Robert S'wie;cki escribió:
On Fri, Aug 6, 2010 at 10:14 AM, Jose Miguel Esparza
josemiguel.espa...@gmail.com wrote:
Hi!
I took a look at the PDF some days ago, looking for the PDF vuln, you
can see my post  about it here:
http://eternal-todo.com/blog/jailbreakme-pdf-exploit
Anyway,
I've posted a new SSL Cipher tool onto my website, at
http://dmcdonald.net/athena-ssl-cipher-check_v052.tar.gz, Athena SSL Cipher
Scanner.
Unlike most SSL cipher scanners which have a limited list of ciphers they
know of, athena checks all 65536 cipher codes. Of these codes it can
identify ~150
What is WinAppDbg?
==
The WinAppDbg python module allows developers to quickly code instrumentation
scripts in Python under a Windows environment.
It uses ctypes to wrap many Win32 API calls related to debugging, and provides
an object-oriented abstraction layer to manipulate
allegedly, it's that time of the month again...
as all our speakers are either dying from strep throat having spent more
hours than is medically advisable in the company of desert heat and/or
air conditioning, or are sunning themselves on some far away beach where
dc4420 is the last thing on
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2010:160
http://www.mandriva.com/security/
Hi,
I've not seen published the proof of concept of this vuln affecting
Foxit Reader, so I attach it. This is a calc.exe shellcode, tested in
Windows XP and Windows Vista.
Cheers!
--
Jose Miguel Esparza
http://eternal-todo.com
import sys,zlib
def getFFShellcode(sc):
ff_sc = ''
if
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Mon, 23 Aug 2010 10:36:42 +0700
Bkis min...@bkav.com.vn wrote:
[Bkis-04-2010] Multiple Vulnerabilities in OpenBlog
1. General Information
OpenBlog is a free software for developing blogging platform.
OpenBlog is written on PHP language and
Got bored and decided to break the new website of the company I work for.
Throughout I'll be dropping two new exploits that were chained to allow the
changing of the administrative password of a default mod-x install. This is
not a full review of mod-x, my main goal was just to break something,
1. Navigate to the Facebook Friend Finder feature.
2. Click the Upload Contact File option in order to access the file
upload prompt.
3. Upload a contact file of ANY of the accepted formats that contains a
list of email addresses that you would like to enumerate.
4. Select the target
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
Since the dawn of our species (well 2005, if you want to be picky about
it) t2 has been granting free admission to the elite of their kind, the
winners of the t2 Challenges. Don’t be suckered in by all the cheap
imitations out there, their
For those interested, I just discovered that the Windows Address Book is
vulnerable to DLL hijacking when opening .vcf (and probably other) file
types.
http://www.attackvector.org/new-dll-hijacking-exploits-many/
[..snip..]
[*] 10.0.0.252:1137 PROPFIND /hacku/wab32res.dll
[*] 10.0.0.252:1137
Thanks for the info Matt and nice blog by the way.
Infolookup
http://infolookup.securegossip.com
www.twitter.com/infolookup
-Original Message-
From: matt m...@attackvector.org
Sender: full-disclosure-boun...@lists.grok.org.uk
Date: Tue, 24 Aug 2010 13:57:42
To:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2010:161
http://www.mandriva.com/security/
TPTI-10-10: Adobe Shockwave tSAC Chunk Invalid Seek Memory Corruption Remote
Code Execution Vulnerability
http://dvlabs.tippingpoint.com/advisory/TPTI-10-10
August 24, 2010
-- CVE ID:
CVE-2010-2878
-- CVSS:
9, (AV:N/AC:L/Au:N/C:P/I:P/A:C)
-- Affected Vendors:
Adobe
-- Affected Products:
Adobe
