iOS also exposed new vulnerabilities, play a particular video led to the automatic shutdown-bug warning-the black bar safety net

! Following the iPhone shut the door after the event, the Apple iOS device has been broke there is a new vulnerability. Useful the user found, if by iOS devices in the Safari browser to play a particular MP4 Video, it will cause the device to run slower and will eventually cause the device to...

The use of SQLite database files to achieve arbitrary code execution-vulnerability warning-the black bar safety net

! Foreword Recently, we have the Belkin WeMo smart home devices security is analyzed. In the course of the study, we developed a novelSQL injectiontechnology, this technology is for SQLite database. Experiments show that we can use this SQLite injection technology in the SQLite database to achiev...

Ubuntu system actually exists Nintendo red and white game machine vulnerability-vulnerability warning-the black bar safety net

Recently security researchers Evans in the Ubuntu system found a very interesting vulnerability, this vulnerability also with Nintendo the year of the 8-bit consoles（NES, or FC. Evans said that in Ubuntu 12.04.5 version of the multimedia framework in the presence of a vulnerability, the...

The use of anti-serialization vulnerabilities get rid of your JMS-vulnerability warning-the black bar safety net

Description Java deserialization vulnerability we should all be very familiar with, presumably, everyone hands have a variety of uses of such vulnerability tool. It is known to be 2 0 1 5 years is to underestimate the“destruction of the king of the”visible its effects. Java deserialization...

To bypass the password to access the iPhone photo or message even iOS 1 0 also affected-vulnerability warning-the black bar safety net

Set the iPhone screen lock password to prevent others from accessing your personal data the preferred method, but the lock screen password is also your phone security the first line of Defense, which is for Android also. But you know what? The last few major version of the iOS lock screen to...

Modern the heap-related exploit techniques-vulnerability warning-the black bar safety net

Foreword Now the vulnerability the vast majority are out in the heap part of this, so get to know some of the now commonly used exploit techniques is very necessary. The heap concept The heap is a dynamically allocated memory pool. Using the mallocfunction from the heap in application memory. Whi...

The Linux explosion of new vulnerabilities, long-press the ENTER key 7 0 seconds to get root access-vulnerability warning-the black bar safety net

! Press and hold the Enter 7 0 seconds, a hacker can be in linux system to bypass the authentication, and then obtain root permissions, and can remotely control through encrypted linux system. Vulnerability sources This security comes from the Cryptsetup presence of a vulnerabilityCVE-2 0 1 6-4 4...

Redis remote code execution vulnerability(CVE-2 0 1 6-8 3 3 9)-vulnerability warning-the black bar safety net

Affected system: Redis Redis 3.2. x 3.2.4 Description: BUGTRAQ ID: 9 3 2 8 3 CVECAN ID: CVE-2 0 1 6-8 3 3 9 Redis is an open source, support network, based on memory, key-value pairs stored in the database, use ANSI C to write. Redis 3.2. x 3.2.4 version there is a buffer overflow vulnerability...

PHP deserialization vulnerability causes and vulnerabilities mining techniques and case-vulnerability warning-the black bar safety net

One, serialization and deserialization Serialization and deserialization of the object is such that the Inter-program transfer object will be more convenient. Serialization is converting an object to string to store the transmission in a way. And deserialization is exactly the sequence of the...

Dlink DIR routers HNAP login function multiple vulnerabilities-vulnerability warning-the black bar safety net

The affected products in the background Smartphones, laptops, tablets, phones, Smart TV, gaming console and other devices all at the same time to connect. This is why we designed our new AC3200 Ultra Wi-Fi router. By Tri-Band technology, making speeds of up to 3. 2Gbps, which provides a demanding...

Classic kernel vulnerabilities debugging notes bis-vulnerability warning-the black bar safety net

Foreword The last time I sent an article yourself in a classic kernel Vulnerability CVE-2 0 1 4-4 1 1 3 struggling experience, and some debugging details of the share summary after feel the harvest a lot, and later an accidental opportunity, I saw the Baidu security Labs issued an article that is...

Simple buffer overflow analysis-vulnerability warning-the black bar safety net

Foreword This article will detail how to find a simple buffer overflow vulnerabilities and how they are ultimately attacks service get a bounce the shell. There are many of the disclosed vulnerabilities can be used as examples herein, but today I in the exploit-db found on the PCMan's FTP Server...

Teach you how to use the exploit to ROOT an Android phone-bug warning-the black bar safety net

As mobile the rapid development of Internet, smart phones, tablet PCs and other intelligent terminal equipment gradually popular, and slowly integrated into our lives. However at the same time the smartphone security issues are also increasingly prominent, the mobile payment vulnerabilities, mobi...

