Sorry, if you are receiving multiple copies of it. Just resending as the one
that I sent last night has not yet appeared.

w3wp remote DoS due to improper reference of STA COM components in ASP.NET
========================================================================
===

Vendor: Microsoft Corpora

[ more ]  [ reply ]

Hello, I would like to know a way to debugging a vulnerable program, where I am overwriting the se handler with my address. I have OllyDbg as just in time debugger. If my exploit-buffer reaches the pointer to the next seh record, nothing happens. Now I was trying to put breakpoint instructions 0xcc)

[ more ]  [ reply ]

> Does anyone on the list knows of any kind of software (for Windows, Linux,
> or anything) that I can set up as an HTTP/HTTPS proxy/redirector to receive
> requests on a specific TCP port, and then redirects them to another IP, AND
> to a scpecific Virtual Host ?

http://httpd.apache.org/docs/2.0/m

[ more ]  [ reply ]

Hi,

Does anyone on the list knows of any kind of software (for Windows, Linux,
or anything) that I can set up as an HTTP/HTTPS proxy/redirector to receive
requests on a specific TCP port, and then redirects them to another IP, AND
to a scpecific Virtual Host ?

Something like what 'stunnel' doe

[ more ]  [ reply ]

Hi,

A buffer overflow occurs in Adobe Form Designer 7 (Part of Acrobat 7)
with all Updates applied, when trying to create a new or modify an
existing form on a system with too many fonts installed.
Installing the software on a plain (just updates) Windows 2000 with
~1500 fonts, will result in a acc

[ more ]  [ reply ]

The call for papers is now closed and the proposals have been reviewed
for the CanSecWest/core06 Applied Technical Security Conference held
on April 5-7 2006 at the Mariott Renaissance Harbourside in Vancouver,
B.C. Canada.

The selected submissions are :

An hour of Rap and Comedy about SAP - St

[ more ]  [ reply ]

SyScan'06 CALL FOR PAPER

**ABOUT SYSCANâ??06**
The Symposium on Security for Asia Network aims to be a very different
security conference from the rest of the security conferences that the
information security community in Asia has come to be so familiar and
frustrated with. SyScanâ??06 intends

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

W00t! DEF CON 14 is now in effect! The Call for Papers is open.

This is a short announcement to let everyone know that we are opening the call
for papers for DEFCON 14 - the annual gathering of subversive computer folks.
Earlier submissions are given

[ more ]  [ reply ]

Sorry, I forgot to insert the initial question, here is it:

Roman Medina-Heigl Hernandez wrote:
> Hello,
>
> Last week I was thinking about the possibility for an external attacker to
> influence over the following PHP variable:
> $_SERVER['SCRIPT_NAME']
>
> The former variable contains the remote

[ more ]  [ reply ]

Hi,

as far as I know the elements of the $_SERVER array are filled by the webserver and therefore a manipulation through a php trick might by difficult.

From my opinion it will be easier to alter this values through a trick on the webserver for instance by using a bug in Apache but I do not know a

[ more ]  [ reply ]

Hello,

Last week I was thinking about the possibility for an external attacker to
influence over the following PHP variable:
$_SERVER['SCRIPT_NAME']

The former variable contains the remote path (URI) to a PHP script, so if
for instance you access with a browser to:
http://<site>/aa/bb/cc/script.ph

[ more ]  [ reply ]

Hi

Lot of ppl tell me that I did not proper zero the EAX register,so 3 MSB
of eax corrupt trapping the syscall, but Its OK.
I successfully run the shellcodes on a debian box,but in gentoo,allways
SEGFAULT.

There is it, a new log:

-----------------------------------------------------------------

[ more ]  [ reply ]

*SyScan'06 CALL FOR PAPER*

***ABOUT SYSCANâ??06***
The Symposium on Security for Asia Network aims to be a very different
security conference from the rest of the security conferences that the
information security community in Asia has come to be so familiar and
frustrated with.
SyScanâ??06 inte

[ more ]  [ reply ]

Bellua Cyber Security Asia 2006 Call for Papers - http://www.bellua.net

For the second consecutive year, the Bellua Cyber Security Asia 2006
Conference will bring together in Indonesia internationally
recognized experts in the security community as well as leading
members of the loca

[ more ]  [ reply ]

On Wed, 8 Feb 2006, James Longstreet wrote:

> If you have experience with Linux, or another Unix OS, I would suggest
> starting there. If you don't want to install Linux, you can even run it
> in Bochs, QEMU, VMWare, etc.

If you need some help on Linux/x86 exploitation, i suggest you to take a
l

[ more ]  [ reply ]

Try initializing the upper 3 MSB's of the eax register before trapping. This seems like a really common error amongst new shellcode writers. It's probably that eax has already been initalized with a value and you're only setting the LSB. Then when you trap the wrong (or completely invalid) systemcal

[ more ]  [ reply ]

I was messing about with my pc trying to learn how buffer overruns work
(mostly as an excuse to use assembler) and I have run into a problem.

The program I am exploiting is just a simple c program I wrote which
mismanages a string provided by the user by copying it into a 512 byte
variable on the s

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello Vuln Dev readers,

A bunch of announcements from Black Hat. It was easier to bundle them
all
together instead of send them out bit by bit, so everything from
Black
Hat Federal coverage to the CFP opening for the summer USA conference
is
included.

[ more ]  [ reply ]

I guess your function address is wrong, run "objdump /usr/lib/libc.so.5 -T | grep -w execve" to find the one for your system.

by the way: a much more reliable way to run system functions is to use systemcalls.
the respective number for each syscall can be found
with egrep "^#define __NR" /usr/inc

[ more ]  [ reply ]