TPTI-10-12: Adobe Shockwave TextXtra Allocator Integer Overflow Remote Code
Execution Vulnerability
http://dvlabs.tippingpoint.com/advisory/TPTI-10-12
August 24, 2010
-- CVE ID:
CVE-2010-2879
-- CVSS:
9, (AV:N/AC:L/Au:N/C:P/I:P/A:C)
-- Affected Vendors:
Adobe
-- Affected Products:
Adobe
TPTI-10-11: Adobe Shockwave tSAC Chunk Pointer Offset Memory Corruption Remote
Code Execution Vulnerability
http://dvlabs.tippingpoint.com/advisory/TPTI-10-11
August 24, 2010
-- CVE ID:
CVE-2010-2874
-- CVSS:
9, (AV:N/AC:L/Au:N/C:P/I:P/A:C)
-- Affected Vendors:
Adobe
-- Affected Products:
TPTI-10-09: Adobe Shockwave CSWV Chunk Memory Corruption Remote Code Execution
Vulnerability
http://dvlabs.tippingpoint.com/advisory/TPTI-10-09
August 24, 2010
-- CVE ID:
CVE-2010-2877
-- CVSS:
9, (AV:N/AC:L/Au:N/C:P/I:P/A:C)
-- Affected Vendors:
Adobe
-- Affected Products:
Adobe Shockwave
TPTI-10-13: Adobe Shockwave Director tSAC Chunk Remote Code Execution
Vulnerability
http://dvlabs.tippingpoint.com/advisory/TPTI-10-13
August 24, 2010
-- CVE ID:
CVE-2010-2866
-- CVSS:
10, (AV:N/AC:L/Au:N/C:C/I:C/A:C)
-- Affected Vendors:
Adobe
-- Affected Products:
Adobe Shockwave Player
--
TPTI-10-15: Adobe Shockwave Director mmap Trusted Chunk Size Remote Code
Execution Vulnerability
http://dvlabs.tippingpoint.com/advisory/TPTI-10-15
August 24, 2010
-- CVE ID:
CVE-2010-2870
-- Affected Vendors:
Adobe
-- Affected Products:
Adobe Shockwave Player
-- Vulnerability Details:
This
TPTI-10-14: Adobe Shockwave Director rcsL Chunk Pointer Offset Remote Code
Execution Vulnerability
http://dvlabs.tippingpoint.com/advisory/TPTI-10-14
August 24, 2010
-- CVE ID:
CVE-2010-2867
-- Affected Vendors:
Adobe
-- Affected Products:
Adobe Shockwave Player
-- Vulnerability Details:
This
ZDI-10-160: Adobe Shockwave Player Director File FF45 Record Processing
Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-160
August 24, 2010
-- CVE ID:
CVE-2010-2871
-- CVSS:
10, (AV:N/AC:L/Au:N/C:C/I:C/A:C)
-- Affected Vendors:
Adobe
-- Affected
ZDI-10-161: Adobe Shockwave Director PAMI Chunk Remote Code Execution
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-161
August 24, 2010
-- CVE ID:
CVE-2010-2872
-- CVSS:
10, (AV:N/AC:L/Au:N/C:C/I:C/A:C)
-- Affected Vendors:
Adobe
-- Affected Products:
Adobe Shockwave Player
ZDI-10-162: Adobe Shockwave Director rcsL Chunk Remote Code Execution
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-162
August 24, 2010
-- CVE ID:
CVE-2010-2873
-- CVSS:
10, (AV:N/AC:L/Au:N/C:C/I:C/A:C)
-- Affected Vendors:
Adobe
-- Affected Products:
Adobe Shockwave Player
ZDI-10-163: Adobe Shockwave Director tSAC Chunk Parsing Remote Code Execution
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-163
August 24, 2010
-- CVE ID:
CVE-2010-2874
-- CVSS:
10, (AV:N/AC:L/Au:N/C:C/I:C/A:C)
-- Affected Vendors:
Adobe
-- Affected Products:
Adobe
ZDI-10-164: Adobe Shockwave Player Director File FF88 Record Processing
Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-164
August 24, 2010
-- CVE ID:
CVE-2010-2876
-- CVSS:
9, (AV:N/AC:L/Au:N/C:P/I:P/A:C)
-- Affected Vendors:
Adobe
-- Affected
Nagios XI users.php SQL Injection
Advisory Information
Advisory ID: NGENUITY-2010-008
Date published: 8/24/2010
Vulnerability Information
Class: SQL Injection (SQLi)
Software Description
Nagios XI is the commercial / enterprise version of the open source
Nagios project.
Vulnerability
iDefense Security Advisory 08.24.10
http://labs.idefense.com/intelligence/vulnerabilities/
Aug 24, 2010
I. BACKGROUND
Adobe Shockwave Player is a popular Web browser plugin. It is available
for multiple Web browsers and platforms, including Windows, and MacOS.
Shockwave Player enables Web
27 matches
Mail list logo