the php framework slim architecture on the presence of the XXE vulnerability, XXE typically present in the form of-vulnerability warning-the black bar safety net

Modern cms framework laraval/symfony/slim, leading to today's php vulnerability appears point, principle, using method, has undergone some changes, this series can hope to summarize their excavation of such a cms vulnerability. slim is one of the design ideas ahead of the well-known of php light...

Android system vulnerability to mention the right-vulnerability warning-the black bar safety net

A preamble 1.1 what is the root Root-that is, we here that the system provides the right, typically is for Android system mobile phone, it makes it so that the user can get the Android operating system the super-user permissions. the root is generally used to help users over the phone to...

nmap 7.10 issued(an increase of 1 to 2 new scripts&bug fixes&increased os identification)-vulnerability warning-the black bar safety net

! This offering Namp 7.10 in the previous version on the basis of a lot improved! Add 1 2 A of the NSE scripts, hundreds of OS system and version fingerprint recognition, of course, there are also some small detail improvements and Bug fixes. The source code and for Linux, Windows, Mac system...

An iOS 0-day will lead to iCloud photos and videos in crack-vulnerability warning-the black bar safety net

There is a bad news, the Johns Hopkins University's Matthew Green, a Professor in the iOS encryption system found a 0-day vulnerability, which could allow a skilled attacker to intercept and decipher iMessages on. However, the good news is that this vulnerability is hard to exploit. Green explain...

Google emergency release patches, to fix the Android system is high-risk to mention the right Vulnerability, CVE-2 0 1 5-1 8 0 5-the vulnerability warning-the black bar safety net

Google released emergency security patches to fix the impact of the Android operating system elevation of privilege vulnerability CVE-2 0 1 5-1 8 0 5 in. Affect all Nexus devices and part of Android Google has released an emergency security patch to fix the impact of the Android operating...

Keep an eye on your computer: memory vulnerable to malicious attacks-vulnerability warning-the black bar safety net

Recently, security researchers demonstrated a new Rowhammer attack, using this technology can attack some of the DDR4 memory module. Rowhammer attacks affect a wide Rowhammer attack is known to be in the 2 0 1 4 year, Carnegie Mellon University researchers in a sufficient number of access number ...

BoxSoft WAV to MP3 Converter software vulnerability analysis CVE-2 0 1 5-7 2 4 3-the vulnerability warning-the black bar safety net

1, software description BoxSoft WAV to MP3 Converter is a 1 0 0% free powerful audio conversion tool that can Batch the WAV format files into high-quality MP3 audio files, it is equipped with a standard audio encoder, you can set the bit rate and a conversion of the plurality of audio files,...

See how I withdraw your QQ message, not fix-bug warning-the black bar safety net

0x01 Specific ideas: In with the PC end of windows chat, First you need to put the QQ chat friends window using colorful bubbles off, Then you send each other a message,right click your message, There will be a withdraw option,don't worry. point, Waiting for the other to send a message to come ov...

S2-0 2 9 Struts2 tag remote code execution analysis with POC-the exploit-warning-the black bar safety net

Struts2 tag library provides themes, templates support, which greatly simplifies the view of a page of writing, and, struts2 theme, the template provides a good scalability. To achieve a better code reuse. Struts2 allows the page to use a custom component, which can fully meet the project page...

Redis is not authorized with SSH free password login vulnerability and fix-vulnerability warning-the black bar safety net

! REDIS1 Read: 6 0 2 The author of this article take you to understand what is Redis, and understand the Redisc client redis-cli, Redis Desktop Manager Redis commonly used Key operation command, the configuration commands on the Redis unauthorized use with SSH free password login, and solve using...

Struts2 S2-0 2 9 remote code execution vulnerability: a preliminary study-vulnerability warning-the black bar safety net

0×0 1 Struts2 tag library Struts2 tag libraries to use OGNL expression to access the ActionContext object in the data. In order to be able to access to the ActionContext in the variable, Struts2 the ActionContext is set to OGNL context, and the OGNL with objects added to the ActionContext. In...

Than 3 1 5 party exciting! Touch under the ass, the“flash pay,”the Bank card information can be“Flash to steal it!” - Vulnerability warning-the black bar safety net

! /Article/UploadPic/2016-3/2016317103231926.jpg Yesterday, the CCTV 3 1 5 party exposure has a presence in the POSS machine vulnerabilities, criminals do not need Bank card password can also brush away the user card on the funds. Today I'll introduce a superb steal credit card and debit card...

v2. 7. 1 The following version of the Git in the presence of vulnerabilities, or may lead to remote code execution-vulnerability warning-the black bar safety net

It is understood that the security researchers in 2. 7. 1 version before all versions of the Git found a security vulnerability in its server and client are the presence of this vulnerability. An attacker can exploit this vulnerability to cause the target system to a buffer overflow, resulting in...

Squid remote denial of service vulnerability analysis-vulnerability warning-the black bar safety net

Introduction The Squid Cache is an HTTP proxy server software. The Squid a wide range of uses, can be used as a cache server, may filter traffic help network security, but also can be used as a proxy server in the chain of a ring, the up-level proxy to forward the data or directly connected to th...

Apache Struts 2 remote code execution vulnerability(CVE-2 0 1 6-0 7 8 5)-vulnerability warning-the black bar safety net

Apache Struts 2 is the world's most popular Java Web serverframework. Unfortunately, however, a security researcher in the Struts 2 on found a remote code execution vulnerability. Currently the Apache official published announcement, the vulnerability risk level is high risk. The black bar safety...

iOS song of ice and fire fan outside the post - App Hook the Q & A and iOS 9 bash shell-vulnerability warning-the black bar safety net

In the previous Chapter we talked about in a non-jailbreak iOS on the App Hook. Using this technique, you can be in a non-jailbreak iOS on the system to achieve a variety of hook features, e.g., micro-channel auto-grab a red envelope, the automatic chat robot, game plug-in, etc. But because of...

PHP local file inclusion vulnerability environment to build and use-vulnerability and early warning-the black bar safety net

0x00 description php local file inclusion vulnerability related to knowledge, the dark clouds on the earlier to have appropriate articles, lfi with phpinfo earliest by large foreign cattle raised, reference the following two articles. The use of the principle is to use the php post to upload file...

Through the mouse scroll wheel to move the data to obtain the Tor browser anonymous user fingerprint-vulnerability warning-the black bar safety net

Through the Internet The Secret ability to communicate for different political molecules and radicals is very important. Then again, almost everyone will care about on the network, privacy issues. Although the Tor network itself provides the user with a high privacy level, so most people are almo...

Microsoft“WebDAV”to mention the right Vulnerability, cve-2 0 1 6-0 0 5 1）The century-vulnerability and early warning-the black bar safety net

On cve-2 0 1 6-0 0 5 1 In Microsoft's official DESCRIPTION is as follows: If Microsoft Web Distributed Authoring and Versioning WebDAV client to validate the input properly, then which will present elevation of privilege vulnerability. Successful exploitation of this vulnerability an attacker...

How to understand stack and heap overflow exploits-a vulnerability warning-the black bar safety net

This article is a detailed description of the heap,and will teach you how to write a heap-based overflow vulnerability. Run the following program: include include include int mainint argc, char argv char buf1 = malloc1 2 8; char buf2 = malloc2 5 6; read's filenostdin, buf1, 2 0 0; freebuf2;...

Two kind of vulnerabilities, you can make a billion Android phone is to obtain Root permissions-bug warning-the black bar safety net

Trend Micro reported that billions of Android device on the discovered vulnerabilities, an attacker by a simple operation to obtain root access. Currently on the market most of the smart devices are using the Qualcomm Snapdragon SoCs system chip, according to the company's official website...

OpenSSL CVE-2 0 1 6-0 8 0 0 and CVE-2 0 1 6-0 7 0 3 bug fixes the details of pick-up fun-vulnerability warning-the black bar safety net

Details 3 6 0 including a portion of the information security practice of course, the“3 6 0 Information Security Department”progressively adhering to best security practices in the https and other ssl fields gradually made significant changes. Such as important system to prohibit unsafe cipher...

SpagoBI remote code execution vulnerability analysis requires authentication permissions-bug warning-the black bar safety net

Today we publish the second article—SpagoBI remote code execution vulnerability. In this article, I want to talk about SpagoBI And SpagoBI is a free open source Business Intelligence Suite, which consists of the Engineering Group's SpagoBI Labswww.eng.it SpagoBI Labs develop and manage, its goal ...

Portal Apache Jetspeed 2.3.0 and earlier versions: a remote code execution vulnerability analysis-vulnerability warning-the black bar safety net

! As my personal“friendship detect open source software security”one of the projects I'm ready to play play the Apache Jetspeed 2, which v2. 3 0 one. Jetspeed this stuff, used those words, that is: “An open portal platform and enterprise information portal, completely based on open standards,...

Technical analysis Potato provided the right principle-vulnerability warning-the black bar safety net

! Graphic unrelated 0×0 0 Preface A while ago included a Potato to mention the right tools, find the tools provide the right posture with the conventional tool are not the same, but with WPAD proxy related, so expand the test and analysis, primarily through the analysis of its network traffic to...

IORegistryIterator race condition vulnerability analysis and exploit-vulnerability warning-the black bar safety net

Author: shrekwzw@360NirvanTeam 0x00 description CVE-2 0 1 5-7 0 8 4 is due to the IORegistryIterator the user does not consider the state of multiple threads simultaneously call the case, causing a Race Condition that can lead to arbitrary code execution. Vulnerability exists in MAP version 3 2 4...

Technology share: how to use Python and PyInstaller to write a Windows malicious code-vulnerability warning-the black bar safety net

Disclaimer: This article is intended to share, not for malicious use! This article mainly shows is through the use of python and PyInstaller to build the malicious software of some poc. ! Known to all, malicious software and more will continued to target of the attack. And this is on windows ther...

Microsoft OAuth interface XSS, affecting user account security-vulnerability warning-the black bar safety net

One day, while I was browsing on Twitter information, I found a very interesting article, Wesley Wineberg in the Microsoft OAuth authentication interface found a CSRF vulnerability. This article makes me curious at the same time also provoked I can be in this place and then find a loophole of fai...

Technology sharing: the CBC, Padding Oracle attack re-interpretation, how to break HTTPS-bug warning-the black bar safety net

Why is a re-interpretation? Now about the Padding Oracle attack presentation, the better the articles including the content, are taken from this article in foreign languages. However, the text in the discussion a key issue of how to confirm the Padding bits, and no mention, which makes many puris...

Teaching content management system ATutor 2.2.1 injection vulnerability-vulnerability warning-the black bar safety net

Atutor is an open source“content management system”Learning Content Management System, referred to as LCMS。 Using PHP, MySQL, HTTP Web server is recommended to use Apache. Teaching content management system ATutor 2.2.1 injection vulnerability Atutor in addition to teaching content management...

Ali released 2 0 1 5 the mobile security vulnerability report-vulnerability warning-the black bar safety net

The first Chapter of 2 0 1 5-year application vulnerabilities 1.1 industry disclosure of the application vulnerability types and distribution 2 0 1 5 is an extraordinary year, all sectors of the media to the mobile application of the vulnerability degree of concern is also more and more high, the...

Fix weblogic JAVA deserialization vulnerability of a variety of methods-vulnerability warning-the black bar safety net

The current oracle is also not in the publicly released weblogic JAVA deserialization vulnerability official patch currently see the repair method is nothing more than two: Use SerialKiller replace the sequence of operation of the ObjectInputStream class; In does not affect the business case, the...

Thousand electronic safe actually so that you is open a-vulnerability warning-the black bar safety net

! With the electronic safe of the popularity, now there are more and more people began to pay attention to the electronic safe security recently security researchers exposed a crack electronic safe method, the following will take a look at it. Cheap attack high-return A safety Deposit box there a...

OpenSSL DROWN drown vulnerability detection and repair method-vulnerability warning-the black bar safety net

A, vulnerability Description: The now popular server and client to use TLS encryption,SSL and TLS protocols to ensure that users are surfing the Internet,shopping,instant messaging and not be read by third parties. DROWNdrownvulnerabilities allow an attacker to compromise the encryption system,by...

Drown cross-Protocol attack on the TLS vulnerability analysis-vulnerability warning-the black bar safety net

Ticker 2 0 1 6 years 3 month 2 days, the OpenSSL official released a new security Bulletin. Mentioned in the post to fix a high risk vulnerability--DROWN cross-Protocol attack on the TLS vulnerability. Baidu cloud security threat management team joint Baidu security Emergency Response Center the...

3 6 0 the end of the tour the ultimate firepower“stealth”,“the spike”, etc. vulnerability analysis-vulnerability warning-the black bar safety net

0x01 introduction Before sent over a patch a generic D3D game buck perspective plug-in, a buddy because the stock Duvet cover, with a plug-in to play the ultimate firepower of boredom, a do nothing level is too dishes light has a perspective or abused, please I helped him the whole point of the...

Flexera FlexNet Publisher, a stack-based buffer overflow vulnerability analysis CVE-2 0 1 5-8 2 7 7-a vulnerability warning-the black bar safety net

Recently, the security personnel in Flexera FlexNet PublisherLicense Managerdiscovered a stack-based buffer overflow vulnerabilities CVE ID: CVE-2 0 1 5-8 2 7 7, The CNNVD number: CNNVD-2 0 1 6 0 2-4 4 1, and can lead to remote code execution, and will be based on different software products...

Nissan Nissan Leaf electric car, and vulnerability-exposure-vulnerability warning-the black bar safety net

Recently, a famous security researcher revealed that some of the Nissan Nissan its Nissan Leaf electric car is vulnerable to hacker attacks, the vehicle-mounted system vulnerability will allow an attacker to hijack a car's air conditioning and temperature control system. ! Troy Hunt reported that...

finecms <= 2.3.0 arbitrary User Password Change-bug-warning-the black bar safety net

Impact version 1 4 4 1 8 Number Update 2. 3. 0 and previous versions. The latest version does not have this problem. Clouds explosion over a the use of violence to crack the code a way to reset the password, here the manner discussed with respect to the brute-force to lower costs. Looking directl...

Monkey race ray! RSA conference badge scanning application broke vulnerability-vulnerability warning-the black bar safety net

Recently, the BLUE BOX company's security researchers found: RSA 2 0 1 6 The General Assembly on the use of badge scanning APP there is a hard-coded default passwords. This year, RSA 2 0 1 6 The participants will get a unique surprise: the General Assembly, as many manufacturers offer a Samsung...

Based on the CVE-2 0 1 6-0 7 0 3 analysis DrownAttack for OpenSSL hazards-vulnerability warning-the black bar safety net

What is the Drown Attack Drown is a cross-Protocol attack, through the use of SSLv2 vulnerabilities to attack the TLS, in fact, is the man in the middle attacks further use. Man in the middle attacks simple example: such as hijacking the user's traffic HTTP. However, some server and client...

With the Edge of the user's attention! WinRT PDF the presence of vulnerabilities or hacking-vulnerability warning-the black bar safety net

Use the Edge browser users to pay attention to the browser before the date is considered to exist a certain security risk, may be exploited by hackers jeopardize computer security. IBM X-Force Advanced research team of security experts Mark Vincent Yason said, Win10 in the WinRT PDF the presence...

OpenSSL CVE-2 0 1 6-0 8 0 0 and CVE-2 0 1 6-0 7 0 3 bug fixes the details of pick-up fun-vulnerability warning-the black bar safety net

1. Primer Have been recently and 3 6 0 Nirvan Team DQ430 happy to participate in a encryption vendors of the annual General meeting, the results of openssl is also out of touch lively, maybe really in order to DH brother sent the gift, bitter us these security operations. Thanks to Shawn for...

OpenSSL CVE-2 0 1 6-0 8 0 0 and CVE-2 0 1 6-0 7 0 3 bug fixes the details of pick-up fun-vulnerability warning-the black bar safety net

! /Article/UploadPic/2016-3/201633103039309.jpg by 3 6 0 information security unit－ au2o3t@3 6 0 CloudSec Team 1. Primer Have been recently and 3 6 0 Nirvan Team DQ430 happy to participate in a encryption vendors of the annual General meeting, the results of openssl is also out of touch lively,...

CVE-2 0 1 6-0 7 0 3 OpenSSL DROWN vulnerability security notification-vulnerability warning-the black bar safety net

In OpenSSL official yesterday released the security Bulletin, discloses a new high-risk vulnerabilities“DROWN”the drowned vulnerability,。 Through this vulnerability, an attacker can initiate a“man in the middle hijacking attack”to steal is HTTPS encrypted session content, including Yahoo!, Alibab...

How I was in the Google collaboration community GWC found the reflection type, a storage type, the DOM type of vulnerability? - Vulnerability warning-the black bar safety net

! Google for Work Connect, the GWC is a System, Application Administrator, and partner community of system, but also in Google's vulnerability reward range. Shortly before, I was in the GWC community system found reflection type, a storage type, the DOM typeXSS. The storage typeXSS In the GWC...

OpenSSL also new vulnerabilities, more than 1 1 0 0 million https sites affected-vulnerability warning-the black bar safety net

It is understood that recently the researchers in OpenSSL, discovered a new security vulnerability, this vulnerability will be on SSL Secure Socket Layer Security Protocol to generate a huge impact, and attacker may also favor this vulnerability to modern Web sites for attack. Affects more than 1...

Xstream Deserializable Vulnerablity And Groovy（CVE-2 0 1 5-3 2 5 3-a vulnerability warning-the black bar safety net

The sequence of issues looks like in the recent outbreak of very frequently, recently there are friends asking me about this two-day outbreak of Xstream build deserialization vulnerabilities, the company recently very busy, but catch up on the weekend just take the time to see, in fact, this time...

Android version of Baidu browser remote code execution vulnerability analysis-vulnerability warning-the black bar safety net

! A few weeks ago, I was in the Baidu Android browser, found a remote code execution vulnerability. Initially I wanted to at this year's Infiltrate on about this subject until I see the following XDA developers weekend published articles. Overview The above article discusses the Citizen Lab...

FCKeditor upload vulnerability summary-vulnerability warning-the black bar safety net

0x01 FCKeditor profile FCKeditor is a specialized use on a web page belonging to the open source WYSIWYG text editor. It logs in lightweight, does not require complicated installation steps can be used. It can be PHP, JavaScript, ASP, ASP.NET and ColdFusion, Java, and ABAP and other different...