Tencent's online security check controls the overflow analysis(not running it)-vulnerability warning-the black bar safety net

Software files: TSOBase. ocxUPX shell Software name: Tencent Online Safety Center Software description: Tencent's online security check controls Software version: 2 0 0 6, 1 2, 2 0, 4 Test platform: VC6+xp sp1 Affirm: This article is only for learning and exchange with,all the consequences of the...

Thirteen WebShell login password encryption and decryption-bug warning-the black bar safety net

Dim theStr theStr = InputBox "please enter encrypted password:", "input", "NetPatch" If theStr "" Then Call InputBox"Please copy that has been encrypted good string",,SerinftheStr,8 8 End If Function Serinfgetstr, Pos Dim i, newStr For i = 1 To Lengetstr newStr = newStr & AscMidgetstr, i, 1+Pos &...

Testing a Web application, whether there is cross-site scripting vulnerability-vulnerability warning-the black bar safety net

So far, for cross-site scripting attack has the very big threat that we no objection to it. If you are proficient with XSS and just wanted to see what test methods are available to draw on, then please skip directly to the article of the test section. If you know nothing about this, follow the...

What makes the“Baidu”cross-site—INPUT the XSS works and the idea of parsing-vulnerability warning-the black bar safety net

Article author: lszm Technical team: fooling around with the client information security team www.xaqd.net The Western Union network security group http://bbs.zmke.com What is the INUPT XSS which for many people is perhaps a new term it! INPUT XSS related to the use of one of the earliest to appe...

About the rankings, flow of classic talk-vulnerability warning-the black bar safety net

If you want to achieve better rankings. A lot of friends by learning to SEO optimize your own website, the result is not too ideal. Thus, continuous optimization, until it is sealed, and then blame SEO's unreasonable. The actual my own experience, say it, everyone learning from each other. About...

EXE file into DOC File format method-vulnerability warning-the black bar safety net

This conversion is not is the file format changes,just put an EXE file connected in a DOC file at the end of it,this DOC file is of course not a different WORD document., the document contains a macro statement,can be in when running the connector in its own file at the end of the EXE file data...

VBS script in system security in eight the clever application-vulnerability warning-the black bar safety net

VBS script virus a large number of popular brings us to the VBS function with a new understanding, now everyone on the it also began to pay attention to it. VBS code in local is by the Windows Script HostWSHinterpreter execution. VBS script to perform without the WSH, the WSH is Microsoft offers ...

phpBB can be used as HTTP proxy with vulnerability-vulnerability warning-the black bar safety net

Affected system: phpBB Group phpBB 2.0.20 Description: -------------------------------------------------------------------------------- BUGTRAQ ID: 1 7 9 6 5 phpBB is a PHP language implementation of a Web-based open source Forum program, the use of more widely. It supports multiple databases as...

SQL Server users and permissions-bug warning-the black bar safety net

Note: would like to this article dedicated to my father and mother, thank them for me over the years of parenting grace. Original statement: China dark domain network technology information Station the original article, The author ice blood sealing caseEvilOctal, reproduced please renowned...

Use Radmin and comay within the network of the secondary trial the domain of remote control LAN computer-vulnerability warning-the black bar safety net

Before then Always wanted to use a software to remote access internal LAN computers, but some of the reverse connection remote control software not not very good, is not powerful enough to. Radmin in the remote control software inside can be said that various aspects are relatively good, but he h...

Construct a special file name to bypass multiple anti-virus engine-vulnerability warning-the black bar safety net

The author of the article: root webmasteratxfocus.org Category: design error Threat level: medium BUGTRAQ ID: 1 5 4 2 3 Affected by the anti-virus engine: Kaspersky Antivirus Symantec AntiVirus F-Prot Antivirus ClamWin Antivirus Avast Antivirus RAV AntiVirus Microsoft AntiSpyware Tested version:...

Attack Log analysis Chapter of the IIS&Apache-vulnerability warning-the black bar safety net

Source: thehackingthe defense of Each network of the most dark time isServiceis after the attack of the helpless, in fact, serviceis suffered after the attack, theserviceis the recording file detail record. hackactivity of the clues. Here, I introduce two kinds of common web pageserviceis the mos...

Super dove gray vip2005 detector detection principle of a simple analysis-vulnerability warning-the black bar safety net

The Preface of the new gray pigeons always give people everywhere the feeling, own it worked in the friend of the host met several times,each time can only be manually determined and clear. Looking at this detector for a little test. The effect is very good, it creates a want to know how she...

