. Working exploits do.
That's it from me. I'm looking forward to seeing the RCE exploits (be it
client or server side).
Kind regards,
Gynvael Coldwind
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
--
Gynvael Coldwind
___
Full-Disclosure - We believe
attack an admin this way (unless you found some other way to
execute that script in the context of blogger.com - in such case try
reporting it again).
Cheers,
Gynvael Coldwind
On Tue, Jan 22, 2013 at 1:11 AM, ANTRAX antrax...@gmail.com wrote:
I know JZ, but this vulnerability is in the post
Hey,
Here is an example:
An admin has a public webservice running with folders containing
sensitive informations. Enter these folders in his robots.txt and
protect them from the indexing process of spiders. As he doesn't
want the /admin/ gui to appear in the search results he also
Hi Kaveh,
Mario has a point. Why do you care about any bug in winhlp if by
design you can embed a DLL file in the .hlp file and run arbitrary
code?
See e.g. Wikipedia
http://en.wikipedia.org/wiki/WinHelp#WinHelp_appearance_and_features:
A rather security critical feature is that one can also
Well, what can I say - your write up is accurate.
Though last time I've seen it, around 5 years ago, it was still called
DLL spoofing and not DLL hijacking, and was one of the arguments why
carpet bombing (automatic download) in Safair/Chrome must be fixed
:)
E.g.
Hey MustLive,
I'm not sure if I understood your post correctly, so please correct me
if I'm wrong.
The thing you describe sounds similar to the thing described in the
Browser Security Handbook
(http://code.google.com/p/browsersec/wiki/Part3#HTTP_authentication):
Amusingly, its ghost still haunts
Hey,
(SEH -- I assume we're talking MS Windows)
A debugger attached is one solution (since a debugger is notified of
an exception before SEH is executed). PyDbg seems like a good idea,
but it can be done easily using the debugger API of Win32API too (just
forward all events except exceptions to
Hi,
We've published a paper about using 1 or 4 byte write-what-where
condition to convert a custom Data-Segment Descriptor entry in LDT of
a process into a Call-Gate (with DPL set to 3 and RPL to 0).
The paper also contains information about a possible LDT redirecting
into user-land memory.
The
Hi,
I don't think this is a new vulnerability / warning.
I saw it 3 months ago in a comment from an anonymous user (on my blog):
English translation (by me, original was in Polish):
2009-09-24 10:39:34: not one but two well actually 3 :)
I would like to say that as far as session start goes,
10 matches
Mail list logo
