Hey all,

Anyone that read the most recent Uninformed journal probably saw Skape's
Implementing a Custom x86 Encoder paper [1]. In it he presents a little
challenge for implementing a getpc stub that is UTF-8 and tolower()
compliant. The typical jmp/call, fsetenv, and Skylineds Alpha stuff
won't wo

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello Vuln Dev readers,

Here are some announcements from Black Hat to keep you busy this October:

- - The Call for Papers and conference registration is now open for the Black Hat
DC Training and Briefings.
- - The Call for Papers and conference regi

[ more ]  [ reply ]

Upgrade to MR3 of the FortiGate device they have now addressed that
issue.

Thank you and have a great day,

Oscar Bravo

-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]]
On Behalf Of Alice Bryson <abryson (at) bytefocus (dot) com [email concealed]>
Sent: Sunday, October 08, 20

[ more ]  [ reply ]

Hey I was wondering if anyone has any experience auditing KDE based
applications. Recently I, found this while fuzzing for a different
type of vuln.

I am using KDE 3.5.2 and kmail 1.9.1.

This bug requires HTML to be enabled (Settings -> Configure Kmail ->
Security -> and tick Prefer HTML to Plain

[ more ]  [ reply ]

You are correct, I have also tested this. My school system pays who knows what amount of money for this software, yes a simple "s" blows all of their software away. It's not hard for an average student to figure this out, it's really a shame so much money is wasted on such poor software.

[ more ]  [ reply ]

> As I recall, in distributions such as Debian, linux-gate is at a static
> address. Thus this isn't a kernel-level thing, but rather something the
> Fedora team did.
>
> If you look in a debugger, you'll see that linux=gate only moves a few
> hundred bytes or so per execution. The stack can move se

[ more ]  [ reply ]

Hi,
I was working with bypassing randomized stack using "linux-gate.so.1"
I am using Fedora Core 5 and problem with it is that location of
linux-gate.so.1 is not fixed.
But other libraries are having fixed location ( like libc.so.6 and
ld-linux.so.2 )

I changed the value of "/proc/sys/kernel/random

[ more ]  [ reply ]

The technique is explained in greater detail at http://milw0rm.org/papers/55 , but unfortunately it only talks about JMP *%esp

By playing around a bit, it looks like %edx always points to the command-line argument after the one you pass to strcpy(). That is, if you do strcpy(vuln,argv[73]), %edx

[ more ]  [ reply ]

Hi,
I am working on vulnerabilities which will bypass stack randomization.
I came across a method ("call *%edx" technique) described in
http://rawlab.mindcreations.com/codes/exp/randstack/exp_call_rand.pl

As per my understanding, method works on the line of finding the library
which is not randomiz

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ANNOUNCING

88888o, .o8o, o8 8I .888, .888, o8o o8 o8 o8 o8
88_ 88 o8_ 8o 88,_o8" 88 88 88 88 888o_88 88 88 88
88888o" 88ooo88 88888o 88 88 88 88"8o88 88

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

88888o, .o8o, o8 8I .888, .888, o8o o8 o8 o8 o8
88_ 88 o8_ 8o 88,_o8" 88 88 88 88 888o_88 88 88 88
88888o" 88ooo88 88888o 88 88 88 88"8o88 88 88 88
88

[ more ]  [ reply ]

PRE-REGISTRATION CLOSING ON FRIDAY, SEPTEMBER 15TH

Don't miss out on the discounted rates for attending ToorCon 8, San
Diego's exclusive hacker convention, going on from September 29th
through October 1st.
[http://www.toorcon.org]

GENERAL ADMISSION

Currently general admission is only $80 which w

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dear Folks:

I am curious how the folks reading these lists look, in general, at a
Vulnerability Management System. What features do you wish to have a
decent Vulnerability Management System (VMS) offer? Which VMS do you
use or have used at any point in

[ more ]  [ reply ]

#Aria-Security.net Advisory

#Discovered by: Dr.T3rr0r1st

#< www.Aria-security.net >

#Gr33t to: The-0utl4w & A.u.r.a & R@1D3N & Smok3r

#-----------------------------------------------------------

Software: VirtueMart

Link: virtumart.net

Attack method: Remote File Inclusion

Source :

//Set

[ more ]  [ reply ]

Hi there,

playing with some hexa-voodoo, i'm currently updating my international
Windows opcodes database ("magical return addresses")
it's not as detailed as the MetaSploitFramework one (greetz to the MSF
team and specially to skape), but now supports up to 7 different
locales! (English, French

[ more ]  [ reply ]

Hello,

I'm messing around with the vortex wargame on pull the plug (pulltheplug.org/wargames/vortex) and I needed to overwrite .dtors in one of the levels.

I found out that in every ELF (gcc compiled) I found in .data a pointer to the end of the .dtors section.

Why is it there? Simply to make

[ more ]  [ reply ]

General Objectives

The H2HC have as mainly objective offer a national and internation
conference for Brazilians Hackers, strongly the ethical of hacking.

We have as mission change and desmistify the word hacker from the
pejoractive sense to show the hacker as who works in software research and
sec

[ more ]  [ reply ]

An application-to-application stream can be created between two Skype clients without having established normal communications between them and both Skype client's contact lists are empty. With this ability any Skype enabled application can create a convert communication stream to a central server.

[ more ]  [ reply ]

CALL FOR PAPERS CLOSING!

Just wanted to let you know that the ToorCon 8 CFP will be closing at
the end of Friday, August 18th (tomorrow). If you're interested in
submitting, please make sure you get your submissions in before midnight
tomorrow. For more info, check out the CFP at:
http://www.toorco

[ more ]  [ reply ]

Anyone knows how to reach them?

thanks in advance,

-Guillermo

[ more ]  [ reply ]

This is a completely different issue, the one you speak of about the jpg
file, what it was was a gif header in a .jpg file with javascript after it,
and I just tried it and it is still unpatched, but none the less a different
issue

D

On 10 Aug 2006 05:59:06 -0000, none (at) none (dot) com [email concealed] <none (at) none (dot) com [email concealed]>

[ more ]  [ reply ]

This was actually patched a while ago by Microsoft to the best of my knowlege(I tested it). However, this may be a tad different. In older versions it was possible to upload image files to say a message board or whatever say an avatar. But by placing javascript in any file with a .jpg extension made

[ more ]  [ reply ]

"One new feature of "Web 2.0", the movement to build a more responsive
Web, is the utilization of XML content feeds which use the RSS and Atom
standards. These feeds allow both users and Web sites to obtain content
headlines and body text without needing to visit the site in question,
basically pro

[ more ]  [ reply ]