Cloud Security

Thoughts: dongle + 360 tips for adding a full set of accounts Cause: a group of people on a certain dayThen he took the wonderful job and never heard of him. There is a saying: "If you are not blind, don't use your ears to understand it !" , Or you

Multiple IBM DB2 product file leakage vulnerabilities (CVE-2015-1883)Multiple IBM DB2 product file leakage vulnerabilities (CVE-2015-1883) Release date:Updated on:Affected Systems: IBM DB2 9.8-FP5IBM DB2 9.7-FP10IBM DB2 10.5-FP5IBM DB2 10.1-FP5

Mozilla Firefox IndexedDatabaseManager (CVE-2015-2728)Mozilla Firefox IndexedDatabaseManager (CVE-2015-2728) Release date:Updated on:Affected Systems: Mozilla Firefox & lt; 39.0Mozilla Thunderbird Mozilla Firefox ESR Description: CVE (CAN) ID:

MIT krb5 Denial of Service Vulnerability (CVE-2014-5355)MIT krb5 Denial of Service Vulnerability (CVE-2014-5355) Release date:Updated on:Affected Systems: MIT Kerberos 5 Description: CVE (CAN) ID: CVE-2014-5355Kerberos is a widely used

OpenSSL PKCS7_dataDecode Function Denial of Service Vulnerability (CVE-2015-1790)OpenSSL PKCS7_dataDecode Function Denial of Service Vulnerability (CVE-2015-1790) Release date:Updated on:Affected Systems: OpenSSL Project OpenSSL 〈 0.9.8zgOpenSSL

WordPress Simple Photo Gallery plug-in 'index. php' SQL Injection VulnerabilityWordPress Simple Photo Gallery plug-in 'index. php' SQL Injection VulnerabilityRelease date:Updated on:Affected Systems: WordPress Simple Photo Gallery 1.7.8Description:

Authentication Bypass Vulnerability for multiple Panda Security ProductsAuthentication Bypass Vulnerability for multiple Panda Security Products Release date:Updated on:Affected Systems: Panda Security Description: Bugtraq id: 74156Panda

Processing experience after the server is hackedNot long ago, I read a hacker story (Master vs. blog server hacked). After reading this article, I realized that my machine is in a streaking state, then I checked the log on the server with great

Resin-startup script httpd. sh AnalysisAfter analyzing the tomcat startup scripts, we found that catalina. THE sh script has a problem in stopping, but the author has never found that the service cannot be stopped when using resin in the production

D-Link DSL-2740R Web Interface Remote Poisoning Vulnerability Release date:Updated on: Affected Systems:D-Link DSL-2740RDescription:Bugtraq id: 72339 The DSL-2740R is a wireless N300 ADSL2 + wireless router. D-Link DSL-2740R in the

GNU glibc gethostbyname Buffer Overflow Vulnerability The gethostbyname function of the GNU glibc standard library has a buffer overflow vulnerability. Vulnerability No.: CVE-2015-0235. For details, see here. Glibc is a C library that provides

Vulnerability exploitation in penetration testing1. Search for vulnerabilities in the target system In the previous article on penetration testing, this article describes how to collect information about the target system. Next, we will take any

How to detect NTP amplification Attack Vulnerability 0x00 Introduction NTP amplification attacks are actually DDoS attacks. Through the NTP server, a small request can be converted into a large response, which can direct to the victim's

Rhel replace CentOS yum source one-click installation script Most of the systems recently used are rhel, And the yum of rhel cannot be installed online. Therefore, a one-click installation script is written to support rhel5.x & rhel6.x, which is the

How to Use ClamAV to scan viruses? ClamAV Introduction Many viruses are not generated for Linux distributions. Because of this, most people who use such systems have never thought of using anti-virus software. However, some people do want to scan

Summary by overseas security researchers: various methods to maintain Trojans for a long time   In this post, I will dig deeper into several common methods to maintain Trojans. Simply using the local resources of the infected Windows system, you can

Video website security-first video a platform has high-risk logic design defects (directly affecting more than 200 million players) Penetration falls in love with auditingHigh-risk logic design defects, tearing back the background ~  Http://tg.g.v1

Samsung mobile phone Remote Code Execution Vulnerability Analysis SummaryRemote attackers can control network traffic, manipulate the keyboard update mechanism of Samsung mobile phones, and execute code using system user permissions on the target

Cross-Site Request Forgery (CSRF) due to multiple functional design defects in the entire site of huaban network (the private message function can be used to affect registered users of the whole site) Multiple Functional design defects in the entire

EYou email system email body storage type XSS2 (with eYouXSS impact proof attached) New things affect Chrome. During the XSS test, a serious HttpOnly COOKIE leakage was found, which allowed the email body-type XSS to obtain all the cookies of users