Vulnerability

ASP.NET 被暴露存在一个严重的安全缺陷,同时也会影响到SharePoint

2.0,3.5,3.5SP1,4.0)均存在同样的缺陷,不怀好意者可以利用此缺陷拿到像站点的配置文件(web.config)这样的敏感信息:  An attacker using this vulnerability
·2015-10-30 14:06

Php漏洞审计工具 - PHP Vulnerability Hunter

PHP Vulnerability Hunter是一款高级的自动化白盒Fuzz测试工具。
·2015-10-30 13:34

Firefox 3.0.8正式版

该版本修正了两个严重的安全性漏洞: Arbitrary code execution through XUL <tree> element XSL Transformation vulnerability
·2015-10-30 10:15

Automated CMS category, version identification (CMS vulnerability detection)

catalog1.引言 2.不同CMS版本标的文件路径调研 3.CodeExample 1.引言微软解决大量CVE补丁更新的检测时候,采取的思路不是根据MD5对单个漏洞文件(.dll、.sys)进行漏洞检测,而是采取基线检测的思路,对目标的.dll、.sys文件进行版本检测,如果当前版本不是最新的,则报告对应的可能存在的疑似漏洞0x1:技术方案1.识别WEB路径 1)进程启动参数 2)解析
.Little Hann·2015-10-28 21:00

Automated CMS category, version identification (CMS vulnerability detection)

catalog1.引言 2.不同CMS版本标的文件路径调研 3.CodeExample 1.引言微软解决大量CVE补丁更新的检测时候,采取的思路不是根据MD5对单个漏洞文件(.dll、.sys)进行漏洞检测,而是采取基线检测的思路,对目标的.dll、.sys文件进行版本检测,如果当前版本不是最新的,则报告对应的可能存在的疑似漏洞0x1:技术方案1.识别WEB路径 1)进程启动参数 2)解析
.Little Hann·2015-10-28 21:00

Struts2/XWork 安全漏洞及解决办法

漏洞名称:Struts2/XWork < 2.2.0 Remote Command Execution Vulnerability 相关介绍: http://www.exploit-db.com
·2015-10-28 08:54

关于bash的shellshock漏洞

Shellshock (CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187) is a vulnerability
·2015-10-27 13:56

struts2 CVE-2013-2251 S2-016 action、redirect code injection remote command execution

Principle Of Vulnerability 5. Patch Fix   1.
·2015-10-26 15:12

CMSEASY /lib/tool/front_class.php、/lib/default/user_act.php arbitrary user password reset vulnerability

catalog 1. 漏洞描述 2. 漏洞触发条件 3. 漏洞影响范围 4. 漏洞代码分析 5. 防御方法 6. 攻防思考   1. 漏洞描述 攻击者通过构造特殊的HTTP包,可以直接重置任意用户(包括管理员)的密码 Relevant Link: http://www.cmseasy.cn/patch/show_919.html 2. 漏洞触发条件 0x
·2015-10-26 15:11

struts2 CVE-2012-0392 S2-008 Strict DMI does not work correctly allows remote command execution and arbitrary file overwrite

Principle Of Vulnerability 5. Patch Fix   1.
·2015-10-26 15:08

CVE-2015-1328 Ubuntu 12.04, 14.04, 14.10, 15.04 overlayfs Local Root

Principle Of Vulnerability 5. Patch Fix   0.
·2015-10-26 15:07

DB2 SQL Injection Cheat Sheet

Finding a SQL injection vulnerability in a web application backed by DB2 isn't too common in my experience
·2015-10-21 13:07

struts2 CVE-2014-0050(DoS), CVE-2014-0094(ClassLoader manipulation) S2-20 DoS attacks and ClassLoader manipulation

Principle Of Vulnerability 5. Patch Fix   1.
·2015-10-19 10:39

struts2 CVE-2013-4316 S2-019 Dynamic method executions Vul

Principle Of Vulnerability 5. Patch Fix   1.
·2015-10-19 10:39

struts2 CVE-2013-1965 S2-012 Showcase app vulnerability allows remote command execution

Principle Of Vulnerability 5. Patch Fix   1.
·2015-10-19 10:39

struts2 CVE-2012-0838 S2-007 Remote Code Execution

Principle Of Vulnerability 5. Patch Fix   1.
·2015-10-19 10:38

QTVA-2015-198545、WooYun-2015-104148 .NET Framework Arbitrary File Permissions Modify Vul

Principle Of Vulnerability 5. Patch Fix   1.
·2015-10-19 10:37

struts2 CVE-2010-1870 S2-005 XWork ParameterInterceptors bypass allows remote command execution

Principle Of Vulnerability 5. Patch Fix   1.
·2015-10-19 10:37

Malicious Stored XSS Vulnerability in PayPal, Find Bitdefender Researchers

BitdefenderhasfoundaStoredXSSvulnerabilityinPayPalthatcouldallowattackerstouploadmaliciouslycraftedfilestoperformattacksonPayPalcustomers.Thevulnerabilitycanbeweaponizedtodelivermaliciouscontentorfile
qq_27446553·2015-09-07 14:00

php 新漏洞

http://www.nsfocus.com.cn/report/php_multipart-form-data_remote_dos_vulnerability_analysis_protection.pdf
weixingo·2015-08-25 11:00

