thinking it could back any of their paranoias.
What else do we need to discuss here? I think it's time to stop this
conversation. And, yes, I know that sending an e-mail to ask for
stopping a conversation on FD is stupid too.
Regards,
Joxean Koret
signature.asc
Description: This is a digitally
Oh, no, please not again. Are we going to talk one more fucking time
about the ethics of 0-days? Please no.
Is a delay of a year before reporting to the vendor, acceptable?
Thanks, Paul
Paul Szabo p...@maths.usyd.edu.au
http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and
Hahahahahaha. Sorry.
Yes, a better idea would be to educate and inform developers.
signature.asc
Description: This is a digitally signed message part
___
Full-Disclosure - We believe in it.
Charter:
... was and in the future? As it
makes no sense, I sent Oracle an e-mail asking for details about the
fix:
On 4/19/2012 12:53 PM, Joxean Koret wrote:
(...)
How can customers with current versions installed fix this
vulnerability? Do they have to wait until the next version? Just out
of curiosity
part of this advisory.
Contact
---
The vulnerability was found by Joxean Koret in 2008.
All your listeners are belong to us...
signature.asc
Description: This is a digitally signed message part
___
Full-Disclosure - We believe in it.
Charter
Sorry men, there is no exploit for Linux Kernel(TM) 2011. But you have
exploits for Linux XP.
I would like to know is there any local root exploit exist for linux
kernel 2011 .
signature.asc
Description: This is a digitally signed message part
___
But they don't work if EMET for Linux OS 9 is installed.
El mié, 18-05-2011 a las 07:04 -0700, Paul Heinlein escribió:
This is so true, and it's maddening because those same exploits were
also present in Linux OS 9. You won't have to dig hard to find them.
signature.asc
Description: This is
don't want to view the slides online or you hate (or
fear) Flash as I do, you can download the slides from my website [3] in
ODP format.
[1] Online slides: http://bit.ly/c80WeS
[2] RootedCon conference: http://www.rootedcon.es/
[3] Slides: www.joxeankoret.com/odp/vulns_r12.odp.bz2
Regards,
Joxean
files),
similar office documents, etc...
--- El mar, 5/1/10, T Biehn tbi...@gmail.com escribió:
De: T Biehn tbi...@gmail.com
Asunto: Re: [Full-disclosure] [Tool] DeepToad 1.1.0
Para: Dan Kaminsky d...@doxpara.com
CC: Joxean Koret joxeanko...@yahoo.es, Full Disclosure
full-disclosure
References:
[1] http://ssdeep.sourceforge.net/
[2] http://www.gnu.org/licenses/lgpl.html
Regards Happy new year!
Joxean Koret
signature.asc
Description: This is a digitally signed message part
___
Full-Disclosure - We believe in it.
Charter: http
Hi,
Happy new year! Attached goes and advisory for one of the recently fixed
Oracle vulnerabilities in the product Oracle Secure Backup.
Regards,
Joxean Koret
Oracle Secure Backup 10g Remote Code Execution
==
Product Description
Hi again,
Attached goes and advisory for the unique vulnerability in Oracle
TimesTen fixed in the Oracle Critical Patch Update January 2009.
Cheers!
Joxean Koret
Oracle TimesTen Remote Format String
Product Description
===
Oracle TimesTen
://ingumadev.blogspot.com
Corporative:
http://www.joxeankoret.com
Regards,
Joxean Koret
signature.asc
Description: This is a digitally signed message part
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted
/blog/?p=33
Corporative
http://www.joxeankoret.com
Regards,
Joxean Koret
signature.asc
Description: This is a digitally signed message part
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted
Sourceforge.net Project's Page
http://sourceforge.net/projects/inguma/
Thanks Regards,
Joxean Koret
signature.asc
Description: This is a digitally signed message part
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure
demonstrations is
provided as is without any warranty of any kind.
I am not liable for any direct or indirect damages caused as a result of
using the information or demonstrations provided in any part of this
advisory.
Contact
---
Joxean Koret - joxeankoret[at]yahoo[dot]es
References
--
http
Hi to all,
Inguma version 0.0.7.2 has been released. In this version I have added
new modules and exploits, fixed many, many, many bugs as well as
enhancing existing modules, such as the Oracle related stuff.
PyShellcodelib has been enhanced as well and now supports Mac OS X. But,
for the
responsability.
And second, there are many ways to bypass authentication in Oracle
E-Business Suite, at least in version 11i, I'm not sure if the same
problems applies to R12. I can't release more details right now.
Thanks,
Joxean Koret
On jue, 2007-11-01 at 12:00 +,
[EMAIL PROTECTED] wrote:
Message: 8
Hi,
I write a presentation for a friend about how to bypass Oracle
Database Vault. It may be interesting for someone else...
