Cloud Security

Sogou Input Method remote code execution can maliciously hijack user input The sogou input method is used for remote code execution. All the content entered by the user, including the password, can be viewed at a glance. The latest version of sogou

EllisLab ExpressionEngine Core Multiple SQL Injection Vulnerabilities (CVE-2014-5387) Release date:Updated on: Affected Systems:EllisLab ExpressionEngine Core EllisLab ExpressionEngine CoreDescription:Bugtraq id: 70875CVE (CAN) ID:

Cisco Intrusion Prevention System Denial of Service Vulnerability (CVE-2014-3402) Release date: 2014-10-07Updated on: 2014-10-09 Affected Systems:Cisco IPSDescription:Bugtraq id: 70278CVE (CAN) ID: CVE-2014-3402 Cisco Intrusion Prevention System

Cisco IOS IKEv2 replay security measure Bypass Vulnerability Release date:Updated on: Affected Systems:Cisco IOSDescription:--------------------------------------------------------------------------------Bugtraq id: 63426CVE (CAN) ID:

CURL/libcURL SSL certificate verification Security Restriction Bypass Vulnerability Release date:Updated on: Affected Systems:CURLDescription:--------------------------------------------------------------------------------Bugtraq id: 66296CVE (CAN)

Websense multiple product Settings module credential leakage Vulnerability Release date:Updated on: Affected Systems:Websense Web Filter 7.xWebsense Web Security Gateway 7.xDescription:-----------------------------------------------------------------

IBM Lotus Sametime configures a small service program to verify Security Vulnerabilities Release date: 2011-10-31Updated on: 2011-10-31 Affected Systems:IBM Lotus Sametime 8.xIBM Lotus Sametime 7.xDescription:---------------------------------------

Tutorial on DNS spoofing-Cain on Windows Today, we will first introduce how to use the famous Cain tool in windows for DNS Spoof (that is, DNS Spoofing). This tutorial is mainly intended for new users. Therefore, each step is captured in detail, I

Misunderstandings about DDoS attacks DDoS attacks are on the rise, and experts are also trying to defeat them. Analysts predict that the global DDoS prevention market will grow by 2013 from 2018 to 19.6%. However, many people do not know how the

Detailed analysis of multiple TP-Link Network Camera VulnerabilitiesVulnerability description:Multiple vulnerabilities are found on the firmware of the TP-LinkTL-SC3171 IP Cameras Network Camera version LM.1.6.18P12 _ sign5, which allows attackers

Intranet penetration-domain penetration Basics1. Domain environment construction + recognition domain + experiment environment 1. Preface:I have always wanted to penetrate the domain, but unfortunately I have not met a good domain environment. I

Automatically compare and delete scripts after backing up Files Recently, the company is working on a data backup plan, so I have compiled two backup documents, "scp automatic copy script" and "rsync + inotify for real-time file synchronization

DocCms latest SQL injection (insert injection) DocCms latest SQL injection (insert injection) First, let's give a general idea about how this SQL statement is generated. We can see the WooYun: DocCms latest SQL injection vulnerability. It uses url

Discuz! Public Platform Plug-in patches bypass unauthorized deletion of databases Discuz! The public Platform Plug-in patches can bypass unauthorized database deletion and bypass Baidu cloud waf.  The previous vulnerability was published by getshell.

[Anti-spoofing art]: attacker art (2)There are a wide range of ways for social engineering attackers to attack. In the previous article, we talked about how attackers can use seemingly harmless information to gain the trust of the target. This

SQL Injection Vulnerability + Arbitrary File Download Vulnerability in N cyberspace office systems 1. Official Instructions are as follows: Http://www.isoffice.cn/Web/Index/WebDetail/customer0x01 Arbitrary File Download Vulnerability (No Logon

How to perform Web penetration testing Web penetration testing can be considered from the following aspects: 1. SQL Injection (SQL Injection) (1) how to test SQL injection? First, find the URL page with parameters passed, such as the search page,

Sensitive information in the Response Header of Web Application Security Text/Xuan Hun Directory Response Header. 1 for Web Application Security Preface... 1 1.1 sensitive header. 2 1.2 delete sensitive header. 2 1.2.1 Delete the server field... 2 1.

Security Test-cross-site scripting (xss) Cross-site scripting (XSS) is an important and common security vulnerability. XSS indicates malicious code input. If the program does not verify the input and output, the browser will be controlled by

Chapter 8 high-performance Server programming in Linux (high-performance server program framework)8. High-performance server program frameworkThe server is reconstructed into three main modules:IO processing unit. Four IO models and two efficient