Bill Royds wrote:
A vulnerability on the list today is a perfect example of why C is
inherently an insecure programming language and why "thinking in C" is a
directo route to insecure code.
*code snipped*
If instead C allowed a header like
static void
defang( char* str, char dfstr[dfsize], int
Hi,
are there any techniques to execute the shellcode if the necessary
opcodes cannot fit after the return address!
the return address is overwritten with an address of "jmp esp"!
some says its not possible, is it?
TIA
--
npguy mailto:[EMAIL PROTECTED]
__
"morning_wood" <[EMAIL PROTECTED]> wrote:
> funny, didnt know Micro$oft had a
> "Microsoft AuthenticodeT webcam viewer plugin "
> ... guess there trying to make up for lost revenue by
> going into the East European live teen webcam business
<>
FWIW, I think the biggest "problem" here is that a CA
Same here.. but now it's dropping as fast as it raises.. did anyone manage
to capture what's inside?
- Original Message -
From: "Eric Bowser" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, October 29, 2003 4:51 AM
Subject: Re: [Full-Disclosure] sharp increase on 27347/TCP
Bipin Gautam <[EMAIL PROTECTED]> wrote:
> Moroons... 'KILL YOURSELF'.. LET'S SWITCH TO THE TOPIC ANYWAY!
> ---
> i am using windowsxp at the moment!!!
How thrilling for you, I'm sure...
> the most surprising thing is... SOME
funny, didnt know Micro$oft had a
"Microsoft AuthenticodeT webcam viewer plugin "
... guess there trying to make up for lost revenue by
going into the East European live teen webcam business
( mby they should talk to Ifriends.com )
http://www.czechcamgirls.eu.tt/
--- / snip / -
On Oct 28, 2003, at 9:02 PM, B-r00t wrote:
I know that the underlying ipfw is capable of being configured
accordingly, but shouldnt the overlying firewall configuration
application at least activate appropriate UDP and ICMP filtering?
osx does .. for anyone who uses ipfw in osx in their own custom
> "Valdis" == Valdis Kletnieks <[EMAIL PROTECTED]> writes:
Valdis> All programming languages that are Turing-complete
Valdis> (basically, anything that has a conditional loop) are prone
Valdis> to the Turing Halting Problem.
Valdis> In other words, you can't prevent DoS-via-in
dyslexic? i think not
some versions of sub7 default to 27347 and / or 27374
( and my SuperScan3 list 27347 as Sub7 ) Plus...
do not rely on port assignmet alone to determine
your suspect, only kiDDies use default ports on
R.A.T serverz
dyslexic? i think not.
Donnie Werner
E2 Labs Security
http:/
adsl-81-7-72-8.takas.lt
what a hacker.
On Thursday 24 February 2005 10:58, [EMAIL PROTECTED] wrote:
> And it did actually tell me something about all this snowflakes around.
>
> I have been living in Earth! Planet Earth! can you actually imagine it.. I
> cannt!.
>
> So, it's really nice to see s
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Panther OSX 10.3 (Firewall Configuration App)
OSX Personal Firewall gives false sense of security
due to lack of ICMP and UDP protocol filtering.
maki:~ br00t$ sw_vers
ProductName:Mac OS X
ProductVersion: 10.3
BuildVersion: 7B85
Quoting Ap
On Tue, 28 Oct 2003 17:44:55 +1300, Steve Wray <[EMAIL PROTECTED]> said:
> Is it beyond all possibility that there exist languages in which
> the very reverse is true? ie Languages in which one would have to
> reimplement data types and so forth in order to be able to write
> insecure code?
>
>
Eric Bowser <[EMAIL PROTECTED]> wrote:
> That's what I thought at first, but why the sudden interest in 27374
> then? Also, incidents.org is showing 200+ sources... that a whole
> state's worth of dyslexic people...
