Cloud Security

Construct a BER file without a public key to cause the system to crash. In January 25, 2016, Wade Mealing sent an email to the OSS Security and CVE certification departments. The electronic topic is: constructing a special key file to cause DoS on

Cisco Adaptive Security Appliance information leakage (CVE-2016-1295)Cisco Adaptive Security Appliance information leakage (CVE-2016-1295) Release date:Updated on:Affected Systems: Cisco Adaptive Security Appliance 8.4 Description: CVE (CAN)

WormHole vulnerability: Remote Installation of malicious code on Huawei mobile phones Refresh the score, and submit it to the conscientious manufacturer. A strange thing was found during the WormHole Vulnerability Detection on the cellular network. 

Apple fixed a critical iOS vulnerability where hackers could steal cookies from devices (CVE-2016-1730)   Recently, Apple fixed a serious vulnerability in iOS. This vulnerability allows hackers to disguise themselves as end users and obtain the

Apple MAC/IOS Webview DoS Vulnerability (affects safari, chrome for IOS, QQ, etc) Apple webview does not correctly handle the replace in the loop. You can use the webview application crash.Mac/IOS Webview DOS test by data streamFunction x (str,

Security personnel discovered the VMware storage permission expansion Vulnerability Recently, information security researchers found that VMware applications have the Privilege Escalation vulnerability. The affected products include ESXi, Fusion,

DLL hijacking attack Guide The DLL (Dynamic Link Library) file is a Dynamic Link Library file, also known as "application expansion", and is a software file type. In Windows, many applications are not a complete executable file. They are divided

Arbitrary Command Execution in multiple SAP systems of China Telecom (endangering 9 servers) Exp in the url, run ipconfig alllinux and run cat/etc/passwd1China Telecom Hangzhou **. **. **. **/ctc/servlet/com. sap. ctc. util. configServlet? Container

Baidu has SQL injection vulnerability ROOT permission In the test tool, the effect is okay. Pai_^--------------------------------# The first time in the Tang Dynasty # the launch of the security cruise Conference of the Tang Dynasty !!!On September

Database Table Suning Tesco a station database can be imported locally (the whole station data/administrator password is leaked) I can't go on like this anymore. What about a good dog ~~Online supermarkets, preferred Suning Tesco I heard that Suning

The rsync configuration of a service in sogou is incorrect. Incorrect rsync Configuration 1. Scan the sogou browser CIDR Block  Nmap 123.126.51.33/24-p873 -- open 2. Server ip addresses with port 873 Enabled  The following three ip addresses

Leakage of sensitive information in the market leads to intranet roaming I read two articles about the vulnerabilities in the market on wooyun, in the spirit of professionalism.I scanned the market again and found that there were still more than N

A website vulnerability in Great Wall insurance (resulting in leakage of a large amount of confidential information) Similar to previous site vulnerabilities, but not in the same location, not repeated vulnerabilities ~~~ Http://oa.ccib.com.cn/login.

Another weak password on Netease caused Getshell Simple, a weak password, simple and crude. Check http: // 123.58.179.79/whois to verify that this ip Belongs To Netease. An LNMP installation completed interfaceThe phpinfo and phpmyadmin interfaces

There is SQL Injection on the kibablendiamond official website. The official website of Kimberly Diamond has SQL injection to get webshell. Sqlmap blind Injection Logon page  http://www.kimberlite.com.cn/index.php?r=site/flogin Injected

Look at my amazing method, shell, COFCO, a system, a site COFCO is a big vendor. The attitude of the previous vulnerability is awesome. Actually, I feel like a big vendor doesn't care about this rank. Hey, but I do. Please ask 20 rank. Thank

The official APP of xiaguo network has SQL injection (Cross 32 databases/including a large number of user libraries) SQL Injection for APP security Objective: To view the official APP of xiaguo NetworkSQL Injection exists in the following areas:

A certain part of wasu data leakage can connect to the database RT Https://github.com/fucifer/learn/blob/07f3ddd8bf3568d1033cf040792912b9e0023a34/dphd/src/main/resources/env/config.propertiesLeakage of database addresses and passwords    The

Introduction to configurations related to preventing SQL injection attacks in Nginx The best way to prevent SQL injection is to filter and escape all data submitted to the background.For simple cases, such as single quotation marks ('), semicolons (;

Mining and defense of command execution vulnerabilities in the DVWA Series Common command execution vulnerability defense methods usually use two functions: EscapeShellCmd and EscapeShellArg. The following analyzes the two functions