Colapse all |
Post message
Re: [framework] Help whit EXITFUNC 2005-09-12 mmiller hick org On Mon, Sep 12, 2005 at 02:06:30PM -0400, Hugo Vinicius Garcia Razera wrote: > Hi every one, I would like to now if any one can help me whit this little > problem. > > > > I'm trying to use the win32_bind shell code that come whit the metasploit > Framework in one exploit that I'm writing in c++ [ more ] [ reply ] "tinyurl" url masking 2005-09-10 Lincoln Yeoh (lyeoh pop jaring my) (1 replies) Hi, Background: A number of sites allow minimally controlled 3rd parties to post links to images which other 3rd parties can view, and the only filtering used is some pattern matching to ensure that a url has the "correct" extension. However such filtering has problems if the "image" url actuall [ more ] [ reply ] Snort <= 2.4.0 SACK TCP Option Error Handling 2005-09-11 "A. Alejandro Hernández" (nitrous vulnfact com) Snort <= 2.4.0 SACK TCP Option Error Handling Package: Snort 2.4.0 (And previous versions) Vendor url: http://www.snort.org Class: Error Handling Exceptional Conditions Risk: High Credits: A. Alejandro Hernández Hernández Contact: nitrous[at]vulnfact[dot]com *BACKGROUND* Snort is an open sour [ more ] [ reply ] MS05-039 2005-09-09 A A (hd78432 yahoo com) (2 replies) The HOD exploit for ms05-39 has been tested on windows 2000 sp4. Based upon the comments in the machine code for the rpc call I am assuming the return address for the buffer overflow to be 0x767a1567. Is this memory address the return address for the buffer overflow? If it is the case that thi [ more ] [ reply ] Re: Linux free software auditing 2005-09-02 Mauro Flores (almauri cs com uy) Ups! Now I'm reading the second part of your mail (sorry, I'm doing multitasking here :). I don't know any good tool to analyze software security, when I have to do that kind of work I basically do this: - Build a fast schema of the objects/functions dependencies and functionalities identifien the [ more ] [ reply ] Re: Linux free software auditing 2005-09-02 Mauro Flores (almauri cs com uy) This was published by CERT. I sometimes uses it as a guideline. http://www.cert.org/tech_tips/usc20_full.html regards, Mauro Flores On Wed, 2005-08-31 at 12:52 +0000, anceky (at) yahoo.com (dot) br [email concealed] wrote: > Can anyone tell me some references (sites, articles) about Linux free software auditing ? > > I need [ more ] [ reply ] Re: Linux free software auditing 2005-09-02 Mauro Flores (almauri cs com uy) You can use Bastille linux as a security auditing tool. Use the -a option. You can also take a look at http://www.cisecurity.org/bench_linux.html, but above all, found a person that knows Linux Security. The tools are just a help and can't replace human knowledge :) regards, Mauro Flores On Wed, 2 [ more ] [ reply ] RE: Linux free software auditing 2005-09-01 Ronen Gottlib (ronen xpert com) Hi. You can check the Center for Internet Security, www.cisecurity.com. They have great benchmarks/tools, among them for Linux too. --Snip-- CIS_RHLinux_Benchmark_v1.0.3.pdf - the Benchmark document contains detailed instructions for implementing the steps necessary for CIS Level-I security on [ more ] [ reply ] Xcon2005 papers released 2005-08-29 alert7 (alert7 xfocus org) hi all: Xcon2005 closed successful on Aug 20th, 2005 Those papers released in http://xcon.xfocus.org/ Chinese version papers in http://xcon.xfocus.net/ Hacking Windows CE..............................................-- by San Windows Kernel Pool Overflow Exploitation ......................-- by [ more ] [ reply ] Windows Multi-Languages OPcodes DB 2005-08-26 Jerome Athias (jerome athias free fr) (2 replies) Hi, as you probably all know, Windows DLLs have different base addresses across Windows/SP/languages so i think it could be usefull to try to build a multi-lang opcodes database, isn't it? so, i have done VERY QUICKLY a little package based on a .BAT and some tools : Files included in the package [ more ] [ reply ] 22nd Chaos Communication Congress 2005: Call for Papers 2005-08-26 fukami (fukami berlin ccc de) Call for Papers 22C3 - Private Investigations 22nd Chaos Communication Congress December 27th to 30th, 2005 Berlin, Germany http://www.ccc.de/congress/2005/ Overview ======== The 22nd Chaos Communication Congress (22C3) is a four-day conference on technology, society and utopia. The Congress o [ more ] [ reply ] osx bugs in realplayer, grapher, and garage band 2005-08-25 new security gmail com a couple of bugs i found in os x applications: real player for os x: _______________________________ realplayer's proxy preference contains an overflow when filled with a large string of characters. gdb output: Program received signal EXC_BAD_ACCESS, Could not access memory. Reason: KERN_INVALID_AD [ more ] [ reply ] ToorCon 7 Lineup Finalized & Pre-Registration Ending 2005-08-20 h1kari (at) toorcon (dot) org [email concealed] (h1kari toorcon org) TOORCON 7 LINEUP FINALIZED & PRE-REGISTRATION ENDING ToorCon 7 has finalized its speaker lineup with over 30 talks spanned across 2 days. ToorCon will be taking place this year at the San Diego Convention Center on September 16th-18th. ABOUT TOORCON ToorCon is just around the corner again this ye [ more ] [ reply ] Exploiting heap overflows on XP SP2 2005-08-18 nicolas falliere gmail com Hi, I describe a new way to exploit heap-based buffer overflows in the following paper: http://www.packetstormsecurity.com/papers/bypass/bypassing-win-heap-prot ections.pdf Basically, one can use critical section related linking structures stored on the process?s default heap to produce a n*4-byte [ more ] [ reply ] Advice On FireFox Bug 2005-07-30 John Cobb (johnc nobytes com) (1 replies) Hello All, After the recent increase of Internet Browser exploits I couldn't help but give it a quick play. After a bit of playing I found a bug with the latest version of FireFox which seems to work on Win2K & WinXP. I believe the bug to be with one of the plugins but since im not a coder/reverse [ more ] [ reply ] font book crash os x 2005-07-31 new security gmail com font book allows users to add new "collections" of fonts with a name of thier choice. When the name of the collection is a very very very large string of characters it crashes. here is the gdb output: _____________________________________________________________ (gdb) run Starting program: /Applica [ more ] [ reply ] CSR: challenge update... 2005-07-23 Steven Hill (steve covertsystems org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ***Exploitation Challenge*** Submissions for the CSR challenge have trickled in, one by one. With some submissions containing a satisfactory exploit that meet the demands for successful exploitation of csr-inject_v1.tgz ... It appears that a rando [ more ] [ reply ] Re: CSR: Exploitation Challenge 2005-07-20 supers0nic redwhitearmy com Is it really possible? I compiled it, and for ex, looking for the address of printf. However gdb said: gdb> p printf $2 = {<text variable, no debug info>} 0xb7e93758 <printf> gdb> actually its address varies according to the application even if it's dynamically linked. Or am I missing a point [ more ] [ reply ] Stack-Based Buffer Overflow in Sybase EAServer 4.2.5 to 5.2 2005-07-15 SPI Labs (spilabs spidynamics com) Stack-Based Buffer Overflow in Sybase EAServer 4.2.5 to 5.2 ----------------------------------------------------------- Release Date: July 15 2005 Severity: Medium A vulnerability has been discovered in Sybase EAServer. If exploited, this can result in user-specified code being executed under the [ more ] [ reply ] ASP.NET RCP/Encoded Web service DOS 2005-07-11 SPI Labs (spilabs spidynamics com) ASP.NET RCP/Encoded Web service DOS http://www.spidynamics.com/spilabs/advisories/aspRCP.html Release Date: July 11, 2005 Severity: High [System Affected] * IIS Servers exposing ASP.NET Web services that consume arrays in RCP/Encoded mode * Applications using System.Xml.Serialization to consume un [ more ] [ reply ] PacSec/core05 Call For Papers 2005-07-12 Dragos Ruiu (dr kyx net) English url: http://pacsec.jp/speakers.html?LANG=ENGLISH Japanese url: http://pacsec.jp/speakers.html?LANG=JAPANESE PacSec/core05 CALL FOR PAPERS World Security Pros To Converge on Japan November 15/16 TOKYO, Japan -- To address the increasing importance of information security in Japan, the b [ more ] [ reply ] |
Privacy Statement |
>Which shows that Gmail (which I use to write this email) is badly
>designed, logout should be used via a POST only...
Well I prefer to use url/form "signing" for certain actions in some of my
webapps.
Fake example:
http://somewhere.null/webapp?do=transfer&src=1234&dst=5678&amt=5551&sig=
ac36d415
[ more ] [ reply ]