«
Expand/Collapse
76 items tagged "account"
Related tags:
cisco security advisory [+],
cisco security [+],
Skype [+],
service application [+],
service [+],
ldap [+],
twitter [+],
bugzilla [+],
root [+],
code execution [+],
win [+],
video units [+],
txt [+],
token [+],
reset password [+],
proof of concept [+],
performance servers [+],
performance [+],
password [+],
openview [+],
opendocman [+],
nec [+],
mxe [+],
manager version [+],
manager pro [+],
manager [+],
liferay [+],
java class [+],
ip blocks [+],
insertion [+],
impersonation [+],
front [+],
forgery [+],
facebook [+],
experience engine [+],
dom [+],
cross site scripting [+],
cross [+],
creation vulnerability [+],
cisco secure access control [+],
cisco secure [+],
c series [+],
bank [+],
backdoor [+],
attacker [+],
arbitrary html [+],
arbitrary files [+],
application configuration [+],
advisory [+],
administrative account [+],
acs database [+],
account manager [+],
account creation [+],
access [+],
Software [+],
xss [+],
xp sp3 [+],
victim [+],
share [+],
samba [+],
root service [+],
root account [+],
provider account [+],
preauth [+],
lwsa [+],
lsass [+],
hackers [+],
hacker [+],
hack [+],
guest account [+],
guest [+],
gmail [+],
directory traversal vulnerability [+],
bank account [+],
administrator account [+],
admin [+],
yahoo [+],
win32 [+],
vista [+],
ukranian [+],
town [+],
sued [+],
sql [+],
spoof [+],
sp2 [+],
smtp account [+],
smtp [+],
shellcode [+],
server [+],
senator [+],
script kiddies [+],
sale [+],
read [+],
rapidshare [+],
purges [+],
pureedit [+],
protect [+],
phishing scams [+],
peril [+],
owncloud [+],
overtake [+],
news [+],
nbc news [+],
nbc [+],
multi [+],
metasploit [+],
manager v1 [+],
lumpsum [+],
locked [+],
lightneasy [+],
internal networks [+],
incident analysis [+],
incident [+],
hijacking [+],
hijacked [+],
hacked [+],
fedex [+],
factor authentication [+],
exploits [+],
everything [+],
dmxready [+],
day [+],
creator [+],
creation [+],
cracked [+],
checker [+],
bug [+],
box [+],
blizzard [+],
bank account details [+],
auto [+],
ashton kutcher [+],
amazon [+],
aids [+],
administrator [+],
activity [+],
account security [+],
account hack [+],
Pentesting [+],
Newbie [+],
Fixes [+],
ExploitsVulnerabilities [+],
Area [+],
vulnerability [+]
-
-
8:44
»
Packet Storm Security Advisories
Front Account version 2.3.13 and OpenDocMan version 1.2.6.2 render uploaded HTML in the DOM allowing for malicious javascript insertion that can enable cross site scripting attacks.
-
8:44
»
Packet Storm Security Recent Files
Front Account version 2.3.13 and OpenDocMan version 1.2.6.2 render uploaded HTML in the DOM allowing for malicious javascript insertion that can enable cross site scripting attacks.
-
8:44
»
Packet Storm Security Misc. Files
Front Account version 2.3.13 and OpenDocMan version 1.2.6.2 render uploaded HTML in the DOM allowing for malicious javascript insertion that can enable cross site scripting attacks.
-
-
17:34
»
Packet Storm Security Advisories
Bugzilla versions 2.0 to 3.4.13, 3.5.1 to 3.6.7, 3.7.1 to 4.0.3, and 4.1.1 to 4.2rc1 suffer from account impersonation and cross site request forgery vulnerabilities.
-
17:34
»
Packet Storm Security Recent Files
Bugzilla versions 2.0 to 3.4.13, 3.5.1 to 3.6.7, 3.7.1 to 4.0.3, and 4.1.1 to 4.2rc1 suffer from account impersonation and cross site request forgery vulnerabilities.
-
17:34
»
Packet Storm Security Misc. Files
Bugzilla versions 2.0 to 3.4.13, 3.5.1 to 3.6.7, 3.7.1 to 4.0.3, and 4.1.1 to 4.2rc1 suffer from account impersonation and cross site request forgery vulnerabilities.
-
-
15:23
»
Packet Storm Security Advisories
Bugzilla versions 2.17.1 to 3.4.12, 3.5.1 to 3.6.6, 3.7.1 to 4.0.2 and 4.1.1 to 4.1.3 suffer from a cross site scripting vulnerability. Versions 2.23.3 to 3.4.12, 3.5.1 to 3.6.6, 3.7.1 to 4.0.2 and 4.1.1 to 4.1.3 suffer from an unauthorized account creation vulnerability. Versions 2.0 to 3.4.12, 3.5.1 to 3.6.6, 3.7.1 to 4.0.2 and 4.1.1 to 4.1.3 suffer from a cross site request forgery vulnerability.
