Cloud Security

Honeywell 93gas Detector Path Traversal Vulnerability (CVE-2015-7907)Honeywell 93gas Detector Path Traversal Vulnerability (CVE-2015-7907) Release date:Updated on:Affected Systems: Honeywell Midas gas detectors Honeywell Midas Black gas detectors

Dual-game design flaws: Listening to encrypted channel calls Read the sub-ID information and modify the local data to listen for encrypted channel calls.Detailed description:   The sub-channel ID is obtained successfully. In the encryption

Analysis of privilege escalation vulnerability using F5 ICall script (CVE-2015-3628) Earlier this year, GDS found a vulnerability in F5 BIG-IP LTM that allows restricted users to access the system for extraction and remote command execution after

Apache WSS4J Information Leakage Vulnerability (CVE-2015-0226)Apache WSS4J Information Leakage Vulnerability (CVE-2015-0226) Release date:Updated on:Affected Systems: Apache Group WSS4J Apache Group WSS4J Description: Bugtraq id: 72553CVE

Apple Xcode Swift Vulnerability (CVE-2015-7030)Apple Xcode Swift Vulnerability (CVE-2015-7030) Release date:Updated on:Affected Systems: Apple XCode Description: CVE (CAN) ID: CVE-2015-7030Xcode is a development tool used on Apple machines.In

Common techniques for attacking Web ApplicationsTarget: servers and clients that use HTTP protocol, and Web applications running on servers. Attack base: HTTP is a common protocol mechanism. In Web applications, all the content of the HTTP request

How ADS can cure DDoS attacks According to the 2015 H1 Green Alliance technology DDoS Threat Report, today's large-volume network attacks are gradually showing a growth trend. The recent launch of hammer technology and the failure of Apple's

Use the intruded vro to enter the Intranet   Last year, we started to use vrouters to penetrate the destination intranet. Before seeing wooyun, there was an article about translation of foreigners about routertraffic hijacking. The use conditions

Explanation of the MIPS architecture Linux trojan for vromips Most Windows operating systems are installed on PCs of individual users, while Linux systems are widely used on servers. Therefore, Linux systems have fewer Trojans than Windows systems.

Reverse BASICS (13) JAVA (3)In the simple example of the 54.13 array 54.13.1, we first create an array with an integer of 10 and initialize it. public static void main(String[] args){ int a[]=new int[10]; for (int i=0; i  Public static void

A weak password \ SQL injection vulnerability in a website in Digital China Getshell RT: Just stroll around to see if there are any vulnerabilities. Vulnerability URL: http://dckf.digitalchina.comFirst of all, I saw a great God used truncation to

China Eastern Airlines Co., Ltd. leaked the user information of the whole site member (birthday/name/mobile phone number/email) It is feasible to give a high rank 1. I was very happy to register a member (East China miles) and found that my personal

Getshell is caused by a security vulnerability in China Netcom's value-added domain name business management platform. China Netcom's value-added Domain Name Service Management Platform has security vulnerabilities that can cause Getshell, view

A large number of account passwords leaked by Sinochem corporation in China Launch the first shot to a normal white hat. The China Sinochem Corporation's email system is open to the Internet. It does not impose restrictions on User Login errors or

SQL Injection exists in the Online Order System of a pharmaceutical company ~ Spread out your palmLet me see youMysterious and mysterious secretsCheck if I have you.Spread out your palmHold my loveNot so hardThis will shake my heartAlso cut your

Tuba rabbit official website any password reset Rt, no packet capture, no package change ......Detailed description: Tuba rabbit has a substation called 'Design copy ', http://www.shejiben.com You can see on the official website that, It shares a

Lianhui tongbao system SQL injection (involving 4000 merchants/business licenses/ID cards/bank cards/verification codes and other information) Detailed description: The manufacturer is lianhui tongbao.InjectionHttp://mpos.unionpay.so:

Webshell Security Detection 0x00 traffic-based detection 1. Overview I have been paying attention to the security analysis of webshell, And I will share my experiences in this period of time. Webshell generally has three detection methods:The

Leakage of 616 WeChat official accounts/Express connect (account/password/email/phone/ID card/operation status) Public Account Account Source: 360 dizzy disk shared drops accidentally seen http://c2.yunpan.360.cn/docviewer/excelviewer?nid=14391836926

Server template injection: remote code execution on modern WEB 0x01 development ExploitMany template engines attempt to limit the ability of the template program to execute arbitrary code to prevent the Application Layer logic from attacking the