7620 matches found
Tomcat the presence of a remote code execution vulnerability-vulnerability warning-the black bar safety net
Open source WEB containers–Apache+Tomcat old versions are vulnerable to remote code execution attacks. Mark Thomas, a long-term commitment to the Apache+Tomcat worker called “In some cases, the user can upload a malicious JSP files to Tomcat running on the server, and then execute the command. Th...
cURL/libcURL Cookie handling remote security bypass Vulnerability(CVE-2 0 1 4-3 6 2 0)-vulnerability warning-the black bar safety net
Affected system: cURL cURL 7.31.0 - 7.37.1 Description: BUGTRAQ ID: 6 9 7 4 2 CVECAN ID: CVE-2 0 1 4-3 6 2 0 cURL/libcURL is a command-line file transfer tool that supports FTP, FTPS, HTTP, HTTPS, GOPHER, TELNET, DICT, FILE and LDAP. cURL/libcURL 7.31.0 - 7.37.1 version error for TLD set a cookie...
Sudi Webplus 3 EX website group Content Management System any user password-reset-vulnerability warning-the black bar safety net
Sudi technology Webplus 3 EX website group content management system, the user password retrieve function design flaws lead to arbitrary user password reset. Test operation is as follows: 1. Since we don't have test account, so you need to register an account: the registered address by default is...
Ecmall several SQL injection vulnerability-vulnerability warning-the black bar safety net
Search, find/app/sellergroupbuy. app. php there are 6 injection: Are the files under the drop,start,finished,desc,cancel,logfunction in the id parameter To finished , for example: function finished $id = empty$GET'id' ? 0 : $GET'id';//id parameter is not filtered if !$ id...
1 2 3 0 6 a sub-site at Oracle blind injection+background leakage+a bypass vulnerability-vulnerability warning-the black bar safety net
1. mail. 1 2 3 0 6. cn an Oracle blind injection: the domain parameter is not filtered, causing the injection,can be according to the query returns the time to guess the solution. POST http://mail.12306.cn/app/mail/login domain=aaa'XORifselect 1 from...
phpcms avatar upload vulnerability and the subsequent impact-vulnerability warning-the black bar safety net
Summer vacation writing articles, recent blog didn't dry, issued to entertainment. In response to the love of pot Mramydnei, the line masters of Somali pirates, the fd cattle(/fd's call for the establishment of the parsec team, and fellow teachers over the years of my education, I want to write...
The world's most secure phone Blackphone security issues and vulnerability details-vulnerability warning-the black bar safety net
Blackphone,the carrier-independent and vendor-independent smartphone is stored privacy and let theuserhas direct permissions to the target is created, known as the world's most secure phone. However, the Bluebox security team in testing the phone, found that is not nothing. ! The research team...
freeshell fix side-channel attack vulnerabilities-vulnerability warning-the black bar safety net
Vulnerability science Side-channel attacksside channel attack referred to as SCA, also known as side-channel attacks:for the encryption of electronic devices during the run time consumption, power consumption or electromagnetic radiation or the like of the side-channel information leakage and...
Microsoft IE is now a new security vulnerability in Windows XP without D-vulnerability warning-the black bar safety net
Microsoft today released a 2 9 6 3 9 8 3 Safety announcement, from IE 6 to IE 1 and 0 of the browser is to detect a remote code execution vulnerability, the user accesses the particular design through the malicious site would be subjected to similar processing e-mail link to the attack. The curre...
Each of the big CMS vendor CMS the presence of of the same design flaws-vulnerability warning-the black bar safety net
Brief description: In order to write this exploit I have downloaded a lot of CMS doing a lot of experiments, and. Most of which are talked about are the dark clouds already on the Register of vendors, including: Ecshop, And PHPwind, and 74CMS, etc... Here is submitted to on the one hand in order ...
08cms home system injection vulnerability-vulnerability warning-the black bar safety net
Title: 08cms home system injection vulnerability Team: 0 8 Security Team Author: 0 8 Security Team Starters: 0 8 Security Team This loophole in the 5 month has been the audit came out, now the vulnerability is released. Register an account member profile-basic information view form to get your ow...
launchAnyWhere: Activity Assembly permission bypass vulnerability analysis(Google Bug 7 6 9 9 0 4 8 )-vulnerability warning-the black bar safety net
Authors: Shin di Reprint please indicate the source http://blogs.360.cn/360mobile/2014/08/19/launchanywhere-google-bug-7699048/ A few days ago in the trial gitx this software happened to see Google fix a vulnerability, and recorded as a Google Bug 7 6 9 9 0 4 8 and. This is a AccountManagerServic...
ProFTPD 1.3.0/1.3.0 a (mod_ctrls support) Local Buffer Overflow Exploit vulnerabilities and attack code analysis-vulnerability warning-the black bar safety net
Exploit code URL: ! 1, Operating environment: 1, The ProFTPD 1.3.0/1.3.0 a 2, the compiled ProFTPD,--enable-ctrls option must be open ./ configure --enable-ctrls 3, the local user need to have through the Unix Socket permission to connect 2, The Run parameters: revenge@darklight$ ./...
metasploit get the vsftp server root access-vulnerability warning-the black bar safety net
vsftpd version 2 to 2. 3. 4 the presence of a backdoor vulnerability, an attacker may by the vulnerability to gain root privileges. This with backtrack integration of metasploit to do the test,metasploit integrates with a wide variety of vulnerabilities, we can use the server, personal PC and...
U-Mail Mail Service system arbitrary file upload+execution vulnerabilities runtime defects and authentication bypass)-bug warning-the black bar safety net
Brief description: PRODUCT DESCRIPTIONtaken from website U-Mail focus on email field 1 to 5 years, for enterprises to easily build the most secure and stable e-mail system software. Keywords: 1 5 years the safest most stable 1 5 year the safest and most stable , woxaole,so wonderful code, so...
SqlMap of mysql udf.dll provide right-vulnerability warning-the black bar safety net
First upload the dll file to any directory, such as: D:/RECYCLER/libmysqludfsys.dll Import the dll,according to the version of the import to windows or the mysql plugin directorytypically executing a select @@plugindir can be seen in the plugin directory specific path select...
Android built-in browser cross-domain vulnerabilities UXSS-a vulnerability warning-the black bar safety net
Related links: http://www.rafayhackingarticles.net/2014/08/android-browser-same-origin-policy.html Test Link: http://x7s.pw/001.html iframe name="m" src="http://www.myhack58.com/" onload="window. open'\u0000javascript:alertdocument. location','m'" Genesis: because the Android built-in browser to...
ProFTPd Local pr_ctrls_connect Vulnerability - ftpdctl vulnerability and exploit code analysis-vulnerability warning-the black bar safety net
Exploit code URL: http://www.exploit-db.com/exploits/394/ ! 1, Operating environment: 1, The ProFTPD 1.3.0/1.3.0 a 2, the compiled ProFTPD,--enable-ctrls option must be open ./ configure --enable-ctrls 2, The Run parameters: root@kali: gcc 3 9 4. c-o 3 9 4 root@kali: ./ 3 9 4 –s option -p...
Android browser vulnerability Cheetah, 3 6 0, surf, etc. are affected-vulnerability warning-the black bar safety net
It is reported that the vulnerability is exposed after, the black bar safety net vulnerability reporting platform for this vulnerability has been tested, found that the vulnerability can be when a user visits a malicious web site that quietly steal the user the access to the site within the...
PHP contains a vulnerability study-vulnerability warning-the black bar safety net
0x00containing the vulnerabilities causes First need to understand the includefunction and the requirefunction, they will be included in any format of the file to php form execution. The two function basically the same function, in addition only when the included file does not exist when it will...
Fast payment and some credit card functions whether there is a defect? Know Bank card number and Expiration Date can consumer-vulnerability warning-the black bar safety net
Someone once broke a credit card just know the card number and expiration date on the CAN in some of the website on any purchase, while various payment products such as tenpay, Alipay launched fast pay only need to provide Bank card number, ID number, name, and phone number can be opened fast...
Some banks take a number machine,9 0% of the pass to kill the admin backend of location-vulnerability warning-the black bar safety net
Remember that on a year to a row of the check-in card, unintentional click on the logo. Directly BUG stuck on.. Today to the Bank for something, take a number, waiting. It is the shift, few in the check-in staff. Helplessly wait-ing....... Bored on the occasion, will play under the take a number...
Vulnerability science: you of weak passwords seriously?-vulnerability warning-the black bar safety net
In today's many places in the user name and password as the authentication of the world, the password of importance you can think and Cicada for. The password is equivalent to entering the house of keys, when the others have one can enter your house keys, think about your safety, your belongings,...
Using QQ panel login authentication is not strictly+Arp sniffing to login within the network of the other QQ space,Weibo, etc free password-vulnerability warning-the black bar safety net
This can be said that there is no technical content,just saying an idea,first simple demo. 1. Open burp set up the browser proxy and then under the QQ panel, QQ space fast landing you can see the burp intercept,is the intercept of this segment of the RUL ! 2. Put this URL copy the following down ...
iPhone and then exposed security vulnerabilities: silent call-vulnerability warning-the black bar safety net
Security personnel recently discovered the iPhone in one of the latest vulnerabilities, the user can view the malicious information when automatically dialing the telephone, and is not user found. ! iPhone then exposed security vulnerabilities silently call Mobile device the phone number in often...
Amazing exposure Netcore routers exist back door, anyone can be a remote access-vulnerability warning-the black bar safety net
The Trend Micro researchers said yesterday at the official website shows, the Chinese manufacturers produce a series of routers contain a severe vulnerability, the hacker through the loopholes in monitoring user's Internet traffic. Router in China the Brand Name Netcore in foreign countries the...
OAuth authentication memory vulnerability caution a user identity hijacking-vulnerability warning-the black bar safety net
With OpenSSL, like OAuthOpen Authorizationas a widely used open-source third-party login authentication Protocol, this year also broke a security vulnerability. In the third session of the know the security Forum, from Sina Weibo of the blue di snowball shows Sina as early as year 3 months...
Community Health data leak suspected of the use of the Heartbleed vulnerability-a vulnerability warning-the black bar safety net
When the Heartbleed OpenSSL vulnerability in 4 months is discovered, the security community many experts are warning that the vulnerability could be used to expose sensitive data, although at the time also there is no evidence that attackers are actively using Heartbleed vulnerability. And now, a...
Researchers to 9 2% The success rate of hijacking the Gmail application-vulnerability warning-the black bar safety net
You from a third party site to download a Wallpaper application, it does not require any permissions, so you figure it won't be the malicious applications. But the University of California, Riverside researchers published a study PDF that does not require any permission the app can also steal you...
Android LaunchAnyWhere (Google Bug 7 6 9 9 0 4 8)vulnerability explanation and Defense measures-vulnerability warning-the black bar safety net
Start Recently, Google repair a component of the security vulnerability LaunchAnyWhere Google Bug 7 6 9 9 0 4 8 in. This vulnerability belongs to the Intend Based extraction vulnerability, an attacker exploit this vulnerability, you can break the Inter-application permission isolation, reach to...
Millet mobile phone MIUI remote code execution vulnerability analysis-vulnerability warning-the black bar safety net
Author: song Shen lei Reproduced please indicate the source http://blogs.360.cn/360mobile/2014/08/25/miui-rce-vul/ 7 on I in the study of the webview vulnerability when the specially picked millet phone MIUI tested,found a very obvious security vulnerability. Through the vulnerability can remotel...
Trend Micro found the PayPal Android vulnerability-vulnerability warning-the black bar safety net
Recently, Trend Micro discovered the PayPal Android app has two vulnerabilities that may be attacker to conduct phishing(Phishing attacks to steal Alipay authentication information. The first vulnerability: an output component Activity Android app has several important components, one of which is...
TP-Link IP cameras multiple vulnerabilities detailed analysis-vulnerability warning-the black bar safety net
Vulnerability description: In the TP-LinkTL-SC3171 IP Cameras Network Camera version of the LM. 1. 6. 18P12sign5 of the firmware found on the multiple vulnerabilities, these vulnerabilities allow an attacker to do the following things: 1: The CVE-2 0 1 3-2 5 7 8 file /cgi-bin/admin/servetest...
DISCUZ EDITPOST file SQL injection vulnerability-vulnerability warning-the black bar safety net
Affected system: Discuz! Discuz! 7. x Discuz! Discuz! 6. x Discuz! Discuz! 5. x Not affected system: Discuz! Discuz! 7. x Description: -------------------------------------------------------------------------------- Discuz! Is with PHP the development of Internet forum software. Discuz! 5. x, 6...
Hack for adobe flash vulnerability patch-vulnerability warning-the black bar safety net
Adobe for widely-used Adobe Reader and Acrobat software releases critical security update, blocked a dangerous Flash Player vulnerabilities, and corrected in the software of 2 0 a defect. Attackers are actively to the Flash Player vulnerability is the object of the attack, Adobe warns. Researcher...
iPhone vulnerability allows the phone to automatically dial expensive toll-vulnerability warning-the black bar safety net
Developer Andrei Neculaesei,found that although Safari will ask the user whether to make a call, but like Facebook Messenger and Google+, etc. most big name applications are not and the user to confirm whether to dial the telephone, but simply go ahead and make the call. Andrei Neculaesei create ...
China railcom broadband ad delivery system there are serious security issues-vulnerability warning-the black bar safety net
Recent Iron through the malicious insertion of advertising to engage the balls, the complaint without door handle Pre-stage computer somehow random jump hao123 number one shop such as the address to engage I thought the computer poisoning. Recently it touches not jump regardless of login what the...
Discuz 5. x/6. x/7. x-poll SQL injection analysis-vulnerability warning-the black bar safety net
Look at the clouds someone proof this vulnerability: Feel should be the editpost. inc. php in the voting vulnerabilities. Because dz has been determined no longer to patch 7. x previous vulnerability, so directly attached to the details. The problem is in the editpost. inc. php 2 8 1 line of...
The theory of how to efficiently tap vulnerability-vulnerability warning-the black bar safety net
Now just a Web front end with lots of attack techniques. While the majority of the attack techniques are based on the"client"exists. But very few people noticed, so it is with this article. Want to go find a new attack technique, many people are studying the codeincluding me for a start. From the...
WordPress plug-in MailPoet memory vulnerabilities or cause the website to be black-and-vulnerability warning-the black bar safety net
7 in early May, according to security company Sucuri research report, downloaded over 1 7 0 million WordPress plug-in MailPoet was traced to the presence of security risks, may result in the site more likely to be a hacker hijacked, according to its indicates, is black the website is still growin...
Trend OfficeScan Product Series vulnerability analysis-vulnerability warning-the black bar safety net
Officethe Scan is Trend Micro developed a set designed for a network environment of a desktop computer and actions a user end provides instant and comprehensive anti-virus solution. Security company Silent Signal to one researcher in early through the analysis of the OSCE 10.6 sp1, can be found...
IBM Dell and other server management system to save significant vulnerability-vulnerability warning-the black bar safety net
Previously a security researcher found that IBM, Dell and other brands of some products the presence of the vulnerability, the vulnerability could theoretically be used by hackers to get on victims of the user equipment system of control. IBM has for the vulnerability is released the relevant...
Financial news proof traversal directory vulnerability-vulnerability warning-the black bar safety net
Financial news proof traversal directory vulnerability ! wKiom1PnW8rT5UkAAAKHjvA7auE866.jpg...
A number of courier company website was traced to memory vulnerability hack 2 0 seconds to crack the database-vulnerability warning-the black bar safety net
“The birth of a child, to buy milk SMS; bought a house, the decoration of SMS is endless; buy a new car, the insurance company of the SMS is overwhelming.” Yesterday, CCTV exposure together with violations of the privacy of others the information security of the case, adding that these spam...
Fckeditor Common Vulnerability of the excavation with the use of a finishing summary-vulnerability warning-the black bar safety net
View Editor Version FCKeditor/whatsnew.html ------------------------------------------------------------- 2. Version 2.2 version Apache+linux environments in the upload files back plus a. Breakthrough! Test passed. ------------------------------------------------------------- 3. Version =2.4.2 Fo...
1 1 5 the network disk by fishing performing XSS-vulnerability warning-the black bar safety net
The first step to construct the seed, the modified seed inside the name and resource name, insert: "scriptalert/xss/;/script ! Then on the 1 1 5 the network disk, offline download. The pop-up select the download resources window, while pop-upxsswindow. !...
The IE vulnerability is a doubling of Flash Player easy to be attack-vulnerability warning-the black bar safety net
Recently, foreign security vendor Bromium released a 2 0 1 4 annual security report, in 2 0 1 3 to 2 0 1 4 during the year, IE browser vulnerabilities to the large number doubled. At the same time, the report also analyzed the cybercriminals most commonly used vulnerabilities to attack the...
VirtualBox 3D acceleration of virtual machine escape vulnerabilities in the advanced use-vulnerability warning-the black bar safety net
In the previous blog, we share a affect the Xen hypervisor client-to-host guest-to-host escape vulnerability the use of technology. In this new blog article we will focus on another VM escape vulnerability, VirtualBox the. A few months ago, our core security friends released a about the impact of...
Buffer overflow attacks the beginners manual-vulnerability warning-the black bar safety net
! A buffer overflow occurs in the user input related to the buffer zone, in the General case, this has turned into a modern computer and network aspects of the biggest security risks. This is because in the program on the basis it is prone to this problem, but it is for the unaware or unable to g...
Android new attack: Google Voice Search attack-vulnerability warning-the black bar safety net
Chinese University of Hong Kong researchers in the Preprint posted on the website of paper PDF, describes a novel permission to bypass attack method: Google Voice Search attack. An attacker can leverage a zero-permissions Android app VoicEmployer, front activationoperating system built-in voice...