[FD] D-RamPage: POC for zero-risk row-hammer exploitation

2015-03-16 Thread halfdog
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello List, Although I have no row-hammer affected hardware, I tried to build a POC that allows zero-risk exploitation of row-hammer affected DRAM setups, see [1]. The main idea of the POC is to * reserve complete rows of physical pages (verified

[FD] Citrix Netscaler NS10.5 WAF Bypass via HTTP Header Pollution

2015-03-16 Thread Onur Alanbel
Document Title: Citrix Netscaler NS10.5 WAF Bypass via HTTP Header Pollution Release Date: === 12 Mar 2015 Product Service Introduction: Citrix NetScaler AppFirewall is a comprehensive application security solution that blocks known and unknown

[FD] Defense in depth -- the Microsoft way (part 30): on exploitable Win32 functions

2015-03-16 Thread Stefan Kanthak
Hi @ll, since Microsoft won't -- despite (hopefully not only) my constant nagging and quite some bug reports about unquoted command lines for more than a dozen years now -- fix the BRAINDEAD behaviour of Windows' CreateProcess*() functions to play tryerror instead of returning on error to their

[FD] Multiple Buffer Overflows in Diagnostic Troubleshooting Wizard - msdt.exe - Win 8.0 Pro - x64

2015-03-16 Thread Nick Prowse
Multiple Buffer Overflows in Diagnostic Troubleshooting Wizard Researcher: Nicholas Prowse Filename: msdt.exe MD5:   (coming soon) File size:  1024000 bytes Operating System: Windows 8.0 OS Version: Pro Architecture: x64 Description field in Procmon: Buffer Overflow Operations

[FD] Multiple Buffer Overflows in .NetFramework v4.03 - Win 8.0 Pro - x64

2015-03-16 Thread Nick Prowse
Multiple Buffer Overflows in .NetFramework v4.03 Researcher: Nicholas Prowse Filename: ngen.exe MD5: ca72696a9861f14cf76f1637b8e6bc44File size: 139264 bytes Operating System: Windows 8.0 OS Version: Pro Architecture: x64 Description: MS Common Language Runtime Native Compiler Image Path:

Re: [FD] 'Rowhammer' - Software-triggered DRAM corruption

2015-03-16 Thread Nick Boyce
On 12 March 2015 at 20:31, Aris Adamantiadis a...@badcode.be wrote: Le 12/03/15 17:00, Nick Boyce a écrit : ... Google was only able to make the attack work on laptops - desktop machines so far remaining unaffected. [I *knew* it was a good idea to hang on to that old Athlon XP desktop :-)]

Re: [FD] 'Rowhammer' - Software-triggered DRAM corruption

2015-03-16 Thread Dirk-Willem van Gulik
On 13 Mar 2015, at 11:32, fulldisclosure fulldisclos...@evolution-hosting.eu wrote: Am 12.03.2015 um 21:31 schrieb Aris Adamantiadis: Le 12/03/15 17:00, Nick Boyce a écrit : Also, this may only affect SODIMMs, not DIMMs, as Google was only able to make the attack work on laptops -

Re: [FD] 'Rowhammer' - Software-triggered DRAM corruption

2015-03-16 Thread fulldisclosure
Am 12.03.2015 um 21:31 schrieb Aris Adamantiadis: Le 12/03/15 17:00, Nick Boyce a écrit : Also, this may only affect SODIMMs, not DIMMs, as Google was only able to make the attack work on laptops - desktop machines so far remaining unaffected. [I *knew* it was a good idea to hang on to that

[FD] 724CMS 5.01 Multiple Information Leakage Security Vulnerabilities

2015-03-16 Thread Jing Wang
*724CMS 5.01 Multiple Information Leakage Security Vulnerabilities* Exploit Title: 724CMS Multiple Information Leakage Security Vulnerabilities Vendor: 724CMS Product: 724CMS Vulnerable Versions: 3.01 4.01 4.59 5.01 Tested Version: 5.01 Advisory Publication: March 14, 2015 Latest

[FD] 724CMS 5.01 Multiple SQL Injection Security Vulnerabilities

2015-03-16 Thread Jing Wang
*724CMS 5.01 Multiple SQL Injection Security Vulnerabilities* Exploit Title: 724CMS Multiple SQL Injection Security Vulnerabilities Vendor: 724CMS Product: 724CMS Vulnerable Versions: 3.01 4.01 4.59 5.01 Tested Version: 5.01 Advisory Publication: March 14, 2015 Latest Update: March 14,