Hi list,

Does anyone know how to trigger the bug in Adobe Acrobat Reader for
Unix? I'm currently preparing a presentation on client-side vulnerabilites
and thought this weakness serves as a good example for Linux operating
systems.

thanks in advance
Martin

--
5 GB Mailbox, 50 FreeSMS http://www

[ more ]  [ reply ]

=================================================
(EARLY BIRD REGISTRATION ENDS July 11 -- Register Now!!)
(JUST ADDED: Panels on National Identity Cards and Packet Sniffing at
Conferences)

Register for the 14th USENIX Security Symposium July 31-August 5,
2005, Baltimore, MD

It happens here first

[ more ]  [ reply ]

TOORCON 2005 CALL FOR PAPERS - issued July 7th 2005

Papers and presentations are being accepted for ToorCon 2005 to be held
at the Convention Center in San Diego, CA on September 24th-26th. Please
email your submissions to cfp (at) toorcon (dot) org [email concealed], submissions will be accepted
until August 15th 2005.

AB

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

***Exploitation Challenge***

Covertsystems Research is seeking submissions for the successful
exploitation of a 2.6.x kernel based standard TCP/IP server...

http://www.covertsystems.org/challenges/csr-inject_v1.tgz

The server is a typical TCP/IP se

[ more ]  [ reply ]

> I am searching for some papers and helpful stuff (all I can get) about
> exploit coding in Perl.

Hey vuln-dev,

First of all, sorry for the extremely late reply: i've been far from the
Internet for a couple of weeks...

Amongst other stuff, you can find some basic examples of exploits written
in

[ more ]  [ reply ]

We are organizing an CTF-alike contest which might be of interest to
the readers of this group:

http://lufgi4.informatik.rwth-aachen.de/news/show/31

RWTH hosts international contest on IT-Security
The Laboratory for Dependable Distributed Systems at RWTH Aachen,
headed by Prof. Dr. Felix Freilin

[ more ]  [ reply ]

Hi there,

i would like to know if some of you have experience with exploitation of
PocketPCs and could give me some ways and tools (debugger...).
since some vulns come ( http://www.securityfocus.com/bid/13807 )
I know that writing a DLL (Fuser) is quite easy with eVC++ (Embedded), so a
"download

[ more ]  [ reply ]

I am currently in talks with Security Innovation about doing a product
review on their flagship product called Holodeck Enterpries Edition.
It is an interesting product that sets up a layer between defined APIs
(your strcpy's, etc) and lets you inject at will...

There is a review of a trial versio

[ more ]  [ reply ]

Hi,

I am working on a Win heap overflow that gives me control of eax and ecx and hence allows me to write a double word of memory to an arbitrary location...

I overwrite the SetUnhandledException filter with an address that will bounce me back to my shellcode.

the only problem is, that the unhand

[ more ]  [ reply ]

Hey VulDev,

I just wanted to let you know we got some new content on-line as well as a reminder about upcoming registration deadlines. Hope to see you there!

REMINDER: Register before July 1st to take advantage of the earlier pricing!
http://www.blackhat.com/html/bh-usa-05/bh-usa-05-index.html

S

[ more ]  [ reply ]

Jonas Yorg wrote:
> So I heard somewhere once that supposedly a buffer-overflowing program
> can jump back into the code it's exploiting in order to call some
> system call (after setting up the appropriate stack/register
> environment I would suppose). I think that whoever I read heard from
> was m

[ more ]  [ reply ]

As mentioned below Bugscan was sold to LogicLibrary and is not called
LogicScan. They are not selling Icebox as a product but they are selling
Inspector, which is kind of an integrator for Ollydbg and IDA Pro with
some plugins. Like Bugscan, really not cheap though. Halvar Flake will
have something

[ more ]  [ reply ]

So I heard somewhere once that supposedly a buffer-overflowing program
can jump back into the code it's exploiting in order to call some
system call (after setting up the appropriate stack/register
environment I would suppose). I think that whoever I read heard from
was maybe thinking of return to l

[ more ]  [ reply ]

> -----Original Message-----
> From: Julian Schweizer [mailto:julianschweizer (at) yahoo (dot) de [email concealed]]
> Sent: Monday, June 13, 2005 7:30 AM
> To: vuln-dev (at) securityfocus (dot) com [email concealed]
> Subject: Exploit development in Per
>
> Hi,
>
> I am searching for some papers and helpful stuff (all I can
> get) about exploit coding

[ more ]  [ reply ]

It all depends on how much money you are
willing to pay. There was something called Bugscan
and it was definitely not cheap from what i understand.
The program was originally developed
by the company called HBGary (the name
Greg Hoglund should ring the bell :-] ).
It seems like it was spun off into

[ more ]  [ reply ]

Hi,

I am searching for some papers and helpful stuff (all I can get) about
exploit coding in Perl.

Would you please recommend something??

Thanks,

Julian

___________________________________________________________
Gesendet von Yahoo! Mail - Jetzt mit 1GB S

[ more ]  [ reply ]

pod slurping
------------

I've written a report that explores an idea that has been known by the
security community for decades: physical security is important to
information system security.

A year ago a report was published by the Gartner Group warning that
iPods <http://www.apple.com/ipod/>

[ more ]  [ reply ]

Hi,

I discovered a NEW security hole / exploit in IE6 with SP2 and all the
latest security patches.

Overview of the exploit:

a.. Bug for all Microsoft Internet Explorer users
b.. Can be abused by hackers to run harmful JavaScript code and can be
abused to mislead existing protection aga

[ more ]  [ reply ]

heya,
Last night I thought to play a bit with Outlook. So
started flooding
the To: field in outlook 2000. It can take upto a max
of 62000 alphabets
as input, and when I tried only with around 30000
alphabets it was
crashing the box. I thought it as some machine
specific problem so tried
the same

[ more ]  [ reply ]

hi all,
something like bugscam, but more functional?

[ more ]  [ reply ]

Hello,

I'm looking for a security contact at Citrix. Anyone?

Thanks,

Eyal Udassin - Swift Coders
POB 1596 Ramat Hasharon, 47114
972+547-684989
eyal (at) swiftcoders (dot) com [email concealed]

[ more ]  [ reply ]

In-Reply-To: <20050526113825.537.qmail (at) www.securityfocus (dot) com [email concealed]>

read this:
http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/027147.h
tml
=======================
void Encode2AlnumUsage()
{
fprintf(stderr, ENC2ALNUM_COPYRIGHT);
fprintf(stderr, "ERROR in Encode2Alnum (invalid input_reg)\

[ more ]  [ reply ]

Here are some ideas that I have read about but never tested, although they
might be worth exploring.

If you know the offset of your jmp instruction you might be able to get away
with adding or subtracting from it to get the value you need.

You can also try an ASCII shellcode encoder such as the on

[ more ]  [ reply ]