漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 Server: Security: Privileges unspecified vulnerability (CPU Apr 2017): Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and ea…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 Infinite loop due to incorrect interaction of parse_packet() and parse_part_sign_sha256() functions: Collectd contains an infinite loop due to how the parse_packet() and parse_part_sign_sha256() functions interact. If an instance o…
漏洞类别:Backdoors and trojan horses 漏洞等级: 漏洞信息 Adylkuzz is a cryptocurrency mining malware that is reportedly spreading by exploiting a flaw in SMB. The spreading mechanism is designed on the ETERNALBLUE exploit that was released by the Shadow Brokers. Microsoft …
E安全5月18日讯 据报道,WannaCry索病毒感染了美国陆军研究实验室(ARL)一台电脑。某安全厂商提供的受影响IP地址列表显示,其中一个IP与美国军方研究实验室有关。这是首个美国联邦政府遭遇WannaCry勒索软件感染的案例。 美国陆军研究实验室电脑被感染 据不愿透露名称的安全公司发现,这个受害IP地址于5月12与攻击者已知的命令与控制服务器(C&C)块有过通信。经证实,WannaCry勒索软件成功感染了美国陆军研究实验室的电脑。这个IP地址与亚利桑那州Fort Huachuca主机上的服务器相连。至…
新华社澳门5月17日电(记者刘畅)中国澳门特区政府保安司司长黄少泽17日表示,保安司去年年底已完成网络安全法案并提交予行政会,之后会进行相关探讨。根据法案,将设立一个网络安全预警中心,当发现有网络风险情况会实时向社会发布。 黄少泽当日出席“突发事件的应急处置及善后策略”研讨会后表示,司法警察局及治安警察局至目前为止未接到“勒索软件”的相关报案。他称,特区政府由2015年开始已就设立网络安全中心进行研究,以更好地统一全澳网络安全的防范体系,去年年底已完成相关的网络安全法案及提交予行政会,之后会进行相关的探讨。 根据法…
前言 PHP是一种非常流行的Web开发语言,互联网上的许多Web应用都是利用PHP开发的。而在利用PHP开发的Web应用中,PHP文件包含漏洞是一种常见的漏洞。利用PHP文件包含漏洞入侵网站也是主流的一种攻击手段。本文对PHP文件包含漏洞的形成、利用技巧及防范进行了详细的分析,希望对大家攻击方法和防御上有帮助。如果内容有错误纰漏,请留言指正哦~ 一、 文件包含概念 1、 概念 "代码注入"的典型代码就是文件包含(File Inclusion),我的理解是叫"外部数据流包含",至于这个外部数据流是什么,可以是文件,也…
翻译:WisFree 预估稿费:170RMB 投稿方式:发送邮件至linwei#360.cn,或登陆网页版在线投稿 Oracle PeopleSoft 在几个月以前,我有幸得到了审查Oracle PeopleSoft解决方案的机会,审查对象包括PeopleSoft HRMS和PeopleTool在内。除了几个没有记录在案的CVE之外,网络上似乎没有给我提供了多少针对这类软件的攻击方法,不过ERPScan的技术专家在两年前发布的这份演讲文稿倒是给我提供了不少有价值的信息。从演示文稿中我们可以清楚地了解到,People…
翻译:童话 投稿方式:发送邮件至linwei#360.cn,或登陆网页版在线投稿 前言 Hello,大家好!今天我将向大家分享前段时间我是如何挖到的一个基于云端的本地文件包含漏洞。漏洞影响Facebook、Linkedin、Dropbox等多家企业。 这个LFI(本地文件包含漏洞)的触发点在Oracle Responsys的云系统中。简单介绍一下,Responsys是企业级基于云的B2C系统 。每个企业用户通过专属的ip去使用Responsys 系统。企业用户不能和其他公司分享IP。 漏洞是如何发现的? 我像往常一…
0x00 前言 作为一个安全从业人员,在平常的工作中总是需要对一些Web系统做一些安全扫描和漏洞检测从而确保在系统上线前尽可能多的解决了已知的安全问题,更好地保护我们的系统免受外部的入侵和攻击。而传统的web安全检测和扫描大多基于Web扫描器,而实际上其是利用爬虫对目标系统进行资源遍历并配合检测代码来进行,这样可以极大的减少人工检测的工作量,但是随之而来也会导致过多的误报和漏报,原因之一就是爬虫无法获取到一些隐藏很深的系统资源(比如:URL)进行检测。在这篇文章里,笔者主要想和大家分享一下从另一个角度来设计Web扫…
漏洞类别:Web Application 漏洞等级: 漏洞信息 The QID reports list of requests crawled by the Web application scanner appear in the Results section. 漏洞危害 解决方案 0day
漏洞类别:Web Application 漏洞等级: 漏洞信息 The QID will report list of any unique Web socket links found during crawling. 漏洞危害 解决方案 0day
漏洞类别:Web Application 漏洞等级: 漏洞信息 The Data URIs are discovered in target Web Application on Non-HTTPS pages. These links are provided in the Results section along with their parent links. If same Data URI is present on multiple parent links, then only one parent…
漏洞类别:CGI 漏洞等级: 漏洞信息 Joomla! is a free open-source content management system written in PHP. It uses object oriented programming techniques and is built on a model-view-controller web application framework. It includes features such as page caching, RSS feeds, …
漏洞类别:CGI 漏洞等级: 漏洞信息 WordPress is an open source blogging tool and content management system based on PHP and MySQL. It has many features including a plug-in architecture and a template system. WordPress versions prior to 4.7.5 contain the following unauthorize…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for libtirpc to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 漏洞危害 This vulnerab…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for libxslt to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP2 SU…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for libtirpc to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 漏洞危害 This vulnerab…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for botan to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 漏洞危害 This vulnerability could be exploited to gain partial access to sensitive information. Ma…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for the linux kernel to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 漏洞危害 This vulnerability could be exploited to g…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for libxslt to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 漏洞危害 This vulnerability could be exploited to gain parti…
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that Bash incorrectly expanded the hostname when displaying the prompt. It was discovered that Bash incorrectly handled the SHELLOPTS and PS4 environment variables. It was discovered that Bash incorrectly handled the po…
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that KVM implementation in the Linux kernel improperly emulated the VMXON instruction. It was discovered that the generic SCSI (sg) subsystem in the Linux kernel contained a stack-based buffer overflow. It was discovere…
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 A heap overflow in the MACsec module in the Linux kernel. 漏洞危害 An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. 解决方案 Refer to Ubuntu advisory USN-3292-1 for affected packages and …
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that the generic SCSI (sg) subsystem in the Linux kernel contained a stack-based buffer overflow. It was discovered that a NULL pointer dereference existed in the Direct Rendering Manager (DRM) driver for VMWare devices…
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that the TCP implementation in the Linux kernel mishandles socket buffer (skb) truncation. 漏洞危害 A local attacker could use this to cause a denial of service (system crash). 解决方案 Refer to Ubuntu advisory USN-3290-1 for a…