Vuln Dev Mode:
(Page 35 of 75)  < Prev  30 31 32 33 34 35 36 37 38 39 40  Next >
Windows Heap Overflow 2004-04-16
lavmarco freemail it (1 replies)

Hi all,

Where can i gain complete information (papers, tutorial, etc..)

about heap overflow exploitation in windows environment?

Is It similar to linux dmalloc chunk overflow?

Thank you in advance.

Spazio ILLIMITATO per la tua

[ more ]  [ reply ]
Re: Windows Heap Overflow 2004-04-16
runix (runix fallenroot net)
changes between gcc 2.95 and 3.3 2004-04-13
Joe Hickory (J Hickory gmx net)

just experimenting with some buffer overflow exploit tutorials. any of them
i found is written for programs compiled with gcc 2.95. as i tried them with
a gcc 3.2.x they didn't worked.
anybody has a hint where i can find some docs explaining the differences
between how the gcc version compile t

[ more ]  [ reply ]
Re: GNU sharutils 4.2.1 PoC 2004-04-09
Vade 79 (v9 fakehalo deadpig org)
In-Reply-To: <200404091202.i39C21sr051841 (at) mailserver1.hushmail (dot) com [email concealed]>

>below are some details ->





>static char output_base_name[50];



> case 'o':

> strcpy (output_base_name, optarg);




>sam@slackware:~$ /usr/bin/shar -o `perl -e

[ more ]  [ reply ]
GNU sharutils 4.2.1 PoC 2004-04-09
sambooka hushmail com
hello vuln-dev.
I am trying to develop exploit code for the GNU sharutils 4.2.1
vulnerability posted to bugtraq this week ->
but am having a bit of difficulty finding an avenue, anyone got any ideas?

below are some details ->

[ more ]  [ reply ]
Phrack #62 Call for da Paperz 2004-04-08
Richard Miller (rm segfault net)

: P H R A C K - 6 2 :


Deadline: 01 July 2004 at 11:

[ more ]  [ reply ]
Metasploit Win32 Shellcode Updates 2004-04-08
H D Moore (sflist digitaloffense net)
Hello everyone,

The shellcode section at has been updated with the complete
build environment for the Metasploit Framework Win32 payloads. These
payloads are fairly small and can be compiled either all at once, or
broken up into separate stages to save space.

A CGI application

[ more ]  [ reply ]
Re: Re: Outlook Mailto URL:vulnerabilty 2004-04-06
clancy carlson (clancy_carlson hotmail com)
thanks, I have heard that people had it working for outlook express, however
if you look at the advisories such as

they specifically state that outlook 2002 is vulnerable. Is it just easier
to get it to work via outlook express, and on

[ more ]  [ reply ]
SMTP non delivery notification DoS/DDoS Attacks 2004-04-05
Stefan Frei (stefan frei techzoom net) (1 replies)
Dear list members,

My colleagues and I have been doing some research into a mail-related vulnerabilities over the last month or two. We discovered that a problem exists within the way non-delivery notifications are sent from many SMTP mail servers. This problem can be successfully (and rather eas

[ more ]  [ reply ]
Re: SMTP non delivery notification DoS/DDoS Attacks 2004-04-07
Philip Rowlands (phr doc ic ac uk)
Re: Outlook Mailto URL:vulnerabilty 2004-04-04
Seamus Grimes (shamusgrimes yahoo com)
In-Reply-To: <BAY13-F65PU2pnUgrMb0003f3db (at) hotmail (dot) com [email concealed]>


I unerstand your problem, I've been working on building a proof of concept for our pen test scripts, but havn't had any luck with it yet. I talked to the developer of the original proof of concept, he's only gotton it working on wi

[ more ]  [ reply ]
Outlook Mailto URL:vulnerabilty 2004-04-02
clancy carlson (clancy_carlson hotmail com)
I have been trying to write an exploit for the Outlook Mailto URL
vulnerability, but have been unsuccesfull up to this point. I have tried on
both and windows 2000 and windows XP machine using Outlook 2002. All of the
proof of concept codes and other documentation does not seemt o work.

[ more ]  [ reply ]
Problem rlogin protocol 2004-04-02
Inode (inode mediaservice net)
Hi all,
I'm playing with rlogin protocol under Solaris (but I think it's similar
to others unix system), and I got some problems.

