2.6.18
Type: Local
Impact: Kernel Panic
Vendor: http://www.x90c.org
Author: x90c geinblues *nospam* gmail dot com
Site: x90c.org
=
ABSTRACT:
=
The fbdev driver is frame buffer driver for arc monochrome lcd
board in the linux kernel.
The linux kernel driver has a overflow
=
Testbed: ubuntu
Type: Local
Impact: Medium
Vendor: http://www.kernel.org
Author: x90c geinblues *nospam* gmail dot com
Site: x90c.org
=
ABSTRACT:
=
The Linux Socket Filtering is derived from the Berkeley Packet Filter.
There are some distinct differences between the BSD and Linux Kernel
: Medium
Vendor: http://www.kernel.org
Author: x90c geinblues *nospam* gmail dot com
Site: x90c.org
=
ABSTRACT:
=
The bt8xx video driver is a video capture driver. It supports Bt848
Bt849, Bt878, and Bt879.
The bt8xx video driver in the linux kernel has a vulnerability to
occur Integer
XADV-2013005
FreeBSD 10 = nand Driver IOCTL Kernel Memory Leak Bug
1. Overview
The nand driver in freebsd = 10 has a vulnerability to leak
arbitrary kernel memory to the userspace. It's occured at
nand_ioctl() kernel function and because no proper initialize
the allocated kernel memory. It's
XADV-2013006
FreeBSD = 10 kernel qlxge/qlxgbe Driver IOCTL Multiple Kernel Memory Leak Bugs
1. Overview
The qlxge Driver is Qlogic 10Gb Ethernet Driver for Qlogic 8100
Series CNA Adapter [1]. The qlxgbe for the QLogic 8300 series
of the same ethernet driver.
The qlxge/qlxgbe Driver in
Impact: Critical
Vendor: http://www.kernel.org
Author: x90c geinblues *nospam* gmail dot com
Site: x90c.org
=
ABSTRACT:
=
The bt8xx video driver is a video capture driver. It supports Bt848
Bt849, Bt878, and Bt879.
The bt8xx video driver in the linux kernel has a vulnerability
|
++
Vulnerable versions:
- linux kernel 2.6.18
Testbed: linux kernel 2.6.18
Type: Local
Impact: kernel panic or potential local privelge escalation.
Vendor: http://www.kernel.org
Author: x90c geinblues *nospam* gmail dot com
Site: x90c.org
=
ABSTRACT:
=
The write_tag_3_packet
I Release The Article!
x90c
--
The Audit DSOs of the rtld
______
/ _ \ / _ \
__ __| (_) || | | | ___
\ \/ / \__. || | | | / __|
Linux Kernel Patches For Linux Kernel Security
______
/ _ \ / _ \
__ __| (_) || | | | ___
\ \/ / \__. || | | | / __|
Impact: crash
Vendor: https://www.gnu.org/software/libc
Author: x90c geinblues *nospam* gmail dot com
Site: x90c.org
=
ABSTRACT:
=
[Unspecified reloc types bug]
'defaults:' label codes on If not defined RTLD_BOOTSTRAP, glibc 2.5
defined RTLD_BOOTSTRAP default. The elf_machine_rel
Hi forks!
I release an article for linux kernel security.
- http://www.x90c.org/articles/linux_kernel_patches.txt
x90c
++
| XADV-2013001 libtiff = 3.9.5 integer overflow bug |
++
vulnerable versions:
- libtiff 3.9.5 =
- libtiff 3.6.0
not vulnerable versions:
- libtiff 4.0.3
- libtiff 4.0.2
- libtiff 4.0.1
-
Hi forks!
I added automated offset and second
argv to server name for nbt session
to my samba dos exploit I released
before
and I attached the exploit on the
article for it
samba dos exploit should be works!
- samba dos exploit:
http://www.x90c.org/exploits/samba_nttrans_exploit.c
- the
Hi Forks!
It's my samba private exploit and article
of it. the security bug occurs while nttrans
reply in samba daemon source code tree.
the remote dos exploit that i copied from
another nttrans exploit in 2003. and can't
test it yet, check it out!
CVE-2013-4124 samba dos private exploit:
-
MS Excel 2002/2003 CRN record 0day PoC
Hi Forks!
It's ms excel poc I discovered.
I analyzed it to check the exploitability.
It's not exploitable!
If you may can, do exploit it!
and plz share the 0day exploit.
Vulnerable:
- Office XP ( Excel 2002 ) sp0 to sp3
- Office
Hi Forks!
I share my WOFF 1day exploit.
* attachment:
http://www.x90c.org/exploits/x90c_WOFF_exploit.tgz
(dep bypass)
* vulnerability:
CVE-2010-1028 WOFF Heap Corruption due to Integer Overflow
* affacted Products:
- Mozilla Firefox 3.6 ( Gecko 1.9.2 )
- Mozilla Firefox 3.6
Hello,
I wrote this to introduce a small paper for my exploitation method of
SafeSEH+SEHOP bypass in Oct, 2010.
(http://www.x90c.org/SEH all-at-once attack.pdf,
http://www.exploit-db.com/exploits/15184)
Sadly it's not portable. But leave some thoughts about the method.
- SafeSEH+SEHOP
Lately, MS Windows SEH overflow attack technique only uses the methods.
[mostly used method]
win xp sp2(SEH): 'pop pop ret' - David Litchfield 2003.
win xp sp3(SafeSEH): unloaded module's 'pop pop ret' - Litchfield 2003.
win server 2008/Vista sp1(SEHOP): SYSDREAM(c)'s 'xor pop pop ret'.
==
xoops-1.3.10 shell command execute vulnerability ( causing snoopy class )
==
Author: geinblues ( geinblues [at] gmail [dot] com )
DATE: 9.7.2008
Site: http://enterblue.net/~x90c/
Risk: Midium
==
[0] Vulnerability Tracing ( Tracing [BREAK 0] ~ [BREAK 6] )
~/xoops-1.3.10/html
Title : Azboard = 1.0 Multiple Sql Injections
Published : 2006.5.14
Author : x90c(#51221;#44221;#51452;)@chollian.net/~jyj9782/
Link : http://user.chol.com/~jyj9782/sec/azboard_advisory.txt
0x01 Summary
Azboard is a web board written in asp (active server pages).
It has a sql injection
Title : YapBB = 1.2 Beta2 'find.php' SQL Injection Vulnerability
--
Author : x90c(Kyong Joo, Jung)
Published : 2006.5.16
E-mail : geinblues [at] gmail.com
Site : http://www.chollian.net/~jyj9782
--
0x01
21 matches
Mail list logo