[Full-disclosure] CVE-2010-0071 (Oracle TNS Listener) PoC

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi. CVE-2010-0071 (Oracle TNS Listener) PoC: http://blogs.conus.info/node/38 - -- My PGP public key: http://yurichev.com/dennis.yurichev.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (MingW32) Comment: Using GnuPG with Mozilla - http://eni

[Full-disclosure] Oracle CPUjul2009

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi. Information about four vulnerabilities patched in Oracle CPUjul2009: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2009.html ... is published at: CVE-2009-1970: http://blogs.conus.info/node/26 CVE-2009-1963 http:/

[Full-disclosure] Obfuscated patches

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi. Just curious: will we see one day obfuscated patches (in a manner of obfuscated code) to make reverse engineer's (who would like to create exploits after security patches out) work harder? - -- My PGP public key: http://yurichev.com/dennis.yurich

[Full-disclosure] CVE-2009-0991 PoC

applied # Vulnerability discovered by Dennis Yurichev # Fixed in CPUapr2009, CVE-2009-0991 # http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html from sys import * from socket import * sockobj = socket(AF_INET, SOCK_STREAM) sockobj.connect ((argv[1], 1521

[Full-disclosure] IBM DB2 two PoCs

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi. Two PoCs for DoS vulnerabilities fixed in IBM DB2 9.5 FP3a: IZ37697: SECURITY: MALICIOUS CONNECT DATA STREAM CAN CAUSE DENIAL OF SERVICE. ...and IZ39653: SECURITY: MALICOUS DATA STREAM CAN CAUSE THE DB2 SERVER TO TRAP. ... can be downloaded there:

[Full-disclosure] IBM DB2 9.5

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi! I looking for firewall/IDS company who interesting in information about DoS holes in IBM DB2 9.5. - -- My PGP public key: http://yurichev.com/dennis.yurichev.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (MingW32) Comment: Using GnuPG w

[Full-disclosure] IBM DB2

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi. Anybody know right method to report vulnerability in IBM DB2? Is this email correct? [EMAIL PROTECTED] - -- My PGP public key: http://yurichev.com/dennis.yurichev.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (MingW32) Comment: Using Gn

[Full-disclosure] question

Hello, I'm sorry, I wrote my question incorrectly. I meant, who among software companies would like to know about vulnerabilities in their own products and *also* would like to pay for this? It's possible to work with them as independent security researcher? -- My PGP public key: http://yurich

[Full-disclosure] question

Hello, Are there any well-known vendors who would like to buy 0day exploits for their own products? -- My PGP public key: http://yurichev.com/dennis.yurichev.asc pgptYdK7aju9F.pgp Description: PGP signature ___ Full-Disclosure - We believe in it.