About love fast iKuai routing product vulnerability briefings-vulnerability warning-the black bar safety net

Recently, the national information security vulnerabilities library CNNVD received Beijing long-kiosk Science & Technology Co., Ltd. about enterprise-level stream routing product“iKuai IK-G20SQL injection vulnerability”, the“iKuai noobSQL injectionvulnerability”and“iKuai white command injection...

【Serious vulnerability】“iKuai”routing product vulnerabilities Advisory-a vulnerability warning-the black bar safety net

! L Recently, the national information security vulnerabilities library CNNVD received Beijing long-kiosk Science & Technology Co., Ltd. about enterprise-level stream routing product“iKuai IK-G20SQL injection vulnerability”, the“iKuai noobSQL injectionvulnerability”and“iKuai white command injecti...

Hand to hand teach you how to construct a office vulnerability POC in the first-the vulnerability warning-the black bar safety net

In recent years, the APT track The prevalence, often visible variety to fishing the start of the attack, both websites hang horse Style Fishing, there are also spear-mail phishing, as shown herein the office Vulnerability CVE-2 0 1 2-0 1 5 8 with its classic, versatile yet stable exploits often...

The router is now a new vulnerability: hackers remotely hijacked Internet access-vulnerability warning-the black bar safety net

Recently, security experts found Inteno home router, there may be a security vulnerability. The vulnerability will lead to hackers can remote home router remotely hijacked and monitoring, and the router's firmware to transform into hack the homemade version, which completely take over the home...

BlackHat issues resolved: Windows programs digital signature verification“vulnerability”-vulnerability warning-the black bar safety net

In this year's black hat conference, foreign a security researcher shows how by the Windows digital signature bypass for malicious code detection. Download the General Assembly of the presentation of the ppt probably looked at it, the report is divided into two parts, the first part shows the...

I've heard that you don't need a password? Cisco ASA SNMP RCE vulnerability analysis using vulnerability warning-the black bar safety net

In this everyone seems to be committed to the HAPPY WEEKEND, have what way can let the WEEKEND BE MORE HAPPY? Cover（right now with a vulnerability how it?! Earlier on Twitter see: ! Then came the ! Seems very interesting, try it slightly. Disclaimer: In this article all information is for referen...

Many models were found in the presence of a smartphone connected to vulnerability-vulnerability warning-the black bar safety net

Most of the current on-sale models are equipped with some untold Secret. These prototype software function although it is disabled by default, but the malicious person was able to find it to unlock it. ! As the industry's first comprehensive safety analysis conclusions, NYU Tandon College of...

PHP careful urldecode triggered SQL injection vulnerability-vulnerability warning-the black bar safety net

Ihipop school Discuz X1. 5 The Forum is black, where the noisy one afternoon. Google“Discuz! X1-1.5 notifycredit.php Blind SQL injection exploit”, you know. Discuz is national very popular Forum system, is black the website should be a lot of it. But I'm against the invasion of someone else's...

iOS Trident vulnerability patch analysis, the use of the code published（POC）-bug warning-the black bar safety net

Description 2 0 1 6 years 8 months 2 5,, for the recent emergence of iOS monitoring tool PEGASUS,Apple released important security update:iOS 9.3.5。 And before found the iOS malware is different, this kit uses three different iOS 0 day vulnerability that lets all hit a patchiOS 9.3.5 the...

Android Webview remote code execution getClassLoader-vulnerability warning-the black bar safety net

It is well known in the Android 4.4 system on Google has been the default system Webkit kernel is replaced with the own open-source project chromium,and in Issue 2 1 3 6 9 3 0 0 5（https://codereview.chromium.org/213693005）shielding the webview object. getClass, android in 4. 4. 4 version complete...

PHP 7 is due: the deserialization vulnerability case studies and analysis,-vulnerability warning-the black bar safety net

Leak the pointer In a typical PHP-5 deserialization of use, we will use a dispenser to cover a pointer to the string contents of the pointer, thus reading the next stack slot. However, in PHP-7,The internal string representation is different. In PHP-7, The basic structure of the struct zval...

D-Link router firmware the back door that leads within the network domain name hijacking-vulnerability warning-the black bar safety net

This Backdoor can lead to a domain being hijacked, hijacking of domain names is available in the remote server control, with the back door of the firmware: DI7001-15.07. 15A1. trx DI7001W-15.07. 15A1. trx DI7002-15.07. 15A1. trx DI7002W-15.07. 15A1. trx DI7008W-14.10. 11A1. trx DI7100-15.07. 15A1...

Android security WebViewUXSS vulnerability-vulnerability warning-the black bar safety net

0X01 introduction XSSis more familiar to us of an attack, including storage-typeXSS, a reflective-typeXSS, DOM XSS, etc., but UXSSuniversal typeXSSin addition, a different vulnerability types, mainly reflected in the vulnerability of the carrier and sphere of influence. XSSthe problem stems from ...

Old versions of the libupnp library security risk analysis-vulnerability warning-the black bar safety net

0x1 libupnp description libupnp is a Portable, Portable UPnP C language development package, UPnP is a network Protocol that allows the device to automatically search for and set. Libupnp to the latest version is 1. 6. 2 0, the compile time for 2 0 1 6 7 May 7, last version of 1. 6. 1 9, The...

360MeshFire Team: CVE-2 0 1 6-5 6 9 6 TCP bypass attack analysis and reproduce it-vulnerability warning-the black bar safety net

! 0x01 vulnerability background 8 on 1 0-1 2, USENIX Security Conference, University of California, Riverside and the US Army research laboratory 6 the researchers uncovered about the RFC 5 9 6 1 security vulnerability. To prevent “blind in-window”attack, RFC5961 the introduction of Challenge ACK...

Ninety percent of a Bank online system has security vulnerabilities-vulnerability warning-the black bar safety net

Smart home devices, routers, cell phones, street common vending machines...... Life time may contact to the smart devices are likely to encounter a hacker to crack, facing security issues. Yesterday, in the XCon security focus information security technology summit sponsored by the“XPwn future...

PHP 7 is due: the deserialization vulnerability case studies and analysis of on-vulnerability warning-the black bar safety net

! 1. Vulnerability history For hackers, if you can use a server-side error, that's the equivalent of hit the jackpot. Because users tend to move their data stored in the server,if a hacker can make use of this error can be directed to a target, thereby acquiring greater benefits. PHP scripting...

Windows 8.1 kernel exploit—CVE-2 0 1 4-4 1 1 3 vulnerability analysis-vulnerability warning-the black bar safety net

! 1. Case description: 2 0 1 4 years 1 0 month 1 4 day, CrowdStrike and FireEye, two IT companies each publish a blog post, in which are invariably introduced a Windows-based system to the new kernel privilege elevation vulnerability. CrowdStrike, the company mentioned in the article: they are on...

Linux netfilter OOB root mention the right vulnerability analysis-vulnerability warning-the black bar safety net

Famous ExploitDatabase website www.exploit-db.com recently posted a netfilter module. the right to the POC, the author is Vitaly Nikolenko on. OOB it! Netfilter is! Meal a sense of curiosity, decision analysis, analysis of process and outcomes to share as follows. 0×0 extraordinaire mention the...

Ocean CMS to the latest version V6. 2 8 command execution 0DAY-vulnerability warning-the black bar safety net

t00ls a friend fuzz out of a 0day, but the analysis does not come out what's the problem, I analyze a bit. I is how to track this 0day? In fact, as long as the chase area parameters of the treated place. After a character is an illegal judgment, call echoSearchPagefunction area parameters after t...

Opera's browser synchronization service hacked, user data and stored passwords leaked-vulnerability warning-the black bar safety net

8 month 2 6 day night, the well-known browser vendor Opera's announcement represents its cloud synchronization service suffered a hacker attack, open a browser synchronization feature of the user will be affected. ! Opera Company of a station for storing the user data synchronization server is...

Windows programs digital signature verification bypass vulnerability-vulnerability warning-the black bar safety net

! In this year's black hat conference, foreign a security researcher shows how by the Windows digital signature bypass for malicious code detection. Download the General Assembly of the presentation of the ppt probably looked at it, the report is divided into two parts, the first part shows the...

nginx parsing vulnerability could allow cache poisoning attack-vulnerability warning-the black bar safety net

! Many nginx users will use Google public DNS, OpenDNS or the ISP of the the parser the parser and other parsing program instructions to configure nginx, but among these there is a big risk, the only safe option is running on the local host to a parser. I found that not only the nginx stub resolv...

Cisco SNMP RCE vulnerability reproduction process-vulnerability warning-the black bar safety net

NSA data leaked, many cattle are given in the analysis report, let me benefit. As a technical noob, want to share the following analysis\eqgrp-free-file\Firewall\EXPLOITS\EXBA ideas, build vulnerability of the environment of the process and Use Conditions of the test. This article has a very stro...

Web Security testing common logic vulnerability analysis（combat article-the vulnerability warning-the black bar safety net

Logic vulnerabilities mining has always been Safety tested in the“timeless”topic. Compared toSQL injection, withXSSthe vulnerability of traditional security holes, and now the attacker is more inclined to use the business logic layer of the application security issues, such issues tend to harm th...

