漏洞类别:VMware 漏洞等级: 漏洞信息 VMware ESXi is an enterprise level computer virtualization product. The target is missing update ESXi550-201612001, which resolves the following security issues: Bulletin ID ESXi550-201612101-SG Bulletin ID ESXi550-201612102-SG Refer to …
漏洞类别:VMware 漏洞等级: 漏洞信息 VMware ESXi is an enterprise level computer virtualization product. The target is missing update ESXi600-20161100, which resolves the following security issues: Bulletin ID ESXi600-201611101-SG Bulletin ID ESXi600-201611102-SG Refer to V…
漏洞类别:CGI 漏洞等级: 漏洞信息 A critical vulnerability exists in PHPMailer that could potentially be used by (unauthenticated) remote attackers to achieve remote arbitrary code execution in the context of the web server user and remotely compromise the target web applic…
漏洞类别:Local 漏洞等级: 漏洞信息 PHPMailer is a code library to send (transport) emails safely and easily via PHP code from a web server (MUA to the MSA server). A critical vulnerability exists in PHPMailer that could potentially be used by (unauthenticated) remote attac…
CVE
CVE-2016-6304 Arista EOS and CloudVision eXchange Multiple OpenSSL Vulnerabilities (Security Advisory 0024)
漏洞类别:Local 漏洞等级: 漏洞信息 Arista has released updates for EOS and CloudVision eXchange which addresses multiple OpenSSL vulnerabilities affecting the products. 漏洞危害 Successful exploitation of the vulnerabilities may cause a denial of service (CVE-2016-6304), poten…
漏洞类别:Local 漏洞等级: 漏洞信息 Adobe InDesign is a desktop publishing software application by Adobe Systems. Adobe InDesign is exposed to a critical memory corruption vulnerability (CVE-2016-7886). Affected Products: Adobe InDesign 11.4.1 and earlier versions Adobe InD…
CVE
CVE-2015-6858 HP Insight Control server provisioning, Remote Disclosure of Information Vulnerability.
漏洞类别:Local 漏洞等级: 漏洞信息 HPE Insight Control gives you an essential server management experience, resulting in superior centralized management of physical and virtual servers. A potential security vulnerability has been identified with HP Insight Control server p…
CVE
CVE-2016-3157 Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel (ELSA-2016-3657)
漏洞类别:OEL 漏洞等级: 漏洞信息 Oracle Enterprise Linux has released security update for unbreakable enterprise kernel to fix the vulnerabilities. Affected Products: Oracle Linux 6 Oracle Linux 5 漏洞危害 Successful exploitation of the vulnerabilities can lead to privilege es…
CVE
CVE-2016-3157 Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel (ELSA-2016-3656)
漏洞类别:OEL 漏洞等级: 漏洞信息 Oracle Enterprise Linux has released security update for unbreakable enterprise kernel to fix the vulnerabilities. Affected Products: Oracle Linux 7 Oracle Linux 6 漏洞危害 Successful exploitation of the vulnerabilities can lead to privilege es…
CVE
CVE-2016-7117 Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel (ELSA-2016-3655)
漏洞类别:OEL 漏洞等级: 漏洞信息 Oracle Enterprise Linux has released security update for unbreakable enterprise kernel to fix the vulnerabilities. Affected Products: Oracle Linux 7 Oracle Linux 6 漏洞危害 Successful exploitation of the vulnerabilities can lead to privilege es…
漏洞类别:Fedora 漏洞等级: 漏洞信息 Fedora has released a security update for libgsf to fix the vulnerability. Affected OS: Fedora 25 漏洞危害 An attacker could cause a denial of service. 解决方案 Fedora has issued updated packages to fix this vulnerability. Updates can be install…
漏洞类别:Fedora 漏洞等级: 漏洞信息 Fedora has released security update for kernel to fix the vulnerability. Affected OS: Fedora 25 漏洞危害 Successful exploitation allows attacker to compromise the system. 解决方案 Fedora has issued updated packages to fix this vulnerability. Upd…
