Enjoy!!;)
Cesar.
__
Do you Yahoo!?
Take Yahoo! Mail with you! Get it on your mobile phone.
http://mobile.yahoo.com/maildemo
// Impersonation POC Exploit
// Works on Win2k all service packs
// by Cesar Cerrudo (sqlsec>atdoth
*** rfdslabs security advisory ***
Title: QNX crrtrap arbitrary file read/write vulnerability [RLSA_06-2004]
Versions: QNX RTOS 2.4, 4.25, 6.1.0, 6.2.0 (+ Update Patch A)
Vendor: http://www.qnx.com
Date: Dec 11 2004
Author: Julio Cesar Fort
1. Introduction
crrtrap is a tool to detect video
Anyone knows Kerio security contact email?
Thanks.
Cesar.
___
Do you Yahoo!?
Declare Yourself - Register online to vote today!
http://vote.yahoo.com
___
Full-Disclosure - We believe in it.
Charter: http
*** rfdslabs security advisory ***
Title: QNX Photon multiple buffer overflows [RLSA_02-2004]
Versions: QNX RTP 6.1 (possibly others)
Vendor: QNX Software Systems <http://www.qnx.com>
Date: 13 Sep 2004
Author: Julio Cesar Fort
1. Introduction
QNX Photon microGUI is the windowing sys
*** rfdslabs security advisory ***
Title: QNX ftp client format string bug [RLSA_03-2004]
Versions: QNX RTP 6.1 (possibly others)
Vendor: http://www.qnx.com
Date: 13 Sep 2004
Author: Julio Cesar Fort
1. Introduction
"QNX Software Systems has provided OS technology, development tools, an
*** rfdslabs security advisory ***
Title: QNX crrtrap possible race condition vulnerability [RLSA_04-2004]
Versions: QNX RTP 6.1 (possibly others)
Vendor: http://www.qnx.com
Date: Sep 13 2004
Author: Julio Cesar Fort
1. Introduction
crrtrap is a tool to detect video hardware and starts the
*** rfdslabs security advisory ***
Title: QNX PPPoEd local root vulnerabilities [RLSA_01-2004]
Versions: QNX RTP 6.1 (possibly others)
Vendor: http://www.qnx.com
Date: 02 Sep 2004
Author: Julio Cesar Fort
1. Introduction
PPPoEd daemon is used to provide a PPPoE connection, such as DSL, for
Most of the vulns are almost one year old. We don't
steal anything.
BTW: finding vulns in Oracle products is like fishing
in a pool full of fishes. Not big deal.
Cesar.
--- xbud <[EMAIL PROTECTED]> wrote:
> Actually this sounds like someone stole Litchfield's
> re
Can anyone at Yahoo! with clues email me at
sqlsec>athttp://promotions.yahoo.com/new_mail
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Bad Design + Bad Coding - QA = APMT
APMT = application patched many times
Cesar.
__
Do you Yahoo!?
Yahoo! Mail is new and improved - Check it out!
http://promotions.yahoo.com/new_mail//by Cesar Cerrudo sqlsec>atNULL
Sleep(
Here you can see how Oracle is very serious about
security and that Oracle really cares about their
customers, ONE YEAR TO FIX A REMOTE
VULNERABILITY!!
ORACLE=UNBREAKABLE?
FBI and CIA still running Oracle?
;)
Cesar.
--- Ioannis Migadakis <[EMAIL PROTECTED]>
http://www.blackhat.com/presentations/win-usa-04/bh-win-04-cerrudo/bh-win-04-cerrudo.pdf
BTW: ActiveX is a dangerous technology, take a look at
the ActiveX you have installed, audit them and you
will be afraid of what you find.
Cesar.
--- Thomas Kristensen <[EMAIL PROTECTED]> wrote:
> Hi Rafel
I forgot, i'm serious the +60 issues are true and are
not fixed yet. So if you are running Oracle database
then be careful, and remember to start complaining to
Oracle!!!.
Cesar.
--- Cesar <[EMAIL PROTECTED]> wrote:
> Don't worry, Oracle sucks, probably they won't say
p of Patchset 3 (9.2.0.4). If you (all
people) don't understand don't worry i also don't
understand much this Oracle patch stuff:), but if you
are paying to get the patches and support then it
should be easy, shouldn't be?
Cesar.
--- Chris Anley <[EMAIL PROTECTED]
i'm curious, Why you didn't posted those
advisories to public mailing lists?
