Mozilla Firefox address bar spoofing Vulnerability(CVE-2 0 1 5-7 1 8 5)-vulnerability warning-the black bar safety net

CVECAN ID: CVE-2 0 1 5-7 1 8 5 Mozilla Firefox is an open source web browser that uses the Gecko engine. On the Android system, the Mozilla Firefox 42.0 previous versions, does not ensure that the exit full screen after the address is restored, the remote attacker through the structure of the JS...

iOS then exposed a major BUG, a hacker can monitor the iPhone phone and SMS-vulnerability warning-the black bar safety net

Apple each time you upgrade the iOS system will have a lot of BUGS need to be fixed, but some of the content irrelevant, but there are also very awsome. For example, recently a new vulnerability, hackers can take vulnerability to remotely control and monitor your iPhone. According to Zerodium tea...

Well-known Forum app for vBulletin 5 exposure remote command execution vulnerability that may have leaked millions of user data-bug warning-the black bar safety net

! On Monday, it is reported that vBulletin developer site suffered a hacker attack and compromised nearly 4 8 million the vBulletin user's sensitive information. In the event a hacker after the attack, the vBulletin official emergency mandatory require the user to reset the password, they warn th...

Google from the Android system vulnerabilities Samsung security risks a lot-vulnerability warning-the black bar safety net

! According to the latest reports, nearly a week, the Google team have been trying to challenge“the Android security boundaries”, they want to know their ability by certain means, in the Not and user the exchange of the premise, remote access to the user's address book, photos and information; fi...

Baidu really fixed all of the WormHole vulnerability?-vulnerability warning-the black bar safety net

You can’t have a back door in the software because you can’t have a back door that's only for the good guys.“ - Apple CEO Tim Cook You should not give software to install the back door, because you can't guarantee that this Backdoor only the good guys can use the--Apple CEO cook 0×0 developments...

Hacking Team Android browser attacks during the vulnerability analysis Stage3-vulnerability warning-the black bar safety net

A, vulnerability introduction: Hacking team of the year broke out for android4. 0. x-4.3. x android browser vulnerabilities to attack the use of the code. The exploit code, by successive use of a plurality of browser and kernel vulnerabilities, is done through Javascript to the virtual memory wri...

Than the gourd baby is also scary Baidu full system APP SDK vulnerability – WormHole wormhole vulnerability analysis report-vulnerability warning-the black bar safety net

Than the gourd baby is also scary Baidu full system APP SDK vulnerability – WormHole wormhole vulnerability analysis report APP vulnerability discovery,Android reverse analysis bydroidsec ”You can’t have a back door in the software because you can’t have a back door that's only for the good guys....

Baidu Department of Applied WormHole vulnerability details analysis-vulnerability warning-the black bar safety net

Baidu moplus SDK is called a wormhole（Wormhole of vulnerability was reported after the“a ripple”, it is implanted into 1 4 0 0 0 app, these apps have close to 4 0 0 0 A are by Baidu produced. The vulnerability is a vulnerability reporting platform black bar safety net vulnerability bulletins foun...

Than the gourd baby is also scary Baidu full system APP SDK vulnerability - WormHole wormhole vulnerability analysis report-vulnerability warning-the black bar safety net

”You can’t have a back door in the software because you can’t have a back door that's only for the good guys.“ - Apple CEO Tim Cook ”You should not give software to install the back door because you can't guarantee that this Backdoor only the good guys can use.” – Apple CEO cook 0x00 sequence The...

“Broken days”: the Xen virtualization platform virtual machine escape vulnerability analysis-vulnerability warning-the black bar safety net

Xen is the leading open source virtualization platform, supporting the Amazon cloud, Ali cloud, etc. many well-known public cloud service infrastructure, therefore, ensure that the virtualization infrastructure security has important significance. Ali cloud security vulnerability research team...

CVE-2 0 1 5-7 8 5 7 Joomla injection exploit tools-vulnerability warning-the black bar safety net

Mentioned some of the techniques, tools may with a certain offensive, only for safety learning and teaching purposes, the prohibition of illegal use! Joomla is a won multiple awards CMS（Content Management System, CMS, which uses PHP＋MySQL database development, can run on Linux, Windows, MacOSX,...

CVE-2 0 1 5-6 9 7 1: the Lenovo System Update component vulnerability analysis-vulnerability warning-the black bar safety net

In the last 7 months, Lenovo a large number of system updates, software vulnerabilities let a person Shine at the moment. Lenovo this spring to fix the first vulnerability, I decided to learn more about these patches to verify the presence of these vulnerabilities. The results I found a related...

Juniper ScreenOS denial of service vulnerability-vulnerability warning-the black bar safety net

Affected system: Juniper Networks ScreenOS 〈 6.3. 0r18-dnc1 Juniper Networks ScreenOS 〈 6.3. 0r13-dnd1 Juniper Networks ScreenOS 6.3. 0r19 Description: -------------------------------------------------------------------------------- CVECAN ID: CVE-2 0 1 5-7 7 5 0 Juniper Networks is a network...

SiteServer XSS+background uploading(the chicken help combination still very adorable)-vulnerability warning-the black bar safety net

Siteserver XSS+background randomly generated webshell Test version: SiteServer V3. 4. 3 1, The storage-typeXSS, www.xxx.com/UserCenter/main.aspx website content submission, click published,to edit click on the source-insert a periodXSSS,such as”scriptalert2 2 2 2 2 2 2 2 2 2 2/script,click on...

Java JMX Server code execution exploits and Defense-vulnerability warning-the black bar safety net

jmx basic concepts Java Management Extensions JMX Technology Unsafe configuration From the oracle official documentation: Disabling Security To disable both password authentication and SSL namely to disable all security, you should set the following system properties when you start the Java VM...

LibreSSL memory leak vulnerability-vulnerability warning-the black bar safety net

Affected system: LibreSSL LibreSSL 2.0.0 - 2.3.0 Description: -------------------------------------------------------------------------------- CVECAN ID: CVE-2 0 1 5-5 3 3 3 LibreSSL is OpenSSL encryption software library a branch, is the Secure Sockets LayerSSLand Transport Layer...

Adobe Flash Player type confusion vulnerability-vulnerability warning-the black bar safety net

Affected system: Adobe Flash Player A 18.0.0.255 Adobe Flash Player A 11.2.202.540 Adobe Flash Player 1 9. x - 19.0.0.226 Description: -------------------------------------------------------------------------------- CVECAN ID: CVE-2 0 1 5-7 6 4 7 FlashPlayer is a high-performance, lightweight and...

Trinity Chipset line card denial of service vulnerability-vulnerability warning-the black bar safety net

Affected system: Juniper Networks Trinity Description: -------------------------------------------------------------------------------- CVECAN ID: CVE-2 0 1 5-7 7 4 8 Juniper Networks is a network communications equipment company, a major supplier of IP network and information security solutions...

Juniper vSRX denial of service vulnerability-vulnerability warning-the black bar safety net

Affected system: Juniper Networks vSRX Description: -------------------------------------------------------------------------------- CVECAN ID: CVE-2 0 1 5-7 7 4 9 Juniper Networks is a network communications equipment company, a major supplier of IP network and information security solutions...

OpenSMTPD after the release of the heavy interest with vulnerability-vulnerability warning-the black bar safety net

Affected system: opensmtpd opensmtpd Description: -------------------------------------------------------------------------------- CVECAN ID: CVE-2 0 1 5-7 6 8 7 OpenSMTPD is an RFC 5 3 2 1 definition of server-side SMTP Protocol is free to implement. OpenSMTPD in PROCLKA achieve on there after...

Hacking Team Android browser attacks during the vulnerability analysis Stage 2-vulnerability warning-the black bar safety net

A, vulnerability introduction: Hacking team of the year broke out for android4. 0. x-4.3. x android browser vulnerabilities to attack the use of the code. The exploit code, by successive use of a plurality of browser and kernel vulnerabilities, is done through Javascript to the virtual memory wri...

Joomla CMS 3.2-3.4.4 SQL injection vulnerability analysis-vulnerability warning-the black bar safety net

Yesterday, the Joomla CMS released a new version 3. 4. 5, This version fixes a high-riskSQL injectionvulnerabilities, 3. 2 to 3. 4. 4 versions are affected. The attacker via the exploit you can get a direct access to the database of sensitive information, and can even get logged in the...

Joomla 3. x Sql injection vulnerability analysis-vulnerability warning-the black bar safety net

Joomla is a won multiple awards CMS（Content Management System, CMS, which uses PHP＋MySQL database development, can run on Linux, Windows, MacOSX, Solaris and other platforms. In addition to having a news/article management, document/image management, site layout settings, template/theme managemen...

When the network sharp knives of the data stream due to the vulnerability to bypass the egg stream......- Vulnerability warning-the black bar safety net

On Friday, the network sharp knife security team of the rivers and lakes known as the“data stream”of handsome handsome in the Black clouds submitted a vulnerability, in fact, in the clouds on submitted vulnerabilities is also not what big things, but the key is: ! Smart devices small love love...

MDM the mobile terminal management system of the SAP Afaria stored XSS vulnerability using process-vulnerability warning-the black bar safety net

Here, will demo on SAP Afaria, a world-renowned MDM mobile terminal management software for the vulnerability analysis,while the analysis of the network how could an attacker exploit the vulnerability to attack. The black bar safety net Wikipedia: what is MDM? In short, MDM is to help...

The old hole new:Tencent location and presence of the vulnerability can be remotely shut down each other phone and QQ-vulnerability warning-the black bar safety net

! ! The last two pictures is there TSRC watermark, because the before picture is not, directly paste TSRC inside...

The rice client SDK is aeration can hijack all of the user's SMS-vulnerability warning-the black bar safety net

Mobile App developers are faced with how to be profitable with this inevitable problem, which is the most common method is the application of added advertising. Advertising Alliance to create a function library that facilitate developers the ads which, to start quickly to make money. We previousl...

Beauty operators 4G network vulnerabilities, affecting all Android users-vulnerability warning-the black bar safety net

CERT has released a vulnerability description, major U.S. wireless operators Verizon Wireless and AT&T network vulnerability, it will access the network in all Android versions including Android 6.0, aka marshmallow user security and privacy caused the damage. May cause tens of thousands of Andro...

A new sore point: the APT organization PawnStorm 0Day how to bypass the Java click to play protection-vulnerability warning-the black bar safety net

A few months ago, Trend Micro found out the APT organizations Pawn Storm using before without the disclosure of a Java Vulnerability, CVE-2 0 1 5-2 5 9 0 for attack. After that, we noticed a is used for dyeing and Java click to play click-to-play protection of a separate vulnerability. The second...

Talking about the zip format, the processing logic vulnerability-vulnerability warning-the black bar safety net

Preface: the zip compression format is widely used, various platforms are used, the Windows platform used to compress the file, the Android platform as apk file format. Since the zip file format is more complex, in the parsing of the zip file format, if handled improperly, could lead to some...

Apple update the 4 9 patch, Pangu jailbreak uses exploits are fixed-vulnerability warning-the black bar safety net

! 3 weeks ago, Apple fixes the core product of the vulnerability, and released the latest version of OS X, EI Captan system. However on Tuesday and ushered in another wave patch, repair a large number of OS X, iOS, Safari, iTunes, watchOS（smart watchoperating system of the vulnerability. Pangu...

Win10Pcap-Exploit: the use of Win10Pcap kernel driver vulnerability to achieve local mention right-vulnerability warning-the black bar safety net

A few days ago I was in win10pcap drive found in a coin can be local to mention the right vulnerability, when it had been reported to the official, now you can update to get a fix. http://www.win10pcap.org/download/ At the request of many friends request, then the sample exploit posted for everyo...

Western data WD from the encrypted hard drive was traced to the presence of vulnerability-vulnerability warning-the black bar safety net

Researchers said, there are several versions of the encrypted Western Digital hard drive there are many vulnerabilities, the hack once you get to the physical contact of the opportunity, you can easily get inside the data, during which time you can disregard the hard disk password. Western Digita...

ROOT tools to exploit open“doors”-the vulnerability warning-the black bar safety net

Even when all information is disclosed, the Android Root Application Developer or the presence of the unknown side. ROOT for exploit the open door The latest study found that by promoting strong Root to use the program, one of the few application distributors are millions of Android user is place...

Netease mailbox leaked battle network PayPal, etc. accounts may be hacked-vulnerability warning-the black bar safety net

The black bar safety net announced the discovery of Netease mailbox new vulnerability, this vulnerability may lead to Netease mailbox over a million data leaks, involving Netease mailbox-war network account number, PayPal account number and other network accounts fear will be affected, recommende...

CVE-2 0 1 5-1 6 4 1 vulnerability analysis-vulnerability warning-the black bar safety net

0x01 vulnerability overview This year 4 month, Microsoft patched a named CVE-2 0 1 5-1 6 4 1 word type confusion vulnerability, an attacker can construct the embedded docx rtf documents to attack. word in parsing the docx document processing displacedByCustomXML attribute not customXML object for...

Hacking Team vulnerability to a wide range of hanging horse, millions computer recruitment-vulnerability warning-the black bar safety net

A, overview Recently, Tencent anti-virus lab intercepted a malicious extension Trojans a wide range of propagation, the total propagating the amount of millions, the analysis and investigation found that the Trojan has the following characteristics: 1）the Trojan horse is through a Web hang horse...

New for universal E-learning Management System SQL injection vulnerability-vulnerability warning-the black bar safety net

New for software E-learning Management System,using the enterprise pretty much Website parts list: Business: http://www.newv.com.cn/caseenterprise.html Education: http://www.newv.com.cn/casecollege.html Government: http://www.newv.com.cn/casegovernment.html The problem mainly shows in:...

Android 5.0 screen recording Vulnerability, CVE-2 0 1 5-3 8 7 8 threat early warning-vulnerability warning-the black bar safety net

The first Chapter exploits the principles of One, Android 5.0 new features Android 5.0 added screen recording interface, no special permissions, using the following system APIS to realize screen recording function: ! To initiate a recording request, the system POPs up the following message box...

Adobe Flash and then exposed the dangerous vulnerability: the official recommended that the user can temporarily uninstall Flash-vulnerability warning-the black bar safety net

Adobe Flash and broke up a dangerous vulnerability, and the company just issued a routine security update. Number for the CVE-2 0 1 5-7 6 4 5 this vulnerability affects Windows, Mac and Linux platforms on each version, the attacker can use this“destruction and control of an affected system.” Adob...

APT organization PawnStorm take advantage of the latest Flash zero-day attack States, the Ministry of Foreign Affairs-vulnerability warning-the black bar safety net

Recently, Trend Micro researchers discovered a new Flash vulnerability being PawnStorm cyber espionage operations use around the world the Ministry of Foreign Affairs to expand the attack. The Ministry of Foreign Affairs to attack the target PawnStorm is one of both depth and breadth of persisten...

word type confusion Vulnerability CVE-2 0 1 5-1 6 4 1 Analysis-vulnerability warning-the black bar safety net

Vulnerability overview This year 4 month, Microsoft patched a named CVE-2 0 1 5-1 6 4 1 word type confusion vulnerability, an attacker can construct the embedded docx rtf documents to attack. word in parsing the docx document processing displacedByCustomXML attribute not customXML object for...

Router drive Assembly NetUSB（CVE-2 0 1 5-3 0 3 6 remote code execution exp-vulnerability warning-the black bar safety net

This year in May, well-known router D-Link, NETGEAR, TP-LINK on the important drive components of the NetUSB was traced to the presence of serious remote overflow vulnerability, affecting millions of routing and embedded devices. NetUSB technology by Taiwanese companies profit code, KCodes develo...

E-Commerce platform Magento plug-in is exposed 0day vulnerabilities-vulnerability warning-the black bar safety net

! Recently, the e-Commerce platform Magento, a very popular plug-in－Magmi is exposed out of the 0 day vulnerabilities, and there have been hackers use this vulnerability to attack. Magento is a professional open-source e-Commerce system. Magento design is very flexible, and also has a modular...

Google AdMob filter vulnerabilities, malicious ads sneak into the application-vulnerability warning-the black bar safety net

! There are Android app developers complained, because the official advertising network poorly regulated, resulting in this pollution-free Android application infected with malicious ads. Android app strange is implanted in the third-party advertising From Sydney, two bus the Android app Arrivo a...

iOS core application design vulnerability that exposed the user's Apple ID credentials-vulnerability warning-the black bar safety net

! Check Point alert of the Apple iOS to the core application may be exposed to user credentials. Fortunately iOS 9 contains the relevant patch. Apple ID the ios operating system specifically for user provides convenience to users themselves through an Apple ID to manage the device. Now, iOS marke...

Vulnerability discovery based format string-vulnerability warning-the black bar safety net

Format string vulnerability is a very old vulnerability, now almost has to see such vulnerability of the figure, but as a vulnerability analysis of the beginners, still it is necessary to study, because it is the basis!!! So there is today this article. My articles are written well,will you come...

Pan micro E-office injection article it without landing in the injection of the first 1-2 0(attached to the official website of the case)-vulnerability warning-the black bar safety net

Today is my intake wooyun100 day, I like to tick the atmosphere, like this platform. Wish I could from everyone to learn more knowledge. Thank you everyone. The use of the website as a case presentation. Detailed description: File location:/E-mobile/flowdopage.php Injection point: code area...

Outlook in classic authentication engine security vulnerabilities, has been the reward of the discoverer 2. 5 million dollars-vulnerability warning-the black bar safety net

Synack, a senior security researcher Wesley Wineberg has received a Microsoft award 2 5 0 0 0$, which is to reward him to Microsoft to report a bug, this is a CSRF vulnerability that can hijack any Hotmail account. CSRF（cross-site request forgery）vulnerability means that any access to the malicio...

Singapore telecommunications extensive use of the ZHONE Router with the hijacking of risk-vulnerability warning-the black bar safety net

By Singapore of a Telecom operator authorized to use and is made all over the world“first-class enterprise”operation used by thousands of router device there is a 0day vulnerability, and this vulnerability can give way by the controller is completely hijacked, the vast majority of users had no...