Cloud Security

Phpwind goto. php open Redirection Vulnerability (CVE-2015-4134)Phpwind goto. php open Redirection Vulnerability (CVE-2015-4134) Release date:Updated on:Affected Systems: PHPWind 8.7 Description: CVE (CAN) ID: CVE-2015-4134PHPWind is a popular

Memory corruption vulnerability in multiple Foxit ProductsMemory corruption vulnerability in multiple Foxit Products Release date:Updated on:Affected Systems: Foxit Reader 7.xFoxit Phantom PDF 7.x Description: Foxit Reader is a small PDF

IIS latest high risk vulnerability (CVE-2015-1635, MS15-034) POC and Online Detection source code HTTP. sys Remote Code Execution Vulnerability (CVE-2015-1635, MS15-034)The remote code execution vulnerability exists in the HTTP protocol stack (HTTP.

Dongle Local Privilege Escalation Vulnerability Local permission escalation Also caused by upgrades1. Place the exeaddresses of accounts in the directory of the dongle Upgrade Center and replace them with update.exe.  2. Open dongle and prompt

Vulnerability tracking: Flash serious vulnerability (CVE-2015-0311) detailed technical analysisYou have a good time with the Flash 0-day vulnerability last week. You need to know why, and sit down and see the cause of this vulnerability when you are

WordPress Cart66 Lite plug-in Security Restriction Bypass and SQL Injection Vulnerability Release date:Updated on: Affected Systems:WordPress Cart66 Lite 1.5.3Description:Cart66 Lite plug-in WordPress's e-shopping cart plug-in. WordPress Cart66

APK signature verification Bypass0x01 Android signature mechanism Rename the APK as a zip file and you will see a folder with a META-INF named MANIFEST. MF, CERT. SF and CERT. RSA, which uses signapk. the signature file generated by jar. 1. MANIFEST.

Terrible! Hackers can also steal your data by disconnecting the network cable. Once a computer is infected with viruses or Trojans, most people first think of "disconnecting the network cable first" to avoid the theft of confidential data through

GNU Wget symbolic link Vulnerability (CVE-2014-4877) Release date:Updated on: Affected Systems:GNU wgetDescription:Bugtraq id: 70751CVE (CAN) ID: CVE-2014-4877 GNU Wget is a free software package used to retrieve files using HTTP, HTTPS, and FTP

Oracle urgently fixes Bash vulnerabilities, and more than 40 products are still waiting in line The Shellshock vulnerability was initially estimated to have affected dozens of Oracle products. However, the patches released by Oracle only cover a few

Deconstruct APT: the emergence of advanced persistent threats Like many acronyms in the IT, information, and network security industries, the term APT (advanced persistent threat) is becoming widely known. Like new concepts, it and its sibling word

How to configure Windows server to cope with high concurrency and DDOS attacksWindows systems have many mechanisms to improve performance and security, many of which can be used to cope with high-concurrency requests and DDOS attacks. The following

Five steps for improving Authentication Vulnerability Scanning You cannot protect things you don't know. Although this is not an ITSecurityDomain mantra, but when you look for it from the perspective of "trusted" UsersSecurityVulnerabilitiesOr, in

"Pdf file": Trojan Horse also uses cloud Technology Recently, when downloading a PDF file, we found a simple malicious Downloader (a virus type ). Unlike other malicious loaders, this malware adds PE Loader to its binary.Is the zombie online? Once

The path to confrontation between vulnerability exploitation and Kaspersky0x00 Thank you I am particularly grateful to all of you for your support for your work this year. If you do not have any suggestions, you can only write some articles to make

Seven key tools for encryption/decryption and password-protected files in Linux (1) Encryption refers to the process of encoding a file, so that only authorized persons can access the file. Before the advent of computers, humans began to use

Cross-Site Request Forgery (CSRF) is caused by Multiple Functional design defects in the whole site of the site. The private message function can be used to affect more than 300 users) Cross-Site Request Forgery (CSRF) is caused by Multiple

KPPW Latest Version SQL injection vulnerability 3 (SQL injection and unauthorized operations) KPPW Latest Version SQL injection vulnerability 3 (SQL injection and unauthorized operations), with a script First, SQL

Web security practices (9) attack apache The vulnerabilities provided this time have been accumulated at ordinary times, but I have only a few actual vulnerabilities, with limited time and energy. I hope you can provide and discuss more technical

If a website management system has missing permissions, you can directly use getshell to obtain/change the management password. A website management system has missing permissions. You can use or change the management password to directly use