Vuln Dev Mode:
(Page 17 of 75)  < Prev  12 13 14 15 16 17 18 19 20 21 22  Next >
w3wp remote DoS 2006-03-22
Debasis Mohanty (debasis hackingspirits com)
Sorry, if you are receiving multiple copies of it. Just resending as the one
that I sent last night has not yet appeared.

w3wp remote DoS due to improper reference of STA COM components in ASP.NET
========================================================================
===

Vendor: Microsoft Corpora

[ more ]  [ reply ]
debugging seh overwrite 2006-03-20
laphoo gmail com (3 replies)
Hello, I would like to know a way to debugging a vulnerable program, where I am overwriting the se handler with my address. I have OllyDbg as just in time debugger. If my exploit-buffer reaches the pointer to the next seh record, nothing happens. Now I was trying to put breakpoint instructions 0xcc)

[ more ]  [ reply ]
Re: debugging seh overwrite 2006-03-21
Karma (karma frij com au)
Re: debugging seh overwrite 2006-03-20
The Jabberwock (dj ethericmist net)
Re: debugging seh overwrite 2006-03-20
Felix Lindner (fx sabre-labs com)
Re: HTTP proxy/redirector to a unique virtual host .... 2006-03-17
Kim Christensen (kim christensen gmail com)
> Does anyone on the list knows of any kind of software (for Windows, Linux,
> or anything) that I can set up as an HTTP/HTTPS proxy/redirector to receive
> requests on a specific TCP port, and then redirects them to another IP, AND
> to a scpecific Virtual Host ?

http://httpd.apache.org/docs/2.0/m

[ more ]  [ reply ]
HTTP proxy/redirector to a unique virtual host .... 2006-03-15
Alberto Paris (albertoparis hotmail com)

Hi,

Does anyone on the list knows of any kind of software (for Windows, Linux,
or anything) that I can set up as an HTTP/HTTPS proxy/redirector to receive
requests on a specific TCP port, and then redirects them to another IP, AND
to a scpecific Virtual Host ?

Something like what 'stunnel' doe

[ more ]  [ reply ]
Adobe Form Designer Overflow 2006-03-10
mc iglo gmx de
Hi,

A buffer overflow occurs in Adobe Form Designer 7 (Part of Acrobat 7)
with all Updates applied, when trying to create a new or modify an
existing form on a system with too many fonts installed.
Installing the software on a plain (just updates) Windows 2000 with
~1500 fonts, will result in a acc

[ more ]  [ reply ]
CanSecWest/core06 Vancouver April 3-7 2006-03-08
Dragos Ruiu (dr kyx net)
The call for papers is now closed and the proposals have been reviewed
for the CanSecWest/core06 Applied Technical Security Conference held
on April 5-7 2006 at the Mariott Renaissance Harbourside in Vancouver,
B.C. Canada.

The selected submissions are :

An hour of Rap and Comedy about SAP - St

[ more ]  [ reply ]
SyScan'06 Call For Papers 2006-03-06
organiser (at) syscan (dot) org [email concealed] (organiser syscan org)
SyScan'06 CALL FOR PAPER

**ABOUT SYSCANâ??06**
The Symposium on Security for Asia Network aims to be a very different
security conference from the rest of the security conferences that the
information security community in Asia has come to be so familiar and
frustrated with. SyScanâ??06 intends

[ more ]  [ reply ]
DEF CON 14 is now in effect! The Call for Papers is open. 2006-02-23
Jeff Moss (jmoss blackhat com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

W00t! DEF CON 14 is now in effect! The Call for Papers is open.

This is a short announcement to let everyone know that we are opening the call
for papers for DEFCON 14 - the annual gathering of subversive computer folks.
Earlier submissions are given

[ more ]  [ reply ]
Re: PHP and SCRIPT_NAME variable 2006-02-22
Harald Eder (contact eder-harald com) (1 replies)
Sorry, I forgot to insert the initial question, here is it:

Roman Medina-Heigl Hernandez wrote:
> Hello,
>
> Last week I was thinking about the possibility for an external attacker to
> influence over the following PHP variable:
> $_SERVER['SCRIPT_NAME']
>
> The former variable contains the remote

[ more ]  [ reply ]
Re: PHP and SCRIPT_NAME variable 2006-02-23
Serg Belokamen (serg belokamen gmail com) (1 replies)
Re: PHP and SCRIPT_NAME variable 2006-02-23
Roman Medina-Heigl Hernandez (roman rs-labs com)
Re: PHP and SCRIPT_NAME variable 2006-02-21
contact eder-harald com
Hi,

as far as I know the elements of the $_SERVER array are filled by the webserver and therefore a manipulation through a php trick might by difficult.

