Lucene search
K
Myhack58Most viewed

7620 matches found

myhack58
myhack58
added 2017/07/02 12:0 a.m.108 views

Using the CTS for vulnerability detection and principles of analysis-vulnerability warning-the black bar safety net

360 Vulpecker team Membership 360 Information Security Department, committed to the Android application and the system-layer vulnerability discovery as well as other Android security research. We passed on the CTS frame of the research, the preparation of a vulnerability detection aspect of the...

7.4AI score
Exploits0
myhack58
myhack58
added 2017/06/13 12:0 a.m.108 views

Bluetooth App vulnerability series analysis II CVE-2017-0639-vulnerability warning-the black bar safety net

Author: heeeeen Belongs team: MS509Team 0x01 vulnerability profile Android this month's security Bulletin, the repair we discover another Bluetooth App information disclosure vulnerability that could allow an attacker to obtain the bluetooth owned by the user private files, bypassing the...

4.3CVSS0.4AI score0.00653EPSS
Exploits0
myhack58
myhack58
added 2017/04/25 12:0 a.m.109 views

360Vulcan: the NSA Arsenal of Eternalromance (eternal romance) vulnerability analysis-vulnerability warning-the black bar safety net

In the Shadow Brokers disclosed the NSA's hacking Arsenal, Eternalromance eternal romance is the impact of Windows full platform SMBv1 vulnerability attack tool that has been Microsoft patch MS17-010 repair, Windows XP and 2003, etc. is not Microsoft support period of the system version without t...

7.6AI score
Exploits0
myhack58
myhack58
added 2015/03/21 12:0 a.m.108 views

[CVE-2 0 1 5-0 0 9 6]Microsoft Windows Shell SMB LNK Code Execution Exploit-vulnerability warning-the black bar safety net

require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::EXE include Msf::Exploit::FILEFORMAT include Msf::Exploit::Remote::SMB::Server::Share attraccessor :exploitdllname def initializeinfo = superupdateinfoinfo, 'Name' = 'Microsoft Windows Shell LN...

9.3CVSS0.6AI score0.71075EPSS
Exploits16
myhack58
myhack58
added 2015/01/16 12:0 a.m.108 views

TP-link TL-WR840N router series there is a CSRF vulnerability, you can modify any of the configuration containing the POC-the exploit-warning-the black bar safety net

TP-Link routers in the domestic volume of users is very large, the recent foreign security researchers found that the TP-Link a series of routers there is a CSRF vulnerability, an attacker can modify the router in any configuration, including DNS, etc. Vulnerability TP-Link TL-WR840N router...

3.3AI score
Exploits0
myhack58
myhack58
added 2019/08/29 12:0 a.m.107 views

Non-stack format string exploit techniques-vulnerability warning-the black bar safety net

On Linux the stack format string vulnerability in the use of online has many explanations, but non-stack format string vulnerability few people introduced. This is mainly over weekends SUCTF game playfmt topic, for example, detail about the bss segment or on the heap format strings the use of...

7AI score
Exploits0
myhack58
myhack58
added 2017/02/23 12:0 a.m.107 views

Snow hidden for 11 years: Linux kernel DCCP double-free privilege escalation Vulnerability, CVE-2017-6074-a vulnerability warning-the black bar safety net

Vulnerability description Vulnerability ID: CVE-2017-6074 Vulnerability discovered by: Andrey Konovalov Vulnerability hazards: by an unprivileged process to obtain the kernel code execution and thus enhance permissions Scope of impact: Linux kernel version2.6.182006 9 months. But DCCPdatagram...

9.3CVSS0.3AI score0.0596EPSS
Exploits13
myhack58
myhack58
added 2014/09/11 12:0 a.m.107 views

freeshell fix side-channel attack vulnerabilities-vulnerability warning-the black bar safety net

Vulnerability science Side-channel attacksside channel attack referred to as SCA, also known as side-channel attacks:for the encryption of electronic devices during the run time consumption, power consumption or electromagnetic radiation or the like of the side-channel information leakage and...

0.8AI score
Exploits0
myhack58
myhack58
added 2005/10/15 12:0 a.m.107 views

“Cross-site”I see the vulnerability warning-the black bar safety net

Don't know what people think of cross-site attacks, really is a tasteless question? In fact, across the station is not only stealing the COOKIES so simple! See GET and POST two submission allow an external submission. Look at the following codeGET is: iframe...

7.2AI score
Exploits0
myhack58
myhack58
added 2017/03/05 12:0 a.m.106 views

Linux vulnerability analysis-MP3Info 0.8.5 a code execution vulnerability, CVE-2006-2465-a vulnerability warning-the black bar safety net

Author: k0shl reprint please indicate the source: http://whereisk0shl.top Vulnerability description Software download: https://www.exploit-db.com/apps/cb7b619a10a40aaac2113b87bb2b2ea2-mp3info-0.8.5a.tgz PoC: junk = "\x90\x90\x90\x90"8 shellcode = "\x31\xc0\x50\x68/\x68/bin\x89\the...

8AI score0.05387EPSS
Exploits3
myhack58
myhack58
added 2016/03/20 12:0 a.m.106 views

S2-0 2 9 Struts2 tag remote code execution analysis with POC-the exploit-warning-the black bar safety net

Struts2 tag library provides themes, templates support, which greatly simplifies the view of a page of writing, and, struts2 theme, the template provides a good scalability. To achieve a better code reuse. Struts2 allows the page to use a custom component, which can fully meet the project page...

8.5AI score
Exploits0
myhack58
myhack58
added 2015/12/20 12:0 a.m.106 views

CVE-2 0 1 5-6 9 7 4 vulnerability analysis-vulnerability warning-the black bar safety net

0x00: iOS9. 1 released, Pangu previously made a topic about the They escape using the loopholes and the use of means. Then follow up to do a little analysis. 0x01: The problem is in the Apple IOHIDFamily this driving the code inside,this drive Apple is open source. In iOS, this driver provides...

0.4AI score
Exploits0
myhack58
myhack58
added 2014/05/27 12:0 a.m.106 views

5 on Microsoft patch KB2871997 and KB2928120 exploit analysis-exploit warning-the black bar safety net

5 month, Microsoft in 1 3, released monthly security update, which has KB2871997 and KB2928120 two Knowledge Base articles Knowledgeased and KB2871997 is not even a Security Bulletin to. For either as the attack of the penetration tester or as a defense of the Administrators ignore these two...

0.5AI score
Exploits0
myhack58
myhack58
added 2010/11/07 12:0 a.m.106 views

MetInfo 3.0 PHP code injection vulnerability(getshell)-vulnerability warning-the black bar safety net

Official website: http://www.metinfo.cn/ Keyword:"Powered by MetInfo 3.0" Description: In the file/include/common. inc. php 6 line 7: evalbase64decode$allclass0; $allclass0 variable is not initialized, so we can control its value, the code injection use. POC: the...

0.2AI score
Exploits0
myhack58
myhack58
added 2010/04/15 12:0 a.m.106 views

Linux Kernel ReiserFS file system implementation to bypass security restrictions vulnerability-vulnerability warning-the black bar safety net

Affected version: Linux kernel 2.6. x vulnerability description: The Linux Kernel is open sourceOSLinux the kernel. Linux Kernel ReiserFS file system implementation does not properly restrict. reiserfspriv Directory Access, the local user can modify the ACL or extended attributes get root access...

6.9AI score
Exploits0
myhack58
myhack58
added 2017/08/22 12:0 a.m.105 views

How to detect and guard based on the CVE-2017-0005 vulnerability of elevation of privileges attack-vulnerability warning-the black bar safety net

One, Foreword 2017 3 on 14 September, Microsoft published a security Bulletin MS17-013, fixes CVE-2017-0005 vulnerability. CVE-2017-0005 vulnerabilities in Windows Win32k Assembly, an attacker using this vulnerability could achieve elevation of Privilege. Partners according to credible reports, w...

6.9CVSS7.9AI score0.11022EPSS
Exploits1
myhack58
myhack58
added 2017/04/28 12:0 a.m.105 views

Zabbix multiple high-risk vulnerabilities-vulnerability warning-the black bar safety net

About Zabbix zabbix is a WEB-based interface to provide distributed system monitoring and network monitoring capabilities of enterprise-class open source solutions. zabbix to monitor various network parameters, ensure that the server system of the security operations;and to provide flexible...

1.8AI score0.261EPSS
Exploits24
myhack58
myhack58
added 2014/04/10 12:0 a.m.105 views

Than imagined more terror! OpenSSL“effort”vulnerability in-depth analysis-vulnerability warning-the black bar safety net

Author: yaoxi original source http://blog.wangzhan.360.cn/ Recently, OpenSSL broke this year's most serious security vulnerability in the hacker community is named“heart bleed”vulnerability. 3 6 0 site Guard security team of the vulnerability analysis, the vulnerability is not only related to htt...

5CVSS8AI score0.99999EPSS
Exploits87
myhack58
myhack58
added 2019/06/19 12:0 a.m.104 views

TP-LINK Wi-Fi Repeater to a vulnerability that can be used for remote code execution-vulnerability warning-the black bar safety net

IBM X-Force researcher Grzegorz Wypych recently issued a warning that some of the TP-Link Wi-Fi Repeater devices there is a serious remote code execution vulnerability, the vulnerability can lead to external attackers access device privileges and execute arbitrary commands. ! IBM Security section...

2.8AI score
Exploits0
myhack58
myhack58
added 2019/05/14 12:0 a.m.104 views

Easy WP SMTP v1. 3. 9)0 day vulnerability is being attacked in the process and reproducibility-vulnerability warning-the black bar safety net

Foreword Your own blog site with wordpres hosting, last month found some abnormalities. 3.12 days, the mailbox explosion, received more than 100 letter on the site is the blasting of the notification mail. ! Day to see also not strange, because before it appeared such a situation, every day there...

6.9AI score
Exploits0
myhack58
myhack58
added 2017/10/11 12:0 a.m.104 views

The latest Office 0day vulnerabilities flaws bug(CVE-2017-11826)in the wild attack warning-vulnerability warning-the black bar safety net

! 2017 9 May 28, 360 the focus of the Network Security Business Unit upscale intimidating response team to capture an application Office 0day vulnerabilities flaws bug(CVE-2017-11826 the Korean invasion attack. The vulnerability flaws bug nearly affect the Microsoft currently support all office...

0.8AI score0.81627EPSS
Exploits3
myhack58
myhack58
added 2017/02/23 12:0 a.m.104 views

Lurking in 11 years of Linux kernel to mention the right vulnerability-exposure-vulnerability warning-the black bar safety net

Vulnerability number CVE-2017-6074 Vulnerability overview The Linux kernel recently also exposed a privilege escalation vulnerability that can be traced back to 2005, the vulnerabilities affect the Linux operating system major releases, including Redhat, Debian, OpenSUSE and Ubuntu. Using this...

9.3CVSS0.8AI score0.11127EPSS
Exploits29
myhack58
myhack58
added 2016/12/05 12:0 a.m.104 views

The firmware binary code of the simulation and exploit technology-vulnerability warning-the black bar safety net

In a previous article, we introduced a firmware analysis and extraction of the file system method. In this article we will further introduce how to in-depth analysis of firmware binaries, and then use its common security vulnerabilities. In this paper, we will relate to the following as shown in...

7.8AI score
Exploits0
myhack58
myhack58
added 2015/11/12 12:0 a.m.104 views

Huawei CPE devices there is a remote arbitrary file reading vulnerability reference EXP-a vulnerability warning-the black bar safety net

The CPE is what CPE is a high-speed 4G signal is converted into tablets, smartphones, laptops and other mobile devices universal WiFi signal of the device, can simultaneously support multi-terminal access, the size of a book, in a 4G signal coverage place, plug in the power it can use, without...

7.5AI score
Exploits0
myhack58
myhack58
added 2015/03/26 12:0 a.m.104 views

wild copy-exploits-vulnerability warning-the black bar safety net

0x00 Preface This is Project Zero on the articles, the original text of the Taming the wild copy: Parallel Thread Corruption of Links: http://googleprojectzero.blogspot.com/2015/03/taming-wild-copy-parallel-thread.html 2 0 0 2 year, Apache Web serverfound and fixed a very fun bug. The server...

8.6AI score
Exploits0
myhack58
myhack58
added 2012/04/06 12:0 a.m.104 views

PHP 5.4/5.3 deprecated Function eregi() memory_limit bypass vulnerability-vulnerability warning-the black bar safety net

PHP is an HTML embedded language, PHP and Microsoft ASP quite a bit similar, is a server-side implementation of the embedded HTML document the script language, the language style is similar to the C language, is now a lot of web site programmers widely use. PHP 5.3 after version deprecated based ...

7.1AI score
Exploits0
myhack58
myhack58
added 2007/06/18 12:0 a.m.104 views

CGI vulnerability highlights-vulnerability warning-the black bar safety net

CGI vulnerability highlights For the following list of CGI vulnerabilities,simply speaking,you can directly delete the program or rewrite the program to reach the safety of the mesh The Below is not completely reprinted from the green Forumvia a Supplement A. phf vulnerability The phf vulnerabili...

8.1AI score
Exploits0
myhack58
myhack58
added 2019/07/31 12:0 a.m.103 views

OXID eShop two vulnerability analysis-vulnerability warning-the black bar safety net

RIPS in the OXID eShop software was detected in a high-risk vulnerability, an unauthorized attacker could exploit the vulnerability in a few seconds the remote take over using the default configuration of the target site. In addition the admin panel there is also another vulnerability, an attacke...

2AI score
Exploits0
myhack58
myhack58
added 2017/06/07 12:0 a.m.103 views

How to use JavaScript array extensions integer overflow vulnerabilities in WebKit-a vulnerability warning-the black bar safety net

I will be in this article to tell you about the vulnerability, CVE-2017-2536/ZDI-17-358, which is a typical plastic overflow vulnerability, when the system is in the calculation of the allocated space size, the vulnerability will likely lead to a heap buffer overflow. We not only give you...

6.8CVSS7.4AI score0.10478EPSS
Exploits2
myhack58
myhack58
added 2017/05/22 12:0 a.m.103 views

OpenSSL handshake renegotiation process in the presence of the vulnerability can lead to denial of service-vulnerability warning-the black bar safety net

One, Foreword OpenSSL is a very popular General-purpose encryption library, available as a Web authentication service to provide SSL/TLS Protocol Implementation. Recently, there has been found in OpenSSL in the presence of several vulnerabilities. We've written several articles on the analysis of...

5CVSS0.9AI score0.57595EPSS
Exploits2
myhack58
myhack58
added 2016/12/17 12:0 a.m.103 views

Facebook chat history stealing vulnerability, the impact of the billion Messenger users-vulnerability warning-the black bar safety net

In this article, we describe in detail A in Facebook on find Server security vulnerabilities, this vulnerability might affect millions of CORScross-origin resource sharingin the Origin header to allow“NULL”value of the site, the vulnerability will threat the privacy of the user, the malicious...

6.8AI score
Exploits0
myhack58
myhack58
added 2016/03/09 12:0 a.m.103 views

Technology share: how to use Python and PyInstaller to write a Windows malicious code-vulnerability warning-the black bar safety net

Disclaimer: This article is intended to share, not for malicious use! This article mainly shows is through the use of python and PyInstaller to build the malicious software of some poc. ! Known to all, malicious software and more will continued to target of the attack. And this is on windows ther...

0.3AI score
Exploits0
myhack58
myhack58
added 2014/08/25 12:0 a.m.103 views

Android LaunchAnyWhere (Google Bug 7 6 9 9 0 4 8)vulnerability explanation and Defense measures-vulnerability warning-the black bar safety net

Start Recently, Google repair a component of the security vulnerability LaunchAnyWhere Google Bug 7 6 9 9 0 4 8 in. This vulnerability belongs to the Intend Based extraction vulnerability, an attacker exploit this vulnerability, you can break the Inter-application permission isolation, reach to...

1.3AI score
Exploits0
myhack58
myhack58
added 2011/03/09 12:0 a.m.103 views

EggAvatar for vBulletin 3.8. x SQL injection vulnerability-vulnerability warning-the black bar safety net

vBulletin is a famous commercial Forum app for vBulletin 3.8. x EggAvatar plug-ins existSQL injectionvulnerabilities that could lead to sensitive information disclosure. +info: EggAvatar for vBulletin 3.8. x SQL Injection Vulnerability +poc: view source print? | 0 1 | !/ usr/bin/env perl ---|--- ...

Exploits0
myhack58
myhack58
added 2017/06/19 12:0 a.m.102 views

Subaru car software vulnerability analysis—never a failure of token-vulnerability warning-the black bar safety net

Not long ago, one from California car, information security researcher Aaron Guzman, in Australia, held a computer security conference to introduce a black into the Subaru car of the method. In his own 2017 Subaru WRX STI was found in a surprising number of software vulnerabilities, through these...

7.3AI score
Exploits0
myhack58
myhack58
added 2016/12/19 12:0 a.m.102 views

PHP garbage collection mechanism UAF vulnerability analysis-vulnerability warning-the black bar safety net

First, the PHP garbage collection mechanism introduction Because PHP is among the presence of circular references, only the refcount of the counter as a garbage collection mechanism is not enough, so in PHP5. 3 introduced a new garbage collection mechanism. $a = array'one'; $a = &$a; unset$a; ?&...

7.5CVSS0.2AI score0.15484EPSS
Exploits5
myhack58
myhack58
added 2011/03/06 12:0 a.m.102 views

PHPWind v7. 5 / v8. 0 vulnerability EXP-vulnerability warning-the black bar safety net

PHPWind v7. 5 / v8. 0 vulnerability EXP theme keywords: phpwind7. 5 Affected version: PHPWind v7. 5 / v8. 0 Command :php pking.php user passhttp://www. xxxx. com/ pking.php: Copy the contents to the clipboard the program code ? php echo" Info: Poc for Phpwind remote command execution Test:...

0.3AI score
Exploits0
myhack58
myhack58
added 2019/09/18 12:0 a.m.101 views

In-depth exploration found in the wild iOS exploit chain VII-vulnerability warning-the black bar safety net

In a previous article, we studied how could an attacker on the iPhone as root for a sandbox escape code execution. In each chain at the end you can see the attacker calls posixspawn, the path passed to the/ tmp directory, the malicious binary file. Implanted code in the background to run as root,...

7.9AI score
Exploits0
myhack58
myhack58
added 2019/08/29 12:0 a.m.101 views

In-depth analysis of the thread and process handle leak vulnerability on-vulnerability warning-the black bar safety net

Over the years, the author had to encounter and use some handle disclosure vulnerability. Of course, these processes are also particularly interesting, because not all handles have been awardedPROCESSALLACCESSorTHREADALLACCESSpermissions, so you want to successfully use, or to use their brains in...

7.2AI score
Exploits0
myhack58
myhack58
added 2019/08/14 12:0 a.m.101 views

HTTP/2 denial of service attack vulnerability alerts-a vulnerability alert-the black bar safety net

2019 08 on 13 the evening,the Netflix security team Google, the CERT / CC to Internet disclosure of the HTTP/2 Protocol in each of the middleware service implementation process appears in the DDoSdistributed-denial of service attackvulnerability issues. 0x01 vulnerability details HTTP/2in the RFC...

7.5AI score0.87806EPSS
Exploits1
myhack58
myhack58
added 2019/04/01 12:0 a.m.101 views

TP-Link SR20 router 0 day vulnerability-a vulnerability warning-the black bar safety net

Google security developer Matthew Garrett found the TP-Link SR20 smart home router There 0 day arbitrary code execution vulnerability in the same network an attacker can exploit the vulnerability to root access to execute arbitrary commands. Garrett said public vulnerability is due from him to th...

0.9AI score
Exploits0
myhack58
myhack58
added 2016/12/09 12:0 a.m.101 views

Security researchers found that attack kits favorite Flash Player security vulnerabilities-vulnerability warning-the black bar safety net

By RecordedFuture a new study suggests that, due to its vulnerability, Flash Player will continue to the global computer at risk, cybercriminals are still looking for the Adobe solutions among the security flaws to the invasion of the computer. This year the exploit kit used by the top 10...

