The InfoSec Southwest staff are now soliciting papers to be presented at their 2012 conference to be held March 30th through April 1st, 2012 in Austin, Texas.
d9a8b78ff7f095354470943cd115931c553c2ef7ae0abbceba8f8c08fcaa4dd2Whitepaper called Metasploit Framework Telephony.
8ad97e0f40ee20abff399d896a837b73c149d2772681b082896b4784a32ee866This exploit connects to a system's modem over dialup and provides the user with a readout of the login banner.
6e01f6b1ed3484659805eb43e03eb97a23a6273485669abbe6a07c7362a7a728This exploit targets a weakness in the way the ypupdated RPC application uses the command shell when handling a MAP UPDATE request.
7c27019bedb0e26575dc7a9ad1810a98487a76f946e66dee2a85a79237351e19This exploit connects to a system's modem over dialup and exploits a buffer overflow vulnerability in it's System V derived /bin/login. The vulnerability is triggered by providing a large number of arguments.
879fb76e40bddd82af476396294fcefd3b2cf5ce2ed0dcf7a06b1239ed4be912This exploit targets a fairly ubiquitous flaw in DNS implementations which allow the insertion of malicious DNS records into the cache of the target nameserver. This exploit caches a single malicious nameserver entry into the target nameserver which replaces the legitimate nameservers for the target domain. By causing the target nameserver to query for random hostnames at the target domain, the attacker can spoof a response to the target server including an answer for the query, an authority server record, and an additional record for that server, causing target nameserver to insert the additional record into the cache. This insertion completely replaces the original nameserver records for the target domain.
59998e85046f16a5c63dc45a0b65a8c3c0309d28215b39b9b32e8e980b05bf05This exploit targets a fairly ubiquitous flaw in DNS implementations which allow the insertion of malicious DNS records into the cache of the target nameserver. This exploit caches a single malicious host entry into the target nameserver. By causing the target nameserver to query for random hostnames at the target domain, the attacker can spoof a response to the target server including an answer for the query, an authority server record, and an additional record for that server, causing target nameserver to insert the additional record into the cache.
11e910b2fd7ce8685913d022a8c861ee68b58c8de15e6ff4788583be2137f4aaThis Metasploit exploit module targets a weakness in the way the ypupdated RPC application uses the command shell when handling a MAP UPDATE request.
9508276a4fbb171eff7a9532f66f01f74e089238bc4b6dbb7429902506c0fd54Uninformed is pleased to announce the release of its ninth volume. This volume includes 4 articles on reverse engineering and exploitation technology. These articles include - Engineering in Reverse: An Objective Analysis of the Lockdown Protection System for Battle.net. Exploitation Technology: ActiveX - Active Exploitation. Exploitation Technology: Context-keyed Payload Encoding. Exploitation Technology: Improving Software Security Analysis using Exploitation Properties.
23204c2fa4fa808fc62b756a27911c4c41e187e0ee04cf3d9b776e2b1c45f249Myspace.com's navigation menu can be replaced with a malicious menu via CSS code in the attacker's profile.
a3b9d50ae789cce4e96929980808df6b3eace71418a5cdfe6a186d22f8dae2b8imwheel version 1.0.0pre11 uses a predictably named PID file for management of multiple imwheel processes. A race condition exists when the -k command-line option is used to kill existing imwheel processes. This race condition may be used by a local user to Denial of Service another user using imwheel, lead to resource exhaustion of the host system, or append data to arbitrary files.
f6ab085f417793a02d07c3de39249974381b31d162ecd131d00e5b53e4085e33
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed