Vuln Dev Mode:
(Page 4 of 75)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >
RE: Re[2]: [Full-disclosure] Next generation malware: Windows Vista's gadget API 2007-09-17
Roger A. Grimes (roger banneretcs com)
Microsoft has always had links to external applications. That isn't

IE protected mode doesn't protect you as much as you assume. IE-PM
protects you from drive by downloads. If you download any program
manually it is executed in normal user mode (medium integrity) or in
elevated mode (high int

[ more ]  [ reply ]
RE: Next generation malware: Windows Vista's gadget API 2007-09-14
Roger A. Grimes (roger banneretcs com) (1 replies)
Yes, this is a "new" attack vector, but it is always game over anyway if
I can get you to run my untrusted program. In my testing, installing
any Vista sidebar gadget results in a minimum of 3 warnings, each saying
that the code being installed could be harmful, before it is installed.
5 warnings i

[ more ]  [ reply ]
RE: Next generation malware: Windows Vista's gadget API 2007-09-15
pgut001 cs auckland ac nz (Peter Gutmann) (1 replies)
Next generation malware: Windows Vista's gadget API 2007-09-13
Tim Brown (tmb 65535 com)
A paper has just been released on the Windows Vista's gadget API. The
abstract is as follows:

Windows has had the ability to embed HTML into itâ??s user interface for many
years. Right back to and including Windows NT 4.0, it has been possible to
embed HTML into the task bar, but the OS has alw

[ more ]  [ reply ]
Re: where I can find "FUZZ" resource?? 2007-09-09
nnp (version5 gmail com)
Hash: SHA1
Version: GnuPG v1.4.7 (MingW32)


[ more ]  [ reply ]
Immunity Debugger v1.1 2007-08-30
Nicolas Waisman (nicolas waisman immunityinc com)
The number one request this month was "Please implement a Python shell
so I can write scripts and play with immlib features on the fly!". This
is now done. Enjoy! Next to that we continued our efforts to improve
the overall
debugging experience with two new libraries, libstackanalyze and Ero

[ more ]  [ reply ]
DeepSec IDSC 2007 Vienna Registration Now Open 2007-09-03
Paul Böhm (paul boehm org)
Good News Everyone,

The DeepSec IDSC 2007 Registration has begun at

Since we've received a lot of great feedback so far, we've made some
changes to the conference since the initial announcement.

* 36 top-notch Talks instead of 26. (see

[ more ]  [ reply ]
Security contact for Roper? 2007-08-25
Stefano Zanero (s zanero securenetwork it)

if anybody has a working security or technical contact for Roper (an
European manifacturer and distributor of networking equipment), I would
be grateful.

Thanks in advance,

[ more ]  [ reply ]
24th Chaos Communication Congress 2007: Call for Participation 2007-08-24
fukami (fukami berlin ccc de)
24th Chaos Communication Congress 2007: Call for Participation

24C3: Volldampf voraus!
24th Chaos Communication Congress
December 27th to 30th, 2007
Berlin, Germany


The 24th Chaos Communication Congress (24C3) is the annual four-day

[ more ]  [ reply ]
No cON Name 2007 - CALL FOR PAPERS 2007-08-21
deese spezialk net

* No cON Name 2007 Congress === Call For Papers *

<> <>
<> October: 11,12,13. <>

** What is No cON Name 2007 **

This congress is thought for system an

[ more ]  [ reply ]
ToorCon 9 CFP 2007-08-17
David Hulton (0x31337 gmail com)
Hey guys,

Just thought I'd shoot this out to you all and let you know that we're
doing our first round of speaker selection on Sunday the 19th.
Otherwise, we'll be accepting submissions until September 9th.




Papers and presentations are being accepted for T

[ more ]  [ reply ]
Immunity Debugger is now released 2007-08-04
nicolas waisman immunityinc com
Announcing Immunity Debugger v1.0

After almost a year of intensive development and internal use, we are

pleased to announce the public release of Immunity Debugger v1.0.

When we started developing Immunity Debugger our main objective was to

combine the best of the commandline based and GUI b

[ more ]  [ reply ]
Really, really, penultimate, PacSec CFP deadline, Aug 10. 2007-07-31
Dragos Ruiu (dr kyx net)
Some folks have been trying to convince us to extend deadlines,
so being the sticklers we are, we said: no way... :-) But they convinced
us. So to be fair - this is a heads up for others who didn't have time
to submit. :-) We'll try to turn around the selection reviews ASAP,
before the end of Augus

[ more ]  [ reply ]
"debug k" freezing Cisco routers? 2007-08-01
Shawn Merdinger (shawnmer gmail com) (1 replies)
Hi All,

At level 15 permissions, when I enter "debug k" on the CLI the router
freezes immediately, requiring a manual reboot.

While not a vulnerability per se, perhaps something to keep in mind
from the fat-finger risk?

Anyone else seeing this?

Kindest regards,

Shawn Merdinger

[ more ]  [ reply ]
Re: "debug k" freezing Cisco routers? 2007-08-04
Jorge NIedbalski (niedbalski gmail com)
Re: vulnerabilities in this code chunk 2007-07-28
bluepass gmail com
It is vulnerable to heap overflows.

An unsigned int and an unsigned long have the same size (4 bytes), as well as the same range (0 to 4294967295). The function 'copy_data()' takes 'data_len' as an unsigned int. The function 'memcpy()' takes its parameter as a 'size_t' which is nothing but an uns

[ more ]  [ reply ]
error in my code 2007-07-27
nobody (pentester yahoo com)
I think that I need a beer. I will bet that there is
someone on this list that can pinpoint my error in 15
minutes. I will find some way to get them a
beer/wine/soft drink if so.

I have found and started to exploit a stack based
overflow but am stuck with a simple error in my POC.
is probably

[ more ]  [ reply ]
Win32/Vista IE exploitations? 2007-07-22
K2 (ktwo ktwo ca)
I've been writing this exploit for IE (XP2 & Vista in scope, IE6 isn't as
there are so many other bugs in that it's pointless to target), let's call

I'm currently working on upping the reliability. I'm at 80% now.

Does anybody have any decent cross thread su

[ more ]  [ reply ]
Re: [TOOL] winFuzz ( 2007-07-19
KaCo678 aol com
Hey man this is great work m8 hat's off to you i would strongly suggest other people take a look at this and for the bug's havn't come across any and i don't think i will just what we needed yeh there file fuzzer's and like you said toaf fuzzer.But this beat's them all hand's down.I like the way you

[ more ]  [ reply ]
Re: Java - JRE, SDK Java Web Start 2007-07-18
jfvanmeter comcast net
Hello Sapa3a, so if I wrote called that would place a called down c:\program files\myprogram\jre\1.5.0_09 and then convinced a user to run in it "Internet Explorer" or possible Outlook, or just good old "Windows" you don't think I could exploit a vulnerability in that version?

I know with the Sun J

[ more ]  [ reply ]
Java - JRE, SDK Java Web Start 2007-07-16
jfvanmeter comcast net (3 replies)
How does everyone feel about java being installed by vendors in a propriety path i.e. program files\mysoftware\bin\jre\1.4.0\ and never patching it.

I ran an enterprise scan to looking for javaws.exe and found it in 175 unique paths. Should they be held accountable for the patching of java when

[ more ]  [ reply ]
Re: Java - JRE, SDK Java Web Start 2007-07-18
Re: Java - JRE, SDK Java Web Start 2007-07-17
Blue Boar (BlueBoar thievco com)
Re: Java - JRE, SDK Java Web Start 2007-07-17
Kish Pent (kish_pent yahoo com)
CFP now open for ClubHack, India's own hackers' convention 2007-07-16
RS (rsoftin gmail com)
Hi All
CFP is now open for ClubHack: India's own International Hackers' Convention.
They are planning to hold the event in the month of December in Pune, India.

CFP is open from 15th July & will close on 15th Oct.
For more details check out

Happy Hacking

[ more ]  [ reply ]
[TOOL] winFuzz ( 2007-07-15
v9 fakehalo us
winFuzz is a security researching fuzzer for windows that behaves more as a precise debugger than a normal random fuzzer. This is done by isolating points (fuzzPoints) in arbitrary files to be tested against programs and/or remote services to attempt to cause memory corruption scenarios in the form

[ more ]  [ reply ]
PacSec 2007 Call For Papers (Nov. 29/30, deadline July 27) 2007-07-04
Dragos Ruiu (dr kyx net)


World Security Pros To Converge on Japan

TOKYO, Japan -- To address the increasing importance of
information security in Japan, the best known figures in the
international security industry will get together with leading
Japanese researchers to share best practi

[ more ]  [ reply ]
(Page 4 of 75)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >


Privacy Statement
Copyright 2010, SecurityFocus