9.3CVSS0.6AI score0.93165EPSS
Exploits10
myhack58
myhack58
added 2019/02/28 12:0 a.m.100 views

Chrome by opening the pdf file information disclosure 0day warning-vulnerability warning-the black bar safety net

0x00 vulnerability background GMT 2 May 28, 360CERT monitoring to edgepot. io published a blog post publicly disclosing the Chrome by opening the pdf file leaked information of 0day vulnerabilities, the vulnerability is successfully exploited can lead to the target user IP address and other...

7AI score
Exploits0
myhack58
myhack58
added 2017/04/07 12:0 a.m.100 views

Using the memory corruption vulnerability in the Python sandbox escape-vulnerability warning-the black bar safety net

Simply skip the text the author's README, we directly enter into the technical details. The Python environment using a custom whitelist/blacklist programs to prevent access to dangerous built-in functions, modules, functions, etc. Based on theoperating systemthe isolation provides some additional...

8AI score
Exploits0
myhack58
myhack58
added 2016/11/02 12:0 a.m.100 views

DirtyCow Linux privilege escalation vulnerability analysis CVE-2 0 1 6-5 1 9 5-the vulnerability warning-the black bar safety net

0x0 overview DirtyCow vulnerability is the recent burst of the Linux kernel local elevation of privilege vulnerability. The vulnerability is easy to trigger the use of simple and stable, the impact of multiple systems be considered a good vulnerability. But the vulnerability has existed for many...

7AI score
Exploits0
myhack58
myhack58
added 2012/03/03 12:0 a.m.100 views

phpcms-exp 0day-vulnerability warning-the black bar safety net

Reprinted from dis9.com ---------------------- ? php errorreportingEERROR; settimelimit0; $keyword=’inurl:about/joinus’ ; // batch keywords $timeout = 1; $stratpage = 1; $lastpage = 1 0 0 0 0 0 0 0; for $i=$stratpage ; $i=$lastpage ; $i++ $array=ReadBaiduList$keyword,$timeout,$i; foreach $array a...

7.2AI score
Exploits0
myhack58
myhack58
added 2019/01/29 12:0 a.m.99 views

360 Code Guard help D-LINK to fix multiple high-risk vulnerability brief technical analysis-vulnerability warning-the black bar safety net

Recently, the 360 Enterprise Security Group Code Guard team of security researchers found that the Friends newsD-LINKthe company's product line DIR-619, THE DIR-605 series routers and two high-risk security vulnerabilityCVE-2018-20056 and CVE-2018-20057, and the first time to the Friends of the...

9CVSS9.5AI score0.07396EPSS
Exploits2
myhack58
myhack58
added 2017/08/20 12:0 a.m.99 views

Remember once for Twitter Periscope API interesting digging experience-vulnerability warning-the black bar safety net

! Recently, I was on Twitter the Periscope service found a loophole. This is a CSRF(cross-site request forgery)vulnerability, although this vulnerability is not considered high-risk vulnerabilities, but found that the vulnerability of the whole process I think is very worth to share with you. Jus...

0.1AI score
Exploits0
myhack58
myhack58
added 2012/05/24 12:0 a.m.99 views

Neusoft University digital campus platform upload vulnerability and solution-vulnerability warning-the black bar safety net

Upload the script to write directly in the html code, The local configuration upload form to bypass. Detailed description: East Soft of the digital campus platform for colleges and universities to achieve a unified portal Platform Management, Unified identity management, and unified data standard...

0.3AI score
Exploits0
myhack58
myhack58
added 2019/07/23 12:0 a.m.98 views

See how I found Bol. com website the XXE vulnerability and successfully exploited-vulnerability warning-the black bar safety net

In a previous report, we learned a lot about in the visitor's browser to execute code knowledge; reflection typeXSSand a storage typeXSS. In addition, we also quickly see the error configuration of the server settings and Open Redirect open-type redirect to. Today, we will explore how from the...

7.3AI score
Exploits0
Total number of security vulnerabilities5000