Cloud Security

Ar-drone: Open-Source Project Analysis of hijacking and control drones on GitHub Ar-drone is a protocol implementation method used by Parrot ARDrone 2.0 and is also compatible with Version 1.0.Install the latest version through Github:Npm install

Introduction to mobile APP attacks Attacks on mobile apps are nothing new, and there are many tutorials on the Internet. However, many penetration testers still cannot classify their attack technologies, or even do poorly. Mobile app attacks are

Adobe Digital Editions Memory Corruption Vulnerability (CVE-2016-0954)Adobe Digital Editions Memory Corruption Vulnerability (CVE-2016-0954) Release date:Updated on:Affected Systems: Adobe Digital Editions Description: CVE (CAN) ID: CVE-2016-0

Samba internal DNS server out-of-bounds read Vulnerability (CVE-2016-0771)Samba internal DNS server out-of-bounds read Vulnerability (CVE-2016-0771) Release date:Updated on:Affected Systems: Samba Samba 4.0.0 － 4.4.0rc3 Description: CVE (CAN) ID:

M1905 Command Execution caused by zabbix injection on a website of movie Network Rt   http://118.145.26.196/zabbix/index.php The zabbix version is too low. I remember there was a front-end injection hole in the past, so I typed it with exp.Http: // 1

Suspected that the mobile phone assistant of Qihoo 360 has a low-risk Elasticsearch information leakage (any operation or SQL Execution is allowed) Rt   Mask Region 1. http ://**. **. **/_ searchpreety _ **************** c62633ba46b55a24e8

Shandong mobile has unauthorized mongodb access, causing a large amount of user information leakage. Shandong mobile has unauthorized mongodb access, causing a large amount of user information leakage (mobile phone number \ IMSI number \ coordinate

Introduction and Analysis of Squid Remote Denial of Service Vulnerabilities [Overview] Squid Cache is an HTTP Proxy server software. Squid is widely used and can be used as a cache server. It can filter traffic to help with network security. It can

Jboss Command Execution exists on a Vehicle Dynamic Intelligent Monitoring Platform in Shanghai (involving a large amount of hazardous Vehicle Information/implementing monitoring and dispatching/involving a large amount of vehicle hazardous

If a carrier's system account is leaked, the mobile phone number cannot be used in arrears (Region restrictions) In fact, there are many other functions to demonstrate only one of the most dangerous ones. Collect an account from external

Multiple SQL injections of Dongfang franchise network need to be filtered (involving 0.21 million user data) RT.   http://rank.4006666688.com/list/?subcgid=4   http://brand.4006666688.com/brandlist/?blimit=0 The two injection points, although not

The SQL Injection Vulnerability (containing more than million merchant data) exists in the official Wanda feifan APP) SQL Injection for APP security Target: Wanda feifan merchant APPSQL Injection exists in the following areas: (userName in POST,

Sensitive Information Leakage of bubble network requires password modification as soon as possible (almost all servers, databases, and backend servers are

The best East Main Site has SQL injection (the injection parameter ticket contains 230 million + User Data/cross-42 databases)   Target: www.veryeast.cnSQL Injection exists in the following areas: (injection parameter ticket, error injection,

A station in autohome.com has SQL injection to be filtered out. An Alibaba Cloud station has SQL Injection I wanted to come up with a verification script. I 'd like to give the result of the time

Information on the platform interface of the Didi driver client is leaked (the information is stored in the ShareSDK. xml file) Didi driver information leakage Information of Android mobile client of Didi driver is leaked, which exposes interface

An improper system login location on the cool music main station can cause brute-force cracking and the interface needs to be repaired (an existing case & a sub-station SQL injection) RTRTAn improper system login location on the cool music main

Bilibili storage type xss has a certain impact (bypassing the length limit disrupts the order limit) It is a storage-type xss. Because the COOKIE of Site B is in the domain of .bilibili.com, it still has an impact. We will not test the impact caused

IORegistryIterator competitive condition vulnerability can cause arbitrary code execution0x00 Introduction CVE-2015-7084 is because IORegistryIterator does not consider the user State of multi-threaded simultaneous calls, causing Race Condition,

Intrusion into connected trucks and buses Shodan is an extremely powerful search engine. Unlike Google, Shodan does not search Web sites on the Internet, but directly enters the channel behind the internet. It keeps searching for all servers,