Cloud Security

Patch ROM-0 Bug with Misfortune-Cookie (bad luck cookie) This article is just for fun, especially for Embedded hackers who like to adjust the system. So this is not a legitimate way to fix ROM-0 bugs, the fun is to fix another Bug through a bug. Let'

Open source stepping stone Jumpserver I believe you are familiar with the bastion host. To ensure server security, we have added a bastion host. All ssh connections are completed through the bastion host, the bastion host also needs functions such

Dnsmasq "setup_reply ()" DoS VulnerabilityDnsmasq "setup_reply ()" DoS Vulnerability Release date:Updated on:Affected Systems: Dnsmasq Description: CVE (CAN) ID: CVE-2015-3294Dnsmasq is a lightweight DNS forwarder and DHCP server.Dnsmasq has a

Reuse Vulnerability after the FFmpeg ff_h1__free_tables function is releasedReuse Vulnerability after the FFmpeg ff_h1__free_tables function is released Release date:Updated on:Affected Systems: FFmpeg Description: CVE (CAN) ID:

Quassel Remote Denial of Service Vulnerability (CVE-2015-2779)Quassel Remote Denial of Service Vulnerability (CVE-2015-2779) Release date:Updated on:Affected Systems: Quassel IRC Team Quassel 0.12-rc1 Description: Bugtraq id: 74048CVE (CAN) ID:

Oracle Java SE Remote Vulnerabilities (CVE-2015-0470)Oracle Java SE Remote Vulnerabilities (CVE-2015-0470) Release date:Updated on:Affected Systems: Oracle Java SE 8u40 Description: Bugtraq id: 74149CVE (CAN) ID: CVE-2015-0470Java SE is short

Apache HTTP Server 'Protocol. c' Remote Denial of Service VulnerabilityApache HTTP Server 'Protocol. c' Remote Denial of Service Vulnerability Release date:Updated on:Affected Systems: Apache Group HTTP Server 2.4.12Apache Group HTTP Server

Hadoop, Hbase, and Zookeeper security practicesSpeaking of security, there are two main aspects: Authentication and Authorization:The Authentication task is to Authentication the user's identity, that is, you say that you are A user, and

Cisco CUCDM Information Leakage Vulnerability (CVE-2015-0683) Release date:Updated on: Affected Systems:Cisco uniied Communications Domain Manager 8.1 (4)Cisco uniied Communications Domain ManagerDescription:CVE (CAN) ID: CVE-2015-0683 Cisco

Ntpd Vulnerability (CVE-2014-9297)Ntpd Vulnerability (CVE-2014-9297) Release date:Updated on:Affected Systems: NTP NTP 4.x Description: CVE (CAN) ID: CVE-2014-9297Network Time Protocol (NTP) is a Protocol used to synchronize computer Time. It can

Tor Denial of Service Vulnerability (CVE-2015-2929)Tor Denial of Service Vulnerability (CVE-2015-2929) Release date:Updated on:Affected Systems: Tor Description: CVE (CAN) ID: CVE-2015-2929Tor is an implementation of the second generation of

SSRF-issues ignored during design Sometimes there is a wall in front of you, blocking your path. At this time, we only need to open a door on the wall, but the door must be locked. Otherwise, a security vulnerability will occur. There are many

Django framework Arbitrary File Inclusion VulnerabilityOn July 6, April 21, the python-based open-source web framework Django released a Security Bulletin, saying that the contrib. markup package in MySQL 1.5 or earlier has the Arbitrary File

FSO security settings to prevent ASP Trojans Currently, most virtual hosts disable the standard ASP Component FileSystemObject, which provides ASP with powerful file system access capabilities, you can read, write, copy, delete, and rename any files

Any vote of DamiCMS Any vote of DamiCMS The key code for voting is as follows. foreach($_POST['vote'] as $v) { var_dump($v); $v = str_replace("\n","",$v); $s =

Doyocms parallel permission issue-order Leakage Doyocms parallel permission issue-order Leakage Order unauthorized view VulnerabilityThe problematic code is located at source/member. php.  function

Summary Web application browser-based security vulnerabilities SummaryWeb browsers or mobile browsers act as intermediaries between users and the Internet. In daily life, we use Google Chrome, Mozilla Firefox, Internet Explorer, Opera, safari. As

Attackers can exploit some design defects of Renren to attack internal network applications. Attackers can exploit some design defects of Renren to attack internal network

Mallbuilder (multi-user mall) Storage XSS refers to where to pack (5) First came to the demo address: http://cn.mall-builder.com/main.php This demo address has stopped Registration  It should be the reason for this hole = hahaWooYun: Mallbuilder

XML security-Web Services0x01 Introduction Some time ago, I encountered related technologies related to ws in the trs system. Not long ago, when I was playing a xx Hotel, I went to its database through ws, later, I met or saw XML-related