JavaScript could really be. But its power goes beyond that; with JavaScript we are able

[ more ]  [ reply ]
seeking comments on disclosure articles 2007-01-14
Shawna McAlearney (SMcAlearney cxo com)

Hi all,

I'd love to hear what you think about some articles we posted on
disclosure. Please feel free to email me or post a comment on the
appropriate article as you see fit. I look forward to hearing your
insights.

If you see a glaring security hole in a sensitive application, what will
you do

[ more ]  [ reply ]
Uninformed Journal Release Announcement: Volume 6 2007-01-15
sflist digitaloffense net
Uninformed is pleased to announce the release of its sixth volume. This
volume includes 3 articles on reverse engineering and exploitation
technology. These articles include:

- Engineering in Reverse: Subverting PatchGuard Version 2
Author: Skywing

- Engineering in Reverse: Locreate: A

[ more ]  [ reply ]
Re: Debugger 2007-01-09
drbrandus geocities com
Hi,

NuMega SoftIce became Compuware DriverStudio; now, DriverStudio is not available from Compuware. Maybe they merged it into their new product DevPartner.

Bye,
Brando

[ more ]  [ reply ]
(Page 8 of 75)  < Prev  3 4 5 6 7 8 9 10 11 12 13  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus