Cloud Security

The GHOST vulnerability may affect WordPress and PHP applications. Last week, Glibc found a heap buffer overflow vulnerability called GHOST that can be remotely exploited. The vulnerability has been fixed by the upstream, however, some downstream

BusyBox Local Security Restriction Bypass Vulnerability (CVE-2014-9645) Release date:Updated on: Affected Systems:BusyBoxDescription:Bugtraq id: 72324CVE (CAN) ID: CVE-2014-9645 BusyBox is an executable implementation of many standard Linux tools.

Apache Qpid Security Restriction Bypass Vulnerability (CVE-2015-0223) Release date:Updated on: Affected Systems:Apache Group Qpid Description:Bugtraq id: 72319CVE (CAN) ID: CVE-2015-0223 Apache Qpid (Open Source AMQP Messaging) is a

SQL Server Stored Procedure Hacking (I) trusted Database SQL Server allows DBA (Database Administrator) to set up trusted databases. In short, a trusted database can access external resources, such as network sharing, email functions, and objects in

GNU glibc 'getanswer _ r () 'function infinite loop Denial of Service Vulnerability Release date:Updated on: Affected Systems:GNU glibc 2.xDescription:Bugtraq id: 71670 Glibc is the implementation of C libraries in most Linux operating systems.

X. Org X Server DoS Vulnerability Release date:Updated on: Affected Systems:X.org X11Description:Bugtraq id: 71597CVE (CAN) ID: CVE-2014-8091 X. Org Server is the official reference implementation of X Window System. It is an open-source free

An Android mobile phone can be captured by any application and its solution without the need of root Some Android applications have screenshot functions. However, the screenshot function requires the root permission. These applications cannot take

Android Broadcast Security0x00 Popular Science Broadcast Recevier is a component that focuses on receiving and processing Broadcast notifications. Many broadcasts originate from system code, such as notifying time zone changes, low battery, taking

Discover and exploit ntpd Vulnerabilities0x01 Introduction A few months ago, I decided to start doing fuzzing. I chose the Network Time Protocol (NTP) Reference to achieve ntpd as my first goal, because I have some background knowledge about NTP,

Testing the return of an asp Trojan Horse Backdoor A hacker posted a post on our blacklist forum a few days ago.Is sharing a no-kill asp TrojanHowever, I am often very sensitive to such Trojans, because I feel that such sharing is carried with

There is a weak password in a certain Suning border network device (which can overwrite the configuration file with the SSLVPN function) A vbr in Suning has a weak password (with SSLVPN configuration file), which may bypass the border firewall. Weak

Shopex csrf remove pants Arbitrary File delete file write shell Shopex csrf remove pants Arbitrary File delete file write shell All vulnerabilities are caused by a csrf. Let's take a look at them one by one:Install shopex in the latest version:  Ctl.

Jindi email system Remote Command Execution Jin Di @ email system is a distributed, large-capacity, high-availability email system developed by Jin Di software for many years. It adopts open technical architectures such as linux, xml, and java,

Getshell (intranet penetration allowed) caused by SQL Injection in a system of Shenzhen Airlines) Http://ecargo.shenzhenair.com: 23454/login. aspx First, the verification code has a vulnerability. The verification code is reused.After obtaining a

DESTOON foreground getshell   \ Module \ know \ answer. inc. php143-161 rows  Case 'raise ': // This function is used to update the number of rewards for "Know the function", because it is only allowed to increase the number of rewards twice by

Php cloud Talent System csrf improper protection can be paid Php cloud Talent System csrf improper protection can be paid Searched $ _ SESSION ['pytoken']One function has two calls.As follows: Function admin () {$ r = $ this-> obj->

Package General SQL injection vulnerabilities in a weaver System (Full Version)   Tested Website: http://gl.triolion.com/& http://oaf.yitoa.com: 6688/The version information is as follows:    Note: The following examples show that two SQL

One MySQL blind note (with python verification script) from a website of Samsung Group) A MySQL blind injection on a site of Samsung Group has a high speed of guessing and is attached with a python verification script. The injection point is located:

Simple exploration of XssIn the previous content, I introduced some basic XSS cross-site scripting concepts. I believe that you have some knowledge of cross-site scripting. Next, we will describe how to discover some simple XSS vulnerabilities.The

How to Prevent Web applications from storing sensitive data Michael Cobb is a well-known security writer who has more than 10 years of experience in the IT industry and has 16 years of experience in the financial industry. He is the founder and