Hi
Just released a new paper I guess it will be very interesting for list members.
http://nomoreroot.blogspot.com/2009/04/opening-intranets-to-attacks-by-using.html
I will be glad to hear your feedback.
Enjoy.
Cesar.
\ ;
myP.Start();
string output = myP.StandardOutput.ReadToEnd();
Response.Write(output);
...
You can find the PoC exploit here http://www.argeniss.com/research/Churrasco.zip
Enjoy.
Cesar.
on Windows 2003,
it doesn't matter the user account under SQL Server service is running.
On Windows 2008 if the service is running under Network Service or Local
Service account then full system compromise is always possible.
*see http://www.argeniss.com/research/TokenKidnapping.pdf
Cesar.
--- On Tue
Presentation is available at:
http://www.argeniss.com/research/TokenKidnapping.pdf
Exploit code won't be released for a while due to
Microsoft request.
Enjoy.
Cesar.
Be a better friend, newshound
a lot more
damage in a very near future.
Cesar.
Never miss a thing. Make Yahoo your home page.
http://www.yahoo.com/r/hs
that compromising databases is not big deal if they
haven't been properly secured. Also it will be
discussed how to protect against attacks so you can
improve database security at your site.
http://www.argeniss.com/research/HackingDatabases.zip
(Tools and exploits included)
Enjoy.
Cesar
/10MinSecAudit.zip
(PoC exploit included)
Thanks.
Cesar.
Need Mail bonding?
Go to the Yahoo! Mail QA for great tips from Yahoo! Answers users.
http://answers.yahoo.com/dir/?link=listsid=396546091
/woodb.html
Cesar.
Sponsored Link
Mortgage rates near 39yr lows.
$420k for $1,399/mo. Calculate new payment!
www.LowerMyBills.com/lre
be owned.
Cesar.
(*1 http://www.argeniss.com/products.html)
__
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
Actually, I would say: a process running as a service
can impersonate almost any other running processes
user accounts since you can force processes conect to
your service using LPC.
Cesar.
--- Brian L. Walche [EMAIL PROTECTED] wrote:
Just one important note regarding Database Security
can do
to have this sad company to start taking security
seriously?
So if people at .gov is hearing you should be worry
about national security and start acting on Oracle, I
guess .gov don't want their data easily compromised.
Cesar.
__
Do You
! Mail users accounts, so it's very
important that Yahoo! Mail users change their
passwords just in case their accounts were
compromised.
Cesar.
__
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam
protection around
http://mail.yahoo.com
security
on products and make a lot of money.
PS: Look at this paper dated February 2002, amazing
how Oracle efforts are visible on 2006!
http://www.cgisecurity.com/database/oracle/pdf/unbreak3.pdf
Cesar.
--- David Litchfield [EMAIL PROTECTED] wrote:
The recent Oracle exploit posted
Argeniss Security Advisory
Name: Oracle Database 10gR1 Buffer overflow in
VERIFY_LOG procedure (DB03)
Affected Software: Oracle Database Server version
10gR1
Severity: High
Remote exploitable: Yes (Authentication to Database
Server is needed)
Credits: Esteban Martínez Fayó
Date: 4/18/2006
are insterested on full details
plese ask for them at infoatargeniss.com
Cesar.
__
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
.
After a brief introduction and a description
of the technique, a couple of samples (Exploits for
MS05-012 and MS05-040) will be provided so the reader
will be able to write
his/her own exploits.
http://www.argeniss.com/research/WLSI.zip
Enjoy.
Cesar
Argeniss Security Advisory
Name: Oracle Database Buffer overflows
vulnerabilities in public procedures of
XDB.DBMS_XMLSCHEMA{_INT}
Affected Software: Oracle Database Server versions
9iR2 and 10gR1
Severity: High
Remote exploitable: Yes (Authentication to Database
Server is needed)
Credits:
or if there is a bug in IE that
allows to trick the URL, then the ActiveX becomes very
dangerous. In my opinion restricting an ActiveX to a
specific site only reduce the attack surface but it
doesn't make an ActiveX safe.
Cesar.
--- Dave Ahmad [EMAIL PROTECTED] wrote:
-- Forwarded message
Same thing in AIX 4.2.1.0 and HP-UX 10.20/11.00, previously configured as
Trusted System.
Cordial Greetings,
CVC
# -Original Message-
# From: Stephanie Thomas [mailto:[EMAIL PROTECTED]]
# Sent: Wednesday, July 25, 2001 11:18 AM
# To: Emre Yildirim; [EMAIL PROTECTED]
# Subject: RE:
The software Tiny Sheet, present in all versions of Palm Pilot, has a
function called IMPORT file.
Well when this function is use ALL FILES, including the hidden files
protetex with password, can be imported to a Sheet.
20 matches
Mail list logo