Vuln Dev Mode:
(Page 12 of 75)  < Prev  7 8 9 10 11 12 13 14 15 16 17  Next >
Automatic MIME type detection in Internet Explorer 6.x allowed 2006-08-03
knight4vn yahoo com (1 replies)
Automatic MIME type detection in Internet Explorer 6.x allowed

downloading executable file automatically

+Background:

What's Internet Explorer automatic MIME type detection?

- This feature was included in IE to detect exactly MIME type from

file on server sending to browser

by using Fi

[ more ]  [ reply ]
Re: Automatic MIME type detection in Internet Explorer 6.x allowed 2006-08-03
Denis Jedig (seclists syneticon de) (1 replies)
Re: Automatic MIME type detection in Internet Explorer 6.x allowed 2006-08-04
Thor Larholm (thor polypath com)
Re: "Moving" Stack: my poor return address! 2006-08-02
list-recv crepinc com (1 replies)
Thanks all for letting me know about stack randomization.

So is it safe to say that "traditional" stack-based exploits such as in my origianl post are a thing of the past, and current exploit developers use methods like returning into libc to get a shell / etc?

Thanks again,

-Jack Carrozzo
jack

[ more ]  [ reply ]
RE: "Moving" Stack: my poor return address! 2006-08-02
salexander frontporch com
Simple CMS 2006-08-02
daaan gmail com (1 replies)
The cms from http://www.cms-center.com/ uses no security at all, just a boolean "isloggedin". If you submit "loggedin=1" in the URL of any of the admin pages, you get full controll.

Proof:

1. Google for "powered by php mysql simple cms"

2. type "admin/config_pages.php?loggedin=1" behind the u

[ more ]  [ reply ]
Re: Simple CMS 2006-08-03
Volker Tanger (vtlists wyae de) (1 replies)
RE: Simple CMS 2006-08-04
David Schwartz (davids webmaster com)
EEYE: research.eeye.com 2006-08-01
Marc Maiffret (mmaiffret eeye com)
Hi,

I am happy to announce to the first incarnation of
http://research.eEye.com. On this site you can find everything from our
previously released advisories to our previously unreleased research
tools. A lot of these tools are seeing daylight for the first time
outside of eEye so we do expect ther

[ more ]  [ reply ]
"Moving" Stack: my poor return address! 2006-08-01
Jack C (list-recv crepinc com) (4 replies)
Hello,

To see if I still knew how to code simple buffer overflows after a long
absence from it, I threw together a quick vulnerable C program today and
wrote and exploit for it. The whole process went great, until I went to
find the return address I wanted in the stack. I have a 4096 byte
buffe

[ more ]  [ reply ]
Re: "Moving" Stack: my poor return address! 2006-08-01
Jon Erickson (matrix phiral com)
Re: "Moving" Stack: my poor return address! 2006-08-01
Steve Bonds (kzzvt3302 sneakemail com)
Re: "Moving" Stack: my poor return address! 2006-08-02
Alexander Klimov (alserkli inbox ru)
Re: "Moving" Stack: my poor return address! 2006-08-01
Andrea Purificato - bunker (bunker fastwebnet it)
Exploiting Heap Overflows in W2K 2006-08-01
Ivan Stroks (ivanstroks yahoo co nz)
Hi list,

I am trying to exploit a Heap buffer overflow
vulnerability and facing some problems, hope you could
help.
I run the vulnerable program in a VMWare, attached
with Olly.

These are my problems:

1. I control both EAX and ESI, when the program goes
to

mov [esi], eax
mov [eax + 4

[ more ]  [ reply ]
Problem in IE's File Type Recognition 2006-07-25
knight4vn yahoo com (3 replies)
I found out one way to make Internet Explorer ver 6.0 recognize incorrectly type of any particular files.

E.g one file named "abcd.exe" is Application type but we can force the IE browser to understand that

file is "Image/JPG" or "Image/Gif" and so on ..

Currently, I'm still working to find

[ more ]  [ reply ]
RE: Problem in IE's File Type Recognition 2006-07-26
Arian J. Evans (arian evans anachronic com)
Re: Problem in IE's File Type Recognition 2006-07-26
pgut001 cs auckland ac nz (Peter Gutmann)
Re: Problem in IE's File Type Recognition 2006-07-25
mikeiscool (michaelslists gmail com)
Fortigate Bypass 2006-07-19
digicrimes gmail com (1 replies)
Today when I was trying to see how strong the fortiguard filters where I had stepped upon some thing interesting .

Note : fortiguard clearly says that none of their filters work on HTTPS ;) so you guys need to decide if its worth the money u shell in hehe

Scenario 1

Say you have blocked W

[ more ]  [ reply ]
Re: Fortigate Bypass 2006-07-20
Louis Wang (bill louis gmail com) (2 replies)
Re: Fortigate Bypass 2006-07-20
Eddie Bell (ejlbell gmail com)
Re: Fortigate Bypass 2006-07-20
Mario Platt (mplatt gmail com)
RUXCON 2006 Final Call For Papers 2006-07-18
cfp ruxcon org au

RuxCon staff would like to announce the call for papers for the fourth annual RuxCon conference.

This year the conference will run from the 30th of September to the 1st of October, over the long weekend. As with previous years, RuxCon will be held at the University of Technology, Sydney, Australia

[ more ]  [ reply ]
Re: Finding Function in IAT tables 2006-07-17
happyfit gmail com
you can use any pe tool to get the iat of exe,for example,stupe,petool,etc

[ more ]  [ reply ]
ToorCon 2006 Call for Papers 2006-07-18
h1kari (at) toorcon (dot) org [email concealed] (h1kari toorcon org)
ToorCon 2006 Call for Papers - Issued June 6th 2006

Papers and presentations are being accepted for ToorCon 2006 to be held
at the Convention Center in San Diego, CA on September 29th-October 1st.
Please email your submissions to cfp [at] toorcon.org; submissions will
be accepted until August 18th,

[ more ]  [ reply ]
PacSec 2006 CALL FOR PAPERS (Deadline Aug. 4; Event Nov. 27-30) 2006-07-17
Dragos Ruiu (dr kyx net)
url: http://pacsec.jp

PacSec 2006 CALL FOR PAPERS

World Security Pros To Converge on Japan

TOKYO, Japan -- To address the increasing importance of information
security in Japan, the best known figures in the international security
industry will get together with leading Japanese research

[ more ]  [ reply ]
ms06-025 2006-07-17
mikage_rinoa yahoo com (1 replies)
Hi everyone,

I am currently working on a report regarding this vulnerability although I have tried to use the PoC given at metasploit but have failed in trying to crash the system. Do you guys have any idea what RPC message format is to be sent so that the exploit will work and do i have to send

[ more ]  [ reply ]
Re: ms06-025 2006-07-18
H D Moore (sflist digitaloffense net)
23rd Chaos Communication Congress 2006: Call for Participation 2006-07-16
fukami (fukami berlin ccc de)
23C3: Who can you trust?
23rd Chaos Communication Congress
December 27th to 30th, 2006

Berlin, Germany

http://events.ccc.de/congress/2006/

Overview
========

The 23rd Chaos Communication Congress (23C3) is the annual four-day
conference of the Chaos Computer Club (CCC) on technology, society

[ more ]  [ reply ]
(Page 12 of 75)  < Prev  7 8 9 10 11 12 13 14 15 16 17  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus