Cloud Security

Analysis of Different Types of DTD/XXE attacks     When evaluating the security of XML-based services, you cannot forget the DTD-based attacks, such as XML external entity injection attacks (XXE ). In this article, we will provide a comprehensive

OS X Update fixes the JavaScript link vulnerability in iMessage. At the end of last month, Apple fixed a major security vulnerability in iMessage. However, during the same round of software updates at that time, they also fixed another potential

Reuse Remote Code Execution Vulnerability after Foxit Reader revision code is releasedReuse Remote Code Execution Vulnerability after Foxit Reader revision code is released Release date:Updated on:Affected Systems: Foxit Reader Foxit Phantom PDF

Google Chrome Security Restriction Bypass Vulnerability (CVE-2016-1629)Google Chrome Security Restriction Bypass Vulnerability (CVE-2016-1629) Release date:Updated on:Affected Systems: Google Chrome Description: CVE (CAN) ID:

Detect Android simulators using the specific system value of the cache0x00 Currently, Android simulators are detected based on specific system values. For example, getDeviceId (), getLine1Number (), and a series of values recorded by the android.

Privilege Escalation using the Use-After-Free (UAF) vulnerability in the Linux Kernel Last month, the CVE-2016-0728 Local Elevation of Privilege Vulnerability let everyone's eyes again focused on Linux kernel security. Like CVE-2015-3636, CVE-2015-73

How to Set User Permissions to access shared folders and configure local area network users to access Shared FilesCurrently, many organizations have their own file servers, and shared files are often set up for access by LAN users. Because shared

Patch does not work: Mac platform security vulnerabilities still exist Synack, a security research organization, revealed in a report in May that the keeper in the Mac platform has a serious system vulnerability that they can exploit to bypass the

Proface GP-Pro EX cross-border read information leakage VulnerabilityProface GP-Pro EX cross-border read information leakage Vulnerability Release date:Updated on:Affected Systems: Proface GP-Pro EX Description: Proface GP-Pro EX is a

Google Chrome MIDI Subsystem Application Crash Vulnerabilities (CVE-2015-6792) Affected Systems: Google Chrome Description: CVE (CAN) ID: CVE-2015-6792Google Chrome is a Web browser tool developed by Google.In versions earlier than Google

Explanation of anti-detection and removal techniques of recent js fraudsters 0x00 Preface Recently, many netizens have reported that hackers have been blackmailed (also known as the "Locky ransomware"), and files, images, and other important

Wireless burglar alarms have vulnerabilities that allow intruders to access the system. Security systems used by more than 0.2 million of households have an irreparable vulnerability, which allows tech-savvy thieves to release alerts hundreds of

Pocket shopping BMB management background logical defects involving more than 2 million vendors Note: add, delete, modify, and query operations involve 2.85 million merchants.Http://bomeibian.koudai.com/j_spring_security_checkThere is no

Sina Integrated Management backend has high-risk design defects and can obtain management permissions (permission control required) RTThe permission of the sensitive word library. Why did weibo spread the advertisement? Source:Http://admin.iask.sina.

SQL Injection exists in the official APP of Shanda game (injection parameter v/type, Boolean blind injection) SQL Injection for APP security Target: Shanda game assistant Butler APPSQL Injection exists in the following areas: (injection parameter

Online shopping security: Home of Maternal and Child mobile APP involving hundreds of thousands of user ID card information Review. Isn't it on the wall yet? 1. The Code is as follows:  POST http://app.api.muyingzhijia.com/v1/GetUserIdentity HTTP/1.1

Introduction to intranet penetration using NetBIOS protocol name resolution and WPAD0x00 Preface The WPAD technology has been born for nearly ten years. Its biggest advantage lies in that in one or more LAN, when you need to set different proxy

Iot security: multiple security vulnerabilities in LED lights Recently, a foreign security expert found that Zengge's Wi-Fi LED lamp has multiple security vulnerabilities. ZENGGE is a high-tech company integrating LED Controller Product R & D,

HID Advanced Attack posture: How to Use PowerShell scripts to steal files     0 × 01 Introduction After the mid-term exam, I had to steal the answer again. I found that the method of remote download and run exe is not very good and it is easy to

BLUTO: DNS detection + domain name guessing + email Enumeration     BLUTO is an information detection and cracking tool that provides DNS detection, brute force cracking, DNS domain transfer, and email enumeration. DNS information and domain