ss-release).
Thanks to all who played with us :)
PD: Again, this has nothing to do with current RootedCON congress/organization.
Cheers,
-Roman
Roman Medina-Heigl Hernandez escribió:
> Hello,
>
> Next Friday I will be running a web-based challenges contest. Winner will
> be awarded with t
Hello,
Next Friday I will be running a web-based challenges contest. Winner will
be awarded with the new iPod touch from Apple. Thanks to Hispasec Sistemas
(you probably know them as the makers of VirusTotal service) from
sponsoring the prize.
Full info (registration currently open):
http://www.r
===
- Rooted CON 2010 -
C A L L F O R P A P E R S
===
.: [ ABOUT ]
Rooted CON is a Security Congress to be held in Madrid (Spain) on
March 2010. Our goal is to p
Razi Shaban escribió:
>> I am glad to release SFX-SQLi (Select For XML SQL injection), a new SQL
>> injection technique which allows to extract the whole information of a
>> Microsoft SQL Server 2005/2008 database in an extremely fast and efficient
>> way.
>
> This isn't new, this is old news. It
bs.com/exploitsntools/rs_pocfix.sh
[EMAIL PROTECTED]:~$ chmod a+x rs_pocfix.sh
[EMAIL PROTECTED]:~$ ./rs_pocfix.sh
#
# "rs_pocfix.sh" (PoC for Postfix local root vulnerability: CVE-2008-2936)
# by Roman Medina-Heigl Hernandez a.k.a. RoMaNSoFt <[EMAIL PROTECTED]>
#
# Tested: Ubuntu / Debia
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello,
I've been playing with DHCPd bug in *Ubuntu Linux*. According to the
analysis by Core it could be theoretically possible to get a shell ("the
possibility of using it to execute arbitrary code on vulnerable systems was
not investigated in-depth
Andy Davis escribió:
> Personally I think these techniques are pretty cool we're really pleased
> with the results of the research - I think it may be clearer to everyone
> when we release the higher resolution videos that are easier to watch.
I think it may be clearer to everyone if you release s
Simon Smith escribió:
> Amen!
> KF is 100% on the money. I can arrange the legitimate purchase of most
> working exploits for significantly more money than iDefense, In some cases
> over $75,000.00 per purchase. The company that I am working with has a
> relationship with a legitimate buyer, al
Hello str0ke,
I reviewed the exploits listed. Yes, all of them use the shell but they
exploit trivially shell-exploitable bugs (like race conditions, ld-preload,
etc) or include other "external" programs (like cc, perl, etc) or assume
Linux/bash as well as other more or less recent environments.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Maybe this is obvious for Paul Starzetz (as well as many other people) but
full-disclosure is not really "full" without exploit code.
Working exploit attached. You can also download it from:
http://www.rs-labs.com/exploitsntools/rs_prctl_kernel.c
Gre
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
===
- RS-Labs Security Advisory -
===
Tittle: Multiple flaws in VHCS 2.x
ID: RS-2006-1
Severity: Critical
Date: 11.Feb.2006
Author: Román M
.). Most of w98 users are usually
referred as dumb users, but I don't think they cannot use a patch in
.exe form (like NT Service Packs). Don't you think so, Bill? ;-)
Yours, Román.
-- E.T.S. Ingenieros Telecomunicacion -
---\\ Roman Medina-Heigl Herna
12 matches
Mail list logo