vulnerability database cve

1. Vulnerability related informationVulnerability name : Spring Integration Zip unsafe decompressionVulnerability number : cve-2018-1261Vulnerability Description : In versions prior to Spring-integration-zip.v1.0.1.release, a malicious user constructs a file containing a specific file name in a compressed file (the affected file format is bzip2, tar, XZ, war , Cpio, 7z), when an application uses Spring-inte

Objective:Oracle officially released the July Critical patch update CPU (Critical patch update), which fixes a high-risk vulnerability that could cause remote code execution cve-2018-2894:Http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlcve-2018-2894, a security researcher at China's National Internet Emergency Center Cncert Mingxuan Song and security researcher at Apple, David Lit

CVE-2014-6271 Bash Security Vulnerability mac OS X 10.9 repair process, cve-2014-6271bash# DetectionOpen the command line and enter the following content: env x='() { :;}; echo vulnerable' bash -c "echo this is a test" If the following is returned, upgrade as soon as possible. vulnerable this is a test # Upgrade Check the current versio

Vulnerability tracking: Flash serious vulnerability (CVE-2015-0311) detailed technical analysisYou have a good time with the Flash 0-day vulnerability last week. You need to know why, and sit down and see the cause of this vulnerability when you are tired of playing.Vulnerab

cve-2017-12617 Severe Remote Code Execution (RCE) vulnerability found in Apache Tomcat Affects systems with HTTP put enabled (by setting the default servlet read-only initialization parameter to false). If the default servlet parameter is read-only set to False, or the default servlet is configured, The Tomcat version before 9.0.1 (Beta), 8.5.23,8.0.47, and 7.0.82 contains potentially dangerous remote code

, CVE-2014-5091, CVE-2014-5092, CVE-2014-5093 1. Cross site scripting/XSS... there's tons, exampleAdmin login page, etc Login. php: If (isset ($ _ GET ['username']) {$ useren = $ _ GET ['username'];}If (isset ($ _ POST ['Password']) {$ useren =$ _ POST ['username'];}$ Q = mysql_query ("SELECT * FROM". $ prefix. "users ");$ Adminuser = $ res ['adminuser']; // Logi

[TCP] Request1 Len Recv 44[UDP] Total Data Len Recv 44[UDP] Total Data Len Recv 44Connected with 127.0.0.1:34044[TCP] Total Data Len Recv 46[TCP] Request1 Len Recv 44[UDP] Total Data Len Recv 44[UDP] Total Data Len Recv 44Connected with 127.0.0.1:34045[TCP] Total Data Len Recv 46[TCP] Request1 Len Recv 44[UDP] Total Data Len Recv 44[UDP] Total Data Len Recv 44Connected with 127.0.0.1:34046[TCP] Total Data Len Recv 46[TCP] Request1 Len Recv 44[UDP] Total Data Len Recv 36[UDP] Total Data Len Recv

Wordpress4.2.3 privilege escalation and SQL Injection Vulnerability (CVE-2015-5623) AnalysisThis is a vulnerability that you have been paying attention to over the past few days. wordpress released version 4.2.4 last week, which mentioned fixing possible SQL vulnerabilities and Multiple XSS.Check point was quickly analyzed. I also analyzed and reproduced the late

released and reused objects. Status before the object is released: It can be seen that the creation process and size of the ctreenode Node object (0x60) Status of the released object: Set the following breakpoint to track the status after the onerror callback function is executed. Bu mshtml! Csplicetreeengine: insertsplice + 0x11fa After tracking to the following locations, you can find that the reused object is passed to cinsertspliceundo: setdata as a parameter. 3.2.5. Memory placeholder

from sending android.os.BinderProxy, but with this vulnerability we can find a serializable class that can replace Android.os.BinderP if the following conditions are met: Roxy implements the purpose of code execution:(1) The Finalize method is realized;(2) A native pointer is called in the Finalize method;(3) The native pointer is controllable by the attacker (not declared as transient and static);(4) implements the Serializible interface (serializab