Windows Remote Desktop vulnerability Esteemaudit（CVE-2017-9073 patch brief analysis-vulnerability warning-the black bar safety net

In the last month, we have for the equation of the tissue is the leakage of ESTEEMAUDIT vulnerability, wrote a brief analysis, and until we found this exploit only applies to join the Windows domain the computer front, we are trying to reproduce this issue, but relatively speaking, writing the...

TP-Link WR841N router arbitrary code execution vulnerability analysis-vulnerability warning-the black bar safety net

One, Foreword Recently, we at TP-Link WR841N V8 router has discovered two vulnerabilities, the use of these two vulnerabilities, we can in this paragraph on the router the implementation of our custom code. With the manufacturers friendly consultations after them in the new router firmware fixes...

Wannacry depth of analysis: the first stage tasksche-vulnerability warning-the black bar safety net

WannaCry ransomware is a 2017 of the most popular ransomware, which uses a Microsoft vulnerability in the global range attacks make the world more than 100 countries, hundreds of thousands of users by the impact. Has a global range of network security education for all. As a security industry...

Subaru car software vulnerability analysis—never a failure of token-vulnerability warning-the black bar safety net

Not long ago, one from California car, information security researcher Aaron Guzman, in Australia, held a computer security conference to introduce a black into the Subaru car of the method. In his own 2017 Subaru WRX STI was found in a surprising number of software vulnerabilities, through these...

NSA Arsenal of Eclipsedwing reproduce-bug warning-the black bar safety net

Blurbs From the shadow Brokers published the NSA leaks tool, and the brightest great God continually published leaked tool various exp reproduction process, and WannaCry, the EternalRocks ransomware virus is raging, no one do not exhibit leakage of the tools of power, but the leaks tool in light...

4G VoLTE the presence of the vulnerability can cause the phone user's location and other personal information disclosure-vulnerability warning-the black bar safety net

! In recent years, 4G VoLTE in the global field of mobile communications is increasingly popular popular, has now become the most European Region and Asian countries of the trend. And recently, the French security company P1 security by reporting a detailed list of a long string on 4G VoLTE call...

Linux heap overflow of Fastbin Attack examples detailed explanation-vulnerability warning-the black bar safety net

1. Summary In recent years the large CTF game, see a lot of times pwn the category title appears in the fastbin attack of the case, such as this year's defcon, the RCTF, the fat Hubble Cup, 0CTF final, etc., fastbin attack is a heap exploits are common, easy-to-use and effective attack, in the...

“Phoenix Talon”in the Linux Kernel —lurking for over 11 years, the kernel vulnerability-vulnerability warning-the black bar safety net

! About “Phoenix Talon” 2017 5 November 9, qimingxing e ADLab found that the Linux kernel there is a remote vulnerability“Phoenix Talon”the Phoenix claw fourth toe of Italy, and relates to CVE-2017-8890, CVE-2017-9075, CVE-2017-9076, CVE-2017-9077, can affect almost all Linux kernel 2.5.69 Linux...

Auto-binding vulnerabilities and Spring MVC-vulnerability warning-the black bar safety net

Today to introduce a not very well-known vulnerability—auto binding vulnerability, or referred to as mass assignment in. Automatic binding capabilities in many of the frameworks are achieved, it allows the framework to automatically convert the HTTP request parameter bound to the object and to...

Windows System there is a“cannot fix”security vulnerabilities-vulnerability warning-the black bar safety net

Recently, Microsoft for Windows Defender introduced a few patches to address the possible exposure to the Windows users of the vulnerability, but the fact that Microsoft needs to do better, because anti-virus software will still encounter some of the remote code execution vulnerability. One...

Lurking for over 11 years, the Linux kernel vulnerability”Phoenix Talon”exposure-vulnerability warning-the black bar safety net

! Early last month, qimingxing e ADLab presented four exist in the Linux kernel of the remote vulnerability, and the name“Phoenix Talon”; wherein a vulnerability is a seriousCriticallevel, the other three as high-riskHigh. Yesterday ADLab published in which seriousCriticalvulnerabilities relevant...

The [vulnerability analysis] MS17-010: an in-depth analysis of the“eternal blue”vulnerability-vulnerability warning-the black bar safety net

Background From EternalBlue this Exploit is the shadow broker published on the Internet, it has become a“star”. In the past the middle of May, this Exploit is more malicious software use. Including raging WannaCryp0t, no files of the ransomware UIWIX and SMB worm EternalRocks it. EternalBluein...

Apache Commons Fileupload 1.3.1 DOS(CVE-2016-3092)-vulnerability warning-the black bar safety net

Last year the commons-fileupload official announcements Commons Fileupload of a security vulnerability CVE-2016-3092, in the Commons FileUpload 1.3.2 repair. because at that time the security components use the Commons FileUpload 1.3.1 release, so with a bit of this vulnerability. Shortly before...

Automated mining Windows kernel information disclosure vulnerability-vulnerability warning-the black bar safety net

2017 6 on patch day, to fix up before we report 5-a kernel information leak vulnerability , the end of the article have details. The year before I demonstrate how to use JS to fuzz the kernel, today we want to bring to you is not dependent on the fuzz, and to automate the mining kernel...

【Major vulnerability warning】Windows two critical remote code execution vulnerability-vulnerability warning-the black bar safety net

Microsoft 6, on patch day the disclosure of the two being the use of a remote code execution vulnerabilityCVE-2017-8543Windows Search remote code execution vulnerabilityCVE-2017-8464LNK file shortcut remote code execution vulnerability. Vulnerability name: Windows Search remote code execution...

The butterfly effect and the program error---a slag-hole the use-vulnerability warning-the black bar safety net

Description A South American Amazon Basin rainforest butterfly, occasionally flapping a few wings, maybe in Texas cause a tornado? This I'm not sure I can determine is the program of any one of the minor errors after amplification are possible for the program to produce disastrous consequences...

Bluetooth App vulnerability series analysis II CVE-2017-0639-vulnerability warning-the black bar safety net

Author: heeeeen Belongs team: MS509Team 0x01 vulnerability profile Android this month's security Bulletin, the repair we discover another Bluetooth App information disclosure vulnerability that could allow an attacker to obtain the bluetooth owned by the user private files, bypassing the...

Windows 10 the next MS16-098 RGNOBJ integer overflow vulnerability analysis and exploit-vulnerability warning-the black bar safety net

This article with reference to , the text talked about the Windows Kernel Pool Feng Shui, SetBitmapBits/GetBitmapBits to any address read and write, etc. the use of Means, and very helpful in learning the Windows kernel exploits. Test environment: Windows 10 1511 x64 Professional Edition2016.04 2...

SambaCry exploit analysis-exploit warning-the black bar safety net

“2017 5 May 24, Samba released a 4. 6. 4 version, in the middle fix a serious remote code execution vulnerability, the vulnerability number CVE-2017-7494, the vulnerability affects Samba 3.5.0 after to 4. 6. 4/4. 5. 10/4. 4. 14 in the middle of all versions. SambaCry vulnerability is a scale spre...

Motorola G4 & G5 mobile phone was traced to the presence of high-risk kernel command line injection vulnerability-vulnerability warning-the black bar safety net

In a previous article about the Nexus6 root vulnerability in the article, we had mentioned Vulnerability CVE-2016-10277 will likely affect the Motorola device. When we on Twitter by some of the relevant reports after the fact to prove our previous conjecture. In order to prove that Motorola devic...

Ghost to reproduce: part of the WiMAX routing device to authenticate the existence of the bypass and back door vulnerability-vulnerability warning-the black bar safety net

The SEC's security personnel in some of the WiMAX router on found a vulnerability, this vulnerability allows an attacker to change the router administrator password, and then get on the vulnerabilities of the device control. Worse, if an attacker took control of these contains a vulnerability in...

Spring WebFlow remote code execution vulnerability analysis(CVE-2017-4971)-vulnerability warning-the black bar safety net

In order to better and the majority of security enthusiasts, we build a community, the community mainly focused on the threats found and security data analysis and other fields, we hope to have more friends to join, together with the analysis of knowledge and common progress. Community address: ,...

Apache Tomcat security restrictions bypass Vulnerability, CVE-2017-5664-a vulnerability warning-the black bar safety net

Apache Tomcat security restrictions bypass Vulnerability, CVE-2017-5664） Release date: 2017-06-12 Update date: 2017-06-12 Affected system: Apache Group Tomcat 9.0.0. M1-9.0.0. M20 Apache Group Tomcat 8.5.0-8.5.14 Apache Group Tomcat 8.0.0. RC1-8.0.43 Apache Group Tomcat 7.0.0-7.0.77 Description:...

CVE-2017-4971: Spring WebFlow remote code execution vulnerability analysis-vulnerability warning-the black bar safety net

Spring severe of these vulnerabilities have traditionally not too much, before the more serious that problem is Spring's JavaBean automatic binding function, the result can be control class, which can lead to the use of certain characteristics of the execution of arbitrary code, but that...

No credentials of the cases, the attacker will be able to login to FreeRADIUS-vulnerability warning-the black bar safety net

Recently, from the Luxembourg RESTENA the security research expert Stefan Winter in the current world's most popular radius server found a TLS authentication bypass vulnerability. ! FreeRADIUS is currently the world's most popular RADIUS server, in fact the vast majority of the radius server is...

