[Full-disclosure] Every MS Exploit

Project to find exploits for every MS Security Bulletin gets wiki’ed Last September (part 1) http://ElseNot.com contributed it’s collocation and goal (try to find an exploit for every MS Security Bulletin ever released). Activity stopped when Microsoft published 473 bulletins and 163 Exploits ha

[Full-disclosure] Batch File Creator (A batch file that can create a program (exe, bat, mp3, etc..) and execute it without downloading anything)

*PHP BatchFileCreator (batch program that makes and execute a program) If you have a shell, and you want to send a file, you need to use FTP to process it, or to try to compile it there.. anyway, this code, will generate a batch file that will create the specified file and optionally execute it.

Re: [Full-disclosure] Firefox + popup blocker + XMLHttpRequest + srand() = oops

Thats what i was looking for not if you were going to patch it! If they were! On 2/5/07, Ben Bucksch <[EMAIL PROTECTED]> wrote: No, we never patch bugs. Where would this lead us? Only commies taking over! Tracked in bug 369390. James Matthews wrote: > Do you think it will be patched?? > > On

Re: [Full-disclosure] Firefox + popup blocker + XMLHttpRequest + srand() = oops

No, we never patch bugs. Where would this lead us? Only commies taking over! Tracked in bug 369390. James Matthews wrote: > Do you think it will be patched?? > > On 2/5/07, *Michal Zalewski* <[EMAIL PROTECTED] > > wrote: > > On Mon, 5 Feb 2007, pdp (architect) wrote

[Full-disclosure] [USN-418-1] Bind vulnerabilities

=== Ubuntu Security Notice USN-418-1 February 05, 2007 bind9 vulnerabilities CVE-2007-0493, CVE-2007-0494 === A security issue affects the following Ubuntu releases: Ubuntu 5.

Re: [Full-disclosure] Firefox + popup blocker + XMLHttpRequest + srand() = oops

Do you think it will be patched?? On 2/5/07, Michal Zalewski <[EMAIL PROTECTED]> wrote: On Mon, 5 Feb 2007, pdp (architect) wrote: > You may as well use a QuickTime .mov/.qtl or a PDF document to open a > file:// link . I think it is easier. Sure. You can probably have a file:// link in Open

[Full-disclosure] [ MDKSA-2007:034 ] - Updated samba packages address multiple vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2007:034 http://www.mandriva.com/security/ ___

[Full-disclosure] [SECURITY] [DSA 1257-1] New samba packages fix several vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 1257-1[EMAIL PROTECTED] http://www.debian.org/security/ Moritz Muehlenhoff February 5th, 2007

Re: [Full-disclosure] Informix SQL injection

On 2/5/07, Joshua Tagnore <[EMAIL PROTECTED]> wrote: > List, > > I'm doing a pentest on a website that uses informix web datablade and > found a sql injection point. I have been able to use the webexplode() stored > procedure to execute any SQL commands, and also operating system commands > usi

[Full-disclosure] Informix SQL injection

List, I'm doing a pentest on a website that uses informix web datablade and found a sql injection point. I have been able to use the webexplode() stored procedure to execute any SQL commands, and also operating system commands using SYSTEM. The problem I have is that SYSTEM doesnt return the e

Re: [Full-disclosure] [Full-Disclosure] (Psexec on *NIX)

On Monday 05 February 2007 01:20, Q-Ball wrote: > Key-based logon is a bad idea in general because afaik, it's not > possible to implement any type of password policy on those keys. $ ssh-keygen -h 2>&1 | grep pass -N phrase Provide new passphrase. -P phrase Provide old passphrase. -p

[Full-disclosure] [USN-417-1] PostgreSQL vulnerabilities

=== Ubuntu Security Notice USN-417-1 February 05, 2007 postgresql-7.4/-8.0/-8.1 vulnerabilities CVE-2007-0555, CVE-2007-0556 === A security issue affects the following Ubuntu r

[Full-disclosure] iDefense Security Advisory 02.02.07: Blue Coat Systems WinProxy CONNECT Method Heap Overflow Vulnerability

Blue Coat Systems WinProxy CONNECT Method Heap Overflow Vulnerability iDefense Security Advisory 02.02.07 http://labs.idefense.com/intelligence/vulnerabilities/ Feb 02, 2007 I. BACKGROUND BlueCoat WinProxy is an Internet sharing proxy server designed for small to medium businesses. In addition t

Re: [Full-disclosure] Web 2.0 backdoors made easy with MSIE & XMLHttpRequest

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 >> The 2005 text does briefly mention "Accessing content / web-scanning" >> (take a look at Notes 1-3). >> >> So the problem is much older. Well, that's Micro$loth for ya. Amit Klein wrote: > Michal Zalewski wrote: >> On Sat, 3 Feb 2007, Michal Zal

Re: [Full-disclosure] Firefox + popup blocker + XMLHttpRequest + srand() = oops

Hi Michal, Nice read! Very complicated though and with too many "If"s, but very interesting. I just want to sum up. As long as the user has a malicious html file stored on their system you know the path to it, the attacker can read local files. You don't need to do this pop-up trick at all. You ma

Re: [Full-disclosure] Firefox + popup blocker + XMLHttpRequest + srand() = oops

On Mon, 5 Feb 2007, pdp (architect) wrote: > You may as well use a QuickTime .mov/.qtl or a PDF document to open a > file:// link . I think it is easier. Sure. You can probably have a file:// link in Open Office / MS Office documents as well; but these all rely on external components, and as such

[Full-disclosure] Firefox + popup blocker + XMLHttpRequest + srand() = oops

There is an interesting vulnerability in the default behavior of Firefox builtin popup blocker. This vulnerability, coupled with an additional trick, allows the attacker to read arbitrary user-accessible files on the system, and thus steal some fairly sensitive information. This was tested on 1.5.