Learn about security vulnerability database, we have the largest and most updated security vulnerability database information on alibabacloud.com
Release date:Updated on: Affected Systems:GnuTLS 3.2.12GnuTLS 3.1.22Description:--------------------------------------------------------------------------------Bugtraq id: 65919CVE (CAN) ID: CVE-2014-0092 GnuTLS is a function library used to implement TLS encryption. A security vulnerability exists in versions earlier than GnuTLS 3.1.22 and 3.2.12. The error handling for X.509 Certificate verification is
Suse, a Linux publisher, issued a warning on June 13, October 27, saying that the Linux core 2.6 version had one of the most serious security vulnerabilities so far, this vulnerability allows hackers to shut down systems running 2.6 software. The 2.6 core was launched at the end of last year. It added many enterprise-friendly features for Linux, but it is still a commercial product initially launched. Al
Today, because of the project background, it is necessary to detect the Web interface for some security risks.But has never mastered the knowledge of systematic permeability, had to do some exploration according to the personal understanding of the network protocol and the Web, finally found a session fixation attacks loophole.Scene review:Using the capture tool to monitor the login log out interface of the business, found that after the login Jsessio
Iis|server| Security involves procedures: Microsoft IIS Server Describe: IIS enables users who have permission to upload and use ASP programs to change any file With: This is a very serious vulnerability for IIS, even IIS4.0, which still does not fix this vulnerability: you build such as http://www.cnns.net/frankie/text/aspwrite.txt such a simple ASP program name
Release date:Updated on: Affected Systems:VMWare vFabric tc Server 2.xUnaffected system:VMWare vFabric tc Server 2.1.2VMWare vFabric tc Server 2.0.6Description:--------------------------------------------------------------------------------Bugtraq id: 49122CVE (CAN) ID: CVE-2011-0527 VFabric tc Server is a Server for building and running Java Spring applications at the enterprise level. It can meet the needs of its operation management, advanced analysis, and key task support. VFabric tc Serv
Release date:Updated on: Affected Systems:McAfee Security-as-a-ServiceDescription:--------------------------------------------------------------------------------Bugtraq id: 51397 McAfee Security-as-a-Service is a comprehensive cloud protection solution. The ActiveX Control of McAfee SaaS has a security vulnerability
OpenSSL no-ssl3 build option Security Bypass Vulnerability (CVE-2014-3568) Release date:Updated on: Affected Systems:OpenSSL Project OpenSSL Description:Bugtraq id: 70585CVE (CAN) ID: CVE-2014-3568 OpenSSL is an open-source SSL implementation that implements high-strength encryption for network communication. It is widely used in various network applications. The no-ssl3 build options for versions earli
Apache QPID deserialization security function Bypass Vulnerability (CVE-2016-4974)Apache QPID deserialization security function Bypass Vulnerability (CVE-2016-4974) Release date:Updated on:Affected Systems: Apache Group Qpid AMQP 0-x JMS client Apache Group Qpid JMS (AMQP 1.0) client Description: Bugtraq id: 91537CVE
CURL/libcURL Remote Security Restriction Bypass Vulnerability (CVE-2015-3148)CURL/libcURL Remote Security Restriction Bypass Vulnerability (CVE-2015-3148) Release date:Updated on:Affected Systems: CURL 7.10.6-7.41.0 Description: Bugtraq id: 74301CVE (CAN) ID: CVE-2015-3148CURL/libcURL is a command line FILE trans
Apache JMeter Security Restriction Bypass Vulnerability (CVE-2018-1287)Apache JMeter Security Restriction Bypass Vulnerability (CVE-2018-1287) Release date:Updated on:Affected Systems: Apache Group JMeter 3.xApache Group JMeter 2.x Description: Bugtraq id: 103068CVE (CAN) ID: CVE-2018-1287Apache JMeter is a Java-
Just a few moments ago we posted new information and guidance related to the reported ASP. NET security vulnerability. This includes des several pieces. 1) We updatedHttp://www.microsoft.com/security/incident/aspnet.mspxWith new information about the reported vulnerability. this shoshould help clear up some of the co
On the heartbleed official website, detailed information about the CVE-2014-0160 vulnerability, this is about the OpenSSL Information Leakage vulnerability caused by security issues. Changing the Heartbleed bug allows anyone on the Internet to read system-protected memory. This compromise key is used to identify service providers and encrypted traffic, user names
Release date:Updated on: Affected Systems:Yealink Yealink SIP-T20P IP Phone Description:--------------------------------------------------------------------------------Bugtraq id: 57029Yealink SIP-T20P is an IP Phone.YeaLink IP Phone SIP-TxxP The vulnerability is described as follows:1) The default username ("user") and password ("user") can access the hidden page http: // 2) the firmware contains a hard-coded telnet shell user name and password. The
enable the compiled executable document to be debugged with GDB New exploit.c, code below, \x?? \x?? \x?? \x?? Need to add shellcode to the address stored in memory because the location can overwrite the return address just after an overflow occurs. We want to get shellcode in-memory address, enter commands gdb stack anddisass main According to strcpy(buffer + 100,shellcode) the statement, we calculate shellcode the address as0xffffd350(十六进制) + 0x64(100的十六进制) = 0xffffd3b4(十六进制) Mo
generally, more difficult to use, here is only the code php $xml = ?> DOCTYPE any [ >]>x>f; x > EOF; $data = simplexml_load_string ($xml);p rint_r ($data);? >0x05, Defense XXeMethods for disabling external entities by using the development languagePhp:Libxml_disable_entity_loader (true);Java:Documentbuilderfactory dbf =documentbuilderfactory.newinstance ();d bf.setexpandentityreferences ( False);Python: from Import = Etree.parse (xmlsource,etree. Xmlparser (Resolve_entities=false))Filteri
Release date:Updated on: Affected Systems:Cisco ASA 5500 Series Adaptive Security Appliance 8.0-8.4Description:--------------------------------------------------------------------------------Cve id: CVE-2011-3285 The Cisco ASA 5500 Series Adaptive Security Device is a modular platform for providing security and VPN services. It provides firewall, IPS, anti-X, a
Release date:Updated on: Affected Systems:Sourceforge mod-security 2.xDescription:--------------------------------------------------------------------------------ModSecurity for Apache is a plug-in for the Apache Web server platform. A security vulnerability exists in versions earlier than ModSecurity 2.70. when parsing multiple requests, malicious users can by
Release date:Updated on: Affected Systems:PHP 5.3.xDescription:--------------------------------------------------------------------------------Bugtraq id: 51954Cve id: CVE-2012-0831 PHP is a script language running on a computer. It is mainly used to process dynamic web pages, including command line interfaces or graphical user interface programs. PHP has a Security Restriction Bypass Vulnerability. Atta
Release date:Updated on: Affected Systems:Oracle JDEdwards 8.98Description:--------------------------------------------------------------------------------Bugtraq id: 51482CVE (CAN) ID: CVE-2011-2326 Oracle JDEdwards is a comprehensive and integrated ERP suite. The JD Edwards performaniseone Tools Component in Oracle JD Edwards Products 8.98 has an unknown implementation vulnerability. This vulnerability
Release date:Updated on: Affected Systems:Oracle JDEdwards 8.98Description:--------------------------------------------------------------------------------Bugtraq id: 51486CVE (CAN) ID: CVE-2011-2325 Oracle JDEdwards is a comprehensive and integrated ERP suite. The JD Edwards performaniseone Tools Component in Oracle JD Edwards Products 8.98 has an unknown implementation vulnerability. This vulnerability
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
