Smarty <= 3.1.32 Remote Code execution(CVE-2017-1000480) - magic_zero
Smarty介绍 smarty是一个php模板引擎,其项目地址:https://github.com/smarty-php/smarty 测试环境搭建 下载:https://github.com/smarty-php/smarty/releases (本案例测试为smarty-3.1.31) 解压以
Aggregator
Thingbots and Reapers and Cryptominers—Oh, My! F5 Labs’ First Year in Review
6 years 11 months ago
F5 Labs covered a multitude of threats, vulnerabilities, botnets, attackers, and attacks in 2017. Here are just some of the highlights you might have missed.
Typecho插件CommentToMail配置流程详解
6 years 11 months ago
想试着用一下评论系统,顺便加几个功能提高体验,但试
Typecho插件CommentToMail配置流程详解
6 years 11 months ago
想试着用一下评论系统,顺便加几个功能提高体验,但试
Risk vs. Reality: Don’t Solve the Wrong Problem
6 years 11 months ago
If you’re not evaluating risk in terms of likelihood and impact, you could be focusing your security efforts in all the wrong places.
マイクロソフト、法執行機関などとの連携により Gamarue (Andromeda) を撲滅
6 years 11 months ago
本記事は、Microsoft Secure ブログ “Microsoft teams up with law enforcement and other partners to disrupt Gamarue (Andromeda)
マイクロソフト、法執行機関などとの連携により Gamarue (Andromeda) を撲滅
6 years 11 months ago
本記事は、Microsoft Secure ブログ “Microsoft teams up with law enforcement and other partners to disrupt Gamarue (Andromeda)
运营商劫持系列1-疯狂的支付宝红包
6 years 11 months ago
反运营商劫持系统上线半年,期间分析过一些典型的劫持案例,由于最近支付宝红包相关的劫持事件越来越多,于是深入研究了下,发现不少有趣的网站。整理了部分笔记,作为运营商劫持系列的第一篇文章蹭蹭热点。拳...
0x0d
大三实习面经
6 years 11 months ago
这学期一开学,大家的话题基本就已经全是实习了,因为
大三实习面经
6 years 11 months ago
这学期一开学,大家的话题基本就已经全是实习了,因为
Everything Is Compromised—Now What?
6 years 11 months ago
Accept that breaches are inevitable in today’s world, then take these steps to reduce the chances of a large-scale, headline-making compromise.
[代码审计]DedeCMS V5.7 SP2前台任意文件删除
6 years 11 months ago
[TOC]
### 0x01 前言
------------
>首先本地搭建环境,我所使用的是Windows PHPstudy集成环境。使用起来非常方便。特别是审计的时候。可以任意切换PHP版本...
Poacher
State of App Delivery 2018: Security Again Edges Out Availability As Most Important App Service
6 years 11 months ago
Forty-three percent of organizations say security is essential when deploying apps, and more than two thirds use multiple security solutions to protect clients, infrastructure, and web apps.
Ramnit Goes on a Holiday Shopping Spree, Targeting Retailers and Banks
6 years 11 months ago
Ramnit’s latest twist includes targeting the most widely used web services during the holidays: online retailers, entertainment, banking, food delivery, and shipping sites.
Risky Business (Part 2): Why You Need a Risk Treatment Plan
7 years ago
Performing a risk analysis and taking due care are no longer optional.
回看2017 | 威胁情报看威胁【续】
7 years ago
没什么,续点内容凑一篇文章而已。
How McAfee Embedded Security Helps Medical Device Manufacturers
7 years ago
The blog was written by Tom Moore. Like other Internet of Things (IoT) devices, medical equipment is a vulnerable attack...
The post How McAfee Embedded Security Helps Medical Device Manufacturers appeared first on McAfee Blog.
McAfee
A Spectre of Meltdowns Could be in Store for 2018, Including Fileless Malware Attacks and More Costly Bots
7 years ago
Every week another bug, vulnerability, or exploit is released - we need a multi-layered security strategy (beyond our standard patch “spin cycles”) to deal with threats like Spectre and Meltdown.
小心第三方代码
7 years ago
看到一篇有趣的文章 I’m harvesting credit card numbers and passwords from your site. Here’s how,讲的是通过在 NPM ...
0x0d
Global Consultancy Overcomes Cloud Security Risks
7 years ago
How moving application into the cloud can make your organization stronger and more valuable to your customers.