Cloud Security

How Google Engineer Neel Mehta discovers the Heartbleed Vulnerability Google Engineer Neel Mehta first discovered the OpenSSL Heartbleed vulnerability. He has disclosed the vulnerability for the first time. Mehta said that he was checking the SSL

Linux Bash Security Vulnerability repair Recently, a very serious security vulnerability was detected in the built-in Bash of Linux. Hackers can exploit this Bash vulnerability to completely control the target system and initiate attacks. To avoid

Ao you cloud Browser Remote privacy Leak Vulnerability (certain conditions are required) The intent protocol header is used for browser resolution. If the processing problem is solved, the unexported component can be opened remotely, and

Apt Security Restriction Bypass Vulnerability (CVE-2014-0487) Release date:Updated on: Affected Systems:Ubuntu aptDescription:Bugtraq id: 69836CVE (CAN) ID: CVE-2014-0487 The apt package is the advanced frontend of dpkg. When APT does not comply

NetBSD Kernel "setsockopt ()" DoS Vulnerability Release date:Updated on: Affected Systems:NetBSD 6.1-6.1.4NetBSD 6.0-6.0.4Description:NetBSD is a free and highly customizable Unix-like operating system suitable for multiple platforms, from 64-bit

How to Protect yourself after credit card data leaks Background:The largest card information leakage in history: 56 million credit card information stolen at Home Depot in the United States According to the latest news, Home Depot admitted that

Netcore NW705 + unauthorized access to multiple sites Netcore NW705 + unauthorized access to multiple sites View the post data to see some configuration files.  You can find the logo log, connection list, route information, route password, and

Introduction to fail2ban anti-brute force cracking 0x00 Introduction Fail2ban can monitor your system logs, and then match the log error information (Regular Expression matching) to execute the corresponding shielding action (usually by calling the

Due to a defect in some xss filtering system principles, xss affects Dangdang's reading and show academic search websites with hundreds of links and academic searches. Sample http://search.dangdang.com /? Key = test This vulnerability exists in

A general-purpose electronic procurement platform has the Arbitrary File Upload Vulnerability GETSHELL  Detailed description: #1. carefully studying and finding that uploading arbitrary files in an editor can result in batch Getshell, which has a

Ucenter Home latest SQL Injection Download the latest Ucenter Home from the official website First, SQL injection:Personal settings-Personal Data-Basic InformationFile/source/cp_profile.php:  If ($ _ GET ['op'] = 'base') {if (submitcheck

Common Vulnerabilities in PHP and Sqlite  0x00 pre-renewal SQLite is a lightweight database, and PHP developers are never confused. After PHP5, it has been integrated with this lightweight embedded database product by default. there are some common

The latest SQL injection vulnerability in the U-Mail system Vulnerability file: client \ option \ module \ views. php   if ( ACTION == "letterpaper" ){$lp_id = gss( $_GET['id'] );if ( $lp_id ){if ( $lp_id == "add" ){$lp_info['letterpaper'] =

Cms # SQL Injection # stored xss CMS vendor: Jiangsu Xinyue Technology Co., http://www.jsxyidc.com/   Then download it back for local TestingAn online registration is found:  http://localhost:58031/online.asp In:Name-Date of birth-willingness to

Any user password can be reset at a station of China Mobile Research Institute The verification code is composed of only five digits and the verification frequency is not limited. The verification code can be cracked.

AA carpool vulnerability 3 # (full-site user passwords can be modified in batches if AA carpool is improperly designed) We changed our password and captured the package. We found the following interface:   The following serviceKey is a

Arbitrary Account Login vulnerability in a general contribution system Following Chuan Ge's footsteps, it should be repeated to read any password,If you log on to any account, it will be a big deal. "The vulnerability is already recorded on the

XSS vulnerability in the school edition e-schoolbag Teaching Platform I saw the http://www.bkjia.com/Article/201409/334988.html, too.Stored xssDetailed description: Use the official demo for testingHttp://demo.31390.com:

Security O & M: general handling process after the server is attackedSecurity is always relative, and even secure servers may be attacked. As a security O & M personnel, the principle to be grasped is to do a good job in system security protection

Kindeditor may cause full browsing in specific circumstances Because there are few examples, I started to think about not their vulnerabilities. I thought about them later, but I didn't check the user's normal configuration content. I 'd like to