Hi,
There are some PoC if someone's interested...
Clam AntiVirus ClamAV rebuildpe Heap Overflow Vulnerability
http://overflow.pl/poc/clam_petite_heap.exe.bz2
Clam AntiVirus ClamAV CHM Chunk Name Length DoS Vulnerability
http://overflow.pl/poc/clam_namelen_dos.chm
Best regards,
Damian Put
6750 people got spammed by this looser today. The email addresses look like it
was a 'security interest' list that Joe bought from the neighbouring spam
business. Don't support spammers.
Joe McCray, Jonathan McCray, learnsecurityonline.com, rootwars.org
On Mon, Oct 16, 2006 at 09:41:08PM -0400, Peter Dawson wrote:
I think the point here is that you seed you email addy to these freebie
newsletters and then wait for the spammer to harverst the email addy's.
Propagation window shoud be about 10-15 days and then you can counter
anlaysis the
On Mon, 16 Oct 2006, Gadi Evron wrote:
sort of challenge to see if someone else can get there first (without,
say, making the URL shorter). :)
Crunched further
New binary at 384 bytes is here:
http://ragestorm.net/tiny/tiny2.exe
Blog entry on how this was done is here:
Sorry for the spam but I wanted to get this out to as many haX0rs as
possible with as few emails as possible. It's time to get in the
spirit. It's time for a hacker pumpkin carving contest. I've given you
two weeks notice so no one can complain about not hearing about it in
time. Info at
Does anyone could give me some spam archive, or spam to
[EMAIL PROTECTED], thanks.
Yeah, I've got gigabytes of it here sitting in the quarantine on my
Mailfrontier boxes .. problem is, I can't think of an easy way to
anonymize it and screen for false-positives that may contain sensitive
RSnake wrote:
Sorry for the spam but I wanted to get this out to as many haX0rs as
possible with as few emails as possible. It's time to get in the
spirit. It's time for a hacker pumpkin carving contest. I've given you
two weeks notice so no one can complain about not hearing about it in
RSnake wrote:
Sorry for the spam but I wanted to get this out to as many haX0rs as
possible with as few emails as possible. It's time to get in the
spirit. It's time for a hacker pumpkin carving contest. I've given you
two weeks notice so no one can complain about not hearing about it in
Sup bluepill - yeah I bought the list (I thought was supposed to be a
double opt-in of people interested in computer/network security) and it
spammed half the security planet. My bad. I'll probably see my IP on tons
of mailserver blacklists by the end of the day today. So the damage is
done.
--
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Netragard, L.L.C Advisory* ***
Strategic Reconnaissance Team
http://www.netragard.com -- We make I.T.
On Tue, 17 Oct 2006 10:29:51 EDT, Michael Holstein said:
them. Who in *real life* actually asks for information about online
gambling, pharmacies, etc. and supplies an email address?
Probably the same idiots that respond to spam about online gambling and
pharmacies. Spam wouldn't be a
Hi list,
simple PoC for known (four years old) .manifest file local DoS. Tested on
Windows XP SP2, no crashdump generated. You can use manifest file on *any* GUI
application.
http://users.volja.net/database/manifest.zip
Cheers,
E.
http://www.email.si/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200610-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
Title: {x0n3-h4ck} DEV Web Manager System = 1.5 XSS Exploit
-=[ADVISORY---]=-
-=[ ]=-
-=[ DEV Web Manager System = 1.5 ]=-
-=[ ]=-
-=[ Author: CorryL [EMAIL PROTECTED] ]=-
-=[ www.x0n3-h4ck.org ]=-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Product Name : dtmail
Product Version : 5.1b
Vendor Name : Hewlet Packard
Criticality : Local Root Compromise
Effort: Easy
Operating System : Tru64
Type
Opera Software Opera Web Browser URL Parsing Heap Overflow Vulnerability
iDefense Security Advisory 10.17.06
http://www.idefense.com/intelligence/vulnerabilities/
Oct 17, 2006
I. BACKGROUND
Opera is a cross-platform web browser. More information is available
from http://www.opera.com/
II.
Rapid7 Advisory R7-0026
HTTP Header Injection Vulnerabilities in the Flash Player Plugin
Published: Oct 17, 2006
Revision:1.0
http://www.rapid7.com/advisories/R7-0026.jsp
1. Affected System(s):
KNOWN VULNERABLE:
o Flash Player plugin 9.0.16 (for Windows)
o Flash Player plugin
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200610-07
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2006:183
http://www.mandriva.com/security/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2006:184
http://www.mandriva.com/security/
rPath Security Advisory: 2006-0194-1
Published: 2006-10-17
Products: rPath Linux 1
Rating: Major
Exposure Level Classification:
Remote Deterministic Denial of Service
Updated Versions:
kernel=/[EMAIL PROTECTED]:devel//1/2.6.17.14-0.1-1
References:
On Tue, 17 Oct 2006 Joseph McCray [EMAIL PROTECTED] wrote:
Sup bluepill - yeah I bought the list (I thought was supposed to be
a double opt-in of people interested in computer/network security)
and it spammed half the security planet. My bad. I'll probably see
my IP on tons of mailserver
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Denial of Service in XORP OSPFv2 [MU-200610-01]
October 17, 2006
http://labs.musecurity.com/advisories.html
Affected Product/Versions:
XORP OSPFv2 1.2, 1.3
Product Overview:
XORP is the eXtensible Open Router Platform.
Our goal is to develop an
? print_r(unserialize('a:1073741823:{i:0;s:30:aa}'));?in function zend_hash_init() int overflow ( ecalloc() )- heap overflowhere segfault in zend_hash_find() but it's possible to fake the bucket and exploit a zend_hash_del_index_or_key
i tried a memory dump , just fake
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2006:185
http://www.mandriva.com/security/
?
print_r(unserialize('a:1073741823:{i:0;s:30:aa}'));
?
in function zend_hash_init() int overflow ( ecalloc() )- heap overflow
here segfault in zend_hash_find() but it's possible to fake the bucket and
exploit a zend_hash_del_index_or_key
i tried a
//
http://www.w4cking.com
CREDIT:
w4ck1ng.com
PRODUCT:
Comdev One Admin 4.1
http://www.comdevweb.com/oneadmin.php
VULNERABILITY:
Remote File Inclusion
NOTES:
- requires register globals on
- requires magic quotes off
POC:
//
http://www.w4cking.com
CREDIT:
w4ck1ng.com
PRODUCT:
Simplog 0.9.3.1
http://www.simplog.org/
VULNERABILITY:
SQL Injection
NOTES:
- SQL injection can be used to obtain password hash
- requires at least one blog entry
POC:
28 matches
Mail list logo
