Cloud Security

Let's talk about Wordpress security today ..WORDPRESS has been very insecure recently. 0-day vulnerabilities often exist ~ Therefore, you need to set the security of the program.========================================================== =============

  Baidu has not found any more information about this system.   Only one website is made by Wenzhou Zhongwang.   Version system cannot be verified ....   When I started a website today, I found that all the default accounts could not be

By Mr. DzY from www.0855. TV Source code introduction: The website construction system of XYCMS law firm includes the Office profile, legal style, News Center, service field, typical cases, legal consultation, qualification certification, and

Title: Openads-2.0.11 Remote File compression sion VulnerabilityAuthor: HaCkErS eV! L www.2cto.com: Http://sourceforge.net/projects/phpadsnew/files/Current%20Release/Openads%202.0.11-pr1/Openads-2.0.11-pr1.zip/downloadAffected Version: 2.0.11Test

Title: NetCat CMS Code exec, SQL-injection Author: brain [pillow] Official Website: http://netcat.ru/ This defect is valid for all cms versions: ========================================================== ==================== # SQL injection:

Title: dotProject 2.1.5 SQL Injection Vulnerability Author: sherl0ck _ @ AlligatorTeam Developer Website: http://www.dotproject.net/ Tested version 2.1.5 Test Platform: Debian GNU/Linux 5.0 Example: URL: Http://www.bkjia.com/dotproject/index. php?

Title: Nucleus v3.61 Remote File Include (MSF)Author: Caddy-Dz www.2cto.com: Http://sourceforge.net/projects/nucleuscms/    Require 'msf/core' Class Metasploit3 Rank = ExcellentRanking Include Msf: Exploit: Remote: TcpInclude Msf: Exploit: Remote:

Author: MatrixBrief description:Huawei smart cloud has SQL injection and can theoretically modify background dataDetailed description:Http://developer.huaweidevice.com/dev_creg.php User name verification POST data is not strict, submit

Title: WordPress WP e-Commerce plugin Author: Miroslav Stampar (miroslav. stampar (at) gmail.com @ stamparm) Software: http://downloads.wordpress.org/plugin/wp-e-commerce.3.8.6.zip Tested version: 3.8.6 Annotation: parameter $ _ POST ["cs3"] = md5

Title: Multiple XSS vulnerabilities in LightNEasyBy Stefan SchurtzOriginal version: 3.2.4Developer Website: http://www.lightneasy.org/ Defect Analysis  LightNEasy is vulnerable to xss attacks ============================Technical logs:============

  #! Usr/bin/php-w Error_reporting (E_ERROR ); Set_time_limit (0 ); Print_r (' DEDEcms Variable Coverage Exploit Author: [url] www.heixiaozi.com [/url] [url] www.webvul.com [/url] ); Echo "\ r \ n "; If ($ argv [2] = null ){ Print_r (' + -----------

  Set rsnews = Server. CreateObject ("ADODB. RecordSet ") SQL = "update news set hits = hits + 1 where id =" & cstr (request ("id ")) Conn.exe cute SQL       */ Simple reuqest () does not specify request. querystring (), request. form, or

Vulnerability file: inc/ajax. php Vulnerability code:Header ('content-Type: text/html; charset = UTF-8 ');$ Absolutepath = $ _ GET ['absolutepath'];Require_once ($ absolutepath. 'inc/common. inc. php ');$ SQL = "update {$ configTableHead} {$

  Parameters are not filtered. The parameters of crossDomainIFrame and crossDomainUrl can be modified. Proof of vulnerability: Http://ptlogin.4399.com/ptlogin/regFrame.do? Export & appId = my & gameId = & regIdcard = true & mainDivId =

Brief description:An excessive permission vulnerability exists in a forum of Tianya. You can modify any popular post content and embed malicious code in it.Detailed description:   Proof of vulnerability:In addition, the blog SWF jump:

  Title: EFront Public version: When 3.6.10 will be released Author: IHTeam www.2cto.com Download link: http://www.efrontlearning.net/download/download-efront.html Test Platform: efront_3.6.9_build11018 Default username and password: Student:

  Joomla Component Time Returns (com_timereturns) SQL Injection Vulnerability ##   Author: kaMtiEz www.2cto.com ######################################## ##############################     [Software Information] Developer: http://www.takeaweb.it/   :

  Article 1: http://www.bkjia.com/Article/201110/108389.html Ryat gave N-plus examples of variable variables on Weibo. Some of them did not really pay attention to it. I did not expect a syntax feature to lead to another syntax feature. I personally

# Title: LibrettoCMS 2.2.2 Malicious File Upload # discoverer: CWH Underground # Official Website: http://libretto.artwebonline.com/ #: http://jaist.dl.sourceforge.net/project/librettocms/librettoCMS_v.2.2.2.zip # Affected versions: 2.2.2 # Test

It is mainly because a system is authorized to access the database, resulting in the execution of arbitrary commands, the permission is still root, the database is not subject to access restrictions, and the data volume is quite large ..Details: