[Full-disclosure] string length field overwrite in IE9?

To leak memory information, one way is to overwrite the length field of a string (as explained here: http://www.vupen.com/blog/20120710.Advanced_Exploitation_of_Internet_Explorer_HeapOv_CVE-2012-1876.php). This works well under IE8, but does anyone know how one can create such a string

[Full-disclosure] USB HID attacks on Mac OS X

All, Kautilya has been updated to include attacks on Mac OS X and some new nifty payloads on other OS as well. Details here http://labofapenetrationtester.blogspot.com/2012/08/kautilya-03-released-breaking-mac-os-x.html I use this in my Social Engg. attacks and is quite successful in many pen

[Full-disclosure] XSS and Blind SQL Injection Vulnerabilities in Banana Dance CMS

Information Name : XSS and Blind SQL Injection Vulnerabilities in Banana Dance CMS Software : Banana Dance CMS vB.2.1 Vendor Homepage : http://www.doyoubananadance.com Vulnerability Type : Cross-Site Scripting and SQL Injection Severity : Critical Researcher : Canberk

[Full-disclosure] XSS and SQL Injection Vulnerabilities in OrderSys

Information Name : XSS and SQL Injection Vulnerabilities in OrderSys Software : OrderSys 1.6.4 and possibly below. Vendor Homepage : http://www.bioinformatics.org/phplabware/labwiki/index.php Vulnerability Type : Cross-Site Scripting and SQL Injection Severity : Critical

[Full-disclosure] XSS Vulnerabilities in LabWiki

Information Name : XSS Vulnerabilities in LabWiki Software : LabWiki 1.5 and possibly below. Vendor Homepage : http://www.bioinformatics.org/phplabware/labwiki/index.php Vulnerability Type : Cross-Site Scripting Severity : Critical Researcher : Canberk Bolat Advisory

[Full-disclosure] XSS and SQL Injection Vulnerabilities in Jara

Information Name : XSS and SQL Injection Vulnerabilities in Jara Software : Jara 1.6 and possibly below. Vendor Homepage : http://sourceforge.net/projects/jara/ Vulnerability Type : Cross-Site Scripting and SQL Injection Severity : Critical Researcher : Canberk Bolat

[Full-disclosure] [SECURITY] [DSA 2532-1] libapache2-mod-rpaf security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2532-1 secur...@debian.org http://www.debian.org/security/ Thijs Kinkhorst August 22, 2012

[Full-disclosure] ZDI-12-145 : Symantec Endpoint Protection SemSvc.exe AgentServlet Remote Code Execution Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ZDI-12-145 : Symantec Endpoint Protection SemSvc.exe AgentServlet Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-145 August 22, 2012 - -- CVE ID: CVE-2012-0289 - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - --

[Full-disclosure] ZDI-12-146 : Novell eDirectory RelativeToFullDN Parsing Remote Code Execution Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ZDI-12-146 : Novell eDirectory RelativeToFullDN Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-146 August 22, 2012 - -- CVE ID: - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affected Vendors:

[Full-disclosure] ZDI-12-147 : WebKit ContentEditable swapInNode Use-After-Free Remote Code Execution Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ZDI-12-147 : WebKit ContentEditable swapInNode Use-After-Free Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-147 August 22, 2012 - -- CVE ID: CVE-2011-3897 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - --

[Full-disclosure] ZDI-12-148 : GE Proficy Real-Time Information Portal Remote Interface Service Remote Code Execution Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ZDI-12-148 : GE Proficy Real-Time Information Portal Remote Interface Service Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-148 August 22, 2012 - -- CVE ID: CVE-2012-0232 - -- CVSS: 9.4,

[Full-disclosure] ZDI-12-149 : Cisco AnyConnect VPN Client Verification Bypass Remote Code Execution Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ZDI-12-149 : Cisco AnyConnect VPN Client Verification Bypass Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-149 August 22, 2012 - -- CVE ID: CVE-2012-2494 - -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C - --

[Full-disclosure] ZDI-12-150 : Oracle Outside In XPM Processing Remote Code Execution Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ZDI-12-150 : Oracle Outside In XPM Processing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-150 August 22, 2012 - -- CVE ID: - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affected Vendors: Oracle - --

Re: [Full-disclosure] ZDI-12-145 : Symantec Endpoint Protection SemSvc.exe AgentServlet Remote Code Execution Vulnerability

On 2012-08-22 09:40, ZDI Disclosures wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ZDI-12-145 : Symantec Endpoint Protection SemSvc.exe AgentServlet Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-145 August 22, 2012 snip - -- Vendor

[Full-disclosure] ZDI-12-152 : Oracle Outside In Excel MergeCells Record Parsing Remote Code Execution Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ZDI-12-152 : Oracle Outside In Excel MergeCells Record Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-152 August 22, 2012 - -- CVE ID: - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affected

[Full-disclosure] ZDI-12-153 : Apple QuickTime sean Atom Size Parsing Remote Code Execution Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ZDI-12-153 : Apple QuickTime sean Atom Size Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-153 August 22, 2012 - -- CVE ID: CVE-2012-0670 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected

[Full-disclosure] ZDI-12-154 : IBM Lotus Notes URL Command Injection Remote Code Execution Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ZDI-12-154 : IBM Lotus Notes URL Command Injection Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-154 August 22, 2012 - -- CVE ID: CVE-2012-2174 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected

Re: [Full-disclosure] ZDI-12-149 : Cisco AnyConnect VPN Client Verification Bypass Remote Code Execution Vulnerability

User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. sorry, what? On Wed, Aug 22, 2012 at 4:48 PM, ZDI Disclosures zdi-disclosu...@tippingpoint.com wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ZDI-12-149

[Full-disclosure] ZDI-12-156 : Cisco AnyConnect VPN Client Arbitrary Program Instantiation Remote Code Execution Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ZDI-12-156 : Cisco AnyConnect VPN Client Arbitrary Program Instantiation Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-156 August 22, 2012 - -- CVE ID: CVE-2012-2493 - -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C

[Full-disclosure] ZDI-12-157 : Microsoft Excel Series Record Parsing Type Mismatch Remote Code Execution Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ZDI-12-157 : Microsoft Excel Series Record Parsing Type Mismatch Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-157 August 22, 2012 - -- CVE ID: CVE-2012-1847 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - --

[Full-disclosure] ZDI-12-158 : Microsoft Internet Explorer MSADO CacheSize Remote Code Execution Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ZDI-12-158 : Microsoft Internet Explorer MSADO CacheSize Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-158 August 22, 2012 - -- CVE ID: CVE-2012-1891 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected

[Full-disclosure] ZDI-12-159 : EMC AutoStart ftAgent Opcode 0x14 Subcode 0x7e7 Parsing Remote Code Execution Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ZDI-12-159 : EMC AutoStart ftAgent Opcode 0x14 Subcode 0x7e7 Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-159 August 22, 2012 - -- CVE ID: CVE-2012-0409 - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -

[Full-disclosure] ZDI-12-160 : EMC AutoStart ftAgent Opcode 0x14 Subcode 0x7F8 Parsing Remote Code Execution Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ZDI-12-160 : EMC AutoStart ftAgent Opcode 0x14 Subcode 0x7F8 Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-160 August 22, 2012 - -- CVE ID: CVE-2012-0409 - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -

[Full-disclosure] ZDI-12-161 : EMC AutoStart ftAgent Opcode 0x2d Subcode 0x1194 Parsing Remote Code Execution Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ZDI-12-161 : EMC AutoStart ftAgent Opcode 0x2d Subcode 0x1194 Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-161 August 22, 2012 - -- CVE ID: CVE-2012-0409 - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -

[Full-disclosure] This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 180 day deadline.

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ZDI-12-162 : (0Day) HP Diagnostics Server magentservice.exe Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-162 August 22, 2012 - -- CVE ID: - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affected Vendors:

[Full-disclosure] ZDI-12-163 : (0Day) HP iNode Management Center iNodeMngChecker.exe Remote Code Execution Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ZDI-12-163 : (0Day) HP iNode Management Center iNodeMngChecker.exe Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-163 August 22, 2012 - -- CVE ID: - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affected

[Full-disclosure] ZDI-12-164 : (0Day) HP Intelligent Management Center img.exe Integer Wrap Remote Code Execution Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ZDI-12-164 : (0Day) HP Intelligent Management Center img.exe Integer Wrap Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-164 August 22, 2012 - -- CVE ID: - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - --

[Full-disclosure] ZDI-12-165 : (0Day) HP Operations Agent for NonStop Server HEALTH Packet Parsing Remote Code Execution Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ZDI-12-165 : (0Day) HP Operations Agent for NonStop Server HEALTH Packet Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-165 August 22, 2012 - -- CVE ID: - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - --

[Full-disclosure] ZDI-12-166 : (0Day) HP LeftHand Virtual SAN Appliance Unauthenticated Access Remote Command Execution Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ZDI-12-166 : (0Day) HP LeftHand Virtual SAN Appliance Unauthenticated Access Remote Command Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-166 August 22, 2012 - -- CVE ID: - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - --

[Full-disclosure] -==SEC-T 2012 Invitation==-

-== SEC-T 2012 Invitation ==- www.sec-t.org cf164d0f320ceb401ff3c25c225b09ab Dear insert appropriate hyperbalic description of yourself. You are hereby invited to participate in SEC-T 2012. The annual SEC-T conference is taking place between 13th and 14th of September at Fotografiska

[Full-disclosure] Vulnerabilities in JW Player Pro

Hello list! I want to warn you about security vulnerabilities in JW Player Pro. These are Content Spoofing and Cross-Site Scripting vulnerabilities. In June I've wrote about vulnerabilities in JW Player (http://securityvulns.ru/docs28176.html). And these are vulnerabilities in licensed version