2133 matches found
crypt_blowfish: 8-bit character mishandling allows different password pairs to produce the same hash
cryptblowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash...
ECshop 2.7.2 XSS
简要描述: 过滤不严 详细说明: 缺货登记-联系人处可保存任意脚本 漏洞证明: 脚本可利用privilege.php中update管理员的邮箱,通过找回密码,获取邮箱...
DarkComet-RAT v4.2 fwb (Firewall bypass)
DarkComet-RAT v4.2 fwb Firewall bypass This version is firewall bypass it will inject to web browsers and bypass firewall rules. Targets are in this order : Firefox, Opera, Chrome, Safari, Internet Explorer and Explorer if all fails normally never then it runs normally. Notice now you can use...
DarkComet-RAT v4.2 fwb (Firewall bypass)
DarkComet-RAT v4.2 fwb Firewall bypass This version is firewall bypass it will inject to web browsers and bypass firewall rules. Targets are in this order : Firefox, Opera, Chrome, Safari, Internet Explorer and Explorer if all fails normally never then it runs normally. Notice now you can use...
Russian firm Elcomsoft unveils tool to crack BlackBerry encryption security
Russian firm Elcomsoft unveils tool to crack BlackBerry encryption security A Russian security company has upgraded a phone-password cracking suite with the ability to figure out the master device password for Research in Motion's BlackBerry devices. Elcomsoft said that before it developed the...
Russian firm Elcomsoft unveils tool to crack BlackBerry encryption security
Russian firm Elcomsoft unveils tool to crack BlackBerry encryption security A Russian security company has upgraded a phone-password cracking suite with the ability to figure out the master device password for Research in Motion's BlackBerry devices. Elcomsoft said that before it developed the...
shopex密码取回处新生成密码可预测漏洞
简要描述: shopex在找回密码的地方存在一些逻辑设计问题,导致可以预测新生成的密码,可能被用来攻击获取他人密码 详细说明: 相关代码 /core/shop/controller/ctl.passport.php中: function sendPSW $this-begin$this-system-mkUrl'passport','lost'; $member=&$this-system-loadModel'member/member'; $data=$member-getMemberByUser$POST'uname';...
PayPal vulnerability : Hack any Paypal account within 30 seconds
PayPal vulnerability : Hack any Paypal account within 30 seconds UPDATE : This has been debunked, Paypal accounts are safe. https://thenextweb.com have spoken in depth to Matt Langley, the person who discovered the supposed issue, and it's clear why he assumed there was a serious security breach...
Facebook Password Extractor - Get passwords stored in Web browsers
Facebook Password Extractor - Get passwords stored in Web browsers Facebook Password Extractor is a free tool to recover passwords to Facebook accounts that are stored or cached in popular Web browsers. Supporting the latest versions of Microsoft Internet Explorer, Mozilla Firefox, Apple Safari,...
Vendor's List Of Backdoor Accounts Leaked Online
An internal document listing the backdoor accounts for switches manufactured by networking equipment vendor Allied Telesis was circulating online Friday, a day after an internal support page providing instructions on accessing hard coded back door accounts in the company’s products was found to b...
Cain & Abel 4.9.40 released , Download now !
Cain & Abel 4.9.40 released , Download now ! Cain & Abel is a password recovery tool for Microsoft operating systems.It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using dictionary and brute force attacks, decoding scrambled passwords,...
MC Content Manager 10.1.1 Cross Site Scripting
Hello list! I want to warn you about Cross-Site Scripting, Abuse of Functionality and Insufficient Anti-automation vulnerabilities in MC Content Manager. It's Ukrainian commercial CMS. ------------------------- Affected products: ------------------------- Vulnerable are potentially all versions o...
Cain & Abel v4.9.39 updated version Download !
Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords,...
How to Recover iPhone Passwords in Six Minutes
Smartphone security has jumped to the top of the list of concerns for many IT security staffs and one of the main reasons for that is the epidemic of lost and stolen smartphones. Many of those devices have only minimal password protection, and now researchers in Germany have devised a new techniq...
The Blackbuntu Community Edition Download !
The Blackbuntu Community Edition is a Linux Live-CD based on Ubuntu 10.10 which was specially designed for security training students and practitioners of information security. Another tool for penetration testers collection that could be considered as a competition for Pentoo. It supports the...
Gawker Roadkill? How To Find Out and Recover
CLARIFICATION: This story corrects information concerning the availability of the stolen account names and passwords online. Millions of Web users are waking up to news that broke over the weekend that systems belonging to Gawker Media were hacked and password data on millions of user accounts...
GeoHttpServer - Remote Denial of Service
GeoHttpServer - Remote Denial of Service !/usr/bin/perl Exploit Title: GeoHttpServer remote DoS Date: 7-5-2010 Author: aviho1 vendor: GeoVision Version: all info: the password recovery page does not properly validate user-supplied password ,causing a dos. use IO::Socket; my $host = shift ||...
ubuntu 9.10 forget the root password solution-vulnerability warning-the black bar safety net
This method is applicable to the can physical contact with the machine. 1. Boot hold down the Shift key to enter Grub menu. 2. Press e to modify the first“Ubuntu, 2.6. xxx-generic” 3. Modify the penultimate line 2,“linux /boot/vmlinuz... ro quiet splash”to“linux /boot/vmlinuz... rw single...
CVE-2008-7188
ClipShare 2.6 does not properly restrict access to certain functionality, which allows remote attackers to change the profile of arbitrary users via a modified uid variable to siteadmin/useredit.php. NOTE: this can be used to recover the password of the user by using the modified e-mail address i...
CVE-2008-7188
CVE-2008-7188 affects ClipShare 2.6, where an attacker can bypass access restrictions by altering a uid parameter in siteadmin/useredit.php to modify arbitrary user profiles. This can be combined with using the manipulated email to trigger recoverpass.php, potentially recovering a user’s password...