Full Disclosure: Re: list of vulnerabilities discovered by realpentesting

Re: list of vulnerabilities discovered by realpentesting

From: Pedro Guillen <pgn.pedroguillen () gmail com>
Date: Mon, 02 Sep 2013 17:43:42 +0200

For CVE-2013-5656 and CVE-2013-5660 we did a exploit in order to proof
the exploitabilty. You can find it in exploit-db, packet-storm, etc..

For the the other we just only proof them in our blog. You can get all
the information in the advisory page in realpentesting.blogspot.com

http://www.exploit-db.com/exploits/25131/
http://www.exploit-db.com/exploits/25130/

Hope i resolve some of your questions!

Pedro Guillén Núñez
GXPN, OSCE
Hacking as a way of live!

El 02/09/13 15:18, Z'micier Januszkiewicz escribió:

With all due respect, good sir... where's the root cause analysis?
Proof-of-concept files? Anything? Windbg dump doesn't really count as
a proof, you know, since anyone can fake it.


2013/9/2 Pedro Guillen <pgn.pedroguillen () gmail com
<mailto:pgn.pedroguillen () gmail com>>

    HI all!

    I'm part of realpentesting members and although these
    vulnerability was
    published some moths ago, now we can publicity with these CVEs
    identifiers.
    Also you can get more information about the vulnerablities which we
    discovered in http://realpentesting.blogspot.com.es/p/advisories.html

    Buffer overflow in fuzezip v.1.0 (CVE-2013-5656)
    (http://realpentesting.blogspot.com.es/p/blog-page.html)
    Mutiple vulnerabilities in pwstore 2010.8.30.0 (CVE-2013-5657
    (DoS), CVE-2013-5658 (XSS))
    http://realpentesting.blogspot.com.es/p/pwstore.html
    User Mode Write Access Violation in Wiz 5.0.3 (CVE-2013-5659)
    http://realpentesting.blogspot.com.es/p/realpentesting-advisory-title-user-mode.html
    Buffer overflow in Winarchiver V.3.2 (CVE-2013-5660)
    http://realpentesting.blogspot.com.es/p/blog-page_3.html

    This is the first time that i write to the list so sorry if i need to
    put something different in the mail subject
    Regards

    Pedro Guillén Núñez
    GXPN, OSCE
    Hacking as a way of live!

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.grok.org.uk/full-disclosure-charter.html
    Hosted and sponsored by Secunia - http://secunia.com/




_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

By Date By Thread

Current thread:

Re: Defense in depth -- the Microsoft way (part 9): erroneous documentation Stefan Kanthak (Sep 02)
- list of vulnerabilities discovered by realpentesting Pedro Guillen (Sep 02)
  - Re: list of vulnerabilities discovered by realpentesting Źmicier Januszkiewicz (Sep 02)
    - Re: list of vulnerabilities discovered by realpentesting Mgr . Martin Žember (Sep 02)
    - Re: list of vulnerabilities discovered by realpentesting Pedro Guillen (Sep 03)