Cloud Security

D-Link and trending network routers discover Remote Arbitrary Code Execution Vulnerability HP's Zero Day Initiative (ZDI) discloses a 0-Day vulnerability in D-Link and trend network routers that allows attackers to remotely execute arbitrary code.

Cisco Unified MeetingPlace Server Cross-Site Request Forgery VulnerabilityCisco Unified MeetingPlace Server Cross-Site Request Forgery Vulnerability Release date:Updated on:Affected Systems: Cisco uniied MeetingPlace 8.6 (1.9) Description: CVE

Years of vulnerability detection can affect all Windows users Cylance's information security expert works with CERT research teams at Carnegie Mellon University and claims to have discovered a botnet vulnerability that affects all Windows

PCRE Denial of Service Vulnerability (CVE-2015-2327) Release date:Updated on: Affected Systems:PCRE pcreDescription:CVE (CAN) ID: CVE-2015-2327 PCRE (Perl Compatible Regular Expressions) is a Perl library, including a perl-Compatible Regular

2345 security guard Driver Design Problems 2345 the 2345powerapi. sys driver installed by the security guard does not verify the process of opening the device object. Any process that has the permission to open the device object can use the function

QQ Browser Remote Arbitrary Command Execution Vulnerability (with analysis and use) 1. For the QQ browser, as long as it is a webpage under the domain name of qq.com, it has the permission to call some API Interfaces under external,

Wargame narnia writeupPreface This phase of wargame is much more difficult than leviathan, and involves a relatively complete knowledge of Linux overflow. However, on overthewire, this is only 2/10 difficult. It seems that I am far away. On the

Exposure of fully automated black market (one-stop automatic batch SHELL) I accidentally touched the tip of the iceberg and learned that the development of the black industry is faster than we thought. It has evolved into a one-stop full-automated

Analysis on Android HTTPS man-in-the-middle hijacking Vulnerability1. Android HTTPS man-in-the-middle hijacking vulnerability description In the field of cryptography and computer security, Man-in-the-middle attack (MITM) refers to the creation of

Shell script exercise questions Here we mainly collect some shell script exercises to enhance the shell programming capability.Q1 Analyze the image service logs and rank the logs (the number of visits to each image * The total image size), that is,

Three-layer security access control for CentOS When a system is used as a public network server, the system becomes the target of the attack. Access control over network services is one of the most important security tasks facing a server

Simple shell script for Security Log statistics in CentOS Every time you sort out security logs, it is very troublesome. You can simply edit a script to count the total number of attacks per month, the total number of each attack type, and the top 10

Analysis of Smack Remote Control Trojan The AVL mobile security team recently discovered an Android spyware program developed based on XMPP Smack Openfire. The malware has the following features: 1. Upload the user's contact information, text

Decrypts the WebLogic PasswordRecently I met several Linux servers during penetration testing, with Samba sharing that is publicly accessible. In many cases, shared files have some interesting things. Whether it is user authentication information or

The guy illegally controlled 47 website courts and sentenced him to one year's imprisonmentGuy Ge illegally controlled 47 websites. Recently, he was sentenced to one year's imprisonment by the Sanshan District Court of Wuhu City and suspended for

The cloud smoke substation has the excessive permission vulnerability. getshell + consumer information can be leaked. An address in the background does not verify the identity of the visitor.Yundun has been sold in supermarkets in various regions.

Multiple cms backgrounds can be cracked and bypassed for protection 1. Phpcms Phpsso_server in PhpcmsAfter the cracking, the code value in the Session will not be refreshed no matter whether the account password is correct or not.The login page

The maintenance and monitoring system of a mall owned by CITIC group has File Upload to obtain system permissions. The opmanager version is too low, with a verification program written in python. Problematic site: http://ns1.dchnu.comAn upload

Js script-determine the small pop-up window and user browser type 1. pop-up window for the user to choose whether to continue the next step Html> body> script type = "text/JavaScript"> var r = confirm ("this system only supports the chrom browser!

Getshell Vulnerability Analysis in case of enterprise-level CMS Yiqicms is a well-known website construction system for Marketing Enterprises in China. It is developed based on PHP + MySQL. Free open-source, SEO friendly. Recently, Alibaba's patch