Vuln Dev Mode:
(Page 2 of 75)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >
Immunity Debugger v1.5 2008-03-27
Nicolas Waisman (nicolas immunityinc com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Immunity team is proud to present: Immunity Debugger 1.5

This new Immunity Debugger release provides a lot of new scripts and
important fixes. New scripts to improve your debugging experience
include: gflags, hookssl, and hookndr.

The API has been rei

[ more ]  [ reply ]
CanSecWest 2008 PWN2OWN - Mar 26-28 2008-03-21
Dragos Ruiu (dr kyx net)
Calendar Notes:
===========

PacSec 2008 will be on November 12/13 in Tokyo at Aoyama Diamond Hall.

EUSecWest 2008 will be on May 21/22 at a fun new venue in central London.
(We cooked this schedule up so it will enable people to fly to Berlin on
the 23rd and make FX's ph-neutral on Saturday the 2

[ more ]  [ reply ]
Recon 2008 - Call For Paper 2008-03-03
Recon (cfp2008 recon cx)
Welcome to TeleMate!
ATDT1514XXXXXXX
CONNECT 1200
..
DATAPAC : XXXX XXXX
XXXXXXXX
DATAPAC: Call connected to XXXX XXXX

This is a private system. Access attempts are logged. Unauthorized
access may result in prosecution.

Bienvenue!

+ + + +

[ more ]  [ reply ]
*BSD user-ppp local root (when conditions permit) 2008-02-29
sipherr gmail com (1 replies)
/***********************************************************************
************/

/*** pppx.conf - Point to Point Protocol (a.k.a. user-ppp) exploit by sipher ***/

/*** 2003 / 12 /23 - PRIVATE CODE ***/

/*** Program terminated with

[ more ]  [ reply ]
Re: *BSD user-ppp local root (when conditions permit) 2008-03-01
Eygene Ryabinkin (rea-sec codelabs ru)
OpenSSH 4.X DoS (maybe...) 2008-02-26
sipherr gmail com (1 replies)
OpenSSH 4.X deny remote connections.

The service itself doesn't crash, but it does NOT allow anyone to connect after 10 or so pending connections.

To reproduce:

telnet 3.1.33.7 22

Trying 3.1.33.7...

Connected to 3.1.33.7.

Escape character is '^]'.

SSH-2.0-OpenSSH_4.7p1 Deb

[ more ]  [ reply ]
Re: OpenSSH 4.X DoS (maybe...) 2008-02-29
Eygene Ryabinkin (rea-sec codelabs ru)
GNU objdump 2.15 [FreeBSD] 2004-05-23 shows: ... "BFD: Please report this bug." While analyzing crafted ELF. 2008-02-23
david reguera inteco es
NU objdump 2.15 [FreeBSD] 2004-05-23 shows:

BFD: BFD 2.15 [FreeBSD] 2004-05-23 internal error, aborting at

/usr/src/gnu/usr.bin/binutils/libbfd/../../../../contrib/binutils/bfd/

elfcode.h line 188 in bfd_elf32_swap_symbol_in

BFD: Please report this bug.

While analyzing crafted ELF.

Note:

[ more ]  [ reply ]
Re: Re: 3COM TFTPD Overflow: SEH Overwrite 2008-02-08
lists skilltube com
Quoting jeremy.junginger (at) gmail (dot) com [email concealed]:

> I was asking if ws2_32.dll was compiled with SafeSEH (didn't know
> about the Olly plugin). Regarding the return address...I already
> have control of EIP, but can't point it directly to the stack, so
> I'm searching for a module with a suitable re

[ more ]  [ reply ]
Re: Re: 3COM TFTPD Overflow: SEH Overwrite 2008-02-06
jeremy junginger gmail com
I was asking if ws2_32.dll was compiled with SafeSEH (didn't know about the Olly plugin). Regarding the return address...I already have control of EIP, but can't point it directly to the stack, so I'm searching for a module with a suitable return address (with pop/pop/ret) to help me get back to th

[ more ]  [ reply ]
Suspecious JPEG Files 2008-02-01
poddima yahoo com (2 replies)
Hello,

I recieved via e-mail two JPEG files, one of them was not opened properly (Default error message was displayed on the Windows Picture Viewer).