From my opinion it will be easier to alter this values through a trick on the webserver for instance by using a bug in Apache but I do not know a

[ more ]  [ reply ]
PHP and SCRIPT_NAME variable 2006-02-20
Roman Medina-Heigl Hernandez (roman rs-labs com)
Hello,

Last week I was thinking about the possibility for an external attacker to
influence over the following PHP variable:
$_SERVER['SCRIPT_NAME']

The former variable contains the remote path (URI) to a PHP script, so if
for instance you access with a browser to:
http://<site>/aa/bb/cc/script.ph

[ more ]  [ reply ]
Re: shellcoding on gentoo 2006-02-20
Borja (padre correo ugr es) (4 replies)
Hi

Lot of ppl tell me that I did not proper zero the EAX register,so 3 MSB
of eax corrupt trapping the syscall, but Its OK.
I successfully run the shellcodes on a debian box,but in gentoo,allways
SEGFAULT.

There is it, a new log:

-----------------------------------------------------------------

[ more ]  [ reply ]
Re: shellcoding on gentoo 2006-02-22
security spinfoo net
Re: shellcoding on gentoo 2006-02-21
Mike Davis (mdavis imperfectnetworks com)
Re: shellcoding on gentoo 2006-02-21
DJ Ether (hostmaster ethericmist net)
Re: shellcoding on gentoo 2006-02-21
Mike Davis (mdavis imperfectnetworks com)
CALL FOR PAPER - SYSCAN'06 2006-02-18
organiser (at) syscan (dot) org [email concealed] (organiser syscan org)
*SyScan'06 CALL FOR PAPER*

***ABOUT SYSCANâ??06***
The Symposium on Security for Asia Network aims to be a very different
security conference from the rest of the security conferences that the
information security community in Asia has come to be so familiar and
frustrated with.
SyScanâ??06 inte

[ more ]  [ reply ]
BCS Asia 2006 - Call for Papers 2006-02-17
Jim Geovedi (jim geovedi com)

Bellua Cyber Security Asia 2006 Call for Papers - http://www.bellua.net

For the second consecutive year, the Bellua Cyber Security Asia 2006
Conference will bring together in Indonesia internationally
recognized experts in the security community as well as leading
members of the loca

[ more ]  [ reply ]
Re: Buffer Overrun Newbie 2006-02-13
Marco Ivaldi (raptor 0xdeadbeef info)
On Wed, 8 Feb 2006, James Longstreet wrote:

> If you have experience with Linux, or another Unix OS, I would suggest
> starting there. If you don't want to install Linux, you can even run it
> in Bochs, QEMU, VMWare, etc.

If you need some help on Linux/x86 exploitation, i suggest you to take a
l

[ more ]  [ reply ]
Re: shellcoding on gentoo 2006-02-07
nonexistent fake com
Try initializing the upper 3 MSB's of the eax register before trapping. This seems like a really common error amongst new shellcode writers. It's probably that eax has already been initalized with a value and you're only setting the LSB. Then when you trap the wrong (or completely invalid) systemcal

[ more ]  [ reply ]
Buffer Overrun Newbie 2006-02-05
gj_williams2000 yahoo co uk (2 replies)
I was messing about with my pc trying to learn how buffer overruns work
(mostly as an excuse to use assembler) and I have run into a problem.

The program I am exploiting is just a simple c program I wrote which
mismanages a string provided by the user by copying it into a 512 byte
variable on the s

[ more ]  [ reply ]
Re: Buffer Overrun Newbie 2006-02-08
James Longstreet (jlongs2 uic edu)
Re: Buffer Overrun Newbie 2006-02-06
Jason Royes (jroyes da-experts com)
Black Hat USA CFP opens, Europe early bird reminder, Federal news 2006-02-02
Jeff Moss (jmoss blackhat com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello Vuln Dev readers,

A bunch of announcements from Black Hat. It was easier to bundle them
all
together instead of send them out bit by bit, so everything from
Black
Hat Federal coverage to the CFP opening for the summer USA conference
is
included.

[ more ]  [ reply ]
Re: shellcoding on gentoo 2006-01-30
apriori dkc-clan de
I guess your function address is wrong, run "objdump /usr/lib/libc.so.5 -T | grep -w execve" to find the one for your system.

by the way: a much more reliable way to run system functions is to use systemcalls.
the respective number for each syscall can be found
with egrep "^#define __NR" /usr/inc

[ more ]  [ reply ]
(Page 17 of 75)  < Prev  12 13 14 15 16 17 18 19 20 21 22  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus