Cloud Security

Google Chrome information leakage (CVE-2014-7909) Release date:Updated on: Affected Systems:Google Chrome Description:Bugtraq id: 71167CVE (CAN) ID: CVE-2014-7909 Google Chrome is a Web browser tool developed by Google. Chrome versions earlier than 3

Apache HTTP Server 'luaauthzprovider' authorization Bypass Vulnerability Release date:Updated on: 2014-12-01 Affected Systems:Apache Group Apache HTTP ServerDescription:Bugtraq id: 71353 Apache HTTP Server is an open-source Web Server of the Apache

IIS4 \ IIS5 CGI Environment block forgery 0 day IIS4 \ IIS5 CGI Environment block forgery 0 day   It was found that the current 0-day was around 14 years ago. It is an IIS4 \ IIS5 vulnerability. The corresponding operating systems are winnt and win20

Node. js dns-sync Arbitrary Command Execution Vulnerability Release date:Updated on: Affected Systems:Nodejs dns-sync Nodejs dns-syncDescription:Bugtraq id: 71054 Node. js is a platform built on the Chrome JavaScript runtime environment for

FFmpeg and Libav cross-border Denial of Service Vulnerability (CVE-2014-8548) Release date: 2014-3 3Updated on: Affected Systems:FFmpeg FFmpegDescription:Bugtraq id: 70888CVE (CAN) ID: CVE-2014-8548 FFmpeg is a free software that allows you to

EMC Avamar cryptographic Vulnerability (CVE-2014-4623) Release date:Updated on: Affected Systems:EMC Avamar 6.xDescription:Bugtraq id: 70732CVE (CAN) ID: CVE-2014-4623 EMC Avamar is a remote backup and recovery solution. EMC Avamar Data Store

Xen vulnerability exposure (CVE2014-7188) Xen is one of the large-scale deployment virtualization solutions. This round of * EMBARGO * exposes a total of five vulnerabilities, the last of which was disclosed on the evening of January 1, October 1, 20

The latest Basic Bash vulnerability repair solution Bash broke the remote parsing Command Execution Vulnerability (CVE-2014-6271), spread to the major Linux distributions and MacOSX system. Attackers can remotely execute arbitrary commands in

WiFi traffic hijacking-any page can be poisoned!Everyone knows that Wi-Fi in public places is very poor, but it is not clear how poor it is. Most people think that it will be okay if they do not go to QQ or log on to the website account. There

Text virus (new virus theory) In the past, when talking about viruses, we had to distinguish between text and executable files. In theory, viruses are program code, so only executable files can be infected, images and other data files cannot be

How to fully control sessions? Check WebSocket cross-site hijacking (1) WebSockets is an HTML5 feature that provides full-duplex channels for a single TCP connection. Its persistent connection function makes it possible to build real-time

Netease mail XSS vulnerability on mobile phones (affects emails such as 163 and 126) Well, according to the previous brain hole, I tried again and found that both 163 and 126 had it ~ Change the recipient's name to   Then, when I checked the

Best 10 methods for implementing URL filtering URL filtering is a filter that allows or prevents users from accessing a specific website. This method has become a basic method on the enterprise network. Its goal is to prevent employees from

Code audit: Rice CMS Injection0x01 Preface I just learned how to audit a few cms practitioners ....  1) Injection 1. Drilling prelude After Damicms is set up locally, modify cms \ dami \ Core \ Lib \ Think \ Db. class. php and process the sq

SQL injection vulnerability on the nationwide fitness network platform The SQL injection vulnerability on the nationwide fitness network platform allows you to obtain a large amount of personal information.  Decompile Android app code  See a urlI

One sentence for the php we chased in those years: Analysis Principle One sentence for php that we chased in those years I. evalEval usage:The eval () function calculates the string according to the PHP code.The string must be a valid PHP code and

The MyBB unset_globals () function is bypassed, causing remote code execution and analysis. Yesterday, we saw a remote code execution vulnerability in exploit-db. The analysis was very detailed. Unfortunately, it was written in English. Here is a

CuuMall latest SQL Injection CuuMall latest SQL Injection It seems that the CuuMall official website file has been changed or is itself a bug. If you don't talk about it, check the Code directly.  DetailsAction. class. php (282-313) public function

58 local storage-type XSS (loading JS with 25 characters) + posts with any mobile phone number deleted and repaired Without saying this, I spent all my energy on the primary domain. In addition, I would like to thank parsec for your thoughts and

Cmseasy SQL injection vulnerability 3 and repair Injection ..When posting an article in bbs, the $ _ POST data is directly brought into the concatenated SQL function, resulting in injection. /Bbs/add-archive.php 30 rows  if($id = $archive->inserData(