PostgreSQL Administration Tool pgAdmin 4 XSS vulnerabilities found and use-vulnerability and early warning-the black bar safety net

This article I'm going to tell you how I find and use pgAdmin4 desktop clientXSSvulnerabilities. In reading this article, please upgrade as soon as possible to 1. 4 version. Foreword Since I am a hand inadvertently to a new MacBookPro on that big ridiculously Touchpad, pgAdmin 4 page constantly...

360Vulcan: the NSA Arsenal of Eternalromance (eternal romance) vulnerability analysis-vulnerability warning-the black bar safety net

In the Shadow Brokers disclosed the NSA's hacking Arsenal, Eternalromance eternal romance is the impact of Windows full platform SMBv1 vulnerability attack tool that has been Microsoft patch MS17-010 repair, Windows XP and 2003, etc. is not Microsoft support period of the system version without t...

Dozens of Linksys Router the exposed high-risk vulnerability can lead to remote command execution and sensitive information disclosure-vulnerability warning-the black bar safety net

! From the IOACTIVE researchers recently discovered the presence in the Linksys smart Wifi Router vulnerabilities. Researchers last year purchased a Linksys EA3500 series smart router. This brand before belonging to Cisco, and now belongs to Belkin's, in the Asian Regional market usage is small...

Analysis of the open source CMS TYPO3 in the News system module SQL injection vulnerability-vulnerability warning-the black bar safety net

! Description News module is TYPO3 in 20 of the most commonly used one module, the burst presenceSQL injectionvulnerabilities. Although the author has been in 4 months times to contact the manufacturer, however, has not released fixes. Only when the module parameter overrideDemand set to 1 when t...

Eternalromance (eternal romance) vulnerability analysis-vulnerability warning-the black bar safety net

1 environment TROJAN: Eternalromance-1.3.0 TARGET: windows xp sp3 FILE: srv.sys 5.1.2600.5512 2 Exploit the use of We can be found in the Toolkit there are two Eternalromance, a 1. 4. 0, another is 1. 3. To 0. After I turn the toss also did not put 1. 4. 0 run up. Frustration try 1. 3. 0 found...

The Jackson framework Java deserialization remote code execution vulnerability technical analysis and protection solution-vulnerability warning-the black bar safety net

GMT 4 on 15 May, the Jackson framework is found in the presence of a deserialization code execution vulnerability. The vulnerability exists in Jackson under the framework of the enableDefaultTyping method by which the vulnerability, an attacker can Remote in to the server host on the unauthorized...

ShadowBroker release of NSA tools in the Esteemaudit vulnerability reproduction process-vulnerability warning-the black bar safety net

Recently the infamous equation tissue kit again is disclosed, TheShadowBrokers in steemit. com blog provides related message. The following is one of Esteemaudit vulnerability reproduction process. Preparation IP System information Use Note 192.168.146.132 Windows xp Attack aircraft Need Ann...

Apache logging component Log4j deserialization vulnerability affects all 2. x version-bug warning-the black bar safety net

! Open source stuff with more people, natural vulnerability. Apache for logging component Log4j to use the very flexible, in quite a lot of open source projects are using this exploit affects all Apache Log4j 2. Series version: Apache Log4j 2.0-alpha1 – Apache Log4j 2.8.1 using Java 7+users shoul...

MS17-010 Exploit-vulnerability warning-the black bar safety net

From the equation the organization of the tool kit inside to pull out. （If it is this useful?） Tested 32-bit XP and 64-bit Win7 successfully. ! Yes. As you can see, this exp is a key getshell it. You can also replace the directory luan32. dll or luan64. dll to achieve the level of function, the...

In-depth analysis of the N. S. A. took 5 years of IIS vulnerability-vulnerability warning-the black bar safety net

Source: Xuanwu lab Author: Ke Liu of Tencent’s Xuanwu Lab The 1. Vulnerability description 1.1 exploit description 2017 3 November 27, from South China University of technology the Zhiniang Peng and Chen Wu in GitHub 1 discloses an IIS 6.0 vulnerability exploit code, and specify its may 2016 7...

NSA Eternalromance （eternal romantic） vulnerability analysis-vulnerability warning-the black bar safety net

1 environment TROJAN: a Eternalromance-1.3.0 TARGET: windows xp sp3 FILE: srv.sys 5.1.2600.5512 2 Exploit the use of We can be found in the Toolkit there are two Eternalromance, a 1. 4. 0, another is 1. 3. To 0. After I turn the toss also did not put 1. 4. 0 run up. Frustration try 1. 3. 0 found...

Bosch automotive Drivelog Connector dongle remote vulnerability analysis-vulnerability warning-the black bar safety net

In this article, we will be on the Argus research team at Bosch Drivelog Connect BOD-II adapter in the discovery of the vulnerability is discussed in detail. Note that this vulnerability would allow an attacker to by Drivelog platform to stop a running car engine. According to the Argus of the...

CVE-2017-0199 OFFICE OLE2LINK the exploitability of the vulnerability details-vulnerability warning-the black bar safety net

Author: 天择实验室[email protected] Reprint please indicate the source: http://blog.jowto.com Vulnerability overview fireeye recently published a OFFICE 0day, without the need for user interaction in the case, open a word document you can by hta script to execute arbitrary code. After the study found tha...

CVE-2013-2551-sample analysis and exploits and Defense-vulnerability warning-the black bar safety net

0x0 is written on the front VUPEN team in the Pwn2Own 2013 hacking contest using the vulnerability to compromise Windows 8 environment, IE10, then on their blog discloses technical details. According to VUPEN description of the vulnerability produced in the VGX. DLL module, in the VML language...

Jackson-Databind framework json deserialization code execution vulnerability analysis-vulnerability warning-the black bar safety net

2017/04/11, ayound reported a Jackson Databind framework json deserialization vulnerability, an attacker exploit the vulnerability in the server on the host to execute arbitrary code or system commands, obtain the web server control. Affected versions: The jackson databind 2.7.10 and 2. 8. 9 The...

Cisco Catalyst 2960 switch in CVE-2017-3881 vulnerability analysis-vulnerability warning-the black bar safety net

! 2017 3 December 17, Cisco official website announced that the Cisco IOS&IOS-XE Software Cluster Management ProtocolCluster Management Protocolthe presence of a remote code execution vulnerability, CVE-2017-3881-in. The vulnerability is Cisco in the study of the CIA leak of the document“Vault 7”...

Apache logging component Log4j deserialization vulnerability affects all 2. x version-bug warning-the black bar safety net

! Open source stuff with more people, natural vulnerability. Apache for logging component Log4j to use the very flexible, in quite a lot of open source projects are using this exploit affects all Apache Log4j 2. Series version: Apache Log4j 2.0-alpha1 – Apache Log4j 2.8.1 using Java 7+users shoul...

NSA Eternalblue SMB vulnerability analysis-vulnerability warning-the black bar safety net

Environment TROJAN: Eternalblue-2.2.0.exe TARGET: win7 sp1 32bits srv.sys 6.1.7601.17514 srvnet.sys 6.1.7601.17514 PATCH: MS17-010 The vulnerability principle srv. sys in the processing SrvOs2FeaListSizeToNt when logic is incorrect resulting in cross-border copy. We first look at the vulnerabilit...

Hacking Ali cloud released Windows System the high-risk vulnerability solution-exploits warning-the black bar safety net

4 on 14 November, outside the hacking group discloses a comprising a plurality of Windows Remote exploit tools for the confidential documents. To ensure that the cloud on the user's business security, Ali cloud in 4 month 15 days morning nine points half released a vulnerability announcement and...

About Jackson frameworks exist in Java deserialization code execution vulnerability security Bulletin-vulnerability warning-the black bar safety net

Security Bulletin number: CNTA-2017-0030 Recently, the national information security vulnerabilities sharing platform CNVD）included CNVD white hat（ID: ayound）sent to the Jackson framework enableDefaultTyping method of deserialization vulnerability CNVD-2017-04483 it. An attacker could exploit the...

For cross-browser local file disclosure vulnerability analysis-vulnerability warning-the black bar safety net

Foreword You know? You can easily turn ordinary file selector into a folder picker, to do this, simply drag the attribute“webkitdirectory”added to the type ='file'in the given input element on the line. Of course, with the folder selector is different, eventually you will load a given folder all...

Nebula exploit package CVE-2016-0189 exploit analysis-exploit warning-the black bar safety net

1. Introduction In recent years, exploit kitsEK/Exploit Kitmarket amidst the winds of change。 2016 early June, once rampant in the Angler EK disappeared, the Neutrino EK quickly filled the void. Then just less than 3 months time, the Neutrino EK and go for the underground, the RIG EK and then...

Microsoft reproducing the large-scale vulnerability of the global 750 million computers or hacking-vulnerability warning-the black bar safety net

Due to the invasion by the United States NSA and blow the hacker group Shadow Brokers, at 4, on 14 January evening once again released a series of heavy files. Burst for Microsoft Windows System a large number of remote vulnerabilities using the tool, the impact of including Windows XP, Windows 7...

CVE-2017-0199: Microsoft Office RTF vulnerability using the PoC-vulnerability warning-the black bar safety net

0x01 description From FireFye detect and publish CVE-2017-0199 since, I have been researching this vulnerability in Microsoft officially released the patch, I decided to release this PoC. I use way possible with other researchers using different methods, the use of the method may be little bit...

Phpcms v9 vulnerability analysis-vulnerability warning-the black bar safety net

Recent study the source code and audit-related knowledge, will be grabbed before open source CMS vulnerability research, yesterday accidentally saw this PHPCMS vulnerability, you are ready to Analysis a lot, originally wanted to directly from the source code static analysis, but found itself on t...

xRaido 0.95 b '. xrl'local code execution vulnerability-vulnerability warning-the black bar safety net

Author: k0shl reprint please indicate the source: http://whereisk0shl.top Vulnerability description Software download: https://www.exploit-db.com/apps/d4623b69bd1b881fa7e440ca79f44ef2-xradio-setup-0.95b.exe PoC: !/ usr/bin/python windows/messagebox - 590 bytes x86/alphaupper...

How BurpSuite detection of Blind XSS vulnerabilities-vulnerability warning-the black bar safety net

! Last weekend, I participated in a French hack of the Year competition“Nuit du Hack 2017”the qualification heats, at the time I managed to get the game in all the Web security challenges, and one person alone had a team in the Web challenges of all the scores, and I use the tool only BurpSuite...

Multi-brand router remote access vulnerability the final disclosure-vulnerability warning-the black bar safety net

Affected devices the millions, the researchers therefore did not disclose their discovery. Until after four years today, they officially disclosed the impact of this widespread vulnerability. ! The researchers said that Cisco has fixed the vulnerability, but they don't know how the other router...

2017 OWASP Top 10 ten security vulnerabilities the candidate out of the oven, what do you see? - Vulnerability warning-the black bar safety net

OWASP the open Web application security project recently announced 2017 the OWASP Top 10 ten security vulnerabilities list, added 2 new classification. Background description The OWASP project is the most authoritative is its”top ten security vulnerabilities list.” This list sums up the Web App...

Spread banking Trojan the Office 0day Vulnerability(CVE-2017-0199)technical analysis-vulnerability warning-the black bar safety net

Vulnerability overview Microsoft in 4 months of routine patch of 4 on 12, the A Office remote command execution vulnerability, CVE-2017-0199 for the repair, but in fact in the patch before the release there has been more use of this vulnerability in the wild is found, which contains the...

Equation and a wave of massive 0day attacks leaks, Microsoft this minor vaginal bleeding-exploit warning-the black bar safety net

Early in the morning get up and think of Sunny days still good? However cyberspace just gave birth to a wave of bomb has a blast! Shadow Brokers again leaked out a shocked the world of confidential documents, which contains a plurality of fine Windows Remote exploit tools, and can cover over 70% ...

Recently being a hot Word 0day vulnerability has been used for malware spreading and the country attack-vulnerability warning-the black bar safety net

Recently Microsoft Word 0day vulnerabilities is very hot, this month's Patch Tuesday, Microsoft also finally released for the CVE-2017-0199 vulnerability patch, and the previously reported difference is that this vulnerability also affects Microsoft's own WordPad. According to security firm FireE...

Linux kernel ipv4/udp. c remote arbitrary code execution(CVE-2016-10229)-vulnerability warning-the black bar safety net

! Vulnerability description The Linux kernel is the United States, the Linux Foundation released theoperating systemLinux the kernel. Linux kernel 4.5 the previous version of the udp. c file there is a security vulnerability, the Linux kernel udp. c allows a remote attacker via UDP traffic to...

The Word Vulnerability, CVE-2017-0199 dissect that Microsoft patch that you installed? - Vulnerability warning-the black bar safety net

! Foreword Recently, FireEye detects a use of the vulnerability, CVE-2017-0199 malicious OfficeRTF document--earlier this week FreeBuf also reported the vulnerability, without the need to enable Word macros, open a malicious RFT document can be infected with a malicious program. When the user ope...

TYPO3 CMS news management module SQL injection vulnerability analysis with exp-a vulnerability warning-the black bar safety net

Foreword By POST, to send orderByAllowed and orderBy, we will be able to control part of the SQL statement and get the injection vulnerabilities. The body The news module is TYPO3（Typo3 content management system the most commonly used one of the modules, and now will be subject toSQL...

Office discovered zero vulnerabilities hackers can use the Word document to install malicious software-vulnerability warning-the black bar safety net

According to foreign media reports, recently a period of time, you when opening a Word document may have to be careful because the security company MCAfee researchers in Microsoft Office software found in a zero vulnerabilities, hackers can use it quietly in your computer system to install...

Django two url jump vulnerability analysis: CVE-2017-7233&7234-vulnerability warning-the black bar safety net

! Django official News&Event in the 4 on 4, released a security update that fixes two URL jump loopholes, one is the urlparse pot, the other by long Dinh tech security researcher phithon report, are very beautiful. Because there are replicate Django vulnerability of habit, the evening pumping up...

