.2, the security of the IP layer contains three functional domains: authentication, confidentiality and key management.(1) Identification: Provide message source identification and integrity identification.(2) Confidentiality: Message encryption prevents third-party eavesdropping of messages.(3) Key management: Handle the secure exchange of keys.3. The IPSec protocol runs on a network device connected to an external network, such as a router or firewa
Release date:Updated on:
Affected Systems:Modsecurity Description:--------------------------------------------------------------------------------CVE (CAN) ID: CVE-2013-5705ModSecurity is a Web application server.ModSecurity versions earlier than 2.7.6 are available in the "modsecurity_tx_init ()" function (apache2/modsecurity. c) there is an error in implementation. Malicious users can exploit this vulnerability to bypass HTTP request processing by
Release date:Updated on:
Affected Systems:Apple Mac OS XDescription:--------------------------------------------------------------------------------Bugtraq id: 67023CVE (CAN) ID: CVE-2014-1322OS x (formerly Mac OS X) is the latest version of Apple's exclusive operating system developed for Mac tower computers.The Kernel Pointer group stored in the XNU object in Apple Mac OS X 10.9.2 can be retrieved from the user area to read the Kernel Pointer. This allows you to
Release date:Updated on:
Affected Systems:Vtiger CRM 6.0Vtiger CRMDescription:--------------------------------------------------------------------------------Bugtraq id: 66757CVE (CAN) ID: CVE-2014-2269Vtiger CRM is a free open-source customer relationship management software.Vtiger CRM 6.0 and other versions have the Security Restriction Bypass Vulnerability. unauthenticated attackers can exploit this vul
Release date:Updated on:
Affected Systems:GNU Bash 4.3Description:--------------------------------------------------------------------------------Bugtraq id: 67803Bash, a Unix shell, was written by Brian fox for the GNU program in 1987.GNU Bash 4.3 and other versions have security vulnerabilities. Remote attackers can exploit this vulnerability to bypass certain securi
Release date:Updated on: 2011-11-23
Affected Systems:S. u. S.E. openSUSE 12.1S. u. S.E. openSUSE 11.4S. u. S.E. openSUSE 11.3GNOME NetworkManager 0.8.9997GNOME NetworkManager 0.8.990-3GNOME NetworkManager 0.7.2Description:--------------------------------------------------------------------------------Bugtraq id: 50766Cve id: CVE-2006-7246
GNOME NetworkManager is the network device and Connection Manager.
After GNOME NetworkManager is connected to some wireless networks, there is a
Juniper Junos Security Restriction Bypass Vulnerability (CVE-2014-6383)
Release date:Updated on:
Affected Systems:Juniper Networks JUNOSDescription:Bugtraq id: 72071CVE (CAN) ID: CVE-2014-6383
JunosE is an operating system used in the e-series routers of Juniper.
After the Stateless firewall filter is configured for Juniper Junos, all source or target ports cannot match the target data packet, causing t
WordPress Cart66 Lite plug-in Security Restriction Bypass and SQL Injection Vulnerability
Release date:Updated on:
Affected Systems:WordPress Cart66 Lite 1.5.3Description:Cart66 Lite plug-in WordPress's e-shopping cart plug-in.
WordPress Cart66 Lite 1.5.3 and earlier versions when "action" is set to "promotionProductSearch", the "q" POST parameter value for wp-admin/admin-ajax.php is not properly filtere
Affected Versions:Mozilla Firefox 3.xMozilla SeaMonkey 2.x
Vulnerability description:
Mozilla Firefox (Fx, FF), also known as Firefox (no official Chinese name currently), is a web browser jointly developed by the Mozilla Foundation and open-source groups. SeaMonkey includes browser, email and newsgroup client, IRC chat client, and simple HTML editor.
The Mozilla Firefox/SeaMonkey "eval ()" function has a Security Restriction
Release date:Updated on:
Affected Systems:RedHat Fedora 16Ubuntu Linux 12.04 LTS i386Ubuntu Linux 12.04 LTS amd64Ubuntu Linux 11.10 i386Ubuntu Linux 11.10 amd64Description:--------------------------------------------------------------------------------Bugtraq id: 53875Cve id: CVE-2012-2654
OpenStack Compute (Nova) is a cloud computing constructor written in Python and is part of the laaS system.
After a security group is created, the network protoc
Release date:Updated on:
Affected Systems:Apple iOS 4Apple iPadApple iPod TouchDescription:--------------------------------------------------------------------------------Bugtraq id: 54216
The iPhone is a 4-Band GSM mobile phone. IPad is a touch screen tablet. IPod touch is a portable media player launched by Apple. Apple iOS is the latest operating system running on Apple's iPhone and iPod touch devices.
A security restriction
Release date: 2012-09-07Updated on:
Affected Systems:PythonDescription:--------------------------------------------------------------------------------Bugtraq id: 55458
Python is an object-oriented, literal translation computer programming language.
The 'urllib3' module of Python does not correctly verify the server's SSL Certificate, and there is a security restriction bypass vulnerability. This vulnera
Apache Derby security function Bypass Vulnerability and Denial of Service Vulnerability
Released on: 2014-09-04Updated on: 2014-09-05
Affected Systems:Apache Group Derby Description:--------------------------------------------------------------------------------Apache Derby is an open source relational database Java implementation.
Apache Derby versions earlier than 10.11.1.1 do not have proper permissio
Spoon signature verification security measure Bypass Vulnerability
Release date:Updated on: 2014-06-07
Affected Systems:Perl-Spoon perl-spoke 0.24Description:--------------------------------------------------------------------------------Bugtraq id: 59834CVE (CAN) ID: CVE-2012-6143Spoon is an application framework for building social software Web applications.Spoon module 0.24 for Perl's Spoon: Cookie doe
Sap fi Manager Self-Service hard-coded credential Security Restriction Bypass Vulnerability
Release date:Updated on:
Affected Systems:Sap fi Manager Self-ServiceDescription:--------------------------------------------------------------------------------Bugtraq id: 68951CVE (CAN) ID: CVE-2014-5176Sap fi Manager Self-Service is a solution for managing tasks and making decisions.Sap fi Manager Self-Service h
Website security dog Protection Rule bypass in the latest version
Tested the website security dog APACHE and IIS versions
1. download the latest version of Web Dongle (APACHE) V3.1.09924 from the official website of safedog, And the webhorse repository version is:Test shows that a protection rule is bypassed.
2. IIS version with http://bbs.siteserver.cn/Test fou
In some common environments, PHP Execution environments can bypass php. security-related configuration set in ini execute commands or do other operations details: In the PHP-FPM environment fastcgi run PHP, because the PHP-FPM cannot know where our fastcgi request comes from, so I can mimic the fcgi protocol to initiate forged requests to the PHP-FPM. And since 5.3.3, The PHP-FPM allows the use of fcgi para
variable: # foo = new MyClass ()
Because the HTTP parameter is named OGNL, XWork uses the following two variable protection methods to prevent attackers from calling arbitrary methods through HTTP parameters:
* OgnlContext attribute xwork. MethodAccessor. denyMethodExecution (set to true by default)
* SecurityMemberAccess private field allowStaticMethodAccess (set to false by default)
To facilitate developers to access a variety of common objects, XWork provides some predefined context varia
Release date: 2012-03-13Updated on: 2012-03-23
Affected Systems:GNOME libgdata 0.6GNOME libgdata 0.1Description:--------------------------------------------------------------------------------Bugtraq id: 52504
Libgdata is a GLib-based library that uses the GData protocol to access the online service APIs.
Libgdata has a Security Restriction Bypass Vulnerability in verifying the implementation of the serv
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.