Microsoft Exchange Server Static Key Defect Causes Remote Code Execution Analysis(CVE-2020-0688)-Vulnerability Warning-Black Bar Safety Net

In the latest Microsoft Monthly patch released in February 2020, Microsoft released an important patch to fix a remote code execution vulnerability in Microsoft Exchange servers.The vulnerability, reported to us by an anonymous researcher, affects all supported versions of Microsoft Exchange...

Can lead to millions of player accounts to be hijacked: EA Games account hijacking vulnerability analysis-vulnerability warning-the black bar safety net

One, overview In the past few weeks, Check Point Research and CyberInt common to confirm a series of vulnerabilities, and these vulnerabilities once an attacker might cause the world's second-largest game company EA Games to millions of players accounts being taken over. At the same time, these...

Shocked! Google not going to fix the Chrome in the RCE vulnerability-vulnerability warning-the black bar safety net

Chrome 60 before all the old versions are affected by a remote code execution vulnerability. An anonymous researcher through Beyongd Security's SecuriTeam secure disclosure program will issue to inform Google. Google responded that it does not plan to solve this problem, because it does not affec...

In the picture, the added noise will be able to fool Google's best image recognition AI-vulnerability warning-the black bar safety net

! Recently, a group from the University of Washington, network security lab NSL's computer experts found that a malicious attacker can trick Google's CloudVision API, this will cause the API to the user-submitted images were incorrectly classified. In recent years, based on the AI of the image...

Microsoft reproducing the large-scale vulnerability of the global 750 million computers or hacking-vulnerability warning-the black bar safety net

Due to the invasion by the United States NSA and blow the hacker group Shadow Brokers, at 4, on 14 January evening once again released a series of heavy files. Burst for Microsoft Windows System a large number of remote vulnerabilities using the tool, the impact of including Windows XP, Windows 7...

LastPass Password Manager and then exposed a serious vulnerability, the browser-based Password Manager can also be used? - Vulnerability warning-the black bar safety net

No use cryptographic software before, we easily forget the password; use password software, we“reluctantly”leak the All password. LastPass, the popular password management software, recently again broke security vulnerabilities. Security personnel found in LastPass Chrome and Firefox 4.1.42 versi...

WordPress plugin vulnerabilities affect over 100 million websites-vulnerability warning-the black bar safety net

As our Sucuri firewallWAF, vulnerability research part of the project, in order to find the existence of security issues, we have audited the plurality of open source projects. When audit WordPress“NextGEN”Gallery plugin, we found a seriousSQL injectionvulnerabilities. The vulnerability allows an...

Roundcube1. 2. 2 by email command execution vulnerability analysis-vulnerability warning-the black bar safety net

Foreword Roundcube is an open source web version of the email software, which are widely distributed, many of the world's organizations and companies are in use. From ScourceForge the mirror view, the past 1 years it has 26 million downloads, this is still just the actual user in a small part. As...

Linux kernel flaw hack obtain Server Control permissions-bug warning-the black bar safety net

Security researchers said that the average user can use three security flaws to get to theLinux serveror workstation. Two defects exist in the Linux kernel memory management module. According to the Polish security vendor iSEC security information company in the local time this Wednesday the...

GNU tar extract-path bypass vulnerability analysis CVE-2 0 1 6-6 3 2 1-the vulnerability warning-the black bar safety net

0x00 summary The GNU tar documentation Management Command is a linux system used a packaged, compressed command, the CSS（FSC1V Cyber Security Services team of researcher Harry Sintonen discovered that the tar command in decompress the When the presence of a path name bypass vulnerability, in some...

Swiss Star: extortion virus is a new variant after the poisoning 1 0 5 4 full file encryption-vulnerability warning-the black bar safety net

Recently, the rising“cloud security”system intercepted a new type of blackmail Virus, the virus encrypts files up to 1 0 5 4, file Unified encryption for. encrypted format, thus a ransom of 1 bitcoinabout RMB 4 5 0 0 Yuan. If the user is not within the prescribed time hack payment, the encrypted...

discuz the latest version 2 0 1 6 0 6 0 1 SSRF vulnerability analysis and solution-vulnerability warning-the black bar safety net

References SSRF to GET the SHELL tick:the tick-2 0 1 5-0 1 5 1 1 7 9 Vulnerability poc Visit: /forum. php? mod=ajax&action=downremoteimg&message=img=1,1http://23.88.58.149/1.jpg/img&inajax=1&fid=2&wysiwyg=1&formhash=ead1f9a6 Need to bring formhash, you can also post mode request. discuz have a...

