On Sun, Mar 27, 2011 at 02:23:03PM -0700, Zach C. wrote:
Okay, and also let me rephrase the question: what does your tool do that *
socat* doesn't?
Better question ;)
scnc is written in Perl, and does not suffer from stack
overflows:
http://www.dest-unreach.org/socat/
2010/08/02: A stack
This one is from command line, maybe the next will be in
the server mode or whatever.
Man, I hope you never find out what Perl is written in...
/mz
___
Full-Disclosure - We believe in it.
Charter:
Please, correct me if I'm wrong, but a stack overflow in the arguments for
something like socat has a very very low impact (or probability of
exploitation). The only way one can influence the program to do something is by
overflowing the arguments, so unless it was used in a script or something
Not to mention the extensions he's undoubtedly using, unless he seriously
implemented all the protocols and cryptographic functions in pure Perl
On Mar 28, 2011 12:07 AM, Michal Zalewski lcam...@coredump.cx wrote:
This one is from command line, maybe the next will be in
the server mode or
Sense of Security - Security Advisory - SOS-11-003
Release Date. 28-Mar-2011
Last Update. -
Vendor Notification Date. 25-Mar-2010
Product. Wordpress Plugin BackWPup
Platform. Independent
Affected versions.
Hi,
the dexdump tool, bundled with Android SDK was identified to
perform suspicious write accesses in the dexDecodeDebugInfo function,
as defined in dalvik/libdex/DexFile.c.
The structural parser in dexdump failed to properly parse debug info
such as code position info, with indications of code
AT antisnatchor DOT com)
Date: 20110328
I. BACKGROUND
OpenCMS from Alkacon Software is a professional, easy to use website
content management system. OpenCms helps content managers worldwide
to create and maintain beautiful websites fast and efficiently.
II. DESCRIPTION
Multiple vulnerabilities
(michele.orru AT antisnatchor DOT com)
Date: 20110328
I. BACKGROUND
DotCloud is a new managed IaaS aimed to create mashups of applications
ready-to-be-deployed.
II. DESCRIPTION
Multiple vulnerabilities have been identified in the web application
used to access the user API/SSH keys.
III. ANALYSIS
a. Open
blog post about this: http://ximen.es/?p=469
Please, don't throw stones at me.
[]'s
Pablo Ximenes
http://ximen.es/
http://twitter.com/pabloximenes
2011/3/27 YGN Ethical Hacker Group li...@yehg.net
Vulnerabilities in *McAfee.com
1. VULNERABILITY DESCRIPTION
- Cross Site Scripting
On Sat, Mar 26, 2011 at 09:17:22PM +0100, GomoR wrote:
On Sat, Mar 26, 2011 at 08:10:47PM +0200, Anton Ziukin wrote:
What can your tool do that Ncat (http://nmap.org/ncat/guide/index.html)
can't?
interestingly, I published version 1.00 of scnc in April 2008,
the 27th (and it wasn't the
ZDI-11-113: Zend Server Java Bridge Design Flaw Remote Code Execution
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-113
March 28, 2011
-- CVSS:
10, (AV:N/AC:L/Au:N/C:C/I:C/A:C)
-- Affected Vendors:
Zend
-- Affected Products:
Zend Zend Server
-- TippingPoint(TM) IPS
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Debian Security Advisory DSA-2205-1 secur...@debian.org
http://www.debian.org/security/Florian Weimer
March 28, 2011
12 matches
Mail list logo