Apple picture file leading to remote code execution-vulnerability warning-the black bar safety net

The vulnerability is from the Cisco Talos Tyler Bohan found. People in order to a specific industry specific design uses a number of file formats. Apple through the APIs interface to provide a specific way to access the OSX platform on a variety of image format of image data. Talos disclosure of...

Adobe Acrobat and Reader CoolType processing leads to heap overflow vulnerability-vulnerability warning-the black bar safety net

Recently,Adobe repair Adobe Acrobat and Reader of some of the security vulnerabilities. One is that we recently found heap buffer overflow vulnerabilityCVE - 2 0 1 6 - 4 2 0 3. The In this blog,we want to share some of our for this vulnerability analysis. Proof-of-concept By using Adobe Reader DC...

Apple OSX WindowServer: heap overflow vulnerability lead to mention the right vulnerability-vulnerability warning-the black bar safety net

! CVE ID CVE-2 0 1 6-4 6 4 0 The CVSS Score 4.4, AV:L/AC:M/Au:N/C:P/I:P/A:P The affected supplier Apple The affected products OSX Vulnerability details This vulnerability allows a remote attacker is able to in easy to install Apple OSX on the execution of arbitrary code. Exploitation of this...

Security Bulletin: ASN. 1 coding in the presence of a heap memory corruption vulnerability-vulnerability warning-the black bar safety net

! ! 1. Security Bulletin information Title: Objective system integrated Co., Ltd. The design of the ASN. 1 coding specification in the presence of one can lead to heap memory corruption vulnerabilities. Vulnerability CVE number: CVE-2 0 1 6-5 0 8 0 Announcement of the URL address:...

OpenSSHD user enumeration vulnerability-vulnerability warning-the black bar safety net

! Summary: By sending a long password,a remote user can enumerate on the system running the SSHD user. This problem exists in most of the modern configuration,as compared to the calculation of BLOWFISH hashes,takes longer time to calculate the SHA256 / SHA512 to. CVE-ID:CVE-2 0 1 6-6 2 1 0 Test...

Interpretation of the Lenovo preinstalled programs LSC of the three CVE high-risk vulnerabilities-vulnerability warning-the black bar safety net

! Lenovo PC comes with the program Lenovo Solution Center LSC once in the last year was broke serious security issues. Recently, the program of the plurality of security lead to a three CVE high-risk vulnerabilities three vulnerabilities allow the attacker to achieve providing the right to operat...

3 6 0 Nirvana team to assist Apple fixed the kernel vulnerability been publicly acknowledged-bug warning-the black bar safety net

Today, Apple released a new round of security bulletins, fixes by 360Nirvan Team found that the high-risk kernel vulnerability, vulnerability number CVE-2 0 1 6-4 5 8 2, the vulnerability affects OS X 10.11.6, iOS, 9.3.3, and watchOS 2.2.2 and tvOS 9.2.2 before version the multi-platform system,...

Late at night released: httpoxy Remote Agent infection vulnerability analysis update poc-the exploit-warning-the black bar safety net

Author: cyg07@3 6 0 Information Security Department A． Foreword httpoxy is a newly exposed vulnerability is mainly present in apache and other components in the HTTP header of the Proxy Field name is converted to“HTTPPROXY”, Value value is unchanged, and thus will be passed to the corresponding C...

D-Link cloud camera more than 1 2 0 product gaps, about 4 0 million devices affected-vulnerability warning-the black bar safety net

! Before the camera there is a security vulnerability, privacy is leaked out of the event. This event is the protagonist of turn A D-Link cloud camera. A woman named Stephen Ridley of the security researcher found that the D-Link cloud camera vulnerabilities exist, and he also found more than 1 2...

Exploit details: change any user of the Uber-password-vulnerability warning-the black bar safety net

Vulnerability status: resolvedclosed Disclosure Time: 2 0 1 6 7 1 5 am 5 points 3 8 points Report objects: Uber Vulnerability type: authentication class Bonus: 1 0 0 0 0$ ! Vulnerability overview: Uber is a global instant car software, the software has now covered the global more than sixty...

Juniper release the high-risk patch to patch the Junos system-vulnerability warning-the black bar safety net

! Juniper network company to fix some in the Junos system vulnerabilities in Junos are the one used in the Juniper corporate network and security facilities in anoperating system. In they repair the vulnerabilities list, including one can make hackers access to the affected device administrator...

Palm reading iReader a station Python vulnerability discovery-vulnerability warning-the black bar safety net

Python as a new generation of web development language, many of the Internet inside and outside the company network using their development site. Python web periphery there is also redis, memcached, a mongod, the supervisord is restarted, etc. services, we combine these services to a range of...

Have a printer with a network-vulnerability warning-the black bar safety net

Description Printer for the IOT world provides an interesting case,because unlike most IOT devices compared to their very powerful hardware,but usually not by the administrator is considered to be a“real”computer. Over the years,many security researchers and reported in the printer of the...

Millet user Be careful a system vulnerability has been hacker caught-vulnerability warning-the black bar safety net

You use the Xiaomi mobile phone? You the MIUI system is a 7. 2 The stable version before the system? If Yes, then congratulations you won the lottery. Your phone will likely be hack via a remote code execution vulnerability in the control. ! Millet user Be careful a system vulnerability has been...

Jenkins RCE 2(CVE-2 0 1 6-0 7 8 8)analysis and use-vulnerability and early warning-the black bar safety net

Foreign security researchers Moritz Bechler in 2 months found a Jenkins remote command execution vulnerability the vulnerability without having to login you can use, that is, the CVE-2 0 1 6-0 7 8 8 is. The official announcement is such description of this vulnerability: A vulnerability in the...

Struts2 exploits tool Devmode version released with the source code-the vulnerabilities and early warning-the black bar safety net

! Disclaimer: This tool is for security testing purposes, the prohibition of the illegal use. Please pay attention and check the tool Safety. When Struts2 turn on devMode mode, will lead to a serious remote code execution vulnerability. If the WebService to start a permission is the highest...

Vulnerability warning: Struts2 devMode lead to remote code execution vulnerability-vulnerability warning-the black bar safety net

Last month mid Struts2 vulnerability warning was out, this latest remote code execution vulnerability has been non-stop here. But this time, the vulnerability that happens in devMode mode--the previous official has to inform the user, need in the website officially launched prior to the devMode...

Hackers still use the old Office vulnerability for cyber-attacks-vulnerabilities-warning-the black bar safety net

! Recently, the Microsoft company said hackers in many network attacks, is still in use with one to 4 years ago, found that the Office software vulnerabilities. Hackers exploit Office software in the presence of this vulnerability, the use of the production of a good document to spread malware...

The Web in conditions of competitive Race conditions）vulnerability-vulnerability warning-the black bar safety net

In order to improve developer and network security personnel on the conditions of the competitive attacks of vigilance,I wrote this blog. I think not many people know about this problem,to this end, I researched some of the points system is susceptible to conditions of competition to attack the C...

BMW in-car infotainment system ConnectedDrive aeration remote control 0day vulnerabilities-vulnerability warning-the black bar safety net

! ConnectedDrives is the BMW car infotainment system, The system can move the APP to manage the vehicle. In addition to the APP, the system also provides a complete Web application. Vulnerability lab security researcher BenjaminKunz Mejri in to the BMW official submission of a vulnerability five...

BMW connected car storage 2 items could be used by hackers to steal the vehicle-vulnerability warning-the black bar safety net

According to the American automotive news website autoevolution reports, the BMW ConnectedDrive portal there are two“zero-day exploit”that could be used by hackers to control the multimedia device associated with the vehicle settings. ! BMW connected car storage 2 items could be used by hackers t...

Dropping Elephant hacker group using the old Windows vulnerability to implementation attacks-vulnerability warning-the black bar safety net

! As the old saying goes:don't judge people on. For the network of criminal organizations is the same,not only from its use of the vulnerability to determine a hacker organizations. According to foreign media reports,Kaspersky Lab's global research and analysis team has discovered a network of...

Vulnerability warning: the Spring Boot framework, the expression injection vulnerability-vulnerability warning-the black bar safety net

High-risk vulnerability exposure always occurs at an unexpected moment: the weekend all of them are ready to enjoy the weekend time, the Spring Boot framework SpEL expression inject Common Vulnerability exposure exploit this vulnerability, a remote attacker on the server to execute arbitrary...

Hack by BMW portal vulnerability to tampering BMW vehicle set-bug warning-the black bar safety net

BMW ConnectedDrive portal to the presence of the two vulnerabilities may allow an attacker to manipulate with the BMW infotainment system vehicle settings. ! ConnectedDrive is the BMW car infotainment system name. The system can be in-car use, or by a series connection of a mobile application to...

D-Links Wi-Fi Camera in the presence of a vulnerability will affect more than 1 2 0 different products-vulnerability warning-the black bar safety net

! According to foreign media reports, security experts discovered a software plug-in, this component will be D-Links Wi-Fi camera is exposed to a remote attack risk. In addition, making the current situation worse, in the company's products, there are about 1 2 0 more products are using this...

0day vulnerabilities: hackers from the BMW portal tampering with car information-bug warning-the black bar safety net

http://www.zdnet.com/Article/hackers-can-tamper-with-car-registration-through-bmw-connected-car-portal/ ! ConnectedDrive portal and BMW of the domain is very vulnerable,the hacker can not patch the vulnerability to attack. Researchers have recently disclosed the impact of the BMW the BMW website...

Free SSL tools have vulnerabilities hackers can get any domain name of the SSL certificate-vulnerability warning-the black bar safety net

! 0 0 0 0 The Dutch security companyCompuTestsecurity researcherThijs Alkemadein Israel the companyStarCom, poweredcreate publish freeSSLcertificate toolStartEncryptfound in a number of design and implementation defects. StarCom, powered by the Let's Encrypt project, inspired, in 6 on 4, launch...

Secret smart watch and fitness band how to leak your ATM password-vulnerability warning-the black bar safety net

! In this article at the beginning,I would like to start by asking you a simple question:your dominant hand is the left hand or right hand? This is a very simple question,this question will not bring you any loss. But the next question is not necessarily:are you in your dominant hand wearing a...

Vulnerability can bypass the encryption endanger the majority of android devices-vulnerability warning-the black bar safety net

! Chip manufacturer Qualcomm mobile processors in the presence of a vulnerability,the vulnerability exists in 6 0% of the android phone,the attacker can use it to hack the device in the full-disk encryption. All running the Qualcomm processor android device only 1 0% can be from this attack. Duo...

Docker security of those things-vulnerability warning-the black bar safety net

In the past year, the container being at an amazing speed of development, the country also has a large number of Internet companies in the production environment using Docker, which are also million units of the scale. The other day the clouds exposed Swarm configuration problem caused by the...

Browser exploits Getting Started-vulnerability warning-the black bar safety net

0x00 cve-2 0 1 2-1 8 8 9 IE This article is mainly want to record myself from the small white begin to contact under windows IE vulnerability debugging process, but also to think of is give more newbies a reference of the tutorial. Large cow light spray! The beginning is want to do this hole in x...

Lenovo then notch security vulnerability crisis hackers can bypass the security Protocol attack-vulnerability warning-the black bar safety net

According to foreign media news that the Lenovo computer security vulnerabilities, hackers can bypass Windows security Protocol of the United Nations want the computer to attack. But for this speech, and Association aspects of the public statements, there is a problem of the code not by Lenovo to...

Lenovo Notebook now UEFI zero-day vulnerabilities the hacker can be attack-vulnerability warning-the black bar safety net

According to foreign media reports, the Security Institute Dymtro Oleksiuk said that hackers can bypass Windows basic security Protocol of the United Nations want the computer to attack, the reason is Lenovo PC drivers from Intel directly copy and paste. And other OEM vendors such as HP also exis...

inc-by-one of the advanced exploit techniques-vulnerability warning-the black bar safety net

0x00 Preface What is the inc-by-one to? For example, there is such an instruction: inc dword ptreax+8, This instruction is executed the effect is to make eax+8 address of value plus 1, similar to the c languageeax+8 = eax+8 +1, If we can control the eax value, then this is one of the inc-by-one...

The Siemens power monitoring system there are two information disclosure security vulnerability-vulnerability warning-the black bar safety net

Positive Technologies security experts to review Siemens SICAM PASpower automation systemafter the solution is found, Siemens SICAM PAS, the presence of two information disclosure VulnerabilityCVE-2 0 1 6-5 ! Security experts to the West door company to report a safety issue, Siemens immediately...

Foxit vulnerability: the 4 billion users at risk-vulnerability and early warning-the black bar safety net

! The popular PDF reader Foxit developers recently fixed a 1 2 at the risk of security vulnerabilities,these vulnerabilities may lead to remote code execution. This reader has about 4 million users,they think this is a Adobe Reader is the perfect alternative. The official fix for the windows and...

Linux kernel in a recursive exploit-vulnerability warning-the black bar safety net

6 on 1 Number, I have submitted a linux kernel in any recursion vulnerability. If the installed Ubuntu system when choosing a home directory encryption, the vulnerability to by a local user to trigger. If you want to know the exploit code and a short bit of the vulnerability report, please visit...

Uber promo code vulnerability allows hackers a free ride-vulnerability warning-the black bar safety net

! Do you want to by Uber taxi services to travel free? If you are the Uber taxi service loyal users,or you've ever used Uber to call a car service,then this article will definitely make you excited. Because there is a name from the Egypt independent security researcher in the Uber app found a...

Get the passenger and the owner of the personal information? This note Uber logical vulnerability“combination punches”worth a look-vulnerability warning-the black bar safety net

! Uber recently finally opened up its vulnerability reward program, and encourage white-hat gate expand on the Uber online service vulnerability mining. Please with FreeBuf xiaobian together look at this a few logical loopholes the formation of“combination of Boxing” it. Information collected...

Swagger exposed a remote code execution vulnerability affects Java, PHP, NodeJS and many other development languages-vulnerability warning-the black bar safety net

Vulnerability description The Swagger specification is widely used in Html, PHP, Java and Ruby and other popular languages to develop applications, which has recently been exposed a remote code execution vulnerability, the potential impact on Java, PHP, NodeJS and Ruby and other popular languages...

the linux kernel recursive vulnerability--translated from P0 of the article-vulnerability warning-the black bar safety net

Linux gives each user process is assigned a 8M the size of the stack, if the program runs out of this stack, such as with the infinite recursion, it will trigger the stack to the back of the page protection. But the Linux kernel stack is very different, especially in the processing of the system...

ImageMagick vulnerability in Wordpress4. 5. 1 The above use-vulnerability warning-the black bar safety net

0x00 ImageMagick vulnerability analysis About ImageMagick vulnerability detailed analysis, phith0n has been in tick aboveImageNagick vulnerability Points allowedhas been for this vulnerability were described in detail. I this article is primarily directed to the ImageMagick vulnerability in...

WVSS and RSAS to help you quickly detect Apache Struts2 remote code execution vulnerability S2-0 3 7-vulnerability warning-the black bar safety net

Apache Struts2 using the REST plugin the cases, the attacker uses REST calls malicious expression can be remote code execution. The vulnerability number CVE-2 0 1 6-4 4 3 8, Set Name, S2-0 3 to 7. The vulnerability and S2-0 3 3 vulnerability to trigger the process is basically the same, are in th...

BadTunnel Super Vulnerability CVE-2 0 1 6-3 2 1 3 Technical Analysis and protection solution-vulnerability warning-the black bar safety net

2 0 1 6 6 1 5 November, Microsoft released 6 October Security Update, Microsoft fixes a Windows 9 5 to Windows 10 all editions of theoperating systemvulnerabilities that could become a Windows vulnerability in the history of the impact of the widest range of vulnerabilities. Do not panic, listen ...

CVE-2 0 1 5-7 5 4 7 analysis and use-vulnerability and early warning-the black bar safety net

0x01 analysis This vulnerability analysis and how to build a test environment k0 chef in seebug and mrh God in the drops of the articles are written very in detail, in the following reference to Annex A of the original address. I was standing on the shoulders of Giants to write some of your own i...

Open-source compression library Libarchive exposed high-risk vulnerabilities, affect the Debian Linux, FreeBSD, etc. a large number of products-vulnerability warning-the black bar safety net

! The recent Libarchive has been exposed security vulnerabilities--Libarchive is an open source compression Library, for a variety of different file archive formats. Libarchive application range is very wide, therefore, so a large number of natural also will be affected, such as Debian Linux,...

search-guard in Elasticsearch 2.3 use-vulnerability warning-the black bar safety net

Reference content： http://kibana.logstash.es/content/elasticsearch/auth/searchguard-2.html https://groups.google.com/forum/! forum/search-guard https://github.com/floragunncom/search-guard This article is based on the following software versions, different versions may have slightly differences:...

Android security development of ZIP file directory traversal-vulnerability warning-the black bar safety net

ZIP compressed package file to allow the presence of“../”string, an attacker can carefully construct the ZIP file, use multiple“../”thereby changing the ZIP package to a file in the storage position, the cover to replace the application the original file. If the overwritten file is available. so...

Theory PHP Common Vulnerabilities first bomb: installation problems-vulnerability warning-the black bar safety net

First get a copy of the source code, certainly is the first install, and the installation file will often appear problem. Generally the installation file after the installation is complete, basically not automatically delete the install file, I encountered will be automatically deleted if it...

"Hotpatch"potential security risks-vulnerability warning-the black bar safety net

IOS App developers often occur such problems: when a new version launched after the discovery of the presence of a serious bug, likely because of a logic problem resulting in the payment interface there is is pulling the wool of the risk, this time can do only is to get the repair complete securi...