[FD] Ashley Madison Hacked

--This message has been forwarded to you safely using www.spamex.com --Your real email address has not been disclosed to the sender Ashley Madison, the world's #1 affair/cheating online dating site, has been hacked. http://imgur.com/8gQs8KV https://bitbucket.org/TheImpactTeam/ashley https://bitbu

Re: [FD] OpenSSH keyboard-interactive authentication brute force vulnerability (MaxAuthTries bypass)

> On 18 Jul 2015, at 23:23, Reed Loden wrote: > > On Friday, July 17, 2015, wrote: > >> Do you know if this is still affected if you have fail2ban in place. >> Fail2ban uses the auth logs to monitor failed password attempts. I >> assume that the auth log is still updated even if x number of at

[FD] Joomla! plugin Helpdesk Pro < 1.4.0

Document Title == Joomla! plugin Helpdesk Pro < 1.4.0 Reported By === Simon Rawet from Outpost24 Kristian Varnai from Outpost24 Gregor Mynarsky from Outpost24 https://www.outpost24.com/ For full details, see; https://www.outpost24.com/outpost24-has-found-critical-vulnerabiliti

[FD] CVE Request -Post Authentication SQLi Vulnerability fixed in Cacti

Hi: Relevant url, http://bugs.cacti.net/view.php?id=2582 Will a CVE number be assigned for it? ___ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/

[FD] Cross-Site Request Forgery Vulnerability in Portfolio Plugin Wordpress Plugin v1.0

# Title: Cross-Site Request Forgery Vulnerability in Portfolio Plugin Wordpress Plugin v1.0 # Submitter: Nitin Venkatesh # Product: Portfolio Plugin Wordpress Plugin # Product URL: https://wordpress.org/plugins/portfolio-by-lisa-westlund/ # Vulnerability Type: Cross-site Request Forgery [CWE-352] #

[FD] RainbowCrack Plugin for Oracle hashes (<=10g)

Hello everyone, RainbowCrack (http://project-rainbowcrack.com/) doesn't implement Oracle hashes <=10g (7-10g R2) in last versions. There is a plugin for RainbowCrack that implements this algorithm: https://github.com/quentinhardy/RainbowCrackPlugin This plugin can be used to: - generate Oracle ra

[FD] Why Full Disclosure is the solution ? An example with RIPE

Note: this email has been sent to Full-Disclosure and has been blogposted to: https://pierrekim.github.io/blog/2015-07-22-why-full-disclosure-is-the-solution-an-examble-with-ripe.html TL;DR: hashes list from the RIPE database has been posted to MEGA, containing usable hashes from 2011 to July 201

Re: [FD] CVE Request -Post Authentication SQLi Vulnerability fixed in Cacti

On Mon, Jul 20, 2015 at 05:16:00AM +, Shi,Tong wrote: > http://bugs.cacti.net/view.php?id=2582 > Will a CVE number be assigned for it? CVE requested already in: http://www.openwall.com/lists/oss-security/2015/07/18/4 -- Henri Salo ___ Sent thr

Re: [FD] Ashley Madison Hacked

On Sun, 19 Jul 2015, Brian Offenheim wrote: > Ashley Madison, the world's #1 affair/cheating online dating site, has > been hacked. Brian Krebs already reported this: http://krebsonsecurity.com/2015/07/online-cheating-site-ashleymadison-hacked/ Hilarious... -- Dave Horsfall DTM (VK2KFU) "Th