Android linux kernel privilege escalation vulnerability and exploit (CVE-2014-4322)

Inthisblogpostwe'llgooveraLinuxkernelprivilegeescalationvulnerabilityIdiscoveredwhichenablesarbitrarycodeexecutionwithinthekernel.ThevulnerabilityaffectedalldevicesbasedonQualcommchipsets(thatis,based
Stuxnet·2015-08-17 23:00

POODLE Vulnerability: Padding Oracle on Downgraded Legacy Encryption

INTRODUCTIONPOODLEabbreviatestoPaddingOracleOnDowngradedLegacyEncryption.ThisvulnerabilitywasdiscoveredbyBodoMöller,ThaiDuong&KrzysztofKotowiczfromtheGOOGLEsecurityteamandpublishedhere.I'musingtheinfo
u011956172·2015-08-04 15:00

samba 最新漏洞代码POC

This PoC does only triggering the bug Reference: - https://securityblog.redhat.com/2015/02/23/samba-vulnerability-cve
bazhinv·2015-06-03 15:20

samba 最新漏洞代码POC

This PoC does only triggering the bug Reference: - https://securityblog.redhat.com/2015/02/23/samba-vulnerability-cve
bazhinv·2015-06-03 15:20

文件上传漏洞演示脚本之js验证

http://www.waitalone.cn/js-file-upload-vulnerability-validation-script.html关于文件上传漏洞,想必玩web安全的同学们都有接触,
xysoul·2015-04-17 20:00

PHP代码审计笔记

attacker might execute arbitrary HTML/JavaScript Code in the clients browser context with this security vulnerability
张小农·2015-04-10 05:00

基于Tomcat 的WEB Project存在的安全漏洞总结

1检查工具:Acunetix Web Vulnerability Scanner V9破解版2检查漏洞说明结果显示:2.1HTMLFormWithoutCSRFProtection2.2slow_Http_DoS2.3
jun55xiu·2015-01-16 19:00

Android框架层漏洞-Fragment注入

2013/Dec/55http://blog.csdn.net/l173864930/article/details/17279165http://securityintelligence.com/new-vulnerability-android-framework-fragment-injection
wangkaiblog·2014-12-02 19:00

全路径泄漏

://www.owasp.org/index.php/Full_Path_Disclosure http://yehg.net/lab/pr0js/view.php/path_disclosure_vulnerability.txt
j4s0nh4ck·2014-11-17 01:00

PHP Vulnerability Hunter 1.3.87发布

最新版本的Php漏洞审计工具已经在4天前发布了。PHPVulnerabilityHunter是一款高级的自动化白盒Fuzz测试工具。最新版本是1.3.87.0,包括很多经过改进的特性像SQL注入漏洞扫描,基于静态分析的漏洞探测,改进的爬虫功能,任意文件上传扫面,集成测试,钩子检查,和一些对命令提示符的增强。这个工具能够在PHP应用中触发大量可被利用的报错。 下载地址:点击下载百度云盘下载转自:ht
KBK影院·2014-11-09 16:55

Vulnerability checks

Cross-sitescripting(XSS)isatypeofcomputersecurityvulnerabilitytypicallyfoundinWebapplications.XSSenablesattackerstoinjectclient-sidescriptintoWebpagesviewedbyotherusers.Across-sitescriptingvulnerabili
q745401990·2014-10-23 16:00

jquery 实现Ajax,JS 循环遍历JSON数据

通过厂商首字母,得到厂商列表functiongetVendor(startWord){// alert(startWord); $.ajax({  type:'post',  //urlaction  url:'vulnerability
henryzhang2009·2014-10-20 15:00

[持续更新]工具集

www.kahusecurity.com/2014/javascript-deobfuscation-tools-redux/ [14 Best Open Source Web Application Vulnerability
j4s0nh4ck·2014-09-29 21:00

Bash 远程任意代码执行安全漏洞(最严重漏洞)

远程任意代码执行安全漏洞(最严重漏洞) http://www.oschina.net/news/55576/bourne-again-shell-bash-remote-code-execution-vulnerability
lichaoshan·2014-09-25 16:38

Open Wifi SSID Broadcast vulnerability

1人收藏 收藏2014/08/2816:52 | 无人知晓 | 无线安全 | 占个座先0x00前言前几天,看到微博上@RAyH4c分享了一份老外关于wifi钓鱼的文章,觉得挺好的,便翻译了一下。第一次翻译,英语水平堪堪才过4级,翻的不好请大家见谅,凑合着看吧。附上原文地址:https://www.os3.nl/_media/2012-2013/courses/ssn/open_wifi_ssid_
mirkerson·2014-08-30 15:00

使用XSScrapy扫描xss漏洞

url:http://danmcinerney.org/xsscrapy-fast-thorough-xss-vulnerability-spider/ 1. apt-get install python-pip
j4s0nh4ck·2014-08-23 10:00