The sender is known to me, and I suspect he was trying to attack my computer (I recieved also an infected executable file from him just a short ti

[ more ]  [ reply ]
Re: Suspecious JPEG Files 2008-02-05
Valdis Kletnieks vt edu
Re: Suspecious JPEG Files 2008-02-06
Geoffrey Gowey (gjgowey gmail com)
Re: 3COM TFTPD Overflow: SEH Overwrite 2008-01-31
the_insider mail com
On XP SP2 the module "ws2_32.dll" was compiled with SafeSEH, so you can't use it to execute code by overwriting the SEH handler to point into it. You can see which modules are SafeSEH enabled and which aren't by using this OllyPlugin at:

http://www.openrce.org/downloads/details/244/OllySSEH

[ more ]  [ reply ]
Re: 3COM TFTPD Overflow: SEH Overwrite 2008-02-04
lists skilltube com
What vulnerability are you trying to exploit? This one?

http://www.securityfocus.com/bid/21322

In your document, you say

"I look for POP/POP/RET ws2_32.dll (to avoid SafeSEH restrictions?)"

are you telling or asking? Can you please provide a little more info.
Otherwise it is hard to help here.

[ more ]  [ reply ]
3COM TFTPD Overflow: SEH Overwrite 2008-01-25
jeremy junginger gmail com
I'm attempting to exploit an already known bug in 3COM TFTPD server, and execute "calc.exe" with my shellcode. I have control of ECX/EIP, and can overwrite both SEH and pointer to next SEH successfully, and have used:

Pointer to next SEH: \xeb\x10\x90\x90

SEH: \x69\x12\xab\x71 (POP/POP/RET in

[ more ]  [ reply ]
PIX Privilege Escalation Vulnerability 2008-01-24
tbbunn ctc net (2 replies)
Back in May of last year I started doing research on any possible security flaws that exist in the Pix/ASA Finesse operating System, versions 7.1 and 7.2. I discovered that a design flaw that was previously unknown in Finesse will allow a level 0 user to escalate their privilege to level 15. I belie

[ more ]  [ reply ]
SV: PIX Privilege Escalation Vulnerability 2008-01-24
Jan Nielsen (jan boyakasha dk)
Re: PIX Privilege Escalation Vulnerability 2008-01-24
Kristian Erik Hermansen (kristian hermansen gmail com)
debuging 2008-01-02
unix_semaphore yahoo com br (1 replies)
hello,

I am a newbie in win32 software hacking.

when i have a open source software,i use the gdb to debug the software,but the most of win32 app, is not a open source,why i know the functions?the operations?what tools i will use to this?

For example is simpliest search buffer overflows in o

[ more ]  [ reply ]
Re: debuging 2008-01-04
Dude VanWinkle (dudevanwinkle gmail com)
Blog Entry of Interest 2007-12-31
Ben (comsatcat earthlink net)
I just updated my blog with an analysis of a level on a wargame I was playing (pulltheplug). It gives a technical overview (hopefully without ruining the level) of a successfull attack on a PAX secured system (non-exec stack) exploiting a stack buffer overflow on a statically linked multi threaded

[ more ]  [ reply ]
overwriting SEH and debugging 2007-12-20
opexoc gmail com (1 replies)
Hello,

I am in situation that I have successfully overwrite SEH in some app. I know that because when I am debugging this app I get exception ( access violation ) and then I can thanks to go to fs:[0] find out what is in first SEH structure.

I have overwritten this SEH by ordinary \xeb\x30\x9

[ more ]  [ reply ]
Re: overwriting SEH and debugging 2007-12-20
H D Moore (sflist digitaloffense net) (1 replies)
Re: overwriting SEH and debugging 2007-12-22
Dude VanWinkle (dudevanwinkle gmail com) (1 replies)
Re: overwriting SEH and debugging 2007-12-22
H D Moore (sflist digitaloffense net)
Re: Re: understanding buffer overflows 2007-12-14
erk_3 hotmail com (2 replies)
I had the same problem, there are a few switches you have to use if compiling with a recent version of gcc. I cant remember the other one (i'll go look now) but try compiling with this flag.

-fno-stack-protector

[ more ]  [ reply ]
Re: understanding buffer overflows 2007-12-18
Valdis Kletnieks vt edu
Re: Re: understanding buffer overflows 2007-12-17
Kristian Erik Hermansen (kristian hermansen gmail com)
Black Hat Briefings Call for Papers 2007-12-11
jmoss (jmoss blackhat com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Vuln-Dev, Happy Holidays from Black Hat! Before the silly season enters full
swing I'd like to make a couple announcements:

BRIEFINGS AND TRAININGS
http://www.blackhat.com/
Black Hat is proud to be holding Trainings and Briefings in Washington D.C.,

[ more ]  [ reply ]
(Page 2 of 75)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus