Next Page >>
timestamp
1. Locate the files "webengine.exe" and "freeaccess.spl". The files
are located in the "$NX_ROOT\bin" and "$NX_ROOT\bopcfg\www" directory
respectively.
2. Right click on each of the files and select Properties.
3. Select the General tab.
4. If either file timestamp is earlier than indicated in the below
table, the installation is vulnerable.
File Name
Timestamp
Size
#else
#define GENERATE_SEED() ((long) (time(0) * getpid() * 1000000 \
* php_combined_lcg(TSRMLS_C)))
#endif
This produces a seed that depends on the unix timestamp, the process
identifier the factor 1000000 and a value between 0 and 1 that itself
depends on the current microsecond and the process identifier.
It should be obvious that this not cryptographically strong because
the current unix timestamp is known to the attacker and only a part
----
permalink.php, line 212:
$getpost = @mysql_query("SELECT Title, Timestamp, Body, PostCat1, PostCat2, PostCat3, PostCat4, Author FROM ".POSTS_TBL." WHERE
PostID='".$_GET['PostID']."' AND Draft=0");
----
permalink.php, line 298:
A secure cookie in Tornado is stored in three parts, separated by a pipe sign (``|``)
::
<value>|<timestamp>|<hmac>
where:
<value>
is the cookie's value encoded in Base64, which does use the digits 0 to 9.
1. Using Windows Explorer, locate the file "asdbapi.dll". By
default, the file is located in the
"C:\Program Files\CA\BrightStor ARCserve Backup" directory.
2. Right click on the file and select Properties.
3. Select the General tab.
4. If the file timestamp is earlier than indicated in the table
below, the installation is vulnerable.
Product version: CA ARCserve Backup r11.1 Windows
File Name: asdbapi.dll
File Size: 856064 bytes
2. Right click on the file and select Properties.
3. Select the General tab.
4. If the file timestamp is earlier than indicated in the below
table, the installation is vulnerable.
Product Version File Name Timestamp File Size
11.5 caloggerd.exe 05/18/2007 10:55:48 299008 bytes
11.1 caloggerd.exe 05/18/2007 11:30:52 286720 bytes
“C:\Program Files\CA\SharedComponents\ARCserve Backup\CADS”
directory on 32 bit systems and “C:\Program Files (x86)\CA\
SharedComponents\ARCserve Backup\CADS” on 64 bit systems.
2. Right click on the file and select Properties.
3. Select the General tab.
4. If the file timestamp is earlier than indicated in the below
table, the installation is vulnerable.
* For Protection Suites r2, use the file timestamp for CA ARCserve
Backup r11.5 English
1. Using Windows Explorer, locate the file “asdbapi.dll”. By
default, the file is located in the
“C:\Program Files\CA\BrightStor ARCserve Backup” directory.
2. Right click on the file and select Properties.
3. Select the General tab.
4. If the file timestamp is earlier than indicated in the table
below, the installation is vulnerable.
Version File Name Timestamp File Size
11.5 asdbapi.dll 10/24/2007 08:43:08 1249354 bytes
11.1 asdbapi.dll 10/19/2007 17:56:00 856064 bytes
$ LD_AUDIT="libpcprofile.so" PCPROFILE_OUTPUT="/etc/cron.d/exploit" ping
ERROR: ld.so: object 'libpcprofile.so' cannot be loaded as audit interface: undefined symbol: la_version; ignored.
Usage: ping [-LRUbdfnqrvVaA] [-c count] [-i interval] [-w deadline]
[-p pattern] [-s packetsize] [-t ttl] [-I interface or address]
[-M mtu discovery hint] [-S sndbuf]
[ -T timestamp option ] [ -Q tos ] [hop1 ...] destination
# This results in creating a world writable file in the crontab directory.
$ ls -l /etc/cron.d/exploit
-rw-rw-rw- 1 root taviso 65 2010-10-21 14:22 /etc/cron.d/exploit
=== Statistics ===
* Time taken: 31.240000 s
* Average speed: 308986.363636 w/s
The arguments of the wp_salt cracker are:
./wpsalt username timestamp hash [charset]
The average speed of my program is 360000 words per second.
There are 62 characters that can be used to generate a 7 character long
wp_password(). If we perform a linear attack, we would have to wait (in
the worst case), 62^7/360000/3600/24 = ~113 days. However, if we are
1. Using Windows Explorer, locate the file “mediasvr.exe”. By
default, the file is located in the
“C:\Program Files\CA\BrightStor ARCserve Backup” directory.
2. Right click on the file and select Properties.
3. Select the General tab.
4. If the file timestamp is earlier than indicated in the table
below, the installation is vulnerable.
Version File Name Timestamp File Size
11.5 mediasvr.exe 06/28/2007 15:16:20 110592 bytes
11.1 mediasvr.exe 07/02/2007 10:39:50 106496 bytes
2. Right click on the file and select Properties.
3. Select the General tab.
4. If the file timestamp is earlier than indicated in the table
below, the installation is vulnerable.
Product version: CA ARCserve Backup r11.1 Windows
File Name: DBserver.dll
File Size: 675840 bytes
to launch XSS attacks.
Because the HTML code is also recognized by the web server as a
HFS HTML template, it is also possible to inject symbols to
force HFS to reveal details about the server (eg, current HFS
server version, build, connections, timestamp, uptime, current
outbound and inbound speed, and more). Technical details are
included below.
----------------------------------------------------------------
<http://www.nuance.de/kostenlose-ocr-software-test/download.asp>
a trial version of OmniPage 16 Professional for download.
The installer OPPro16_TD.exe (a self-extracting RAR archive) was
published "Tue, 30 Jun 2009 14:38:28 GMT" (according to its HTTP
time stamp), unpacking reveals a BUILD.ID "OP-0861-035-7563.1134"
with time stamp "Tue, 17 Jun 2008 09:51:32".
After installation on a fully patched Windows XP with Service Pack 3
the following vulnerable Microsoft runtime libraries are found:
SearchIndexer.exe will crash many times
- ---
Faulting application SearchIndexer.exe, version 7.0.6001.16503, time
stamp 0x483b99af, faulting module msvcrt.dll, version 7.0.6001.18000,
time stamp 0x4791a727, exception code 0x40000015, fault offset
0x00053adb, process id 0x364, application start time 0x01c99276bd383759.
- ---
In some cases, is possible to permanently lock the service.
http://192.168.xxx.xxx/efront/www/forum/new_message.php
- -----/
The attached document gets saved in directory:
/-----
/wwwroot/www/efront/upload/[username]/message_attachments/Sent/[timestamp]/
- -----/
The value of the directory name '[timestamp]' can be calculated by
passing the date/time of the message sent (can be found in
'Tools->Messages->Sent functionality') as the input parameters to the
PHP function 'mktime()'. For example, 'echo mktime(18, 15, 29, 2, 22,
u=u<<8;
u+=c;
}
printf("0x%x\n",u);
//get the module timestamp
v=x+8;
u=0;
y=1;
for (w=v+3; w>=v; w--)
{
The vendor fixed the issue remarkable quickly, but
Additionally, the Last modified field in directory listings disclosed the timestamp of location information too.
Addresses like firstname.surname@domain.com disclosed confidential information about the people working in specific organizations too.
Juha-Matti
artful38@yahoo.com wrote:
> Looks like they closed the hole. Even using the hard-coded password, you can no longer get directory listings of email addresses (nor can you do so without credentials)
>
If the report is right and logs recoriding you connecting and obtaining an IP
address are a concern then you should be terrified already. I suspect that I
could reconstruct much of what you did online given access to all the
asssociated logs. Getting an IP address from a DHCP server and using almost
any other service whatsoever usually generates at least an IP address and
timestamp. Bind 9 has logs, and they are on by default, so big brother might
be able to deduce a lot just using your ISP's DNS logs.
When I say that I got this spam from IP address X at time Y, and give full
headers to back this up, most ISPs work out who was responsible and nuke their
account. I do not think the "a virus sent that spam not me" or "nobody told me
telephone and SMS/MMS connections the following is logged:
- for internet connections (i. e. dial-in or equivalent):
- IP number
- connecting user (i. e. the calling phone number,
ppp userid or equivalent)
- Timestamp
- for email
- sender and recipient address of every email (logged on
sending as well as receiving servers)
- IP address(es) accessing a mailbox
5. Gaining ops on channels that get empty on one side of a netsplit
6. Making clients think someone is on a (+D) channel, who isn't
Affecting 2.10.12.03 and 2.10.12.04:
7. Netriding with ops, using zannels
Affecting very old up to and including 2.10.12.05:
8. Timestamps in bounces ignored
Affecting 2.10.12.01 up to and including 2.10.12.05:
9. Any op setting or changing Apass when server restarts
Affecting very old up to and including 2.10.12.05:
10. Desync: unkick/deopable ops
Affecting very old up to and including 2.10.12.05:
These issues are caused by input validation errors in various scripts when
processing the "user_name", "title", "called", "email", "dob",
"middle_name",
"last_name", "first_name", "subject", "message", "photographer_id",
"person_id", "_random", "_rating-op", "rating", "timestamp" and
"_timestamp-op" parameters, which could be exploited to cause arbitrary
scripting code to be executed by the user's browser in the security
context of an affected Web site.