Facebook and Dropbox in the CSRF vulnerability analysis-vulnerability warning-the black bar safety net

Facebook provides the user with a very handy feature, and the user can pass this option directly from the Dropbox account to load file: ! This feature will allow the user directly in the browser window to view and upload to the Dropbox account in the file: ! This functional integration is through...

Spread banking Trojan the Office 0day vulnerabilities-vulnerability warning-the black bar safety net

Micro-step online Threat Intelligence briefing Number: TB-2017-0003 Report confidence: 90 TAG: Microsoft, Office, 0day, vulnerabilities, phishing mails, Dridex TLP: yellow only accept the report of the Organization for internal use Date: 2017-04-11 Update Micro-step online to GMT 4 May 11, to the...

CVE-2017-0199: analysis Microsoft Office RTF vulnerability-vulnerability warning-the black bar safety net

FireEye recently detected using CVE-2017-0199 security vulnerabilities malicious Microsoft Office RTF document, be aware of CVE-2017-0199, but had not been disclosed vulnerability. When the user opens that contains the exploit Code of the document, the malicious code will download and execute the...

Phpcms V9. 6. 0 any file write getshell vulnerability analysis-vulnerability warning-the black bar safety net

1 Introduction: It is said to be one in the underground has been around for half a 0day, which has recently been broke to, in the membership registration page, that this vulnerability without the need to login you can use, or more powerful. 2 vulnerability analysis: Follow up on the registration...

PHPCMS v9. 6. 0 arbitrary file upload vulnerability analysis-vulnerability warning-the black bar safety net

Author: p0wd3r know Chong Yu 404 security lab Date: 2017-04-12 0x00 vulnerability overview Vulnerability description A few days ago phpcms v9. 6 arbitrary file upload vulnerability caused by a safety ring hot, by the vulnerability the attacker may be in the unauthorized case any file is uploaded,...

Based on BLE IoT smart bulb security vulnerability exploit-vulnerability warning-the black bar safety net

Currently the IOT and intelligent devices has become increasingly popular, and when we talk about the Internet of things, the first thought is often the smart home. Smart home usually involves a variety of devices, including smart refrigerators, smart light bulbs, a power adapter, a kettle, a...

Format string exploits I. Introduction-vulnerability warning-the black bar safety net

I. Introduction This article explains some phenomenon of nature, it has been in 2000 the second half of the year shocked the entire security community. It is a“format string vulnerability”, is a discovery of new vulnerabilities, and will lead to a series of can take advantage of the bug, which in...

CVE-2017-3881: Cisco Catalyst switches remote code execution vulnerability analysis-vulnerability warning-the black bar safety net

Your Catalyst switches whether to enable the telnet in? If Yes, it would have to be careful. This article will be to introduce the reader for the equipped with the latest firmware the Catalyst 2960 switch the remote code execution vulnerability proof-of-concept attack technique. Specific exploit...

Drupal 7. x Service Module SQLi & RCE vulnerability analysis and EXP-vulnerability warning-the black bar safety net

Drupal 7. x Service Module SQLi & RCE In the audit of the Drupal Service module when it is detected on the unserializefunction of a insecure call. Through the vulnerability, can lead to permission to escape, SQL injection, and remote code execution. 0x00 Service Module In Drupal, the Service modu...

Combat stack overflow: the three vulnerabilities to get a router-vulnerability warning-the black bar safety net

! Written on the front Many a geek who like to toss your own router, for example, in the above to build a NAS, configure the remote download and use the proxy the Internet, these techniques and the relevant software can help everyone in the hard disk to collect a large number of entertainment and...

For CVE-2015-2545 vulnerability research and analysis-vulnerability warning-the black bar safety net

1. Overview This is one of the MSOffice vulnerability that allows by using a special Encapsulated PostScript EPSgraphics files for arbitrary code execution. This vulnerability 2015 3 months was found, the vulnerability is not patched case lasted 4 months. After that, Microsoft released a fix...

phpcms_v9. 6. 0_sql injected with exp-vulnerability warning-the black bar safety net

Today or yesterday Suddenly the whole circle are in the Ask a phpcms v9 vulnerability Here we have several unpublished Later, after confirmed, The you is to this injection vulnerabilities This vulnerability of the document has been in the small stream. phpcmsv9. 6. 0sql injection analysis...

The Word exposed 0day vulnerabilities: no need to enable the macros, open the document it automatically install a malicious program-vulnerability warning-the black bar safety net

! In fact, the use of Word macros as the distribution of malicious programs is the way today's conventional via, so many people choose to disable macros, but if you say disable the macros are useless, such a malicious Word document danger is quite different. Recently, McAfee and FireEye security...