>
> Incidents.org is now showing 1.1 million hits today alone. Something
> big
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
post that to bugtraq or something. give it up already
looks like lorenzo changed his named and done learnt some mo' english...
On Tue, 28 Oct 2003 10:20:55 -0800 Bipin Gautam <[EMAIL PROTECTED]>
wrote:
>Moroons... 'KILL YOURSELF'.. LET'S SWIT
David Mirza Ahmad
Symantec
PGP: 0x26005712
8D 9A B1 33 82 3D B3 D0 40 EB AB F0 1E 67 C6 1A 26 00 57 12
--
The battle for the past is for the future.
We must be the winners of the memory war.
On Tue, 28 Oct 2003, Richard Brittain wrote:
> On Mon, 27 Oct 2003, dong-h0un U wrote:
>
> > Vulnerabi
Awan, Farrukh (OCTO) wrote:
Has any body detected a new variant of the Nachi worm infecting
machines not patched with MS03-039. I couldn't find any details on it
propagation except once a host is infected, it attempts to propagate
via SMB over TCP (port 445). Any details on exploit code /payloa
FirstClass 7.1 HTTP Server allow the listing of all files under the web
root directory and user web directories. This can be achieved by appending
"/Search" to the URL. The browser will present a file searching form. If
all check boxes (search options) are selected, and the filename text box
is lef
you are probably talking about the new variant of the
rpc vulnerability (no patch still now !) :
Advisory : http://xforce.iss.net/xforce/alerts/id/155
Exploit :
http://www.k-otik.com/exploits/10.09.rpcdcom3.c.php
i think that the next huge worm will use this lame
vuln !!
--- [EMAIL PROTECTED] w
And it did actually tell me something about all this snowflakes around.
I have been living in Earth! Planet Earth! can you actually imagine it.. I cannt!.
So, it's really nice to see some screens in this and all.
but hey thanks.
yours trully, friend SPENDERGLER
(i meant spengler or spendergay).
Look like W32/Spybot.worm.gen discovered on 4/23/2003 and documented here by
McAfee:
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100282
---SNIP---
"The worm copies itself around and into the folder defined by
"Kazaa\localcontent" registry key and into "kazaabackupfiles" subd
>-Original Message-
>From: bipin gautam [mailto:[EMAIL PROTECTED]
>Sent: Wednesday, October 29, 2003 6:59 AM
>To: [EMAIL PROTECTED]
>Subject: RE: [Full-Disclosure] when will crap posts COME TO AN END...
>
> Snip
You are teh n00b!
thanks for the laugh though - blackcode is great...
z
__
Has anyone heard about a new rpc vulnerability Im hearing stories, but none reputable...
James P. McDermott
Information Security Analyst
Federal Reserve Bank of New York
That's what I thought at first, but why the sudden interest in 27374
then? Also, incidents.org is showing 200+ sources... that a whole
state's worth of dyslexic people...
Incidents.org is now showing 1.1 million hits today alone. Something
big just came out, but I can't figure out what...
On T
-BEGIN PGP SIGNED MESSAGE-
__
SGI Security Advisory
Title: Wildcard exportfs issue in NFS
Number: 20031004-01-P
Date: October, 28 2003
Reference: SGI BUG 902105
Reference
On Tue, Oct 28, 2003 at 10:20:55AM -0800, Bipin Gautam wrote:
/* snip */
> WHAT DO YOU SAY!!!
/* snip */
For some reason, "Get a life" comes to mind...
- John
--
"Most people don't type their own logfiles; but, what do I care?"
-
John Sage: InfoSec Groupie
-
ABCD, EFGH, IJKL, EmEnOh, Pplus
On Mon, 27 Oct 2003, dong-h0un U wrote:
> Vulnerabilty happens '*' because don't filtering.
> Through this character, can know existence of files to directory.
...
This patch prevents the globbing, but also breaks the proper action of the
server because bname() no longer returns the filename.
