IOT security: LED lights there are multiple security vulnerabilities-vulnerability warning-the black bar safety net

Recently, there are foreign security experts found Zengge company WIFI LED lamp in the presence of a plurality of security vulnerabilities. Shenzhen levy Aurora Mega science and technologyZENGGE is a set of LED Controller product development, manufacturing, sales and engineering design,...

Node.js facing two important security vulnerabilities, plans next week to repair-vulnerability warning-the black bar safety net

Node.js the Foundation disclosed a denial of service and a bounds access vulnerabilities, plan next week to provide a patch upgrade fixes two critical vulnerabilities. Node.js Foundation today released the announcement, the most popular server-side JavaScript platform contains "a high-strength...

Social networking site LinkedIn（LinkedIn）repair help at the center of the XSS-vulnerability warning-the black bar safety net

LinkedIn developers in this week and fixed a stored cross site scripting vulnerabilities, a hacker use it in the LinkedIn help forum to spreadXSSworms. Science LinkedIn is committed to global professionals to provide a communication platform, and to help them do more with less, to play Director...

Chrome 0day so that millions of Android devices suffer from a remote threat-vulnerability warning-the black bar safety net

! From China qihoo 3 6 0 security researcher Guang Gong in the latest version of the Android platform, Chrome browser found a serious 0day vulnerability, which allows attacker to obtain the victim's cell phone the full administrator access, and the vulnerability of the use of the code to be able ...

iOS then exposed a major BUG, a hacker can monitor the iPhone phone and SMS-vulnerability warning-the black bar safety net

Apple each time you upgrade the iOS system will have a lot of BUGS need to be fixed, but some of the content irrelevant, but there are also very awsome. For example, recently a new vulnerability, hackers can take vulnerability to remotely control and monitor your iPhone. According to Zerodium tea...

Than the gourd baby is also scary Baidu full system APP SDK vulnerability – WormHole wormhole vulnerability analysis report-vulnerability warning-the black bar safety net

Than the gourd baby is also scary Baidu full system APP SDK vulnerability – WormHole wormhole vulnerability analysis report APP vulnerability discovery,Android reverse analysis bydroidsec ”You can’t have a back door in the software because you can’t have a back door that's only for the good guys....

Router drive Assembly NetUSB（CVE-2 0 1 5-3 0 3 6 remote code execution exp-vulnerability warning-the black bar safety net

This year in May, well-known router D-Link, NETGEAR, TP-LINK on the important drive components of the NetUSB was traced to the presence of serious remote overflow vulnerability, affecting millions of routing and embedded devices. NetUSB technology by Taiwanese companies profit code, KCodes develo...

Square Victoria O2O business system SQL injection vulnerability+XXE entity injection demo validation-vulnerability warning-the black bar safety net

Square Victoria O2O, the demo site address: http://o2odemo.fanwe.net/ /cpapi/qxtapi.php code area define"FILEPATH","/cpapi"; requireonce '../system/systeminit.php'; $ip = CLIENTIP; $xml = filegetcontents'php://input'; if$ip!=' 221.179.180.156' || $xml=="" header"Content-Type:text/html;...

Android vulnerability detection kit-vulnerability warning-the black bar safety net

Android Vulnerability Test Suite Android vulnerability detection kit, to encourage the open to collect data, help communities work together to maintain Android security. NowSecure has brought an App to check your Android device in the presence of vulnerabilities. ! Overview This tool is meant to ...

New vulnerability: the use of a browser Cookie to bypass HTTPS and steal private information-bug warning-the black bar safety net

! Recently, a presence in the major browsers Web cookies in a serious vulnerability is found, it enables secure browsing mode HTTPS is vulnerable to MiTM attacks. In addition, most of the Web sites and popular open source applications may contain Cookie injection vulnerabilities, including: Googl...

ZTE a station there is a command to perform a threat within the network-vulnerability warning-the black bar safety net

http://seecom.zte.com.cn/SmartTV/pcuserinitSubmit.action 好 老 的 洞 现在 还 存在 ! !...

Android 5. x-System-lock-screen bypass vulnerability, multi-vulnerability warning-the black bar safety net

Even if you use encryption the lock screen, the one present in Android 5. 1. 1 before the 5. x system vulnerabilities will also help an attacker to successfully bypass and get you phone access access. ! When your phone's camera app is in the active state, the hacker through the encrypted password...

Security researcher exposure FireEye core product 0day vulnerabilities-vulnerability warning-the black bar safety net

Recently, researchers Kristian Erik Hermansen from the FireEye core product found a 0day vulnerability will result in unauthorized file disclosure. He also provides a short trigger vulnerability of the examples and the user database file copy. In addition, he also disclosed selling three other...

