Colapse all |
Post message
Help on hardware flaws 2004-09-23 Suroop sum22+ (at) pitt (dot) edu [email concealed] (sum22+ pitt edu) (1 replies) New XSS vulnerabilities in paFileDB 3.1 final 2004-09-22 alireza hassani (trueend5 yahoo com) Another XSS Vulnerability has been found in paFileDB! paFileDB is designed to allow webmasters have a database of files for download on their site. Vulnerable: Software: email & category & file paFileDB modules Just Tested on: paFileDB 3.1 Final , but likely works on another versions. Exploit [ more ] [ reply ] Multiple Vulnerabilities in Symantec Enterprise Firewall/Gateway Security Products 2004-09-22 Mike Sues (msues rigelksecurity com) And More Advanced SQL Injection... 2004-09-20 Stefano Di Paola (stefano dipaola wisec it) Good morning, I'm proud to announce that a new White Paper has been released. English version can be downloaded on : http://www.wisec.it/docs.php Title: "...and More Advanced Sql Injection SiXSS, SiHRS and the Client Side SQL Injection" Abstract: How much a Sql Injection is a hard vulnerability? I [ more ] [ reply ] FreeBSD shellcode 2004-09-19 Joshua Davis (jdavis transient-iss com) (1 replies) Hi. I developed some simple shellcode and sent it to my FreeBSD box along with a custom format string to exploit Qpop 2.53. When the shellcode didn't work and GDB reported 'illegal instruction', I compared and contrasted. To my suprise, Qpop or FreeBSD had taken the bytes 0x80, 0x88, and 0x [ more ] [ reply ] Problem with keyboard forwarding to cmd.exe shellcode 2004-09-14 Berend-Jan Wever (skylined edup tudelft nl) (1 replies) Hi guys, I'm working on a "shellcode client" that'll forward I/O to a cmd.exe shellcode on a remote computer. I ran into two problems: - To forward ^C and ^Z, I'm catching interrupt and terminal stop signals and send a 0x03 or 0x1A respectively. This doesn't seem to work: if you'd type "copy con fi [ more ] [ reply ] More problems with handling remote cmd.exe shell 2004-09-21 Berend-Jan Wever (skylined edup tudelft nl) Re: challenge 2004-09-14 Marco Ivaldi (raptor 0xdeadbeef info) (2 replies) > Hopefully I shall get responses to this challenge,... Hey fuzzy, Find attached a working C exploit (with detailed comments) for your sample vulnerable code. Of course, it's possible to modify it to automagically get the needed addresses. It should also be possible to use pipe() and write() t [ more ] [ reply ] New Security paper released 2004-09-13 shadown (shadown gmail com) Hi, I've just released 'Win32 Stack BufferOverFlow Real Life Vuln-Dev Process' paper. Which covers the hole process of vuln-dev, from discovering the bug till exploiting it. You can download it from: http://hack3rs.org/~shadown/Twister/ I hope you'll enjoy it. Cheers, shadown -- Ser [ more ] [ reply ] Apache 1.3 2004-09-14 aley consolbyexpotel com (1 replies) ALPHA 2: Zero-tolerance 2004-09-14 Berend-Jan Wever (skylined edup tudelft nl) Hi all, I'm proud to announce the upcoming release of a new version of ALPHA: "ALPHA 2: Zero-tolerance" Like ALPHA, it is a shellcode encoder that outputs 100% alphanumeric code. In the new version a lot of the code has been improved and it can now output UNICODE-proof code too. As a pre-release te [ more ] [ reply ] challenge 2004-09-11 fuzzy (at) bonbon (dot) net [email concealed] (fuzzy bonbon net) //----=[ Challenge ]=----// Having been with the vulndev mailing list for a while now without seeing an exploit challenge, I thought I would offer one up for the masses... However this vulnerability is simple in design yet appears to be difficult to exploit in C... I have supplied a working bash [ more ] [ reply ] Cross-Site Scripting Vulnerability in Newtelligence DasBlog 2004-09-01 Dominick Baier (seclists leastprivilege com) ERNW Security Advisory Cross-Site Scripting Vulnerability in Newtelligence DasBlog Author: Dominick Baier <dbaier (at) ernw (dot) de [email concealed]> 1. Summary: A XSS (Cross-Site-Scripting) Vulnerability in DasBlog's Event and Activity Viewer allows to inject and execute code on the client's machine. This allows an attac [ more ] [ reply ] [SHATTER Team Security Alert] Multiple vulnerabilities in Oracle Database Server 2004-09-02 SHATTER (Application Security, Inc.) (vrathod appsecinc com) AppSecInc Advisory: Multiple vulnerabilities in Oracle Database Server Date: August 31, 2004 Detailed Information Provided Online At: http://www.appsecinc.com/resources/alerts/oracle/2004-0001/ Credit: These vulnerabilities were researched and discovered by Cesar Cerrudo and Esteban Martinez Fayo [ more ] [ reply ] Open Source Vulnerability Database Opens Vendor Dictionary 2004-08-31 Jake (jkouns opensecurityfoundation org) Open Source Vulnerability Database Press release: 2004.08.31 2 Open Source Vulnerability Database Opens Vendor Dictionary The Open Source Vulnerability Database, a project to catalog and describe the world's security vulnerabilities, has expanded its offering and opened a vendor dictionary that s [ more ] [ reply ] ToorCon 2004 Pre-Registration Closing 2004-08-31 h1kari toorcon org Hey everyone, ToorCon is approaching fast this year and we wanted to make sure that all of you know that we're trying hard to make ToorCon 6 the best ToorCon yet. We're still in the process of finalizing our second keynote, but otherwise the lineup is complete with over 30 talks this year! We just [ more ] [ reply ] 21st Chaos Communication Congress 2004: Call for Papers 2004-08-26 fukami (fukami c3d2 de) 21st Chaos Communication Congress 2004: Call for Papers ======================================================= 21C3 - 21st Chaos Communication Congress "The Usual Suspects" December 27th to 29th, 2004 Berliner Congress Center, Berlin, Germany http://www.ccc.de/congress/2004/ Overview -------- [ more ] [ reply ] app: protocol in Help Center and Support - allow run???!!!??? 2004-08-21 Bartosz Kwitkowski (bartosz wb pl) [tool] (dum(b)ug) and ltrace for Windows 2004-08-22 FX (fx phenoelit de) Finally released, the fully open source debugger core for Windows including a ltrace for Windows implementation: http://www.phenoelit.de/dumbug/ Enjoy, FX -- FX <fx (at) phenoelit (dot) de [email concealed]> Phenoelit (http://www.phenoelit.de) 672D 64B2 DE42 FCF7 8A5E E43B C0C1 A242 6D63 B564 [ more ] [ reply ] GADU-GADU Instant messanger - long file name 2004-08-21 Bartosz Kwitkowski (bartosz wb pl) (1 replies) GADU-GADU - long file name... part 2 2004-08-22 Bartosz Kwitkowski (bartosz wb pl) I'd like to present next screenshot. http://wb.pl/bartosz/gg/screengg2.jpg This is view from remote computer - receiver. Something about file name: File name can't be too long because GG's server won't send it. It can't be 255 chars, for sure. You have to find correct size of it. A [ more ] [ reply ] |
Privacy Statement |
we're getting reports from our customers about
Outlook + Norton Antivirus crashing on certain messages.
We tryed to track the problem down, and it seems like that
emails without body and without the \n separating the body
from the headers crashes them. We had not the time to track
the pro
[ more ] [ reply ]