Next Page >>
Login Box
Summary
=======
The Postfix SMTP server has a memory corruption error when the Cyrus
SASL library is used with authentication mechanisms other than PLAIN
and LOGIN (the ANONYMOUS mechanism is unaffected but should not be
enabled for different reasons). See below for instructions to
determine what systems are affected.
Examples of affected Cyrus SASL authentication methods are CRAM-MD5,
DIGEST-MD5, EXTERNAL, GSSAPI, KERBEROS_V4, NTLM, OTP, PASSDSS-3DES-1,
} else {
return false;
}
}
function chk_login($s) {
if (stripos ($s, "\x50\x6c\x65\x61\x73\x65\x20\x65\x6e\x74\x65\x72\x20\x79\x6f\x75\x72\x20\x75\x73\x65\x72\x20\x6e\x61\x6d\x65\x20\x61\x6e\x64\x20\x70\x61\x73\x73\x77\x6f\x72\x64\x20\x62\x65\x6c\x6f\x77")) {
die("[!] Unable to login: wrong credentials.");
}
if (stripos ($s, "\x59\x6f\x75\x20\x68\x61\x76\x65\x20\x65\x78\x63\x65\x65\x64\x65\x64\x20\x74\x68\x65\x20\x6e\x75\x6d\x62\x65\x72\x20\x6f\x66\x20\x61\x6c\x6c\x6f\x77\x65\x64\x20\x6c\x6f\x67\x69\x6e\x20\x61\x74\x74\x65\x6d\x70\x74\x73\x2e\x20\x20\x50\x6c\x65\x61\x73\x65\x20\x74\x72\x79\x20\x61\x67\x61\x69\x6e\x20\x6c\x61\x74\x65\x72\x2e")) {
die("[!] You have exceeded the number of allowed login attempts.");
2) Stored XSS
An attacker may inject 36 bytes of JavaScript code into log via SSH login
parameter. Login parameter will be written into log as is. BBI or telnet login parameter
does not write into log - only SSH. And when log page will be generated all input
from SSH login parameter will be displayed as is.
Both vulnerabilities give chance to change switch configuration file or attack Administrator's
Hello,
the reported vulnerability allows logins to mail and probably other
services protected by plesk authentication modules on at least the
current Plesk 8.6.0 Unix/Linux and could eg. be used for relaying spam
through gained smtp auth priviledges.
Only systems which allow short mail login names (SHORTNAMES=1) are
affected, which is not the default but is eg. effective after migrating
from Confixx control panel or by administrators manual choice.
Check Point Software Technologies - Vulnerability Discovery Team (VDT)
http://www.checkpoint.com/defense/
Web commands injection through FTP Login in Synology Disk Station
CVE-2010-2453
INTRODUCTION
Synology Inc develops high-performance, reliable, versatile, and environmentally-friendly Network Attached Storage (NAS) products. Synology's goal
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
login 1:4.0.13-7ubuntu3.4
Ubuntu 7.10:
login 1:4.0.18.1-9ubuntu0.2
Ubuntu 8.04 LTS:
- S21Sec Advisory -
##############################################################
Title: Cezanne SW Cross-Site Scripting (login required)
ID: S21SEC-042-en
Severity: Medium
History:
02.Jan.2008 Vulnerability discovered
Authors:
Faille Discovered By TsukasaGenesis && Ajax
Sploit Coded By Ajax Site: http://www.r57shell.in
*/
if($argc<9){
print "---KwsPHP All Version / Remote Code Execution---\n\n";
print "usage: kwsphpsploit.php -url <url> -login <login> -pass <pass> -email <email> -file <file> [-id <id>]\n\n";
print "Url url of KwsPHP script : Ex : www.example.com/kwsphp/\n";
print "Login your account's login ( need to be allow to upload )\n";
print "Pass account's password\n";
print "Email account's email\n";
print "File PHP script upload and execute\n";
which app is currently running in the foreground, and 2) display an
Activity
defined in its own app (ie, not the current foreground app).
