7620 matches found
ecshop injection of a gold-bug warning-the black bar safety net
Should be the oldest of the injection bar, the new version of the seemingly does not exist in this file File deletecartgoods.php Source http://code.taobao.org/p/ecshopmodernshowmall/src/trunk/wwwroot/deletecartgoods.php if$POST'id' $sql = 'DELETE FROM '.$ GLOBALS'ecs'-table'cart'." WHERE recid="....
Threat warning: a lot of ubnt devices is Backdoor-vulnerability warning-the black bar safety net
This article elaborated: the discovery of a hacker attack, intrusion analysis, counter hack Server, successfully obtain permission and complete evidence of the whole process. Such an invasion is now also very much, especially for a specific system of orientation, but“blind scan”in the attack...
The food I buy network a system of weak password can be brute-force-vulnerability warning-the black bar safety net
The food I buy network a system of weak password Detailed description: By the nmap scan revealed the following address of Port: http://118.144.75.11:106/ Estimation is before the yw(the operation and maintenance system, and submitted through the yw's problems, and later said to be closed, and...
Cool Dog PC client remote JS code injection vulnerability(impact of the National cool Dog the user can hung it)-vulnerability warning-the black bar safety net
Mainly using the three vulnerability completed 1 cool Dog Radio backgroundxssvulnerability 2 cool Dog Radio personal background override vulnerability 3 cool Dog Radio home storage-typexssvulnerability 一 :http://www.kugou.com/fm2/app/musicshow/admin/njadmin/index.php Cool Dog Radio personal...
Beijing, Shanghai, including hundreds of hotel chains InnGate wireless router there are serious security vulnerabilities-vulnerability warning-the black bar safety net
Latest survey report shows that Beijing, Shanghai, including hundreds of Inn of the InnGate wireless router there are serious security vulnerabilities, an attacker would be able to get the hotel to monitor and document data, to the hotel customers spread computer viruses, and even can access the...
Cisco biannual patch day: repair a large number of IOS vulnerabilities-vulnerability warning-the black bar safety net
Cisco(Cisco on Wednesday released theoperating systemthe patch updates, which is a Cisco fixed every six months once the patch update date, next update may have to wait until the 9 month. The total update a 1 6 a security vulnerability, the main is a DOS vulnerability and the interface wedge...
Firefox 3 1 to 3 4 remote command execution vulnerability analysis-vulnerability warning-the black bar safety net
0x00 Preface Some time ago, the brother in a lot of the browser in the script-level vulnerabilities upgrade for remote command execution, almost daily all over the market on all domestic browser, which has become many people relish topic. Indeed, in today's this underlyingsecuritygrowing...
Hackers use PDF generator to steal the WEB files on the server-the vulnerabilities and early warning-the black bar safety net
TCPDF PDF generator is the most popular today for creating a PDF document the PHP library one of today's most popular open source projects. It every day with millions of user usage, the carrier generally is a CMS program or other WEB application. However, the hacker using TCPDF's a loophole that...
wild copy-exploits-vulnerability warning-the black bar safety net
0x00 Preface This is Project Zero on the articles, the original text of the Taming the wild copy: Parallel Thread Corruption of Links: http://googleprojectzero.blogspot.com/2015/03/taming-wild-copy-parallel-thread.html 2 0 0 2 year, Apache Web serverfound and fixed a very fun bug. The server...
Mozilla official rushed to repair the Pwn2Own contest on the disclosure of the Firefox browser vulnerability-vulnerability warning-the black bar safety net
3 on 1 8 March, the world's top hacker contest Pwn2Own2015 in Vancouver, Canada, opened the Battle screen, and the brightest great God recount, Mariusz Mlynski in a very short period of time compromised the Firefox get 3 0 0 0 0 $ a huge bonus. And Mozilla official at the end of the game...
“Tear forced war”in the second quarter: Google found Windows 7 and Windows 8.1 there is a local mentioning right and sandbox escape vulnerabilities, Microsoft deny it-vulnerability warning-the black bar safety net
The Google security team recently found that Windows 7 and Windows 8.1 there is a local mentioning right and sandbox escape vulnerabilities, it was Microsoft's ruthless denied. Google will publish vulnerability details and POC. Vulnerability description This problem exists in theoperating systems...
Without jailbreak iPhone 6 on steal Alipay and wechat payment account password-loophole warning-the black bar safety net
The vulnerability is iOS system vulnerabilities,and Alipay,wechat app has nothing to do. This article just take Alipay and micro letter as a demonstration of the vulnerability of the application,other applications can also be caught,forwarding those who do not taken out of context. This...
Adobe cve-2 0 1 1-2 4 6 1 vulnerability can still be exploited-vulnerability warning-the black bar safety net
A There have been four years of Adobe Flash patch did not correctly resolve the Flex application vulnerable issue, and the attacker still can exploit this vulnerability. Reportedly, this vulnerability affects the world Alexa rank of the top ten most popular sites in the 3 0 percent. Linkedln...
CVE-2 0 1 4-4 4 2 3 analysis process and findings-vulnerability warning-the black bar safety net
Primer Some time ago the“steamed rice”on his blog published the article“on a non-jailbroken iPhone 6 iOS 8.1.3 on phishing attacks stealing App Store passwords”, see the article later to try to reproduce the whole process. Since the“steamed rice”the entire process is described more clearly, combi...
Qi Bo cms all products are proof there is a back door, please the majority of users attention-vulnerability warning-the black bar safety net
According to the white hats in a vulnerability on the platform submitted to the loopholes of the display, the well-known open-source program qibocms all products have been added to the back door. ! /Article/UploadPic/2015-3/2 0 1 5 3 2 5 1 1 4 1 3 1 8 6 0. png According to the features prior to...
Operators issued a large number of routers to contain high-risk vulnerabilities, most of the“problem router”IP in China-vulnerability warning-the black bar safety net
! According to statistics, the global operators to the General Public of Internet users has issued at least 7 0 million ADSL Router, but unfortunately, these routers exist high-risk vulnerabilities, and thus is likely to cause large-scale router attacks. It is worth mentioning that most of...
Flash patch is released for four years, a vulnerability is still a vulnerability-vulnerability warning-the black bar safety net
Early in the 2 0 1 1 year Adobe Flash will released a security vulnerability patch still fails to work, today an attacker can still exploit the vulnerability to attack, Alexa rank of the top ten popular websites in the three are affected by the vulnerability. Vulnerability description LinkedIn...
Pan micro-Eoffice without having to log in directly getshell-a vulnerability warning-the black bar safety net
Detailed description: To website demo, for example, the Pan-micro connection to the database file named mysqlconfig. ini,Direct Download ! 1.jpg Pan micro-phpmyadmin address for/phpmyadmin or/phpmyadminall,pan micro demon:8 0 2 8/phpmyadminall/ The official website of the demo is awesome, don't...
Snowden recognized.“fourth citizen”hacker tool kit-vulnerability warning-the black bar safety net
On Snowden's latest Oscar best documentary, the most interesting point is in the fourth citizens ' at the end, is He of the various security software's Acknowledgements. Snowden two years ago, the leaked information is still affecting the people today of the life, and opened the data security,...
Easy enterprise CMS specific case Getshell vulnerability analysis-vulnerability warning-the black bar safety net
Easy enterprise CMS(yiqicms is the domestic well-known marketing enterprise built Station system, based on PHP+MySQL development. Free and open source, on SEO more friendly. Recently, Ali's patch monitoring platform Diviner monitoring to yiqicms in a particular case is Getshell vulnerabilities...
Cisco IP Phone exposed high-risk vulnerabilities can cause remote eavesdropping-vulnerability warning-the black bar safety net
Cisco small business phone the firmware of the exposed high-risk vulnerability, the attacker can the exploit monitor private telephone calls and remote dial telephone, and that a series of malicious acts does not require any authentication. Remote monitoring and makethe words The vulnerability,...
Hilton Hotel The Official Website of the CSRF vulnerability-vulnerability warning-the black bar safety net
! A world-class hotel chains--Hilton Hotel The Official Website of the aeration CSRF(cross-site request forgery)vulnerabilities, while the CSRF vulnerabilities in the most security researchers eyes not on the“high-risk”, but this vulnerability can be not small. Change the password can be obtained...
Decrypted Nuclear exploit kit Flash exploit encryption-vulnerability warning-the black bar safety net
In recent years, the rise of Exploit Kit the EK collection a variety of exploit tools for a variety of file formats for automated analysis, exploit test. The more famous EK with Blackhole EK, Phoenix EK, Nuclear EK, etc. Recently we received Nuclear EK new sample, then the VT of the samples were...
A text control on your phone! The Android platform SQL injection vulnerability analysis-vulnerability warning-the black bar safety net
0x0 Foreword 1 4 years 1 1 months of the author in the Baidu xteam blog to see the disclosure of the earlier report to Google the CVE-2 0 1 4-8 5 0 7 vulnerability details-the system code in the processing via the SMS carrying the WAP push content is generated when the classicSQL...
WordPress plugin Google Analytics by Yoast stored XSS vulnerability-vulnerability warning-the black bar safety net
WordPress famous plugin Google Analytics by Yoast plug-in exposed storage-typeXSSvulnerability that can allow unauthorized attackers in the WordPress admin panel to store any HTML code, including JavaScript. The administrator to view the plugin Settings panel is a JavaScript will be triggered, do...
The latest Flash vulnerability has now been added to the Nuclear exploit kit-exploit-warning-the black bar safety net
! Trend Micro latest study found that the Nuclear exploit(Exp)Toolkit latest version has been added to the March just to fix a Flash Player Vulnerability CVE-2 0 1 5-0 3 3 6。 This Flash serious vulnerability is only as Adobe March, a routine update is fixes, Adobe will its the software version...
Sina micro-activities there is fishing exploits user information for fear of disclosure-vulnerability warning-the black bar safety net
Through the vulnerability enables the system to automatically send the information to tell you have winning increasing confidence in! ! This is sent after the event within 3 minutes the recruitment of the user ! In ten minutes I'll gather up 3 0 0 name of the user information! Liar proof: 1 2 nex...
Apple killed the previous jailbreak also inadvertently fixes a new vulnerability-vulnerability warning-the black bar safety net
Apple some time ago released iOS 8.2 to fix the Tai Chi team in the 8.2 Beta 1/Beta 2 jailbreak which used the vulnerability, which is apples and Tai Chi teams are already confirmed. Tai Chi also reminded the majority of jailbreak users, currently for the iOS 8.2 jailbreak tools are still being...
Breakdown of the Android system those DOS vulnerability-vulnerability warning-the black bar safety net
0x00 Preface The Android system there are some vulnerabilities can lead to system reboot, of course, allow the system to restart just a phenomenon, these vulnerabilities there may also be elevation of Privilege, execution code, etc. This article to restart this phenomenon is the basis for...
Shellcode Win x86-6 4 - Download & execute (Generator)-bug warning-the black bar safety net
Title: Obfuscated Shellcode Windows x86/x64 Download And Execute Use PowerShell - Generator length: Dynamic ! depend on url and filename Date: 2 0 January 2 0 1 5 Author: Ali Razmjoo tested On: Windows 7 x64 ultimate WinExec = 0x77b1e695 ExitProcess = 0x77ae2acf ==================================...
[CVE-2 0 1 5-0 0 9 6]Microsoft Windows Shell SMB LNK Code Execution Exploit-vulnerability warning-the black bar safety net
require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::EXE include Msf::Exploit::FILEFORMAT include Msf::Exploit::Remote::SMB::Server::Share attraccessor :exploitdllname def initializeinfo = superupdateinfoinfo, 'Name' = 'Microsoft Windows Shell LN...
Adobe Flash Player ByteArray UncompressViaZlibVariant Use-After-Free-vulnerability warning-the black bar safety net
require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Powershell include Msf::Exploit::Remote::BrowserExploitServer def initializeinfo= superupdateinfoinfo, 'Name' = 'Adobe Flash Player ByteArray UncompressViaZlibVariant Use After Free', 'Description...
Linux MIPS execve-vulnerability warning-the black bar safety net
include stdio. h / Sanguine@debian-mipsel:/leaveret cat MIPS36bsc. s . section . text . globl start . set noreorder start: slti $a2, $zero, -1 set a1 to zero p: bltzal $a2, p not branch always and save ra slti $a1, $zero, -1 set a1 to zero addu $a0, $ra, 4 0 9 7 a0 + 1 6 addu $a0, $a0, -4081 li...
HP ArcSight Enterprise Security Products exposure to high-risk security vulnerabilities-vulnerability warning-the black bar safety net
On Tuesday, the United States Carnegie Mellon University computer Emergency Response Team CERT Coordination Center issued a notice, the Polish security researcher Julian Horoszkiewicz in HP ArcSight series products found5 security vulnerabilitiesthe. Vulnerability: upload arbitrary file...
The Ghost vulnerability the GHOST remote using the EXP-bug warning-the black bar safety net
This article demonstrates one of the Ghost vulnerability the GHOST of EXP, this EXP is Metasploit a module. This Metasploit module can be remote exploit CVE-2 0 1 5-0 2 3 5 out of glibc library gethostbyname function heap overflow vulnerability vulnerability, the goal is to run the Exim mail...
Qi Bo CMS variable coverage leads to sql injection vulnerability analysis report-vulnerability warning-the black bar safety net
Blog post author: Alibaba security research lab—supporting su Release date: 2015-3-10 Blog post content: The recent Alibaba security research laboratory vulnerability monitoring system to monitor attendance Bo cms exist high-risk vulnerabilities that can lead to SQL vulnerability and thus affect...
Apple Mac OS X system is found to exist DLL hijacking vulnerability-vulnerability warning-the black bar safety net
DLL hijacking from 2 0 0 0 years has started to plague Windows systems, and now this attack also in most people's eyes“the most secureoperating system” - Apple Mac OS X appears on the. This week, Synack researcher Patrick Wardle, held in Vancouver at CanSecWest meeting made a speech, he explained...
MongoDB management tool exposure remote code execution vulnerability-vulnerability warning-the black bar safety net
MongoDB, the IT sector mainstream non-relational database NoSQL platform is one that is based on a table of a relational database of the popular alternatives. Recently, the management for MongoDB is a GUI tool phpMoAdmin is the storm has a very serious security vulnerability, once exploited, this...
The financial industry platform for common security vulnerabilities and prevention-vulnerability and early warning-the black bar safety net
A Foreword Internet Finance is the two years in the financial sector of emerging terminology, but also the Internet industry is an important branch, but the Internet Finance is not the Internet and the financial industry of simple binding, but in achieving security, mobile, etc. network technolog...
Android DropBox SDK Vulnerability, CVE-2 0 1 4-8 8 8 9 analysis-vulnerability warning-the black bar safety net
Today, personal data are stored in the cloud, which makes it like a photo backup or General storage as service can not only be accessed by the user, can also be representative of the user of the app the access. In many ways, including access to the control functions of the app and the service...
D-Link friends of the perbadanan router Exposure the remote file upload and command injection vulnerabilities-vulnerability warning-the black bar safety net
D-Link router security also really many, some time ago just burst home Router the presence of a remote command injection vulnerability, and then someone in their firmware on the discovered two remotely exploitable vulnerabilities. An attacker could exploit the vulnerability can remotely access th...
Betster SQL injection vulnerability-vulnerability warning-the black bar safety net
Betster, also known as the PHP Betoffice is a set used to create the based on PHP, MySQL, and JavaScript online casino software. Betster 1.0.4 version in the presence ofSQL injectionvulnerability stems from the showprofile. php or categoryedit. the php script does not adequately...
Android HTTPS MiTM hijacking vulnerability analysis-vulnerability warning-the black bar safety net
The 1. Android HTTPS MiTM hijacking vulnerability description In cryptography and computer security field, the man in the middle attacks Man-in-the-middle attack, often abbreviated as MITM refers to an attacker with the communications at both ends, respectively, to create the separate contact, an...
On elasticsearch1. 4. 3 The following version of the security vulnerabilities in the attack process reproducibility-vulnerability warning-the black bar safety net
elasticsearch1. 4. 3 The following are a few version you can execute groovy scripts, this is after the use can directly call the Windows cmd command and linux shell. Online there are some articles, but writing is not enough ground gas, and here I reproduce this vulnerability during the attack,...
ShopEx an injection vulnerability fix is not complete-bug warning-the black bar safety net
In the clouds to see this http://wooyun.org/bugs/wooyun-2014-088313 So hand cheap points to open, found that the repair is not complete. It turned out what seemed like protection are not, now parameter to add the double quotes and braces to protect, turned into"xxx"like this, can still be injecte...
Mastery oa at the secondary injection vulnerability-vulnerability warning-the black bar safety net
Brief description: Paralysis of the software Detailed description: ! QQ 图片 20141215110029.jpg Add the attention of the people, many functions rely on the data code area POST http://121.40.134.14/general/personinfo/concernuser/update.php HTTP/1.1 Host: 121.40.134.14 Connection: keep-alive...
Microsoft MS10-0 4 6 details of the analysis-vulnerability warning-the black bar safety net
As early as the year 1 and the beginning researcher Michael Heerklotz found one of the Windows operating system 0day the. We put this hole named ZDI-1 5-0 8 6, herein, the technical details are based on his research and a summary. In order to understand his reports of sense, we need to recall the...
Adobe fixes 1 1 Flash high-risk vulnerabilities, mostly by the Google Project Zero team found-vulnerability warning-the black bar safety net
Following the Microsoft in this week's bug fix may fix the Stuxnet and FREAK vulnerability after, Adobe also ushered in a massive patch update. The Adobe update the Flash Player on the 1 1 high-risk vulnerabilities, most of which are remote arbitrary code execution vulnerability. Affected Softwar...
Cheetah wifi under a non-certified remote control PC power off, lock-screen-vulnerability warning-the black bar safety net
Brief description: In the computer open the Cheetah WiFi hotspot, a feature is a remote control computer shutdown and lock screen, found that authentication only by mac address binding, can be fake mac address to bypass authentication Detailed description: ! 1418485757111276.jpg wireshark packet...
WebView File domain origin policy bypass vulnerability analysis-vulnerability warning-the black bar safety net
The 1. WebView File domain origin policy bypass vulnerability description 2 0 1 3 years 1 0 months, the external broke FireFox for Android there file domain origin policy bypass vulnerability that may be caused by cookies and other sensitive information leaked, a hacker can use this vulnerability...