-
15:23
»
Packet Storm Security Recent Files
Bugzilla versions 2.17.1 to 3.4.12, 3.5.1 to 3.6.6, 3.7.1 to 4.0.2 and 4.1.1 to 4.1.3 suffer from a cross site scripting vulnerability. Versions 2.23.3 to 3.4.12, 3.5.1 to 3.6.6, 3.7.1 to 4.0.2 and 4.1.1 to 4.1.3 suffer from an unauthorized account creation vulnerability. Versions 2.0 to 3.4.12, 3.5.1 to 3.6.6, 3.7.1 to 4.0.2 and 4.1.1 to 4.1.3 suffer from a cross site request forgery vulnerability.
-
-
20:36
»
Carnal0wnage
Dudes, I and two other fellows have dealt with an incident about a victim whose online banking account has been compromised and a huge lumpsum of money is transferred out to eastern europe. In fact, the victim is still using the old two-factor authentication token, it means we cannot identify the generated passcode is for authentication, money transfer to a specific account , bill payment, etc, attacker manipulates it indeed. Please download it from here.
goo.gl/FVFBOEnjoy it, mate ;-)
-
-
12:20
»
Packet Storm Security Advisories
Cisco Security Advisory - Cisco Media Experience Engine (MXE) 5600 devices that are running Cisco Media Processing Software releases prior to 1.2 ship with a root administrator account that is enabled by default with a default password. An unauthorized user could use this account to modify the software configuration and operating system settings or gain complete administrative control of the device. A software upgrade is not required to resolve this vulnerability. Customers can change the root account password by issuing a configuration command on affected engines. The workarounds detailed in this document provide instructions for changing the root account password.
-
12:20
»
Packet Storm Security Recent Files
Cisco Security Advisory - Cisco Media Experience Engine (MXE) 5600 devices that are running Cisco Media Processing Software releases prior to 1.2 ship with a root administrator account that is enabled by default with a default password. An unauthorized user could use this account to modify the software configuration and operating system settings or gain complete administrative control of the device. A software upgrade is not required to resolve this vulnerability. Customers can change the root account password by issuing a configuration command on affected engines. The workarounds detailed in this document provide instructions for changing the root account password.
-
12:20
»
Packet Storm Security Misc. Files
Cisco Security Advisory - Cisco Media Experience Engine (MXE) 5600 devices that are running Cisco Media Processing Software releases prior to 1.2 ship with a root administrator account that is enabled by default with a default password. An unauthorized user could use this account to modify the software configuration and operating system settings or gain complete administrative control of the device. A software upgrade is not required to resolve this vulnerability. Customers can change the root account password by issuing a configuration command on affected engines. The workarounds detailed in this document provide instructions for changing the root account password.
-
-
17:25
»
Packet Storm Security Exploits
A reflected cross site scripting vulnerability in LDAP Account Manager version 3.4.0 can be exploited to execute arbitrary JavaScript.
-
-
15:58
»
Packet Storm Security Advisories
Cisco Security Advisory - A vulnerability exists in some Cisco Secure Access Control System (ACS) versions that could allow a remote, unauthenticated attacker to change the password of any user account to any value without providing the account's previous password. Successful exploitation requires the user account to be defined on the internal identity store. This vulnerability does not allow an attacker to perform any other changes to the ACS database. That is, an attacker cannot change access policies, device properties, or any account attributes except the user password. Cisco has released free software updates that address this vulnerability. There is no workaround for this vulnerability.
-
15:58
»
Packet Storm Security Recent Files
Cisco Security Advisory - A vulnerability exists in some Cisco Secure Access Control System (ACS) versions that could allow a remote, unauthenticated attacker to change the password of any user account to any value without providing the account's previous password. Successful exploitation requires the user account to be defined on the internal identity store. This vulnerability does not allow an attacker to perform any other changes to the ACS database. That is, an attacker cannot change access policies, device properties, or any account attributes except the user password. Cisco has released free software updates that address this vulnerability. There is no workaround for this vulnerability.
-
15:58
»
Packet Storm Security Misc. Files
Cisco Security Advisory - A vulnerability exists in some Cisco Secure Access Control System (ACS) versions that could allow a remote, unauthenticated attacker to change the password of any user account to any value without providing the account's previous password. Successful exploitation requires the user account to be defined on the internal identity store. This vulnerability does not allow an attacker to perform any other changes to the ACS database. That is, an attacker cannot change access policies, device properties, or any account attributes except the user password. Cisco has released free software updates that address this vulnerability. There is no workaround for this vulnerability.
-
-
14:11
»
Packet Storm Security Exploits
This Metasploit module exploits a hidden account in the com.trinagy.security.XMLUserManager Java class. When using this account, an attacker can abuse the com.trinagy.servlet.HelpManagerServlet class and write arbitrary files to the system allowing the execution of arbitrary code. NOTE: This Metasploit module has only been tested against HP OpenView Performance Insight Server 5.41.0.
