us.com/archive/1/536257
Is that issue related?
Cheers, Paul
Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
I think the list is a bit broken:
http://www.securityfocus.com/archive/1/536261/30/0/threaded
-Original Message-
From: asher...@gmail.com [mailto:asher...@gmail.com]
Sent: 19 August 2015 08:21
To: bugtraq@securityfocus.com
Subject: Re: CORE-2009-01515 - WordPress Privileges Unchecked in
ttp://www.symantec.com/en/sg/gateway-email-encryption/
Author: Paul Craig http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150129_00
for more information
Timeline:
-
2014/11/26: Issue Reported.
2015/01/30:
sponse of Vendor
2014-06-24 : Notified Vendor
Researchers:
Victor van der Veen (vvdv...@cs.vu.nl)
Erik-Paul Dittmer (epditt...@digitalmisfits.com)
- - - - - - - - - - - - - - - - - - - - - - - - - -
Digital Misfits does not accept any liability for any errors,
omissions, delays of receipt or viruses
of Vendor
2014-06-24 : Notified Vendor
Researchers:
Victor van der Veen (vvdv...@cs.vu.nl) / Erik-Paul Dittmer
(epditt...@digitalmisfits.com)
- - - - - - - - - - - - - - - - - - - - - - - - -
Digital Misfits does not accept any liability for any errors,
omissions, delays of receipt or viruses in
The problem reported for Mathematica is present still at version 10.0.0
for the GUI interface (the command-line interface may be "safe").
Cheers,
Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of Sydney
The problem reported for Mathematica is present still at version 9.0.1,
both for the GUI and for the command-line interface.
Cheers,
Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
---
http
");
printf("DONE\n");
}
psz@bari:~$ cc silly.c; a.out
open ptmx returned 3
doing utempter add
checking who
psz pts/29 Oct 4 11:48 (xyz)
r00t pts/0Jan 1 01:02 (xyz.com)
doing utempter del
checking who
DONE
psz@bari:~$
Please see also:
ecking it has right owner and
"chmod 0700" permissions. That fix will need to be implemented by
Wolfram.
Cheers, Paul
Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
The problem reported for Mathematica became worse at version 8.0.4,
present for the command-line interface "math" also.
Cheers,
Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
OVERVIEW
Mail.app mail client is vulnerable to a DoS by sending a crafted email.
VENDOR
Apple Inc.
Vendor contacted: 25 July 2011
Vendor reply: 20 September 2011.
Vendor's actions: Details confidential.
VULNERABILITY DESCRIPTION
Send an email with > 2023 MIME attachmen
Hello,
This is Paul Oxman with Cisco PSIRT.
Please confirms the vulnerability reported by Peter Adkins,
and has published an Intellishield response
http://tools.cisco.com/security/center/viewAlert.x?alertId=24458
Additional information below. For current updates to Cisco PSIRT
response
s claimed to have been fixed long ago, maybe in
http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html
However that never was actually fixed by Oracle, but was fixed by
browsers that %-encode the query.
Another interesting reference:
http://www.thisisahmed.com/tia/ohs/ohsh
The problem that was reported as below for Mathematica7, is present
also/still in (the "free trial" version of) Mathematica8.
Cheers,
Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
--
. (All the fcgi-bin/echo that I tested, were
already patched against the one you mention, but vulnerable to that
other I found.)
Cheers, Paul
Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
Dear An,
> Referrer: alert(1)
Yes, but... seems not all echo's get a Referer passed to them.
Cheers, Paul
Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
only secure plugins to
our community, the SquirrelMail developers do not take ultimate
responsibility for any third party plugins and moreover take VERY
UNKINDLY to this kind of impatient, uncommunicative and irresponsible
issue publishing.
> So this is the first public release I am
nto thinking you are somehow being
> responsible ...
I do not own an over-inflated ego.
> ... or simply send the code to Oracle and ask them ...
Sorry to blow your assumption: sent to Oracle, ages ago, first thing.
Cheers, Paul
Paul Szabo p...@maths.usyd.edu.au http://www.maths.u
ulnerabilities
> that my persist to Oracle first.
You make wrong assumptions, and jump to conclusions:
- Not anyone, but bona-fide ones only.
- I do not "own" an Oracle site to test.
Were not those obvious to right-thinking people?
Cheers, Paul
Paul Szabo p...@maths.usyd.edu.au ht
not following security recommendations to remove...
Maybe, contact me off-list so I can provide PoC?
Cheers, Paul
Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
mmendation
http://download.oracle.com/docs/cd/B14099_19/core.1012/b13999/checklist.htm#BABIBCIC
Cheers, Paul
Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
a SaaS, iKAT features many methods of escaping out of a
browser jailed environment and gaining command execution.
iKAT is a website you visit from a Kiosk, its quick, free, and aims to please.
iKAT is solely developed by myself (Paul Craig) a Kiosk hacking
enthusiast from New Zealand.
Defcon 18
IIS 5.1 runs on WindowsXP and not on Windows 2k servers, this vulnerability
shouldn't be present on W2k server with IIS 5.
t.com/files/advisories/blockedhelp_src.zip
++
|Solution|
++
Microsoft acknowledge that this is a bug, but do not think it requires fixing
until
the next Windows Service Pack. This is due to the mitigating circumstances of
CHM files
and the requirements of an NTFS file system.
This was the response I expected.
Paul Craig
Principal Security Consultant
Security-Assessment.com
. /usr/bin/pdf2dsc or /usr/bin/ps2ascii . Also,
crappy coding for "GS_EXECUTABLE=gs". Am not sure if these are
"originally gs" or "Debian special".
Cheers, Paul
Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
gether
a proof-of-concept demo?
Cheers, Paul
Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
/tmp/any.ps
will do:
chdir("/tmp/")
execve(..., "gs", ... "-dSAFER", ... "any.ps", ...)
So gv is careful to use -dSAFER but does not know about -P-.
I notified
bug...@gnu.org
about this, see
http://bugs.debian.org/583316
also.
Cheers, Paul
Paul Sza
Dear Krzysztof,
>> ... it is dangerous to do
>> cd /tmp; gs any.ps
>
> What is in the file "any.ps"?
> You are exposed ... without feeding *anything* to Ghostscript ...
Yes, precisely: that is why I called it any.ps.
Cheers, Paul
Paul Szabo
directory,
"protection" against just ./Encoding is not enough.
Cheers,
Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
ound: use command-line math instead of pretty interface.
Notified supp...@wolfram.com on 7 May 2010, was assigned [TS 16194].
Cheers,
Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
is perfectly normal networking behavior. Fire up Wireshark some
time, on a normal functioning network (or tcpdump -n), and look only for ARPs.
You'll see tons of them. Hosts ARP constantly.
--
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already
kype.com/sites/garage/2010/03/10/ReleaseNotes_4.2.0.155.pdf
+--+
|Credit|
+------+
Discovered and advised to Skype February 2010 by Paul Craig of
Security-Assessment.com.
Contact: paul.craigsecurity-assessment.com
For a PDF version of this advisory please refer to our website:
http://security-assessmen
.7.0.2.zip
#
#!/usr/bin/env python
# RCE for Easy FTP Server 1.7.0.2 w/ RET overwrite
# app @ http://code.google.com/p/easyftpsvr/
# Copyright 2010 Paul Makowski, GPLv2
# explanation of technique: http://wp.me/pBV1X-3Q
# based on: http://seclists.org/bugtraq/2010/Feb/202
# version 0.1
imp
--+
Discovered and advised to Hyleos in December 2009 by Paul Craig -
Security-Assessment.com
This advisory is also available from our website:
http://www.security-assessment.com/files/advisories/2010-02-11_ChemviewX_Activex.pdf
Security-Assessment.com is a New Zealand based world leader
UNIX login would allow. Some shares like [home] are provided for ease
of use, users are encouraged to create symlinks to other "interesting"
places e.g. NFS-mounted directories.)
Cheers, Paul
Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
. I myself do not think it
would be useful... would surely be a few lines of code only, so if you
want to submit a patch to the Samba team... or just patch your own
servers (as I do, see http://www.maths.usyd.edu.au/u/psz/samba/).
Cheers, Paul
Paul Szabo p...@maths.usyd.edu.au http://www.maths.us
mba installation, as per
default, is not vulnerable.
