|
Colapse all |
Post message
Black Hat CFP, Registration, and Announcements for October 2006-10-13 Jeff Moss (jmoss blackhat com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello Vuln Dev readers, Here are some announcements from Black Hat to keep you busy this October: - - The Call for Papers and conference registration is now open for the Black Hat DC Training and Briefings. - - The Call for Papers and conference regi [ more ] [ reply ] RE: Fortigate Bypass 2006-10-10 Oscar Bravo (OscarB remingtonltd com) Upgrade to MR3 of the FortiGate device they have now addressed that issue. Thank you and have a great day, Oscar Bravo -----Original Message----- From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On Behalf Of Alice Bryson <abryson (at) bytefocus (dot) com [email concealed]> Sent: Sunday, October 08, 20 [ more ] [ reply ] Fuzzing KDE based apps (narrowing down bugs) 2006-10-09 nnp (version5 gmail com) Hey I was wondering if anyone has any experience auditing KDE based applications. Recently I, found this while fuzzing for a different type of vuln. I am using KDE 3.5.2 and kmail 1.9.1. This bug requires HTML to be enabled (Settings -> Configure Kmail -> Security -> and tick Prefer HTML to Plain [ more ] [ reply ] Re: Fortigate Bypass 2006-10-05 admin starkingdoms com (1 replies) You are correct, I have also tested this. My school system pays who knows what amount of money for this software, yes a simple "s" blows all of their software away. It's not hard for an average student to figure this out, it's really a shame so much money is wasted on such poor software. [ more ] [ reply ] Re: Fortigate Bypass 2006-10-09 Alice Bryson abryson (at) bytefocus (dot) com [email concealed] (abryson bytefocus com) Re: bypassing randomized stack using linux-gate.so.1 2006-10-03 Pravin (shindepravin gmail com) > As I recall, in distributions such as Debian, linux-gate is at a static > address. Thus this isn't a kernel-level thing, but rather something the > Fedora team did. > > If you look in a debugger, you'll see that linux=gate only moves a few > hundred bytes or so per execution. The stack can move se [ more ] [ reply ] bypassing randomized stack using linux-gate.so.1 2006-09-21 Pravin (shindepravin gmail com) (2 replies) Hi, I was working with bypassing randomized stack using "linux-gate.so.1" I am using Fedora Core 5 and problem with it is that location of linux-gate.so.1 is not fixed. But other libraries are having fixed location ( like libc.so.6 and ld-linux.so.2 ) I changed the value of "/proc/sys/kernel/random [ more ] [ reply ] Re: bypassing randomized stack using linux-gate.so.1 2006-09-22 Luciano Miguel Ferreira Rocha (strange nsk no-ip org) Re: problem in bypassing stack randomization ("call *%edx" technique) 2006-09-20 purelysp4m hotmail com The technique is explained in greater detail at http://milw0rm.org/papers/55 , but unfortunately it only talks about JMP *%esp By playing around a bit, it looks like %edx always points to the command-line argument after the one you pass to strcpy(). That is, if you do strcpy(vuln,argv[73]), %edx [ more ] [ reply ] problem in bypassing stack randomization ("call *%edx" technique) 2006-09-18 Pravin (shindepravin gmail com) Hi, I am working on vulnerabilities which will bypass stack randomization. I came across a method ("call *%edx" technique) described in http://rawlab.mindcreations.com/codes/exp/randstack/exp_call_rand.pl As per my understanding, method works on the line of finding the library which is not randomiz [ more ] [ reply ] ToorCon Pre-Registration Closing Friday! 2006-09-13 h1kari (at) toorcon (dot) org [email concealed] (h1kari toorcon org) PRE-REGISTRATION CLOSING ON FRIDAY, SEPTEMBER 15TH Don't miss out on the discounted rates for attending ToorCon 8, San Diego's exclusive hacker convention, going on from September 29th through October 1st. [http://www.toorcon.org] GENERAL ADMISSION Currently general admission is only $80 which w [ more ] [ reply ] Features in a Vulnerability Management System 2006-09-10 Ayaz Ahmed Khan (ayaz pakcon org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dear Folks: I am curious how the folks reading these lists look, in general, at a Vulnerability Management System. What features do you wish to have a decent Vulnerability Management System (VMS) offer? Which VMS do you use or have used at any point in [ more ] [ reply ] VirtueMart 2006-09-09 t3rr0r1st aria-security net #Aria-Security.net Advisory #Discovered by: Dr.T3rr0r1st #< www.Aria-security.net > #Gr33t to: The-0utl4w & A.u.r.a & R@1D3N & Smok3r #----------------------------------------------------------- Software: VirtueMart Link: virtumart.net Attack method: Remote File Inclusion Source : //Set [ more ] [ reply ] Windows International OPcodes Database 2006-09-04 Jerome Athias (jerome athias free fr) Hi there, playing with some hexa-voodoo, i'm currently updating my international Windows opcodes database ("magical return addresses") it's not as detailed as the MetaSploitFramework one (greetz to the MSF team and specially to skape), but now supports up to 7 different locales! (English, French [ more ] [ reply ] ELF binaries containing pointers to .dtors 2006-09-07 aviv by gmail com Hello, I'm messing around with the vortex wargame on pull the plug (pulltheplug.org/wargames/vortex) and I needed to overwrite .dtors in one of the levels. I found out that in every ELF (gcc compiled) I found in .data a pointer to the end of the .dtors section. Why is it there? Simply to make [ more ] [ reply ] Hackers to Hackers Conferece III - Call for Papers 2006-08-30 Rodrigo Rubira Branco (BSDaemon) (rodrigo kernelhacking com) General Objectives The H2HC have as mainly objective offer a national and internation conference for Brazilians Hackers, strongly the ethical of hacking. We have as mission change and desmistify the word hacker from the pejoractive sense to show the hacker as who works in software research and sec [ more ] [ reply ] Skype API Ap2Ap Stream Creation Flaw 2006-08-18 vizig0thblitz gmail com (1 replies) An application-to-application stream can be created between two Skype clients without having established normal communications between them and both Skype client's contact lists are empty. With this ability any Skype enabled application can create a convert communication stream to a central server. [ more ] [ reply ] ToorCon 8 Call for Papers Closing Tomorrow & Workshops/Seminars Added 2006-08-17 h1kari (at) toorcon (dot) org [email concealed] (h1kari toorcon org) CALL FOR PAPERS CLOSING! Just wanted to let you know that the ToorCon 8 CFP will be closing at the end of Friday, August 18th (tomorrow). If you're interested in submitting, please make sure you get your submissions in before midnight tomorrow. For more info, check out the CFP at: http://www.toorco [ more ] [ reply ] Re: Re: Automatic MIME type detection in Internet Explorer 6.x allowed 2006-08-10 der wert (derwert hotmail com) This is a completely different issue, the one you speak of about the jpg file, what it was was a gif header in a .jpg file with javascript after it, and I just tried it and it is still unpatched, but none the less a different issue D On 10 Aug 2006 05:59:06 -0000, none (at) none (dot) com [email concealed] <none (at) none (dot) com [email concealed]> [ more ] [ reply ] Re: Re: Automatic MIME type detection in Internet Explorer 6.x allowed 2006-08-10 none none com This was actually patched a while ago by Microsoft to the best of my knowlege(I tested it). However, this may be a tad different. In older versions it was possible to upload image files to say a message board or whatever say an avatar. But by placing javascript in any file with a .jpg extension made [ more ] [ reply ] Announcement: Feed Injection in Web 2.0: Hacking RSS and Atom Feed Implementations [Whitepaper] 2006-08-07 SPI Labs (Spi Labs spidynamics com) "One new feature of "Web 2.0", the movement to build a more responsive Web, is the utilization of XML content feeds which use the RSS and Atom standards. These feeds allow both users and Web sites to obtain content headlines and body text without needing to visit the site in question, basically pro [ more ] [ reply ] |
|
Privacy Statement |
Anyone that read the most recent Uninformed journal probably saw Skape's
Implementing a Custom x86 Encoder paper [1]. In it he presents a little
challenge for implementing a getpc stub that is UTF-8 and tolower()
compliant. The typical jmp/call, fsetenv, and Skylineds Alpha stuff
won't wo
[ more ] [ reply ]