Vuln Dev Mode:
(Page 11 of 75)  < Prev  6 7 8 9 10 11 12 13 14 15 16  Next >
[w4ck1ng] Darkside of the Internet 2006-10-14
German Alfred (w4ck hotmail co uk)
Greetz,

You are receiving this email because w4ck1ng would like to let everyone know what we have been up to since we first
opened our doors to the public......and we know we got what you want ;)

We have released multiple zero-day exploits to the public:
4images (all versions) SQL injection expl

[ more ]  [ reply ]
UTF-8 + tolower() getpc stubs 2006-10-13
Aaron Adams (aadams securityfocus com)
Hey all,

Anyone that read the most recent Uninformed journal probably saw Skape's
Implementing a Custom x86 Encoder paper [1]. In it he presents a little
challenge for implementing a getpc stub that is UTF-8 and tolower()
compliant. The typical jmp/call, fsetenv, and Skylineds Alpha stuff
won't wo

[ more ]  [ reply ]
Black Hat CFP, Registration, and Announcements for October 2006-10-13
Jeff Moss (jmoss blackhat com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello Vuln Dev readers,

Here are some announcements from Black Hat to keep you busy this October:

- - The Call for Papers and conference registration is now open for the Black Hat
DC Training and Briefings.
- - The Call for Papers and conference regi

[ more ]  [ reply ]
RE: Fortigate Bypass 2006-10-10
Oscar Bravo (OscarB remingtonltd com)
Upgrade to MR3 of the FortiGate device they have now addressed that
issue.

Thank you and have a great day,

Oscar Bravo

-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]]
On Behalf Of Alice Bryson <abryson (at) bytefocus (dot) com [email concealed]>
Sent: Sunday, October 08, 20

[ more ]  [ reply ]
Fuzzing KDE based apps (narrowing down bugs) 2006-10-09
nnp (version5 gmail com)
Hey I was wondering if anyone has any experience auditing KDE based
applications. Recently I, found this while fuzzing for a different
type of vuln.

I am using KDE 3.5.2 and kmail 1.9.1.

This bug requires HTML to be enabled (Settings -> Configure Kmail ->
Security -> and tick Prefer HTML to Plain

[ more ]  [ reply ]
Re: Fortigate Bypass 2006-10-05
admin starkingdoms com (1 replies)
You are correct, I have also tested this. My school system pays who knows what amount of money for this software, yes a simple "s" blows all of their software away. It's not hard for an average student to figure this out, it's really a shame so much money is wasted on such poor software.

[ more ]  [ reply ]
Re: Fortigate Bypass 2006-10-09
Alice Bryson abryson (at) bytefocus (dot) com [email concealed] (abryson bytefocus com)
Re: bypassing randomized stack using linux-gate.so.1 2006-10-03
Pravin (shindepravin gmail com)
> As I recall, in distributions such as Debian, linux-gate is at a static
> address. Thus this isn't a kernel-level thing, but rather something the
> Fedora team did.
>
> If you look in a debugger, you'll see that linux=gate only moves a few
> hundred bytes or so per execution. The stack can move se

[ more ]  [ reply ]
bypassing randomized stack using linux-gate.so.1 2006-09-21
Pravin (shindepravin gmail com) (2 replies)
Hi,
I was working with bypassing randomized stack using "linux-gate.so.1"
I am using Fedora Core 5 and problem with it is that location of
linux-gate.so.1 is not fixed.
But other libraries are having fixed location ( like libc.so.6 and
ld-linux.so.2 )

I changed the value of "/proc/sys/kernel/random

[ more ]  [ reply ]
Re: bypassing randomized stack using linux-gate.so.1 2006-09-22
Luciano Miguel Ferreira Rocha (strange nsk no-ip org)
Re: bypassing randomized stack using linux-gate.so.1 2006-09-22
Jack C (list-recv crepinc com)
Re: problem in bypassing stack randomization ("call *%edx" technique) 2006-09-20
purelysp4m hotmail com
The technique is explained in greater detail at http://milw0rm.org/papers/55 , but unfortunately it only talks about JMP *%esp

By playing around a bit, it looks like %edx always points to the command-line argument after the one you pass to strcpy(). That is, if you do strcpy(vuln,argv[73]), %edx

[ more ]  [ reply ]
problem in bypassing stack randomization ("call *%edx" technique) 2006-09-18
Pravin (shindepravin gmail com)
Hi,
I am working on vulnerabilities which will bypass stack randomization.
I came across a method ("call *%edx" technique) described in
http://rawlab.mindcreations.com/codes/exp/randstack/exp_call_rand.pl

As per my understanding, method works on the line of finding the library
which is not randomiz

[ more ]  [ reply ]
PAKCON III: Announce (2006) 2006-09-13
Ayaz Ahmed Khan (ayaz pakcon org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ANNOUNCING

88888o, .o8o, o8 8I .888, .888, o8o o8 o8 o8 o8
88_ 88 o8_ 8o 88,_o8" 88 88 88 88 888o_88 88 88 88
88888o" 88ooo88 88888o 88 88 88 88"8o88 88

[ more ]  [ reply ]
PAKCON III: Call for Papers (CfP 2006) 2006-09-13
Ayaz Ahmed Khan (ayaz pakcon org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

