Windows RPC worm (MS08-067) in the wild

The worm-type exploitation has started. More information at http://www.f-secure.com/weblog/archives/1526.html The worm component has reportdly detection name Exploit.Win32.MS08-067.g and the kernel component Rootkit.Win32.KernelBot.dg, in turn. Symantec uses Worm category too and the name

Re: [Full-disclosure] Universal Website Hijacking by Exploiting Firewall Content Filtering Features + SonicWALL firewalls 0day

Hello Fionnbharr, Please see my response to your comments in-line. On Fri, Oct 31, 2008 at 8:31 AM, Fionnbharr [EMAIL PROTECTED] wrote: This isn't new. It isn't even a technique. http://www.bluecoat.com/support/securityadvisories/icap_patience A very recent example of this kind of

DriveCMS article.php remote sql injection

# # Author: Beenu Arora # # Home : www.BeenuArora.com # # Email : [EMAIL PROTECTED] # # Share the c0de! # # # Title: DriveCMS Article.php Sql

Re: [Full-disclosure] Windows RPC worm (MS08-067) in the wild

Kaspersky detect the new wave as Exploit.Win32.MS08-067.g and Microsoft as Exploit:Win32/MS08067.gen!A Sophos uses name Mal/Generic-A. One of the reported file size is 16,384 bytes: http://www.threatexpert.com/report.aspx?uid=919a973d-9fe1-4196-b202-731ebaaffa5d Windows RPC vulnerability

Re: [Full-disclosure] Universal Website Hijacking by Exploiting Firewall Content Filtering Features + SonicWALL firewalls 0day

Hi Fionnbharr, Well, that's fair enough. tbh, I couldn't find older examples, but this is one of the points of sending a post to the lists: other people can review it and give feedback. I just sometimes wished people were more constructive on FD. Regarding the paper, well, it can be useful for

Re: [Full-disclosure] Universal Website Hijacking by Exploiting Firewall Content Filtering Features + SonicWALL firewalls 0day

Sure, this attack vector has been 'discovered' by lots of people in the past, or even concurrently, thats my point. It doesn't merit a whole paper on it. Not to mention you're getting on the FUD/Kaminsky bandwagon when GNUtards release a statement like 'New technique to universally hijack

Bitsec Security Advisory: UW/Panda IMAP [dt]mail buffer overflow

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 === Bitsec Security Advisory: UW/Panda IMAP [dt]mail buffer overflow2008-11-03 ===

iDefense Security Advisory 11.03.08: Multiple Vendor CUPS texttops Integer Overflow Vulnerability

iDefense Security Advisory 10.09.08 http://labs.idefense.com/intelligence/vulnerabilities/ Oct 09, 2008 I. BACKGROUND The Common UNIX Printing System, more commonly referred to as CUPS, provides a standard printer interface for various Unix based operating systems. texttops is a part of CUPS

iDefense Security Advisory 11.03.08: Multiple Vendor CUPS SGI imagetops Heap Overflow Vulnerability

iDefense Security Advisory 10.09.08 http://labs.idefense.com/intelligence/vulnerabilities/ Oct 09, 2008 I. BACKGROUND The Common UNIX Printing System, more commonly referred to as CUPS, provides a standard printer interface for various Unix based operating systems. imagetops is a part of CUPS