[Full-disclosure] Thttpd 2.25b Directory Traversal Vulnerability

Hi guys, You can find the software affected at http://www.acme.com/software/thttpd/thttpd-2.25b.tar.gz Thanks, Metropolis ### # # Software Name : Thttpd 2.25b # # Version : 2.25b (29dec2003) # # Bug Type : Directory Traversal Vulnerability # # Found by :

[Full-disclosure] Defense in depth -- the Microsoft way

Hi @ll, the Microsoft Installer creates for applications installed via an .MSI the following uninstall information in the Windows registry (see http://msdn.microsoft.com/library/aa372105.aspx): [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall] UninstallString=MsiExec.Exe

Re: [Full-disclosure] My ISP is routing traffic to private addresses...

Because private addresses have no global meaning, routing information about private networks shall not be propagated on inter-enterprise links, and packets with private source or destination addresses should not be forwarded across such links. Routers in networks not using private address

[Full-disclosure] Critical issues affecting multiple game engines

We have just released a paper [1], in which we detail several 0-day issues affecting a number of different game engines, including: Unreal Engine, CryEngine 3 and idTech 4. During our presentation at the recent NoSuchCon conference in Paris, we discussed [2] additional details about game engine

Re: [Full-disclosure] My ISP is routing traffic to private addresses...

Maybe when we cut over to IPv6 the ISPs will revert to the golden age of putting all their gear on publicly addressable space :) Conversely, an enjoyable network design is where you route public IPs from a private network to a private network, and the public IP has different services on the

Re: [Full-disclosure] exploitation ideas under memory pressure

On Fri, May 17, 2013 at 05:44:58PM -0700, Tavis Ormandy wrote: On Fri, May 17, 2013 at 02:26:10PM -0700, Tavis Ormandy wrote: The question is how to get PATHALLOC() to succeed under memory pressure so we can make this exploitable, my first thought was have another thread manipulating

[Full-disclosure] Trend Micro DirectPass 1.5.0.1060 (Cloud) Software - Multiple Software Vulnerabilities

Title: == Trend Micro DirectPass 1.5.0.1060 (Cloud) Software - Multiple Software Vulnerabilities Date: = 2013-05-21 References: === http://www.vulnerability-lab.com/get_content.php?id=894 Article: http://www.vulnerability-lab.com/dev/?p=580 Trend Micro (Reference):

[Full-disclosure] Sony PS3 Firmware v4.31 - Code Execution Vulnerability

Title: == Sony PS3 Firmware v4.31 - Code Execution Vulnerability Date: = 2013-05-12 References: === http://www.vulnerability-lab.com/get_content.php?id=767 VL-ID: = 767 Common Vulnerability Scoring System: 6.5 Introduction: