Cloud Security

Time: 2012-09-26   [Vulnerability description] When using the CreateProcess function, when the first parameter lpApplicationName is NULL and the second parameter lpCommandLine contains spaces without double quotation marks, the function will be

/* Death-star.c sudo v1.8.0-1.8.3p1 (sudo_debug) format string root exploit + glibc FORTIFY_SOURCE bypass by aeon- http://infosecabsurdity.wordpress.com/ This PoC exploits: -CVE-2012-0864-FORTIFY_SOURCE format string protection bypass via "nargs"

Now the security of linux is becoming more and more important. Here I want to write down some basic security measures in linux that I usually use to discuss with you, make our linux system reliable. 1. BIOS security settings are the most basic and

Server Security Prevention 1. server System Security: use the latest operating system or the latest stable version (such as the Ubuntu LTS), perform regular updates, rationally divide system permissions, and perform permission security protection

/* Userns_root_sploit.c *//* Copyright (c) 2013 Andrew Lutomirski. All rights reserved .*//* You may use, modify, and redistribute this code under the GPLv2 .*/ # Define _ GNU_SOURCE# Include # Include # Include # Include # Include # Include #

Vulnerability location: the "mEntries. put (newEntry. getName (), newEntry);" statement in the ZipFile. java file under the java.util.zip toolkit in androidsystem does not check duplicate-name entry logic vulnerabilities. The ZipFile. java file is

H3C iNode is a management software designed and developed by Hangzhou H3C Communication Technology Co., Ltd. for user authentication and internet access. The software has a buffer overflow vulnerability. Attackers can remotely send attack packets

0 × 00 mysql user permissionsThe root user of mysql has the highest permissions. Run the command to view the permissions of the root user. Show grants for root @ localhost // view root User Permissions + PRIVILEGES + | Grants for root @ localhost | +

The biggest risk of software security is the opaque nature of testing tools and processes, and different testing technologies (such as automated Dynamic Testing) cannot cover the potential possibility of false negative errors. Although the security

After receiving the previous article (How to Protect Your VM proxy Transit server settingsFirst, create a virtual machine named Original. As the Original virtual machine, configure the Virtual Machine and clone other virtual machines. Install the

0x1, surprised to ask a reverse proxy platform invitation code, a code is hard to find, bitter ratio waited for a night invitation code was fruitless, big cows are busy taking off their pants, as a poor hanging silk, you can only use your hands to

1) The important directories in the system include/etc/home/root/var/spool/mail. Now you want to back up data at am every day, the backup data is stored in backup, and tar is used to pack the backup. What should we do? Mkdir/root/bin // create a

Today, we can see the Response header returned by the server with such information. Server: nginx/1.4.0X-Powered-By: PHP/5.5.1Content-Encoding: gzip: The first shows the webserver used by the server and the version number.Article 2 shows the script

Tomcat security mechanism BASIC Authentication BASIC DIGEST authentication uses MD5 encryption DIGEST FORM authentication for basic Custom forms, you can specify the login verification FORM form /login.htm /error.html CLIENT-CERT A

What Should users do if hackers create a hidden account on their own computers? Although the account hiding technology is the most concealed backdoor, it is difficult for users to find the hidden account in the system. In fact, as long as you

If vsfilter. dll does not properly handle the imported malformed dwWidth parameter, causing heap damage vulnerability analysis: When the malformed dwWidth parameter is passed in, the CreateDIBSection function fails to be executed, and NULL is

This article has been in the draft box for a long time. I want to clean up the blog database recently, so let's publish it. Statpresscn is the Chinese version of the popular wordpress Site Statistics plug-in. Although it has not been updated for a

SummaryThis article describes in detail some common causes for the Microsoft Data Access Component (MDAC) to receive the error 0x800040005. MDAC includes ActiveX Data Objects, ole db, and Remote Data Service (RDS ). This article also discusses other

The exploitation of the % 5c storm library is no longer a new technology, because I only find a vague saying: UNICODE is % 5c. When it is submitted, IIS cannot be parsed normally, leading to the storm library. But I asked hoky. pro after the

Source: http://blog.csdn.net/brain _/ When I was writing an injection program, I occasionally encountered some bad things, such as hanging on the explorer and not running, but hanging on other processes is normal, in order to solve the problem as