Cloud Security

A Research on a suspicious Payload Letter difference When we find suspicious Payload, we will try to study it. Maybe they won't have any problems during our detection, but it doesn't mean they have no problems. A Payload found under a website is an

OpenSSL man-in-the-middle Security Restriction Bypass Vulnerability Release date:Updated on: Affected Systems:OpenSSL Project OpenSSL OpenSSL Project OpenSSL 1.0.1-1.0.1kOpenSSL Project OpenSSL 1.0.0-1.0.0pDescription:Bugtraq id: 71936CVE (CAN) ID:

HTTP Vulnerability in Allied Telesis AR routers and alpolicware Switches Release date:Updated on: Affected Systems:Allied Telesyn AR Router AR750S-DPAllied Telesyn AR Router AR750SAllied Telesyn AR Router AR745Allied Telesyn AR Router AR442SAllied

Ekahau Real-Time Location System Multiple Vulnerabilities (CVE-2014-2716) Release date:Updated on: Affected Systems:Ekahau Real-Time Location System 6.0.5-FINALDescription:Bugtraq id: 71674CVE (CAN) ID: CVE-2014-2716 Ekahau Real-Time Location

Android Hacking Part 8: Root detection and Bypass In this article, we will discuss a technology used by Android Developers to check whether the Android device running the current app is root. For applications, checking whether the current device is

Baidu Browser Remote Command Execution 2-bypassing privileged domain restrictions and Solutions Three vulnerabilities are used in total: 1. Bypass privileged domain judgment2. Use the defect API to download any program to a specified directory3.

Xen p2m lock mutex wait Denial of Service Vulnerability (CVE-2014-9066) Release date:Updated on: Affected Systems:XenSource Xen> = 4.2XenSource XenDescription:Bugtraq id: 71546CVE (CAN) ID: CVE-2014-9066 Xen is an open-source Virtual Machine

Linux security and Optimization Introduction: We must understand: Minimum permissions + minimum services = maximum security Therefore, whether it is to configure any server, we must disable unused services and set system permissions to the minimum

CVE-2014-6321 schannel Heap Overflow Vulnerability Analysis0x00 background MS14-066 )? Is the TLS heap buffer overflow vulnerability in Microsoft's schannel. dll. And poc structure.0x01 SSL/TLS principles Https is an SSL/TLS-based Http. All http

WebKit Memory Corruption Vulnerability (CVE-2014-4473) Release date: 2014-3 3Updated on: 2014-6 6 Affected Systems:WebKit Open Source Project WebKit 1.2.XDescription:Bugtraq id: 71444CVE (CAN) ID: CVE-2014-4473 WebKit is an open-source browser

Huawei P2 Local Privilege Escalation Vulnerability (CVE-2014-2273) Release date:Updated on: 2014-3 3 Affected Systems:Huawei P2Description:Bugtraq id: 71374CVE (CAN) ID: CVE-2014-2273 Huawei P2 is a smartphone of the Android system. The local

Huawei security: dancing internationally As "a place to talk about security", the annual RSA conference will become a benchmark for the development of the security industry. This year is no exception. As a representative of the Chinese RSA 2014

Analysis and testing of DenDroid for super-strong mobile Trojan 2cto: Mobile Trojan Dendroid Symantec researchers discovered a new Dendroid trojan in the mobile phone field, which can easily achieve remote malicious control of mobile phones. Before

Iptables log Exploration In addition to effectively controlling network access, the main function of the firewall is to clearly record network access and automatically generate logs for storage. Although the log format varies with the firewall

Caijing website XSS Worm Worm = XSS + csrf  Address: http://tnew.caijing.com.cn/First post the post, directly post four parameters without token verification, resulting in a csrf vulnerability.    After reading the stored XSS, the post content is

China Telecom Tianyi unified points merchant self-service platform has WebDAV write permission vulnerability First of all, we did not use this vulnerability to obtain Webshell. However, it is highly risky to directly PUT the file, and the Tianyi

A sensitive information leaked by Qian Fang can be sent to the mailbox.   Qian Fang InteractionHambaHttps://github.com/jinstrive/hack_flavor/blob/cc9310b651e1eb0bf1ed17c1773fec2751ad841a/server/conf/settings.py  #-*-Coding: UTF-8-*-import osfrom

Account Logon interface is not strictly controlled, leading to Information Leakage An API of co-production online is not strictly controlled, leading to brute force cracking and leakage of personal information! 1,Hepai Online mobile terminal

74cms (20141020) Global SQL Injection filtering bypass 74cms_v3.5.20.20151120Attackers can bypass global SQL Injection filtering. The defined function utf8_to_gbk (). The Code is as follows: function utf8_to_gbk($utfstr) {global $UC2GBTABLE;$okstr =

Discuz's UCenter founder password can be cracked (in some cases) Without looking at the source code, you can directly test it in the black box. Non-verification code recognition.So attach several success stories using code +. Http: //