Cloud Security

SearchBlox DoS Vulnerability (CVE-2015-7919)SearchBlox DoS Vulnerability (CVE-2015-7919) Release date:Updated on:Affected Systems: SearchBlox 8.3 Description: CVE (CAN) ID: CVE-2015-7919SearchBlox is a Web-based Attribute search

Simple defense against multiple malicious server submissions Background: The continuous sending or malicious submission of requests by machines puts a lot of pressure on the server. The optimal strategy for this attack is to determine the number of

Weak Password of China Unicom customer Ticket System in a region (customer data leakage) Yanji Unicom customer service e-ticket system http ://**.**.**.**/ The password of the account zhangjie is 123456The Customer Management Office involves more

Midea roaming from a weak password to the Intranet I am here for the first time. Obtain a weak password through brute force cracking. Zhangduo password Midea123 login beauty mailbox https://mail.midea.com Company-wide organizational structure,

New Injection of the most vulnerable user information for a general system is leaked (no login required) New Injection of the most vulnerable user information for a general system is leaked (no login required) This system is a new smartbos

Arbitrary File Download from a collaborative Portal System of China Mobile Anhui mobile Some information about the Intranet system is leaked. Address: http: // **. **/Page/Login/UserLogin. aspx  There is a notice for the user who needs to know

A provincial website of China Mobile 10086.cn SQL injection involves a large amount of data. A provincial website of China Mobile 10086.cn SQL injection involves a large amount of data. Injection of Jiangsu mobile B2B Mall, oracle database, can be

Further use of the Apsara stack SSH Backdoor How can I use this SSH backdoor to access the Intranet? Well, this is what this article will talk about. The backdoor obtains the root permission of the firewall, that is, all firewall operations can be

Alimama travel website has SQL Injection (⊙ O ⊙ )... If a problem occurs at a point, check whether there are any problems with all similar points .... POST/lvyou/dest_index/AjaxGetTripList HTTP/1.1Content-Length: 66Content-Type:

Unauthorized access to the East China Sea airline foc System (leakage of a large amount of sensitive aviation data) Link: http ://**.**.**.**Under normal circumstances, login verification is required:  Crawlers in Baidu find that the download

Yisearch technology has a large number of webshells on a website that involve a large amount of user data. I only came here when I saw a vendor activity ~~~~ PS: a gift is good, and 20 RANK is good.Yisearch technology found a large number of

Meizu mobile media service SQL Injection Vulnerability When the file name of the SQL injection vulnerability in meizu mobile media service is enclosed in quotation marks, the Media Service may have the risk of SQL injection. The direct impact is

Arbitrary File Upload Vulnerability in a Haier System Arbitrary FCKeditor file upload in a Haier System File Upload address: http://home.ithaier.com/FCKeditor/editor/filemanager/browser/default/browser.html? Type = all & Connector =

Another stored xss vulnerability in xueqiu.com You have compared the previous vulnerabilities and confirmed they are not repeated. This problem occurs when you upload a PDF file and describe it.The problem is a bit strange, but it is indeed a

Alexa: Top 3 SQL injection sites in China SQL Injection 1. Change X-Forwarded-For **. ** '.  GET / HTTP/1.1Host: **.**.**.**User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:42.0) Gecko/20100101 Firefox/42.0Accept:

Kingsoft ciba website MySQL blind note (bypassing GPC escape) After reading this hole, WooYun: the SQL injection in the Kingsoft node has been fixed.But wide characters can be used to bypass GPC addslashes sqlmap.py -u

Arbitrary login administrator vulnerability in xiaokaxiu, which has more than 0.5 billion million videos per day Arbitrary login administrator vulnerability in xiaokaxiu, a popular social network The daily video broadcast volume exceeds 0.5

Information Leakage from China Life Official Website The website can freely refresh registered user information, and violently query user information to leak user information. The user information covers the real name, email address, and mobile

Webshell Analysis for Juniper screnos Authentication1. Background The backdoor vulnerability of a vro has also been exposed many times before, but most of them are intentional by the manufacturer and the developers of the manufacturer are informed

602 Gbps: attacks against the BBC have become the strongest DDoS attacks in history New World Hacking, the hacker organization responsible for the BBC attack, said that the intensity of DDoS attacks against the BBC has reached 602 GBps, which will