Cloud Security

Arbitrary Command Execution Vulnerabilities (CVE-2015-6934) across VMware Products)Arbitrary Command Execution Vulnerabilities (CVE-2015-6934) across VMware Products) Release date:Updated on:Affected Systems: VMWare VMware vCenter Orchestrator

I heard that plug-ins can also be used to steal train tickets? Don't tease me! | Focus on hackers and geeks On April 9, December 8, train tickets for the Spring Festival began to be pre-sold. A large number of "city migratory birds" flocked to 12306

Emlog automatic backup plug-in leakage full-Site Database Backup Vulnerability This is the third time I found a critical vulnerability in my blog. The first time is a third-party storage, the solution is deleted. The second is "EMLOG album", that is,

File Upload blacklist verification Bypass For example, some common script names such as asp php jsp cannot be uploaded, below are some of my summary of the bypass MethodsShtml// Can be used to read files// Can be used to execute commandsIis

Malicious Software Analysis Using RTF files as transmission Vectors During the analysis of malware, we often see that attackers use features to transmit and confuse malware in an innovative way. Recently, we found that the number of samples that use

Defense bypass caused by misuse of ELE. Me cryptography talking about Android cryptography Vulnerabilities The misuse of cryptography is a big problem in apps. Almost all apk verification algorithms can be simulated.Ele. Me's algorithm is robust and

China Tie Jian e-commerce platform getshell (root permission \ various bidding information) China Railway Construction's e-commerce platform, design various bidding and winning information ~ URL: http: // **. **: 8000/ China Railway

Security researchers discovered a vulnerability in the HIV dating APP against the threat of HIV attacks by manufacturers Websites and applications around the world encourage researchers to point out vulnerabilities in their systems, however, a

The OA system of a second-level unit of China Coal Group can be infiltrated, resulting in a large number of commercial secrets leaked. Strong patriotism An Internet public OA system of a second-level enterprise of China Coal Group, and attackers

Password Reset for any account on zhongan insurance website (official account demo) May affect users' financial security Vulnerability system:Zhongan insurance developer platform; open.zhongan.comVulnerability address:

58. One storage-type XSS product page is released in the same city When my wife was a child, she was always in a car. She didn't take a train. She was lying in bed tonight and suddenly said, "How far will the car be running when I get off the train

Unauthorized access to the Redis server of a financial investment company can cause a large amount of user information leakage. Unauthorized access to the Redis server of a financial investment company can cause a large amount of user information

Zhengzhou Nissan Automobile Co., Ltd. has more SQL Injection For more information, see www.zznissan.com.cn. Code Region http://heilongjiang.zznissan.com.cn/showcartype_img.php?mid=5 This isThere are multiple injection vulnerabilities detected by

Getshell can threaten the Intranet caused by improper configuration of a system in changkelong supermarket chains Hundreds of Chain EnterprisesGetshell caused by improper configurationDetailed description: System address: http: // 58.211.236.158: 808

The SQL blind injection vulnerability exists somewhere on the main site of a Provincial Branch of China Unicom. RtDetailed description: The post SQL blind injection vulnerability exists in the following link: Proof of vulnerability: Run it with

The main site of Shi nun's milk powder, getshell, involves millions of member users (a large increase in baby data after the establishment of the second child) (After the establishment of the second child, there is a large increase in baby

My contribution to my alma mater is to see how I can get water and electricity fees for the whole school. Our school stands for GuoguangAlthough I have graduated, I am still very concerned about my Alma Mater. I have seen that my school's self-help

Information Leakage in the tangang Network RTDetailed description: RTProof of vulnerability: $ Mail = new Util_PhpMailer (); $ mail-> IsSMTP (); // telling the class to use SMTP $ mail-> SMTPDebug = 0; $ mail-> CharSet = 'utf-8'; $ mail-> Host = "

Prevent XSS attacks and filter special characters (parameter/response value) 1. What is XSS attacks? XSS is a computer security vulnerability that often occurs in web applications. It allows malicious web users to implant code into pages provided to

I hijack your dns This article divides Dns into two types: host or embedded device dns, and website domain name dns, to describe the harm caused by the fall of dns.I. vrodns dns hijackingThe dns of your local network connection is obtained through