Cloud Security

The terrible vulnerability allows hackers to control your Mac even after formatting. According to the discovery by OS X Security Expert Pedro Vilaca, a new vulnerability targeting the old Mac will allow hackers to gain control of the machine

GNU Parallel Arbitrary File Write Vulnerability in CVE-2015-4155)GNU Parallel Arbitrary File Write Vulnerability in CVE-2015-4155) Release date:Updated on:Affected Systems: GNU Parallel Description: CVE (CAN) ID: CVE-2015-4155GNU parallel is

Linux Kernel 'tty/tty_ldsem.c' Local Race Condition VulnerabilityLinux Kernel 'tty/tty_ldsem.c' Local Race Condition Vulnerability Release date:Updated on:Affected Systems: Linux kernel Description: Bugtraq id: 74820Linux Kernel is the Kernel

Novell Zenworks Remote Information Leakage (CVE-2015-0785)Novell Zenworks Remote Information Leakage (CVE-2015-0785) Release date:Updated on:Affected Systems: Novell ZENworks Description: Bugtraq id: 74288CVE (CAN) ID: CVE-2015-0785Novell

WordPress Simple Backup plug-in 'tools. php' Arbitrary File Download VulnerabilityWordPress Simple Backup plug-in 'tools. php' Arbitrary File Download Vulnerability Release date:Updated on:Affected Systems: WordPress Simple Backup Description:

One wallet app's parallel permission control is lax, leading to user information leakage You can check the personal information corresponding to the specified mobile phone number. Interface: the app portal is the activity "I

Python uses the scapy library for ARP Spoofing1. Description ARP spoofing, also known as ARP attack or ARP attack, is an attack technique against the Ethernet Address Resolution Protocol (ARP. This attack can allow attackers to obtain packets or

Record an unsuccessful yy Intranet test on a site O & M personnel, I am really sorry, I have killed the machine and it has not been restored for a long time, so I cannot go deep into QAQ. Http://mcbbs.kuaikuai.cn/uc_serverWeak ucenter

Principles of ip Spoofing and theftThe IP spoofing technology is complicated. It is not easy to figure out a tiger as a cat. However, as a conventional attack method, it is necessary to understand its principles, at least for your own security

Penetration test of a school library 0x00 causes and consequences One of Sirius's dreams is that there is a private library, so the school library is naturally a place where I often go. When I often run the library, I naturally need to borrow a book

PHP automated white-box audit technology and implementation (1) 0x00 Preface There are only a small number of open PHP automated auditing technical materials in China. In contrast, there have been excellent automated auditing implementations in

SQL Injection Mining A few days ago, I saw such a question in the member question area of the red/Black Alliance: "Who Are You Still injecting, it is found that many websites cannot be effectively injected when testing with tools. Some websites

Stored XSS in an application store An application mall has various stored XSS pop-up window cookies Http://www.appstar.com.cn/APP star-mobile app development platform without coding-mobile app development platform-Android, IOS app

How can I access a background of the 17WO website and win the Intranet server? Coincidentally, you sent me a text message to the server. At first, a text message flew over.  Mm ~ Access. The Struts2 vulnerability exists at a glance, but it is a

Web security technology (1)-understanding of encryption mechanismsData encryption algorithms include symmetric encryption, asymmetric encryption, and information summarization.Symmetric encryption uses a single key to encrypt and decrypt data. There

Common website intrusion methodsAt present, website intrusion has become very simple and the threshold is getting lower and lower. Any cainiao just needs to download the intrusion tool on the hacker's website to start intrusion. Currently, there are

A library hit by an interface of Tuba Rabbit's installation and repair network exposes User Login creden( (with account creden) User Logon creden are disclosed when an interface hits a database (with account creden) The mobile login interface does

Multiple Injection packages in a system of yiche I found that many people recently submitted a hole in the car, making it a hot topic. Problem site:Http://log.yiqi.autodmp.cig.com.cn/Use the previously collected accounts to check the injection

Sogou Pinyin input method the special URL on the official website causes the SQL statement to report errors and paths Adding a slash path as a parameter in the search URL will cause a limit-10, 10 error in the program, and the website will not

Website mobile Version Vulnerability: SMS bombing + password cracking 1) retrieve the password on the mobile homepage of the official website without any verification information. If you enter a mobile phone number at will, a verification code will