The largest infant electronic learning product Maker Vtech（Vtech）is aeration 4 8 0 million parents and children to information disclosure-vulnerability warning-the black bar safety net

Vtech Vtech, the company is located in Hong Kong, as the world's largest infant and preschool electronic learning products business, before being exposed user data leakage. From the current analysis point of view, leaked the data relates to the range has covered 4 of 8 0 million parents and more...

Lenovo System Update found two mention of the right to exploit the principle of analysis-vulnerability warning-the black bar safety net

Lenovo released the latest System Update announcement in two mention the right vulnerability is me in a few weeks to submitCVE-2 0 1 5-8 1 0 9, CVE-2 0 1 5-8 1 1 0IOActive as well as Lenovo in this report issued a warning! Details of the bedding In the detoxification of the details before we star...

dpkg stack buffer overflow vulnerability(CVE-2 0 1 5-0 8 6 0)-vulnerability warning-the black bar safety net

CVECAN ID: CVE-2 0 1 5-0 8 6 0 dpkg is“Debian” specially developed Suite of management system, easy software installation, updates and removal. dpkg of dpkg-deb component the presence of stack buffer overflow vulnerability, if a user or automated system processing structure of the old format of a...

EMC Isilon OneFS privilege elevation Vulnerability(CVE-2 0 1 5-6 8 4 8)-vulnerability warning-the black bar safety net

CVECAN ID: CVE-2 0 1 5-6 8 4 8 EMC Isilon OneFS Operating System is a collection of File System, Volume Manager and data protection in one smart file system. EMC Isilon OneFS in the realization on the presence of Privilege escalation vulnerabilities, if the RFC 2 3 0 7 on the cluster is enabled a...

Commons Collections the Java deserialization vulnerability in-depth analysis-vulnerability warning-the black bar safety net

0x01 background This year so far Java the greatest influence on vulnerability than this period of time lasts a fiery CommonsCollections deserialization vulnerability. In 2 0 1 5 year 1 1 May 6, FoxGlove security team@breenmachine published a lengthy blog post, borrowed from Java deserialization,...

Node.js facing two important security vulnerabilities, plans next week to repair-vulnerability warning-the black bar safety net

Node.js the Foundation disclosed a denial of service and a bounds access vulnerabilities, plan next week to provide a patch upgrade fixes two critical vulnerabilities. Node.js Foundation today released the announcement, the most popular server-side JavaScript platform contains "a high-strength...

More than one! Dell and a root certificate vulnerability be exploited by hackers-exploit-warning-the black bar safety net

This month 2 5, we discussed Dell eDellRoot root certificate vulnerability, the same problem again today is exposed: in some Dell system, found a second self-signed root certificate DSDTestProvider, and also comes with a private key. ! This morning, the micro-step online security analysis of clou...

Amazon AWS Java SDK vulnerability disclosure-vulnerability warning-the black bar safety net

Today we discuss Amazon AWS java SDK a denial of service vulnerability. This official AWS SDK is often a Java Developer for the integration of a range of AWS services, including Amazon S3 integration with Amazon APIs used to store and index files and the like. Which 1. 8. 0-1. 1 0. 3 4 version of...

Samsung Android 5. 0 device WifiCredService remote code execution-vulnerability warning-the black bar safety net

The vulnerability is in a few months ago is Google Project Zero and the Quarkslab team found, has only recently been disclosed. The vulnerability only requires the user to browse a website or download a mail attachment or by the basic will not have any rights of a third party malicious programs c...

Windows Update+the middleman=a remote command execution-vulnerability warning-the black bar safety net

0x00 Windows Server Update Services WSUS is Windows Server Update Services for short. Using this windows service,the administrator only needs to ensure the local area network of a host can be connected to the MicroSoftUpdate server, can be achieved within the network in the hosts quickly perform...

Dell eDellRoot the back door follow-up: the root certificate that comes with the private key, can lead to man in the middle attacks-vulnerability warning-the black bar safety net

1 1 on 2 on 2, Dell the plurality of machine type of machine was broke pre-installed one is called eDellRoot the root certificate of the back door, the certificate is also entrained with the corresponding private key, the certificate is in addition to the Firefox outside the most browsers accept...

Chrome third-party extensions to be exposed can record private information and sell it-vulnerability warning-the black bar safety net

The Swedish security firm Detectify Labs currently represents some of the Chrome extension app will track The user's Internet history, and even also includes Facebook Connect and privacy of the access token, is connected to a private Dropbox and Google Drive file link. Affect a wide range is not...