-
14:11
»
Packet Storm Security Recent Files
This Metasploit module exploits a hidden account in the com.trinagy.security.XMLUserManager Java class. When using this account, an attacker can abuse the com.trinagy.servlet.HelpManagerServlet class and write arbitrary files to the system allowing the execution of arbitrary code. NOTE: This Metasploit module has only been tested against HP OpenView Performance Insight Server 5.41.0.
-
14:11
»
Packet Storm Security Misc. Files
This Metasploit module exploits a hidden account in the com.trinagy.security.XMLUserManager Java class. When using this account, an attacker can abuse the com.trinagy.servlet.HelpManagerServlet class and write arbitrary files to the system allowing the execution of arbitrary code. NOTE: This Metasploit module has only been tested against HP OpenView Performance Insight Server 5.41.0.
-
-
23:24
»
Packet Storm Security Advisories
Cisco Security Advisory - Tandberg C Series Endpoints and E/EX Personal Video units that are running software versions prior to TC4.0.0 ship with a root administrator account that is enabled by default with no password. An attacker could use this account in order to modify the application configuration or operating system settings. Resolving this default password issue does not require a software upgrade and can be changed or disabled by a configuration command for all affected customers. The workaround detailed in this document demonstrates how to disable the root account or change the password.
-
23:24
»
Packet Storm Security Recent Files
Cisco Security Advisory - Tandberg C Series Endpoints and E/EX Personal Video units that are running software versions prior to TC4.0.0 ship with a root administrator account that is enabled by default with no password. An attacker could use this account in order to modify the application configuration or operating system settings. Resolving this default password issue does not require a software upgrade and can be changed or disabled by a configuration command for all affected customers. The workaround detailed in this document demonstrates how to disable the root account or change the password.
-
23:24
»
Packet Storm Security Misc. Files
Cisco Security Advisory - Tandberg C Series Endpoints and E/EX Personal Video units that are running software versions prior to TC4.0.0 ship with a root administrator account that is enabled by default with no password. An attacker could use this account in order to modify the application configuration or operating system settings. Resolving this default password issue does not require a software upgrade and can be changed or disabled by a configuration command for all affected customers. The workaround detailed in this document demonstrates how to disable the root account or change the password.
-
-
19:01
»
Packet Storm Security Misc. Files
127 bytes small add administrator account shellcode for Win32/XP SP3.
-
-
20:34
»
Packet Storm Security Recent Files
Likewise Security Advisory - A logic flaw has been found in the pam_lsass library from Likewise Open that, when run under the context of a root service (e.g. sshd, gdm, etc.), will allow any user to logon as a lsassd local-provider account (e.g. MACHINE\\Administrator) if the account's password is marked as expired.
-
20:33
»
Packet Storm Security Advisories
Likewise Security Advisory - A logic flaw has been found in the pam_lsass library from Likewise Open that, when run under the context of a root service (e.g. sshd, gdm, etc.), will allow any user to logon as a lsassd local-provider account (e.g. MACHINE\\Administrator) if the account's password is marked as expired.
-
-
11:17
»
remote-exploit & backtrack
hey guys,
so ive been working with metasploit on normal internal networks at home. Everything works great there. Now ive wanted to go to the next level and see how everything works on a domain. So ive set up a small server at home and a domain to log into. I have a client log onto the server. I connect to this client using meterpreter. etc etc. So till now everything was jolly. Now when i try to take over the root account or system of the computer that ive exploited i cant migrate to the system. I think it has something to do with the fact the im logged onto the server and not the local account. Any idea on how to compromise the local account? Or even better the server that the computer is logged into?
I kno its a lot to read through, but i appreciate the help..
squib
-
-
19:00
»
darkc0de
How To Get Root Account! How to root a box!!
-
-
9:00
»
Packet Storm Security Recent Files
Samba suffers from a remote directory traversal vulnerability. A remote attacker can read, list and retrieve nearly all files on the system remotely. Required is a valid samba account for a share which is writable OR a writable share which is configured to be a guest account share, in this case this is a preauth exploit.Included is a smbclient patch that exploits this vulnerability.
-
9:00
»
Packet Storm Security Exploits
Samba suffers from a remote directory traversal vulnerability. A remote attacker can read, list and retrieve nearly all files on the system remotely. Required is a valid samba account for a share which is writable OR a writable share which is configured to be a guest account share, in this case this is a preauth exploit.Included is a smbclient patch that exploits this vulnerability.
-
-
18:07
»
remote-exploit & backtrack
Locked out of vista (SP2) administrator account, can log on to box via standard user account.
Locked out, truecrypt full OS encryption
Any help on moving forward with this?
0day.today (was: 1337day, Inj3ct0r, 1337db)
OSVDB Vulnerabilities
Exploit-DB
SecurityFocus Vulnerabilities
Bugtraq
XSSed
Sophos security news
Penetration Testing
SecuriTeam
BackTrack Linux Forums
Threatpost
SecDocs
carnal0wnage.attackresearch.com
Darknet
The Exploitant
Hack a Day
Wirevolution