Django arbitrary code execution vulnerability analysis-vulnerability warning-the black bar safety net

From Django SECTETKEY to code execution Django is a can be used to quickly build high-performance, elegant web platform by Python. The use of the MVC software design pattern, namely the model M, view V and the controller C. It was originally being developed for the management of the Lawrence...

Android devices frequently have pits: Certifi-gate vulnerability control-screen recording-vulnerability warning-the black bar safety net

! This month's black hat conference disclosure vulnerability Certifi-gate exposed android security repeatedly go wrong. The black bar safety net Encyclopedia: what is the Certifi-gate “Certifi-gate”is a vulnerability, this vulnerability exists in the Android phone remote support...

A null pointer vulnerability Protection Technology-primary-vulnerability warning-the black bar safety net

Safety history due to a null pointer brought the vulnerability and attacks are numerous, but because of its use of the programming skills required for analysis and protective to have higher requirements, so the domestic to the null pointer vulnerability and a discussion of the related art is not...

By hungry cryptography misuse of the actuator to bypass the defense talking about the android cryptographic vulnerability-the vulnerability warning-the black bar safety net

Cryptography is misused in the app is a big problem, almost all apk's checksum algorithm can be simulated Hungry the algorithm robustness and concealment was good, the proposed terms is in order to prove that the signature checking mechanism of the vulnerable Although presented to the hungry, but...

Hacking Team the new Flash 0day analysis-vulnerability warning-the black bar safety net

Following a few days ago from the Hacking Team found a flash 0day, Adobe released fixes, and be in the mail to find a flash 0day and. the readme in the description, scope of Adobe Flash Player 9+ 32/64-bit since Jun 2 0 0 6。 In Windows IE, in OS X and firefox can be executed directly on the...

Hacking Team Flash New 0Day exploit code analysis-vulnerability warning-the black bar safety net

The weekend early in the morning, you see the know Chong Yu on the microblogging said, the Hacking Team and leaked to the new Flash 0Day in the current measured. Thus the author download a copy of the exploit code, tested indeed in the latest version available, currently the official Adobe did no...

Adobe frequency existing 0day vulnerabilities is the Chinese hackers use-vulnerability warning-the black bar safety net

! This year 1 month Adobe is exposure found there is a not yet disclosed the new 0day vulnerability today, the company is also exposed 0day vulnerabilities, being a Chinese hacking group APT3aka UPSuse. It is reported that the 0day vulnerability is a United States security firm Fireeye in the...

IdeaCMS logic login bug, pass to kill 0day-vulnerability warning-the black bar safety net

Baidu keywords: Powered By IdeaCMS ! A successful landing ! You can also login does not exist the user ! Landing wooyunsec the user to the user database does not exist, you can still continue the landing） !...

on windows systems use the VS compiler to buffer overflow preventive measures-vulnerability warning-the black bar safety net

0x01 /GS --buffer security check If you use the/GS compile the program to insert code to detect possible overwrite the function return address of buffer overflows. If the occurrence of a buffer overflow, the system will display to the user a warning dialog, and then terminate the program. Thus, t...

From the client game bug looking of security risks-vulnerability warning-the black bar safety net

Although the now app development a growing trend in web applications, large-scale software also makes extensive use of the existing framework with the existing frameworks and engines improve, the vast majority of security issues have been resolved. But encountered some customization needs,...

PHP aeration DOS vulnerability may cause the CPU to fill involving multiple PHP versions-vulnerability warning-the black bar safety net

Recently, PHP is broke there is a remote DOS vulnerability, if the hackers use the vulnerability to construct the PoC to initiate a connection, easily lead to the target host CPU is rapidly consumed. This vulnerability relates to many PHP versions, and thus affect the range greatly. Vulnerability...

VMS users please note:Venom vulnerability than Heartbleed also risk-vulnerability warning-the black bar safety net

Data centers are mostly using the host system management program host hypervisior to isolate a single server to run multiple virtual machine instances, but this is the underlying structure, it is found that the presence of the 1 0 years of“virtual environments neglected of business operation”in t...

WordPress aeration stored XSS vulnerability, the impact of the 4. 2 and the following version-bug warning-the black bar safety net

The official WordPress in 4 on 2 1, released new version 4. 1. 2, wherein the mentioned fixes a serious memory typeXSSvulnerabilities. Soon someone shows vulnerability details. While the security research team Klikki Oy found in that new version XSSvulnerability a ThisXSSvulnerabilities appear in...

