CVE-2019-15846: the exim remote access to root privileges vulnerability alerts-a vulnerability alert-the black bar safety net

GMT 2019 9 November 6 December 18: 00 PM, the exim release exim-4.92.2 version fixes CVE-2019-15846, an attacker can use this vulnerability to remotely obtain root privileges. Vulnerabilities from qualys to find and report. 360CERT determine the vulnerability to hazards and the impact is large...

FastJson denial of service attack warning-vulnerability warning-the black bar safety net

0x00 vulnerability background 2019 9 November 5, 360CERT monitoring to 2019 9 November 3 fastjson in the commit 995845170527221ca0293cf290e33a7d6cb52bf7 presented is designed to repair when the string contains\x escape characters may lead to OOM issues of repair. 360CERT determine the vulnerabili...

Microsoft CTF Protocol vulnerability alerts-a vulnerability alert-the black bar safety net

2019 Year 8 on 13 May, google security researcher Tavis Ormandy published a blog disclosing the windows operating system in the CTF agreement is the presence of a multi-year vulnerability. 0x01 vulnerability details google security researcher Tavis Ormandy in Windows text services...

CVE-2019-10216: ghostscript sandbox bypasses command execution vulnerability alerts-a vulnerability alert-the black bar safety net

2019 Year 8 months 2 days late, Artifex official in ghostscriptf the master branch on the commit merge Bug 701394 repair. Designed to fix CVE-2019-10216 vulnerability. The vulnerability can be directly, bypassing the ghostscript security sandbox, the attacker can read any file or command executio...

Zhiyuan OA A8 Getshell vulnerability alerts-a vulnerability alert-the black bar safety net

Recently, 360CERT monitoring to Zhiyuan OA A8 system there is a remote Getshell vulnerabilities, has been in the field use. Zhiyuan OA A8 is a popular collaborative management software, in the medium and large business institutions widespread use. 0x01 vulnerability details Zhiyuan A8+ some versi...

Win 10 arbitrary file deletion 0day warning-vulnerability warning-the black bar safety net

! 0x00 vulnerability details 2019 5 May 21, sandboxescaper in the github upload a copy of win10 arbitrary file deletion 0Day code: https://github.com/SandboxEscaper/polarbearrepo this is from the 2018 Year 8 months sandboxescaper release of the fifth 0Day the. The vulnerability principle and the...

Oracle WebLogic Server high-risk security vulnerability alerts-a vulnerability alert-the black bar safety net

2019 04 May 17, 360CERT detection to the Oracle in 4 December 17 release of the security Bulletin. The security Bulletin disclosed the WebLogic Server there are multiple high-risk vulnerabilities that affect multiple WebLogic components. 360CERT it is determined that the security updates for...

Internet Explorer XXE vulnerability alerts-a vulnerability alert-the black bar safety net

GMT 4 on 11 May, the Foreign Security Fellow at the John Page public disclosure Internet Explorer 11 XXE vulnerability, successful exploitation of the vulnerability will lead to local file disclosure. Microsoft learned of the vulnerability, given a”temporary non-fix”results. In view of the...

iPhone FaceTime call vulnerability alerts-a vulnerability alert-the black bar safety net

Recently, 360CERT monitor to iPhone FaceTime calls appear privacy disclosure vulnerability. The vulnerability allowed the attacker in the victim to answer the FaceTime call before to get murdered in the audio, resulting in user privacy leakage. Currently, Apple has suspended the FaceTime service,...

CVE-2019-3462: apt/apt-get remote code execution vulnerability alerts-a vulnerability alert-the black bar safety net

0x00 vulnerability background 2019 1 May 22, @Max Justicz in his blog is disclosed about the debian-based package Manager apt/apt-get remote code execution in some detail. When by APT for any software installation, update, etc., the default will be to go HTTP instead of HTTPS, an attacker can MiT...

Exchange Server mention the right vulnerability alerts-a vulnerability alert-the black bar safety net

0x00 vulnerability background The vulnerability to the MSRC in 2018 年 11 月 13 published a can on the Exchange Server to achieve elevation of privilege vulnerability number CVE-2018-8581。 According to the MSRC of the vulnerability description information that the attacker successfully exploits thi...

CVE-2018-20129: DedeCMS V5. 7 SP2 front Desk file upload getshell vulnerability alerts-a vulnerability alert-the black bar safety net

2018-12-11 in CVE Chinese application station published a DEDECMS 5.7 SP2 is the latest version there is a file upload vulnerability, with administrator privileges can exploit this vulnerability to upload and getshell execute arbitrary PHP code. After analysis and verification. The vulnerability...

A large number of third-party Android ROM is not configured correctly resulting in information leakage warning-vulnerability warning-the black bar safety net

11 November 22, Magisk author topjohnwu published articles that mentioned him in the study of Fate/Grand Order mobile game root detection mechanism when found present in millions of android devices on the vulnerability, exploit the vulnerability will leak on the system to process information. In...

Apache Struts2 S2-057 vulnerability analysis and early warning-vulnerability warning-the black bar safety net

It is possible to perform a RCE attack when the namespace value isn't set for a result defined in underlying xml configurations and in the same time, its upper actions configurations have no or wildcard namespace. The Same possibility when using the url tag which doesn't have value and action set...

dnsmasq:exposure out of the plurality of levels is quite high vulnerability-vulnerability warning-the black bar safety net

dnsmasq as a lightweight DNS and DHCP do, thanks to its simple and easy to use, in the SME case, and the Cloud Platform is widely used, contains libvirt, etc., component the YAP indirect application of it as a support. 2017 10 on 2 September, by Google safe team invention, a plurality of dnsmasq...

Apache Kafka readObject vulnerability analysis report-vulnerability warning-the black bar safety net

I. background description Apache Kafka is an open source Apache stream processing platform, from the Apache to write, the use of scala and java. The project aims to provide a unified, high-throughput, low-latency real-time data processing platform. II. Vulnerability overview Kafka the internal...