Cloud Security

GNU glibc 'swscanf' Remote Heap Buffer Overflow Vulnerability Release date:Updated on: Affected Systems:GNU glibcDescription:Bugtraq id: 72428 Glibc is the implementation of C libraries in most Linux operating systems. GNU glibc has a heap

Bugzilla Command Injection and Security Restriction Bypass Vulnerability Release date:Updated on: Affected Systems:BugzillaDescription:CVE (CAN) ID: CVE-2014-8630 Bugzilla is an open source defect tracking system. Bugzilla does not properly

Oracle Database Server Remote Vulnerabilities (CVE-2014-6514) Release date:Updated on: Affected Systems:Oracle database server 11Description:Bugtraq id: 72166CVE (CAN) ID: CVE-2014-6514 Oracle Database Server is an object-1 relational Database

Apache Traffic Server 'httptransact. CC' DoS Vulnerability Release date:Updated on: Affected Systems:Apache Group Traffic Server 5.0.0-5.1.1Description:Bugtraq id: 71879 Apache Traffic Server is a scalable HTTP/1.1 compliant cache proxy Server.

GLPI 0.85 blind SQL Injection Vulnerability Release date:Updated on: Affected Systems:GLPI Description:CVE (CAN) ID: CVE-2014-9258 GLPI is a computer and equipment management system. In versions earlier than GLPI 0.85.1, ajax/getDropdownValue. php

WordPress WP Symposium plug-in Arbitrary File Upload Vulnerability Release date:Updated on: Affected Systems:WordPress WP Symposium Description:WordPress WP Symposium plug-in is a network plug-in that adds social functions. WP Symposium 14.11 and

Oncake: a malicious code module built into the mobile ROM. The AVL mobile security team recently joined LBE to find a malicious code module built into the mobile ROM. Because the author of the malicious code calls the module running and releasing

Intrexx 'request' Parameter Cross-Site Scripting Vulnerability (CVE-2014-2026) Release date:Updated on: Affected Systems:Intrexx Professional 6.0Intrexx Professional 5.2Description:Bugtraq id: 71673CVE (CAN) ID: CVE-2014-2026 Intrexx is an

GitLab not affected by Git Security Vulnerabilities CVE-2014-9390 Yesterday, Git reported a serious security vulnerability. This vulnerability affects all official Git Client versions. Due to this vulnerability, git.oschina.net, GitLab.com, GitLab

Man-in-the-middle attack caused by improper handling of TLS certificates by the Cheetah and 2345 browsers When the SSL/TLS certificates provided by the https web pages opened by the two browsers are invalid (such as self-Signed and Domain Name

Data leaks: password setting habits of Chinese netizens In 2014, it was another year in the history of network security, from large-scale leakage of Ctrip's credit card at the beginning of the year, to various open-source software vulnerabilities

Lenovo's website background security defects and SQL injection (including repair ideas) Security defects in the background: Find SQL injection, read files, and log on to the backgroundHttp://css.lenovo.com/lxymanage/login.php. The verification code

[SQLi] Do not use single quotes | SQL statement with commas (,)Background Audit cms found an environment like this: $ L_id = get ('arr', 'l _ id'); $ ids = explode (',', $ l_id ); Concatenate the array requests in post, and then separate them

Order prices can be modified at will Ordinary merchants on the internet can browse others' orders at will, modify others' order information at will, and discount specified orders.1. First, you have to be a merchant of the zookeeper network. If not,

A large set of unauthorized operations and GETSHELL of a system in TRS Earlier versions and secondary development seem to be unaffected... security is endless! /** Note:* Copyright? 2004-2006 TRS not affected* Copyright? 2004-2008 TRS not affected*

Some common attack methods and simple defense methods in WEB Development  SQL InjectionThe most common attack method, called SQL injection, is to insert SQL commands into Web forms to submit or enter query strings for domain names or page requests,

Change the custom upload path to a custom Upload File Name Currently, one of the common methods to exploit the upload vulnerability is that the client can customize the filepath, that is, the path to save uploaded files. However, when the custom

Multiple SQL injection vulnerabilities in a general manuscript System (packaging) Multiple SQL injection vulnerabilities in a general manuscript System (packaging) Google Keyword: technical support: Nanjing jienuhan Software Technology Co.,

Phpwind logon can hit a database to lock others' accounts and Solutions Phpwind can hit the database at login (demonstration on the official website)As well as locking others' accounts, continuous (batch locking is not very good, not tested

Lenovo's Discuz Forum MySQL injection script MySQL injection at a Discuz forum in Lenovo, tested several timesScript for guessing Suspected Discuz injection introduced by Lenovo's secondary development. ThinkPad