A b
Program:mod_security (www.modsecurity.org)
Versions: 1.7RC1 to 1.7.1 (Apache 2 version)
Synopsis: malloc based buffer overflow
Author: Adam Dyga (adeon(at)o2.pl, ad(at)adsystems.com.pl)
URL:http://adsystems.com.pl/adg-
oh no its a dyslexic pereson scannin for Sub7!!! (27374)
bahJoshua Levitsky <[EMAIL PROTECTED]> wrote:
http://isc.incidents.org/port_details.html?port=27347I'd say probably something is coming... that's a pretty sharp spike on thegraph.-Josh--Joshua Levitsky, MCSE, CISSPSystem EngineerTime Inc. I
I'm sorry I was late to work today guys, my car broke down. I'll resume
my reading shortly though.
> -Original Message-
> From: Lorenzo Hernandez Garcia-Hierro [mailto:[EMAIL PROTECTED]
> security.com]
> Sent: Saturday, October 25, 2003 5:26 AM
> To: Full-Disclosure
> Subject: [Full-Discl
On Tuesday 28 October 2003 13:09, Gary E. Miller wrote:
> > "Better Security - The PIX operating environment is a single system that
> > was designed with functionality and security mind. Because there is
> > no separation between the operating system and the firewall application,
>
> Just do a "st
http://isc.incidents.org/port_details.html?port=27347
I'd say probably something is coming... that's a pretty sharp spike on the
graph.
-Josh
--
Joshua Levitsky, MCSE, CISSP
System Engineer
Time Inc. Information Technology
[5957 F27C 9C71 E9A7 274A 0447 C9B9 75A4 9B41 D4D1]
- Original Messa
Thus spake Jon Hart ([EMAIL PROTECTED]) [28/10/03 14:05]:
> I've also seen issues where posts that are 100% legitimate and on-topic
> are returned to the original poster because, according to the list
> daemon, the moderator failed to act on the post.
>
> Its bad enough when posts are delayed, but
I've noticed a sharp increase in probes of port 27347/TCP against our
equipment over the past couple of days. Zero hits for weeks, 58
yesterday, and 224 so far today. Incidents.org seems to confirm this,
very light activity for weeks, and suddenly 781,000 yesterday and
938,000 so far today.
Has
sorry! if that. b0thered you
see... i was just asking a question about...!
http://www.blackcode.com/forums/viewtopic.php?t=10577
he was just flaming me with shit* [KINDA... HARASH>
--- Brent Colflesh <[EMAIL PROTECTED]> wrote:
> -Original Message-
> From: [EMAIL PROTECTED]
> [ma
Verified.
I was successful in changing the password of current user (myself) with
an open terminal in focus on the desktop.
Darren Bounds
Intrusense LLC.
http://www.intrusense.com
--
Intrusense - Securing Business As Usual
Date: Tue, 28 Oct 2003 17:46:41 +0100
From: kang <[EMAIL PROTECTED]>
To
> Moroons... 'KILL YOURSELF'.. LET'S SWITCH TO THE TOPIC ANYWAY!
> ---
> i am using windowsxp at the moment!!!
>
> the most surprising thing is... SOMETIMES! wordpad.exe crashes after
executing the 'test.rtf' and sometimes... t
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Bipin Gautam
Sent: Tuesday, October 28, 2003 1:18 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] when will IE exploits COME TO AN END...
does that really matter...
they are moro
> -Original Message-
> From: Michael Sierchio [mailto:[EMAIL PROTECTED]
> Sent: Tuesday October 28, 2003 9:32 AM
> To: [EMAIL PROTECTED]
> Subject: Re: [Full-Disclosure] Is bugtraq even worth it anymore?
>
>
>
> I consider Symantec's control of bugtraq to be analogous to
> Scientology's
A local root vuln exists in Kpopup version
0.9.1(latest) and
proberly all other versions. It is avaliable from
http://www.henschelsoft.de/kpopup_en.html (main site)
http://www.freebsd.org/ports/net.html
and many other places if you search kpopup on google.