In-depth understanding of the JAVA deserialization vulnerability-vulnerability warning-the black bar safety net

1.Java serialization and deserialization Java serialization refers to the Java object is converted to byte sequence of the process easy to save in memory, a file, a database, the ObjectOutputStream class's writeObjectmethod can be implemented serialized. Java deserialization refers to the sequenc...

IBM finally about 9 months before the discovery of the serious vulnerabilities published mitigation scenarios! But white hat heart wronged-vulnerability warning-the black bar safety net

! Recently, IBM finally for its software product in 9 months ago was discovered a serious vulnerability released a fix it solution, the vulnerability exists in the IBM enterprise backup software, using the vulnerability, an attacker from the local network of the IBM spectrum series data storage a...

CVE-2017-0199: in-depth analysis of the Microsoft Office RTF vulnerability-vulnerability warning-the black bar safety net

0x00 Preface Recently, researchers also found a number of CVE-2017-0199 vulnerability of the sample. Although the Microsoft in this year 4 month has been released for the vulnerability the patch, but since its use is relatively simple, worldwide usage is still very high, here to share some of the...

From the JS files found in the"authentication bypass"vulnerability-vulnerability warning-the black bar safety net

This article content originating from a private vulnerability Bounty program. In this vulnerability the plan, accept the vulnerability range is limited to target sites of a few public functions. Based on early discovery of issues when I was invited into this plan, the other person Total submitted...

CVE-2017-0213 Windows COM elevation of privilege vulnerability-vulnerability warning-the black bar safety net

CVE-2017-0213 Windows COM elevation of privilege vulnerability components take a look at this vulnerability: Windows COM Aggregate Marshaler in the realization of the presence of Privilege escalation vulnerability allows a remote attacker to elevate privileges to execute arbitrary code. Vernacula...

How to use JavaScript array extensions integer overflow vulnerabilities in WebKit-a vulnerability warning-the black bar safety net

I will be in this article to tell you about the vulnerability, CVE-2017-2536/ZDI-17-358, which is a typical plastic overflow vulnerability, when the system is in the calculation of the allocated space size, the vulnerability will likely lead to a heap buffer overflow. We not only give you...

CVE-2017-0199: in-depth analysis of the Microsoft Office RTF vulnerability-vulnerability warning-the black bar safety net

Recently, researchers also found a number of CVE-2017-0199 vulnerability of the sample. Although the Microsoft in this year 4 month has been released for the vulnerability the patch, but since its use is relatively simple, worldwide usage is still very high, here to share some of the phishing...

Burrow experience | to see how I find the Yahoo remote code execution vulnerability and get the 5500 knife bonus-vulnerability warning-the black bar safety net

I always believe to share with people is a good trait, and I'm also from the vulnerability reward in the field of multi-bit security research experts learned a lot to make me last a lifetime things, so I decided in this article to share with you some of my recent little discovery, hope these thin...

How to pass the command injection vulnerability fix Yahoo subsidiary production servers-vulnerability warning-the black bar safety net

One, Foreword Time to get back to 5 May 20, the night before that, I spent several days time to study the Yahoo Messenger app, still can't figure out how it works, but annoying headache and neck pain and looking for me. So I decided to go for a walk, find a new target. Then I noticed a very...

NSA Arsenal: CVE-2017-9073 EsteemAudit analysis-vulnerability warning-the black bar safety net

In April, one named“shadow broker,”the organization publish a part of them from the NSA to steal the exploit tool, mainly for the windows operating system. One of the most famous is the ransomware WanaCryp0t use / exploit"EternalBlue"in. Another is the release to use the tool for the CVE-2017-907...

Chrome vulnerabilities can lead to malicious sites when the user unknowingly to record audio and video-bug warning-the black bar safety net

Is it possible that we unknowingly is computer recordings and video? Hackers can so hear your every call, to see the people around you. Sounds like horror, but sometimes we really can't fully know our computer is doing. So much so, that even Zuckerberg such a great leader also need to use tape to...

CVE-2017-6178: from patch contrast-to-Exploit-vulnerability warning-the black bar safety net

Some time ago in the EDB poking around, saw a driver of a kernel Vulnerability, CVE-2017-6178, like me in learning the Kernel PWN the newbie Natural is not missed:, after debugging analysis after feeling learned a few things, so come and share with everyone. USBPcap is a USB packet capture tool,...

Online pacemaker the presence of up to 8,000 application vulnerabilities-vulnerability warning-the black bar safety net

WhiteScope is an independent network of security services and training provider, they just released a study that shows from the four major manufacturers of pacemakers the presence of 8,000 application vulnerabilities, vulnerable to hacker attacks. WhiteScope for security reasons and not released...

