Figured I would send this to the vuln-dev list after rambling on about it
on a firewalls list, so apologies to those who see this as a cross-post
dupe.

[RECENTLY] I ran across what I believe is an irftp based worm. While
cleaning two laptops one day (one connected to a secure VLAN the other not
co

[ more ]  [ reply ]

I am working on a pen test for a trusted solaris
machine, and wondered if anyone knows of a tools that
will allow me to connect to the trusted solaris box
from an untrusted host. Basically, I am looking for a
tool that will spoof packets and trick the trusted
solaris box into thinking that my pen t

[ more ]  [ reply ]

>Anyone know why so many browsers are affected?

I think it would be obvious but add the following browser:
Netscape 7.1(Gecko/20030624)

Shirkdog
http://www.shirkdog.us

_________________________________________________________________
Don?t just search. Find. Check out the new MSN Search!
http://

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

BLACK HAT BRIEFINGS CALL FOR PAPERS EUROPE AND ASIA

The Black Hat Briefings was created to fill the need for computer security
professionals to better understand
the security risks to information infrastructures and computer systems.

What makes Blac

[ more ]  [ reply ]

Hello,

I'm studying how buffer overflows work. While reading the famous article
by Aleph1 Smashing the Stack for Fun and Profit I have got some problems.
I think my problems are caused by changes in new versions of gcc so,
where I can find information about how changes in new versions of gcc
affect

[ more ]  [ reply ]

Just a quick summary of the solution for those interested.

sin <sin (at) innocence-lost (dot) net [email concealed]> wrote:

> It seems like if bash is the one converting the characters, that you
> should be able to bypass the problems by changing the exploit to call
> execve() with argv/envp setup. Am I incorrect here?

It's

[ more ]  [ reply ]

Hola (Hello),

A new vulnerability in wins that allows for remote unauthenticed system access, has been released from immunty's Vulnerability Sharing Club to general canvas customers. Information on some research I did regarding this vuln can be found here:

http://www.immunitysec.

[ more ]  [ reply ]

Hi all,

This is an old POC I had written for the php memory limit vuln. It works
well on php 4.3.7 with 2.0.49 apache. But its not an elegant solution.

http://www.felinemenace.org/~gyan/phpnolimit.c

have fun,

Gyan

_________________________________________________________________
Steam up your

[ more ]  [ reply ]

I don't think this flaw is exploitable.In MSIE, any loop can lead to exception.Just like:

<IFRAME SRC=?>

save it as a html file, open it in IE, in about 30 seconds, it will cause a stack_overflow exception and exit. Because IE will not stop allocating stack buffer, until there is not enough stack

[ more ]  [ reply ]

An email to security (at) mozilla (dot) org [email concealed] would have sufficed.

That email address can be found at
http://www.mozilla.org/security/bug-bounty.html

Phil

----
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK

> -----Original Message-----
> From: full-disclosure-admin (at) lists.netsys (dot) com [email concealed]
> [mai

[ more ]  [ reply ]

Same problems on MACOSX 10.3.6 with:
-Safari 1.2.4
-Mozilla 1.7
-Camino 0.7.0
-Firefox 1.0
-Opera 6.0.3

Not affected IE 5.2.3

Regards
--
Marco Mella

---------

Hi all,

Same flaw works for Firefox as well as MSIE:

<HTML>
<SCRIPT> a = new Array(); while (1) { (a = new
Array(a)).sort();

[ more ]  [ reply ]

Hi all,

Another flaw in IE:

<HTML>
<SCRIPT> a = new Array(); while (1) { (a = new Array(a)).sort(); } </SCRIPT>
<SCRIPT> a = new Array(); while (1) { (a = new Array(a)).sort(); } </SCRIPT>
</HTML>

Normally I would see if it's exploitable but I figure I'm not MS's pet bug finder/analyser... So

[ more ]  [ reply ]

Hi all,

Same flaw works for Firefox as well as MSIE:

<HTML>
<SCRIPT> a = new Array(); while (1) { (a = new Array(a)).sort(); } </SCRIPT>
<SCRIPT> a = new Array(); while (1) { (a = new Array(a)).sort(); } </SCRIPT>
</HTML>

Added to the list: http://www.edup.tudelft.nl/~bjwever/advisory_firefox

[ more ]  [ reply ]

Hi all,

I have been getting a lot of questions about the encoded shellcode I used in InternetExploiter. That's why I've decided to release the source to my encoder, so you can all use it in your personal version of my exploit. (Remember that the origional code was released under GPL! I'm still hopi

[ more ]  [ reply ]