Colapse all |
Post message
Cause of MS SSL DoS attack 2005-11-28 SanjayR (sanjayr intoto com) (1 replies) Hi All; I am trying to understand the main cause of DoS for MS SSL vulnerability (MS04-011, CAN-2004-0120). Everywhere, I get one information that specially malformed SSL messages can cause DoS, but what exactly is causing the DoS is not mentioned. After seeing the exploit code, I could see tha [ more ] [ reply ] Randomized Stack 2005-11-23 veider ank-pki ru (1 replies) Hello, All! I am trying to exploit a stack based overflow on a system with stack randomization. Knowing function addresses with "objdump -D" I am able to run thouse functions. I've read phrack article about bypassing PaX ASLR, but there the author is able to control function arguments that is impos [ more ] [ reply ] Exploiting the Stack (Part I-IV) 2005-11-22 Nish securityfocus com, "[at]" securityfocus com,securitycompass securityfocus com, "[dot]" securityfocus com,com securityfocus com All four articles on wrting stack overflow on windows has been released on Security Compass website. The articles and the code used in them can be accessed through Security Compass's web site at http://www.securitycompass.com/Case%20Studies.htm. Comments and suggestions about the articles can be [ more ] [ reply ] (CORRECTION) memory leak and eventual DOS when calling UPNP getdevicelist on windows 2000 server 2005-11-14 WINNY THOMAS (winnymthomas yahoo com) Hi, There is a slight mistake in the code. on line number 146 you will see "\x00\x00\x00\x00" //This is what kills the target. \x00\x00\x00\x00 is safe Change that line to "\x10\x10\x10\x10" //This is what kills the target. \x00\x00\x00\x00 is safe and then you will see the memory usage s [ more ] [ reply ] memory leak and eventual DOS when calling UPNP getdevicelist on windows 2000 server 2005-11-14 WINNY THOMAS (winnymthomas yahoo com) /* * Author: Winny Thomas * Nevis Labs, Pune, INDIA * * Details: * While working on the exploit for MS05-047 i came across a condition where * a specially crafted request to upnp_getdevicelist would cause * services.exe to consume memory to a point where the target machines virtual [ more ] [ reply ] Stack Overflow Basics 2005-11-03 Nish securityfocus com, "[a-t]" securityfocus com,security securityfocus com, compass securityfocus com,dot securityfocus com, com securityfocus com Hi, Some articles on Writing Stack Based Overflows for Windows has been released by securitycompass. The articles released this week introduce basic concepts of of memory management, and assembly. Next week the next two articles will be released which cover writling local exploits, writing shellco [ more ] [ reply ] Black Hat Federal and Europe CFP and Registration now open 2005-11-03 Jeff Moss (jmoss blackhat com) Hello VulnDev readers, things have been busy at Black Hat, and I would like to make some brief announcements about our Call For Papers (CFP), Registration, Pod casts, and legal battles. BLACK HAT FEDERAL 2006 Trainings and Briefings January 23rd to the 26th Sheraton Crystal City, Washington D.C. - [ more ] [ reply ] RE: Re: Vulnerability Buyer Company 2005-10-31 Evans, Arian (Arian Evans fishnetsecurity com) If one parses the text of the Digital Armaments website with the various texts of the yahoo email sender, there are some very obvious spelling and syntax similarities. ;) Nice try though; normally I can tell which widget vendor is socially-engineering the various lists from webmail accounts by the [ more ] [ reply ] EUSecWest/London Call for Papers and PacSec/Tokyo announcements 2005-11-01 Dragos Ruiu (dr kyx net) url: http://eusecwest.com url: http://pacsec.jp (PacSec/Tokyo Announcement below...) EUSecWest/core06 CALL FOR PAPERS -------------------------------- London Security Summit February 20/21 2006 LONDON, United Kingdom -- Applied technical security will be the focus of a new annual conference fro [ more ] [ reply ] Re: Re: Vulnerability Buyer Company 2005-10-31 dave_endler 3Com com Hi there, With regards to the Zero Day Initiative, every monetary offer we have made so far has been accepted. It's also interesting that we have no record of you in our researcher list. Either this is poorly disguised digitalarmaments self-plug or you need to check our PGP key to ensure you are t [ more ] [ reply ] New List 2005-10-31 Dave McKinney (dm securityfocus com) Objective The primary objective of the Beta-Announce list is to provide the SecurityFocus community access to upcoming security tool and product beta trials. In the same vein it will provide access to tool authors and vendors to announce their beta programs and get valuable feedback from the commu [ more ] [ reply ] Re: Re: Vulnerability Buyer Company 2005-10-30 mpycube yahoo com thanks for the answers. at the end i sent the vulnerability both to - www.zerodayinitiative.com - www.digitalarmaments.com and the offer of the second one was much higher. so i decided to work with them. paymenth fast and as concorded and i also got some credit to get in future some stock's option [ more ] [ reply ] Question on new umpnpmgr wsprinfW buffer overflow 2005-10-29 A A (hd78432 yahoo com) I have downloaded the available exploit for the latest buffer overflow for umpnpmgr.dll available on the net. Running the code umpnp_poc.c compiled out of the box run against a windows xp sp1 box does not appear to do anything. I have attached windbg to the services process , and when I execute t [ more ] [ reply ] Multiple vulnerabilities within RockLiffe MailSite Express WebMail 2005-10-28 Paul Craig (paul craig security-assessment com) ======================================================================== = Multiple vulnerabilities within RockLiffe MailSite Express WebMail = = Also available online at = http://www.security-assessment.com/Advisories/Rockliffe_Express_Webmail_ Vuln erabilities.pdf = = Vendor Website: = http://www [ more ] [ reply ] Re: problem in rewrite RET address in Buffer OverFlow 2005-10-26 behrang hat-squad com You should find all imported DLLs by the vulnerable program and then do a search for required opcode (in this case jmp esp) to find memory addresses that dose not contain NULLs. In the case of no suitable address , then you should think about using other possible methods like SEH exploitation or ret [ more ] [ reply ] problem in rewrite RET address in Buffer OverFlow 2005-10-25 Mani 682001 gmail com (1 replies) hi list i Work for writing one local exploit so i want to rewrite RET address with EIP(some where My NOP and Shellcode is there) but i have a problem in this. the EIP address is 002F77E1 if you pay some attension you can see first byte is "00" and if i put it in my String in my exploit C/C++ think i [ more ] [ reply ] Vulnerability Assesment tools(Vuln testing tools) 2005-10-24 shyaam gmail com (2 replies) MS05-047 remote DOS (exploit code attached; compiles on linux) 2005-10-24 WINNY THOMAS (winnymthomas yahoo com) /* Program: Denial of Service attack for MS UMPNPMGR PNP_GetDeviceList * Author: Winny Thomas * Vulnerability: no length checking on passed parameter to PNP_GetDeviceList in UMPNPMGR.dll * Note: The code crashes services.exe on the target, effectively bringing down the target against which its r [ more ] [ reply ] |
Privacy Statement |
Reported December 5th, 2005
Introduction
------------
In this advisory we will be detailing some very recent holes in the Myspace.com web-application. If you are not
familiar with Myspace there is much information about the in
[ more ] [ reply ]