Antivirus Avast is exposed 0day vulnerabilities in users computer to execute malicious code-vulnerability warning-the black bar safety net

Google security expert Tavis Ormandy, found a Avast antivirus of 0day vulnerabilities, the vulnerabilities could lead to attackers invade a user's computer and the user computers to execute malicious code. Tavis Ormandy recently in the Avast antivirus found a serious 0day vulnerability. And just...

Network, Netgear routers are exposed to severe DNS vulnerability,vulnerable to hacking-vulnerability warning-the black bar safety net

! Recently, the network device Netgear routers is found that there is a serious DNS vulnerability, at present, the network member has not yet patched the published vulnerabilities, which allow attackers to tamper with the affected router's DNS settings, it will affect its router security, estimat...

2 0 1 5 year 9 on data security vulnerability analysis report-vulnerability warning-the black bar safety net

9 report of the core ideas In order to improve the majority of users of security awareness, of domestic professional database security vendor Anwar gold and, according to the daily order released from the vulnerability box, make up days, dark clouds, and other vulnerabilities platform security...

Via WordPress XMLRPC for violence amplification attacks-vulnerability warning-the black bar safety net

Violent attacks are now still on the Internet to see the oldest and most common type of attack. If you have a Online server, it most likely are suffering from such attacks. This attack may be through SSH or FTP as the Protocol. Of course, if it is aWeb server, which may be through a Web-based...

McAfee founder: the Surface Pro 4 will have a 1 0 0 security vulnerabilities-vulnerability warning-the black bar safety net

Microsoft's next generation Surface Pro 4 fusion their Windows 1 0 OS, Intel Skylake six-generation Core Processor, the overall performance is still very good, of course, also added a variety of hardware and software security features, however, McAfee's founder John McAfee may not be so confident...

Google released Android Stagefright 2.0 vulnerability security patches-bug warning-the black bar safety net

! It was reported that Google fixes Android latest Stagefright 2.0 vulnerabilities, and by OTA to the Nexus devices to push the update. However, Samsung, LG, HTC, and other manufacturers of Android devices need a period of time in order to receive this vulnerability update. Stagefright series...

By PHP deserialization remote code execution-vulnerability warning-the black bar safety net

In the NotSoSecure, we will conduct penetration testing or code review, but recently we came across an interesting PHP code, which could lead to remote code execution RCE）vulnerabilities, but its use was a bit tricky. Experienced a few trying to crack this Code of sleepless nights, we are convinc...

Shopify trade platform facing RFD attacks, and not fix-bug warning-the black bar safety net

WebSegura researcher David Sopas found a reflection type file name download RFD）vulnerability, the vulnerability exists in the popular multi-channel trade platform Shopify, although he has to Shopify company sent a safety report, but it seems that the company did not find the vulnerability of the...

Stagefright 2.0 vulnerability struck by the impact on the billion Android users-vulnerability warning-the black bar safety net

Android users Note:Due to the latest two latest stagefright vulnerability disclosure, estimated at more than 1 0 million Android users of the system will suffer this vulnerability. Yes, that stagefright vulnerability and return! This year 7 month, Zimperium company security researchers...

WinRAR 0day vulnerability with the use of process-vulnerability warning-the black bar safety net

! British security services, Mohammad Reza Espargham the vulnerability lab found that the popular compression tool WinRAR 5.21 the latest version in the presence of a security vulnerability, the vulnerability is zero-day exploit, and while the official is to patch the vulnerability. At the same...

LFI with PHPInfo the local test process-bug warning-the black bar safety net

LFI with PHPInfo foreign researchers in 2 0 0 1 published in a local file comprising the use of the method, as a novice in the domestic but can not find complete study materials, after several days of research to learn and put their learning process, summarize, and share. Basics The local file...

360MarvelTeam virtualization vulnerabilities the second bomb: CVE-2 0 1 5-5 2 7 9 vulnerability analysis-vulnerability warning-the black bar safety net

Cloud computing has now become a by most Internet companies to accept the service mode, it provides customized hardware resources, applications, and services. As the implementation of the cloud computing concept the most important technical cornerstone, the virtualization system provides hardware...

Square Victoria O2O business system SQL injection vulnerability+XXE entity injection demo validation-vulnerability warning-the black bar safety net

Square Victoria O2O, the demo site address: http://o2odemo.fanwe.net/ /cpapi/qxtapi.php code area define"FILEPATH","/cpapi"; requireonce '../system/systeminit.php'; $ip = CLIENTIP; $xml = filegetcontents'php://input'; if$ip!=' 221.179.180.156' || $xml=="" header"Content-Type:text/html;...

Android vulnerability detection kit-vulnerability warning-the black bar safety net

Android Vulnerability Test Suite Android vulnerability detection kit, to encourage the open to collect data, help communities work together to maintain Android security. NowSecure has brought an App to check your Android device in the presence of vulnerabilities. ! Overview This tool is meant to ...

Android sqlite load_extension vulnerability analysis-vulnerability warning-the black bar safety net

SQLite from 3. 3. 6 version http://www.sqlite.org/cgi/src/artifact/71405a8f9fedc0c2 start provides support for expansion of capacity, by sqliteloadextension API or loadextensionSQL statement, developers can not change the SQLite source code of the case, through the dynamic loading of libraries,...

360MarvelTeam virtualization vulnerabilities the second bomb － CVE-2 0 1 5-5 2 7 9 vulnerability analysis-vulnerability warning-the black bar safety net

0x01 vulnerability basics CVE-2 0 1 5-5 2 7 9 is a qemu virtualized environment rtl8029 network card device there is a stack overflow type of vulnerability. So what is the qemu software? qemu software, and kvm virtualization there is what kind of relationship? rtl8029 network card what is a devic...

CVE-2 0 1 5-2 5 4 6: from patch than to Exploit-vulnerability warning-the black bar safety net

This month's Microsoft Security Bulletin MS15-0 9 7 repair Microsoft Graphics component in the plurality of kernel vulnerabilities. Wherein the Win32k memory corruption privilege escalation Vulnerability: CVE-2 0 1 5-2 5 4 6 out of https://technet.microsoft.com/zh-CN/library/security/ms15-097.asp...

New vulnerability: the use of a browser Cookie to bypass HTTPS and steal private information-bug warning-the black bar safety net

! Recently, a presence in the major browsers Web cookies in a serious vulnerability is found, it enables secure browsing mode HTTPS is vulnerable to MiTM attacks. In addition, most of the Web sites and popular open source applications may contain Cookie injection vulnerabilities, including: Googl...

The depth of investigation of CVE-2 0 1 5-5 4 7 7&CloudFlare Virtual DNS how to protect their users-vulnerability warning-the black bar safety net

Last week, the ISC released a patch that fixes the BIND9 DNS server in a remote exploit the vulnerability. This exploit will cause the server during the processing of a data packet when the occurrence of a crash. ! The announcement pointed out, the server in the processing TKEY the type of the...

The Apple watch watchOS 2 Update: fixed a lot of code execution vulnerability-vulnerability warning-the black bar safety net

Make the fans excited watchOS 2 is finally here, this is one you can build a watch system, while the new version a lot of security patches. Overdue watchOS 2 Originally scheduled for 9 May 1 6 May and the fruit to meet Apple watch, the new system watchOS 2, because of the sudden discovery of...

pfSense directory traversal vulnerability analysis-vulnerability warning-the black bar safety net

pfSense is based on FreeBSD, designed for Firewall and router features to customize the open source version. In this article, we will introduce in pfSense 2. 1. 3 and the lower version in the CVE-2 0 1 4-4 6 9 0 vulnerability; the higher the version, pfSense has fixed this vulnerability. 0×0 1...

ZTE a station there is a command to perform a threat within the network-vulnerability warning-the black bar safety net

http://seecom.zte.com.cn/SmartTV/pcuserinitSubmit.action 好 老 的 洞 现在 还 存在 ! !...

iOS 9 vulnerability: using Siri to bypass the lock screen to access private pictures and contacts-vulnerability warning-the black bar safety net

! A hacker found a new, very simple method, which utilizes Apple's personal assistant Siri, bypassing running iOS 9 lockscreen iOS devices iPhone, iPad, or iPod touch a secure mechanism, which makes an attacker in 3 0 seconds, perhaps less time will be able to access the device photos and contact...

MS15-0 8 3: Windows SMB memory corruption vulnerability analysis-vulnerability warning-the black bar safety net

2 0 1 5 年 8 月 1 1, Microsoft has released1 4 a security patch, which includes an SMB Server patch. In this article I will explain how I trigger the vulnerability. Microsoft Security Bulletin MS15-0 8 3 In all of the repair patch, I“vulnerability in Server Message Block could allow remote code...

Microsoft repair SharePoint 2 0 1 3 XSS vulnerabilities-the vulnerabilities and early warning-the black bar safety net

SharePoint is the Microsoft Office Suite in a tool for individuals and companies to create a portal page. The vulnerabilityCVE-2 0 1 5-2 5 2 2by FortiNet's FortiGuard Labs security researchers discovered the vulnerability affects SharePoint 2 0 1 3 15.0.4571.1502 early version. SharePoint is a...

The remote control tool VNC denial of service vulnerability analysis-vulnerability warning-the black bar safety net

Original author: 3 6 0 security guard company account） LR, noirfate Foreword Qemu is a processor simulation software, can provide user-mode simulation and system mode simulation. When in the user mode of the simulation state will be used when dynamic translation technology allows a cpu to build t...

IIS6 stack injection and memory corruption exploits shown in detail-vulnerability warning-the black bar safety net

It turns out that the use of COM ActiveX vulnerability in is a good idea, the examples in this regard very much, and here we are with the Active Server page Active Server Page, ASP as an example a detailed description of such vulnerability is the use of the method. 0×0 1 Redim Preserve statement ...

SAP Afaria product exposed a series of serious vulnerabilities that affect a large number of mobile device-bug warning-the black bar safety net

Afaria is the German SAP software company developed a mobile device management MDM solutions that are currently on the market the most popular MDM solutions, there are about 6 3 0 0 a enterprise which manages 1 billion 3 0 0 million of the mobile device. ERPScan is specifically responsible for th...

2 0 1 5 year 8 on data security vulnerability analysis report-vulnerability warning-the black bar safety net

! Anwar gold and database attack and Defense laboratory DBSec Labs in months, the high-risk vulnerability summary form analysis report, share of the majority of users and partners. 8 monthly report of core ideas 1. The Web is data leakage a major channel 2. The Internet has become a data leak...

Hacking Team Android browser attacks during the vulnerability analysis Stage0-vulnerability warning-the black bar safety net

A, vulnerability introduction Hacking team of the year broke out for android4. 0. x-4.3. x android browser vulnerabilities to attack the use of the code. The exploit code, by successive use of a plurality of browser and kernel vulnerabilities, is done through javascript to the virtual memory writ...

How to effectively bypass the Android kptr_restrict-vulnerability warning-the black bar safety net

In this article, I will introduce some of the you can bypass the Android kptrrestrict method, bypassing the Android kptrrestrict after that, we can more easily take advantage of Android's vulnerability. First, let's start with a quick look at how kptrrestrict of this stuff. kptrrestrict is what?...

Don't use Chrome to browse this article, it will crash! - Vulnerability warning-the black bar safety net

! Earlier there 8 characters makes Skype crash example, today we refer to is 1 6 characters make Chrome crash, you just need to click which 1 of 6 characters, and even the mouse just in this 1 6 bytes of the link moving around can cause Chrome to crash. Challenge Google Chrome: just 1 6 character...

WordPress vulnerability analysis CVE-2 0 1 5-5 7 1 4 & CVE-2 0 1 5-5 7 1 5-the vulnerability warning-the black bar safety net

Recently, WordPress released a new version 4. 3. 1, which fixes a few serious security issues, which includes by Check Point filed a cross-site scripting Vulnerability, CVE-2 0 1 5-5 7 1 4 and a privilege escalation Vulnerability, CVE-2 0 1 5-5 7 1 5 It. 8 beginning of the month, Check Point, in...

The old tree opened a new flower: DLL hijacking vulnerability in the new play-vulnerability warning-the black bar safety net

DLL hijacking vulnerabilities is already a trite, without freshness of the topic. DLL hijacking technique has also been is hackers banditry, the robbery necessary weapons. Then, with the Win10 birth, whether Microsoft has fixed this vulnerability? While in the current security environment, the DL...

VNC denial of service vulnerability(CVE-2 0 1 5-5 2 3 9)analysis-vulnerability warning-the black bar safety net

Qemu is a processor simulation software, can provide user-mode simulation and system mode simulation. When in the user mode of the simulation state will be used when dynamic translation technology allows a cpu to build the process in another cpu. VNC Virtual Network Computing is an excellent remo...

Reverse Shell with Windows Media Center remote execution vulnerability, CVE-2 0 1 5-2 5 0 9 use-vulnerability warning-the black bar safety net

In this article, we will briefly introduce the reverse shell and the Windows Media Center vulnerabilities CVE-2 0 1 5-2 5 0 9）vulnerabilities, and finally a detailed description of the vulnerability of the method. 0×0 1 reverse shell The so-called shell, everybody is not strange, is nothing more...

Takeaway O2O App security analysis: the App vulnerability assessment platform technical details-vulnerability warning-the black bar safety net

In the mobile Internet and O2O tide swept under, the takeaway market is gradually entering the white-collar field, at BAT three giants throwing money to cultivate the market, white-collar workers have to change eating habits. As long as it is imprisoned in the white collar does not substantially ...

The reverse shell and the CVE-2 0 1 5-2 5 0 9 exploit-vulnerability warning-the black bar safety net

0×0 0 introduction to In this article, we will briefly introduce the reverse shell and the CVE-2 0 1 5-2 5 0 9 vulnerabilities, and finally a detailed description of the vulnerability of the method. 0×0 1 reverse shell The so-called shell, everybody is not strange, is nothing more than a command...

Vulnerability management the flow of electrons-vulnerability warning-the black bar safety net

0x01 is written on the front This article is mainly to share and record some of their own growth, such as a poorly written local, but also hope to Treatise on. In the most early for vulnerability management in this thing, individuals feel more nausea. Especially all kinds of mail sent to sent to,...

Symbolic Link vulnerability simple background introduction-vulnerability warning-the black bar safety net

! Symbolic Link is the Microsoft Windows System on one of the key mechanisms, from Windows NT3. 1 Introduction objects, and registry Symbolic Link, Microsoft from the Windows 2000 start also introduced the NTFS Mount Point and Directory Juntions, these mechanisms for familiar with the Windows...

Android 5. x vulnerability: the hacker can bypass the screen password to enter the system-vulnerability warning-the black bar safety net

Many Android users will choose to use a lock screen password protect the device, but the latest burst of vulnerability was shocking: any person who without complex operation can bypass the lock screen directly into your system! An attacker can exploit the pilot gets a lock on the device all the...

AirDrop vulnerability: millions of Apple devices can be silently installed malicious application-vulnerability warning-the black bar safety net

AirDrop file transfer feature on a vulnerability exists, a malicious application may be silently installed on millions of Apple device, and replace the legitimate app. AirDrop is Apple developed for inter-device direct technology to transfer files, but security researchers Mark Dowd was in iOS an...

PfSense XSS vulnerability analysis-vulnerability warning-the black bar safety net

PfSense is based on FreeBSD operating system open source network firewall software, has been around the world of company is widely used to protect its infrastructure. In the last year, we in PfSense, found some security vulnerabilities, the black bar safety net has reported, and submitted to the...

iOS vulnerability can lead to the Apple ID theft-vulnerability warning-the black bar safety net

In yesterday's release of the iOS 9 upgrade, Apple repair Alibaba Mobile Security Team discovered three security vulnerabilities: CVE-2 0 1 5-5 8 3 8, CVE-2 0 1 5-5 8 3 4, CVE-2 0 1 5-5 8 6 8 The. ! Wherein the CVE-2 0 1 5-5 8 3 8 this vulnerability can let hackers in a non-jailbroken iPhone 6 on...

Android 5. x-System-lock-screen bypass vulnerability, multi-vulnerability warning-the black bar safety net

Even if you use encryption the lock screen, the one present in Android 5. 1. 1 before the 5. x system vulnerabilities will also help an attacker to successfully bypass and get you phone access access. ! When your phone's camera app is in the active state, the hacker through the encrypted password...

Debian new version released: fix PHP and VirtualBox vulnerability-vulnerability warning-the black bar safety net

! The Debian maintainer has released a new version of theoperating systemto resolve the presence of multiple vulnerabilities, including a few PHP vulnerabilities, and Oracle’s VirtualBox（hereinafter referred to as the VBox application of a vulnerability. Fix PHP multiple vulnerabilities The new...

Windows10 Mount Point Mitigation & MS15-0 9 0 bypass-vulnerability warning-the black bar safety net

Symbolic Link vulnerability simple background description Symbolic Link is the Microsoft Windows System on one of the key mechanisms, from Windows NT3. 1 Introduction objects, and registry Symbolic Link, Microsoft from the Windows 2000 start also introduced the NTFS Mount Point and Directory...

Heart drop of blood away? 2 0 million equipment is still under threat-vulnerability warning-the black bar safety net

Heart drop of blood is already a thing of the past? NO! A lapse of more than a year after the infamous the heart of the blood security vulnerabilities and not completely disappeared, still the 2 0 million of network devices present a security threat. According to Shodan, the search results displa...

HackPwn: nine Yang smart soymilk crack the details of the analysis-vulnerability warning-the black bar safety net

Nine male DJ08B-D667SG soymilk is a smart milk machine, you can configure the WIFI connection to the Internet, the user can through the“nine Yang cloud appliances”mobile app for soymilk for remote control, remote turn on, turn off the milk machine and other functions. While in 2 0 1 5 HackPwn,...

Write a unable to uninstall the App – Device Manager vulnerability-vulnerability warning-the black bar safety net

Two days ago some friends found the phone has an app cannot be uninstalled, after known because the Device Manager to activate the LED, then go try to cancel, but the cancel the the moment the card machine. Repeatedly toss after, only to re-brush. Later he sent an article about the Device Manager...