McAfee Vulnerability Manager(Foundstone)各组件之间的通信关系

ComponentsandwhattheydoMcAfeeVulnerabilityManagerconsistsofcomponentsthatworktogethertomonitoryoursystems.Enterprisemanager�CUsesMicrosoftInternetInformationServices(IIS)toprovideauthorizeduserswithac
mintank·2014-08-06 21:32

snmp assets

Part 1:setup snmp service ref: http://resources.infosecinstitute.com/vulnerability-assessment-of-snmp-service-i
j4s0nh4ck·2014-07-09 23:00

安全漏洞以及解决方法

一、Padding Oracle Vulnerability,填充甲骨文漏洞。原文:ScottGu的说明 老赵  解决方法:1。添加报错页面。
·2014-06-20 15:00

Oracle TNS Poison Vulnerability

解决这个问题时alert-cve-2012-1675-1608180:OracleSecurityAlertforCVE-2012-1675的记录,直接从SendItems里摘出来自己的部分:http://www.oracle.com/technetwork/topics/security/alert-cve-2012-1675-1608180.html Ithinkthat’saknownsec
alaahong·2014-02-28 18:00

Oracle TNS Poison Vulnerability

http://www.oracle.com/technetwork/topics/security/alert-cve-2012-1675-1608180.html Ithinkthat’saknownsecurityissueasthus↑[alert-cve-2012-1675-1608180:OracleSecurityAlertforCVE-2012-1675] Affected Prod
小紅·2014-02-28 18:00

PHPCMS V9 BLind SQL Injection Vulnerability

见:http://seclists.org/bugtraq/2011/Jan/139例如北大的一个网站:http://www.cala.pku.edu.cn/index.php?m=content&c=rss&catid=5&siteid=1又如:http://www.kuqiwan.com/index.php?m=content&c=rss&catid=5&siteid=1youcantryot
qysh123·2014-01-03 14:00

Backtrack命令解析(Vulnerability assessment)

1. Nikto:/vulnerabilityassessment/webapplicationassessment/webvulnerabilityscanners 是一个的Web服务器安全扫描工具。该工具可以扫描和检测的安全漏洞包括:服务器错误配置,默认和不安全的文件,过期的服务器应用所引起的漏洞。它还支持子域名枚举,应用程序安全检查(xss,sql注入等),并能够采用基于字典的攻击方式猜测认
youthflies·2013-09-28 00:00

Struts2漏洞浅析之Ongl代码执行分析

一、简述2010年7月exploitdb爆出的《Struts2/XWork < 2.2.0 Remote Command Execution Vulnerability》,可以称之为神一样的漏洞,攻击者只要构造出合适的语句
acpan·2013-07-22 17:14

Reverse Shell Cheat Sheet

pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheetIfyou’reluckyenoughtofindacommandexecution vulnerability
feier7501·2013-07-06 17:00

Hacking Windows XP SP3 Via MS11-006 Windows Shell Graphics Processing Vulnerability

Type:TutorialLevel:MediumVictimO.S:Windows XP SP3AttackerO.S:Backtrack5R1WhycreateatutorialabouthackingWindows XP??nowistheWindows7erasoit’sbettertowritedownabouthackingtheWindows7thanWindows XP.Ifyou
feier7501·2013-05-13 22:00

TinyMCE Ajax File Manager suffers from a remote code execution vulnerability.

___________________/|________________ /_\/\_/__\/___/\__\___\_/__\_/__\ ()|\___/\___\||||\/\___/\___/ \____/|___|/\___>____>|_||__|\___>\___> \/\/\/\/\/ #ExploitTitle:timynceAjaxFileManagerRemoteCod
cnbird2008·2013-05-09 09:00

【编译打包】haproxy 1.4.23

官网首页原文: A vulnerability in all 1.4 and 1.5 releases was fixed in 1.4.23 and 1.5-dev18 (CVE-2013-
紫色葡萄·2013-04-18 11:10

BackTrack5漏洞评估之OpenVAS(Open Vulnerability Assessment System)

 OpenVAS(OpenVulnerabilityAssessmentSystem)是一个包含集成安全工具和服务的系统,为漏洞管理提供了强大的平台,其开发基于C/S架构,通过客户端向服务端请求对目标的具体网络漏洞执行测试集。模块化和稳定的设计使该平台支持并行安全测试的同时支持多操作系统(Linux/Win32)。 OpenVAS核心组件和功能。1、OpenVASScanner可以有效地管理NVT
loofeer·2012-12-25 13:55

Struts2/XWork < 2.2.0 Remote Command Execution Vulnerability

备忘下,TMD delicious现在都搞定老不爽了 。。。   riday, July 9, 2010 CVE-2010-1870: Struts2/XWork remote command execution Update Tue Jul 13 2010: Added proof of concept &nb
eyesmore·2012-11-07 18:00
上一页 2 3 4 5 6 7 8 9 下一页
按字母分类: ABCDEFGHIJKLMNOPQRSTUVWXYZ其他