> - Several distributions run with vulnerable settings per default
> if there is a "misconfiguration" it is part of the vendor.
Is that vendor Samba?
Cheers, Paul
Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.
lows write access to the whole filesystem (where the user has UNIX
rights). I also wonder about the interaction with the setting of "unix
extensions" (which I had set to non-default "no" to help Mac clients).
Cheers, Paul
Paul Szabo p...@maths.usyd.edu.au http://www.maths.
amba supports dropping a user into a path ...
I never noticed such support documented: references please?
> ... and it really does need to keep him there.
You cannot "break out" of shares with "wide links = no".
> ... Samba is supposed to match Windows semantics in
so perhaps somebody would like to check it out. I did a
little bit of research and can't see where the problem lies.
Thanks,
Paul
Another good source is the Symantec Internet Threat report, I find it has a bit
more detailed analysis than the VBS report but both are valuable-
http://www.symantec.com/business/theme.jsp?themeid=threatreport
Paul
-Original Message-
From: Scotty [mailto:scott.niel...@usu.edu]
Sent
luto IKE daemon to crash and restart. No
authentication or encryption is required to trigger this bug. One spoofed
UDP packet can cause the pluto IKE daemon to restart and be unresponsive
for a few seconds while restarting.
A patch was created by Paul Wouters for Openswan and
Strongswan.
This bug aff
ed or used by anything in
openswan as it was not finished. Furthermore, it was no longer
installed AND explicitely disabled since:
commit 4661d345b676d5412a52b6d1289568fc4ab31eac
Author: Paul Wouters
Date: Fri Nov 21 23:52:38 2008 -0600
Skip installing livetest
when we added:
$ head -
practical uses this DoS could have.
(Debian and Ubuntu are vulnerable, I believe RedHat is not. I do not
know about other distros.)
Cheers,
Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello,
This is Paul Oxman with Cisco PSIRT.
For mitigations and workarounds, please consult the Cisco
Security Response available at:
http://www.cisco.com/warp/public/707/cisco-sr-20081105-vtp.shtml
Regards
,
Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
. October 16th 2008
Researcher: Paul Craig - paul.craig security-assessment.com
http://www.security-assessment.com/files/advisories/2008-10-16_Multiple_Flash_Authoring_Heap_Overflows.pdf
http://www.adobe.com/go/apsa08-09
I have found a serious privilege escalation in the Oracle DB that raises a
lower privileged user with CREATE ANY DIRECTORY to that of SYSDBA by directly
overwriting the hidden binary password file with a known binary password file
via UTL_DIR. Full discussion of how to defend and respond to this
By default, the 40-bit WEP key for the wireless router provided by
Verizon to FiOS (fiber optic) and possibly DSL customers is set to the
last 40 bits of the router's 48-bit MAC address. This is significant
because the router's MAC address (the MAC address of it's WAN-side
ethernet port) is easily
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -- "Paul Ferguson" <[EMAIL PROTECTED]> wrote:
>-- Gadi Evron <[EMAIL PROTECTED]> wrote:
>
>>In the last days news and government web sites in Georgia suffered DDoS
>>attacks. While these attacks seem to affe
4z8wNBom1TASstp9D6n3fL4bLwCfSzxU
cQcPfvWSi7j3Bwpgy1hPZJM=
=5lFT
-END PGP SIGNATURE-
--
"Fergie", a.k.a. Paul Ferguson
Engineering Architecture for the Internet
fergdawg(at)netzero.net
ferg's tech blog: http://fergdawg.blogspot.com/
Responses.
I understand most current browsers support OCSP.
...and only a tiny number of CAs do so.
--Paul Hoffman, Director
--VPN Consortium
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello,
This is Paul Oxman with Cisco PSIRT.
The Cisco published advisory that Andy references is
located at:
http://www.cisco.com/warp/public/707/cisco-sa-20070509-iosftp.shtml
Regards
Name:Paul Oxman
Phone: +65 6317 7418
al-evidence answer is
no. It's because people who use Firefox tend to be more aware of security
threats and the need to keep software up to date. It could also be (at
least in part) because Firefox has a built-in, enabled-by-default, update
available warning system.