I. BACKGROUND
Kpopup is a KDE program f
This is just shocking we still see stuff like this in 2003.
From: b0fSent: Tue 10/28/2003 1:13 PMTo: [EMAIL PROTECTED]Subject: [Full-Disclosure] Local root vuln in kpopup
A local root vuln exists in Kpopup version
0.9.1(latest) and
proberly all other versions. It is avaliable from
http://w
From: Michael Sierchio <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] Is bugtraq even worth it anymore?
Date: Tue, 28 Oct 2003 09:31:56 -0800
I consider Symantec's control of bugtraq to be analogous to
Scientology's control of the Cult Awareness Network.
--
"Well," Brahma
On Mon, Oct 27, 2003 at 12:44:50PM -0600, David M wrote:
> It would seem that the bugtraq folks think that security issues cease to
> exist on weekends, or even after "normal business hours" these days.
> It's a shame really.
> Once upon a time, pre-symantec it seems, it used to be a viable and
>
does that really matter...
they are moroons and you are a ASS* h*o*le. WELL, STICK BEHIND MY ASS! thanks for
saving my toilet-paper dooD.
-
anyone willing to explain..
http://www.blackcode.com/forums/viewtopic.php?t=10577
---
On Tue, 28 Oct 2003, Davide Del Vecchio wrote:
> "Searched the web for Cisco PIX vulnerability.
> Results 1 - 10 of about 20,600. Search took 0.09 seconds." Google.
Hehehehe...
> "Better Security - The PIX operating environment is a single system that
> was designed with functionality and securi
Moroons... 'KILL YOURSELF'.. LET'S SWITCH TO THE TOPIC ANYWAY!
---
i am using windowsxp at the moment!!!
the most surprising thing is... SOMETIMES! wordpad.exe crashes after executing the
'test.rtf' and sometimes... test.rtf
it's a off-topic! anyway... INDEED A BUG BUT i got lot of flamings
... while trying to explain one of my advisory to some 31337's. out
here!
http://www.blackcode.com/forums/viewtopic.php?t=10577
ANYONE WILLING TO EXPLAIN THE STRANGE PHENOMENON! (o;
Thanks for posting the link to that forum, Bipin
I consider Symantec's control of bugtraq to be analogous to
Scientology's control of the Cult Awareness Network.
--
"Well," Brahma said, "even after ten thousand explanations, a fool is no
wiser, but an intelligent man requires only two thousand five hundred."
- The Mahabharata
__
--- Cael Abal <[EMAIL PROTECTED]> wrote:
> New exploit just discovered:
>
> My toilet won't flush reliably when it rains! Both
> the vendor and major
> news outlets has been notified. Screen captures are
> available here!!!
>
> http://www.geocities.com/visitbipin/
>
> BIpin
>
> PS: NASA m
Mac OS X 10.3 Panther Screen Lock Bypass
*Advisory Title*: Keys Getting Past Panther Screen Lock
*Release Date*: 2003 October 28
*Affected Product*: Mac OS X 10.3 Build 7B85
*Severity*: Low
*Impact*: Security Bypass
*Where*: Local System
*Author*: CodeSamurai ([EMAIL PROTECTED])
*VULNERABILIT
On Tue, 2003-10-28 at 07:27, Rob Lewis wrote:
> I unsubscribed to BUGTRAQ months ago and then subscribed to the respective
> company's security advisories that I want to recieve and it appears that
> over the last 6 months or so I am getting the same info the company is
> putting out, only I get it
well, ITS MY FAULT!
thanks for that enlightment!
it's a off-topic! anyway...