See how I found Twitter any accounts to send tweets vulnerabilities and get 7560 $ Bounty-vulnerability warning-the black bar safety net

! Participation in the Twitter vulnerability Bounty project in the process, I passed some Safety tests found that a Twitter presence of significant vulnerabilities: an attacker does not need access to others account permissions, you can order any accounts to publish tweets. I'm in 2017 2 May 26,...

For many well-known companies impact of Oracle Responsys local file inclusion vulnerability-vulnerability warning-the black bar safety net

Today I want to show you is, how do I find the Oracle Responsys cloud service system in a local file inclusion vulnerabilities LFI Airport. Due to the current commercial sales, network storage and social relationships companies are using the Oracle Responsys cloud solution, so that the...

Oracle Human Resources Management System PeopleSoft unauthorized remote code execution vulnerability parsing-vulnerability warning-the black bar safety net

! A few months ago, I had the privilege of participating in several of Oracle's PeopleSoft construction project Safety Audit, the audit object mainly for the PeopleSoft series of Human Resources Management System, HRMS, and development tools package PeopleTool it. Throughout the online on the...

CVE-2017-7494 Samba remote code execution vulnerability analysis-vulnerability warning-the black bar safety net

5 on 24 May, the Samba official news release, the Samba server software remote code execution vulnerability. An attacker can use the client to specify the library files to upload to have write permissions to the shared directory, will cause the server to load and execute the specified library fil...

Samba remote code execution vulnerability(CVE-2017-7494)-SambaCry analysis report-vulnerability warning-the black bar safety net

0x01 Intro 2017 5 May 24, Samba official released a security Bulletin, the new release of Samba 4.6.4 fixes a serious code execution vulnerabilityCVE-2017-7494, the vulnerability affects Samba 3.5.0 after to 4. 6. 4/4. 5. 10/4. 4. 14 in the middle of all versions. At rpcserver/srvpipe. c in the...

Pwn2own vulnerabilities share the series: the use of the macOS kernel vulnerability to escape the Safari sandbox-vulnerability warning-the black bar safety net

In the Pwn2own 2017 game, Apple macOS Sierra and Safari 10 become is attack up one of the goals. In this competition process, although there are multi-branched clan successfully/semi-successfully completed on macOS + Safari target compromised, however 360 security team use exploits the minimum...

How to pass kernel command injection bypass Nexus 6 safe start mode-bug warning-the black bar safety net

In 2017 5 on the Android security announcements, Google released a security patch that fixes the Nexus 6 bootloader in the discovery of a serious Vulnerability, CVE-2016-10277 in. Exploit this vulnerability, a physical attacker or a already have the bootloader locked down the target device...

Wechat appeared“remote pop exploit”has been maxed circle of friends in reference to specific play-a vulnerability warning-the black bar safety net

This morning a 5 month 26 day, micro-channel circle of friends have a lot of friends to the lei Feng network reflect: wechat appearedXSSvulnerabilities that can be in a friends phone, remote pop up! The black bar safety net in accordance with the User Instructions, go to wechat search friends...

hackerone vulnerability: how to use XSSI to steal a multi-line string-vulnerability warning-the black bar safety net

First of all, I assume that students already know what isXSSI. If you don't know the words, you can have a look below this paragraph is taken from the identity-based XXSI attack on the simple introduction： Cross-site scripting: XSSI - Cross Site Script Inclusion is a way to allow an attacker to...

Samba remote code execution vulnerability(CVE-2017-7494)analysis-vulnerability warning-the black bar safety net

Author: cyg07 && redrain Overview 2017 5 May 24, Samba released a 4. 6. 4 version, in the middle fix a serious remote code execution vulnerability, the vulnerability number CVE-2017-7494, the vulnerability affects Samba 3.5.0 and including 4. 6. 4/4. 5. 10/4. 4. 14 the intermediate version. 360...

Vulnerability warning|Samba remote code execution vulnerability, affecting 7 years ago version-bug warning-the black bar safety net

Samba is a Linux and UNIX system of the SMB Protocol service software, can be achieved with otheroperating system such as: Microsoft Windows operating system, file system, printers and other shared resources. The vulnerability of the earliest influence to the 7 ago version, a hacker can exploit t...

The media player can lead to millions of systems suffer from subtitles attack-vulnerability warning-the black bar safety net

Experts pointed out that, as long as the attacker can make the target user in which a vulnerable media player to open a malicious subtitle file will be able to fully control the device. For automatically from the Internet to get the caption of the application, without any user interaction it can...