The use of DVRF learn firmware analysis series a-vulnerability warning-the black bar safety net

With a variety of hardware devices vulnerabilities more and more people concern, as well as by a malicious attacker a large advantage. As a Security Researcher, Learning Analytics firmware vulnerability, a timely warning to patch vulnerabilities is becoming increasingly important. This series of...

Router exploitation of the Stack Overflow entry II-vulnerability warning-the black bar safety net

Foreword Finally, in learning MIPS vulnerability discovery process, to find a good drone platform The Damn Vulnerable Router Firmware Project Project address: https://github.com/praetorian-inc/DVRF The goal of this project is to simulate a real world environment to help people learn about other C...

Chrome by opening the pdf file information disclosure 0day warning-vulnerability warning-the black bar safety net

0x00 vulnerability background GMT 2 May 28, 360CERT monitoring to edgepot. io published a blog post publicly disclosing the Chrome by opening the pdf file leaked information of 0day vulnerabilities, the vulnerability is successfully exploited can lead to the target user IP address and other...

Hidden for 19 years WinRAR code execution vulnerability-vulnerability warning-the black bar safety net

The researchers found WinRAR logic vulnerabilities that can full access to the victims computer control. The exploit only requires from the compressed file to extract it can work, more than 5 million users affected. More importantly, the vulnerability has been there 19 years, forcing WinRAR...

WinRAR aeration elder has a major vulnerability that hackers can be malicious programs implanted in the boot process-vulnerability warning-the black bar safety net

Foreign security agencies to Check Point disclosed that of the famous compression software WinRAR the presence of a elder level of security vulnerability once used by hackers, hackers could a malicious app implant user's computer by a boot program, the vulnerability in 2005 already exists. WinRAR...

VR social app Bigscreen presence of security vulnerabilities, hackers executable MITR attack-vulnerability warning-the black bar safety net

Connecticut West Haven University security team found the VR social platform Bigscreen there is a serious security vulnerability. The vulnerability allows the attacker without the player permission to enter their virtual reality space, thereby enhancing system is embedded in a malicious program b...

Type confusion vulnerability instance analysis-vulnerability warning-the black bar safety net

Type confusion vulnerability in General is the type of data A as data of Type B to resolve the reference, which may lead to illicit access to data and thus execute arbitrary code. This article by IE type confusion vulnerability examples and Word type confusion vulnerability examples for analysis,...

Successfully acquired WinRAR 19-year-old code-execution vulnerability-a vulnerability warning-the black bar safety net

In this paper, we describes how to use the WinAFL fuzz testing tool Find WinRAR in the logic error, and use it to completely control the volatile trap host story. The vulnerability only by extracting a carefully constructed archive file can be successfully exploited, so that more than 5 billion...

iPhone FaceTime call vulnerability alerts-a vulnerability alert-the black bar safety net

Recently, 360CERT monitor to iPhone FaceTime calls appear privacy disclosure vulnerability. The vulnerability allowed the attacker in the victim to answer the FaceTime call before to get murdered in the audio, resulting in user privacy leakage. Currently, Apple has suspended the FaceTime service,...

HEVD pool overflow analysis-vulnerability warning-the black bar safety net

Prepare the environment Win 10 64-bit host + win 7 32-bit virtual machine Windbg: a debugger VirtualKD-3.0: double-click the debug tool InstDrv: the drive is installed, run the tool HEVD: a Windows kernel vulnerability training project, which almost covers the kernel may exist, all vulnerability...

360 Code Guard help D-LINK to fix multiple high-risk vulnerability brief technical analysis-vulnerability warning-the black bar safety net

Recently, the 360 Enterprise Security Group Code Guard team of security researchers found that the Friends newsD-LINKthe company's product line DIR-619, THE DIR-605 series routers and two high-risk security vulnerabilityCVE-2018-20056 and CVE-2018-20057, and the first time to the Friends of the...

PhpSpreadsheet 1.5.0 XXE vulnerability reproduction and analysis-vulnerability warning-the black bar safety net

0x01 introduction PhpSpreadsheet is a very popular pure PHP class library that allows you to easily read and write Excel, LibreOffic Calc and other spreadsheet file formats, is PHPExcel alternative. 2018 11 October 13, PhpSpreadsheet was broke presence of the XXE vulnerability, CVE-2018-19277, in...

Ship new releases of Exchange Server to mention the right vulnerability analysis-vulnerability warning-the black bar safety net

In the majority of the use of Active Directory and Exchange Organization, Exchange servers typically have very high permissions on the Exchange Server administrators can upgrade to a domain administrator. I recently read a report from ZDI articlesCVE-2018-8581 technical details of its use, which...

Impact of 62 million devices: the interpretation I is how to find the Marvell Avastar Wi-Fi remote code execution vulnerability-vulnerability warning-the black bar safety net

One, overview In the present study, I will mainly analyze the Marvell WiFi-FullMAC SoC security. Since we have not yet completed the product with a chip of a wireless device of research, and therefore which may contain large amounts of unaudited code, which might appear serious security problems...

Apache Spark RPC Protocol deserialization vulnerability analysis-vulnerability warning-the black bar safety net

Front a burst of Spark official release of the title for the CVE-2018-17190: Unsecured Apache Spark standalone executes user code of the security Bulletin. The announcement indicated the vulnerability affects version to full version, and does not indicate a repaired version, only the relevant...

One plus one phone Root backdoor analysis-vulnerability warning-the black bar safety net

Vulnerability details In one of the engineering mode in the presence of Root mention the right rear door, the vulnerability by nowsecure team found. For more details click on-https://www. nowsecure. com/blog/2017/11/14/oneplus-device-root-exploit-backdoor-engineermode-app-diagnostics-mode/...

Exchange Server mention the right vulnerability alerts-a vulnerability alert-the black bar safety net

0x00 vulnerability background The vulnerability to the MSRC in 2018 年 11 月 13 published a can on the Exchange Server to achieve elevation of privilege vulnerability number CVE-2018-8581。 According to the MSRC of the vulnerability description information that the attacker successfully exploits thi...

CVE-2019-3462: apt/apt-get remote code execution vulnerability alerts-a vulnerability alert-the black bar safety net

0x00 vulnerability background 2019 1 May 22, @Max Justicz in his blog is disclosed about the debian-based package Manager apt/apt-get remote code execution in some detail. When by APT for any software installation, update, etc., the default will be to go HTTP instead of HTTPS, an attacker can MiT...

Razer Synapse 3 Windows client local to mention the right vulnerability analysis-vulnerability warning-the black bar safety net

A, vulnerability introduction Razer Synapse（Ray cloud software installed in the system a service Razer Synapse Service, the service to NT AUTHORITY\SYSTEM permissions to run 会加载C:\ProgramData\Razer\目录中的多个.NET assembly. C:\ProgramData\Razer\and its subdirectories/files in the permissions aspect is...

Router exploitation of the Stack Overflow entry a-vulnerability warning-the black bar safety net

MIPS instruction set is mainly used in some embedded IOT devices, such as Router, camera. To these devices for binary vulnerability mining you need to have the MIPS to have a certain familiar. The MIPS instruction set of Stack Overflow and the x86 instruction set is different, so the exploits is...

Gradle Plugin Portal: the combination of Clickjacking and CSRF vulnerabilities to achieve account takeover-vulnerability warning-the black bar safety net

A Clickjacking vulnerability 1.1 about Clickjacking Clickjacking, also referred to as“user interface redress attack, UI Redress Attack”, and refers to an attacker uses multiple transparent or opaque layers, and convincing the user intends to click on the top of the page, click to other pages on t...

Linux 3 a serious vulnerability systemd, may lead to data breaches-vulnerability warning-the black bar safety net

! Recently, security researchers announced a Linux system systemd in three serious vulnerabilities, namely CVE-2018-16864, CVE-2018-16865, and CVE-2018-16866。 Attackers exploiting these vulnerabilities may obtain a target machine's root access, and even may lead to information disclosure. Systemd...

WordPress. org can be worm attack stored XSS vulnerability disclosure-vulnerability warning-the black bar safety net

WP GDPR Compliance is WordPress, a very popular plugin, it is found that the presence of privilege escalation vulnerabilities, the exploits, the attacker can easily hijack thousands of websites. Although a plug-in vulnerability represents only use it on the website of the security flaws, however,...

The RPC vulnerability mining case studies, on-vulnerability and early warning-the black bar safety net

2018 8 the end of the month, a self-proclaimed“sandbox escape”SandboxEscaperof female researchers released a Windows local privilege escalation 0 day vulnerability. In addition, also attach a proof of concept attack that allows hackers to read the system in unauthorized areas, but at the moment...

A use cve-2017-11882 and cve-2018-0802 combination of vulnerability a malicious document analysis-vulnerability warning-the black bar safety net

! Recently intercepted an extension doc word document to attack the samples, which format is actually RTF format. By analyzing the document composition the use of a cve-2017-11882 and cve-2018-0802 vulnerability, and use the embedded excel object is used to trigger the vulnerability. The release ...

CVE-2018-20129: DedeCMS V5. 7 SP2 front Desk file upload getshell vulnerability alerts-a vulnerability alert-the black bar safety net

2018-12-11 in CVE Chinese application station published a DEDECMS 5.7 SP2 is the latest version there is a file upload vulnerability, with administrator privileges can exploit this vulnerability to upload and getshell execute arbitrary PHP code. After analysis and verification. The vulnerability...

I is how to pass the ASP Secrets read Get 1. 7 million USD reward-vulnerability warning-the black bar safety net

ASP. NET application in the more common vulnerability is a local file disclosure. If you have never develop or use such technology, then the LFD exploit can be very difficult, and no practical effect. In this article, I describe how to attack a presence in the LFD vulnerability of the application...

See how I through nodejs in the SSRF full control of the aws-vulnerability warning-the black bar safety net

This is me at hackerone on a private vulnerability bonus program found a loophole, found that the use of and write the report it took me 12 and a half hours, without a break. Through this loophole, I can get to the AWS credentials, I can be completely invaded the company's Account: I now have 20...

For more DirectX kernel vulnerability analysis-vulnerability warning-the black bar safety net

Operating systemthe kernel, is often every well-known vulnerability is the use of chain final goal. Throughout the years of Zero Day Initiative, ZDI）Pwn2Own contest relates to the vulnerability, in fact, it can be found in this law. For a long time, the Windows kernel has always been to attack th...

Crypto currency mining machine using Elasticsearch vulnerability propagation-vulnerability warning-the black bar safety net

ElasticSearch is based on Lucene search server. It provides a distributed multi-user capability of the full-text search engine, based on the RESTful web interface. Elasticsearch is developed in Java, and as the Apache license under the terms of the open source release, is the current popular...

phpMyAdmin released a security update to fix 3 vulnerabilities-vulnerability warning-the black bar safety net

phpMyAdmin release new versions that fix multiple security vulnerabilities phpMyAdmin released yesterday the new version 4. 8. 4, fixes multiple security vulnerabilities. Previous, 12 on 9, phpMyAdmin official has released the update notice, to remind the user to 11, afternoon to evening for...

How to tap the RPC vulnerability, Part 1-the vulnerability warning-the black bar safety net

One, Foreword 2018 Year 8 months late, and one researcher（SandboxEscaper open a Windows local privilege escalation 0day vulnerabilities. On the Internet public after less than two weeks time, the vulnerability has already been malware attacks by using reference ESET articles published in. This...

Kubernetes user privilege elevation vulnerability, the exposure to security risks-vulnerability warning-the black bar safety net

Recently, Kubernetes open source container software found a key of a user privilege elevation vulnerability, CVE-2018-1002105, which software is today most of the cloud infrastructure of the fixed component. This vulnerability can allow an attacker unrestricted remote access, steal data, or cause...

From DirectX to the Windows Kernel--a few of the CVE vulnerability analysis-vulnerability warning-the black bar safety net

One, Foreword Operating systemthe kernel is each vulnerability the use of chain final goal, we can view the Zero Day Initiative ZDI Pwn2Own calendar year, race, and understand this aspect of the content. Windows kernel has always been the attacker keen to target, my favorite is the abuse of the...

How to use QuartzCore Stack Overflow to achieve the iOS/macOS Safari sandbox escape-vulnerability warning-the black bar safety net

A vulnerability summary QuartzCore-that CoreAnimation is macOS and iOS is used to build animations scene graph of a framework. CoreAnimation uses a unique rendering of the model to a separate process to run the graphics operations. In macOS, the process is the WindowServer, and on iOS, the proces...

A CVE-2017-11882 vulnerability is a new variation of a sample of the debugging and analysis-vulnerability warning-the black bar safety net

Recently harvested a suffix called doc word document, view the After is actually a rich text format document. In a test environment to open after the discovery of a network connection and executing a program of action, determine the sample is malware document. After a preliminary analysis, found...

The United States Postal Service, the Amazon company due to API defects lead to a large number of customer data exposure-vulnerability warning-the black bar safety net

The United States is an annual holiday shopping carnival on Friday officially kicked off, and at the same time, the United States Postal Service and Amazon but there were two security incidents, both with the API using the improper about this event affected millions of people, at the same time...

DVWA Pro-test CSRF vulnerability-vulnerability warning-the black bar safety net

CSRF is a cross-site request forgery, i.e., a user at A site after login in the same client of the Site B using the vulnerability to get A site's Cookie and other authentication information, and forgery as legitimate identity request to A site. This article in the local environment, carry out the...

Part of the middleware vulnerability summary-vulnerability warning-the black bar safety net

! Do the spectators for a long time, found that there has been no better middleware vulnerability of the summary of the article, just recently doing this to learn, this only summarizes a small portion of the middleware common vulnerabilities for learning reference, follow-up will complement the...

Router vulnerability-prone, Mirai new variant of the struck-vulnerability warning-the black bar safety net

One, Foreword Recently, Tencent Security Cloud Ding lab to listen to the wind threat perception platform monitoring the discovery A to attack router worm, after analysis, found that this worm is mirai virus new variants, and before mirai viruses, the worms not only by the early generation of mira...

WordPress Plugin Quizlord 2.0 XSS vulnerability reproduction and analysis-vulnerability warning-the black bar safety net

WordPress is a PHP language development blog platform, users can support PHP and MySQL database server set up your own website. You can also put WordPress as a CMS to use. WordPress often broke loopholes is it the plug-in there Security. Vulnerability reproduction First build worepress, my versio...

CVE-2018-4277: a“pie”triggered spoofing-vulnerability warning-the black bar safety net

Researchers looking for the browser front-end security issues found in Chrome, Safari, Firefox and other browsers there is a security vulnerability. This article describes Apple products Alphabet d-shaped problems caused by domain spoofing problem. U+A771 The researchers found that Apple products...

Those years make us tremble in fear of the IIS vulnerability-vulnerability warning-the black bar safety net

One, the world's third largest network server Internet Information Services IIS, formerly called Internet Information Server Internet Information Service is Microsoft the company to provide scalableWeb server, support for HTTP, HTTP/2, HTTPS, FTP, FTPS, SMTP and NNTP, etc. Initially for Windows N...

A large number of third-party Android ROM is not configured correctly resulting in information leakage warning-vulnerability warning-the black bar safety net

11 November 22, Magisk author topjohnwu published articles that mentioned him in the study of Fate/Grand Order mobile game root detection mechanism when found present in millions of android devices on the vulnerability, exploit the vulnerability will leak on the system to process information. In...

WannaMine upgrade to V3. 0 version, the alert caught it! - Vulnerability warning-the black bar safety net

Recently, several companies feedback a large number of hosts and services, the presence of Cottonwood and blue screen phenomenon, in the quest for Sangfor assists after using EDR for the entire network scan found a large number of hosts infected by the same virus. Sangfor security team Research...

ghostscript sandbox bypass remote command execution vulnerability alerts-a vulnerability alert-the black bar safety net

! 0x00 vulnerability background 11 on the 21st, Semmle team of security researchers Man Yue Mo by semmle website, once again that ghostscript security sandbox can be bypassed by constructing a malicious PDF content that can cause remote command execution. ghostscript is widely used, ImageMagick,...

HackerOne two-factor authentication and reporting those to the blacklist bypass vulnerability（$10,000）-bug warning-the black bar safety net

Hello everyone, today I want to share with you is a HackerOne-related vulnerabilities, using the vulnerability, I can bypass the HackerOne vulnerability presented when two-factor authentication mechanisms 2FA and the bounty project, A Bug Bounty Program for reporting those to the blacklist...

WP AMP plug-in vulnerability analysis-vulnerability warning-the black bar safety net

The researchers found the WordPress plug-in AMP for WP – Accelerated Mobile Pages the presence of vulnerabilities. AMP is to move the page to the acceleration of the mean, is a by Google the company launched speed up mobile page load speed of the project, you can let the mobile terminal in the...

Safari+macOS full exploit chain-vulnerability and early warning-the black bar safety net

At this year's Pwn2Own 2018 game, there is more for the Apple Safari browser attack challenge, today we will introduce for Safari remote code executionRCE, sandbox escapes, local privilege escalationLPEand for macOS 10.13.3 kernel exploits. To attack the challenges of the environment settings...

VirtualBox virtual machine latest escape vulnerability E1000 0day detailed analysis of under-vulnerability warning-the black bar safety net

Recently, Russian security researcher Sergey Zelenyuk released for VirtualBox 5.2.20 early version of the zero-day exploit detailed information, these versions can allow an attacker to escape the virtual machine and executed on the host RING 3-layer code. Then, the attacker can take advantage of...