The world e-Commerce system Magento exposed a remote code execution vulnerability-vulnerability warning-the black bar safety net

eBay investment e-Commerce system of Magento on a global scale within a total of more than 2 4 0 0 0 0 merchant, is acclaimed the world's best e-Commerce system. However, the consistently low profile of Magento recently, but“with”will affect the world tens of thousands of merchant remote code...

MetInfo latest version of the arbitrary file read vulnerability warning-the black bar safety net

An attacker by submitting a carefully constructed parameters can get the server end of any file content! MetInfo 5.2 which is the current latest version include/thumb.php file originally used to get the thumbnail, but its structure is the thumbnail path to the presence of an external controlled...

Microsoft patch day 2015-4-14: the repair of many high-risk IE, Windows, Office vulnerabilities-vulnerability warning-the black bar safety net

Monthly the second Tuesday, Microsoft fixed the patch to fix the day, Microsoft on Tuesday（2015-4-14 the“patch day”on repairing a large number of vulnerabilities, which includes many IE, Windows, Office, high-risk vulnerabilities. Update announcement MS15-0 3 4 announcement MS15-0 3 4 announcemen...

Whitney Walton Internet behavior management system vulnerability packaged-vulnerability warning-the black bar safety net

Brief description: Contains a arbitrary File Download, 2 arbitrary code execution getshell, again without login. It is not individual to submit to be despised brush the hole, not continue to dig, and left to posterity to dig. Detailed description: A, arbitrary File Download Vulnerability file:...

AwSnap: let full-version-Windows, iOS, Android Chrome browser crash interesting vulnerability-vulnerability warning-the black bar safety net

A few weeks ago, we reported the 1 3 characters of the result in Chrome crash vulnerability. However, this vulnerability have a little regret, that is, it is only in the MAC OS X entry into force, the other system is not affected. Now, we have one of the more interesting vulnerabilities. Hackers...

BitTorrent Sync （peer-to-peer file synchronization system on there is a high risk of command injection vulnerability-vulnerability warning-the black bar safety net

According to HP 0day plans ZDI in last week's announcement that BitTorrent Sync on the presence of a high-risk vulnerability, an attacker can remotely execute arbitrary code. The black bar safety net science BitTorrent Sync is BitTorrent network technology company launched in multiple computers f...

A common system for the presence of SQL injection that involves governments, banks, businesses, and universities-vulnerability warning-the black bar safety net

Zhengzhou source Information Technology Co., Ltd. is a professional engaged in industry application software development, system integration and information security product development and production of high-tech enterprise and software enterprise, the company passed the CMMI3 level certificatio...

Format string vulnerability lab-vulnerability warning-the black bar safety net

A, experimental description Format string vulnerability is by like printfuserinputof such code is caused, where userinput is the user input data, having a Set-UID root privileges of such programs at run time, the printf statement will become very dangerous, because it may lead to the following...

Small ants camera commands to perform the patch bypass-vulnerability warning-the black bar safety net

The thing is, last week on the microblogging onlookers a safe laboratory and a factory camera in the tear forced war, saw the publication of an old version vulnerability suddenly shocked Ah, so you want to look at the people in the hands clutching that vulnerability is going around to ask for hel...

Firefox 3 1 to 3 4 remote command execution vulnerability analysis-vulnerability warning-the black bar safety net

0x00 Preface Some time ago, the brother in a lot of the browser in the script-level vulnerabilities upgrade for remote command execution, almost daily all over the market on all domestic browser, which has become many people relish topic. Indeed, in today's this underlyingsecuritygrowing...

Security vulnerability is the essence of myth of the battle to compile code-bug warning-the black bar safety net

0x00 Preface Currently more popular but also more efficient mining of vulnerabilities is Fuzzing, of course, this also needs to take the time to write Fuzzing programs. However, not every things are necessary to write Fuzzing programs,not every thing can go to Fuzzing, so still have to continue t...

Wave OA the platform there is a common SQL injection(sa permissions)lead Getshell-a vulnerability warning-the black bar safety net

POST /login. aspx HTTP/1.1 Content-Length: 3 4 2 Content-Type: application/x-www-form-urlencoded User-Agent: Googlebot/2.1 +http://www.googlebot.com/bot.html X-Requested-With: XMLHttpRequest Referer: http://124.133.235.142/ Host: 124.133.235.142 Connection: Keep-alive Accept-Encoding:...

The Hang Seng JRES platform registration vulnerability, you can hack the registry-the vulnerability warning-the black bar safety net

! plugin.jpg The eclipse-jres\plugins\com. hundsun. ares. studio. jres. register1. 1. 0. 2 0 1 2 0 8 2 9 1 4 0 8. jar to decompile,according to the com\hundsun\ares\studio\jres\register\RegisterUtil. the java file can get the registration file of the encryption way and key. The eclipse-jres\keys...

