Cloud Security

Shellshock subsequent Vulnerabilities CVE-2014-6277 and CVE-2014-6278 finally exposed. POC: Bash-c "f () {x () {_ ;}; x () {_ ;} Michal zarewski, the discoverer of the vulnerability, gave a detailed analysis. The BASH community patch is still

Squid Security Vulnerabilities (CVE-2014-7142) Affected Systems: SquidDescription:Bugtraq id: 70022CVE (CAN) ID: CVE-2014-7142 Squid is an efficient Web Cache and proxy program. Squid 3.4.6 and other versions have security vulnerabilities. The

Vulnerability patch bypass AnalysisDuring the day, we were busy with vulnerability response, server testing and fixing, vulnerability impact scope statistics, and so on until we finally had time to analyze the vulnerability. The first patch

ShellShock (BashDoor) Repair Method Run the following command to check whether your system has the Bash Door vulnerability: Env-I X = '() {(a) => \ 'bash-C' echo date'; cat echo If a vulnerability exists, the output result contains no date,

Xen 'hvmop _ track_dirty_vram () 'Local Denial of Service Vulnerability Release date:Updated on: Affected Systems:XenSource XenDescription:Bugtraq id: 70055 Xen is an open-source Virtual Machine monitor developed by the University of Cambridge.

Adobe Reader and Acrobat Heap Buffer Overflow Vulnerability (CVE-2014-0567) Release date:Updated on: Affected Systems:Adobe Reader 11.xAdobe Reader 10.xDescription:Bugtraq id: 69827CVE (CAN) ID: CVE-2014-0567 Adobe Reader (also known as Acrobat

Linux Kernel 'smb2 _ tcon 'NULL pointer indirect reference Denial of Service Vulnerability Release date:Updated on: Affected Systems:Linux kernelDescription:Bugtraq id: 69867 Linux Kernel is the Kernel of the Linux operating system. Linux kernel

D-Bus local Heap Buffer Overflow Vulnerability (CVE-2014-3635) Release date:Updated on: Affected Systems:D-Bus 1.8.xDescription:Bugtraq id: 69831CVE (CAN) ID: CVE-2014-3635 D-Bus is an asynchronous inter-process communication system. It is mainly

NetBSD Kernel "execve ()" Denial of Service Vulnerability Release date:Updated on: Affected Systems:NetBSD 6.1-6.1.4NetBSD 6.0-6.0.4Description:NetBSD is a free and highly customizable Unix-like operating system suitable for multiple platforms,

MatrixSSL ECC key verification Denial of Service Vulnerability Release date:Updated on: 2014-09-09 Affected Systems:MatrixSSLDescription:MatrixSSL is an embedded SSL and TLS implementation designed for applications and devices that consume less

"Glibc" library "locale/programs/locale. c" Local permission Escalation Vulnerability Release date:Updated on: Affected Systems:GNU glibc 2.xUnaffected system:The GNU glibc 2.13Description:-----------------------------------------------------------

Xen DMA request IOMMU DoS Vulnerability Release date:Updated on: Affected Systems:XenSource Xen 4.xXenSource Xen 3.xDescription:--------------------------------------------------------------------------------Bugtraq id: 49146Cve id: CVE-2011-3131

TrouSerS tcsd DoS Vulnerability Release date:Updated on: Affected Systems:Sourceforge trousers Sourceforge trousersDescription:--------------------------------------------------------------------------------CVE (CAN) ID: CVE-2012-0698 Trousers is an

Cisco IOS Information Leakage Vulnerability Release date:Updated on: Affected Systems:Cisco IOS 15.xUnaffected system:Cisco IOS 15.1 (3) TDescription:--------------------------------------------------------------------------------Bugtraq id:

Unauthorized access to multiple Tenda N300 v2 sites (second change password) By viewing the data submitted by post, we can see that some of the configuration files are not added with permissions, and you can directly access the pages ....   You

Hacker game Follow-up: Starting from Goal games A few days ago, I saw a simple and beautiful hacker programming game, so I almost chewed it ~, I also gave it to my colleagues. The code is very simple, but the idea is not clear, it is difficult to

Ten tricks to protect your private photos Text: Liu Xingliang Once upon a time there was a person who could not repair his computer. Later, his story spread across the world. This person is our great instructor Edison Chen. Mr Chen has taken

Why does Google rush to kill the encryption algorithm SHA-1 (1) Hilbert graph of the hash algorithm (provided by Ian Boyd) The official Google blog announced that it will gradually reduce the security instructions for SHA-1 certificates in Chrome.

74cms (20140709) 9 injection pack Instead of modifying the vulnerability code, you can modify the filter function, although you cannot bypass this filter function.However, the filter is not perfect and data can be generated.We recommend that you

Cross-origin vulnerability in Android built-in browsers (UXSS)Link: http://www.rafayhackingarticles.net/2014/08/android-browser-same-origin-policy.html Test link: http://x7s.pw/001.html Cause: Because Android's built-in browser uses the old