Apache Tomcat from file contains to RCE exploit the principle of in-depth analysis-vulnerability warning-the black bar safety net

The content of the article introduction The present article is directed to the Apache Tomcat Ajp（CVE-2020-1938）the vulnerability file contains and RCE of the use of methods and principles for the in-depth analysis, including vulnerability to reproduce and analyze the environment to build the...

Odd security letter issued to Microsoft a high-risk vulnerability warning Win10 as the main effect of the target-vulnerability warning-the black bar safety net

Recently, Qi'an letter of Threat Intelligence Center released Microsoft WindowsSMBv3 service remote code execution vulnerability announcements. Notice that 3 on 11 May, the foreign company released a recent Microsoft security patch design vulnerability summary, which includes a threat level is...

Chrome browser crosses boundaries to write vulnerability analysis Part 2-Vulnerability warning-Black bar safety net

! introduction After we learned how the bug works and sent these details to Chrome to help them start fixing it, we returned to other projects. This bug is still a topic of discussion, and there is no reason why we should not write exploit for it. One of the main reasons for this is to understand...

Microsoft Exchange Server Static Key Defect Causes Remote Code Execution Analysis(CVE-2020-0688)-Vulnerability Warning-Black Bar Safety Net

In the latest Microsoft Monthly patch released in February 2020, Microsoft released an important patch to fix a remote code execution vulnerability in Microsoft Exchange servers.The vulnerability, reported to us by an anonymous researcher, affects all supported versions of Microsoft Exchange...

For libssh2 integer overflow vulnerability (CVE-2019-17498)analysis-vulnerability warning-the black bar safety net

0x01 vulnerability mining In 2019 3 December 18, Canonical Ltd. Chris Coulson discloses libssh2 nine of vulnerability, CVE-2019-3855 to CVE-2019-3863-in. These vulnerabilities have been in the libssh2 v1. 8. 1 repair. At the time, my colleague Pavel Avgustinov note that fix vulnerabilities report...

iPhone BootROM vulnerability description and threat assessment-vulnerability warning-the black bar safety net

0x00-related vocabulary AP: application processor. SEP: security coprocessor. SecureROM: also known as the BootROM is cured in the iPhone the read-only area in the section of the code, the area code is to start the chain and start the chain of trust starting point, the main responsible for loadin...

CVE-2019-16097 Harbor privilege elevation vulnerability analysis-vulnerability warning-the black bar safety net

The Harbor is one for the storage and distribution Docker image of the enterprise Registry server, by adding some of the business functions necessary characteristics, such as security, identification, and management, the expansion of the open-source Docker Distribution. As an enterprise-level...

The WebLogic vulnerability and patch analysis-vulnerability warning-the black bar safety net

Earlier this year, researchers found and published the Oracle WebLogic in a deserialization vulnerability. This vulnerability is more serious, so Oracle breaks the normal quarterly release patches practice, specially issued an emergency update. Unfortunately, the researchers soon realized that an...

CVE-2019-16097:Harbor privilege elevation vulnerability alerts-a vulnerability alert-the black bar safety net

2019 9 May 19, 360CERT observed abroad security researcher Aviv Sasson found Harbor there is elevation of Privilege Vulnerability, the Harbor in the default configuration register the function is open, the attacker can register functions using the vulnerability to gain administrator privileges...

In-depth exploration found in the wild iOS exploit chain VII-vulnerability warning-the black bar safety net

In a previous article, we studied how could an attacker on the iPhone as root for a sandbox escape code execution. In each chain at the end you can see the attacker calls posixspawn, the path passed to the/ tmp directory, the malicious binary file. Implanted code in the background to run as root,...

In-depth exploration found in the wild iOS exploit chain VI-vulnerability warning-the black bar safety net

In this article, we will Analysis on your iOS device to get the normal permissions of the shell of the WebKit exploit method, where all the vulnerabilities are available on iOS's sandboxed renderer process WebContent implemented shellcode code execution. Although on iOS Chrome will also be affect...

From BinDiff to 0day: Internet Explorer UAF vulnerability analysis-vulnerability warning-the black bar safety net

The last 6 months, I to Microsoft the report the IE browser in aUAF（after the release of the reused vulnerability vulnerability is the official positioning of the severity levels, numberedCVE-2019-1208, Microsoft in 9 monthsPatch Tuesdayfixes this vulnerability. I byBinDiff a binary code analysis...

