Full Disclosure
Posted by bob secse on Jul 22
Hello everyone,
RainbowCrack (http://project-rainbowcrack.com/) doesn’t implement Oracle
hashes <=10g (7-10g R2) in last versions.
There is a plugin for RainbowCrack that implements this algorithm:
https://github.com/quentinhardy/RainbowCrackPlugin
This plugin can be used to:
– generate Oracle rainbow tables with a fixed username (ex: SYS).
– crack Oracle hashes.
I have tested this plugin with the latest version of RainbowCrack (1.6.1)…
Posted by Nitin Venkatesh on Jul 21
# Title: Cross-Site Request Forgery Vulnerability in Portfolio Plugin
Wordpress Plugin v1.0
# Submitter: Nitin Venkatesh
# Product: Portfolio Plugin WordPress Plugin
# Product URL: https://wordpress.org/plugins/portfolio-by-lisa-westlund/
# Vulnerability Type: Cross-site Request Forgery [CWE-352]
# Affected Versions: v1.0
# Tested versions: v1.0
# Fixed Version: v1.05
# Link to code diff:…
Posted by Shi,Tong on Jul 21
Hi:
Relevant url,
http://bugs.cacti.net/view.php?id=2582
Will a CVE number be assigned for it?
Posted by Simon Rawet on Jul 21
Document Title
==============
Joomla! plugin Helpdesk Pro < 1.4.0
Reported By
===========
Simon Rawet from Outpost24
Kristian Varnai from Outpost24
Gregor Mynarsky from Outpost24
https://www.outpost24.com/
For full details, see;
https://www.outpost24.com/outpost24-has-found-critical-vulnerabilities-in-joomla-helpdesk-pro/
Tested on
=========
All exploits were tested and verified by Outpost24 for HelpDesk Pro
version 1.3.0. While no official…
Posted by Dirk-Willem van Gulik on Jul 21
Arguably the question then should be to have a MaxChallengeTries as an analog of MaxAuthTries – and perhaps by default
set MaxChallengeTries to the same (sane) value of MaxAuthTries.
Dw.
Posted by Brian Offenheim on Jul 21
–This message has been forwarded to you safely using www.spamex.com
–Your real email address has not been disclosed to the sender
Ashley Madison, the world’s #1 affair/cheating online dating site, has been hacked.
http://imgur.com/8gQs8KV
https://bitbucket.org/TheImpactTeam/ashley
https://bitbucket.org/TheImpactTeam/ashleymadisondump
https://gitlab.com/ImpactTeam/ashley
https://gitlab.com/ImpactTeam/ashleymadisondump…
Posted by Vulnerability Lab on Jul 20
Document Title:
===============
Airdroid iOS, Android & Win 3.1.3 – Persistent Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1543
Release Date:
=============
2015-07-20
Vulnerability Laboratory ID (VL-ID):
====================================
1543
Common Vulnerability Scoring System:
====================================
3.9
Product & Service Introduction:…
Posted by Reed Loden on Jul 19
http://www.reddit.com/r/netsec/comments/3dnzcq/openssh_keyboardinteractive_authentication_brute/ct726ni
goes over this question pretty well, so as not to rehash everything.
~reed
Posted by Nitin Venkatesh on Jul 18
# Title: Information Exposure Vulnerability in WordPress Mobile Pack
Wordpress Plugin v2.1.2 and below
# Submitter: Nitin Venkatesh
# Product: WordPress Mobile Pack WordPress Plugin
# Product URL: https://wordpress.org/plugins/wordpress-mobile-pack/
# Vulnerability Type: Information Exposure[CWE-200]
# Affected Versions: v2.1.2 and below. Installed v2.1.3 before June 3, 2015
also affected.
# Tested versions: v2.1.2, v2.1.3 (prior to June 3, 2015)…
Posted by jericho on Jul 18
: Dork: intitle:weblogin intext:”This page will redirect you to:”
A single site runs this ‘WebLogin’.
: Product:WebLogin
What is the vendor URL? Or there is none, because this is a site-specific
issue for lanl.gov. Worse, it has pretty aggressive filtering and will not
render script tags, HTML tags, and requires the http:// element it seems.
So this is a site specific issue, with no real value or merit, and doesn’t…