Colapse all |
Post message
Announcing PAKCON II 2005-04-17 [fz] (fz pakcon org) A N N O U N C I N G P A K C O N II The Pakistan's Underground Hacking Convention http://www.pakcon.org [ theme ] We are proud to PAKCON II, an underground hacking convention held annually in Pakistan. In an age where information is treasure and the treasure house is the virtual network, securi [ more ] [ reply ] MS05-021 Microsoft Exchange X-LINK2STATE Heap Overflow PoC 2005-04-19 Evgeny Pinchuk (EvgenyP Radware com) Vulnerability Details ===================== The vulnerability is a heap overflow in SvrAppendReceivedChunk function which is located in xlsasink.dll. When transmitting large chunks with X-LINK2STATE verb it is possible to overflow the heap and perform arbitrary memory write in RtlAllocateHeap functi [ more ] [ reply ] IBM WebSphere Widespread configuration JSP disclosure 2005-04-13 SPI Labs (spilabs spidynamics com) IBM WebSphere Widespread configuration JSP disclosure Release Date: 04/13/2005 Severity: High [Systems Affected] * IBM WebSphere Application 6 and prior. [Description] The practice of sharing the document root of the app server within the document root of the web server creates a security exposu [ more ] [ reply ] Any way to automatically change arbitrary headers of IP packets on-the-fly? 2005-04-11 João Paulo Caldas Campello (protecao gmail com) (2 replies) Hi, Does anybody know any userland tool, Linux kernel module, iptables/netfilter module, or whatever mechanism to change arbitrary headers of IP packets on-the-fly as long as they traverse the IP stack? Is there any known paper regarding this subject? The whole story is that I'm doing some r [ more ] [ reply ] Re: Any way to automatically change arbitrary headers of IP packets on-the-fly? 2005-04-14 Valdis Kletnieks vt edu (1 replies) Re: Any way to automatically change arbitrary headers of IP packets on-the-fly? 2005-04-15 João Paulo Caldas Campello (protecao gmail com) Re: Any way to automatically change arbitrary headers of IP packets on-the-fly? 2005-04-13 Foundation Linux (webmaster foundationlinux com) OSVDB Recognized as 501(c)3 Non-Profit Organization 2005-04-10 jkouns (jkouns opensecurityfoundation org) OSVDB Recognized as 501(c)3 Non-Profit Organization The Open Source Vulnerability Database, a project to catalog and describe the world's security vulnerabilities, has continued to focus on improving database content and increasing services offered to the security community. Since the official [ more ] [ reply ] pwdx argv buffer overflow vulnerability 2005-04-12 Imran Ghory (imranghory gmail com) [posting to vuln-dev as while the program isn't setuid, other programs which rely on it may be running as root may inherit it's vulnerability. A patch for this vuln has been submited to the maintainer of the Procps package.] ================================ pwdx argv buffer overflow vulnerability = [ more ] [ reply ] [WHITEPAPER] Bugger The Debugger 2005-04-11 Brett Moore (brett moore security-assessment com) Bugger The Debugger - Pre Interaction Debugger Code Execution The use of debuggers to analyse malicious or otherwise unknown binaries has become a requirement for reverse engineering executables to help determine their purpose. While researchers in places such as anti-virus laboratories have alwa [ more ] [ reply ] PullThePlug Wargames 2005-04-05 announcements pulltheplug org PullThePlug.org is a community aimed at nurturing the growth and development of the information security field through community-wide research and development projects, lectures and wargame servers. Rather than taking the usual approach of hands-off documentation, PullThePlug emphasizes education a [ more ] [ reply ] Re: Scanner 2005-04-01 Vicky Rode (vicky rode gmail com) comments in-line: Matt wrote: > So let me get this straight... > > So what you want to do is go through someone's SOA (Start of > Authority) and search for just keywords that you choose in order to > find all sites containing those keywords? ----------------- i just want to search for domain name [ more ] [ reply ] RE: Scanner 2005-03-28 Stejerean, Cosmin (cstejere cti depaul edu) I don't know if I follow your logic. You want to find a list of all the sites with a certain keyword in the domain name to block them with a filter application? A better approach might be to analyze the requested URL and see if it contains any "bad" keywords. Well, for whatever reason you want to do [ more ] [ reply ] RUXCON 2005 Call for Papers 2005-03-22 cfp ruxcon org au (RUXCON Call for Papers) Call For Papers RUXCON would like to announce the call for papers for the third annual RUXCON conference. Breaking from the RUXCON tradition of having the conference in winter months, this year the conference will be ran during the 1st and 2nd of October. As with previous years, RUXCON will be [ more ] [ reply ] Black Hat Briefings & Trainings: Registration now open! 2005-03-22 Jeff Moss (jmoss blackhat com) Dear past Black Hat attendee, I would like to make some brief announcements regarding upcoming Black Hat events. Our European show is coming to Amsterdam, March 31-April 1. Our on-line registration will be closing this Thursday, March 24. If you wish to register after March 24, you must register o [ more ] [ reply ] RE: calling all software security tool vendors/freeware/open source project leads 2005-03-14 Evans, Arian (Arian Evans fishnetsecurity com) Kyle, the big answer is: [comments inline] > -----Original Message----- > From: Kyle Quest [mailto:Kyle.Quest (at) networkengines (dot) com [email concealed]] > Sent: Sunday, March 13, 2005 2:04 PM > To: Evans, Arian; secprog (at) securityfocus (dot) com [email concealed]; > Subject: RE: calling all software security tool vendors/freeware/open > > the bi [ more ] [ reply ] Clarification to: -->calling all software security tool vendors/freeware/open source project leads 2005-03-13 Evans, Arian (Arian Evans fishnetsecurity com) On Friday my admittedly small mind produced the email included below, which has resulted in a lot of well-meaning replies not in the area I am looking for. The problem is that I declined to provide a translation key for my ambiguous terminology. "Software Security Tools" = "Software tools to test o [ more ] [ reply ] calling all software security tool vendors/freeware/open source project leads 2005-03-11 Evans, Arian (Arian Evans fishnetsecurity com) If you are a vendor of a software security tool, fault injection, binary analysis, source code analysis, blah-foo, etc., please contact me if we haven't spoken already. I am finalizing a comprehensive list and doing a final check to make sure I've accounted for all the software security tool vendor [ more ] [ reply ] Security Masters Dojo 2005-03-11 Dragos Ruiu (dr kyx net) (The registration for this training is now on-line. I thought it would be of interest to readers of this list. --dr) CanSecWest Security Masters Dojo ---------------------------------------- Dates: Morning/Afternoon May 3 and Morning May 4 (Immediately preceeding CanSecWest/core05) Venu [ more ] [ reply ] Hosting Controller Multiple Unauthenticated information disclose 2005-03-07 small mouse (small mouse gmail com) Scanner 2005-03-03 Vicky Rode (vicky rode gmail com) (1 replies) Hi there, Just wondering if there is any way I could use a scanner (I have a home grown script for this) that would go thru the DNS registries from some public source, scan for keywords in the domain name. Will appreciate if someone can point me in the right direction. regards, /vicky [ more ] [ reply ] Re: Scanner 2005-03-25 Alexander Chamandy (envescent gmail com) (1 replies) Re: Scanner 2005-03-25 Vicky Rode (vicky rode gmail com) (1 replies) WASC-Articles: 'The Insecure Indexing Vulnerability - Attacks Against Local Search Engines' By Amit Klein 2005-02-28 robert webappsec org The Web Application Security Consortium is proud to present 'The Insecure Indexing Vulnerability - Attacks Against Local Search Engines' written by Amit Klein. In this article Amit discusses the risks associated with using a local search engine that indexes its content locally. This document can [ more ] [ reply ] Re: Taking the control by abusing array index. 2005-02-22 Vade 79 (v9 fakehalo deadpig org) In-Reply-To: <421971E1.4030107 (at) gmail (dot) com [email concealed]> >that it does something like this > >pointer_array[unsigned_int] = malloc(....); that is a bit vague, do you have complete control of the "unsigned_int" or is it an incremental-style control?...what is pointer_array?...what is the code leading up to this?. [ more ] [ reply ] |
Privacy Statement |
Papers and presentations are now being accepted for PAKCON II, Pakistan's
Underground Hacking Convention.
WHAT: PAKCON II Call for Papers.
WHEN: Starting today, 17 April, 2005, and closing on 15 August, 2005.
WHO: If you want to speak at PAKCON, you know who you are.
HOW
[ more ] [ reply ]