漏洞类别:Fedora 漏洞等级: 漏洞信息 Fedora has released security update for kernel to fix the vulnerability. Affected OS: Fedora 24 漏洞危害 Successful exploitation allows attacker to compromise the system. 解决方案 Fedora has issued updated packages to fix this vulnerability. Upd…
漏洞类别:Fedora 漏洞等级: 漏洞信息 Fedora has released security update for kernel to fix the vulnerability. Affected OS: Fedora 23 漏洞危害 Successful exploitation allows attacker to compromise the system. 解决方案 Fedora has issued updated packages to fix this vulnerability. Upd…
漏洞类别:Debian 漏洞等级: 漏洞信息 Debian has released security update for libcrypto++ to fix the vulnerabilities. 漏洞危害 The exploitation of the vulnerability may allow an attacker to cause a denial of service. 解决方案 Refer to Debian security advisory DSA 3748-1 to address t…
漏洞类别:Debian、 漏洞等级: 漏洞信息 Debian has released security update for exim4 to fix the vulnerabilities. 漏洞危害 The exploitation of the vulnerability may leak the private DKIM signing key to the log files if specific configuration options are met. 解决方案 Refer to Debian …
漏洞类别:Debian 漏洞等级: 漏洞信息 Debian has released security update for graphicsmagick to fix the vulnerabilities. 漏洞危害 Successful exploitation of the vulnerabilities can cause Denial-of-Service. 解决方案 Refer to Debian security advisory DSA 3746-1 to address this issue a…
漏洞类别:Debian 漏洞等级: 漏洞信息 Debian has released security update for squid3 to fix the vulnerabilities. 漏洞危害 Successful exploitation can cause leakage of sensitive information. 解决方案 Refer to Debian security advisory DSA 3745-1 to address this issue and obtain furthe…
漏洞类别:Debian 漏洞等级: 漏洞信息 Debian has released security update for libxml2 to fix the vulnerabilities. 漏洞危害 Successful exploitation of the vulnerabilities can allow an attacker to cause a denial-of-service against the application or may allow the attacker to execu…
漏洞类别:Fedora 漏洞等级: 漏洞信息 Fedora has released security update for botan to fix the vulnerability. Affected OS: Fedora 24 Fedora 25 漏洞危害 Successful exploitation may cause an integer overflow. 解决方案 Fedora has issued updated packages to fix this vulnerability. Updat…
漏洞类别:Fedora 漏洞等级: 漏洞信息 Fedora has released security update for kernel to fix the vulnerability. Affected OS: Fedora 25 漏洞危害 Successful exploitation may lead to buffer overflow. 解决方案 Fedora has issued updated packages to fix this vulnerability. Updates can be i…
漏洞类别:Fedora 漏洞等级: 漏洞信息 Fedora has released security update for kernel to fix the vulnerability. Affected OS: Fedora 24 漏洞危害 Successful exploitation may lead to buffer overflow. 解决方案 Fedora has issued updated packages to fix this vulnerability. Updates can be i…
引言 目前值得高兴的是,开发者在建立网站时,已经开始关注安全问题了——几乎每个开发者都知道SQL注入漏洞了。在本文中,我将为读者介绍另一种与SQL数据库相关的漏洞,虽然它的危害性与SQL注入不相上下,但目前却很少为人所知。接下来,我将为读者详细展示这种攻击手法,以及相应的防御策略。 背景知识 最近,我遇到了一段有趣的代码,它尝试尽一切可能来保护数据库的访问安全,例如每当新用户进行注册时,将运行以下代码: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22…
12月28日,2016贵阳举办大数据与网络安全攻防演练总结大会, 360公司总裁、360企业安全集团董事长齐向东在大会上表示,没有安全的保障,大数据产业没有未来,大数据产生了三个颠覆,发展大数据产业需要与IOT、深度机器学习以及安全技术三个方面进行结合,360将深度参与贵阳大数据安全产业发展。 演讲全文 尊敬的各位领导,专家,媒体朋友们,下午好! 贵阳举行的这次在真实网络环境中的大数据与网络安全攻防演练,在全国范围内都是屈指可数的尝试。通过这样的演练,发现安全问题,不仅有助于解决已经存在的安全问题,还将对我国的大数…
前言 Windows内核提权漏洞CVE-2016-7255已经受到了很多媒体的关注。在11月份的Patch Tuesday中,微软发布了针对此漏洞的修复程序,将其作为MS16-135公告的一部分。根据微软的说明,CVE-2016-7255主要用于执行有针对性的攻击,并且可以通过一些“野路子”来找到样本。 谷歌和微软已经证实俄罗斯黑客集团APT28使用了一个Flash漏洞(CVE-2016-7855)和这个内核提权漏洞执行了一次有针对性的攻击,谷歌也发布了一些针对此漏洞的讨论: https://security.go…