PHP 7 is due. 0. 0 format string vulnerability with the EIP hijack analysis-vulnerability warning-the black bar safety net

PHP 7 is due. 0. 0 this format string vulnerability is 1 5 year 1 2 On On exploit-db. When found, the author in Beijing to the North-East of a information security company to work, then busy, and failed to delve into it. In recent days inadvertently saw this vulnerability and found this...

PHP 7 is due: the deserialization vulnerability case studies and analysis,-vulnerability warning-the black bar safety net

Leak the pointer In a typical PHP-5 deserialization of use, we will use a dispenser to cover a pointer to the string contents of the pointer, thus reading the next stack slot. However, in PHP-7,The internal string representation is different. In PHP-7, The basic structure of the struct zval...

Lenovo Notebook now UEFI zero-day vulnerabilities the hacker can be attack-vulnerability warning-the black bar safety net

According to foreign media reports, the Security Institute Dymtro Oleksiuk said that hackers can bypass Windows basic security Protocol of the United Nations want the computer to attack, the reason is Lenovo PC drivers from Intel directly copy and paste. And other OEM vendors such as HP also exis...

Wget Vulnerability CVE-2 0 1 6-4 9 7 1-way analysis-vulnerability warning-the black bar safety net

Vulnerability description Recently, the CVE-2 0 1 6-4 9 7 1 bug was officially disclosed, the vulnerabilities affect all older versions of wget, a hacker can exploit this vulnerability to programmers and operations engineers for fishing, so as to obtain its host authority or implant rootkits...

CVE-2 0 1 4-6 3 5 2 vulnerability and targeted attacks sample analysis-vulnerability warning-the black bar safety net

Primer People do,day in look. Recent 3 6 0 days eye the lab captured an example for India the orientation of the attack of the sample,the sample advantage of the sandworm vulnerability patch bypass Vulnerability CVE-2 0 1 4-6 3 5 2,was analyzed after confirmation, we think this is Trend Micro in...

CVE-2 0 1 6-2 5 6 3 vulnerability analysis and exploit-vulnerability warning-the black bar safety net

0x01 vulnerability description Using putty's pscp components can achieve the Windows and theLinux serverbetween the remote copy of the file. Recently 3 to on 7, broke the pscp in the presence of a buffer overflow vulnerability, when from the server-side copy of the file, the pscp client the sscan...

Attention! Struts 2 s2-0 3 2 remote code is again a wave of black rhythm-vulnerability warning-the black bar safety net

1. Description: Struts 2 is the Struts of the next generation of products, is in the struts 1 and WebWork technology based on a merge of the new Struts 2 framework. Its brand new Struts 2 architecture and Struts 1 architecture the difference is huge. Struts 2 with WebWork as the core, using the...

Safety warning: JBoss application platform, the back door leads to about 3 2 0 million Server threats with detection and the use of tools-vulnerability warning-the black bar safety net

The cause of the incident is that the recent ransomware event a large number of diffusion caused by Cisco security researchers noted that, after its security researchers survey analysis found that, among a large number of cases because the attacker uses the JBoss Java application platform...

CVE-2 0 1 6-1 4 9 4 (python – rsa)vulnerability details-vulnerability warning-the black bar safety net

0×0 1 Overview CVE-2 0 1 6-1 4 9 4 vulnerability is about the Python-rsa signature forgery. In certain cases, can be forged a python rsa library to generate the signature information. But the premise needs an RSA public key exponent value e is small, the following are to e=3 discussion. A digital...

OpenSSL CVE-2 0 1 6-0 8 0 0 and CVE-2 0 1 6-0 7 0 3 bug fixes the details of pick-up fun-vulnerability warning-the black bar safety net

! /Article/UploadPic/2016-3/201633103039309.jpg by 3 6 0 information security unit－ au2o3t@3 6 0 CloudSec Team 1. Primer Have been recently and 3 6 0 Nirvan Team DQ430 happy to participate in a encryption vendors of the annual General meeting, the results of openssl is also out of touch lively,...

New php vulnerability discovery of the debug result of the security vulnerability, Edusoho-a vulnerability warning-the black bar safety net

Modern cms framework laraval/symfony/slim, leading to today's php vulnerability appears point, principle, using method, has undergone some changes, this series can hope to summarize their excavation of such a cms vulnerability. Today this vulnerability is Edusoho a user table dump vulnerability...

Google Finance was traced to reflected File Download(RFD)vulnerabilities-vulnerability warning-the black bar safety net

! A Portuguese network security expert David Sopas found the impact of Google Finance a reflected File DownloadRFDvulnerabilities. I'm in audits of other clients time to discover this vulnerability, through RFD, you need to establish a page to force the download. This Google JSON file of the...

