Cloud Security

Php OS Command Injection VulnerabilityPhp OS Command Injection Vulnerability Release date:Updated on:Affected Systems: PHP Description: Bugtraq id: 75290CVE (CAN) ID: CVE-2015-4642PHP is a widely used scripting language. It is especially

Sap abap & Java Server Denial of Service Vulnerability (CVE-2015-4158)Sap abap & Java Server Denial of Service Vulnerability (CVE-2015-4158) Release date:Updated on:Affected Systems: SAP ABAP Description: CVE (CAN) ID: CVE-2015-4158ABAP is a

Cisco ios xe Software DoS Vulnerability (CVE-2015-0710)Cisco ios xe Software DoS Vulnerability (CVE-2015-0710) Release date:Updated on:Affected Systems: Cisco IOS 15.5 S Description: Bugtraq id: 74386CVE (CAN) ID: CVE-2015-0710Cisco IOS is an

Note: any user password of the APP is modified The problem occurs when the common mobile phone verification code is cracked.   If you forget the password, enter a verification code and capture the packet.  Check whether the package has any

Mac-based youdao dictionary XSS Vulnerability Mac-based youdao dictionary, which has the XSS vulnerability during word translation. You can easily refer to the box using SVG labels.Detailed description: 1. Open the youdao dictionary and select the

Multiple Denial of Service Vulnerabilities in Linux Kernel 'crypto/aesni-intel_glue.c'Multiple Denial of Service Vulnerabilities in Linux Kernel 'crypto/aesni-intel_glue.c' Release date:Updated on:Affected Systems: Linux kernel Description:

Apple Safari information leakage (CVE-2015-1155)Apple Safari information leakage (CVE-2015-1155) Release date:Updated on:Affected Systems: Apple Safari Apple Safari Apple Safari Description: Bugtraq id: 74527CVE (CAN) ID: CVE-2015-1155Safari

How to defend against JavaScript-based DDoS attacks DDoS attack technology is rapidly evolving. The recent JavaScript-based DDoS attack has a unique feature: any browser device may be involved in the attack, and its potential attack scale is almost

Use hackrf to sniff gsm traffic When my colleague and friend Simon were visiting our zimperium tlv office, we started to learn HackRF and use radio frequencies to sniff unprotected GSM communication traffic. Simon patiently explained to me the

Large-volume DDoS attack protection solution With the increase in Internet bandwidth, DDoS attack traffic is growing, and more than Gbit/s of traffic-type attacks have become popular. For such large attack traffic, attacked customers often cannot

Compared with HTTP, how does one make the network more secure?Users who frequently use browsers to browse Web pages will notice that the opened IP address is usually headers of HTTP or HTTPS. What is the difference between the two? HTTP, or

The principle of LAN virus infection and its prevention methods Computer viruses have been spreading over networks for a long time, and they can also rapidly breed in the LAN, resulting in mutual infection of LAN computers, making the entire company'

XSS Cookie Theft (DVAW platform test) In the face of the competition, one question was to write a script to receive Cookies, so I simulated the XSS environment. PS: WAF filtering is not considered. First, the XSS is stored. Currently, the DVAW

Due to design defects of Baidu applications, the baidu.com domain xss can be constructed at will. When we search for "linux Command Daquan" on Baidu, a Baidu application will appear.This application has an injection vulnerability, which is not a

Bo ol blind injection for a site on cool 6 Bo ol blind injection for a site on cool 6 Injection point:  GET/channel/getFeedInfo? Channel = * & channelme = yes & p = 1 HTTP/1.1X-Requested-With: XMLHttpRequestReferer: http://boke2.ku6.comHost: boke2

XSS vulnerability of one cross-origin request continued As mentioned above, because you need to use the proxy page to solve the cross-origin request of POST requests, You need to execute the passed function on the proxy page. Therefore, we

The Z-blog front-end does not require logon. One vulnerability is included. I heard this is a big vendor? -.-You do not need to log on to the front-end to include the vulnerability. You probably did not see the location where images could be

Mysql injection and phpinfo at a site of Apsara Stack Mysql injection and phpinfo at a site of Apsara Stack First scanned the phpinfo file, http://my.gfan.com/info.phpThen I want to find the injection and file contains such a vulnerability, so in my.

Baidu second-level domain name root permission Injection Vulnerability Https://jpaas-edu.baidu.com/the place where the invitation code is entered for this site is injected. Although there is a verification code, the verification code is not

Didi taxi (xiaoju technology) is poorly designed and can lead to database hits (case studies) Didi taxi (xiaoju technology) is poorly designed and can lead to database hits (case studies) * ***** Ukeji ***** There is no verification code