> Because admin accounts are attacked religiously. Hashes for most common
> passwords up to 8 chars can easily (within hours) be cracked and known.
> Once someone can uncover an admin password all bets are off.
>

If someone is able to obtain the hashes, bets were off a long time
ago, no? As for at

[ more ]  [ reply ]

[MajorSecurity #23] BLOG:CMS <= 4.0.0j - XSS and cookie disclosure

-------------------------------------------------------------------

Software: BLOG:CMS

Version: 4.0.0j

Type: Cross site scripting

Made public: July, 22th 2006

Vendor: F-ART AGENCY, Ltd. - Radek Hulán

Page: http://

[ more ]  [ reply ]

I already publish that vulnerability at bugtraq.

See http://www.securityfocus.com/bid/18876 and http://www.securityfocus.com/archive/1/439451.

Thx

[ more ]  [ reply ]

i programing scripit for passing the safe mode

the code

<head>

<meta http-equiv="Content-Language" content="en-us">

<title></title>

<body bgcolor="#000000" text="#00FF00">

<b>

<font size=-2 face=verdana color=white>

<a bookmark="minipanel" style="font-weight: normal; color: #dadada; font

[ more ]  [ reply ]

New CVE documents have been published recently to clarify the existence of several 0-day type issues in Microsoft PowerPoint.
These are based to three PoCs posted to Bugtraq on Saturday 15th July.

CVE-2006-3655 - Unspecified vulnerability in mso.dll allows executing arbitrary code

CVE-2006-3656 -

[ more ]  [ reply ]

#############################SolpotCrew Community################################

#

# com_trade Remote File Inclusion (mosConfig_absolute_path)

#

# original advisory : http://solpotcrew.org/adv/BlueSpy-adv-com_trade.txt

#

###################################################################

[ more ]  [ reply ]

this exploit won't work. the myadmindir variable is set before any GET variables are processed. sanitation is performed in the previous file.

[ more ]  [ reply ]

You probably are who you say you are, and you probably own the accounts
these passwords are from, but could not someone post a bunch of NTLM
hashes and ask the world to crack them for him? Even if he dint' own the
accounts?

So, is this a social engineering test as well?

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 1119-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
July 22nd, 2006

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 1118-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
July 22nd, 2006

[ more ]  [ reply ]

Hi,

I believe I've found a low level security hole relating to the way IPCalc's
CGI wrapper sanitises input, which allows Javascript injection.

Hole is considered low since IPCalc's CGI wrapper has no privileged
functionality, however of course it might be possible to use it as a vector
to atta

[ more ]  [ reply ]

[MajorSecurity #24] Fire-Mouse TopList <=v1.1 - Cross Site Scripting

------------------------------------------------------------------------
----------------

Software: Fire-Mouse TopList v1.1

Version: 1.1

Type: Cross site scripting

Vendor: Fire-Mouse.com

Page: http://www.fire-mouse.

[ more ]  [ reply ]

[MajorSecurity #25] Advanced Guestbook 2.4 for phpBB - Multiple XSS and SQL-Injection Vulnerabilities

------------------------------------------------------------------------
----------------

Software: Advanced Guestbook for phpBB

Version: 2.4

Type: Cross site scripting + SQL Injection

M

[ more ]  [ reply ]

.:. MicroGuestBook Remote XSS Bug .:.

Date:

-----

July 2006, 22

Product:

--------

MicroGuestBook Latest Version

Vendor:

-------

http://www.phptoys.com

Description:

------------

Micro guestbook is a MySQL based guestbook script with a CSS based attractive interface. It can

[ more ]  [ reply ]

Microsoft Internet Explorer Content-Type Denial Of Service Vulnerability

-\Vulnerable:

Microsoft Internet Explorer 6.0 SP2

Microsoft Internet Explorer 6.0 SP1

Microsoft Internet Explorer 6.0

- Microsoft Windows 2000 Advanced Server SP2

- Microsoft Windows 2000 Advanced Server SP2

- Microsof

[ more ]  [ reply ]

Hallo

If you modify the code in bid 17404 in such a way:

win = window.open('http://server/prova.zip','new')

pause (2000)

the user will see the page opening of correct site, and then download alert from original file site (server)

Obviusly the alert form show the real, but if no dns resolu

[ more ]  [ reply ]

Hi, thank you for reporting this problem. I am Paul, the author of the software, so I would like to do everything possible to correct this issue. The free version of my software is not open source, and not that the encryption is protecting it very well, I'm sure a good hacker could crack the encrypt

[ more ]  [ reply ]

I'm saying if faced with increasing the strength of my passwords, I
value length over complexity.

Case in point, a large city I consult for said they are moving their
passwords from 5 character minimum to 8 characters and complex. (yeah, I
had to stop coughing too...but 5 character minimums aren't

[ more ]  [ reply ]

What about D-Link DI-524 Rev. B2? Is it vulnerable too? has it been fixed for this model?

[ more ]  [ reply ]

Sun Microsystems Solaris sysinfo() Kernel Memory Disclosure Vulnerability

iDefense Security Advisory 07.20.06
http://www.idefense.com/application/poi/display?type=vulnerabilities
July 20, 2006

I. BACKGROUND

Solaris is a UNIX operating system developed by Sun Microsystems.

II. DESCRIPTION

Local

[ more ]  [ reply ]

Title : MiniBB Forum <= 1.5a Remote File Include (search.php-whosOnline.php)
########################################################################
#######

Discovered By :::: {{AG-Spider & KaBaRa.HaCk .eGy}}

------------------------------------------------------------------------
-----

Affected

[ more ]  [ reply ]