In-depth exploration found in the wild iOS exploit chain V-vulnerability warning-the black bar safety net

This exploit chain are currently three different teams found, respectively, is the attacker's malicious organization, Project Zero Brandon Azad and 360 Security@S0rryMybad it. In 2018, 11 December 17,@S0rryMybad exploit this vulnerability in the Tianfu Cup PWN the race to win the 20 million dolla...

Use Device ID for any Instagram account once again hijacking-vulnerability warning-the black bar safety net

! Last, the authors break through Instagram background rate limiting, the construct of violence guessing mechanism, you can crack the starting to the user of the password reset confirmation code, in order to achieve ten minutes on any Instagram account hijack vulnerability bounty of$30,000 on. Th...

In-depth exploration found in the wild iOS exploit chain IV-vulnerability warning-the black bar safety net

Overview This exploit chain for iOS 12 – 12.1 version, when we found in the wild exploit of the chain, the two vulnerabilities are no official patch released. So we to an Apple reported two vulnerabilities in the 7 days after the iOS release 12. 1. 4 updated version. Here's the sandbox escape...

In-depth exploration found in the wild iOS exploit chain III-vulnerability warning-the black bar safety net

Overview This article exploits the chain's target is iOS 11-11. 4. 1, spanning nearly 10 months. This is what we observed first having a separate sandbox escape exploits chain. The sandbox escape vulnerability is libxpc in more serious security problem, wherein the reconstruction will lead to a W...

In-depth exploration found in the wild iOS exploit chain a-vulnerability warning-the black bar safety net

Series Foreword Project Zero One of the tasks is the analysis of the 0-day vulnerability, we often partner with other companies to find security vulnerabilities and submit, the final goal is to promote the popular system architecture of the security improvements to help protect throughout end...

Worms level vulnerability BlueKeep(CVE-2019-0708) EXP is released-vulnerability warning-the black bar safety net

9 月 7 Morning, open your eyes, the continuous rain of Shanghai has finally cleared up, the circle of friends was the“storm”--the one known as wannacry level of vulnerability BlueKeep（CVE-2019-0708）exploit released. ! Metasploit on the blog and Twitter, in succession to publish news that Metasploi...

CVE-2019-15846: the exim remote access to root privileges vulnerability alerts-a vulnerability alert-the black bar safety net

GMT 2019 9 November 6 December 18: 00 PM, the exim release exim-4.92.2 version fixes CVE-2019-15846, an attacker can use this vulnerability to remotely obtain root privileges. Vulnerabilities from qualys to find and report. 360CERT determine the vulnerability to hazards and the impact is large...

FastJson denial of service attack warning-vulnerability warning-the black bar safety net

0x00 vulnerability background 2019 9 November 5, 360CERT monitoring to 2019 9 November 3 fastjson in the commit 995845170527221ca0293cf290e33a7d6cb52bf7 presented is designed to repair when the string contains\x escape characters may lead to OOM issues of repair. 360CERT determine the vulnerabili...

Jenkins plug-in vulnerabilities: plaintext stored credentials disclosure-vulnerability warning-the black bar safety net

Jenkins is a widely used open source automation server, allows DevOps developers to efficiently and reliably build, test, and deploy software. In order to use Jenkins modular architecture, developers can plug-ins to extend its core features, allowing it to expand the script capabilities...

In-depth analysis of the thread and process handle leak vulnerability, under-vulnerability warning-the black bar safety net

PROCESSVM It covers the VM access permissions three types: WRITE/READ/OPERATION. The first two permissions should be self-explanatory, the third permission allows the operation of the virtual address space itself, such as modifying the page protection VirtualProtectEx or allocating memory with...

In-depth analysis of the thread and process handle leak vulnerability on-vulnerability warning-the black bar safety net

Over the years, the author had to encounter and use some handle disclosure vulnerability. Of course, these processes are also particularly interesting, because not all handles have been awardedPROCESSALLACCESSorTHREADALLACCESSpermissions, so you want to successfully use, or to use their brains in...

Non-stack format string exploit techniques-vulnerability warning-the black bar safety net

On Linux the stack format string vulnerability in the use of online has many explanations, but non-stack format string vulnerability few people introduced. This is mainly over weekends SUCTF game playfmt topic, for example, detail about the bss segment or on the heap format strings the use of...

2019 Pwn2Own for compromised VMware virtual machine escape vulnerability analysis-vulnerability warning-the black bar safety net

At this year's Vancouver Pwn2Own contest during Fluoroacetate team shows them through the use of VMware Workstation from the client virtual machine to escape to the physical machine. They use the virtual USB 1.1 UHCI postage host controller interface in the cross-border read/write vulnerabilities...

Pulse Secure SSL VPN vulnerability alerts-a vulnerability alert-the black bar safety net

360CERT detected related to security researcher published the Pulse Secure SSL VPN multiple vulnerabilities. Attacks that can exploit the vulnerability to read arbitrary files, including plaintext passwords, account information and Session information, as well as into the background after the...

CVE-2019-12527: the Squid buffer overflow resulting in remote code execution vulnerability alerts-a vulnerability alert-the black bar safety net

0x00 vulnerability background 2019 8 November 22, Trend Micro research team published a number of CVE-2019-12527 Squid proxy server buffer overflow vulnerability analysis report, the attacker in without authentication in the case of construction of a data package to exploit this vulnerability...

Apple bleee vulnerability analysis: everyone knows your iPhone on what is happening-vulnerability warning-the black bar safety net

This article describes the Apple BLE Protocol vulnerabilities to cause the Bluetooth information disclosure. Analysis The first analysis of the BLE traffic, unlock the phone and run the BLE sniffer: the python bleadvsearch.py -m 54:69:F1:23:2B:47 54:69:F1:23:2B:47 0e02011a0aff4c0010050b1c0fc556...

CORS-Vulnerable-Lab: with COSR configuration error related to the vulnerability code range-vulnerability warning-the black bar safety net

This repository contains the CORS configuration error related to the vulnerable code. You can be on the local machine to configure the vulnerable code, and to the actual use of the CORS related error configuration issue. In this case, I would first like to thank@albinowax, the AKReddy, And Vivek...

Microsoft CTF Protocol vulnerability alerts-a vulnerability alert-the black bar safety net

2019 Year 8 on 13 May, google security researcher Tavis Ormandy published a blog disclosing the windows operating system in the CTF agreement is the presence of a multi-year vulnerability. 0x01 vulnerability details google security researcher Tavis Ormandy in Windows text services...

Microsoft Patch Day: Word/DHCP/LNK remote code execution vulnerability alerts-a vulnerability alert-the black bar safety net

2019 8 May 14, Microsoft released security updates in addition to the RDP vulnerability also covers for a plurality of remote code execution high-risk vulnerabilities repair. Microsoft Word remote code execution vulnerability, the vulnerability number CVE-2019-0585。 The Windows DHCP client remote...

New HTTP/2 vulnerability exposure, allowing hackers to exploit an unpatched server to trigger a DoS attack-vulnerability warning-the black bar safety net

According to foreign media reports, recently, security researchers disclosed a HTTP/2 Protocol the eight vulnerabilities, allowing hackers to use to support HTTP/2 communication is not to patch the server to trigger a denial of Service DoS attack is. It is reported that these vulnerabilities allo...

Windows Remote Desktop Services remote command execution vulnerability, CVE-2019-1181/1182-a vulnerability warning-the black bar safety net

One, Foreword GMT + 8 on 14 October, Microsoft released a set for the Remote Desktop service repair program, which includes two critical remote code execution（RCE）vulnerability CVE-2019-1181 and CVE-2019-1182。 With the prior repair of the“BlueKeep”vulnerability, CVE-2019-0708）the same. This also...

HTTP/2 denial of service attack vulnerability alerts-a vulnerability alert-the black bar safety net

2019 08 on 13 the evening,the Netflix security team Google, the CERT / CC to Internet disclosure of the HTTP/2 Protocol in each of the middleware service implementation process appears in the DDoSdistributed-denial of service attackvulnerability issues. 0x01 vulnerability details HTTP/2in the RFC...

CVE-2019-10216: ghostscript sandbox bypasses command execution vulnerability alerts-a vulnerability alert-the black bar safety net

2019 Year 8 months 2 days late, Artifex official in ghostscriptf the master branch on the commit merge Bug 701394 repair. Designed to fix CVE-2019-10216 vulnerability. The vulnerability can be directly, bypassing the ghostscript security sandbox, the attacker can read any file or command executio...

Win10 security warning: the Super 40 Drive-in there is a security vulnerability-vulnerability warning-the black bar safety net

! In the computer, the hardware is the Software Foundation. And the drive to play the makeOSknow of hardware components and interact with the role. The driver code allows theoperating systemthe kernel and the hardware to communicate, than normal user and system administrator permissions to be...

Steam 0 day vulnerability affects 1 billion users-vulnerability warning-the black bar safety net

! The Steam platform is currently the most popular game platform steam has over 1 million registered users, with millions of users simultaneously participate in the game. Researchers in the Steam games Windows the client found a 0-day privilege escalation vulnerability, exploit the vulnerability...

