Re: [Full-disclosure] Flaw in Microsoft Domain Account CachingAllows Local Workstation Admins to Temporarily EscalatePrivileges and Login as Cached Domain Admin Accounts (2010-M$-002)

Stefan, For you information: Cached domain accounts on a local system are not stored in the SAM. They are stored in the SECURITY registry hive. When a cached domain user logs in to the system, they do not authenticate against the SAM (As you can see in my article, I am not editing the SAM).

Re: [Full-disclosure] Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002)

T, My article describes how to use the SECURITY registry hive to trick the Microsoft operating system in to performing an action that has a result that is not intended by the software developer. This action is performed on the Active Directory logon account cache that regular local

[Full-disclosure] Security Contact at ESRI GIS?

Full Disclosure Members, Does anyone have a valid contact email address for reporting application vulnerabilities to ESRI GIS (www.esri.com)? Thank you, - StenoPlasma at ExploitDevelopment.com www.ExploitDevelopment.com

Re: [Full-disclosure] Security Contact at ESRI GIS?

All, Thanks for the input. I went to this list for help because ESRI support has been non-responsive to outsiders. Thanks! - StenoPlasma at ExploitDevelopment.com www.ExploitDevelopment.com

[Full-disclosure] AWStats 6.95 and Older Remote Command Execution When Installed on Windows Apache Tomcat (2010-WEB-001) (CERT VU#870532)

- www.ExploitDevelopment.com 2010-WEB-001 (CERT VU#870532) - TITLE: AWStats 6.95 and Older Remote Command Execution When