Opening Intranets to attack by using Internet Explorer [paper]

Hi Just released a new paper I guess it will be very interesting for list members. http://nomoreroot.blogspot.com/2009/04/opening-intranets-to-attacks-by-using.html I will be glad to hear your feedback. Enjoy. Cesar.

Token Kidnapping Windows 2003 PoC exploit

\ ; myP.Start(); string output = myP.StandardOutput.ReadToEnd(); Response.Write(output); ... You can find the PoC exploit here http://www.argeniss.com/research/Churrasco.zip Enjoy. Cesar.

Re: [Full-disclosure] iDefense Security Advisory 07.08.08: Microsoft SQL Server Restore Integer Underflow Vulnerability

on Windows 2003, it doesn't matter the user account under SQL Server service is running. On Windows 2008 if the service is running under Network Service or Local Service account then full system compromise is always possible. *see http://www.argeniss.com/research/TokenKidnapping.pdf Cesar. --- On Tue

Token Kidnapping (Microsoft Security Advisory 951306) presentation available

Presentation is available at: http://www.argeniss.com/research/TokenKidnapping.pdf Exploit code won't be released for a while due to Microsoft request. Enjoy. Cesar. Be a better friend, newshound

[Argeniss] Data0: Next generation malware for stealing databases (Paper)

a lot more damage in a very near future. Cesar. Never miss a thing. Make Yahoo your home page. http://www.yahoo.com/r/hs

[Argeniss] Hacking Databases for owning your data (paper)

that compromising databases is not big deal if they haven't been properly secured. Also it will be discussed how to protect against attacks so you can improve database security at your site. http://www.argeniss.com/research/HackingDatabases.zip (Tools and exploits included) Enjoy. Cesar

[Argeniss] Practical 10 minutes security audit: Oracle Case (Paper)

/10MinSecAudit.zip (PoC exploit included) Thanks. Cesar. Need Mail bonding? Go to the Yahoo! Mail QA for great tips from Yahoo! Answers users. http://answers.yahoo.com/dir/?link=listsid=396546091

The Week of Oracle Database Bugs

/woodb.html Cesar. Sponsored Link Mortgage rates near 39yr lows. $420k for $1,399/mo. Calculate new payment! www.LowerMyBills.com/lre

MS06-034 lies? IIS 6 can still be owned?

be owned. Cesar. (*1 http://www.argeniss.com/products.html) __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com

Re: Re[2]: The Weakness of Windows Impersonation Model

Actually, I would say: a process running as a service can impersonate almost any other running processes user accounts since you can force processes conect to your service using LPC. Cesar. --- Brian L. Walche [EMAIL PROTECTED] wrote: Just one important note regarding Database Security

Re: [Full-disclosure] RE: Oracle, where are the patches???

can do to have this sad company to start taking security seriously? So if people at .gov is hearing you should be worry about national security and start acting on Oracle, I guess .gov don't want their data easily compromised. Cesar. __ Do You

[Argeniss] Alert - Yahoo! Mail XSS vulnerability

! Mail users accounts, so it's very important that Yahoo! Mail users change their passwords just in case their accounts were compromised. Cesar. __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com

Re: Recent Oracle exploit is _actually_ an 0day with no patch

security on products and make a lot of money. PS: Look at this paper dated February 2002, amazing how Oracle efforts are visible on 2006! http://www.cgisecurity.com/database/oracle/pdf/unbreak3.pdf Cesar. --- David Litchfield [EMAIL PROTECTED] wrote: The recent Oracle exploit posted

[Argeniss] Oracle Database 10gR1 Buffer overflow in VERIFY_LOG procedure

Argeniss Security Advisory Name: Oracle Database 10gR1 Buffer overflow in VERIFY_LOG procedure (DB03) Affected Software: Oracle Database Server version 10gR1 Severity: High Remote exploitable: Yes (Authentication to Database Server is needed) Credits: Esteban Martínez Fayó Date: 4/18/2006

[Argeniss] Alert - Yahoo! Webmail XSS

are insterested on full details plese ask for them at infoatargeniss.com Cesar. __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com

WLSI - Windows Local Shellcode Injection - Paper

. After a brief introduction and a description of the technique, a couple of samples (Exploits for MS05-012 and MS05-040) will be provided so the reader will be able to write his/her own exploits. http://www.argeniss.com/research/WLSI.zip Enjoy. Cesar

[Argeniss] Oracle Database Buffer overflows vulnerabilities in public procedures of XDB.DBMS_XMLSCHEMA{_INT}

Argeniss Security Advisory Name: Oracle Database Buffer overflows vulnerabilities in public procedures of XDB.DBMS_XMLSCHEMA{_INT} Affected Software: Oracle Database Server versions 9iR2 and 10gR1 Severity: High Remote exploitable: Yes (Authentication to Database Server is needed) Credits:

Re: FW: Windows Update - Unsafe ActiveX control (fwd)

or if there is a bug in IE that allows to trick the URL, then the ActiveX becomes very dangerous. In my opinion restricting an ActiveX to a specific site only reduce the attack surface but it doesn't make an ActiveX safe. Cesar. --- Dave Ahmad [EMAIL PROTECTED] wrote: -- Forwarded message

RE: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0

Same thing in AIX 4.2.1.0 and HP-UX 10.20/11.00, previously configured as Trusted System. Cordial Greetings, CVC # -Original Message- # From: Stephanie Thomas [mailto:[EMAIL PROTECTED]] # Sent: Wednesday, July 25, 2001 11:18 AM # To: Emre Yildirim; [EMAIL PROTECTED] # Subject: RE:

Palm Pilot - How to view hidden files

The software Tiny Sheet, present in all versions of Palm Pilot, has a function called IMPORT file. Well when this function is use ALL FILES, including the hidden files protetex with password, can be imported to a Sheet.