el so small compared to your great worx
>> MrReepass
>> stfu kthnx
>>
>>
>> - Original Message -
>> From: "reepex" <[EMAIL PROTECTED]>
>> To: "Morning Wood" <[EMAIL PROTECTED]>;
>>
>> Sent: Wednesday, December 12, 200
> From: "reepex" <[EMAIL PROTECTED]>
> To: "Morning Wood" <[EMAIL PROTECTED]>;
>
> Sent: Wednesday, December 12, 2007 9:01 PM
> Subject: Re: [Full-disclosure] Microsoft FTP Client Multiple
> Bufferoverflow
> Vulnerability
>
>
> > wow t
5%72%66%6c%6f%77
>>
>> *hugz*
>>
>>
>> - Original Message -
>> From: "reepex" <[EMAIL PROTECTED]>
>> To: "Morning Wood" <[EMAIL PROTECTED]>;
>>
>> Sent: Tuesday, December 11, 2007 1:58 PM
>> Subject:
http://www.google.com/search?q=%22Dude+VanWinkle%22+popsicle
Nice work Dude!
YAY!
On Dec 12, 2007 11:00 PM, Dude VanWinkle <[EMAIL PROTECTED]> wrote:
> BTW:
> http://www.google.com/search?hl=en&q=%22Fredrick+Diggle%22+%2B2003&btnG=Search
>
> Nice work Fred!
>
> On Dec 12, 2007 10:32 PM, Fredric
orning Wood" <[EMAIL PROTECTED]>;
>
> Sent: Tuesday, December 11, 2007 1:58 PM
> Subject: Re: [Full-disclosure] Microsoft FTP Client Multiple
> Bufferoverflow
> Vulnerability
>
>
> > are you serious?
> >
> >
> http://www.derkeiler.com/Mailing-Lists/sec
BTW:
http://www.google.com/search?hl=en&q=%22Fredrick+Diggle%22+%2B2003&btnG=Search
Nice work Fred!
On Dec 12, 2007 10:32 PM, Fredrick Diggle <[EMAIL PROTECTED]> wrote:
> Yes way to go MW you made his day! MW I understand how hard it is to turn
> things into viable exploits :(... sometimes the b
On Dec 12, 2007 10:32 PM, Fredrick Diggle <[EMAIL PROTECTED]> wrote:
> also Dude, your pillow joke was damn hilarious :D how did you think of it?
> can you give me joke lessons?
No, but I can give you some pointers on sarcasm.. ;-)
-JP
___
Full-Disclo
Yes way to go MW you made his day! MW I understand how hard it is to turn
things into viable exploits :(... sometimes the best move is just to wait
for the metasploit guys to do it. They are elite at bof sploitin' etc. You
should stick to the more interesting research like XSS and SQL tampering :<
On Dec 12, 2007 3:38 AM, Morning Wood <[EMAIL PROTECTED]> wrote:
> One of my first advisories and was rediscovered later, turned into a viable
> exploit 2 years after by another researcher.
>
> http://framework.metasploit.com/exploits/view/?refname=windows:ftp:netterm_netftpd_user
>
> http://metasp
e%65%74%66%74%70%64%5f%75%73%65%72%5f%6f%76%65%72%66%6c%6f%77
*hugz*
- Original Message -
From: "reepex" <[EMAIL PROTECTED]>
To: "Morning Wood" <[EMAIL PROTECTED]>;
Sent: Tuesday, December 11, 2007 1:58 PM
Subject: Re: [Full-disclosure] Microsof
are you serious?
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-07/0259.html
I guess you are a 'brain dead india wannabe sec researcher' also?
On Dec 11, 2007 6:22 AM, Morning Wood <[EMAIL PROTECTED]> wrote:
> advisories like this are typical of brain dead India wannabe sec
advisories like this are typical of brain dead India wannabe sec researchers
nuff said
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Tonnerre Lombard ha scritto:
Isn't the FTP client compiled with stack overflow protection?
>>> If so, how is that supposed to help?
>> By terminating the program before the payload is executed
> May I suggest that this protection is not perfect? I was hoping that
> people on this mailing list
hat someone else has been reporting on full disclosure
> > >
> > > Date: Wed, 28 Nov 2007 09:11:30 -0600
> > > From: [EMAIL PROTECTED]
> > > To: [EMAIL PROTECTED] ; full-disclosure@lists.grok.org.uk
> > > Subject: Re: [Ful
> exceptions that someone else has been reporting on full disclosure
> >
> > Date: Wed, 28 Nov 2007 09:11:30 -0600
> > From: [EMAIL PROTECTED]
> > To: [EMAIL PROTECTED]; full-disclosure@lists.grok.org.uk
> > Subject: Re: [Full-disclosure] Micros
20 other non exploitable stack overflow
> exceptions that someone else has been reporting on full disclosure
>
> Date: Wed, 28 Nov 2007 09:11:30 -0600
> From: [EMAIL PROTECTED]
> To: [EMAIL PROTECTED]; full-disclosure@lists.grok.org.uk
> Subject: Re: [
FTP Client Multiple Bufferoverflow
Vulnerability
so... what fuzzer that you didnt code did you use to find these amazing vulns?
Also nice 'payload' in your exploits meaning 'nice long lists of "a"s'. You
should not claim code execution when your code does not
On Wed, 28 Nov 2007 12:05:24 +0100, "KJK::Hyperion" said:
> Rajesh Sethumadhavan ha scritto:
> > Microsoft FTP Client Multiple Bufferoverflow
> > Vulnerability
>
> Isn't the FTP client compiled with stack overflow protection?
Not all buffers live on the stack.
pgpr4k1SBQBZE.pgp
Description: PG
so... what fuzzer that you didnt code did you use to find these amazing
vulns?
Also nice 'payload' in your exploits meaning 'nice long lists of "a"s'. You
should not claim code execution when your code does not perform it.
Well I guess it has been good talking until your fuzzer crashes another
a
Salut,
On Wed, 28 Nov 2007 13:16:34 +0100 "KJK::Hyperion" <[EMAIL PROTECTED]> wrote:
> Tonnerre Lombard ha scritto:
> >>> Microsoft FTP Client Multiple Bufferoverflow
> >>> Vulnerability
> >> Isn't the FTP client compiled with stack overflow protection?
> > If so, how is that supposed to help?
>
Tonnerre Lombard ha scritto:
>>> Microsoft FTP Client Multiple Bufferoverflow
>>> Vulnerability
>> Isn't the FTP client compiled with stack overflow protection?
> If so, how is that supposed to help?
By terminating the program before the payload is executed
___
Salut,
On Wed, 28 Nov 2007 12:05:24 +0100 "KJK::Hyperion" <[EMAIL PROTECTED]> wrote:
> Rajesh Sethumadhavan ha scritto:
> > Microsoft FTP Client Multiple Bufferoverflow
> > Vulnerability
>
> Isn't the FTP client compiled with stack overflow protection?
If so, how is that supposed to help?
Rajesh Sethumadhavan ha scritto:
> Microsoft FTP Client Multiple Bufferoverflow
> Vulnerability
Isn't the FTP client compiled with stack overflow protection?
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-chart
Microsoft FTP Client Multiple Bufferoverflow
Vulnerability
#
XDisclose Advisory : XD100096
Vulnerability Discovered: November 20th 2007
Advisory Reported : November 28th 2007
Credit : Rajesh Sethumadha
24 matches
Mail list logo