漏洞类别：CGI 漏洞等级： 漏洞信息 A critical vulnerability exists in PHPMailer that could potentially be used by (unauthenticated) remote attackers to achieve remote arbitrary code execution in the context of the web server user and remotely compromise the target web applic…

漏洞类别：Local 漏洞等级： 漏洞信息 PHPMailer is a code library to send (transport) emails safely and easily via PHP code from a web server (MUA to the MSA server). A critical vulnerability exists in PHPMailer that could potentially be used by (unauthenticated) remote attac…

漏洞类别：Local 漏洞等级： 漏洞信息 Arista has released updates for EOS and CloudVision eXchange which addresses multiple OpenSSL vulnerabilities affecting the products. 漏洞危害 Successful exploitation of the vulnerabilities may cause a denial of service (CVE-2016-6304), poten…

漏洞类别：Local 漏洞等级： 漏洞信息 Adobe InDesign is a desktop publishing software application by Adobe Systems. Adobe InDesign is exposed to a critical memory corruption vulnerability (CVE-2016-7886). Affected Products: Adobe InDesign 11.4.1 and earlier versions Adobe InD…

漏洞类别：Local 漏洞等级： 漏洞信息 HPE Insight Control gives you an essential server management experience, resulting in superior centralized management of physical and virtual servers. A potential security vulnerability has been identified with HP Insight Control server p…

漏洞类别：OEL 漏洞等级： 漏洞信息 Oracle Enterprise Linux has released security update for unbreakable enterprise kernel to fix the vulnerabilities. Affected Products: Oracle Linux 6 Oracle Linux 5 漏洞危害 Successful exploitation of the vulnerabilities can lead to privilege es…

漏洞类别：OEL 漏洞等级： 漏洞信息 Oracle Enterprise Linux has released security update for unbreakable enterprise kernel to fix the vulnerabilities. Affected Products: Oracle Linux 7 Oracle Linux 6 漏洞危害 Successful exploitation of the vulnerabilities can lead to privilege es…

漏洞类别：OEL 漏洞等级： 漏洞信息 Oracle Enterprise Linux has released security update for unbreakable enterprise kernel to fix the vulnerabilities. Affected Products: Oracle Linux 7 Oracle Linux 6 漏洞危害 Successful exploitation of the vulnerabilities can lead to privilege es…

漏洞类别：Fedora 漏洞等级： 漏洞信息 Fedora has released a security update for libgsf to fix the vulnerability. Affected OS: Fedora 25 漏洞危害 An attacker could cause a denial of service. 解决方案 Fedora has issued updated packages to fix this vulnerability. Updates can be install…

漏洞类别：Fedora 漏洞等级： 漏洞信息 Fedora has released security update for kernel to fix the vulnerability. Affected OS: Fedora 25 漏洞危害 Successful exploitation allows attacker to compromise the system. 解决方案 Fedora has issued updated packages to fix this vulnerability. Upd…

漏洞类别：Fedora 漏洞等级： 漏洞信息 Fedora has released security update for kernel to fix the vulnerability. Affected OS: Fedora 24 漏洞危害 Successful exploitation allows attacker to compromise the system. 解决方案 Fedora has issued updated packages to fix this vulnerability. Upd…

漏洞类别：Fedora 漏洞等级： 漏洞信息 Fedora has released security update for kernel to fix the vulnerability. Affected OS: Fedora 23 漏洞危害 Successful exploitation allows attacker to compromise the system. 解决方案 Fedora has issued updated packages to fix this vulnerability. Upd…

漏洞类别：Debian 漏洞等级： 漏洞信息 Debian has released security update for libcrypto++ to fix the vulnerabilities. 漏洞危害 The exploitation of the vulnerability may allow an attacker to cause a denial of service. 解决方案 Refer to Debian security advisory DSA 3748-1 to address t…

漏洞类别：Debian、 漏洞等级： 漏洞信息 Debian has released security update for exim4 to fix the vulnerabilities. 漏洞危害 The exploitation of the vulnerability may leak the private DKIM signing key to the log files if specific configuration options are met. 解决方案 Refer to Debian …

漏洞类别：Debian 漏洞等级： 漏洞信息 Debian has released security update for graphicsmagick to fix the vulnerabilities. 漏洞危害 Successful exploitation of the vulnerabilities can cause Denial-of-Service. 解决方案 Refer to Debian security advisory DSA 3746-1 to address this issue a…

漏洞类别：Debian 漏洞等级： 漏洞信息 Debian has released security update for squid3 to fix the vulnerabilities. 漏洞危害 Successful exploitation can cause leakage of sensitive information. 解决方案 Refer to Debian security advisory DSA 3745-1 to address this issue and obtain furthe…

漏洞类别：Debian 漏洞等级： 漏洞信息 Debian has released security update for libxml2 to fix the vulnerabilities. 漏洞危害 Successful exploitation of the vulnerabilities can allow an attacker to cause a denial-of-service against the application or may allow the attacker to execu…

漏洞类别：Fedora 漏洞等级： 漏洞信息 Fedora has released security update for botan to fix the vulnerability. Affected OS: Fedora 24 Fedora 25 漏洞危害 Successful exploitation may cause an integer overflow. 解决方案 Fedora has issued updated packages to fix this vulnerability. Updat…

漏洞类别：Fedora 漏洞等级： 漏洞信息 Fedora has released security update for kernel to fix the vulnerability. Affected OS: Fedora 25 漏洞危害 Successful exploitation may lead to buffer overflow. 解决方案 Fedora has issued updated packages to fix this vulnerability. Updates can be i…

漏洞类别：Fedora 漏洞等级： 漏洞信息 Fedora has released security update for kernel to fix the vulnerability. Affected OS: Fedora 24 漏洞危害 Successful exploitation may lead to buffer overflow. 解决方案 Fedora has issued updated packages to fix this vulnerability. Updates can be i…

引言 目前值得高兴的是，开发者在建立网站时，已经开始关注安全问题了——几乎每个开发者都知道SQL注入漏洞了。在本文中，我将为读者介绍另一种与SQL数据库相关的漏洞，虽然它的危害性与SQL注入不相上下，但目前却很少为人所知。接下来，我将为读者详细展示这种攻击手法，以及相应的防御策略。 背景知识 最近，我遇到了一段有趣的代码，它尝试尽一切可能来保护数据库的访问安全，例如每当新用户进行注册时，将运行以下代码： 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22…

12月28日，2016贵阳举办大数据与网络安全攻防演练总结大会， 360公司总裁、360企业安全集团董事长齐向东在大会上表示，没有安全的保障，大数据产业没有未来，大数据产生了三个颠覆，发展大数据产业需要与IOT、深度机器学习以及安全技术三个方面进行结合，360将深度参与贵阳大数据安全产业发展。 演讲全文 尊敬的各位领导，专家，媒体朋友们，下午好！ 贵阳举行的这次在真实网络环境中的大数据与网络安全攻防演练，在全国范围内都是屈指可数的尝试。通过这样的演练，发现安全问题，不仅有助于解决已经存在的安全问题，还将对我国的大数…

前言 Windows内核提权漏洞CVE-2016-7255已经受到了很多媒体的关注。在11月份的Patch Tuesday中，微软发布了针对此漏洞的修复程序，将其作为MS16-135公告的一部分。根据微软的说明，CVE-2016-7255主要用于执行有针对性的攻击，并且可以通过一些“野路子”来找到样本。 谷歌和微软已经证实俄罗斯黑客集团APT28使用了一个Flash漏洞（CVE-2016-7855）和这个内核提权漏洞执行了一次有针对性的攻击，谷歌也发布了一些针对此漏洞的讨论： https://security.go…

早在今年上半年，破坏力极强的修改MBR并加密MFT (Master File Table)的勒索木马Petya就引起了杀毒厂商的高度关注，然而在今年下半年360白名单分析组又捕获了该作者最新的勒索木马“GoldenEye”。 半年以来该木马作者与杀毒软件的对抗持续升级，新的勒索木马的查杀难度显著增强。 一、 主要流程 图1  GoldenEye木马流程图 二、 Shellcode部分 GoldenEye为了伪装自己,在微软的开源代码ZoomIt中嵌入了恶意的ShellCode。 图2  GoldenEye中微软开源…

安全客新年投稿赠书活动 即日起至2016年1月20日，凡是在安全客平台投稿的优质原创作者，即有机会获得文中出现的安全书籍！ 作为一家有思想的安全新媒体，安全客一直致力于传播有思想的安全声音，让我们将您的声音传达给数以万计的网络安全爱好者！ 投稿链接：http://bobao.360.cn/contribute/index 格式要求：http://bobao.360.cn/news/detail/3553.html Web安全 《白帽子讲Web安全》 作者简介 ： 吴翰清，毕业于西安交通大学少年班，从2000年开始…