These two "features" combine to allow a malicious developer to run a
service that looks for apps it knows how to attack, and display a login
screen to the user when those apps run. For example, when the user opens an
app which requires a login, the malicious service displays a screen that
looks identical to the legitimate login screen. Android gives no indication
that the login screen actually belongs to a different app, and the
Activity-switching animation would be the same whether the real app had
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
PR07-44: XSS on RSA Authentication Agent login page
Vulnerability found: 5th December 2007
Vendor informed: 13th December 2007
Severity: Medium-high
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
PR07-44: XSS on RSA Authentication Agent login page
Vulnerability found: 5th December 2007
Vendor informed: 13th December 2007
Severity: Medium-high
LineWeb it's a web-app to manage Lineage 2 private severs, a very known mmorpg, and allows to do action such as:
Main Features:
- Register
- Login
- Quick Login Function
- Quick statistics function (server status, game server status, online players)
- Statistics (login server status, game server status, players online, total accounts, total characters, total gm characters, total clans)
Administrator Features:
./rsue localhost /fcms/ user password
[*] Connecting...
[+] Connected
[*] Send login...
[+] Login Successful
[+] Uploading...
[+] Shell uploaded
[+] Connection closed
client-side scripts to victim's browser by creating suitable links.
This vulnerability cannot be used for session hijacking, because
CMC-TC PU II requires each valid request to contain current session
ID as URL parameter. Requests without session ID are redirected to
the login page. Therefore only phishing-type attacks or attacks
against user's browser are possible.
Successful exploitation requires that attacker can lure or force
the user to follow the malicious link.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
PR07-44: XSS on RSA Authentication Agent login page
Vulnerability found: 5th December 2007
Vendor informed: 13th December 2007
Severity: Medium-high
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
PR07-44: XSS on RSA Authentication Agent login page
Vulnerability found: 5th December 2007
Vendor informed: 13th December 2007
Severity: Medium-high
Main application: BPET36H
Released: 03-20-08
Rev: 54
Risk: Low - Moderate
High if Web Access is in active use and
access to login page is unrestricted
Vendor Status: Vendor notified, patch available.
References: http://www.louhinetworks.fi/advisory/ibm_090409.txt
Affected devices (from vendor):
IBM BladeCenter E (1881, 7967, 8677)
Sent: Monday, December 13, 2010 2:12 PM
To: Thor (Hammer of God)
Cc: George Carlson; bugtraq@securityfocus.com;
full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] Flaw in Microsoft Domain Account Caching
Allows Local Workstation Admins to Temporarily Escalate Privileges and Login
as Cached Domain Admin Accounts (2010-M$-002)
I hope I'm not just feeding the troll...
A local admin is an admin on one system. The domain admin is an admin on all
####################
- Discussion:
####################
1- [Remote Attacker] can login to hosting controller Panel. He can also change all others' passwords.
2- [User] can copy a file to hosting controller web directory which is executed under administrative privilege, so attacker can execute his commands by administrative privilege. e.g. an attacker can gain remote desktop of server using this bug and uploading an ASP file!
3- [Remote Attacker] can make a new user.
4- [Remote Attacker] can change all user's profiles.
5- [User] can see all the database information by a SQL injection.
6- [User] can change his credit amount or increase his discount.
Timing attack scenario examples :
---------------------------------
If you are already familiar with timing attacks you can skip this chapter.
Let's take a brief example of a timing attack scenario aiming to predict real user logins on a
specific system :
1. A system is running a server application 'login.exe' which takes a username, a password and then
opens a shell or refuses connection if authentication fails.
======
There's a funny bug in novell client, a while ago a stack based overflow was present in the username field.
this as been patched, but i guess not properlly.
You have a username field limited to 255 chars, but when you fill up this field , and press login button
it tells you "not loggued in".
If you click on the "forgot passwd" link, it will popup a little windows with your username supplied printed,
stack based overflow occurs here, Allowing code execution .
-------------
The vulnerability found targets the Outlook Web Access application
for Microsoft Exchange 2003. A valid user can be redirected to a
malicious website when clicking on a specially crafted URL which can
be sent to the user by email. If the user is logged in,
he is redirected instantly - if he is not logged in yet, the login page
will be displayed and he will be redirected after successful login.
This vulnerability can be used to redirect the user to a phishing
website which shows the (faked) login screen and getting the users
logon credentials as soon as he tries to log in on the faked site.
> -------------
> The vulnerability found targets the Outlook Web Access application
> for Microsoft Exchange 2003. A valid user can be redirected to a
> malicious website when clicking on a specially crafted URL which can
> be sent to the user by email. If the user is logged in,
> he is redirected instantly - if he is not logged in yet, the login page
> will be displayed and he will be redirected after successful login.
> This vulnerability can be used to redirect the user to a phishing
> website which shows the (faked) login screen and getting the users
> logon credentials as soon as he tries to log in on the faked site.
>
www.ExploitDevelopment.com 2010-M$-002
--------------------------------------------------------------------------
TITLE:
Flaw in Microsoft Domain Account Caching Allows Local Workstation
Admins to Temporarily Escalate Privileges and Login as Cached Domain
Admin Accounts
SUMMARY AND IMPACT:
All versions of Microsoft Windows operating systems allow real-time
modifications to the Active Directory cached accounts listing stored
>Sent: Monday, December 13, 2010 9:12 AM
>To: Thor (Hammer of God)
>Cc: George Carlson; bugtraq@securityfocus.com; full-
>disclosure@lists.grok.org.uk
>Subject: Re: [Full-disclosure] Flaw in Microsoft Domain Account Caching Allows
>Local Workstation Admins to Temporarily Escalate Privileges and Login as
>Cached Domain Admin Accounts (2010-M$-002)
>
>I hope I'm not just feeding the troll...
No, you are perpetuating inaccurate vulnerability claims.
> Sent: Monday, December 13, 2010 2:12 PM
> To: Thor (Hammer of God)
> Cc: George Carlson; bugtraq@securityfocus.com;
> full-disclosure@lists.grok.org.uk
> Subject: Re: [Full-disclosure] Flaw in Microsoft Domain Account Caching
> Allows Local Workstation Admins to Temporarily Escalate Privileges and Login
> as Cached Domain Admin Accounts (2010-M$-002)
>
> I hope I'm not just feeding the troll...
>
> A local admin is an admin on one system. The domain admin is an admin on all
By observing the system’s response to repeated authentication attempts, an attacker can brute force valid user credentials even though the account lock-out mechanism is enabled. The attacker could use the compromised credentials once the account is unlocked by an administrator.
Details
Upon a false login attempt, the message “Your User ID and/or Password are invalid” is returned to the user. When the correct password is entered, and the account has been locked, the message “Your account has been disabled” is returned. Therefore an attacker can conduct a brute force attack even after the account has been locked.
Once the account is unlocked, PeopleTools does not enforce password changing. Therefore the compromised set of credentials can be used to break into the unlocked account.
Exploit
More Details
============
The IceWarp WebMail Server implements a "Forgot Password" function on
the login page. Users who have forgotten their login password can
provide their email address to the mail server. It will then check if
the email address exists in the system and send the associated user's
password to it.
The HTTP POST request sent when clicking on the "Forgot Password" page's
of authentication, querying/modifying/adding/deleting data from the
backend database and the remote execution of programs.
NO authentication is required to exploit this vulnerability.
XSS on login page:
DPSnet Case Progress is vulnerable to a vanilla XSS within the
"password" parameter processed by the login server-side script. The
victim user does NOT need to be authenticated for this vulnerability to
be exploitable.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
The Gentoo MLDonkey ebuild adds a user to the system with a valid login
shell and no password.
Background
==========
Next Page>>
|