Cesar.
--- Chris Anley <[EMAIL PROTECTED]> wrote:
> Hey Cesar.
>
> These are known bugs.
>
> We (NGS) found and reported them last year. As you
> say, Oracle has
> alr
Security Advisory
Name: Oracle Database 9ir2 Interval Conversion
Functions Buffer Overflow.
System Affected : Oracle Database 9ir2, previous
versions could be affected too.
Severity : High
Remote exploitable : Yes
Author:Cesar Cerrudo.
Date:02/05/04
Advisory Number:CC020401
Given that most of you like to play with IE stuff, try
this:
Copy and paste the next in IE addres bar, then hit
Enter:
javascript:open('javascript:open(location)')
Nice?
Cesar.
__
Do you Yahoo!?
New Yahoo! Photos - easier uploading and sha
said a Microsoft spokeman.
This seems incredible? i don't think so.
PS: sorry, i'm not a good writer.
Cesar.
__
Do you Yahoo!?
Protect your identity with Yahoo! Mail AddressGuard
http://antispam.yahoo.com/whatsnewfree
__
tware is trusted, so
SHUT UP.
PS: Hey Bill, do you use Outlook for e-mails? I bet
you use a text only e-mail client, you don't want
anyone hacking you, or is your personal computer
running Linux? :)
Cesar.
__
Do you Yahoo!?
Exclusive Video Premi
Security Advisory
Name: Microsoft Local Troubleshooter ActiveX control
buffer overflow.
System Affected : Microsoft Windows 2000 (all
versions).
Severity : High
Remote exploitable : Yes
Author:Cesar Cerrudo.
Date:10/16/03
Advisory Number:CC100309
Legal Notice:
This Advisory is
Security Advisory
Name: Microsoft Biztalk Server ISAPI HTTP Receive
function buffer overflow
System Affected : Microsoft BizTalk Server 2002
Severity : High
Remote exploitable : Yes
Author:Cesar Cerrudo.
Date:05/05/03
Advisory Number:CC040301
Legal Notice:
This Advisory is
Security Advisory
Name: Microsoft Biztalk Server Document Tracking and
Admnistration vulnerable to SQL injection
System Affected : BizTalk Server 2000 and BizTalk
Server 2002
Severity : High
Remote exploitable : Yes
Author:Cesar Cerrudo.
Date:05/05/03
Advisory Number:CC040302
Security Advisory
Name: Microsoft Biztalk Server documentation and
repository sites weak permissions.
System Affected : Microsoft Biztalk Server 2000 and
Microsoft Biztalk Server 2002.
Severity : Medium
Remote exploitable : Yes
Author:Cesar Cerrudo.
Date:09/18/03
Advisory Number
Root%\Downloaded Program Files\
-Right Click on: YInstStarter Class
-Left Click: Remove
I thought Yahoo! was serious about security!!! Doh!!!
i have Yahoo! emails accounts:)
To reproduce the overflow just copy and paste the
following:
Cesar.
__
Do you Yahoo!?
Yaho
Security Advisory
Name: Yahoo! Webcam ActiveX control buffer overflow.
Systems Affected : Yahoo! Messenger, Yahoo! Chat
Severity : High
Remote exploitable : Yes
Author:Cesar Cerrudo (Cleaning Internet of
dangerous ActiveX :))
Date: 09/16/03
Advisory Number:CC090307
Legal Notice
There is not need for debate, just ignore OIS and do
what you think is correct.
Cesar.
--- gridrun <[EMAIL PROTECTED]> wrote:
> Vulnerability Disclosure Debate
> by gridrun on 8/07/03
>
> The security alliance around Microsoft is trying to
> push its "reasonable
Here is what it looks like The Analysis of LSD's
Buffer Overrun in Windows RPC Interface
http://www.xfocus.org/documents/200307/2.html
Cesar.
--- Peter Kruse <[EMAIL PROTECTED]> wrote:
> Hi,
>
> From the code:
> RPC DCOM overflow Vulnerability discoveried by LSD
>
It crashed my Win2K IE ver 6.0.2800.1106
Cesar.
--- Martin <[EMAIL PROTECTED]> wrote:
> Hi,
>
> I have a question. I would like to know, if you can
> also crash
> IE6, when typing the following "URL":
>
> ftp*://?
>
> I have also tried from HTML lik
Security Advisory
Name: Microsoft JET Database Engine 4.0 buffer
overflow.
System Affected : Microsoft SQL Server 2000, SQL
Server 7 & MSDE.
All software using MS Jet Engine Service Pack 6 (and
prior?) are vulnerable.
Severity : High
Remote exploitable : Yes
Author:Cesar Cerrudo.
fied
by US government???
JOIN NOW AND GET A NEW Microsoft JET engine
UNDISCLOSED BUG AFFECTING SQL SERVER!!!
NEW SECURITY LIST!!!: For people interested in SQL
Server security, vulnerabilities, SQL injection, etc.
Join at:
[EMAIL PROTECTED]
http://groups.yahoo.com/group/sqlserversecurity/
Cesar Cerrudo.
Security Advisory
Name: Microsoft Commerce Server, administrative SQL
Server login password weak permissions.
System Affected : Microsoft Commerce Server 2002 (not
tested in Commerce Server 2000 but it could be
vulnerable)
Severity : High
Remote exploitable : Yes
Author:Cesar Cerrudo
Code will always have bugs, humans are not perfect,
but risks can be reduced if companies would be more
"responsable" and if they would spend more time,
resources, money in testing their software before
releasing it.
Cesar.
--- Mike Fratto <[EMAIL PROTECTED]> wrote:
>
Anyone want to exploit the bug?
Symantec is very happy to help attackers:
http://enterprisesecurity.symantec.com/SecurityServices/content.cfm?ArticleID=682&EID=";>alert()
Cesar.
--- Jason Coombs <[EMAIL PROTECTED]> wrote:
> Aloha, Symantec Security.
>
> Two q
ck for the statement "Publisher authenticity
verified by VeriSign". This statement guarantees that
the control has not been tampered with since being
signed by Symantec.
Can Symantec define what is safe?
Cesar.
--- Jason Coombs <[EMAIL PROTECTED]> wrote:
> Aloha, Symantec Sec
ead by example about the 30-day grace
period and all that ... It took me 1 minute to find
the bug, i wonder if Symatec is a security company
they should be more serious, shouldn't they?.
Cesar.
--- Georgi Guninski <[EMAIL PROTECTED]> wrote:
> Cesar wrote:
> > Vendor Status :
&
ected : Symantec Security Check service.
Severity : High
Remote exploitable : Yes
Author:Cesar Cerrudo.
Date:06/23/03
Advisory Number:CC060304
Overview:
Symantec has a free online service for virus and
security scan called Symantec Security Check.
To access this servi
Security Advisory
Name: Symantec ActiveX control buffer overflow.
Systems Affected : Symantec Security Check service.
Severity : High
Remote exploitable : Yes
Author:Cesar Cerrudo.
Date:06/23/03
Advisory Number:CC060304
Overview:
Symantec has a free online service for virus and
Sorry, but it sucks.
They forgot to add:
Section 10.1
If the finder doesn't follow this, he will be
prosecuted and nobody in the security community will
like him.
Anyone with me?
Cesar.
--- Craig Ozancin <[EMAIL PROTECTED]> wrote:
> The Organization for Internet Safety
Security Advisory
Name: Yahoo! Audio Conferencing ActiveX control
buffer overflow.
Systems Affected : Yahoo! Chat, Yahoo! Messanger.
Severity : High
Remote exploitable : Yes
Author:Cesar Cerrudo.
Date:06/01/03
Advisory Number:CC060303
Legal Notice:
This Advisory is Copyright (c
Security Advisory
Name: Microsoft Biztalk Server Document Tracking and
Admnistration vulnerable to SQL injection
System Affected : BizTalk Server 2000 and BizTalk
Server 2002
Severity : High
Remote exploitable : Yes
Author:Cesar Cerrudo.
Date:05/05/03
Advisory Number:CC040302
providers.
Cesar.
--- Michael - <[EMAIL PROTECTED]> wrote:
>
> After reading your papers I must say it was quite
> interesting and it introduce quite a few new ideas.
> However, most of them (at leat in your paper found
> at
>
http://www.app
ducts? Because they only care
were the money is.
Cesar.
--- Georgi Guninski <[EMAIL PROTECTED]> wrote:
> For me this is pure marketing propaganda without any
> confirmation from reality.
> Just look at the number and severity of bugs - any
> change after this hype?
> From this
upid
challenge.
Cesar.
__
Do you Yahoo!?
Y! Web Hosting - Let the expert host your web site
http://webhosting.yahoo.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclo
43 matches
Mail list logo