The use of Python code implementing the Web application of the injection-vulnerability warning-the black bar safety net

Vulnerability overview If your Web application exists in the Python code injection vulnerability, the attacker can use your Web applications to your back-end server of the Python parser to send malicious Python code. This also means that if you can on the target server execute Python code, you ca...

Gmail account hijacking vulnerability-vulnerability warning-the black bar safety net

Description Gmail allows worldwide users to use multiple mailboxes to associate their Gmail, Gmail also allows a mailbox to use multiple addresses to the mailbox to send the mail will be pooled to the same mailbox. To be honest, these two modes of identity confirmation on the presence of risk, to...

iOS WebView auto-dial vulnerability-vulnerability warning-the black bar safety net

Vulnerability overview Security research experts found that iOS WebViews Assembly in the presence of the vulnerability, an attacker or may exploit this vulnerability to control the target phone to automatically dial a number you can control. In this attack scenario, the attacker can in a short...

Chrome memory the bug be exploited by hackers: Google has yet to fix-vulnerability warning-the black bar safety net

According to foreign media reports, recently the IT security and protection company Sophos announced that the Chrome browser there is a Bug currently has hackers use. Worse, Google two years ago are aware of this Bug, but until today not yet repaired. ! Chrome memory the bug be exploited by...

The use of Dirty Cow to achieve the docker escape-vulnerability warning-the black bar safety net

Foreword Dirty Cow vulnerability is the use of the Linux kernel in the processing memory write copies Copy-on-Write when the existence conditions of competitive vulnerability, the result can be destruction of private read-only memory mapping. While a low-privileged local user can exploit this...

OAuth2. 0 deploy properly, billions of Android Apps account memory leak risk-vulnerability warning-the black bar safety net

The University of Hong Kong, three security researchers have found that many support single sign-on App no the correct deployment of OAuth2. 0 authentication Protocol, the attacker can use this vulnerability to remotely login to any user's App account. Ronghai Yang, Wing Cheong Lau and Tianyu Liu...

Classic kernel vulnerabilities debugging notes-vulnerability warning-the black bar safety net

Foreword The kernel vulnerability for me has always been a bridge, remember two years ago, just contact binary vulnerability when, at the time today's protagonist has just appeared, when debugging this vulnerability when the whole heart is crashing, and recently I relive a bit of the vulnerabilit...

GNU tar extract-path bypass vulnerability analysis CVE-2 0 1 6-6 3 2 1-the vulnerability warning-the black bar safety net

0x00 summary The GNU tar documentation Management Command is a linux system used a packaged, compressed command, the CSS（FSC1V Cyber Security Services team of researcher Harry Sintonen discovered that the tar command in decompress the When the presence of a path name bypass vulnerability, in some...

The OAuth 2.0 Protocol improper use leads to billions of APP account can be remotely hijacking-vulnerability warning-the black bar safety net

Foreword Chinese University of Hong Kong the three-digit security researcher Ronghai Yang, Wing Cheong Lau And Tianyu Liu found an extremely dangerous security risk, more than 1 0 million of the mobile APP including the Android version and iOS version are in the user is completely unaware of the...

Wix. com there is delay in the repair of the vulnerability millions of websites at risk-vulnerability and early warning-the black bar safety net

Foreword Web hosting cloud service provider Wix. com the presence of the Dom typeXSSvulnerability that can allow an attacker to control in this platform hosted on any one site. Contrast Security's senior security researcher Matt Austin said,“the only need in the Wix create site to add a single...

Powerful word brother! 4 easy steps to bypass PayPal two-factor authentication mechanism-vulnerability warning-the black bar safety net

! Two-factor authentication, 2FA refers to the combination of password and a physical card or credit card, SMS, phone, token or fingerprint and other biological signs the two conditions of the user authentication method. This approach has for businesses, is mainly used to increase account securit...

In-depth interpretation of the dirty cow Linux local to mention the right Vulnerability, CVE-2 0 1 6-5 1 9 5-the vulnerability warning-the black bar safety net

0x00 overview The vulnerability is Linux a local mention the right vulnerability, the Finder is Phil Oester, affecting=2.6.22 all the Linux kernel version, the repair time is 2 0 1 6 years 1 0 months 1 8 Number. The vulnerability of the reason is getuserpage the kernel function in the processing ...

GitLab unauthorized access vulnerability can lead to remote command execution-vulnerability warning-the black bar safety net

GitLab is a use of Ruby on Rails development, Open Source Application, to achieve a self-hosted Git project repository, through a Web interface to access the public or private projects. 2 0 1 6 years 1 1 months to 3 December, the United States the congregation measured platform HackerOne announce...

Google and double 叒 叕 exposure Windows 0day vulnerabilities, Microsoft is not happy-vulnerability warning-the black bar safety net

Google recently again exposed the Windows 0day vulnerabilities, that the vulnerability can affect all current Windows operating systems, and Microsoft hasn't had time to fix. ! According to the Google team released a blog post that the vulnerability is a local mention the right vulnerability, it...

MySQL is now a high-risk vulnerability that can cause the server root permission is stealing-vulnerability warning-the black bar safety net

! Last week, a man named Dawid Golunski Polish hackers discovered the existence of the MySQL vulnerabilities: a remote root code execution exploit and a privilege escalation vulnerability. At the time, Golunski only provides the first vulnerability poc, but the commitment will disclose a second...

HackPwn how to use the context-aware vulnerability deception self-driving cars-vulnerability warning-the black bar safety net

HackPwn2016 Safety geeks Carnival is global attention to intelligent life safety hack Fiesta. The first HackPwn2015 Safety geeks Carnival by the top international hackers team 360VulcanTeam, the 360UnicornTeam initiated, in absorbs the domestic and foreign various security events advantages on th...

MS16-1 2 4: Microsoft kernel integer overflow vulnerability-vulnerability warning-the black bar safety net

Foreword Last month I found and reported a Windows registry integer overflow vulnerability, the last week two 2016.10.25）Microsoft released the bug fix patch MS16-1 2 4 and the vulnerability number CVE-2 0 1 6-0 0 7 0's. The vulnerability may lead to local privilege escalation that affects multip...

OWA and Offic365 two-factor authentication bypass-vulnerability warning-the black bar safety net

Foreword Full disclosure: the BLACK HILLS information security very much in favor of responsible disclosure of vulnerabilities. 2 0 1 6 9 2 8, I to Microsoft reported this vulnerability, may have been to this article publishing 2016.11.2, Microsoft for this vulnerability is always without any...

The use of EMET vulnerability to disable EMET protection-vulnerability warning-the black bar safety net

Microsoft developed the enhanced mitigation experience Toolkit（EMET）is a user-mode program to add security mitigation measures of the project, rather than the built-inoperating systemin the program. It is as a DLL in the“protected”program run through the code for various changes, so that the...

On the Joomla! Content management system vulnerability briefings-vulnerability warning-the black bar safety net

Recently, the national information security vulnerabilities library CNNVD received Beijing white cap Hui Technology Co., Ltd. on Joomla! Content management system there is a security bypass vulnerabilityCNNVD-2 0 1 6 1 0-7 3 9and the remote mention the right vulnerabilityCNNVD-2 0 1 6 1 0-7 4 0in...

Android development APP end common security vulnerability interpretation-sensitive information disclosure vulnerability-vulnerability warning-the black bar safety net

As is known, Android system because of its open-source, open, flexible feature allows the smartphone industry with the rapid progress, the cut-off 2 0 1 5 in the fourth quarter, Android smartphone market share reached 8 0. 7%, but at the same time, Android Open, Open Source advantage from another...

Hijacking NodeMCU Development Board-vulnerability warning-the black bar safety net

Long before the want to play the Board, The do nothing poor and can't afford it. Just the school issued a NodeMCU, although it is a cheap Board, play play is also good. This Board also let me play for several days, a start is to build a good car, in teacher to a Scratch on the play for a moment,...

MySQL / MariaDB / PerconaDB - mention the rights/conditions of competition vulnerability(POC)-vulnerability warning-the black bar safety net

Vulnerability found person: Dawid Golunski Vulnerability level: severe CVE number: CVE-2 0 1 6-6 6 6 3 / CVE-2 0 1 6-5 6 1 6 Vulnerability impact: MariaDB 5.5.52 10.1.18 10.0.28 MySQL = 5.5.51 = 5.6.32 = 5.7.14 Percona Server 5.5.51-38.2 5.6.32-7 8-1 5.7.14-8 Percona XtraDB Cluster 5.6.32-25.17...

Swiss Star: extortion virus is a new variant after the poisoning 1 0 5 4 full file encryption-vulnerability warning-the black bar safety net

Recently, the rising“cloud security”system intercepted a new type of blackmail Virus, the virus encrypts files up to 1 0 5 4, file Unified encryption for. encrypted format, thus a ransom of 1 bitcoinabout RMB 4 5 0 0 Yuan. If the user is not within the prescribed time hack payment, the encrypted...

IPS Community Suite PHP remote code execution vulnerability analysis-vulnerability warning-the black bar safety net

“IPS Community Suite “is a widely used in foreign countries the establishment of the station system. Recent is exposed in 4. 1. 1 2. 3 version and the following version there is a code injection vulnerability. This vulnerability via the control contentclass parameters submit the request to inject...