Dell aeration eDellRoot root certificate Backdoor-vulnerability warning-the black bar safety net

Earlier this year, Lenovo computer was found loaded with the Superfish adware program, this software will increase the user vulnerable to hackers attack risk, the moment sparked a lot of discussion, and recently, the Duo lab security researcher in Dell Inspiron 1 4 Notebook found some strange...

JBOSS found Java deserialization remote command execution vulnerability-vulnerability warning-the black bar safety net

Recently, many articles on the jboss java deserialization vulnerability the article vibe in the network. So in the end is not as long as with jboss will the existence of this vulnerability? And this vulnerability in the end how much? What is deserialization vulnerability? In fact, the java...

Social networking site LinkedIn（LinkedIn）repair help at the center of the XSS-vulnerability warning-the black bar safety net

LinkedIn developers in this week and fixed a stored cross site scripting vulnerabilities, a hacker use it in the LinkedIn help forum to spreadXSSworms. Science LinkedIn is committed to global professionals to provide a communication platform, and to help them do more with less, to play Director...

TrueCrypt vulnerability analysis: than people think the more security-vulnerability warning-the black bar safety net

! TrueCrypt is a is millions on security and privacy lovers the favorite data encryption tool, but recently it broke some of the vulnerabilities. However, according to well-known Information Security Technology Institute of the Fraunhofer-out of a safety analysis report, it may still have to than...

Vulnerability acquisition platform Zerodium publication of various types of software and digital intrusion method price list-vulnerability warning-the black bar safety net

! 1 1 May 1 8, Zerodium（0day brokers published a variety of from a network of criminals to buy and then resell to the needs of the target software and intrusion methods of the price list. Vulnerabilities platform released a price list Zerodium CEO Chaouki bekrar has said: “0day trading the first...

Advertising Alliance to morph hung it to the Union HackingTeam vulnerability weapons attack millions of Internet users-vulnerability warning-the black bar safety net

In the 1 1 month, 3 6 0 Internet Security Center monitoring to a product called“restartokwecha“Downloader Trojan to intercept the amount of surge,and its trace is found, the Trojan turned out from the PConline Pacific computer network, the 1ting a listen to the music network, the...

Java deserialization vulnerability batch testing-vulnerability warning-the black bar safety net

! Foreword Java de-serialization vulnerabilities appear in people's field of vision has been for some time, the Rubik's Cube security team about this vulnerability were reproduced, while the study shows a high accuracy of mass detection the idea here with all of you a safe circle of friends to...

DZ6. x UC_KEY getwebshell exploit-vulnerability warning-the black bar safety net

Online dz 7. x and dz x Series uckey use, today met a dz6. 0 website, so the analysis under the code, The change of use of the program, to share with people in need. uckey getshell is a relatively wide presence of relatively long vulnerability, basically using the ucenter user center the program...

PNG image processing library libpng exposed vulnerability-a vulnerability warning-the black bar safety net

! According to the report: image processing library libpng recently exposed vulnerabilities, currently has a preliminary fix vulnerabilities. Currently the main problem is the libpng the popularity of the range is too wide: operating systemthe browser any with generating a thumbnail associated...

3 6 0 Cheap Shot: a wormhole vulnerability“DimensionDoor”exposure-vulnerability warning-the black bar safety net

3 6 0 mobile assistant security team about this response: 1, The paper analysis the 3. 1. 5 5 3 6 0 mobile assistant 2 0 1 4 year-old version, the current official version and the beta version are not present the remote port is a security risk. 2, the 3 6 0 mobile assistant APK download will pop-...

Redis event a comprehensive analysis-vulnerability warning-the black bar safety net

redis unauthorized access has not been valued, until the 1 1 on No. 4, and in this article on being broke: the redis you can write into the SSH Key and then control the server, the security personnel started a lot of attention to this event. 0×0 1 vulnerability profile Exposed in public of redis ...

Microsoft to fix the Bitlocker Drive Encryption tool bypass vulnerability-vulnerability warning-the black bar safety net

! Microsoft recently fix for Windows Bitlocker Drive Encryption in a vulnerability, this vulnerability can be used to quickly bypass the encryption function to obtain to the victims of the encryption of important information. Encryption vulnerabilities in software Disk encryption tool is an...

Chrome 0day so that millions of Android devices suffer from a remote threat-vulnerability warning-the black bar safety net

! From China qihoo 3 6 0 security researcher Guang Gong in the latest version of the Android platform, Chrome browser found a serious 0day vulnerability, which allows attacker to obtain the victim's cell phone the full administrator access, and the vulnerability of the use of the code to be able ...

Gmail Android APP vulnerability allows anyone to send fraudulent mail-vulnerability warning-the black bar safety net

! Security researcher Yan Zhu in the Gmail Android APP and found an interesting vulnerability that allows anyone to send an e-mail, leaving the e-mail looks to be other people sent, which is likely for phishers have opened a door for malicious activity. Gmail Android APP the presence of mail frau...

Samsung Android 5 device abuse wifiCredService lead to remote code execution-vulnerability warning-the black bar safety net

This article detailed analysis of the most recent in Google's vulnerability Bounty program disclosed in the Samsung Android5 devices vulnerability0, the vulnerability by Google's Project Zero team as well as Quarkslab mining. As far as we know, the vulnerability exists in all Samsung powered by...

Jenkins CommonCollections vulnerability perfect to use the tool-vulnerability warning-the black bar safety net

This week is the fire of a vulnerability through this vulnerability can execute arbitrary java code, The impact of Jenkins, WebSphere, WebLogic, etc. a series of popular services. However, foreigners write ysoserial code has bug, can not properly execute the command, readily get rid of. ! Having...

The first Linux ransomware 马失前蹄: encryption vulnerabilities can be compromised-the vulnerability warning-the black bar safety net

In Windows have long had ransomware（ransom ransomware, until Linux in Linux. Encoder. 1, which is the first linux ransomware. This software acts with CryptoWall And TorLocker and other infamous Trojan horse software is very similar. Hackers use ransomware cases In hack remote use of popular...

How I was to dnsmasq using afl-fuzz almost save the Internet-vulnerability warning-the black bar safety net

If you know me, then you should know that I like DNS. Although I'm not totally sure this is exactly how it happened, but I doubt Ed Skoudis is the instigator. Anyway, if a project can be evaluated dnsmasq and some of the Internet infrastructure in the critical section, then this project is very...

Microsoft Windows FastFAT.sys FAT partition denial of service vulnerability reproduce-bug warning-the black bar safety net

Remember last year'sMS14-0 6 3 FAT32 drive kernel overflow vulnerability? Today the sequel, but this one is in the FAT12 partition. Analysis - The affected system From Windows NT to Windows 7 SP1 - I test models Windows XP SP3 x86 Windows 7 SP1 x86/x64 BUG reproduction: create a FAT12 partition...

Joomla Sqli vulnerability analysis-vulnerability warning-the black bar safety net

A vulnerability analysis of the vulnerability trigger code is located at:/administrator/components/comcontenthistory/models/history.php, getListQueryfunction: ! Through the SQL and the error message, you can know that our injected payload is inserted into the red box part. Follow the...

iBackDoor: the suspected back door, the impact of the iOS app a high risk of code-bug warning-the black bar safety net

! Recently, FireEye Mobile Security researchers discovered embedded into the iOS app in the suspected“back door”behavior mobiSage advertising in the library, and these applications are from the App Store. The researchers will be the potential of the back door called iBackDoor, allowing hackers...

Use Padding Oracle attacks to obtain the encrypted key-vulnerability warning-the black bar safety net

0×0 0 Preface In this article I want to share some of the use of the padding oracle vulnerability practical tips, this type of vulnerability allows an attacker to decrypt the ciphertext and the encrypted plaintext. About the padding oracle attack concept and the working principle of the more...

Phpcmsv9 injection 0day analysis-vulnerability warning-the black bar safety net

According to the video I learned that is injected from the phpcms/modules/message/classes/messagetag. class. php checknew function public function checknew $where = array'sendtoid'=$this-username,'folder'='inbox','status'='1'; $newcount = $this-messagedb-count$where; //Check whether there is does...

muymacho---dyld_root_path exploit analysis-exploit warning-the black bar safety net

muymacho is an exploit tool. Exists in Mac OS X 10.10.5 in dyld bug can be used to extract right to the root. In the latest chief stone of EI Capitan 10.11 in has been patched. This is an interesting bug, the use of the process is also a lot of fun. The present article aims to introduce the use o...

common-collections in Java deserialization vulnerability leads to RCE the principle of analysis-vulnerability warning-the black bar safety net

0x01 Java deserialization leads to the vulnerability principle and the PHP reverse sequence, as also is due to the user's input can control our incoming object. If the service end of the program not the user can control the serialization code to be verified but to directly deserialize to use, and...

Huawei CPE devices there is a remote arbitrary file reading vulnerability reference EXP-a vulnerability warning-the black bar safety net

The CPE is what CPE is a high-speed 4G signal is converted into tablets, smartphones, laptops and other mobile devices universal WiFi signal of the device, can simultaneously support multi-terminal access, the size of a book, in a 4G signal coverage place, plug in the power it can use, without...

muymacho---dyld_root_path exploit analysis-exploit warning-the black bar safety net

from: muymachois a vulnerability in the use of tools. Exists in Mac OS X 10.10.5dyldthe bug can be used to extract right to the root. In the latest chief stone of EI Capitan 10.11 in has been patched. This is an interesting bug, the use of the process is also a lot of fun. The present article aim...

Redis unauthorized access can lead to a Remote Access Server Permissions-bug warning-the black bar safety net

Recently, the Rubik's Cube security team monitoring for Redis unauthorized access of a new type of attack, under certain conditions, may be the remote cause the server to fall, the Rubik's Cube Safety team in a timely manner to the attacks carried out research and threat assessment, and by the cu...

JAVA's War: One impact of the extensive Java toolset RCE vulnerability-vulnerability warning-the black bar safety net

In January, security researcher Gabriel Lawrence and Chris Frohoff published a impact range is quite wide of the Apache Commons tool set for remote code execution RCE）vulnerability, due to Apache Commons tool set is almost the JAVA technology platform in the application of the most extensive...

Redis unauthorized access with SSH key file use analysis: ZoomEye the latest global exclusive data V2-vulnerability warning-the black bar safety net

Updates ! 2. Vulnerability overview Redis by default, it will bind on 0.0.0.0:6 3 7 9, This will be the Redis service exposed to the public Internet, if there is no open authentication, can cause any user can access the target server is not authorized to access Redis and read the Redis data...

Huawei Mate7 memory Safety vulnerabilities, the versions affected-vulnerability warning-the black bar safety net

! Background description: The vulnerability by qimingxing e active Defense labADLABthe piece wise and smell the concept of rows found, and in 2 0 1 5 year 1 1 July 4, the convening of the CSS China's Internet Security Leaders Summit on disclosure. In the vulnerability information before the publi...

AndroidVTS: Android cell phone vulnerabilities the defect detection App-vulnerability warning-the black bar safety net

Android users now have a light weight cell phone vulnerabilities the defect inspection tool to help users check their phone if there is a corresponding vulnerability. The tool is called Android VTS Vulnerability Test Suite, is Nownature released an app of the application tool. Android VTS is base...

The industry's conscience: BlackBerry can bypass operators to offer Android security patches-bug warning-the black bar safety net

Each Android phone manufacturer managed to every month on time security updates, but they face a big problem: security updates usually need to obtain the operator's approval, which means that before the update need to wait a few weeks. However, BlackBerry select uncompromising. BlackBerry company...

Hacking Team Android browser attacks during the vulnerability analysis Stage4-vulnerability warning-the black bar safety net

A, vulnerability introduction: Hacking team of the year broke out for android4. 0. x-4.3. x android browser vulnerabilities to attack the use of the code. The exploit code, by successive use of a plurality of browser and kernel vulnerabilities, is done through Javascript to the virtual memory wri...

Flash is too dangerous, the report said the hack attack front 1 0 vulnerabilities Flash representing 8-vulnerability warning-the black bar safety net

! Hacking tools the use of Pre 1 0 vulnerabilities in Flash accounted for 8 According to technology news site Network World reports that cyber Threat Intelligence research firm, Recorded Future issued the latest report shows that in the hacking toolEKthe use of the top 1 0 largest vulnerability,...

3 6 0 secure routing P1 there is an unauthorized access vulnerability that can be read password-vulnerability warning-the black bar safety net

javascript/router/wanconfigshow. cgi, javascript/router/wanconfigset. cgi, javascript/router/logget. cgi and a cgi does not require login to access, wherein javascript/router/wanconfigshow. cgi via the post can directly access Internet setup information, including the ppoe username and password,...

OpenSSLX509Certificate deserialization Vulnerability, CVE-2 0 1 5-3 8 2 5）cause analysis-vulnerability warning-the black bar safety net

Serialization Serialization, is the state of the object information can be converted to storage or transmission in the form of the process. During serialization, the object will be in its current state is written to a temporary or persistent storage area. The user can pass from the storage area t...

Cisco AsyncOS denial of service vulnerability(CVE-2 0 1 5-6 2 9 1)-vulnerability warning-the black bar safety net

CVECAN ID: CVE-2 0 1 5-6 2 9 1 The Cisco AsyncOS operating system is you can upgrade the Cisco email security appliance security and performance. ESA equipment, the Cisco AsyncOS 8.5.7-0 4 3 prior to version 9. x-9.1.1-0 2 3, 9.5. x, 9.6. x-9.6.0-0 4 6 version, the message filter configuration of...