4196 matches found
Nmap NSE 6.01: smb-server-stats
Attempts to grab the server's statistics over SMB and MSRPC, which uses TCP ports 445 or 139. An administrator account is required to pull these statistics on most versions of Windows, and Vista and above require UAC to be turned down. Some of the numbers returned here don't feel right to me, but...
Nmap NSE 6.01: smb-security-mode
Returns information about the SMB security level determined by SMB. Here is how to interpret the output: User-level authentication: Each user has a separate username/password that is used to log into the system. This is the default setup of pretty much everything these days. Share-level...
Nmap NSE 6.01: smb-enum-shares
Attempts to list shares using the 'srvsvc.NetShareEnumAll' MSRPC function and retrieve more information about them using 'srvsvc.NetShareGetInfo'. If access to those functions is denied, a list of common share names are checked. Finding open shares is useful to a penetration tester because there...
CVE-2012-5952
IBM WebSphere Message Broker 6.1 before 6.1.0.12, 7.0 before 7.0.0.6, and 8.0 before 8.0.0.2 does not validate Basic Authentication credentials before proceeding to WS-Addressing and WS-Security operations, which allows remote attackers to trigger transmission of unauthenticated messages via...
IBM Lotus Domino 8.5.3 XSS / CSRF / Redirection
Hello list! These are Cross-Site Request Forgery, Cross-Site Scripting and Redirector vulnerabilities in IBM Lotus Domino. At 30th of November IBM released the advisory concerning these vulnerabilities. CVE ID: CVE-2012-4842, CVE-2012-4844. SecurityVulns ID: 12789. IBM Security Bulletin for Open...
Google Chrome Silent HTTP Authentication
Exploit for multiple platform in category dos / poc VULNERABILITY DETAILS The latest version of Google Chrome Tested on Version 24.0.1312.57 fails to properly recognize HTTP Basic Authentication when injected in various HTML tags. As a result of this behavior Chrome will not alert the user when...
CVE-2012-6451 Authentication Bypass in LOREX IP Cameras
Product: Lorex LNC116 and LNC104 IP Cameras Vendor: LOREX Technology Inc. Vulnerability Type: Authentication Bypass Vulnerable Firmware Versions: 030312 and earlier Tested Firmware Version: 030312 Fixed Firmware Version: 030405 Solution Status: Fixed by Vendor Vendor Notification: December 22, 20...
Google Chrome - Silent HTTP Authentication
Exploit Title: Google Chrome Silent HTTP Authentication Date: 2-5-2013 Exploit Author: T355 Vendor Homepage: http://www.google.com/chrome Version: 24.0.1312.57 Tested on: Tested on: Windows 7 & Mac OSX Mountain Lion CVE : n/a VULNERABILITY DETAILS The latest version of Google Chrome Tested on...
Not being able to create webhooks with basic authentication.
panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/JRACLOUD-31953. panel Using the procedures to use basic auth described on https://extranet.atlassian.com/display/SUPPORT/Webhooks+readiness+for+JIRA+5...
Not being able to create webhooks with basic authentication.
panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion|http://jira.atlassian.com/browse/JRASERVER-31953. panel Using the procedures to use basic auth described on...
Not being able to create webhooks with basic authentication.
Using the procedures to use basic auth described on https://extranet.atlassian.com/display/SUPPORT/Webhooks+readiness+for+JIRA+5.2 we are getting a "Invalid URL" message. !https://jira.atlassian.com/secure/attachment/85015/webhookserror.png! workaround For Atlassian applications, the REST plugin ...
Lorex LNC116 / LNC104 IP Camera Authentication Bypass Vulnerability
Lorex LNC116 and LNC104 IP cameras only perform basic authentication on the main login page. If you perform direct browsing to any other interface, you are not forcibly authenticated. Product: Lorex LNC116 and LNC104 IP Cameras Vendor: LOREX Technology Inc. Vulnerability Type: Authentication Bypa...
Lorex LNC116 / LNC104 IP Camera Authentication Bypass
Product: Lorex LNC116 and LNC104 IP Cameras Vendor: LOREX Technology Inc. Vulnerability Type: Authentication Bypass Vulnerable Firmware Versions: 030312 and earlier Tested Firmware Version: 030312 Fixed Firmware Version: 030405 Solution Status: Fixed by Vendor Vendor Notification: December 22, 20...
CVE-2012-3310
TFIM (IBM Tivoli Federated Identity Manager) is affected in versions 6.1.1.14, 6.2.0.12, and 6.2.1.4 (pre-6.2.2). The vulnerability arises when a logging configuration set to all enables trace logging that exposes sensitive credentials in log files: (1) LDAP bind password, (2) keystore passwords,...
Malware behind Microsoft Excel-based Sudoku generator
Sudoku is one such game that I believe will benefit your brain, but now not for your system. Peter Szabo from SophosLabs have identified a piece of malware that resides behind a Microsoft Excel-based Sudoku generator. The Malware developed in Visual Basic requires macros, a scripting language tha...
Cisco DPC2420 - Multiples Vulnerabilities
Cisco DPC2420 - Multiples Vulnerabilities -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - Title: DPC2420 Multiple vulnerabilities - Author: Facundo M. de la Cruz tty0 - E-mail: [email protected] =20 0x00 Details Vendor : Cisco Model : DPC2420 type : Cablemodem router.=20 Firmware:...
Cisco DPC2420 Cross Site Scripting / File Disclosure
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - Title: DPC2420 Multiple vulnerabilities - Author: Facundo M. de la Cruz tty0 - E-mail: [email protected] 0x00 Details Vendor : Cisco Model : DPC2420 type : Cablemodem router. Firmware: D2425-P10-13-v202r12811-110511as-TRO.bin Software:...
Cisco DPC2420 - Multiples Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - Title: DPC2420 Multiple vulnerabilities - Author: Facundo M. de la Cruz tty0 - E-mail: [email protected] =20 0x00 Details Vendor : Cisco Model : DPC2420 type : Cablemodem router.=20 Firmware: D2425-P10-13-v202r12811-110511as-TRO.bin Software:...
Review : Hacking S3crets - beginners guide to practical hacking
Most of People are curious to become Hackers, but they do not know where to start, If you are in the same situation, then "Hacking S3crets" Book will guide you through the basic and advanced steps of Hacking and will help you develop The Hacker Attitude. Author Sai Satish, and Co-Author K...
Review : Hacking S3crets - beginners guide to practical hacking
Most of People are curious to become Hackers, but they do not know where to start, If you are in the same situation, then "Hacking S3crets" Book will guide you through the basic and advanced steps of Hacking and will help you develop The Hacker Attitude. Author Sai Satish, and Co-Author K...