Cloud Security

School recruitment test to easily get full marks (involving three large Internet manufacturers) The last time I submitted a server code network vulnerability, the vulnerability was handled by a small vendor, and no one answered the question

Wasu digital TV Management System WebService query interface Injection Wasu digital TV Management System WebService query interface there are two injection exposed about 100,000 informationDetailed description: Http: // 218.108.234.212/DtvWebService.

Cacti host_new_graphs_save function SQL Injection Vulnerability (CVE-2015-8377)Cacti host_new_graphs_save function SQL Injection Vulnerability (CVE-2015-8377) Release date:Updated on:Affected Systems: Cacti Cacti Description: CVE (CAN) ID: CVE-2015

Foxit Reader/PhantomPDF post-release Reuse Vulnerability (CVE-2015-8580)Foxit Reader/PhantomPDF post-release Reuse Vulnerability (CVE-2015-8580) Release date:Updated on:Affected Systems: Foxit Reader Foxit Phantom PDF Description: CVE (CAN)

Isc bind Denial of Service Vulnerability (CVE-2015-8000)Isc bind Denial of Service Vulnerability (CVE-2015-8000) Release date:Updated on:Affected Systems: Isc bind 9. x-9.9.8-P2Isc bind 9.10.x-9.10.3-P2 Description: CVE (CAN) ID:

Ao you browser Command Execution Vulnerability (privileged domain xss) Ao you browser has a defect in its design. It has a privileged domain XSS, which can be used with APIs for command execution.Detailed description: Keep up with Daniel and dig

Thoughts on vulnerabilities caused by a Python command 0x00 cause Recently, when testing a project, you have no intention of discovering that you can directly run a Python command on the client machine to execute the Python script on the server.

Microsoft Windows FastFAT. sys FAT partition Denial Of Service Vulnerability Reproduction Do you still remember the MS14-063 FAT32 driver kernel Overflow Vulnerability last year? The sequent is coming out today, but this time it is in the FAT12

Elevation of Privilege in WindowsImagine this: You got a Meterpreter session on a machine, and you are ready to rungetsystemCommand, but if the request fails, are you ready to admit it? Only a coward can admit defeat. But you are not, are you? You

Bounce proxy penetrating the Intranet The roommate has gone out for an internship and has to choose a course again. The school's educational administration system does not seem to be accessible from the Internet, so we will consider providing them

What cool and cute girls are there in the security circle? (Part II) They are from the north and south of the sky, and their experiences are different. They have different personalities, such as xueba, man, tease ratio, and goddess. They are active

Analysis of Drag and Drop security policies in IE sandbox 0x00 Preface Internet Explorer sandbox escape is an important topic in Internet Explorer security research. One type of vulnerability uses the defects of the white list program in

Malicious behavior of porn virus Phantom Killer and analysis of black product interest chain 0x00 Overview Recently, the Alibaba mobile security team found that a large number of pornographic viruses have begun to flood in some forums or

How Android Trojans steal users' mobile banking Mobile banking is a very convenient way for users to complete transactions anytime and anywhere. KPMG predicts that mobile banking users will grow to 2019 in 0.18 billion. However, as the amount of

Weak passwords in multiple sets of mailboxes on CCTV cause leakage of sensitive information such as internal contact information and organizational structure of enterprises. Weak passwords in multiple sets of mailboxes on CCTV cause leakage of

Misuse Accessibility service to automatically install applications 0x00 malicious application Overview In recent years, many android markets have implemented root-free installation applications, that is, the download is completed and automatically

One web site SQL Injection The donkey meat at the door of the apartment tastes good, so I don't want to askDetailed description: Proof of vulnerability: An error is prompted when there are few single quotes: Normal injection returns normal: POST

CI tools weekly course Day 5: defense measures and others Welcome to the fifth day of the CI tool's one-week tutorial. We will discuss the security of CI tools in this series of tutorials.Day 1-Jenkins (and Hudson)Day 2-TeamCityDay 3-Go and

The Wanda hotel and resort APP has SQL injection (including more than six thousand hotel user data) SQL Injection for Wanda Group appsDetailed description: Target: Wanda Group-Wanda hotel and resort APPCheck that SQL Injection exists in the

Futures security-SQL Injection for a futures system in meiya Detailed description: 1. OA is the yonyou NC-IUFO Report System  2. Blind injection of post Data  Code Region