You can download the presentation Oracle Database Vault: The world is not
pink and I'm root at:
http://inguma.sourceforge.net/docs/oracle_database_vault_en.pdf
Joxean
and 2000.
* Enhanced the Oracle PL/SQL Fuzzer. Now, if you redirect the output
only the vulnerabilities found are logged, all the rest of the output
are written to stderr.
Regards,
Joxean Koret
signature.asc
Description: This is a digitally signed message part
/inguma.
Thanks Regards,
Joxean Koret
signature.asc
Description: This is a digitally signed message part
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http
:
The information in this advisory and any of its demonstrations is
provided as is without any warranty of any kind.
I am not liable for any direct or indirect damages caused as a result of
using the information or demonstrations provided in any part of this
advisory.
Contact:
Joxean Koret
the information or
demonstrations provided in any part of this advisory.
Contact:
Joxean Koret - joxeankoret[at]yahoo[dot]es
#!/usr/bin/python
Alpha Centauri Software SIDVault LDAP Server remote root exploit (0days)
import sys
import socket
sc = \xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x4f\x49\x49\x49
Hi,
Did you test it using UNC paths? It may be a way to
truly execute arbitrary code.
Regards,
Joxean Koret
Exploit:
Send a HTML email message containing the URL:
a href=c:/windows/system32/winrm?Click here!/a
or
a href=c:/windows/system32/migwiz?Click here!/a
and winrm.cmd/migwiz.exe gets
Hi to all,
While playing in my home's network with Scapy I found
a vulnerability affecting the wireless services
offered by Zyxel routers with, at least, ZynOS v3.40.
That's the unique model I tested.
The exploit in question:
--
ZynOS v3.40 One
HP FTP Printer Server Denial Of Service
---
Author: Joxean Koret
Date: 2006
Location: Basque Country
Affected Software
-
Vendor: Hewlett Packard
Description: HP Printers FTP Server Denial Of Service
Description
---
A problem exists
a little with the POC to view if it affects OOffice in a way
that code execution is possible.
---
Joxean Koret
for something a little more technical
This is an email I sent someone else. (sorry mate, ill give a few
other ones for the 'project' :) )
I do not know of any fuzzer that would find
something else.
Anyway, attached goes POCs for PostgreSQL which makes postmaster service
consume 100% CPU resources and the tools.
---
Joxean Koret
#!/usr/bin/python
Informix Database Functions Fuzzing Tool
Copyright (c) 2005, 2006 Joxean Koret, joxeankoret [at] yahoo.es
This program is free
.
Well, if you find it interesting or if you have any question about, any
criticism, etc... Don't heasitate to contact me. Take fun.
---
Joxean Koret
---
Agian, agian, egün batez
jeikiko dira egiazko Ziberotarrak,
egiazko eüskaldünak,
tirano arrotzen hiltzeko
eta
of this advisory.
---
Contact
---
Joxean Koret at @yah00dotes
__
LLama Gratis a cualquier PC del Mundo.
Llamadas a fijos y móviles desde 1 céntimo por minuto
.
---
Contact
---
Joxean Koret at @yah00dotes
__
LLama Gratis a cualquier PC del Mundo.
Llamadas a fijos y móviles desde 1 céntimo por minuto.
http://es.voice.yahoo.com
dos.py
Description
of this advisory.
---
Contact
---
Joxean Koret at @yah00dotes
__
LLama Gratis a cualquier PC del Mundo.
Llamadas a fijos y móviles desde 1 céntimo por minuto
string.
--
Regards,
Joxean Koret
--- K F (lists) [EMAIL PROTECTED]
escribió:
what does %x and %n do? It may just be a format
string problem.
__
LLama Gratis a cualquier PC del Mundo.
Llamadas a fijos y
exploitable?
---
Thanks in advance,
Joxean Koret
signature.asc
Description: Esta parte del mensaje está firmada digitalmente
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored
in this advisory and any of its
demonstrations is provided as is without any
warranty of any kind.
I am not liable for any direct or indirect damages
caused as a result of using the information or
demonstrations provided in any part of this advisory.
Contact
---
Joxean Koret at @yah00dotes
finding for?
Thanks Regards,
Joxean Koret
--
Zer gutxi balio duen langileen bizitza
signature.asc
Description: Esta parte del mensaje está firmada digitalmente
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure
Hi,
An exploit for it have been released with the latest Metasploit
framework.
--
Zer gutxi balio duen langileen bizitza
signature.asc
Description: Esta parte del mensaje está firmada digitalmente
___
Full-Disclosure - We believe in it.
Charter:
Hi to all!
Anyone knowns what is the f*ng security contact for IBM AIX?
