概述 在这篇文章中,我们将会给大家介绍一种从浏览器中提取敏感信息的方法,而我们所要用到的工具就是你的智能手机或笔记本电脑中的环境光传感器。文章结构如下: 1. 首先,我们会介绍与光传感器有关的内容。 2. 接下来,我们会描述用户设备的屏幕颜色将会对光传感器的数据产生怎样的影响。我们的主要目标是跨域提取浏览器的数据和历史记录,而攻击者将可以从中提取出敏感文档和图片(例如用于账号恢复的二维码图片)。 3. 最后,我们会介绍浏览器厂商所能采取的应对策略,并帮助大家缓解这种风险。 注:当前版本的Firef…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for dpkg to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 漏洞危害 This vulnerability could be exploited to gain partial access to sensiti…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for zziplib to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 S…
漏洞类别:Cisco 漏洞等级: 漏洞信息 A vulnerability in the Session Initiation Protocol (SIP) UDP throttling process of Cisco Unified Communications Manager (Cisco Unified CM) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an …
漏洞类别:Cisco 漏洞等级: 漏洞信息 A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service condition. The vulnerability is due to a race condition that co…
漏洞类别:Cisco 漏洞等级: 漏洞信息 Multiple vulnerabilities in the EnergyWise module of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a buffer overflow condition or a reload of an affected device, leading to a denial of servic…
漏洞类别:Local 漏洞等级: 漏洞信息 A heap overflow vulnerability has been identified in Citrix NetScaler Gateway that could allow a remote, authenticated user to execute arbitrary commands on the NetScaler Gateway appliance as a root user. The vulnerability affects the fol…
漏洞类别:Local 漏洞等级: 漏洞信息 VirtualBox is a general-purpose full virtualizer for x86 hardware, targeted at server, desktop and embedded use. Multiple vulnerabilities were reported in Oracle VM VirtualBox. A local user can cause denial of service conditions on the ta…
漏洞类别:Local 漏洞等级: 漏洞信息 Google Chrome is a web browser for multiple platforms developed by Google. This Google Chrome update fixes the following vulnerabilities: A remote user can create specially crafted content that, when loaded by the target user, will execut…
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that Dovecot incorrectly handled some usernames. 漏洞危害 An attacker could possibly use this issue to cause Dovecot to hang or crash, resulting in a denial of service. 解决方案 Refer to Ubuntu advisory USN-3258-1 for affected …
漏洞类别:RedHat 漏洞等级: 漏洞信息 The kernel packages contain the Linux kernel, the core of any Linux operating system. A race condition flaw was found in the N_HLDC Linux kernel driver when accessing n_hdlc.tbuf list that can lead to double free. A local, unprivileged u…
漏洞类别:RedHat 漏洞等级: 漏洞信息 Chromium is an open-source web browser, powered by WebKit (Blink). Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or di…
CVE
CVE-2017-1274 IBM Domino IMAP EXAMINE Buffer Overflow Vulnerability - (swg22002280) Shadow Broker - (EMPHASISMINE)
漏洞类别:Local 漏洞等级: 漏洞信息 IBM Domino (formerly IBM Lotus Domino) is an advanced platform for hosting social business applications. IBM Domino is vulnerable to a IMAP EXAMINE command stack buffer overflow vulnerability which can allow authenticated attackers to exe…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 A denial of service flaw was found in the way BIND handled a query response containing CNAME or DNAME resource records in an unusual order. A remote attacker could use this flaw to make named exit unexpectedly with an assertion fai…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 An out-of-bounds write flaw was found in the way NSS performed certain Base64-decoding operations. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash or exec…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 Remote crash via crafted LDAP messages: An invalid pointer dereference flaw was found in the way 389-ds-base handled LDAP bind requests. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially c…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 Sending SIGKILL to other processes with root privileges via su: A race condition was found in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with roo…
漏洞类别:Local 漏洞等级: 漏洞信息 Adobe ColdFusion is an application for developing Web sites. Adobe has released security hotfixes for ColdFusion versions 10, 11 and the 2016 release. These hotfixes resolve an input validation issue that could be used in reflected XSS (c…
E安全4月25日讯 俄罗斯知名黑客组织APT28(也被称为Pawn Storm、Sednit、Sofacy、Fancy Bear和Strontium) 曾被指入侵美国民主党全国委员会(DNC),泄露希拉里竞选主席约翰·波德斯塔的电子邮件。 2017年欧洲大选即将到来,各界猜测这支黑客组织或重出江湖。 继APT28去年让美国民主党难堪之后,这支俄罗斯政府黑客会盯上法国大选吗? 过去两个月,APT28已将目标瞄向在首轮投票中胜出的马克龙。数周以来这位首轮胜出者的竞选电脑系统一直被试图入侵,马克龙指责这是俄罗斯干的,但直…
漏洞类别:OEL 漏洞等级: 漏洞信息 Oracle Enterprise Linux has released security update for unbreakable enterprise kernel to fix the vulnerabilities. Affected Products: Oracle Linux 7 Oracle Linux 6 漏洞危害 Successful exploitation of the vulnerabilities may allow privilege esca…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for ruby2.1 to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP2 SU…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for tigervnc to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 漏洞危害 This vulnerability can also be used to cause a limited denial of se…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for tigervnc to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 漏洞危害 This vulnerability can also be used to cause a limited denial of se…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for minicom to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 …
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for xen to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 漏洞危害 This vulnerability could be exploited to gain complete …