Uninformed is pleased to announce the release of its tenth volume which is composed of 4 articles: Can you find me now? Unlocking the Verizon Wireless xv6800 (HTC Titan), Using dual-mappings to evade automated unpacker, Analyzing local privilege escalations in win32k, and Exploiting Tomorrow's Internet Today: Penetration testing with IPv6.

An Oracle DB user which has been granted CREATE ANY DIRECTORY can use that system privilege to grant themselves the SYSDBA system privilege by creating a DIRECTORY pointing to the password file location on the OS and then overwriting it with a previously prepared known binary password file using UTL_FILE.PUT_RAW from within the DB. This paper will show how the issue can be exploited and most importantly how to secure against it.

Web Vulnerabilities To Gain Access To The System - A paper that goes into detail on the exploitation of local/remote file inclusion and blind SQL injection vulnerabilities.

Whitepaper discussing how to exploit vulnerable SMB instances on Microsoft Windows XP using Metasploit.

Fucking the Web Apps - LFI #1. Written in Spanish.

This is a list of fuzzing vectors used in order to trigger directory traversal vulnerabilities. It is quite a huge list composed using different encodings and bizarre attack patterns reported in several vulnerability advisories.

Whitepaper discussing methodologies and logistics to targeting Voice Over IP (VoIP) networks.

This paper discusses injection into Oracle PL/SQL databases objects.

ShellCode For Beginners - A short whitepaper discussing what defines shellcode and simple fundamentals surrounding its use.

35 byte setresuid(0,0,0) /bin/sh shellcode for linux/x86.