漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that Apache Fop incorrectly handled XML external entities. 漏洞危害 A remote attacker could possibly use this issue to obtain sensitive files from the filesystem, or cause a denial of service. 解决方案 Refer to Ubuntu advisory …
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that Apache Batik incorrectly handled XML external entities. 漏洞危害 A remote attacker could possibly use this issue to obtain sensitive files from the filesystem, or cause a denial of service. 解决方案 Refer to Ubuntu advisor…
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that the Apache mod_session_crypto module was encrypting data and cookies using either CBC or ECB modes. It was discovered that the Apache mod_auth_digest module incorrectly handled malicious input. It was discovered th…
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 Integer overflows in shadow utilities. A race condition in su. 漏洞危害 A local attacker could possibly cause them to crash or potentially gain privileges via crafted input. (CVE-2016-6252) A local attacker could cause su to send SIGKILL to …
漏洞类别:Debian 漏洞等级: 漏洞信息 Debian has released security update for git to fix the vulnerabilities. 漏洞危害 Successful exploitation allows attacker to compromise the system. 解决方案 Refer to Debian security advisory DSA 3848-1 to address this issue and obtain further det…
漏洞类别:Debian 漏洞等级: 漏洞信息 Debian has released security update for xen to fix the vulnerabilities. 漏洞危害 This vulnerability could be exploited to gain partial access to sensitive information. 解决方案 Refer to Debian security advisory DSA 3847-1 to address this issue a…
漏洞类别:Debian 漏洞等级: 漏洞信息 Debian has released security update for libytnef to fix the vulnerabilities. 漏洞危害 This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial …
漏洞类别:Debian 漏洞等级: 漏洞信息 Debian has released security update for libtirpc to fix the vulnerabilities. 漏洞危害 Successful exploitation of the vulnerability may allow attackers to cause Denial of Service attacks. 解决方案 Refer to Debian security advisory DSA 3845-1 to a…
漏洞类别:Local 漏洞等级: 漏洞信息 McAfee ePolicy Orchestrator (ePO) software centralizes and streamlines management of endpoint, network, content security and compliance solutions. McAfee ePO Deep Command version 2.1 and 2.2 are vulnerable to an unquoted binary path explo…
漏洞类别:CGI 漏洞等级: 漏洞信息 concrete5 is an open source content management system (CMS) for publishing content on the World Wide Web and intranets. concrete5 contains a cross-site request forgery vulnerability in the Thumbnail Editor, that is implemented in the File M…
漏洞类别:CGI 漏洞等级: 漏洞信息 libxml2 is prone to multiple vulnerabilities:- 1. The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document. (CVE-2016-1762) 2. The xmlPArs…
漏洞类别:CGI 漏洞等级: 漏洞信息 WordPress is an open source blogging tool and content management system based on PHP and MySQL. It has many features including a plug-in architecture and a template system. The WordPress password reset functionality contains a vulnerability…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for firebird to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 …
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for ghostscript-library to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 漏洞危害 This vulnerability could be exploited t…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for apparmor to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP2 S…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for graphite2 to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP2 …
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for xen to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 漏洞危害 This vulnerability can also be used to cause a limited …
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for xen to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 漏洞危害 This vulnerability…
点赞数:0 漏洞类别:Information gathering 漏洞等级: 漏洞信息 Apache Struts is a framework for building web applications. This QID looks for Struts files and reports the version. NOTE: This detection requires tomcat authentication record. 漏洞危害 解决方案 0day
漏洞类别:CGI 漏洞等级: 漏洞信息 Apache ActiveMQ is an open source message broker written in Java together with a full Java Message Service (JMS) client. The admin interface of Apache ActiveMQ is accessible using default credentials - admin:admin. QID Detection Logic: This…
漏洞类别:General remote services 漏洞等级: 漏洞信息 A SNMP GetBulk request performs multiple GetNext requests and returns the result in a single response. This request can be masqueraded by malicious attackers to launch a SNMP GetBulk flood against a targeted server. QID …
据全球被黑站点统计系统(蚁巢)分析 2017年4月被植入后门总数量如下: 全球区域: 542377 中国区域: 106673 政府机构: 11888 学校机构: 16496 据全球被黑站点统计系统(官网)统计: 2017年4月份全球网站共有891位数据分析师提交被黑页面。 TOP 15 TOP 名称 数量 1 画地为牢 3728 2 由衷热爱 3328 3 仙人跳 2855 4 kele 2405 5 星爷 1988 6 bgeteam 1973 7 AnonymousFox 1243 8 Tobitow 1236…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 Sending SIGKILL to other processes with root privileges via su: A race condition was found in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with roo…
漏洞类别:Local 漏洞等级: 漏洞信息 Adobe ColdFusion is an application for developing Web sites. Adobe has released security hotfixes for ColdFusion versions 10, 11 and the 2016 release. These hotfixes resolve an input validation issue that could be used in reflected XSS (c…
漏洞类别:Security Policy 漏洞等级: 漏洞信息 The host is running Ubuntu 12.04. Support for Ubuntu 12.04 ended on April 28, 2017. No further updates, including security updates, are available for Ubuntu 12.04. 漏洞危害 The system is at high risk of being exposed to security vul…