Dell pre-installed SupportAssist components DLL hijacking vulnerability, worldwide more than 1 billion devices face a cyber-attack risk-vulnerability warning-the black bar safety net

SupportAssist is a powerful support application helps to ensure that the user of the system is always running optimally, take the initiative to find the problem and allows you to run the diagnostic program and the driver update scan. Recently, however, researchers have found that this tool softwa...

WebLogic deserialization 0day vulnerability CVE-2019-2725 patch to bypass）early warning-vulnerability warning-the black bar safety net

2019 06 May 15, 360CERT monitored in the field of Oracle Weblogic remote deserialize command execution vulnerability, the vulnerability to bypass the latest Weblogic patch（CVE-2019-2725, the attacker can send a carefully constructed malicious HTTP request, unauthorized remote execution of command...

Alert Windows RDP remote vulnerability POC propagation-vulnerability warning-the black bar safety net

! 0x00 description 2019 5 August 31, 360 is detected on github someone posted a lead to a remote denial of Service POC codehttps://github.com/n1xbyte/CVE-2019-0708and for windows server 2008 R2 x64 demo video, the proven POC code real and effective. An attacker can use to spread the code of the...

Win 10 scheduled tasks local elevation of privilege 0 day POC-exploit warning-the black bar safety net

! The exploit is since last 8 months from security researchers SandboxEscaper found the first 5 Windows exploits. SandboxEscaper the use of the exploit can be a local elevation of privilege, access to SYSTEM and TrustedInstaller and other privileged users of the Spa's full control. The timing of...

Dell Computer comes with system software, SupportAssist presence of a RCE vulnerability-vulnerability warning-the black bar safety net

! You use the computer what is the brand? You have on your computer system pre-installed or comes with the security of the software produced a suspect? When we talk about remote code execution vulnerability, RCE, may most people would think of it andoperating systemvulnerabilities, but there is n...

Using SMB to bypass PHP Remote File Inclusion limit-vulnerability warning-the black bar safety net

In this article, I share a little bit of PHP Program in a remote file inclusion vulnerability, it will often be in the file contains is use. Although the PHP environment has been configured to prohibit from the remote HTTP/FTP URL contains the file, but I will share how to bypass Remote File...

XSLeaks attack analysis-HTTP caching and cross-site leakage-vulnerability warning-the black bar safety net

0x1 XSSearch past lives This attack is the earliest can be dated back to 10 years agoi.e. 2009, one named Chris Evans, security personnel describes one of the Yahoo attack: Chris use a malicious web site to search for the site visitor's e-mail Inbox, and he by constructing different keywords mann...

Windows domain environment there is a remote code execution risk early warning-vulnerability warning-the black bar safety net

0x00 event background Recently, 360CERT monitoring to the foreign security researchers disclosed a Windows domain environment pose a serious threat to attack the use of the programme, for the man in the middle attacks with the use of resource constrained delegation attack of a combination of ways...

. NET advanced code audit（the first lesson）XmlSerializer deserialization vulnerability-vulnerability warning-the black bar safety net

在.NET in the framework of the XmlSerializer class is a great tool, it is a highly structured XML data is mapped to . NET objects. The XmlSerializer class in the program through a single API call to perform the XML document and the object conversion between. The conversion mapping rules in the . N...

VR social app Bigscreen presence of security vulnerabilities, hackers executable MITR attack-vulnerability warning-the black bar safety net

Connecticut West Haven University security team found the VR social platform Bigscreen there is a serious security vulnerability. The vulnerability allows the attacker without the player permission to enter their virtual reality space, thereby enhancing system is embedded in a malicious program b...

Razer Synapse 3 Windows client local to mention the right vulnerability analysis-vulnerability warning-the black bar safety net

A, vulnerability introduction Razer Synapse（Ray cloud software installed in the system a service Razer Synapse Service, the service to NT AUTHORITY\SYSTEM permissions to run 会加载C:\ProgramData\Razer\目录中的多个.NET assembly. C:\ProgramData\Razer\and its subdirectories/files in the permissions aspect is...

The United States Postal Service, the Amazon company due to API defects lead to a large number of customer data exposure-vulnerability warning-the black bar safety net

The United States is an annual holiday shopping carnival on Friday officially kicked off, and at the same time, the United States Postal Service and Amazon but there were two security incidents, both with the API using the improper about this event affected millions of people, at the same time...

DVWA Pro-test CSRF vulnerability-vulnerability warning-the black bar safety net

CSRF is a cross-site request forgery, i.e., a user at A site after login in the same client of the Site B using the vulnerability to get A site's Cookie and other authentication information, and forgery as legitimate identity request to A site. This article in the local environment, carry out the...

VirtualBox virtual machine latest escape vulnerability E1000 0 day detailed analysis of the on-vulnerability warning-the black bar safety net

Recently, Russian security researcher Sergey Zelenyuk released for VirtualBox 5.2. 20 early versions of the 0 day vulnerabilities detailed information, these versions can allow an attacker to escape the virtual machine and executed on the host RING 3-layer code. Then, the attacker can take...

How was I to find Donald Daters applications database vulnerabilities-vulnerability warning-the black bar safety net

Monday night as usual I watch TV to pass the time, but there is nothing interesting in the program. So I decided on the phone looking for fun, I started aimlessly on Twitter through various tweets, a Fox News push content caught my attention. ! Someone of Trump's supporters developed a...

Ruby2. X remote code execute vulnerability analysis of the deserialization gadget chain-vulnerability and early warning-the black bar safety net

Description This article will detailed introduction to ruby any deserialization use, at the same time also released the first General-purpose gadget chain, to achieve the Ruby 2. x arbitrary command execution. In the next article, I will explain in detail the deserialization of the problem and Th...

See how do I find the value of 3 thousand 6 thousand USD Google RCE vulnerability-vulnerability warning-the black bar safety net

! This article tells the story of the Uruguayan public University, 18-year-old student Ezequiel Pereira found Google highest level RCE vulnerability-related process. In the beginning of the year, Ezequiel found Google Google App Engine GAEis a non-production environment of a vulnerability, exploi...

Vulnerability to cause a Windows system crash, hardware experts published PoC exploit code-exploit warning-the black bar safety net

Bitdefender company researcher Marius Tivadar on GitHub released a PoC code, even if the computer is locking the case in a few seconds cause Windows computers to crash. ! The PoC code is the use of Microsoft processing an NTFS file system image process in the presence of a vulnerability, the code...

D-Link Service. Cgi remote command execution vulnerability from discovery to intrusion detection-vulnerability warning-the black bar safety net

This D-link wireless router 615/645/815 router service. cgi remote command execution vulnerability, for example, gives a smart device to command injection class vulnerability static analysis to find bugs in the method. According to the vulnerability analysis carried out 615/645/815 router service...

To expose the spike Trend Micro multiple products RCE vulnerability flaws bug-a vulnerability warning-the black bar safety net

The framework of the network security of ever more and more give rise to a network security staff to the presence of dependents, for example, the Apache Struts case because within the framework of a wide range of vulnerabilities flaws bug the excitation of the network hits the firing presumably...