Cloud Security

One week PowerShell script Day 2: UDP interactive PowerShell script Welcome to the second day of the week's PowerShell script. Today I will introduce the interactive PowerShell script using UDP. I like UDP, because many security teams and vendors

Getshell + two SQL injections at the front-end of the p2p online lending system (ignore any defense and no logon required) The demo has a dongle.Looking at the official website descriptions, it is still quite cool.Http://www.shangdaixitong.com/index.

HP Asset Manager local information leakage (CVE-2015-5448)HP Asset Manager local information leakage (CVE-2015-5448) Release date:Updated on:Affected Systems: HP AssetManager 9.50-9.50.11925 P3HP AssetManager 9.41-9.41.11103 P4-rev1HP AssetManager

Cisco ios xe Network Address Translation Denial of Service Vulnerability (CVE-2015-6282)Cisco ios xe Network Address Translation Denial of Service Vulnerability (CVE-2015-6282) Release date:Updated on:Affected Systems: Cisco IOS XE Description:

Wordpress XSS Vulnerability (CVE-2015-3438)Wordpress XSS Vulnerability (CVE-2015-3438) Release date:Updated on:Affected Systems: WordPress Description: CVE (CAN) ID: CVE-2015-3438WordPress is a blog platform developed in PHP.Previous versions

In the face of the most serious vulnerabilities in history, Google has taken new measures against Android, ...... A few days ago, the network security organization Zimperium found a Stagefright vulnerability on the Android system. It is the most

Red Hat Linux fixes vulnerabilities in the "libuser" Library Red Hat has fixed two vulnerabilities in the "libuser" library, which can be exploited by a local attacker to escalate permissions to the root user. The libuser Library provides an

WPAD-based man-in-the-middle attack 0x00 Preface Windows Name Parsing Mechanism Research and defect utilization (http://www.bkjia.com/Article/201512/452217.html) is very inspired, so the actual use of further research, found that WPAD-based

From the "Korean Express" Payment virus: SMS Trojans started to attack South Korea OX00 Preface Recently, it was found that the virus disguised as a well-known Korean software-"Korean express delivery" after a second package. It is analyzed that the

Play with the hash and plaintext password of Win 10     Windows 10 has been released for a period of time. The increasing installation volume and the frequent adoption of messages by more and more enterprises are a great situation. It is estimated

Breaking the rumor that MySQL has no file Permission to read root hash I set up a win2003 Virtual Machine and installed wampserver. To avoid disputes like "whether or not it is related to MySQL account Permissions,In the test, MySQL uses the root

More than 1000 weak passwords of the O & M system of China tower company leak a large number of base stations, O & M monitoring, data centers, maintenance teams, contracts, and other information throughout the country. Too many weak passwords.Find

Who moved my camera Toshiba SD memory card (Nissan) has a logic vulnerability that can be attacked Who moved my camera-Toshiba SD memory card (Nissan) has a logic vulnerability that can be attackedToday, the national shame day went to the mourning

The logon page of Nanning financial assets trading center has SQL injection to obtain user data. Nanning financial assets trading center, a financial assets trading center with a well-known ZF background, has SQL Injection on the logon page to

Webshell detection-Log Analysis It is always believed that the final meaning of log analysis is evidence collection and prediction-a complete story of ongoing, ongoing, and future attacks (when. where. who. what happened. why ).This article explains

Web server cluster Construction I. Requirement Analysis:1. overall requirement: Build a highly available website server cluster that can withstand high-concurrency requests and defend against general network attacks. The return of any server does

XSS Cross-Site Scripting in Web Security In this article, XSS (Cross-Site Scripting), one of the common web attack methods, is used to explain the attack principles and propose corresponding solutions.XSS XSS attack, full name:"Cross-Site

Download arbitrary files from a site in Opera (intranet root) GET //../../../../../../../../proc/net/tcp HTTP/1.1Host: snow.opera.comConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_0 like Mac OS X)

36kr user information leakage: contact information of all investors/founders + stored XSS When I met an investor in the morning, he said, "Let me remember your team in 10 seconds." I gave him a slap when I thought about it. While he was still

Obtain Juniper Netscreen webshells in batches using Censys Censys is a new search engine used to search information about networked devices. Security Experts can use it to evaluate the security of their solutions, hackers can use it as a powerful