http://krash.in/real-exp/exploit.ram
Uses MS Help vuln.
--webDEViL
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
===
Ubuntu Security Notice USN-959-1 July 07, 2010
pam vulnerability
CVE-2010-0832
===
A security issue affects the following Ubuntu releases:
Ubuntu 9.10
Ubuntu 10.04 LTS
This is fairly classic, not novel.
Your POC is fairly classic, not novel.
-Travis
On Wed, Jul 7, 2010 at 1:54 PM, BlackHawk wrote:
> Hi list, i recently discovered a very small Windows XP bug, kind of
> useless alone but that could be usefull in some scenarios.
>
> Explanation:
>
> when you try
from man inotify :
IN_ACCESS File was accessed (read) (*).
IN_ATTRIB Metadata changed, e.g., permissions,
timestamps,
extended attributes, link count
(since Linux
2.6.25), UID, GID, etc. (*
Hi list, i recently discovered a very small Windows XP bug, kind of
useless alone but that could be usefull in some scenarios.
Explanation:
when you try to access a non existing directory though shell command
"cd", XP returns an error (obviously), but if you cd to a non-existing
& move one direct
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2010:130
http://www.mandriva.com/security/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2010:129
http://www.mandriva.com/security/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Cisco Security Advisory: Hard-Coded SNMP Community Names in Cisco
Industrial Ethernet 3000 Series Switches Vulnerability
Advisory ID: cisco-sa-20100707-snmp
Revision 1.0
For Public Release 2010 July 07 1600 UTC (GMT
On Wed, 07 Jul 2010 14:34:24 +0200, Gregory Bellier said:
> inotify is pretty much limited. I have great hopes in fanotify but I don't
> see much informations about it in the wild.
Did you miss the part about "likely to make an appearance in 2.6.36"? :)
pgpoS7usjR0Zs.pgp
Description: PGP signa
On 7 July 2010 07:42, wrote:
> On Tue, 06 Jul 2010 21:27:52 EDT, Mary and Glenn Everhart said:
>
>> (Several paragraphs inventing a new protocol elided)
>
not so much programming satan's computer
more programming satan's computer while he is actively logged into the
same session and has been tak
inotify is pretty much limited. I have great hopes in fanotify but I don't
see much informations about it in the wild.
2010/7/7
> On Wed, 07 Jul 2010 15:42:08 +0800, supercodeing35271 supercodeing35271
> said:
> > I am now thinking on monitor the filesystem in linux, for this reason
> > the in
On Wed, 07 Jul 2010 15:42:08 +0800, supercodeing35271 supercodeing35271 said:
> I am now thinking on monitor the filesystem in linux, for this reason
> the inotify is a good way.But the problem is that what i want to do is
> not only monitor but a handle.This situation is like that a file in
> syst
>> On Thu, Jul 01, 2010 at 08:01:26PM -0400, Dan Kaminsky wrote:
>> ... If we can't get pissed, how is that QA guy supposed
>> to block shipment?
> On Tue, Jul 6, 2010 at 11:15 PM, Fyodor wrote:
> Absolutely! And while people are in a mood to pressure vendors of
> crappy networking devices, ple
On Wed, Jul 7, 2010 at 12:42 AM, supercodeing35271 supercodeing35271
wrote:
> I am now thinking on monitor the filesystem in linux, for this reason
> the inotify is a good way.But the problem is that what i want to do is
> not only monitor but a handle.This situation is like that a file in
> syste
On Tue, Jul 6, 2010 at 7:36 PM, Tomas L. Byrnes wrote:
> ... the vector of source attack against most CI
> is from the "great unwashed"
character of attacks i have observed using the "great unwashed" vuln. vector:
- inconsequential (in a war context) DDoS outages of various specific
targets or pa
I am now thinking on monitor the filesystem in linux, for this reason
the inotify is a good way.But the problem is that what i want to do is
not only monitor but a handle.This situation is like that a file in
system has been changed unusually,now the inotity could tell me this
but i want to interce
Citibank CitiDirect Online Banking is forcing usage of vulnerable
version of Java Runtime Environment.
Vulnerable product information
CitiDirect Online Banking [is a] Citibank's Web-based banking platform.
CitiDirect puts all your corporate banking functions in one
security-protected pla
== REMINDER: Call for Papers and Experts
=== DeepSec In-Depth Security Conference 2010 - Quad Core, the fourth DeepSec
The is a reminder for the Call for Papers sent out in April. The next DeepSec
conference will be in Vienna from November 23rd to 26th 2010 and we invite
you to send your submissi
On Tue, 06 Jul 2010 21:27:52 EDT, Mary and Glenn Everhart said:
> (Several paragraphs inventing a new protocol elided)
Why do you go through all the effort of handwaving a new and untested way to
establish a secure communications channel from your token to the other end,
when you could just say "
On Tue, Jul 6, 2010 at 7:36 PM, Tomas L. Byrnes wrote:
>
> I strongly disagree. Since the vector of source attack against most CI
> is from the "great unwashed" protecting the "great unwashed" from being
> turned into zombies, or at least, if they are zombies, from being
> controlled, is a ma
20 matches
Mail list logo