A SQL injection vulnerability was found in the reward_points.post.php
script, more specifically in
the $sort_order variable. The vulnerability can be triggered by
logging into CS-Cart and browsing to:
/index.php?dispatch=reward_points.userlog&result_ids=pagination_contents&sort_by=timestamp&sort_order='
Which will generate a syntax error in the database. The following is
the corresponding piece of code:
reward_points.post.php:69
COOKIE = USERNAME + ACCESS_RIGHTS + CLIENT_ADDRESS + CURRENT_TIME + HASH
In the above pseudocode, the SERVER_ADDRESS represents the VCS system's IP
address, STATIC_VALUE represents a fixed string which is hard-coded into the
application source, USERNAME is the authenticated user name, CLIENT_ADDRESS is
the IP address of the user's system, CURRENT_TIME is a simple UNIX time stamp,
and ACCESS_RIGHTS is an integer denoting the level of access assigned to the
user.
Note, that none of the information above is difficult to guess. Any owner of a
TANDBERG VCS would have access to the STATIC_VALUE (and in fact, this value is
The vulnerability exists when an attacker is able to intercept the
initialization request and response bodies sent to and from the mobile
device to the server.
An attacker that is capable of intercepting the encrypted request/response
pair will also be able to derive time stamp information.
Since the key generation algorithm seeds a pseudo random number generator
via "Time since the Unix Epoch", the search space for valid one time pad
keys that correspond to the encrypted cypher text is fairly small.
(This is dependent on how much clock skew exists between the attacker's
To understand how this is possible it is necessary to know that
during the installation PunBB creates a "random" cookie seed that
is used to store login data in the cookie during a visit. This
cookie seed generation is not really random, because it is more
or less the MD5 hash of the current timestamp. This means it is
easily bruteforceable when the attacker has his own user account
at the forum. He just needs to use his own login cookie and then
check all seconds backwards from the date the admin account was
created (see in memberlist).
} STRING;
typedef STRING *PSTRING;
typedef struct _RTL_DRIVE_LETTER_CURDIR {
USHORT Flags;
USHORT Length;
ULONG TimeStamp;
STRING DosPath;
} RTL_DRIVE_LETTER_CURDIR, *PRTL_DRIVE_LETTER_CURDIR;
typedef struct _UNICODE_STRING {
USHORT Length;
USHORT MaximumLength;
right. An informational pop up window will be displayed. ANM Version 2.0
Update A is indicated in the example output below.
Version: 2.0(0), Update: A
Build Number: 709
Build Timestamp: 20081031:1226
Products Confirmed Not Vulnerable
- ---------------------------------
The Cisco ACE XML Gateway, Cisco ACE GSS (Global Site Selector) 4400
BACKGROUND:
Earlier versions of syslog-ng Open Source Edition and syslog-ng Premium
Edition were vulnerable to a possible Denial of Service. The latest
release (2.0.6 for syslog-ng, 2.1.8 for syslog-ng Premium Edition) fixes a
segmentation fault which occurred when the timestamp of the incoming
messages did not end with a space character (NULL pointer dereference).
This is an easy Denial of Service possibility.
Apart from the Denial of Service, no further exploits are known to be
possible.
} STRING;
typedef STRING *PSTRING;
typedef struct _RTL_DRIVE_LETTER_CURDIR {
USHORT Flags;
USHORT Length;
ULONG TimeStamp;
STRING DosPath;
} RTL_DRIVE_LETTER_CURDIR, *PRTL_DRIVE_LETTER_CURDIR;
typedef struct _UNICODE_STRING {
USHORT Length;
USHORT MaximumLength;
Next Page>>
|
