I've tested on Clean Licensed Windows 7 Professional Edition 64-bit
with latest windows updates applied (as of Today -sept 09 2010).
Could be a virus/trojan from my XP machine might have caused some form
of immunity against this issue?
And perhaps my extensive meddling and customization somehow
YGN is too ethical to do dns lookups! you blackhat you!!!
2010/9/8 p8x l...@p8x.net
# host websecurity.com.ua
websecurity.com.ua has address 62.149.9.65
On 8/09/2010 9:00 PM, YGN Ethical Hacker Group wrote:
Good job, Dude
You didn't even bother to hide your track.
[snip]
Ü Lulz
Btw wazza 66$ shit? http://yehg.net/
ah oh yeah
http://www.templatemonster.com/flash-templates/10730.html
YGN is too ethical to do dns lookups! you blackhat you!!!
2010/9/8 p8x l...@p8x.net mailto:l...@p8x.net
# host websecurity.com.ua
[Full-Disclosure] Mailing List Charter
John Cartwright jo...@grok.org.uk
- Introduction Purpose -
This document serves as a charter for the [Full-Disclosure] mailing
list hosted at lists.grok.org.uk.
The list was created on 9th July 2002 by Len Rose, and is primarily
concerned with
RingoBingo TM Security Advisory 09.08.10
http://labs.ringobingo.net/intelligence/vulnerabilities/
Sep 8, 2010
I. BACKGROUND
RingoBingo Secuity TM has been finally acquired by Hewlatt Pachard
TM
for ~11.5M this weekend in a secret meeting in a location near
Hanover
Street. The sign has been
Nmap is not vulnerable. DLL hijacking works because of an unfortunate
interaction between apps which register Windows file extensions and
the default Windows DLL search path used for those apps. Nmap does
not, and never has, registered any Windows file extensions. So it
isn't
... my understanding of the issue was not the default library search
path, but rather that people are using SearchPath() or similar to locate
DLLs which they then pass to LoadLibrary() ...
And, people loading DLLs they do not need, for OS version detection.
(Maybe others?)
I still don't
I've tested on Clean Licensed Windows 7 Professional Edition 64-bit
with latest windows updates applied (as of Today -sept 09 2010).
Could be a virus/trojan from my XP machine might have caused some form
of immunity against this issue?
And perhaps my extensive meddling and customization
Hi Chris,
Considering Acros highlighted how their POC was highly
unstable (they've frequently advised to try the program
several times to get it to work) I don't see such abnormal
behaviour out of this world.
Indeed, we're seeing problems with accessing (any) remote WebDAV shares from
Bwt, you can simply turn our Internet-based test into an intranet or local
test by
copying the files to your local share or a folder on your computer and
double-click
the .wab file from there. The usual caution with runnning code from unknown
sources
applies, of course.
I did better, I
* replace my later possible with dll (to hell with distractions!)
Cheers,
Chris.
On Thu, Sep 9, 2010 at 12:52 PM, Christian Sciberras uuf6...@gmail.com wrote:
Bwt, you can simply turn our Internet-based test into an intranet or local
test by
copying the files to your local share or a
We are continuing with the list of security vulnerabilities found in a
number of web applications while testing our latest version of Acunetix
WVS v7 . In this blog post, we will look into the details of a number of
security problems discovered by Acunetix WVS in CubeCart.
CubeCart is a fully
1. Overview
Juniper Pix ASA is vulnerable to Windows DLL Hijacking Vulnerability.
Version 1.3.37, Mitnick Build (latest available on 30th August 2010
was tested) is vulnerable.
2. Vulnerability Description
Juniper Pix ASA is for hybrid firewall and passes insufficiently
qualified path for the dll
Hi,
I totally agree with Tim. SSL is fragile but the mentioned protocol
basically creates the same problems which is why PKI was created to solve.
Regards,
Shreyas Zare
Sr. Information Security Researcher
Secfence Technologies
www.secfence.com
On Thu, Sep 9, 2010 at 1:00 AM, Tim
I can't take THAT seriously. At least not all of it.
The part that interested me most:
4. Should I find such vulnerability in many applications as I can?
You should not. It's just a waste of time and your energy. Focus on most
popular application types/classes.
If, say, DWM.dll is
Hi Christian
The reason I use Clean doesn't mean (or I'm not accusing) your
Windows is infected.
It's better to test DLL Hijacking in Clean Copy of Windows without any
prior applications messup.
Please take a look at
http://core.yehg.net/lab/pr0js/texts/when_testing_for_dll_hijacking.txt
We
If, say, DWM.dll is exploitable, why not point *that* out rather than
point out the many applications that are using it (wrongly)?
As I might have said in earlier mail, I have to do this so that
vulnerability news site such as secunia , securiteam authors can get
enough information for each
Nice find!
Thank you, guys for your nice comments.
We'll end up here.
On Thu, Sep 9, 2010 at 3:39 PM, PsychoBilly zpamh...@gmail.com wrote:
Ü Lulz
Btw wazza 66$ shit? http://yehg.net/
ah oh yeah
http://www.templatemonster.com/flash-templates/10730.html
YGN is
=
PGP Desktop version 9.10.x-10.0.0 Insecure DLL Hijacking
Vulnerability (tsp.dll, tvttsp.dll)
=
1. OVERVIEW
The PGP Desktop application is vulnerable to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Debian Security Advisory DSA-2107-1 secur...@debian.org
http://www.debian.org/security/ Sébastien Delafond
Sep 9, 2010
Nmap is not vulnerable. DLL hijacking works because of an unfortunate
interaction between apps which register Windows file extensions and
the default Windows DLL search path used for those apps. Nmap does
not, and never has, registered any Windows file extensions. So it
isn't vulnerable to this
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2010:172
http://www.mandriva.com/security/
Please, try to figure out the difference b/w exploitability and vulnerability.
Here's my definition
Exploitable vulnerability = vulnerability
Non-exploitable vulnerability = mental masturbation
HTH,
/mz
___
Full-Disclosure - We believe in it.
23 matches
Mail list logo