Paul Schmehl ([EMAIL PR
o UTF-7 ... There is no
> problem to trick the victim and force him to change the encoding of
> his browser by little social engineering.
See https://bugzilla.mozilla.org/show_bug.cgi?id=408457 about how this
can be better exploited.
Cheers,
Paul Szabo [EMAIL PROTECTED] http://www.
/detail.jsp?ftpID=3849.
== Credit ==
Discovered and advised to Adobe February , 2007 by Paul Craig of
Security-Assessment.com - Paul.CraigSecurity-Assessment.com
== Greetings ==
Past and present Security-Assessment.com members.
The .NZ Security Scene
KiwiCon '08 (www.kiwicon.org)
== About Sec
http://www.castlecops.com/t216074-Happy_Birthday_CCSP.html
Hi Folks, I encourage everyone to jump in and say happy birthday above.
With all the performance excitement from this month, I plumb forgot!
Thanks all.
--
Paul Laudanski, CastleCops®, http://www.castlecops.com
http://www.linkedin.com
.webappsec.org/projects/whid/byid_id_2008-01.shtml)
Further information about the Web Hacking Incident Database at
http://www.webappsec.org/projects/whid.
I don't see this one:
<http://www.modsecurity.org/blog/archives/2008/01/sql_injection_a.html>
An MS SQL injection attack against a fla
le responsive and quick to shut
down the compromised address, did not disclose exactly what equipment was
behind the compromised IP address.
If Yahoo was able to fix the problem quickly, then it would appear that
Yahoo had a compromised domain server or servers.
--
Paul Schmehl ([EMAIL PROT
nversations with OTR, and via
other ways pro-actively protect ones own privacy. That is a real
structural solution. Don't blame others for not using an envelope around
your own communication.
For pointers on how to obtain more privacy via userfriendly software,
see: http://chameleon.spaink.net/PTT.pdf
Paul
of patches,
ideas and constructive criticism is welcome. However for the sake of
everyones nerves I will not reply to any sort of aggressive and/or
flaming mails.
Many Greetings
Paul Sebastian Ziegler
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Mozi
3 million
US to the 419 scam and be prepared to lose more, is it really a stretch to
think that a fake codec trojan will make inroads on the Mac?
Paul Schmehl ([EMAIL PROTECTED])
Senior Information Security Analyst
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/
p
> Not to step in to the middle of this, but I once worked for an employer
with what I
> considered the best way of stopping attacks cold: a proxy server that
prompted you for your
> credentials when you went to an external web site and gp settings that
disabled the ability
> to save your usernam
available to address this vulnerability.
Security-Assessment.com highly recommends all Cart32 users to upgrade.
== Credit ==
Discovered and advised to McMurtrey/Whitaker & Associates, Inc
October 2007 by Paul Craig of Security-Assessment.com
== Greetings ==
To all my fallen SA
Good News Everyone,
The DeepSec IDSC 2007 Registration has begun at http://deepsec.net/register/
Since we've received a lot of great feedback so far, we've made some
changes to the conference since the initial announcement.
* 36 top-notch Talks instead of 26. (see http://deepsec.net/schedule/)
-
s, but they'll grow out of it.
But just as Tyler Reguly phrased it just a few minutes earlier:
> There's a number of reasons why this isn't actually a rootkit... The problem
> with calling everything by the same name is that you degrade the original
> meaning of the world
Th
y GRSecurity as a rootkit? RBAC will let you hide
parts of your filesystem as well...
> Have a read of
Have another one:
http://observed.de/?entnum=101
Now I was outraged by Sony's Copyprotection Rootkit - but this is simply
something different.
Many Greetings
Paul
-BEGIN PGP SIGNATUR
ries are available at
http://www.cisco.com/go/psirt.
Name: Paul Oxman
Title: PSIRT Incident Manager
Work: +65 6317 7418
Fax:+65 6317 5250
Country:Singapore
- -Original Message-
From: Disclosure [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 08,
would be very pointless.
Although IIS 5 is old, it is still relatively common.
Any further questions, feel free to ask.
Cheers,
Paul Craig
Security Consultant
Security-Assessment.com
-Original Message-
From: 3APA3A [mailto:[EMAIL PROTECTED]
Sent: Thursday, 12 July 2007 2:30 a.m.
To
.NET
Framework in relation to the affect a Null byte (%00) has on
various aspects of the .NET Common Language Runtime.
This advisory details the findings of that research conducted
by Paul Craig Paul.Craigsecurity-assessment.com.
It was found that certain .NET methods in various sections of the
200E,
2400E or 5000E), 2.5.1.6826.
- non-X-Family device (including 600E, 1200E, 2400E
or 5000E), 2.5.2.6919.
http://www.3com.com/securityalert/alerts/3COM-07-003.html
== Credit ==
Discovered and advised to Tippingpoint January 18th 2006
by Paul Craig of Security-Assessment.com
== A
DeepSec In-Depth Security Conference 2007 Europe - Nov 20-23 2007 -
Vienna, Austria
http://deepsec.net/
Second Call for Papers
We're inviting you to submit papers and proposals for trainings for
the first annual DeepSec security conference.
We've been able to get some really good submissions, f
== FINAL Call for Papers: Chaos Communication Camp 2007, Berlin ==
Chaos Communication Camp 2007
"In Fairy Dust We Trust!"
August, 8th to 12th, 2007
Airport Museum Finowfurt (Finow Airport) near Berlin, Germany
http://events.ccc.de/camp/2007/
Final Call for Paper Deadline: June 5th 2007, 23:59
a device they do a 2
stage login, first stage being username+pass the second being a code
sms'sed to a pre-registered mobile phone number.
--
Paul Foote
[EMAIL PROTECTED] wrote:
PHP Nuke <= 8.0.0.3.3b SQL Injections and Bypass SQL Injection Protection
vulnerabilities
PROGRAM: PHP-Nuke
HOMEPAGE: http://phpnuke.org/
VERSION: All version
BUG: PHP Nuke <= 8.0.0.3.3b Bypass SQL Injection Protection and SQL Injections
vuln
in this email, but you'd hope that no vendor would consider security
updates as an optional extra.
Thanks,
Paul
al material, or have
problems with the webform, feel free to contact us at [EMAIL PROTECTED]
Regards
paul
ascii wrote:
Paul Laudanski wrote:
I tried both your scripts at a few locations, and all I get back is this
[cut]
hi Paul, long time from ccc : )
Hey sure how are you? Been well? I've been really busy with CC.
it happens because http headers must be on a single line, i
incorporate basename(). You never
want to accept directory traversal attempts into variables.
Paul Laudanski, CastleCops
http://www.linkedin.com/pub/1/49a/17b
Submit Phish: www.castlecops.com/pirt
www.castlecops.com | de.castlecops.com | wiki.castlecops.com
ascii wrote:
Php Nuke POST XSS on steroids
Name Php Nuke POST XSS on steroids
Systems Affected PHP >=4.0.7 <=5.2.1, GLOBALS OFF, Php Nuke 8.0 and
others (partially verified)
Severity Medium
Vendorhttp://php nuke.org/
Advisory
into running anything, nor are there any interesting objects
thusly accessible. Would become a "root hole" if someone finds a way
to execute anything from /bin/ls (as started from ftpd).
Please see
http://bugs.debian.org/384454
for details.
Cheers,
Paul Szabo [EMAIL PR
-Assessment.com urges EasyMail users to upgrade to the latest
version
which is available at
http://www.quiksoft.com/download/emsetup.exe.
== Credit ==
Discovered and advised to Quiksoft February, 2007 by Paul Craig of
Security-Assessment.com
== About Security-Assessment.com ==
Security-Assessment.com is
show_bug.cgi?id=56236
https://bugzilla.mozilla.org/show_bug.cgi?id=258875
and further references therein.
Cheers,
Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
Dana:
The "S" in RSA stands for Adi Shamir, not Ravi Sethi. Ravi is the
author of the "Dragon Book", however.
This one time, at band camp, Dana Hudes wrote:
Darren Reed wrote:
In functional programming languages (think 4GLs like prolog),
Prolog isn't a 4GL (it was invented in 1972 ). In R
This is an issue reported months ago already with mixed results from
vendors. Only way to get them to patch are to issue exploits like this
unfortunately.
Paul Laudanski, Microsoft MVP Windows-Security
Phish XML Feed: http://www.castlecops.com/article6619.html
Phish Takedown: http
on OS X i386 to die.
Also Firefox 1.5.0.7 on Windows XP Pro SP2 (English).
And Firefox 1.5.0.7 on FreeBSD 6.0 RELEASE.
Paul Schmehl ([EMAIL PROTECTED])
Adjunct Information Security Officer
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/
p7sF68EhARAtE.p7s
Description:
Seems that I was wrong and Brian Eaton <[EMAIL PROTECTED]> was right:
default apache installations seem to return an explicit charset in their
error message. (Now I cannot explain how I convinced myself otherwise.)
Then there is no Universal XSS against default Apache webservers...
Cheers,
gainst a certain "HTTPS server of interest" here at USyd.
Would seem that if Apache is "internationalized" with those error messages
than you are safe, but not if you kept things "simple".
The bug is not in Apache, but in IE. Why would all web servers need to
specify
cess to ISS servers to test whether similar attacks would work there.
Will Apache fix (carefully escape) the error message? Will MS fix IE to
not be so over-friendly?
In the meantime, do not use IE to do anything "private" like banking...
Cheers,
Paul Szabo [EMAIL PROTECTED]
by me.)
Perhaps a little more research was warranted?
Paul
index.php?paged=/archive/-1-5-2-Create%20Table
The Wordpress folks tell me there isn't a version 2.0.5, 2.0.4 is the
latest release and the subversion code isn't numbered that way. Is it
possible the OP got the version string wrong?
Thanks,
Paul
--
fora.compuwar.net
Andreas Marx wrote:
At 22:35 07.08.2006, Paul Schmehl wrote:
[...]
This is similar to the problem of alternative data streams. Essentially, the work needed to solve
this problem isn't worth the expenditure of time and effort, because the file, in order to infect
the system, has
, it will be detected
and whatever action is specified by the protective software will be taken.
To put it another way, what risk do bombs stored in a concrete bunker
present? None, unless they are accessed somehow. If proper monitoring
is in place, that will never happen without being dete
time and effort, because the file, in order to infect the
system, has to be executed. Once the file is executed "normal"
on-access scanning will catch the exploit *if* it is known. (If it's
unknown, it doesn't matter anyway.) Yes, on-demand scanning won't "see&q
'from' =>
> 'sessions',
> 'where'
> => "id='".$session_id."'".$query));
> [/code]
> [Exploit]
> http://rst.void.ru/download/r57ipb216gui.txt
> [Bugfix]
> Upgrade to 2.1.7 version
> [Credits]
> 1dt.w0lf
> RST/GHC
> http://rst.void.ru
> http://ghc.ru
--
Best regards,
paulmailto:[EMAIL PROTECTED]
<http://www.castlecops.com/a6621-CastleCops_Announces_New_Rootkit_Help_Forum.html>
--
Paul Laudanski, Microsoft MVP Windows-Security
Submit Phish: www.castlecops.com/pirt
Phish XML Feed: www.castlecops.com/article6619.html
[de] http://de.castlecops.com
[en] http://castlecops.com
[wiki
to an
IMMEDIATE root compromise of vulnerable machines. But I'm not going to
provide a PoC :-]
with best regards
Paul Starzetz
of the 2.6 kernel
code? *just guessing*
Anyway CVE-2006-2451 is trivially exploitable so I don't attach any
exploit code since it is obvious...
Paul Starzetz
the DOM element instead
> of the through the frames collection will give you a reference to the
> document object inside the thirdparty domain ...
Sorry, but I cannot follow. Could you please show an example?
Thanks,
Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/
Scho
.xpsp.050622-1524 on Windows XP Professional
SP2 - vulnerable
Paul Schmehl ([EMAIL PROTECTED])
Adjunct Information Security Officer
University of Texas at Dallas
http://www.utdallas.edu/ir/security/
smime.p7s
Description: S/MIME cryptographic signature
1 - 100 of 258 matches
Mail list logo