88888o, .o8o, o8 8I .888, .888, o8o o8 o8 o8 o8
88_ 88 o8_ 8o 88,_o8" 88 88 88 88 888o_88 88 88 88
88888o" 88ooo88 88888o 88 88 88 88"8o88 88 88 88
88

[ more ]  [ reply ]
ToorCon Pre-Registration Closing Friday! 2006-09-13
h1kari (at) toorcon (dot) org [email concealed] (h1kari toorcon org)
PRE-REGISTRATION CLOSING ON FRIDAY, SEPTEMBER 15TH

Don't miss out on the discounted rates for attending ToorCon 8, San
Diego's exclusive hacker convention, going on from September 29th
through October 1st.
[http://www.toorcon.org]

GENERAL ADMISSION

Currently general admission is only $80 which w

[ more ]  [ reply ]
Features in a Vulnerability Management System 2006-09-10
Ayaz Ahmed Khan (ayaz pakcon org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dear Folks:

I am curious how the folks reading these lists look, in general, at a
Vulnerability Management System. What features do you wish to have a
decent Vulnerability Management System (VMS) offer? Which VMS do you
use or have used at any point in

[ more ]  [ reply ]
VirtueMart 2006-09-09
t3rr0r1st aria-security net
#Aria-Security.net Advisory

#Discovered by: Dr.T3rr0r1st

#< www.Aria-security.net >

#Gr33t to: The-0utl4w & A.u.r.a & R@1D3N & Smok3r

#-----------------------------------------------------------

Software: VirtueMart

Link: virtumart.net

Attack method: Remote File Inclusion

Source :

//Set

[ more ]  [ reply ]
Windows International OPcodes Database 2006-09-04
Jerome Athias (jerome athias free fr)
Hi there,

playing with some hexa-voodoo, i'm currently updating my international
Windows opcodes database ("magical return addresses")
it's not as detailed as the MetaSploitFramework one (greetz to the MSF
team and specially to skape), but now supports up to 7 different
locales! (English, French

[ more ]  [ reply ]
ELF binaries containing pointers to .dtors 2006-09-07
aviv by gmail com
Hello,

I'm messing around with the vortex wargame on pull the plug (pulltheplug.org/wargames/vortex) and I needed to overwrite .dtors in one of the levels.

I found out that in every ELF (gcc compiled) I found in .data a pointer to the end of the .dtors section.

Why is it there? Simply to make

[ more ]  [ reply ]
Hackers to Hackers Conferece III - Call for Papers 2006-08-30
Rodrigo Rubira Branco (BSDaemon) (rodrigo kernelhacking com)
General Objectives

The H2HC have as mainly objective offer a national and internation
conference for Brazilians Hackers, strongly the ethical of hacking.

We have as mission change and desmistify the word hacker from the
pejoractive sense to show the hacker as who works in software research and
sec

[ more ]  [ reply ]
Skype API Ap2Ap Stream Creation Flaw 2006-08-18
vizig0thblitz gmail com (1 replies)
An application-to-application stream can be created between two Skype clients without having established normal communications between them and both Skype client's contact lists are empty. With this ability any Skype enabled application can create a convert communication stream to a central server.

[ more ]  [ reply ]
Re: Skype API Ap2Ap Stream Creation Flaw 2006-08-21
Stephen Samuel (samnospam bcgreen com)
ToorCon 8 Call for Papers Closing Tomorrow & Workshops/Seminars Added 2006-08-17
h1kari (at) toorcon (dot) org [email concealed] (h1kari toorcon org)
CALL FOR PAPERS CLOSING!

Just wanted to let you know that the ToorCon 8 CFP will be closing at
the end of Friday, August 18th (tomorrow). If you're interested in
submitting, please make sure you get your submissions in before midnight
tomorrow. For more info, check out the CFP at:
http://www.toorco

[ more ]  [ reply ]
Security contact from Critical Path Inc 2006-08-14
Guillermo Marro (gmmarro flowgate net)
Anyone knows how to reach them?

thanks in advance,

-Guillermo

[ more ]  [ reply ]
Re: Re: Automatic MIME type detection in Internet Explorer 6.x allowed 2006-08-10
der wert (derwert hotmail com)
This is a completely different issue, the one you speak of about the jpg
file, what it was was a gif header in a .jpg file with javascript after it,
and I just tried it and it is still unpatched, but none the less a different
issue

D

On 10 Aug 2006 05:59:06 -0000, none (at) none (dot) com [email concealed] <none (at) none (dot) com [email concealed]>

[ more ]  [ reply ]
Re: Re: Automatic MIME type detection in Internet Explorer 6.x allowed 2006-08-10
none none com
This was actually patched a while ago by Microsoft to the best of my knowlege(I tested it). However, this may be a tad different. In older versions it was possible to upload image files to say a message board or whatever say an avatar. But by placing javascript in any file with a .jpg extension made

[ more ]  [ reply ]
Announcement: Feed Injection in Web 2.0: Hacking RSS and Atom Feed Implementations [Whitepaper] 2006-08-07
SPI Labs (Spi Labs spidynamics com)

"One new feature of "Web 2.0", the movement to build a more responsive
Web, is the utilization of XML content feeds which use the RSS and Atom
standards. These feeds allow both users and Web sites to obtain content
headlines and body text without needing to visit the site in question,
basically pro

[ more ]  [ reply ]
(Page 11 of 75)  < Prev  6 7 8 9 10 11 12 13 14 15 16  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus