Vuln Dev Mode:
(Page 24 of 75)  < Prev  19 20 21 22 23 24 25 26 27 28 29  Next >
Call for Papers : PAKCON II 2005-04-17
[fz] (fz pakcon org)
[ CALL FOR PAPERS ]

Papers and presentations are now being accepted for PAKCON II, Pakistan's
Underground Hacking Convention.

WHAT: PAKCON II Call for Papers.

WHEN: Starting today, 17 April, 2005, and closing on 15 August, 2005.

WHO: If you want to speak at PAKCON, you know who you are.

HOW

[ more ]  [ reply ]
Announcing PAKCON II 2005-04-17
[fz] (fz pakcon org)

A N N O U N C I N G P A K C O N II
The Pakistan's Underground Hacking Convention
http://www.pakcon.org

[ theme ]

We are proud to PAKCON II, an underground hacking convention held annually
in Pakistan.

In an age where information is treasure and the treasure house is the
virtual network, securi

[ more ]  [ reply ]
MS05-021 Microsoft Exchange X-LINK2STATE Heap Overflow PoC 2005-04-19
Evgeny Pinchuk (EvgenyP Radware com)
Vulnerability Details
=====================
The vulnerability is a heap overflow in SvrAppendReceivedChunk function
which is located in xlsasink.dll.
When transmitting large chunks with X-LINK2STATE verb it is possible to
overflow the heap and perform arbitrary memory write in RtlAllocateHeap
functi

[ more ]  [ reply ]
IBM WebSphere Widespread configuration JSP disclosure 2005-04-13
SPI Labs (spilabs spidynamics com)
IBM WebSphere Widespread configuration JSP disclosure

Release Date: 04/13/2005
Severity: High

[Systems Affected]
* IBM WebSphere Application 6 and prior.

[Description]

The practice of sharing the document root of the app server within the
document
root of the web server creates a security exposu

[ more ]  [ reply ]
Any way to automatically change arbitrary headers of IP packets on-the-fly? 2005-04-11
João Paulo Caldas Campello (protecao gmail com) (2 replies)
Hi,

Does anybody know any userland tool, Linux kernel module,
iptables/netfilter module, or whatever mechanism to change arbitrary
headers of IP packets on-the-fly as long as they traverse the IP
stack? Is there any known paper regarding this subject?

The whole story is that I'm doing some r

[ more ]  [ reply ]
Re: Any way to automatically change arbitrary headers of IP packets on-the-fly? 2005-04-14
Valdis Kletnieks vt edu (1 replies)
Re: Any way to automatically change arbitrary headers of IP packets on-the-fly? 2005-04-15
João Paulo Caldas Campello (protecao gmail com)
Re: Any way to automatically change arbitrary headers of IP packets on-the-fly? 2005-04-13
Foundation Linux (webmaster foundationlinux com)
OSVDB Recognized as 501(c)3 Non-Profit Organization 2005-04-10
jkouns (jkouns opensecurityfoundation org)
OSVDB Recognized as 501(c)3 Non-Profit Organization

The Open Source Vulnerability Database, a project to catalog and
describe the world's security vulnerabilities, has continued to focus on
improving database content and increasing services offered to the
security community.

Since the official

[ more ]  [ reply ]
pwdx argv buffer overflow vulnerability 2005-04-12
Imran Ghory (imranghory gmail com)
[posting to vuln-dev as while the program isn't setuid, other programs
which rely on it may be running as root may inherit it's
vulnerability. A patch for this vuln has been submited to the
maintainer of the Procps package.]

================================
pwdx argv buffer overflow vulnerability
=

[ more ]  [ reply ]
[WHITEPAPER] Bugger The Debugger 2005-04-11
Brett Moore (brett moore security-assessment com)
Bugger The Debugger
- Pre Interaction Debugger Code Execution

The use of debuggers to analyse malicious or otherwise unknown binaries
has become a requirement for reverse engineering executables to help
determine their purpose.

While researchers in places such as anti-virus laboratories have alwa

[ more ]  [ reply ]
Computer Security Mexico 2005 2005-04-11
Seguridad en Computo - UNAM (seguridad seguridad unam mx)
-----BEGIN PGP SIGNED MESSAGE-----

========================================================================

Computer Security Mexico 2005

Palacio de Mineria
May 26th - May 27th, 2005

Mexico City, Mexico

====================

[ more ]  [ reply ]
PullThePlug Wargames 2005-04-05
announcements pulltheplug org
PullThePlug.org is a community aimed at nurturing the growth and
development of the information security field through community-wide
research and development projects, lectures and wargame servers.

Rather than taking the usual approach of hands-off documentation,
PullThePlug emphasizes education a

[ more ]  [ reply ]
Re: Scanner 2005-04-01
Vicky Rode (vicky rode gmail com)
comments in-line:

Matt wrote:
> So let me get this straight...
>
> So what you want to do is go through someone's SOA (Start of
> Authority) and search for just keywords that you choose in order to
> find all sites containing those keywords?
-----------------
i just want to search for domain name

[ more ]  [ reply ]
dnsmasq <2.21 off-by-one 2005-03-29
Alex (alex00882007 gmail com)
Yesterday I claimed the off-by-one vulnerability is not remotely
exploitable. It is. Anyone that leases from dnsmasq can take advantage
of two off-by-ones. Then when the lease file is read dnsmasq may
crash.

[ more ]  [ reply ]
RE: Scanner 2005-03-28
Stejerean, Cosmin (cstejere cti depaul edu)
I don't know if I follow your logic. You want to find a list of all the
sites with a certain keyword in the domain name to block them with a
filter application? A better approach might be to analyze the requested
URL and see if it contains any "bad" keywords. Well, for whatever reason
you want to do

[ more ]  [ reply ]
RUXCON 2005 Call for Papers 2005-03-22
cfp ruxcon org au (RUXCON Call for Papers)
Call For Papers

RUXCON would like to announce the call for papers for the third annual RUXCON
conference.

Breaking from the RUXCON tradition of having the conference in winter months,
this year the conference will be ran during the 1st and 2nd of October.

As with previous years, RUXCON will be

[ more ]  [ reply ]
Black Hat Briefings & Trainings: Registration now open! 2005-03-22
Jeff Moss (jmoss blackhat com)
Dear past Black Hat attendee,

I would like to make some brief announcements regarding upcoming Black Hat events.

Our European show is coming to Amsterdam, March 31-April 1. Our on-line registration will be closing this Thursday, March 24. If you wish to register after March 24, you must register o

[ more ]  [ reply ]
RE: calling all software security tool vendors/freeware/open source project leads 2005-03-14
Evans, Arian (Arian Evans fishnetsecurity com)
Kyle, the big answer is: [comments inline]

> -----Original Message-----
> From: Kyle Quest [mailto:Kyle.Quest (at) networkengines (dot) com [email concealed]]
> Sent: Sunday, March 13, 2005 2:04 PM
> To: Evans, Arian; secprog (at) securityfocus (dot) com [email concealed];
> Subject: RE: calling all software security tool vendors/freeware/open
>
> the bi

[ more ]  [ reply ]
Clarification to: -->calling all software security tool vendors/freeware/open source project leads 2005-03-13
Evans, Arian (Arian Evans fishnetsecurity com)
On Friday my admittedly small mind produced the email included below,
which has resulted in a lot of well-meaning replies not in the area I
am looking for. The problem is that I declined to provide a translation
key for my ambiguous terminology.

"Software Security Tools" = "Software tools to test o

[ more ]  [ reply ]
calling all software security tool vendors/freeware/open source project leads 2005-03-11
Evans, Arian (Arian Evans fishnetsecurity com)
If you are a vendor of a software security tool, fault injection,
binary analysis, source code analysis, blah-foo, etc., please
contact me if we haven't spoken already.

I am finalizing a comprehensive list and doing a final check
to make sure I've accounted for all the software security
tool vendor

[ more ]  [ reply ]
Security Masters Dojo 2005-03-11
Dragos Ruiu (dr kyx net)
(The registration for this training is now
on-line. I thought it would be of interest to
readers of this list. --dr)

CanSecWest Security Masters Dojo
----------------------------------------

Dates: Morning/Afternoon May 3 and Morning May 4
(Immediately preceeding CanSecWest/core05)

Venu

[ more ]  [ reply ]
Hosting Controller Multiple Unauthenticated information disclose 2005-03-07
small mouse (small mouse gmail com)
-= Security Advisory =-

Advisory Information
-------------------------

Software Package : Hosting Controller
Vendor Homepage : http://www.hostingcontroller.com
Platforms : Windows based servers
Vulnerability : Multiple Unauthenticated informati

[ more ]  [ reply ]
Scanner 2005-03-03
Vicky Rode (vicky rode gmail com) (1 replies)
Hi there,

Just wondering if there is any way I could use a scanner (I have a home
grown script for this) that would go thru the DNS registries from some
public source, scan for keywords in the domain name.

Will appreciate if someone can point me in the right direction.

regards,
/vicky

[ more ]  [ reply ]
Re: Scanner 2005-03-25
Alexander Chamandy (envescent gmail com) (1 replies)
Re: Scanner 2005-03-25
Vicky Rode (vicky rode gmail com) (1 replies)
Re: Scanner 2005-03-28
J. Oquendo (root nullrouted us) (1 replies)
Re: Scanner 2005-03-28
Vicky Rode (vicky rode gmail com)
WASC-Articles: 'The Insecure Indexing Vulnerability - Attacks Against Local Search Engines' By Amit Klein 2005-02-28
robert webappsec org
The Web Application Security Consortium is proud to present 'The Insecure Indexing
Vulnerability - Attacks Against Local Search Engines' written by Amit Klein. In
this article Amit discusses the risks associated with using a local search engine
that indexes its content locally.

This document can

[ more ]  [ reply ]
Re: Taking the control by abusing array index. 2005-02-22
Vade 79 (v9 fakehalo deadpig org)
In-Reply-To: <421971E1.4030107 (at) gmail (dot) com [email concealed]>

>that it does something like this
>
>pointer_array[unsigned_int] = malloc(....);

that is a bit vague, do you have complete control of the "unsigned_int" or is it an incremental-style control?...what is pointer_array?...what is the code leading up to this?.

[ more ]  [ reply ]
(Page 24 of 75)  < Prev  19 20 21 22 23 24 25 26 27 28 29  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus