heartbleed vulnerability

Recently, the security team detected that some Aliyun users exist MongoDB database unauthorized access vulnerabilities, vulnerabilities serious, easy to lead to database leaks. In order to ensure your business and application of security, please the vast number of users to repair the vulnerability as soon as possible.The specific issues are as follows: 1. Vulnerability Hazard When you turn on the MongoDB

When we use ASP to develop the file upload function, in order to prevent users to upload trojan, often limit the upload of some files, commonly used method is to determine whether the extension of the upload file is consistent with the rules, you can use the right string function to remove the file name of the uploaded files after four, so it is easy to judge, But there is a loophole in it, very dangerous, is Chr (0) loophole, details please continue to look down. First, explain what is Chr (0)

to get permission to download programs and run programs. Below I give an earlier vulnerability of IE browser to explain these two problems separately. 　⒈ Automatic Download program Tip: Code Description A. The attribute of "src" in the code is the network address of the program, in this case "Http://go163go.vicp.net/1.exe" is the Gray Pigeon Server installation program that I placed on my website, which allows the Web page to download the progr

In the Windows 2000/XP system, there is a loophole that is said to be "fatal", which makes many people talk about "Tiger" as soon as they hear it. Right-click Manage on my Computer, and then select System tools → shared folders → shares to see the default shares in the right window (see Figure 1). These symbols with dollar "$" tags are Windows system default sharing, which is a feature that Windows automatically shares after installation, which many people have heard is a

First, the principle of attack Cookies cheat mainly utilizes the current network some user management system to use the user login information to store in the Cookies the unsafe practice to attack, its attack method relative to the SQL injection loophole and so on the vulnerability to be "difficult" some, but still very "fool".We know that the average cookie-based user system stores at least two variables in cookies: username and userlevel, where user

Microsoft released the patch ms14-068 (critical) on November 19, 2014, which fixes Windows Kerberos's vulnerability to allow elevation of privilege (cve-2014-6324), as detailed below, please be aware. Software and systems that have been identified for successful use: Windows Server 2003 Windows Vista Windows Server 2008 Windows 7 Windows Server 2008 R2 Windows 8 and Windows 8.1 Windows Server and Windows Server R2 Server Core installation option

or all of the control of a host computer!Because such attacks make it possible for anyone to gain control of the host, it represents a very serious security threat. The reason why buffer overflow attacks become a common security attack is that buffer overflow vulnerabilities are too common and easy to implement. Furthermore, the buffer overflow is the primary means of a remote attack because the buffer overflow vulnerability gives the attacker everyt

Everyone knows a very remote Windows Design vulnerability: System Recovery control Center. With this platform, you can gain access to the Administrator and view any file on your hard disk. The most important thing is that it doesn't require you to provide any user name or password to use. The only thing you need to do to use this vulnerability is to have a Vista installation CD. Here are the detailed steps

This morning to see a QQ group of people sent a message that Nginx server and PHP combination has 0day vulnerabilities! is preparing to deploy the software, and the leak is coming. The specific way to reprint it! First reprint article Link Address: http://www.80sec.com/nginx-securit.html Nginx file type Error Resolution vulnerability Write by admin in not categorized at 2010-05-20 18:24:55 Vulnerability