Security researchers have found that Instagram vulnerability by the FaceBook executives, the threat-vulnerability warning-the black bar safety net

! An independent security researcher claimed that he had discovered Instagram in a series of security vulnerabilities and configuration flaws, by using these loopholes, he managed to get access stored on the Instagram servers sensitive data on the permissions; in him, to the relevant vendor...

Security researchers find HIV Dating APP vulnerability, the reverse is the vendor with the AIDS threat-vulnerability warning-the black bar safety net

! Around the world websites and applications to encourage researchers noted that their system vulnerabilities, but one designed for HIV-positive users of online Dating app developer with HIV a threat to security researchers not to notify them of the program any security vulnerabilities. HIV...

By multipart/form-data bypass the waf-vulnerability warning-the black bar safety net

LuManager high-riskSQL injection0day analysis mentioned in the monitoring to use the payload as follows: ! You can see the attacker using the multipart/form-data format send the payload to. For applications, and using application/x-www-form-urlencoded access to the data is consistent. About...

CVE-2 0 1 5-6 9 7 4 vulnerability analysis-vulnerability warning-the black bar safety net

0x00: iOS9. 1 released, Pangu previously made a topic about the They escape using the loopholes and the use of means. Then follow up to do a little analysis. 0x01: The problem is in the Apple IOHIDFamily this driving the code inside,this drive Apple is open source. In iOS, this driver provides...

joomla deserialization vulnerability in getshell&&command execution-vulnerability warning-the black bar safety net

Note: 1. Remember the command after the points number, the command with single quotes. 2. For learning php code to use Usage: php joomla.php http://xatusec.org getshell php joomla.php http://xatusec.org the command 'phpinfo;" ! 2015-12-17 01-08-13 of the screen captures of Fig. png Download:...

Angler EK latest CVE-2 0 1 5-8 4 4 6 Flash Exploit analysis-exploit warning-the black bar safety net

Background description In 1 2 on Adobe mad patch 7 of 8 vulnerability after a week, the abroad security researcher kafeine@kafeinebroke the Angler Exploit Kit started using this month to patch the CVE-2 0 1 5-8 4 4 6 vulnerability to attack. Our first time to follow up on the vulnerability of the...

emlog automatic backup plug-in leaked the entire Station database backup vulnerability-vulnerability warning-the black bar safety net

This is my third time in your blog to find the fatal flaw. The first is a third-party Storage, the solution is to delete. The second is"EMLOG album", which is this article:is. The third time is this time, I wrote one using the script, directly to your blog, the whole site backup file down under,...

GRUB2 the zero-day vulnerability affecting Linux users, Ubuntu, RHEL patch now available-vulnerability warning-the black bar safety net

Canonical's latest Ubuntu Security Notice displayed in GRUB2GNU GRand Unified Bootloader in the presence of a zero-day security vulnerability, it will affect to GRUB version 2. 0 2 Beta of the GNU/Linux distribution. The security vulnerability is Ismael Ripoll and Hector Marco found that when the...

Grub2 is exposed login authentication bypass 0Day, the impact of the numerous Linux versions-vulnerability warning-the black bar safety net

Description Recently, researchers found a Grub2 vulnerability, the version 1. 9 8 and 2 0 0 9 released in to 2. 0 2 to 2 0 1 5 year of release, are affected. A local user can through this vulnerability to bypass any forms of authentication plaintext password or a hash of the password, so the...

Number 6 6 6: Google found FireEye device high-risk vulnerabilities-vulnerability warning-the black bar safety net

FireEye to enterprise and government users sales security device, its flagship product, installed in a large network exit point to monitor the device, which is mounted on the inner portion of the traffic leading to the Internet. A brief overview An organization on its internal network to install...

Joomla high-risk vulnerability scanning event analysis-vulnerability warning-the black bar safety net

Summary 1 2 on 1 4 May, the Joomla official website emergency issued a due to the security vulnerability to cause a version update 3.4.6, according to security company sucuri released information, this scan time is to use the Joomla deserialization characteristics of the problem causes the...

“Very destructive”of the Kerberos Protocol vulnerability that can lead to system is completely controlled-vulnerability warning-the black bar safety net

Recently, a security expert in the Windows of the Kerberos authentication system found a“very destructive”vulnerability. Last year had exposed the system in a similar vulnerability, the attacker controls the entire network, including the installation of the program, and delete data. The Kerberos...

Joomla object injection vulnerability analysis report-vulnerability warning-the black bar safety net

Recently, Joomla and then exposed to high-risk 0day vulnerability for remote command execution, Ali cloud cloud shield yesterday has been on the line corresponding to the blocking rules against the vulnerability. At the same time,the cloud hosting customer has made a phone call and automatically...

A step-by-step learn the ROP of the Android ARM 3 2-vulnerability warning-the black bar safety net

ROP stands for Return-oriented programming return-oriented programming this is an advanced memory attack techniques that can be used to bypass the modernoperating systema variety of common defenses such as the memory is not performed and code signing. Before we mainly discussed on linux in this...

3 6 0 Free WIFI encryption signature crack get the others Wi-plaintext-password-vulnerability warning-the black bar safety net

| Vulnerability title | 3 6 0 Free WIFI encryption signature crack get the others Wi plaintext passwordyou can also brush the gold exchange carriers flow ---|--- Relevant vendor | qihoo 3 6 0 The vulnerability of the author | thin Jiao dance Submit time | 2015-09-17 1 6:3 0 Open time | 2015-12-16...

The Kerberos Protocol vulnerability: cause a system completely controlled-vulnerability warning-the black bar safety net

Recently, a security expert in the Windows of the Kerberos authentication system found a“very destructive”vulnerability. Last year had exposed the system in a similar vulnerability, the attacker controls the entire network, including the installation of the program, and delete data. The Kerberos...

Xcode 7 Bitcode workflow and Security Assessment-vulnerability warning-the black bar safety net

With Xcode 7, Apple is Xcode adds a new feature Bitcode 【1】： ! New features often mean new attack surface. This article first describes what is Bitcode and Bitcode workflow in the familiar with the Bitcode of the workflow, the next step is to assess the Bitcode related to the attack surface, and...

Joomla then exposed to high-risk 0day vulnerability for remote command execution-vulnerability warning-the black bar safety net

Joomla security team emergency release of the 3. 4. 6 version fixes a high-risk 0day vulnerability. It is reported that the vulnerability from being found to the security patches released, it has been more than two days, at present also has been through other channels in the spread. You can...

Joomla object injection vulnerability analysis including the vulnerability use-a vulnerability warning-the black bar safety net

Joomla security team emergency release of the 3. 4. 6 version fixes a high-risk 0day vulnerability. Impact version from Joomla 1.5 up until 3.4.5 This vulnerability without having to log in, the front Desk can be code execution One, session deserialization php function sessionsetsavehandleroffici...

A PYTHON command to trigger the vulnerability thinking-vulnerability warning-the black bar safety net

Recently, in testing a project, accidentally found in the client machines can directly run a Python command to execute server-side Python script, and therefore, the depth test will have below. 0×0 1 Analysis Often times, because of business needs we often need to use the Python –c exec method in...

AVG, McAfee, Kaspersky antivirus there is a serious vulnerability, can be turned into hacker attack tools-a vulnerability warning-the black bar safety net

! enSilo of security experts in numerous antivirus software and found a serious security vulnerability that the hackers exploited the vulnerability could put a virus into the hacker's attack tools, the affected antivirus software including AVG, McAfee, Kaspersky. The third large virus in the...

Xboxlive digital certificate private key is compromised, the user or the man in the middle attacks-vulnerability warning-the black bar safety net

! Microsoft confirmedXboxlive. com domain name for the SSL/TLS digital certificate private key has been compromised, by the attacker is used to attempt to launch a MiTM attack, but the private key cannot be used to sign other certificates or code, or fake other domain names. Xboxlive certificate ...

Yahoo mail released to fix XSS attack vulnerability-vulnerability warning-the black bar safety net

Recently, in Yahoo is also considering whether to spin-off Alibaba shares, even in consideration of the sale of Yahoo's core business, including Yahoo mail, sports, website, and advertising technology, Yahoo mail, announced currently the repair had previously been found but not released one...

Java deserialization vulnerability to execute commands echo to achieve and Exploit download-vulnerability warning-the black bar safety net

Mentioned some of the techniques, tools may with a certain offensive, only for safety learning and teaching purposes, the prohibition of illegal use! 0×0 0 Preface Some time ago java deserialization vulnerability fights uproar, from the beginning of foreign cattle one can execute OS commands...

Microsoft released 1 2 on a major security bug fix patch-bug warning-the black bar safety net

On Tuesday Microsoft announced that as part of its monthly security Bulletin part of all Windows users should update theiroperating system, the prevention from at least two major vulnerabilities. MS15-1 2 8 patched a series of memory crash vulnerability, the latter so that the hacker can install...

Sqlmap code execution vulnerability report-vulnerability warning-the black bar safety net

Author: Nixawk know Chong Yu 4 0 4 Security lab Date: 2015-12-09 A vulnerability overview In 2 0 1 5 years 0 1 months 2 7 day, I read in the latest version of Sqlmap code, found its existing code enforcement issues. Security by python's pickle cause. pickle module implements a basic but powerful...

Google released the Android key on the media process and the root vulnerability patch-vulnerability warning-the black bar safety net

Google for Nexus smartphones and tablets, released a batch of new security patches,solved by a vicious e-mail, web pages and multimedia invasion the Android device's vulnerability. Google in the security Bulletin said: the firmware update is applied the radio update promotion to support Nexus...

This year“white hat”are dug up? Breakdown 2 0 1 5 in those affected world of vulnerabilities-vulnerability warning-the black bar safety net

About the past 2 0 1 5 years network security on thin ice year: the countless fatal vulnerability is discovered, be repaired or be caring people use...fortunately, in the global white hat hacker's efforts, many fatal vulnerabilities are to catch the bad guys discover before it has been...

Discuz 2 0 1 5 0 6 0 9 version stored XSS vulnerability repair bypass report-vulnerability warning-the black bar safety net

Author: RickGray Date: 2015-12-09 Before 2015-03-07）the clouds had reported the Discuz full version storage-DOM XSS that can be hit, the administrator attached to the Discuz official development 4 pit&validation script on, but in the Discuz version 2015-06-09 of repair it because the repair is no...

Lenovo, Dell and Toshiba computers exposure to serious OEM vulnerability-vulnerability warning-the black bar safety net

! Recently, the Association of the device and can be easily hijacked, while Dell and Toshiba PC and also because of the serious vulnerabilities and suffer. Security researcher slipstream/RoL online publishing of the vulnerability and demonstrates how the intrusion of the market on the machine...

Honeywell Midas gas detector is exposed to serious vulnerabilities, and then to industrial safety Alarm bell-vulnerability warning-the black bar safety net

! Well-known high-tech manufacturing company Honeywell recently released a firmware update package to fix Midas gas detector of two high-risk vulnerabilities. This is a turnover of 3 0 0 the multi-billion-dollar diversified technology and manufacturing company in the world has its business...

Three years ago the libupnp library vulnerabilities, Tencent QQ music finally fix it-vulnerability warning-the black bar safety net

Since 3 years ago of a vulnerability, today there is still 6 1 0 million units of the device may be remote code execution, including smartphones, routers, Smart TV, etc., and this vulnerability as early as 3 years ago has been fixed. The vulnerability exists in the UPnP™device is a portable SDK,...

Analysis of the Linux heap overflow of fastbin-vulnerability warning-the black bar safety net

Some time ago to participate in the RCTF match, encountered a stack overflow topic shaxian it. The vulnerability itself is quite obvious, but due to a heap overflow is not familiar, have not been able to find the use of the method. After reading Fudan University six star clan it is, only know it...

Saved the day: QQ music“wormhole”adventures-vulnerability warning-the black bar safety net

0x00 background A weekend afternoon, the terminal security team of little friends at the seaside mission built to roast meat and drink wine, TSRC vulnerability report mailbox receive Trend Micro's classmates sent the vulnerability report, the report referred to the mobile phone QQ music using the...

LuManager high-risk SQL injection 0day analysis-vulnerability warning-the black bar safety net

2 0 1 5 year 9 month 7 day Ali cloud shield situational awareness system captures the LuManager system of 0day a gold that confirmed that the vulnerabilities once a hacker can use directly to the highest authority of the login background, upload webshell, the control system database, the operatio...

libupnp vulnerability attributed to affect a large number of intelligent system devices-vulnerability warning-the black bar safety net

! The current trend of technology Trend Micro released a report display, the portable UPnP device SDK which there is a 3 year-old security vulnerability, this is called libupnp vulnerability, appeared in millions of Smart TVs, smartphones and routers. The vulnerability is more widely Even more...

Cisco IOS XE privilege elevation Vulnerability(CVE-2 0 1 5-6 3 8 3)-vulnerability warning-the black bar safety net

CVECAN ID: CVE-2 0 1 5-6 3 8 3 Cisco IOS is most Cisco Systems routers and network switches are used on the Internetoperating system. ASR 1 0 0 0 on the device, Cisco IOS XE 15.43S did not load properly package, local users through CLI, enter the configuration file name, use this vulnerability to...

VTech Tablet: a plurality of data breach risks hidden-vulnerability warning-the black bar safety net

! In a recent VTech data leak after the event, everyone might think that VTech electronic toy safety won't be better than now worse. However, in this case, we found two vulnerabilities, a hacker can be from the children of their innotab tablet in grabbing data. Brush mode to steal data For lost,...

The Ceph Object Gateway CRLF Vulnerability(CVE-2 0 1 5-5 2 4 5)-vulnerability warning-the black bar safety net

CVECAN ID: CVE-2 0 1 5-5 2 4 5 The Ceph Object Gateway is constructed in the librados on top of the object storage interface, you can make the application through a RESTful gateway to access the distributed storage system Ceph Storage Clusters. Ceph 0.94.4 before the version, Ceph Object Gateway,...

One after another: the VTech user data leaked, and was broke two major vulnerability-vulnerability warning-the black bar safety net

Recently, the world's largest infant electronic learning product Maker Vtech（Vtech）is aeration 4 8 0 million parents and 6 4 0 million for children information disclosure. ! Due to this event, Vtech its share price fell to a year low. Followed, with security researchers in their innotab Max produ...

Cyrus IMAP index_urlfetch integer overflow vulnerability(CVE-2 0 1 5-8 0 7 8)-vulnerability warning-the black bar safety net

CVECAN ID: CVE-2 0 1 5-8 0 7 8 Cyrus IMAP server Carnegie Mellon University developed the e-mail server. Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 version, imap/index. c in function indexurlfetch there is an integer overflow vulnerability, a remote attacker via urlfetch range check and sectionoffset...

Cisco Unity Connection cross-site scripting Vulnerability(CVE-2 0 1 5-6 3 9 0)-vulnerability warning-the black bar safety net

CVECAN ID: CVE-2 0 1 5-6 3 9 0 Cisco Unity Connection is a feature-rich voice mail platform, using Linux Unified Communicationsoperating system. Cisco Unity Connection 9.11.10the Management Interface cross-site scripting vulnerability, the remote attacker via a URL within the structure of the...

Adobe Flash AS2 MovieClip setMask after the release of the heavy interest with a remote code execution vulnerability(CVE-2 0 1 5-7 6 6 0)-vulnerability warning-the black bar safety net

CVECAN ID: CVE-2 0 1 5-7 6 6 0 FlashPlayer is a high-performance, lightweight and extremely expressive client runtime player. Adobe Flash setMask method in the presence of security vulnerabilities. By manipulating the transfer to the setMask method's parameter, the attacker can force the use of h...

Why your API is not a security-vulnerability warning-the black bar safety net

0×0 0 background description Some time ago I to Spree Commerce company reported its API path exists JSONP+CSRF vulnerability issues. Similarly, the Instagram API the presence of CSRF vulnerabilities. Disqus, a Stripe and Shopify API via JSONP leakage of privacy information. All this the root of t...

3G/4G modem of security vulnerabilities can cause the device to be completely control-vulnerability warning-the black bar safety net

! Recently, security experts found in the survey, from the four manufacturers of cellular modems in the presence of cross-site scripting vulnerabilities, cross-site request-forgery vulnerability and remote code execution vulnerabilities and may suffer from integrity attacks. The survey by Positiv...

Adele strong, the fans said personal information due to the ticket being leaked-and the vulnerability and early warning-the black bar safety net

! Silence after three years, the 2 5-year-old soul singer Adele bring new album the 2 5 on the strong back, the album was released the first week of the mad sweep of the Anglo-American sales record, the critics said: even if she sold the tape, it will also become a sales champion. And buy Adele...

Huawei Wimax router is proof there are multiple vulnerabilities-vulnerability warning-the black bar safety net

Vulnerability overview Huawei BM626e is a very rigorous Wimax router/Ap device, which may be the Internet provides a Wimax network. The following test is in the latest version of the firmwareV100R001CIVC24B010 Note: the firmware in other Wimax device also used to, according to Huawei official...

Use the F5 ICall scripting mention the right vulnerability analysis(CVE-2 0 1 5-3 6 2 8)-vulnerability warning-the black bar safety net

Earlier this year, GDS in F5 BIG-IP LTM found a loophole, this loophole allows limited user access to the system after the extraction and at the mention of the right after the successful remote execution of the command. This article will show you how to manually take advantage of this...

360MarvelTeam virtualization vulnerability of the third bullet: CVE-2 0 1 5-7 5 0 4 vulnerability analysis-vulnerability warning-the black bar safety net

Recently amazon, Ali cloud and other cloud providers have received the xen official of the vulnerability notification email, in this email, the official statement MarvelTeam found and reported a high-risk vulnerability. Today's protagonist is this gold number CVE-2 0 1 5-7 5 0 4, a gold affects...

The Android platform under the two-dimensional code vulnerabilities bloopers-vulnerability warning-the black bar safety net

0x00 Preface Now the Android App for almost all two-dimensional code scanning function, if it does not take into account the two-dimensional code there may be security issues that will cause scan two-dimensional code will be subject to vulnerability attacks, serious may cause the phone to be...