Memcached fix multiple high-risk vulnerabilities can lead to code execution, denial of service-vulnerability warning-the black bar safety net

! Background description Memcached is a free open-source, high-performance, distributed memory object caching system. Memcached is based on LiveJournal's Danga Interactive company of Brad Fitzpatric led the development of a software. Has now become MySpace, the hatena and Facebook, the Vox,...

DirtyCow Linux privilege escalation vulnerability analysis CVE-2 0 1 6-5 1 9 5-the vulnerability warning-the black bar safety net

0x0 overview DirtyCow vulnerability is the recent burst of the Linux kernel local elevation of privilege vulnerability. The vulnerability is easy to trigger the use of simple and stable, the impact of multiple systems be considered a good vulnerability. But the vulnerability has existed for many...

How to use Rowhammer vulnerability Root Android phone with Video demo+Exploit source code-the vulnerabilities and early warning-the black bar safety net

! Recently, security research experts through research found a root the Android phone to the new method, i.e., by Rowhammer vulnerability to root Android phone. In addition, the attacker can even use this exploit with presently known Android vulnerabilities Bandroid and Stagefright to the target...

Android development APP end common security vulnerability interpretation-sensitive information disclosure vulnerability-vulnerability warning-the black bar safety net

As is known, Android system because of its open-source, open, flexible feature allows the smartphone industry with the rapid progress, the cut-off 2 0 1 5 in the fourth quarter, Android smartphone market share reached 8 0. 7%, but at the same time, Android Open, Open Source advantage from another...

Industrial firewall and an accident! Schneider industrial firewall is explosion serious security vulnerability-vulnerability warning-the black bar safety net

According to the foreign media to the latest reports, industrial security firm CyberX security research experts at 2 0 1 6 years of industrial control systems ICS Network Security Conference disclosed several serious security vulnerabilities, including the one present in the Schneider industrial...

HackerOne in the third quarter TOP 5 vulnerability report-vulnerability warning-the black bar safety net

Foreword HackerOne in the third quarter TOP 5 vulnerability reports are coming announced. In this season, we participated in the Vegas hacker conference, hosted Hacked the World, and in the Reddit discussion above, some of the HackerOne problem. HackerOne vulnerability report from platform to...

Google spreadsheet CSRF+JSON hijacking vulnerabilities-vulnerability warning-the black bar safety net

In 2 0 1 5 years 1 0 months I am in the Google spreadsheet for the API interface found in the JSON + CSRF（cross-site forgery requests, Clickjacking vulnerability. An attacker can exploit this vulnerability in not authorized to access Google Drive files of the case, to obtain the user of the...

InTerCyber company in the message in the system discovered a serious vulnerability-a vulnerability warning-the black bar safety net

According to foreign media the latest report, information security company InTheCyber Security Studies experts discovered a serious vulnerability, this vulnerability or can affect the message system security. Note that this vulnerability using the method is not difficult, an attacker can easily...

The Linux kernel through kill to mention the right vulnerability alerts-a vulnerability alert-the black bar safety net

The Linux kernel in the processing memory write copies Copy-on-Write when the existence conditions of competitive vulnerability, the result can be destruction of private read-only memory mapping. A low-privileged local user can exploit this vulnerability to obtain additional read-only memory-mapp...

Apache Tomcat security restrictions bypass Vulnerability(CVE-2 0 1 6-6 7 9 7)-vulnerability warning-the black bar safety net

Apache Tomcat security restrictions bypass VulnerabilityCVE-2 0 1 6-6 7 9 7 Release date: 2016-10-27 Update date: 2016-10-28 Affected system: Apache Group Tomcat 7.0.0－7.0.70 Description: BUGTRAQ ID: 9 3 9 4 0 CVECAN ID: CVE-2 0 1 6-6 7 9 7 Apache Tomcat is a popular open source JSP application...

Ali poly security Android application vulnerability scanner analysis: local denial of service detection detailed explanation-vulnerability warning-the black bar safety net

Ali poly security of the Android application vulnerability scanners have a detection item is a local denial of service vulnerability detection using static analysis applied motion blur test of the method to the detection, the detection results are accurate and comprehensive. This article will tal...

Upgrade the openssl version to fix high-risk vulnerabilities--“the OpenSSL Red Alert”vulnerability-vulnerability warning-the black bar safety net

Background: Recently the OpenSSL official release of a wide range of remote anonymous denial of service vulnerability, exploit code: SSL-Death Alert”, vulnerability ID: CVE-2 0 1 6-8 6 1 0, that“OpenSSL Red Alert”vulnerability, exploit the vulnerability the attacker may be too much of a connectio...