From Australia driving license, steal the user's identity information-vulnerability warning-the black bar safety net

It is understood that the criminals may be from the Australia driver license in stealing the user's identity information, and the relevant authorities aware of this situation after, and not re-distribute new driver's license number, so that the victims for many years are affected by this problem...

Cisco fixes high-risk network security equipment vulnerability-vulnerability warning-the black bar safety net

! These defects can be specially crafted HTTP request to use to cause a denial of service condition The Cisco system had been repaired four denial of service vulnerability these vulnerabilities can be exploited by attackers to cause network security devices to stop properly handle network traffic...

FFmpeg remote file stealing vulnerabilities – moving end of the safety analysis report-vulnerability warning-the black bar safety net

0x1 vulnerability of origin FFmpeg remote file stealing vulnerabilities original source is Foreign vulnerability of the platform,the last year has been in the CTF match is used. Official in January of this year released the fixed version and published the vulnerability number CVE-2 0 1 6-1 8 9...

Symantec/Norton anti-virus engine remote Heap/Pool memory corruption vulnerability analysis CVE-2 0 1 6-2 2 0 8-a vulnerability warning-the black bar safety net

! Recently, Symantec and Norton products using the core anti-virus engine was traced to the presence of high-risk vulnerabilities. It is in the parsing by aspack early version of the packaged executable file will occur when the buffer overflow, leading to memory corruption, Windows systems blue...

Support drag-and-drop“click-hijacking vulnerability in”using the tools: CJExploiter-vulnerability warning-the black bar safety net

CJExploiter is a support drag-and-drop Clickjacking vulnerability using an auxiliary tool. First, in the local use browser to open“index.html”, enter the target URL and click on“View Site”to. You can customize the JS, and finally click on the“Exploit it”, you will be able to get the POC. !...

php imagecreatefrom* functions of the png-vulnerability warning-the black bar safety net

0x00 introduction This article mainly analyzes the php using the GD library imagecreatefrompng function to rebuild the png image may lead to local file inclusion vulnerability. When the system is the existence of the file contains the points, can contain a picture file; in addition the system the...

Docker is not authorized to access the statistics report-vulnerability warning-the black bar safety net

! 2 0 1 6 5 1 7,, a platform broke Docker Swarm cluster port opening is exposed to the outside,resulting in remote unauthorized access vulnerability,then the executable Docker node specific command. To exploit the vulnerability directly obtain root privileges. What is Docker? Docker is an...

Use CouchDB to unauthorized access vulnerability to execute arbitrary system commands-bug warning-the black bar safety net

5 on 1 6, Ali cloud shield defense against the team from external sources informed that the CouchDB database exists for unauthorized access vulnerabilities in the configuration is incorrect. After the test, the cloud shield team was the first to discover the use of the unauthorized access...

How to Exploit libphp7. 0. so in Apache2-vulnerability warning-the black bar safety net

Before foreign cattle were made portion of the blog Double Free in the Standard PHP Library Double Link List CVE-2 0 1 6-3 1 3 2 Their article details the vulnerability causes $var1=new SplStack; $var1-offsetSet1 0 0,new DateTime'2000-01-01'; //DateTime will be double-freed...

Vulnerability warning: Docker Swarm Manager remote management port access-vulnerability warning-the black bar safety net

! Docker is a domestic and international Cloud Platform common application the lightweight container, AWS, Baidu, etc. are used. Typically used for lightweight deployment of applications. In Docker Swarm of deployment documentation, since the default there is some insecurity in the sample...

PayPal Deposit major vulnerability, 1 0 seconds no need to verify stolen brush Bank card within the amount-vulnerability warning-the black bar safety net

! Usually online often see Alipay stolen brush cases, but from their very far, did not expect this thing but in this day are happening in my body. The genuineness, without warning. Only 1 0 seconds, I did not receive any input the verification code or Payment password in the process, the Bank car...

Adobe issued a warning: cybercriminals are taking advantage of the Flash 0 day vulnerabilities-vulnerability warning-the black bar safety net

! As the title of this article, if the user in Windows, Mac, Linux, or Chrome OSoperating systemon the platform to install the Adobe Flash plugin, then the user will likely be subjected to hacker attacks. Adobe has released a security Bulletin and in the Bulletin to remind the user that the Flash...

Chrome 5 a vulnerability to be fixed, Google rewards finding vulnerabilities personnel 2W $ -bug-warning-the black bar safety net

Recently, the Google company published the announcement, urged the majority use Windows, Mac OS and Linux operating system user as soon as possible to update their terminals on the Chrome version, in order to eliminate the 5 vulnerability to bring security risks. On has aeration out of 5...

Windows Zero-Day Vulnerability, CVE-2 0 1 6-0 1 6 7: the attack Payment Card data-vulnerability warning-the black bar safety net

2 0 1 6 years 3 month, there has been a batch of economic motivation to the retail, Foodservice and hospitality industry as the target of the attack, these attacks, the message contains a large number of with embedded macros of the Microsoft Word document, once downloaded it will execute a named...

The use of SSRF vulnerability to take over the APP server-the vulnerabilities and early warning-the black bar safety net

SSRF attack refers to an attacker forcibly control the presence of vulnerabilities of the server,thereby sending a malicious request to a third party server or internal resources. And then use the vulnerability to launch specific attacks,such as cross-site port attacks,service enumeration, and a...

Security Alert: WordPress Forum plug-in bbPress, there is stored XSS vulnerability, the impact of fix version 2. 5. 9 all previous versions-bug warning-the black bar safety net

Recently, the WordPress parent company Automattic released bbPress 2.5.9 version in the official WordPress Forum plugin to the latest version, fixes a higher threat of the storage typeXSSvulnerabilities that affect the scope include existing bbPress version, i.e., version 2.5.9 of all will suffer...

ImageMagick（CVE-2 0 1 6-3 7 1 4 implementation process, vulnerability analysis, and solution-vulnerability warning-the black bar safety net

! What is ImageMagick ImageMagick is a free to create, edit, composite picture software. It can read, convert, write a variety of formats pictures. Picture cut, color replacement, various effects application, image rotation, composition, text, line, polygon, ellipse, curve, attached to a picture ...

From 0 to TrustZone in the second article: the QSEE mention the right vulnerability and the use of CVE-2 0 1 5-6 6 3 9-a vulnerability warning-the black bar safety net

! In this article, we discuss how to find and exploit a vulnerability, access to Qualcomm secure execution environmentQSEEof the code execute permissions. Related reading From 0 to TrustZone first article: explore the high-pass SEE safe executable environment QSEE attack surface In a previous...

In-depth understanding of cross-site WebSocket hijacking vulnerability principle and prevention-vulnerability and early warning-the black bar safety net

Preamble WebSocket as the HTML5 new features, one of extra to attract the developer's attention, because it appears that the client mainly refers to the browser provided on the Socket support as possible, so in between the client and server provides a based on a single TCP connection is a...

GitLab expose serious vulnerabilities, providing patch-vulnerability warning-the black bar safety net

GitLab has just announced to fix a series of important security issues, including an important elevation of Privilege. GitLab is strongly recommended that all installed 8. 2 and the subsequent version of the user as soon as possible to upgrade. GitLab has discovered a serious vulnerability that...

3 6 0 Marvel Team virtualization vulnerabilities the fifth bomb: CVE-2 0 1 6-3 7 1 0 Dark Portal vulnerability analysis-vulnerability warning-the black bar safety net

From 2 0 1 5 year 5 month venom vulnerabilities raging global Cloud Platform, 3 6 0 Marvel Team accumulated in kvm, xen, vmware platform on found submitted up to 2 2 pieces of high-risk security 0day vulnerabilities, these vulnerabilities will lead to a General purpose cloud system was hacked...

About Apache Struts 2 S2-0 3 2 vulnerability threat monitoring and emergency disposal of the case Bulletin-vulnerability warning-the black bar safety net

4 the end of the month, the Apache struts2 S2-0 3 2 remote code execution vulnerability CNVD-2 0 1 6-0 2 5 0 6, The CVE-2 0 1 6-3 0 8 1, hereinafter referred to as S2-0 3 2 vulnerability, the exploit code is disclosed and in a short time spread rapidly. CNVD Secretariat-National Internet emergenc...

Through the NVD vulnerability database to see recent vulnerability trends-vulnerability warning-the black bar safety net

2 0 1 6 years has been in the past less than half it's time over the past few years, the vulnerability analysis. The present article will be on the NVD vulnerability database over the last 5 years vulnerability analysis, look at the vulnerability of the development trend is like. Why the choice o...

Microsoft Office 3 6 5 platform SAML service vulnerability, unauthorized access to other users of the resource-vulnerability warning-the black bar safety net

! Recently, two security researchers, Klemen Bratec and Ioannis Kakavas, announced they found one in Microsoft Office 3 6 5 platform on the SAML service vulnerability that can be exploited to perform cross-domain authentication bypass, and eventually to 3 6 5 on the platform of the all the Federa...

CVE-2 0 1 6-1897/8 - FFMpeg vulnerability analysis-vulnerability warning-the black bar safety net

This time there are a lot of vulnerabilities to a sudden outbreak, just like these days of ImageMagick vulnerability swept through the domestic Internet. This a day or two in the black bar safety net@Noxxx first made a two major manufacturers of FFmpeg vulnerabilities, and then also by the other...

2.7 billion Gmail, Yahoo and Hotmail accounts were compromised-the vulnerability warning-the black bar safety net

Russian users of Gmail, Yahoo and Microsoft email Hotmail, etc. 2. 7 2 3 million accounts were compromised, and in the Russian underground black market trade. ! This time, Russian hackers successfully conducted a massive data leak accident. In this cyber attack, hackers stole 2. 7 2 3 million...

Safety warning: PHP zip component integer overflow remote command execution-vulnerability warning-the black bar safety net

A, detailed description: In PHP 7 is due. x versions, which php Vulnerability report at 3. 2 9 has been submitted to the vulnerability to official ! 4. 2 8, official released 7. 0. 6 version fixes the vulnerability, while the author in github released the exp ! Second, the problem of proof: !...

ImageMagick vulnerability analysis and protection solution-vulnerability warning-the black bar safety net

Mail. Ru security team found several on the ImageMagick software vulnerabilities and submitted to the ImageMagick developers for repair. ImageMagick official in 2 0 1 6 year 4 month 3 0 day release a new version 6.9.3-9 repair remote code execution, but the repair is not complete, after the secon...

CVE-2 0 1 6-3 7 1 4 - ImageMagick command to perform the analysis-vulnerability warning-the black bar safety net

ImageMagick is a usage of a very wide image processing program, many manufacturers are calling this a program for image processing, including image scaling, cutting, watermarking, format conversion and more. But recently researchers have found that, when the user of the incoming contains...

OpenSSL technology analysis and treatment recommendations-vulnerability warning-the black bar safety net

2 0 1 6 4 2 8 on Thu Apr 2 8 1 3:2 0:1 3 UTC 2 0 1 6, the OpenSSL official announcement will be in 2 0 1 6 years 5 months 4 days Thu May 3 1 2:00 to 15:0 0 UTC 2 0 1 6 released new version, fix more on the OpenSSL high-level threat vulnerability. OpenSSL Bulletin the following address:...

Windows kernel Vulnerability CVE-2 0 1 6-0 1 4 3 analysis-vulnerability warning-the black bar safety net

4 on 2 0 March, Nils Sommer in the exploitdb on broke a new Windows kernel vulnerability PoC. The vulnerability affects all versions of Windows operating system, the attacker after the success of available privilege escalation, Microsoft in 4, on patch day fixes the vulnerability. 0×0 1...

Qualcomm MSM debugfs kernel of any address written to the vulnerability analysis CVE-2 0 1 6-2 4 4 3-the vulnerability warning-the black bar safety net

Recently, Google posted 5 month patch update, this total fix 3 2 vulnerability. Which contains a Qualcomm vulnerability, the threat level of the high-risk, the CVE number for CVE-2 0 1 6-2 4 4 3,CNNVD coding for CNNVD-2 0 1 6 0 5-0 6 to 0. This paper mainly analyzes the vulnerability of the...

The use of ransomware Locky's vulnerability to the immune system-vulnerability warning-the black bar safety net

In 2 0 0 9 years, we use the immune system to protect the workstation or server against the rapid spread of the worm Conficker invasion. Let's take a look at whether we can take this a defense of the concept used in ransomware Locky. Below we will of the system some minor modifications, to build ...

Safety warning: the ImageMagick image processing software there is a remote code execution(CVE-2 0 1 6-3 7 1 4)-vulnerability warning-the black bar safety net

ImageMagick is a popular image processing software, there are numerous Web sites use it for image processing, but in the present on Tuesday, ImageMagick disclose a serious 0day vulnerability, and this vulnerability allows an attacker to upload a malicious configuration of the image file on the...

WordPress Typecho xmlrpc vulnerability-vulnerability warning-the black bar safety net

Generally we are concerned with WordPress, after all, the amount of users is huge, while the domestic Typecho as a lightweight blogging system on the concern of the people is not much. Typecho has a lot to draw on WordPress, including a compatible xmlrpc interface, and the WordPress of this...

Samsung's SmartThings platform is explosive new vulnerabilities, can trigger the fire alarm-vulnerability warning-the black bar safety net

The researchers found that Samsung's SmartThings platform, there are multiple vulnerabilities for the attacker to invade a victim's home the door open. ! Security research team found in Samsung SmartThings platform in the presence of a plurality of security vulnerability for the network attacker ...

HTTP. sys remote code execution vulnerability in the repair method-vulnerability warning-the black bar safety net

Vulnerability description If an attacker to the affected Windows System to send a specially crafted HTTP request, this vulnerability allows for remote code execution. After security personnel test, serious harm, Please as soon as possible repair. This security update fixes the vulnerability in...

CVE-2 0 1 6-1 0 1 9: a Magnitude attack tool flash vulnerability-vulnerability warning-the black bar safety net

Last month, Proofpoint has a security researchers found the Magnitude of attack tools there appears to be some new stuff. So in their cooperation we analyzed the sample and found that Magnitude EK added before exist in the Adobe Flash Player Vulnerability, cve-2 0 1 6-1 0 1 9, and then the wild u...

The NTP daemon has a number of vulnerabilities need to fix-vulnerability warning-the black bar safety net

! Cisco to the Linux Foundation's Core Infrastructure implementation plan submitted by a number of the Network Time Protocol daemon vulnerability. They can allow an attacker to forge a UDP packet, causing a denial of service;or stop to set the correct time. Cisco's Talos security intelligence and...

Cisco found a million PCS there is a backdoor spying program-vulnerability warning-the black bar safety net

Security expert to remind the majority of PC users: France Tuto4PC company quietly on your PC the binding of adware and spyware. ! Cisco's Talos Group of security researchers says: the French company of some of the other tools, including OneSoftPerDay and the System Healer, etc., are the presence...

The use of PHP 7 is due to the OPcache execute PHP code-bug warning-the black bar safety net

from:http://blog. gosecure. ca/2 0 1 6/0 4/2 7/binary-webshell-through-opcache-in-php-7/ In the PHP 7.0 release at the beginning, there are a lot of PHP developers for its performance improvement is very attention. In the introduction of OPcache, PHP performance has been greatly improved, many...

Android Minikin library out of bounds write denial of service vulnerability analysis-vulnerability warning-the black bar safety net

In this month's Android patches, Google fixes Minikin library in a denial of service vulnerabilityCVE-2 0 1 6-2 4 1 4 a. Early in the year 3 beginning of I To of Google reported this vulnerability, but Google confirmed that the flaw with last 1 1 month another expert report BUG26413177 is the sam...

Attention! Struts 2 s2-0 3 2 remote code is again a wave of black rhythm-vulnerability warning-the black bar safety net

1. Description: Struts 2 is the Struts of the next generation of products, is in the struts 1 and WebWork technology based on a merge of the new Struts 2 framework. Its brand new Struts 2 architecture and Struts 1 architecture the difference is huge. Struts 2 with WebWork as the core, using the...

Windows 1 0 vulnerability exposure:hackers to remotely control computers-vulnerability warning-the black bar safety net

Recently a new Win10 vulnerability is exposed, the security tools AppLocker there is a serious problem, the attacker can add a program to the black list, the collapse of the user's computer defence, so as to facilitate the control computer, to achieve remote control purposes. ! Win10 aeration...

Struts2 method invocation remote code execution vulnerability, CVE-2 0 1 6-3 0 8 1 Analysis-vulnerability warning-the black bar safety net

0x00 vulnerability description 2 0 1 6 4 2 1, Struts2 official released two CVE, wherein CVE-2 0 1 6-3 0 8 1 Official rating is high. The main reason for the user to open the dynamic method call case, a would be attacker to achieve remote code execution attacks. From my own search of the situatio...

CVE-2 0 1 6-1 0 1 9 Flash vulnerability being added to exploit kit package-vulnerability warning-the black bar safety net

4 on number 2, security researcher @Kafeine found that Magnitude of vulnerability use tools to pack a few changes. Very grateful he found the collection of these samples, we analyzed them and found that the Magnitude of the tool in the package to update an unknown Adobe Flash PlayerCVE-2 0 1 6-1 ...

Struts2 s2-0 3 2 remote code execution analysis-vulnerability warning-the black bar safety net

1. Description Struts 2 is the Struts of the next generation of products, is in the struts 1 and WebWork technology based on a merge of the new Struts 2 framework. Its brand new Struts 2 architecture and Struts 1 architecture the difference is huge. Struts 2 with WebWork as the core, using the...

MS16-0 3 2 pass to kill high Version Windows-vulnerability warning-the black bar safety net

Loopholes every year, this year much more special ! Might have problems could not load file. ps1, because in this system prohibits the execution of a script. Perform set-executionpolicy remotesigned Select Y. Support machine Win7-Win10 & 2k8-2k12 Tested on x32 Win7, x64 Win8, the x64 2k12R2...

DameWare mini remote control Vulnerability CVE-2 0 1 6-2 3 4 5: let you play with remote controller-vulnerability warning-the black bar safety net

! In doing a security assessment, we often encounter some allow an administrator on the network remote management system software. Although very convenient, but a variety of package leads to the remote access system, there are some security risks. In this article, we will detail the way in a plac...

Oracle's April patch update fixes 1 3 6 vulnerability-vulnerability warning-the black bar safety net

This week,Oracle Corporation in this quarterly critical vulnerabilities to repair program,to fix the present in 4 of 6 different products in 1 3 6 vulnerabilities. Which has more than half of the vulnerabilitiesa total of 7 2have been a corresponding CVE number,these vulnerabilities can in no...