In-depth understanding of Google and Microsoft's controversial vulnerability: NtApphelpCacheControl vulnerability analysis-vulnerability warning-the black bar safety net

Causes:the The Google Project Zero team of budding member James Forshaw in 9 month 3 day 0 to Microsoft submitted the name“Windows: Elevation of Privilege inahcache. sys/NtApphelpCacheControl”security issues, and in Google's vulnerability disclosure period 9 0 days after, that is, 2 0 1 4 years 1...

Struts2 vulnerability analysis and research S2-0 0 5 vulnerability analysis-vulnerability warning-the black bar safety net

1, Overview S2-0 0 5 is due to the official patch S2-0 0 3 not fully lead to bypass the patch caused. We all know that access Ognl context object must use thesymbol, S2-0 0 3Number for the filter, but does not take into account the unicode encoding, resulting in\u0023 or 8-ary\4 3 bypass. S2-0 0 ...

WordPress 3.0-3.92 stored XSS vulnerability analysis&POC-vulnerability warning-the black bar safety net

! /Article/UploadPic/2014-11/2 0 1 4 1 1 2 7 1 0 5 7 1 6 1 1 7. png Overview: WordPress is a PHP language development blog platform, users can support PHP and MySQL database server set up your own website. You can also put WordPress as a CMS to use. Recently WordPress less than 3. 9 2 Version...

CVE-2 0 1 4-1 8 0 6 . NET Remoting Services vulnerability analysis-vulnerability warning-the black bar safety net

0x00 description Microsoft . NET Remoting is a distributed processing manner, there is provided a method that allows the object by the application domain with the other objects to interact with the framework. A few days ago James Forshaw posted a CVE-2 0 1 4-1 8 0 6 . NET Remoting Services exploi...

Bash broken shell vulnerability ShellShock and Transfiguration: for the mail server SMTP attack-vulnerability warning-the black bar safety net

Bash broken shell vulnerability, ShellShock, CVE-2 0 1 4-6 2 7 1 new using the method again! According to the Internet storm center SANS InternetStorm Center for the latest news: a broken shell vulnerability the latest The use of the method of initiation of a new round of attack is brewing, this...

Drupal 7.31 SQL injection vulnerability using detailed and EXP-vulnerability warning-the black bar safety net

Deliberately delayed a few days to put out this article and program, but looks like Drupal this hole did not cause much attention, so I didn't need to press not made, but to be honest this hole might quite large, of course, this is also Drupal itself is no surprise. 0x00 First of all, this...

Windows arbitrary code execution 0day（CVE-2 0 1 4-4 1 1 4）analysis report-vulnerability warning-the black bar safety net

Tomorrow release patch windows all platforms all can trigger the OLE package Manager the INF arbitrary code execution vulnerability, CVE-2 0 1 4-4 1 1 4 in. The vulnerability affects Windows vista,win7 and aboveoperating system, the use of the Microsoft document you can trigger the vulnerability,...

CrowdStrike: how we found Win64bit mention the right to 0day Vulnerability CVE-2 0 1 4-4 1 1 3-vulnerability warning-the black bar safety net

! Attackers often use known privilege escalation vulnerabilities to gain administrator-level access, and hack the direct use of the 0day vulnerability to attack is very rare. Recently, CrowdStrike team CrowdStrike Falcon Host is an Endpoint Threat Detection & Response monitoring to Win64bit2008 R...

CmsEasy multiple arbitrary file deletion to Getshell-a vulnerability warning-the black bar safety net

CmsEasy multiple arbitrary file deletion can directly delete the waf, the Getshell so Easy! Detailed description: CmsEasy in the background permission to verify the presence of defects, resulting in the landing of the bypass, and override the operation of the background. 1, in the background logi...

Ecmall Sql injection first watches. - Vulnerability warning-the black bar safety net

Brief description: Hit a patch try. Detailed description: In the app/message. app. php function drop $msgids = isset$GET'msgid' ? trim$GET'msgid' : "; if !$ msgids $this-showwarning'nosuchmessage'; return; $msgids = explode',',$msgids; $modmessage = &m'message'; foreach $msgids as $key=$msgid...

Joomla! Spider Contacts 'index.php' SQL injection vulnerability-vulnerability warning-the black bar safety net

Affected system: Joomla! Spider Contacts = 1.3.6 Description: BUGTRAQ ID: 6 9 7 5 7 Joomla! Spider Contacts is a Joomla! An extension, you can easily manage contact information. Spider Contacts 1.3.6 and earlier in the realization of the presence ofsql injectionvulnerabilities successfully...