|
|
Colapse all |
Post message
Vulnerability Buyer Company 2005-10-19 mpycube yahoo com (1 replies) Hello, i already worked with iDefense but i have seen t hat also 2 other companies are buying 0day: - www.zerodayinitiative.com - www.digitalarmaments.com The offer of the second one look really interesting. Does anyone has worked with those company? which one is better? does exist others company [ more ] [ reply ] Announcement: New SecurityFocus Mailing Lists 2005-10-19 Dave McKinney (dm securityfocus com) (forwarding this announcement to vuln-dev) All, As a result of the poll conducted on the existing SecurityFocus mailing lists, we identified a need from the security community for new discussion forums related to distinct areas of topic. We are pleased to announce the addition of 5 new lists on [ more ] [ reply ] Re: Solaris sparc newbie exploit coding misc questions 2005-10-14 Marco Ivaldi (raptor 0xdeadbeef info) Hey ework0, > I gather together some misc questions about designing buffer overflows > PoC's for the solaris sparc architecture: I apologize for not being able to thoroughly answer your questions, but i'm in a hurry at the moment. Just wanted to point out some of my code that i bet you'll find use [ more ] [ reply ] Solaris sparc newbie exploit coding misc questions 2005-10-12 ework0 (ework0 gmail com) (2 replies) Hello, I gather together some misc questions about designing buffer overflows PoC's for the solaris sparc architecture: 1. Basically, what is the stack address? how can be the same among different process? stack base addr is not related to memory locations? How can I get the stack base address? [ more ] [ reply ] [SEC-1 Advisory] GFI MailSecurity 8.1 Web Module Buffer Overflow 2005-10-12 Gary Oleary-Steele (garyo sec-1 com) [SEC-1 Advisory] Collaboration Data Objects Buffer Overflow Vulnerability 2005-10-12 Gary Oleary-Steele (garyo sec-1 com) PullThePlug Contest: Call For Papers 2005-10-10 announcements pulltheplug org Hi, The PullThePlug Contest is a unique opportunity for individuals in the information security community to share their knowledge in the form of interesting and innovative papers and win a prize in the process. All the papers will be reviewed by our Contest Voting Panel and the best entries will [ more ] [ reply ] PAKCON II: Call for Paper (CfP), Final Call! 2005-10-05 Ayaz Ahmed Khan (ayaz pakcon org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Folks: This is second round for the Call for Papers (CfP) for PAKCON II. We have couple of speaking slots left for the PAKCON II, Pakistan's Cyber Security Convention. It will be happening on 29th and 30th November, 2005 in Karachi, Pakistan. If you [ more ] [ reply ] Re: PocketPC exploitation 2005-10-04 Jerome Athias (jerome athias free fr) (1 replies) Hi guys, first i would like to thank you guys for your nice papers and comments on this subject. After some vacations, a big update of the firmware of my iPAQ (thank you HP; i've just waited 4 months to have a good RAS connection...), i've worked a little on the wininet APIs on Windows CE. If some [ more ] [ reply ] Citrix Metaframe Presentation Server bypassing policies 2005-09-30 gustavog grupoitpro com ar DESCRIPTION: ============ Vulnerability in Presentation Server allow to user bypass citrix policy which is applied to client name. SOFTWARE: Citrix Metaframe Presentation Server 3.0 / 4.0 ========= INFO: ===== Citrix Presentation Server policy is used for admins to restrict the user environme [ more ] [ reply ] Upcoming Black Hat events announcement 2005-09-28 Jeff Moss (jmoss blackhat com) Dear Vuln Dev readers, I want to keep you up to date with what Black Hat is up to. Currently there is a stand alone training in Seattle in October, a Briefings in Tokyo in October, and a Federal Training and Briefings in Crystal City in January. Black Hat returns to Amsterdam at the end February [ more ] [ reply ] Re: MS05-039 2005-09-29 A A (hd78432 yahoo com) Does anyone know the memory address in umpnpmgr.dll where the overflow exception is thrown in the exception block (in windows 2000)? I don't have a windows 2000 box that I can buffer overflow with a debugger. I'm testing in an environment other than Windows 2000 and I have been able to determine it [ more ] [ reply ] PacSec05 2005-09-26 Dragos Ruiu (dr kyx net) English url: http://pacsec.jp/index.html?LANG=ENGLISH Japanese url: http://pacsec.jp/index.html?LANG=JAPANESE Myamoto Musashi famous swordsman and author of "Go Rin No Sho" (the Book of Five Rings) wrote "Study the Way of all professions." In the way of computer networks, one must understand attac [ more ] [ reply ] Canonicalization and apache/PHP-attacks 2005-09-26 tapio_niemela1 yahoo com (1 replies) Hello, could I have a piece of advice about this thing called "Canonicalization" and how it can used to attack PHP. I understand that characters can be presented in multiple ways. For example, '/' can be presented as '/', 0x2F, or even 0xc0xAF (="Overlong sequence") or even something else. Now, I've [ more ] [ reply ] Re: PocketPC exploitation 2005-09-23 Ratter (ratter atlas cz) (1 replies) JM> I would like to contribute to the list a paper i just had published that JM> discusses the vulnerabilities of current virus detectors for pocket pc's, it JM> is scary to think that such simplistic detectors are the current state of JM> the art for such powerfull devices, it leads one to think th [ more ] [ reply ] Re: PocketPC exploitation 2005-09-22 dennis backtrace de > > i would like to know if some of you have experience with exploitation of > > PocketPCs and could give me some ways and tools (debugger...). > > since some vulns come ( http://www.securityfocus.com/bid/13807 ) > > I know that writing a DLL (Fuser) is quite easy with eVC++ (Embedded), > > so a "do [ more ] [ reply ] PocketPC exploitation 2005-09-21 Jose Morales (mrjoemango2 hotmail com) I would like to contribute to the list a paper i just had published that discusses the vulnerabilities of current virus detectors for pocket pc's, it is scary to think that such simplistic detectors are the current state of the art for such powerfull devices, it leads one to think that the lesson [ more ] [ reply ] Whitepaper - Writing small shellcode 2005-09-19 Dafydd Stuttard (daf ngssoftware com) I have written a short whitepaper describing techniques for writing small shellcode. This can be downloaded from: http://www.ngssoftware.com/papers/WritingSmallShellcode.pdf Abstract This paper describes an attempt to write Win32 shellcode that is as small as possible, to perform a common task sub [ more ] [ reply ] RUXCON 2005 Update 2005-09-19 cfp ruxcon org au (RUXCON Call for Papers) Hi, RUXCON is quickly approaching yet again. This e-mail is to bring you up to date on the latest developments on this years conference. Our speakers list is complete [1] and our timetable has been finalised [2]. Below is a list of presentations for RUXCON 2005 (in order of acceptance): 1. Bre [ more ] [ reply ] |
|
Privacy Statement |
http://www.spidynamics.com/spilabs/advisories/oracle-emagentoverflow.htm
l
Release Date: October 18, 2005
Severity: Critical
Systems Affected
----------------
For a complete list of products and components affected, please visit
http://www.oracle.com/t
[ more ] [ reply ]