Cloud Security

OLEOutlook exploitation: one email bypasses all Enterprise Security Prevention and Control In this article, I will show you how to embed an executable file into the company network by Email. Disguised as a Word document that bypasses the firewall.

Corega CG-WLBARAGM Denial of Service Vulnerability (CVE-2015-7793)Corega CG-WLBARAGM Denial of Service Vulnerability (CVE-2015-7793) Release date:Updated on:Affected Systems: Corega CG-WLNCM4G Description: CVE (CAN) ID: CVE-2015-7793The Corega

How to Use snapshots to reinforce security and strengthen Privacy Protection I haven't talked about technical topics for two consecutive months. Today I will post an article about the use of the "snapshot function" and fill in the "Literacy Virtual

SearchBlox DoS Vulnerability (CVE-2015-7919) Affected Systems: SearchBlox 8.3Description: CVE (CAN) ID: CVE-2015-7919 SearchBlox is a Web-based Attribute search engine. SearchBlox 8.3-8.3.1 has the file leakage vulnerability, removing

Siemens ruggedcom rox-based device Authentication Bypass Vulnerability (CVE-2015-7871) Affected Systems: Siemens ruggedcom rox Description: CVE (CAN) ID: CVE-2015-7871Siemens ruggedcom rox-based devices are used to connect devices in harsh

FFmpeg ff_dwt_decode Function Denial of Service Vulnerability (CVE-2015-8662) Affected Systems: FFmpeg Description: CVE (CAN) ID: CVE-2015-8662FFmpeg is a free software that allows you to perform video, transfer, and stream functions in

Tami financial information leakage (up to 0.2 billion RMB) Involving 0.2 billion RMB, 20 points is definitely not enough!Scared to death, login a 100 millionDetailed description: https://github.com/superman66/ChiQiFound/blob/0f45e27f1309e668417958357

How to Use machine learning to detect malware Comprehensive research on malware is not a simple task. Before performing reverse engineering and building a timeline, researchers need to obtain a large number of samples from multiple stages of malware

General automatic shelling Method for Android applications 0x00 background and significance Compared with traditional PC applications, Android applications are more likely to be reversed, because after being reversed, Java code or smali

File Inclusion Vulnerability Analysis for DVWA Series 14 Program developers usually write reusable functions into a single file. When using some functions, they call this file directly without writing it again, this process of calling a file is

Netease subsite SQL Injection Vulnerability SQL injection vulnerability in a website on Netease Http://op.campus.163.com/adm/selectcate.do? Flags = 1, 2The above link has the SQL injection vulnerability to obtain database data.  $ ./sqlmap.py -u

Writeup of 32C3 CTF two Web questions 0x00 Introduction As a dog for sales, I am very happy to be able to do Web problems. I have two questions: TinyHosting and Kummerkasten.0x01 TingHosting A new file hosting service for very small files. could

Analysis of getshell vulnerability in VIP chat uploading on Dahan Network Dahan network vipchat upload getshell Vulnerability Step 1: forge the session value: clusteridAddress:/vipchat/VerifyCodeServlet? Var = clusterid Send request:

The execution of Getshell on a certain Beijing mobile site involves millions of users. The previous vulnerability administrator never gave it, so sad... @ haotian @ Ah L Chuan The problem is as follows:Beijing mobile app has the Struts2

A good loan website bypasses SQL Injection somewhere (with a verification script) RTDetailed description: Vulnerability address: http://www.haodai.com/zixun/k_1*/ * Injection exists. Space is filtered, comma, less than, greaterA delay occurs when

Sina Weibo design defects can enter the payment background How much does it cost? Buy, buy, and send Http://admin.pay.weibo.com/admin/index.php Important background is on the internet...Login defects 1: on the InternetLogin defects 2: no

Insurance security-Anhua insurance's JAVA deserialization vulnerability on an important website can penetrate multiple systems Anwar Insurance Http: // 221.8.57.106: 7006/Http: // 221.8.57.106: 7009/Weblogic deserialization VulnerabilityReverse

SQL Injection/unauthorized access/xss (demo successful) in p2p online lending system) Only one home page is required.There are still safe dogs. But it is useless. Inject 1 (test failed)See the code core \ deayou. core. php 65-86.  elseif ($_G['query_

Run a command somewhere in the home of Beijing RTDetailed description: Jboss invoker/JMXInvokerServlet Code ExecutionThe http://oa.juran.com.cn: 8086/invoker/JMXInvokerServletProof of vulnerability: Solution: Security suggestion: add an access

Weak device passwords can penetrate the entire company. Our company is familiar with ruijie's equipment. Ruijie's device is a word, garbage, garbageAs long as a small router is in the LAN and the same gateway is set up, the company's network is