Cloud Security

The "extremely destructive" Kerberos protocol vulnerability can cause the system to be completely controlled. Recently, security experts have discovered a "very destructive" vulnerability in Windows's Kerberos Authentication System. Last year, a

Xcode 7 Bitcode workflow and Security Evaluation With the release of Xcode 7, Apple added a new feature Bitcode for Xcode [1 ]:New features often mean new attack surfaces. This article first introduces Bitcode and Bitcode-related workflows. After

Yuantong express android client has severe design defects and can reset any User Password Android client of yuantong ExpressLatest Version3.2.2Reset any User PasswordDetailed description: 1. Target APP: yuantong express delivery android ClientLatest

2345 view tuwang's Remote Code Execution Vulnerability (with vulnerability POC) 2345 view the Remote Code Execution Vulnerability of tuwang.(Young man, I think you are surprised by the bones. This amazing photo is for you for free)Detailed

Hands-on implementation of code virtual machines 0x00 what is code Virtualization Virtualization actually I think it is to use a set of custom bytecode to replace the original native commands in the program, and the bytecode is interpreted and

Android display driver Memory Corruption Vulnerability (CVE-2015-6634)Android display driver Memory Corruption Vulnerability (CVE-2015-6634) Release date:Updated on:Affected Systems: Android Description: CVE (CAN) ID: CVE-2015-6634Android is

PowerDNS Authoritative Server Denial of Service Vulnerability (CVE-2015-5311)PowerDNS Authoritative Server Denial of Service Vulnerability (CVE-2015-5311) Release date:Updated on:Affected Systems: PowerDNS Authoritative Server 3.4.4-3.4.7

ESpace unified gateway Denial of Service Vulnerability (CVE-2015-8083) Release date:Updated on:Affected Systems: ESpace U1981 eSpace U1980 eSpace U1960 eSpace U1930 eSpace U1911 eSpace U1910 Description:

Remote intrusion into original passenger car (below) 0x01 complete exploitation chain So far, we have discussed many aspects to illustrate how to remotely exploit this jeep and similar models. So far, this information is sufficient for you to make

NodeJs backdoor program 0x00 Preface Start with the language to write a program that does not exist in the market.0x01 why NodeJs? I personally love the JavaScript language, and what we are talking about today is NodeJS, a branch of the JavaScript

Any mobile phone number registration and Password Reset No vulnerability exists in the vulnerability list. The first vulnerability is 20RANK. The phone Verification Code obtained for registration and password resetting is four digits, and there are

Guangxi Education and Training Network Arbitrary File Upload from getshell to intranet fall Guangxi Education and Training Network Arbitrary File Upload from getshell to intranet fallDetailed description: Http ://**.**.**.**/First, googleSite: **. **

A marketing system of China Telecom has excessive permissions to view a large number of users' winning information and Prize Code (such as adding and managing activities) More... RightDetailed description: **. **/Admin/index. jspAdd Activity

DESTOON V6.0 () Front-end does not need to log on to SQL Injection I watched it for one night. Fortunately,It involves algorithms (non-violent) and some SQL postures.For vulnerabilities submitted overnight, it may be a bit unclear about the

An unauthorized website of mavericks electric can obtain other administrator's plaintext passwords. The administrator password can be obtained from an unauthorized website of mavericks. This does not mean 20R is not enough.Detailed

The Hong Kong Airlines APP has the SQL Injection Vulnerability (which can span 32 databases) Aviation security-Hong Kong Airlines APP InjectionDetailed description: Objective: To launch the Hong Kong Airlines APPCheck that SQL Injection exists in

Mail.qq.com DOM XSS First, we found a getcontent http://mail.qq.com/cgi-bin/readtemplate?t=compose✓=false&getcontenturl=http://mail.qq.com/test View called

Android JSON data parsingSoftware and hardware environment Macbook Pro MGX 72 Android Studio 1.3.2 Genymotion Simulator Preface Today, few apps do not deal with servers. In lightweight communication, JSON (JavaScript Object Notation) and XML,

Analysis of SpyderSec challenge solving ideas   The challenge we are going to solve today is very interesting. It is called SpyderSec. We will build it on the VirtualBox Virtual Machine and open Nmap. After Nmap scans, it will only open port 80. In

The writeup of several "three white hats" Competitions Since the advent of the three white hats, I have received a few small competitions based on "Three white hats" and I have also made several questions. Writeup is not all a common problem. Here I