INDEED A BUG BUT i got lot of flamings ... while trying to explain one of my advisory
to some 31337's. out here!
http://www.blackcode.com/forums/
: Affected Packages:Corrected Packages:
OpenPKG CURRENT <= apache-1.3.28-20031009 >= apache-1.3.29-20031028
OpenPKG 1.3 <= apache-1.3.28-1.3.0>= apache-1.3.28-1.3.1
OpenPKG 1.2 <= apache-1.3.27-1.2.2>= apache-1.3.27-1.2.3
Dependent Packages: none
De
http://support.microsoft.com/default.aspx?scid=kb;en-us;208427
"INFO: Maximum URL Length Is 2,083 Characters in Internet Explorer"
-Original Message-
From: Bipin Gautam [mailto:[EMAIL PROTECTED]
Sent: Tuesday, October 28, 2003 9:18 AM
To:
Subject: [Full-Disclosure] when will IE exploits
I feel exactly that same way, been debating unsubscribing as
wellSymantec has always been on the "in" with Microsoft, thus with
MS wanting to stop everyone from 0-day exploit posting, I can see where
BugTraq is going to going down the tubes.
Thanks,
-Chris-
IT Director
Sundowner Interiors
and what would the security implications of this be in your *cough* expert
opinion
http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/Q208/4/27.asp&NoWebContent=1
- Original Message -
From: "Bipin Gautam" <[EMAIL PROTECTED]>
To: <[EMAIL PRO
Internet explorer can't click and properly open long URL's! in the browser...
http://www.geocities.com/visitbipin/index9.htm
see... IT'S A URL but ... you can't click at the link!!!
I don't see the point.
How it is a security flaw? Or even a bug (is a browser supposed to support
very lon
On Tue, Oct 28, 2003 at 06:17:40AM -0800, Bipin Gautam wrote:
> Internet explorer can't click and properly open long URL's! in the browser...
> http://www.geocities.com/visitbipin/index9.htm
> see... IT'S A URL but ... you can't click at the link!!!
I don't see the point.
How it is a se
another harmless! IE BUG... I GUESS
Internet explorer can't click and properly open long URL's! in the browser...
http://www.geocities.com/visitbipin/index9.htm
see... IT'S A URL but ... you can't click at the link!!!
I HAVE TRIED IT IN OTHER BROWSER INCLUDING OPERA AND THE LINK OPENS WITHO
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
STG Security Advisory: [SSA-20031025-05] InfronTech WebTide 7.04 Directory
and File Disclosure Vulnerability
Revision 1.0
Date Published: 2003-10-25 (KST)
Last Update: 2003-10-25
Disclosed by SSR Team ([EMAIL PROTECTED])
Abstract
InfronTech'
I unsubscribed to BUGTRAQ months ago and then subscribed to the respective
company's security advisories that I want to recieve and it appears that
over the last 6 months or so I am getting the same info the company is
putting out, only I get it 3-5 days sooner than BUGTRAQ. Other than that the
onl
Title: Message
Has any body
detected a new variant of the Nachi
worm infecting machines not patched with MS03-039. I couldn't find any details on it propagation
except once a host is infected, it attempts to
propagate via SMB over TCP (port 445). Any details on exploit
code /payload...
B
"Better Security - The PIX operating environment is a single system that
was designed with functionality and security mind. Because there is
no separation between the operating system and the firewall application,
there are no known vulnerabilities to exploit." - Cisco Secure PIX Firewall
Advanced
A summary of vulnerabilities identified in Week 43, 2003 are available here
in PDF Format:
http://www.sintelli.com/sinweek/week43-2003.pdf
Sintelli Limited
1 Berkeley Street
London
W1J 8DJ
www.sintelli.com
___
Full-Disclosure - We believe in it.
Charte
Hi Marc,
> either they (Sun) remove the deprecated functions completely or they
> introduce permissions which explicitly allow to call deprecated stuff.
> An adversary does not care whether the function he uses to interfere
> correct operation is deprecated. Deprecation is not a security feature,
64 matches
Mail list logo
