肥兔 发布的文章

  12岁创业ceo田众和:1999年出生的,今年12岁,小学五年级学生。据媒体报道他11岁就对c语言学习的非常熟练,当年做了一个“Othink”微型操作系统,当年还获得了腾讯公司提供的300元创业贷款。田众和利用这来之不易的300元贷款,租赁了一个服务器,创办了他的第一个网站——时代软件工作室官方网站。 此后靠着工作室网站他用编程软件伪装成年人招募了11名成年人合伙开发网站程序,并建设了4个网站,通过销售软件、网站程序,外加广告收入,4个月盈利了3万元。没错,这则新闻是东方今报在今年9月初报道的新闻。

在第一次看到这个新闻的时候真有点不敢相信,因为操作系统和c语言对于一个12岁小孩田众和来说简直是天方夜谈,而“腾讯投资300元”,我一度以为后面应该有个“万”的。至于其他的300元租服务器开网站等等我都觉得有点玄幻,直到9月26日,“投资300元创业贷款”的当事者腾讯网站了出来后。在首页头条专门放了一个关于12岁创业ceo田众和的视频专访我才晕晕乎乎的相信这是真的。

- 阅读剩余部分 -

                                                         -*- coding: utf-8 -*-
Changes with Apache 2.2.21

  *) SECURITY: CVE-2011-3348 (cve.mitre.org)
     mod_proxy_ajp: Respond with HTTP_NOT_IMPLEMENTED when the method is not
     recognized.  [Jean-Frederic Clere]

  *) Fix a regression introduced by the CVE-2011-3192 byterange fix in 2.2.20.
     PR 51748. [<lowprio20 gmail.com>]

  *) mod_filter: Instead of dropping the Accept-Ranges header when a filter
     registered with AP_FILTER_PROTO_NO_BYTERANGE is present,
     set the header value to "none". [Eric Covener, Ruediger Pluem]

  *) mod_proxy_ajp: Ignore flushing if headers have not been sent.
     PR 51608 [Ruediger Pluem]

  *) mod_dav_fs: Fix segfault if apr DBM driver cannot be loaded. PR 51751.
     [Stefan Fritsch]

  *) mod_alias: Adjust log severity of "incomplete redirection target"
     message. PR 44020.

  *) mod_rewrite: Check validity of each internal (int:) RewriteMap even if the
     RewriteEngine is disabled in server context, avoiding a crash while
     referencing the invalid int: map at runtime. PR 50994.
     [Ben Noordhuis <info noordhuis nl>]

  *) core: Allow MaxRanges none|unlimited|default and set 'Accept-Ranges: none'
     in the case Ranges are being ignored with MaxRanges none.
     [Eric Covener]

  *) mod_proxy_ajp: Respect "reuse" flag in END_REPONSE packets.
     [Rainer Jung]
download link http://httpd.apache.org/download.cgi

-*- coding: utf-8 -*-
Changes with Apache 2.2.20

*) SECURITY: CVE-2011-3192 (cve.mitre.org)
core: Fix handling of byte-range requests to use less memory, to avoid
denial of service. If the sum of all ranges in a request is larger than
the original file, ignore the ranges and send the complete file.
PR 51714. [Stefan Fritsch, Jim Jagielski, Ruediger Pluem, Eric Covener]

*) mod_authnz_ldap: If the LDAP server returns constraint violation,
don't treat this as an error but as "auth denied". [Stefan Fritsch]

*) mod_filter: Fix FilterProvider conditions of type "resp=" (response
headers) for CGI. [Joe Orton, Rainer Jung]

*) mod_reqtimeout: Fix a timed out connection going into the keep-alive
state after a timeout when discarding a request body. PR 51103.
[Stefan Fritsch]

*) core: Do the hook sorting earlier so that the hooks are properly sorted
for the pre_config hook and during parsing the config. [Stefan Fritsch]

[Apache 2.1.0-dev includes those bug fixes and changes with the
Apache 2.0.xx tree as documented, and except as noted, below.]

Changes with Apache 2.0.x and later:

*) http://svn.apache.org/viewvc/httpd/httpd/branches/2.0.x/CHANGES?view=markup

 

download link http://httpd.apache.org/download.cgi

26 June 2011
IMAGEVUE 1.8.2
-----------------------------------------------------------------

1.8.2
[*] PHP5.3 Compatibility

1.8.1
[*] PHP5.3 Compatibility

1.8
[*] Fixed picture ghosting
[+] Files are being chmoded 666 after upload using admin

1.7.8
[*] Refixed passwords

1.7.7
[*] Disabled sendpic logging by default
(if you need to log all emails, check sendpic.php)
[*] Fixed password being converted to lowercase
[*] Changed short opening tags in all .php files

Download link : http://www.gokuai.com/f/U2S8BP02Jb1Y91XL

此版本为V1系列终结版,文件包含了整站程序,附带了部分文件源代码,允许二次开发,程序不需要授权,如果没有必要,请使用X2系列。

兔兔严重鄙视那些看文章不回复又想下载的人,再次提醒,需要下载请自觉回复。

  港交所网站被黑事件尚未平息,一个影响更为广泛的DedeCMS系统高危漏洞又被黑客捅了出来。公开数据显示,使用DedeCMS系统的国内互联网站接近40万家,覆盖企业、教育机构、数字传媒等各个领域。截至发稿前,DedeCMS仍未发布官方补丁修复漏洞,为此360网站安全检测平台(webscan.360.cn)已紧急提供了临时解决方案,提醒广大网站站长尽快参考方案修复漏洞。

DedeCMS是国内第一个开源的网站内容管理系统,在CMS市场受到大批网站站长的欢迎。不过最近有技术论坛发现,该系统的全局变量初始化存在漏洞,可能导致黑客利用漏洞侵入使用DedeCMS的网站服务器,造成网站用户数据泄露、页面被恶意篡改等严重后果。

据此前360安全中心发布的《互联网安全报告》显示:今年以来,黑客攻击网站服务器,窃取用户数据造成的危害已经超过盗号木马。很多网民即便电脑没有中木马,账号和密码也会由于网站漏洞而被黑客窃取。因此,DedeCMS漏洞不仅关系着数十万家网站的服务器安全,对网民的切身利益也造成了间接影响。

360网站安全检测平台提醒广大站长,该平台已经第一时间支持DedeCMS最新漏洞的检测,使用DedeCMS开发的网站站长可登录webscan.360.cn免费检测。一旦发现网站存在漏洞,在DedeCMS官方补丁发布之前,应尽快按照如下应急方案进行处理(以DedeCMS 5.6为例):

在DedeCMS系统的/include/common.inc.php中,找到注册变量的代码:

  foreach(Array('_GET','_POST','_COOKIE') as $_request)
  {
  foreach($$_request as $_k => $_v) ${$_k} = _RunMagicQuotes($_v);
  }

将其修改为:

  foreach(Array('_GET','_POST','_COOKIE') as $_request)
  {
  foreach($$_request as $_k => $_v) {
  if( strlen($_k)>0 && eregi('^(cfg_|GLOBALS)',$_k) ){
  exit('Request var not allow!');
  }
  ${$_k} = _RunMagicQuotes($_v);
  }
  }
  1. 1
  2. ...
  3. 29
  4. 30
  5. 31
  6. 32
  7. 33
  8. 34
  9. 35
  10. ...
  11. 59