WebLogic Server re-aeration at high risk 0 day vulnerability-a vulnerability warning-the black bar safety net

6 May 11, Ali cloud security team found WebLogic CVE-2019-2725 patch to bypass the 0day vulnerabilities, and First Time reported in Oracle official, 6 January 12, get Oracle official confirmation. Since Oracle has not yet released an official patch, vulnerability details and real PoC are not...

WebLogic Server exposure to high-risk remote command execution 0 day vulnerability-a vulnerability warning-the black bar safety net

Recently, Ali cloud security team monitored, by the National information security vulnerabilities sharing platform CNVD）included in the Oracle WebLogic wls9-async deserialization remote command execution vulnerability CNVD-C-2019-48814 be attacker, the unauthorized remote execution command. The...

Nexus Repository Manager 3 new vulnerability has been used in mining Trojan spread, users are advised to fix as soon as possible-vulnerability warning-the black bar safety net

Recently, Ali cloud security monitoring to watchbog mining Trojan use the new exposure of the Nexus Repository Manager 3 remote code execution vulnerabilityCVE-2019-7238for attack and mining the events. It is worth noting that this attack Start Time 2 on 24th and 2 on 5 May above products, the...

Xiaoming probe test Ali cloud OSS credentials have information leakage vulnerability

Xiaoming tan exam app is a learning mobile app application. Xiaoming Tangkao Ali Cloud OSS credentials have an information leakage vulnerability. The vulnerability is caused by credential leakage due to the use of SDK with accessKeyId and accessKeySecret, endpoint built into the mobile app. An...

Active Wallet AliCloud OSS credentials have information leakage vulnerability

Activity Wallet is a mobile promotional app application from Chengdu Speedway Technology Co. Object Storage Service, abbreviated as OSS, is a massive, secure and highly reliable cloud storage service provided by AliCloud to the public. An information leakage vulnerability exists in the Activity...

Hacking Ali cloud released Windows System the high-risk vulnerability solution-exploits warning-the black bar safety net

4 on 14 November, outside the hacking group discloses a comprising a plurality of Windows Remote exploit tools for the confidential documents. To ensure that the cloud on the user's business security, Ali cloud in 4 month 15 days morning nine points half released a vulnerability announcement and...

Redis CSRF vulnerability analysis and preventive measures-vulnerability warning-the black bar safety net

Redis CSRF vulnerability analysis Recently the netizen exposed a Redis CSRF vulnerability, while Redis author in the latest release of the 3. 2. 7 also carried out the repair, this article on CSRF attack and how to safely use Redis. Ali cloud cloud database Redis version force require password...

Seemingly tasteless ESPCMS background injected, can actually be a lot of fun-vulnerability warning-the black bar safety net

Yesterday, the black bar safety net loophole platform exposes a ESPCMS of injection vulnerabilities, Ali cloud computing security attack and defense against a team of friends first time on the vulnerability to do an impact assessment. Did not think need to login to the backend before it can be...

Joomla object injection vulnerability analysis report-vulnerability warning-the black bar safety net

Recently, Joomla and then exposed to high-risk 0day vulnerability for remote command execution, Ali cloud cloud shield yesterday has been on the line corresponding to the blocking rules against the vulnerability. At the same time,the cloud hosting customer has made a phone call and automatically...

LuManager high-risk SQL injection 0day analysis-vulnerability warning-the black bar safety net

2 0 1 5 year 9 month 7 day Ali cloud shield situational awareness system captures the LuManager system of 0day a gold that confirmed that the vulnerabilities once a hacker can use directly to the highest authority of the login background, upload webshell, the control system database, the operatio...

360MarvelTeam virtualization vulnerability of the third bullet: CVE-2 0 1 5-7 5 0 4 vulnerability analysis-vulnerability warning-the black bar safety net

Recently amazon, Ali cloud and other cloud providers have received the xen official of the vulnerability notification email, in this email, the official statement MarvelTeam found and reported a high-risk vulnerability. Today's protagonist is this gold number CVE-2 0 1 5-7 5 0 4, a gold affects...

“Broken days”: the Xen virtualization platform virtual machine escape vulnerability analysis-vulnerability warning-the black bar safety net

Xen is the leading open source virtualization platform, supporting the Amazon cloud, Ali cloud, etc. many well-known public cloud service infrastructure, therefore, ensure that the virtualization infrastructure security has important significance. Ali cloud security vulnerability research team...

When the network sharp knives of the data stream due to the vulnerability to bypass the egg stream......- Vulnerability warning-the black bar safety net

On Friday, the network sharp knife security team of the rivers and lakes known as the“data stream”of handsome handsome in the Black clouds submitted a vulnerability, in fact, in the clouds on submitted vulnerabilities is also not what big things, but the key is: ! Smart devices small love love...

Ali cloud according to the amount of payment logic vulnerabilities a gold（cheap enjoy Super host-vulnerability warning-the black bar safety net

To Description: Ali cloud cloud host purchase logic design is not tight, after a base64 encoding of the data can be tampered with, and the rear end will accept the tampering of the data, and can forge a super host. The need to spend 2 0 1 5 $ 8/month host only need 9 3 6 Yuan/month（see Figure） ! ...