Cisco Jabbar chat client vulnerability to man in the middle attacks-vulnerability warning-the black bar safety net

Cisco released an official announcement that its chat clients Jabbar in the presence of security vulnerabilities, vulnerable to a middleman attack. The vulnerability exists on the Windows platform-Jabbar, an unauthorized remote attacker can exploit the vulnerability to implement STARTTLS downgrad...

CVE-2 0 1 5-6 9 7 1: the Lenovo System Update component vulnerability analysis-vulnerability warning-the black bar safety net

In the last 7 months, Lenovo a large number of system updates, software vulnerabilities let a person Shine at the moment. Lenovo this spring to fix the first vulnerability, I decided to learn more about these patches to verify the presence of these vulnerabilities. The results I found a related...

Well-known Forum systems MyBB is burst 0day vulnerabilities-vulnerability warning-the black bar safety net

MyBB is very good Free Forum software, the biggest feature is simple but the functionality is surprisingly powerful. Multi-language support, may be respectively provided at the front Desk the background of the language, each user can set their own use what kind of language to access the forums,...

How the invasion of the Pocket within the network-vulnerability warning-the black bar safety net

Let's black IT security recently reported, the Pocket application's developers recently fixed a few leaked data a vulnerability, hackers may be from the server, obtain sensitive information. Here offer tutorials for everyone to learn and exchange. The Pocket is what I have many years did not put...

Early into the flash vulnerability analysis-vulnerability warning-the black bar safety net

Cut-off date by hackting team leaks the derived has been patched or will be patched 0day has reached 6 months. 3 by the ValueOf function induced flash vulnerabilities, 2 ring0 can lead to mentioning the right of the font parsing vulnerability, adobe or. dll kernel font parsing components, as well...

The star outside the host across the web catalog file read vulnerability-vulnerability warning-the black bar safety net

Recently encountered more and more are the star outside the host..a variety of balls.. The clouds broke, the stars outside the cross-the directory to read the file this vulnerability to bring a lot of convenience, so in this recording it for later reference use. Detailed description: The problem...

Mac 3 6 0“MacKeeper”exposure arbitrary code execution vulnerability-vulnerability warning-the black bar safety net

Believe Mac users must have seen Mackeeper ads--this is a Mac OS system optimization software, set anti-virus, encryption, data backup, system clean-up and software uninstall the All in one, can be considered to be Mac under 3 6 to 0. 5 December 7, Mackeeper is found that there is a serious...

U-Mail mail system bulk getshell（truly unlimited, no General account-the vulnerability warning-the black bar safety net

The mail system is there any user login, and the presence of injection, which can be unlimited perfect getshell（getshell process only takes three simple. Mad Dog, this is not struck by lightning while waiting to be burst chrysanthemum. Detailed description: 1. Mail System Description 1 Official...

A preliminary understanding of the stack overflow vulnerability-vulnerability warning-the black bar safety net

1. What is the stack for? The stack is a mechanism that computers use to pass arguments to the function, can also be used to put into local function variables, function return address, it's purpose is to give a program a convenient way to access specific function of the partial data and from the...

Breakdown of the Android system those DOS vulnerability-vulnerability warning-the black bar safety net

0x00 Preface The Android system there are some vulnerabilities can lead to system reboot, of course, allow the system to restart just a phenomenon, these vulnerabilities there may also be elevation of Privilege, execution code, etc. This article to restart this phenomenon is the basis for...

Android HTTPS MiTM hijacking vulnerability analysis-vulnerability warning-the black bar safety net

The 1. Android HTTPS MiTM hijacking vulnerability description In cryptography and computer security field, the man in the middle attacks Man-in-the-middle attack, often abbreviated as MITM refers to an attacker with the communications at both ends, respectively, to create the separate contact, an...

ECStore open source online shop system arbitrary file modification vulnerability to get shell-vulnerability warning-the black bar safety net

Brief description: Template Edit in the file edit function, to edit the file limit is not strict, the result may be to modify the system in the presence of any file Detailed description: File editing function, select To modify the file, where the selected image template file, then upload the...

FLASH, CVE-2 0 1 5-0 3 1 3 분석(analysis)-vulnerability warning-the black bar safety net

This year 2 Month 2 day,Trend Micro found the Flash 1dayCVE-2 0 1 5-0 3 1 3 A. This with the earlier analysis of the cve - 2 0 1 5 – 0 3 1 1 vulnerability are equally UAF types. By domainMemory referenced memory will be freed,so that by the Read-Write memory to execute arbitrary instructions. The...