A simple four-step, teach you do-it-yourself porting Cisco ASA exploits EXTRABACON-vulnerability warning-the black bar safety net

! In the past few days,We carefully analysed by the Shadow Brokers leaked NSA exploit code EXTRABACON it. According to XORcat derived from the initial analysis,the exploit code can use the SNMP service memory corruption vulnerability to bypass the Cisco ASA device authentication. We in the lab fo...

On the iOS system“Trident”vulnerability briefings-vulnerability warning-the black bar safety net

! Recently, on the Internet to disclose about the iOS operating system there is“Trident”vulnerability, CNNVD-2 0 1 6 0 8-4 6 0, the CNNVD-2 0 1 6 0 8-4 6 1, THE CNNVD-2 0 1 6 0 8-4 6 2. 8 on 1 5 December, by the Canadian citizen lab the Citizen Lab and the U.S. Lookout mobile security companies...

【Warning Notice】IOS remote jailbreak APT attack security a threat-vulnerability warning-the black bar safety net

! IOS remote jailbreak APT attacks Apple yesterday for IOS released a security update that relates to three 0 day vulnerability, this vulnerability discovery process from the primary APT attack begins. We need to note that, the hacker through the loopholes for remote control and get for IOS users...

IPhone zero-day exploit or by hacking recommended that the user update the system-vulnerability warning-the black bar safety net

The iPhone iOS operating system, there are 3 security vulnerabilities are“zero day”, it will be one sophisticated spyware use of to a particular iPhone user to launch a sustained attack. Apple to this rapid reaction, for security vulnerabilities carried out a System Repair. The researchers...

phpecms1. 3 cookies spoofing vulnerability into the background-bug warning-the black bar safety net

! phpecms1.3/admin/cmscheck.php if! isset$COOKIE'adminname' alerthref'illegal login','cmslogin.php'; ; ?& gt; Determine if there is no adminname cookie will skip the login page,if adminname it does not jump. phpecms1.3/admin/cmswelcome.php include'../system/inc.php'; include'cmscheck.php'; ?& gt;...

iOS 9.3.5 emergency release behind the truth:NSO using the iPhone 0day without clicking on a remote compromised iPhone（8 on 2 6 May 1 3:4 1 Update-bug warning-the black bar safety net

! According to the Washington Post reported, many people think that their iPhone is absolutely safe, but the latest research shows that Apple's mobileoperating systemin iOS over the years always the presence of three previously unknown“zero-day exploit”, in fact Apple users are always in danger...

Google Chrome V8 vulnerabilities technical analysis and protection solution-vulnerability warning-the black bar safety net

Google Chrome V8 engine 3. 2 0 to 4. 2 version of in the presence of a remote code execution vulnerability, the vulnerability is due to source code“observeacceptinvalid”the exception type is mistakenly written as“observeinvalidaccept”in. An attacker can exploit the vulnerability to cause kMessage...

iOS exposed serious security vulnerabilities: iPhone user or have been listening for years-vulnerability warning-the black bar safety net

iOS 9.3.5 today emergency line, Apple updated the log there are references to fix the“important security”. If you haven't updated, so please update as soon as possible, because this relates to the iOS security may be“unprecedented”. Apple referred to the important security issue is that of the 3...

Will Tiger router a large number of high-risk vulnerability analysis-vulnerability warning-the black bar safety net

Foreword This thing from a few months ago to start. There is one called Tao Sauvage foreigners happy to come to China to travel. Want to have a little China Souvenirs go back, preferably for a long time, select a section called The must Tiger the wireless router. ! Look at this ultra low price an...

Leaked cisco ASA the exploit can be applied to the new cisco version, on-vulnerability and early warning-the black bar safety net

! 2 0 1 6 years 8 on 1 5 December, one called“Shadow Brokers”the shadow broker-hacking group claims to Own the invasion with the NSA related to the Equation Group equation organization of a computer system, and successfully steal a lot of confidential information and hacker tools. Subsequently,...

Mailbox fishing those things: the Chrome address reverse vulnerability use cases-vulnerability warning-the black bar safety net

First talk about the recently seen one of the more interesting vulnerability, the Google browser chrome address inversion, later we'll said. One day, your mailbox has received an incredible message that may come from your boss or your best friend, do not feel strange, it is likely that you are...

SWEET32: TLS 6 4-bit block cipher birthday attack(CVE-2 0 1 6-2 1 8 3)-vulnerability warning-the black bar safety net

The problem of the attack of harsh conditions. The attacker needs to get a lot of ciphertext, the thesis of the author is by 3 0 hours, 610GB of data to achieve. In addition, the need to plaintext in Important Information a lot of repetition which is to eventually be able to decrypt it's content,...