VxWorks is facing severe RCE attack risk-vulnerability warning-the black bar safety net

Armis research team in the VxWorks discovered 11 zero-day vulnerabilities, VxWorks may be the most widely used of theoperating system. VxWorks is more than 20 million devices in use, including critical industrial, medical and business equipment. Called the“URGENT/11,”the vulnerability exists in t...

Wi-Fi security the future: assessment WPA3 vulnerability in-vulnerability warning-the black bar safety net

Recently, a security research expert Matty Vanhoef and Eyal Ronen on the WPA3 Wi-Fi standards, conducted a safety analysis, and success from which to discover the five security vulnerabilities. Wherein, there are four security vulnerabilities will seriously affect Internet Security, then the next...

CVE-2019-0193: Apache Solr remote command execution vulnerability alerts-a vulnerability alert-the black bar safety net

2019 8 October 1, Apache Solr official release for CVE-2019-0193 vulnerability alerts, vulnerability hazard rating is serious. The vulnerability appears in the Apache Solr DataImportHandler, the module is an optional but commonly used module for from the database and other sources to extract data...

URGENT/11: VxWorks RTOS 11 0 day vulnerabilities affect 20 million device-bug warning-the black bar safety net

Armis Labs security researchers recently in the currently most widely used embedded devices in real timeoperating system real-time operating systems, RTOS）VxWorks found 11 a 0 day vulnerability, theoperating systemis widely used in aerospace, defense, industrial, medical, electronic, network, and...

Django-JSONField, the HStoreField SQL injection vulnerability-vulnerability warning-the black bar safety net

! One, Foreword Django is an open source Web application framework made of Python written. The use of a MTV framework of the model, i.e. the Model M, view V and template T. It was originally being developed for the management of the Lawrence Publishing Group, owned by some to the news content bas...

RTOS VxWorks multiple high-risk vulnerability alerts-a vulnerability alert-the black bar safety net

Armis researchers in the VxWorks discovered 11 zero-day vulnerabilities, VxWorks is a popular real timeoperating system（RTOS）, is more than 20 million devices in use, including industrial, medical and business equipment and other mission-critical equipment. These vulnerabilities are referred to...

OXID eShop two vulnerability analysis-vulnerability warning-the black bar safety net

RIPS in the OXID eShop software was detected in a high-risk vulnerability, an unauthorized attacker could exploit the vulnerability in a few seconds the remote take over using the default configuration of the target site. In addition the admin panel there is also another vulnerability, an attacke...

Linux local to mention the right vulnerability(CVE-2019-13272)early warning-vulnerability warning-the black bar safety net

2019 07 on 20 December, the Linux officially fixes a local kernel to mention the right vulnerability. Through this vulnerability, the attacker may be an ordinary user permissions elevated to Root privileges. Vulnerability description When calling PTRACETRACEME, the ptracelink function will get th...

nebula level18 IT - resources are not released vulnerabilities and FORTIFY protection bypass-vulnerability warning-the black bar safety net

The recent practice of the linux extracted, to find a good topic -- exploit-exercises-nebula, a online range of the above experimental environment, but still suggest to download a virtual machine of a local practice. Wherein level18 is the topic of the essence of the, the official Tips This title...

Began openly selling a...the United States company is selling weapons of the BlueKeep the exploit-vulnerability warning-the black bar safety net

By 2019 05 on 15 August, Microsoft released 5 December patch update list, in which the presence of a marked to severe RDP Remote Desktop Services remote code execution vulnerability, an attacker can exploit this vulnerability remotely without user authentication by sending the special structure o...

Xstream remote code execution vulnerability-vulnerability warning-the black bar safety net

One, the Foreword XStream is a commonly used Java class libraries used to serialize an object into XML, JSON or deserialize the object. Second, the vulnerability profile Xstream 1.4.10 version exists deserialization vulnerability CVE-2013-7285 patch bypass. Third, the vulnerability to hazards The...

Comodo Antivirus explosion multiple vulnerabilities-vulnerability warning-the black bar safety net

Comodo is a company located in the United States software company, headquartered in Jersey City, was established in 1998, is a world-renowned IT security service provider and SSL certificate providers. Researchers at Comodo Antivirus / Comodo Antivirus Advanced and other products found in the...

fuzz CVE-2019-1118-vulnerability warning-the black bar safety net

! This article is to analysis about CVE-2019-1118, the problem is stack corruption in the OpenType font handling due to negative cubeStackDepth Vulnerability reproduction Build environment, simple to reproduce it git clone https://github.com/adobe-type-tools/afdko cd afdko git checkout 2.8.8 cd c...