--
Zer gutxi balio duen langileen bizitza
signature.asc
Description: Esta parte del mensaje está firmada digitalmente
___
Full-Disclosure - We believe in it.
Charter:
on this email in any way. If you have received
this email in error, please notify the sender immediately by telephone or email
and destroy it, and all copies of it.
- Original Message -
From:
Joxean
Koret
To:
Blanca Pons de Dalmases ; full-disclosure@lists.grok.org.uk
Sent
The advisory talk about 3 vulnerabilities1) File upload issues (related with your patch).2) Sql injection and path disclosure.3) Clear text autentication.I can assume that sysadmin could force https by himself, but... really the 2nd vuln is not related with eBD?
On 6/16/06, Blanca Pons de Dalmases
Hi,
We don't determine what application running in the virtual environment
is malicious or not, so therefore this is not a replacement for
signature based protection systems. Most anything can run in the
environment, it just can't modify local resources. This is great
protection for 0-day
.
Regards,
Joxean Koret
Disclaimer
--
The information in this advisory and any of its
demonstrations is provided as is without any
warranty of any kind.
I am not liable for any direct or indirect damages
caused as a result of using the information or
demonstrations provided in any part
Kindest regards
Advisory - Biometric_devices.pdf
Description: Adobe PDF document
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Hi Kramer (or Kralor?),
El sáb, 06-05-2006 a las 05:29 +0200, Iván Rodriguez Almuiña escribió:
Great,
and doing, Start-Run... you can execute programs!
that's amazing!!! :)
Wow! I think you should write a paper about this!
seriously, grab some doc about how AntiViruses work
and then post
warranty of any kind.
I am not liable for any direct or indirect damages
caused as a result of using the information or
demonstrations provided in any part of this advisory.
---
Contact:
Joxean Koret
Hi to all!
In the latest Firebird release (1.5.3) various security problems has
been fixed. Attached goes an advisory about 2 of these.
---
Joxean Koret
---
Buffer Overflow and Installation Script Error
Fuck you too and close the fucking list!
no disclosure for life!On 10/24/05, John Cartwright [EMAIL PROTECTED] wrote:
On Mon, Oct 24, 2005 at 06:23:15PM +0200, Joxean Koret wrote: On 10/24/05, Fernando Gont [EMAIL PROTECTED] wrote: Feedback is welcome, noise should go to /dev/null.
Then move
On 10/24/05, Fernando Gont [EMAIL PROTECTED] wrote:
Feedback is welcome, noise should go to /dev/null.
Then move urself there, looser
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and
Well im agree with you, Zone-H really sucks!
but why the fuck u think that U.S Security Services are able to act around all the world?
Or u dont know any other country than .us ? EOO the rest of the world exists!!!
zone-h is located in estonia and astaroth live in italia ... so call the
Yeah but zone-h defacement area its used to make defacing contest...
One thing is to report that a interesting site have been defaced ...
and other shit its support defacing groups breaking into in
no-one-is-interested website
On 9/27/05, Richard Horsman [EMAIL PROTECTED] wrote:
n3td3v,I
SHUT THE FUCK UP!!! AND FIX YOUR FUCKING WEBSITE!!! WE ARE ALL SICK
OF YOUR BORING E-MAILS MOTHERFUCKER!
http://thor.prohosting.com/fgont/cgi-bin/whois.pl
whois for domain: uname -a
FreeBSD thor.prohosting.com 4.10-RELEASE-p3 FreeBSD 4.10-RELEASE-p3
#0: Fri Nov 5 10:49:09 MST 2004
SHUT THE FUCK UP!!! AND FIX YOUR F%$CK1NG WEBSITE!!! WE ARE ALL SICK
OF YOUR BORING E-MAILS MO/A%SDRF!CKER!
http://thor.prohosting.com/fgont/cgi-bin/whois.pl
whois for domain: uname -a
FreeBSD thor.prohosting.com 4.10-RELEASE-p3 FreeBSD 4.10-RELEASE-p3
#0: Fri Nov 5 10:49:09 MST 2004
---
Various Vulnerabilities in GForge
---
Author: Jose Antonio Coret (Joxean Koret)
Date: 2005
Location: Basque Country
This is also phrack.org box (and teso and hert etc etc...), seems some
articles for the next phrack release, have been stolen:
regards
On 7/20/05, netsniper [EMAIL PROTECTED] wrote:
I had some fun with The Hacker's Choice website and thought some of you
may want to learn from their lack of
Sorry i forgot another one
On 7/20/05, Joxean Koret [EMAIL PROTECTED] wrote:
This is also phrack.org box (and teso and hert etc etc...), seems some
articles for the next phrack release, have been stolen:
regards
On 7/20/05, netsniper [EMAIL PROTECTED] wrote:
I had some fun
55 matches
Mail list logo