On the Chrome V8 engine“BadKernel”vulnerability briefings-vulnerability warning-the black bar safety net

! Recently, the national information security vulnerabilities library CNNVD received 3 6 0 mobile Guard Alpha team on the Chrome V8 engine“BadKernel”vulnerability is the case of the message send. The vulnerability exists in the Chrome V8 engine of the previous versions, a remote attacker can use...

A simple description of the Fckeditor upload parsing vulnerability-vulnerability warning-the black bar safety net

Directly through the known path to the file that broke the fck Editor Version information: FCKeditor/whatsnew.html ! 2 0 1 6 0 8 2 3 1 9 2 4 0 8 Through a common upload address, to test the upload point whether the presence of: FCKeditor/editor/filemanager/browser/default/connectors/asp/connector...

Cloud Security Series: 360GearTeam again found QEMU multiple vulnerabilities-vulnerability warning-the black bar safety net

! 2 0 1 6 years and 8 months or so, the odd Tiger 3 6 0 to the QEMU official report a number of QEMU vulnerabilities in. They allow an attacker to attack a virtual machine or the host machine itself, causing a denial of service or arbitrary code execution. 360GearTeamoriginal 3 6 0 cloud security...

Wechat discovered arbitrary code execution vulnerability 3 6 0 mobile Guard provides a self-test programme-vulnerability warning-the black bar safety net

Recently, the 3 6 0 mobile Guard Alpha team-Alpha Team exclusive found wechat remote arbitrary code execution vulnerability, which was named badkernel it. 3 6 0 mobile Guard Alpha team found, through this vulnerability an attacker may access the micro-channel full control, compromise the user's...

The exploit of those things - from theory to practical-vulnerability warning-the black bar safety net

It seems like long time no post, recently on a whim ready to talk about “the exploit of that thing is.” Now there is a phenomenon is that once a hazard the higher the vulnerability verification PoC or the use of EXP is released, there will be a large group of hungry unbearable hat to brush hole,...

Drupal coder module presence unauthenticated remote code execution vulnerability-vulnerability warning-the black bar safety net

! In a review of the coder module secure code when I'm on Drupal Security Advisory SA-CONTRIB-2 0 1 6 years-0 3 9 found that an unauthenticated remote code execution vulnerability. The vulnerability affects Drupal coder module version including 7. the x - 1.3 and 7. x -2.6 all of the following...

NSA USA NSA）leakage of the document depth analysis PART 1-the vulnerability warning-the black bar safety net

One, Foreword The firewall is protect the network the machine is not affected by the network attacker against the first track is also very core of the Defense, the most basic function is that external parties cannot access to the internal network of the machine, the internal staff can normally...

NSA equation organization the Equation Group leaked by day financial products vulnerability analysis a-vulnerability warning-the black bar safety net

! 0×0 1 Introduction The NSA's Equation Groupequation organizationleaked exploit code is already there for some time, we will be Exploits involving to-day financial firewall exploit code for a simple analysis, and found a vulnerability with us in 2 0 1 6 1 1 0 Number submitted to the dark cloud o...

Will Tiger uRouter wireless router discovered multiple security vulnerabilities-vulnerability warning-the black bar safety net

A long story short Will Tiger uRouter wireless router is a by the Chinese will Tiger technology production and sales of enterprise class intelligent routing products. It looks impeccable, but it did not do pretty and intelligent－because this device is the presence of multiple serious security...

Zabbix SQL injection vulnerability analysis and solution-vulnerability warning-the black bar safety net

Vulnerability scope Where the use Zabbix2. 2. x, 3.0. x website in 3. 0. 4 version have repair may cause the sensitive data leakage, server by a malicious attacker to control and cause more harm. Zabbix description zabbix is a WEB-based interface to provide distributed system monitoring and netwo...

8 on 1 9: The Shadow-Brokers the leaked file description, technical analysis on-the vulnerability warning-the black bar safety net

! 0x01 exposure data with the equation and NSA relationship From the leaked data packet with the decompressed content to see, specifically for the firewall device attack and penetration action when the use of the tool set. According to the data exposed persons Shadow Brokers described, this packe...

Address Sanitizer in macOS-vulnerability warning-the black bar safety net

A few days ago, the Keen Team@marcograss on their blog released a using Address Sanitizeraka asan found a heap overflow vulnerability. Discuss here about asan implementation. This article relates to the environment macOS 10.11.6 Xcode 7.3.1 make sure to use the official Apple's clang, with the op...

BenignCertain: a can remotely extract the Cisco VPN key hack tool free leak files download address-vulnerability warning-the black bar safety net

One, Foreword In a flash, we came to this familiar yet strange Friday. In this past week, the field of network security in the most“eye-catching”the event certainly not“the NSA is a black event”Mo belong to. The United States Time 2 0 1 6 years 8 on 1 5 December, a named“The Shadow Brokers”of the...