When I try to send a buffer more than 250 byte as login name the deamon
will output 0x7 character (beep). I know that with telnet protocol there
are options for permi

[ more ]  [ reply ]
IE Bug in Javascript Navigator Object 2004-04-01
Uli Häfele (uli haefele mindlab de) (1 replies)
I discovered a strange thing with the MS/IE recently. The Javascript
Navigator Object can be written by just adding a property.
The following code used within an html page

navigator.myString = "Hello world";

adds the property myString to the navigator object.
The content of the

[ more ]  [ reply ]
Re: IE Bug in Javascript Navigator Object 2004-04-02
Berend-Jan Wever (SkyLined edup tudelft nl)
Re: Buffer Overflows 2004-03-30
. npguy (npguy linuxmail org) (1 replies)

ESP points the current address of the stack frame. The address is very importnat to exploit
the return address.

Take an example of overwriting the return address with JMP ESP instruction simply change the flow of the program by jumping to the current pointing address of ESP (Stack Pointer).

[ more ]  [ reply ]
Re: Buffer Overflows 2004-03-30
Gerardo Richarte (gera corest com) (1 replies)
Re: Buffer Overflows 2004-04-01
Gerardo Richarte (gera corest com)
Buffer Overflows 2004-03-29
luck___ hotmail com (2 replies)

Hi hope someone could help me with a question I have. Why do many buffer overflow exploits use the %esp before the program has run as the return address? If im not wrong then the idea is to return into the buffer but the %esp before the program is run becomes %ebp during program execution and this

[ more ]  [ reply ]
Re: Buffer Overflows 2004-04-05
Angelo Dell'Aera (buffer antifork org)
Re: Buffer Overflows 2004-04-01
Yves Younan (yyounan fort-knox org)
ISS 'Witty' Worm Analyzed 2004-03-23
mattmurphy (at) kc.rr (dot) com [email concealed] (mattmurphy kc rr com)
Dear Lists,

I have completed an analysis of the 'Witty' worm that impacts multiple ISS
products. The worm is spreading via a very simple UDP propagation
algorithm. The unique nature of this worm made it a fascinating piece of
code to analyze. The analysis gets into the details of the worm's

[ more ]  [ reply ]
Analysis of the Exploitation Processes (.pdf) 2004-03-23
Steven Hill (steve covertsystems org)
Hash: SHA1


"Analysis of the Exploitation Processes" (.pdf)

"Covert Systems Research" has drafted together a tutorial defining
several of the common types of vulnerabilities together with their
counterpart command line exploit sequences. The descriptions

[ more ]  [ reply ]
squidguard vulnerability 2004-03-19
Petko Popadiyski (petko freebsd-bg org)
squidGuard is a fast redirector using database stored blacklists.

I found that squidguard is prone to the bug found in squid about the
NULL URL character unauthorized access (
The vulnerability presents itself when a URI that is designed to access
a specific

[ more ]  [ reply ]
Computer Security Mexico 2004 2004-03-16
Seguridad en Computo UNAM (seguridad seguridad unam mx)


Computer Security Mexico 2004
"10th Years celebrating Computer Security Mexico"

Antiguo Colegio de San Ildefonso

[ more ]  [ reply ]
New security alert #66 issued in Oracle web cache 2004-03-15
Pete Finnigan (plsql petefinnigan com)
Hi everyone,

If anyone is interested a new security advisory has been issued by
Oracle. Alert number 66 in Oracle web cache. I have added some details
about this advisory to my security alerts page which is

kind regards

Pete Finnigan

[ more ]  [ reply ]
buffer overflows and stack alignment 2004-03-15
Oleg Kolesnikov (digiwind hotmail com)

Hi All,

I've been playing around with stack alignment to use multi-byte noops in exploits. I'd like to get some opinions.

Currently, most exploits use single-byte instructions in noop sleds. It can be a problem, particularly for polymorphic exploits, e.g. 55/256, sled detection etc.


[ more ]  [ reply ]
[oracle] - passwords in clear text and password protected roles bypass 2004-03-14
Pete Finnigan (plsql petefinnigan com)
Hi Everyone,

I have just put two short papers on my website, the first discussing
clear text password transmissions when changing a users password in the
database and the second discussing the same issue with set role {blah}
identified by {blah}. The second paper also discusses an issue I found

[ more ]  [ reply ]
(Page 35 of 75)  < Prev  30 31 32 33 34 35 36 37 38 39 40  Next >


Privacy Statement
Copyright 2010, SecurityFocus