新年的古詩 – 新年快樂 恭喜發財

Beautiful-flower-20

新年的古詩 – 新年快樂 恭喜發財

田家元日
(唐)孟浩然
昨夜鬥回北,今朝歲起東;
我年已強壯,無祿尚憂農。
桑野就耕父,荷鋤隨牧童;
田家占氣候,共說此年豐。

《賣癡呆詞》
(唐)範成大
除夕更闌人不睡,厭禳鈍滯迫新歲;
小兒呼叫走長街,雲有癡呆召人賣。

《除夜》
(唐)來鵠
事關休戚已成空,萬裏相思壹夜中。
愁到曉雞聲絕後,又將憔悴見春風。

元日
(宋)王安石
爆竹聲中壹歲除,春風送暖入屠蘇;
千門萬護瞳瞳日,總把新桃換舊符。

元日 玉樓春
(宋)毛滂
壹年滴盡蓮花漏,碧井屠蘇沈凍酒。
曉寒料峭尚欺人,春態苗條先到柳。
佳人重勸千長壽,柏葉椒花芬翠袖。
醉鄉深處少相知,只與東君偏故舊。

除夜
(南宋)文天祥
乾坤空落落,歲月去堂堂;
末路驚風雨,窮邊飽雪霜。
命隨年欲盡,身與世俱忘;
無復屠蘇夢,挑燈夜未央。

拜年
(明)文征明
不求見面惟通謁,名紙朝來滿敝蘆。
我亦隨人投數紙,世情嫌間不嫌虛。

已酉新正
(明)葉颙
天地風霜盡,乾坤氣象和;
歷添新歲月,春滿舊山河。
梅柳芳容徲,松篁老態多;
屠蘇成醉飲,歡笑白雲蝸。

癸已除夕偶成
(清)黃景仁
千家笑語漏遲遲,憂患潛從物外知,
悄立市橋人不識,壹星如月看多時。

鳳城新年辭
(清)查慎行
巧裁幡勝試新邏,畫彩描金作鬧蛾;
從此剪刀閑壹月,閨中針線歲前多。

甲午元旦
(清)孔尚任
蕭疏白發不盈顛,守歲圍爐竟廢眠。
剪燭催幹消夜酒,傾囊分遍買春錢。
聽燒爆竹童心在,看換桃符老興偏。
鼓角梅花添壹部,五更歡笑拜新年。

http://aibiyi.lofter.com/post/1cc9f4e9_5ebdbc7

http://canghaixiao.tumblr.com/post/111651377967

Advertisements

2015羊年的新春對聯集錦 – 午馬未羊

Beautiful-flower-28

2015羊年的新春對聯集錦 – 午馬未羊

上聯:馬馳萬裏 下聯:羊戀千山

上聯:羊肥馬壯 下聯:國富民豐

上聯:雲邊雁斷 下聯:隴上羊歸

上聯:壹元復始 下聯:萬象更新

上聯:材源茂盛 下聯:人壽年豐

上聯:四海生色 下聯:五湖呈祥

上聯:江山不老 下聯:神州永春

上聯:百花齊放 下聯:萬木爭榮

上聯:擡頭見喜 下聯:舉步生風

上聯:五金利市 下聯:萬象回春

上聯:國強民富 下聯:政通人和

上聯:人歡馬叫 下聯:春和景明

上聯:舉國安定 下聯:全民團結

上聯:春燕剪柳 下聯:喜鵲登梅

上聯:黨興軍旺 下聯:法嚴政明

上聯:君民義重 下聯:魚水情深

上聯:國家興旺 下聯:人民安康

上聯:海闊魚躍 下聯:天高鳥飛

上聯:鴻鵠得誌 下聯:桃李爭春

上聯:六畜興旺 下聯:五谷豐登

上聯:北鬥光明春臺起鳳 下聯:南溟壯闊羊角搏鵬

上聯:碧草白羊三春圖畫 下聯:金戈鐵馬萬裏征途

上聯:福鹿吉羊三元開泰 下聯:堯天舜日萬象更新

上聯:過佳節方知紅日暖 下聯:度陽春倍覺黨恩深

上聯:立誌當懷虎膽馳騁 下聯:求知莫畏羊腸扶搖

上聯:綠草如茵羊盈瑞氣 下聯:紅桃似火猴沐春風

上聯:時雨春風五羊獻穗 下聯:堯天舜日百鳳朝陽

上聯:送馬年春花融白雪 下聯:迎羊歲喜鵲鬧紅梅

上聯:萬象更新山青水秀 下聯:五羊獻瑞日麗春華

上聯:壹派生機陽春映日 下聯:滿天煥彩浩氣騰雲

上聯:倡廉反腐清風兩袖 下聯:知恥明榮正氣滿腔

上聯:春滿人間百花吐艷 下聯:福臨小院四季常安

上聯:佳節迎春春生笑臉 下聯:豐收報喜喜上眉梢

上聯:辭舊歲革除舊習慣 下聯:迎新春描繪新藍圖

上聯:發展安定團結形勢 下聯:完成經濟調整任務

上聯:錦繡前程千帆競渡 下聯:長征路上萬馬奔騰

上聯:壯誌淩雲紅心向黨 下聯:春風送暖瑞氣盈門

上聯:軍愛民同心幹四化 下聯:民擁軍並肩保國防

上聯:手握五尺嚴陣以待 下聯:胸懷四化眾誌成城

上聯:面向世界虛懷請教 下聯:腳踏實地循序漸進

上聯:萬象更新精神煥發 下聯:百花齊放春滿人間

上聯:服務周到群眾滿意 下聯:態度和善顧客稱心

上聯:萬紫千紅百花爭艷 下聯:五湖四海壹體同春

上聯:科學春天百花齊放 下聯:人間美景四化宏圖

上聯:加強社會主義法制 下聯:堅持人民民主專政

上聯:安定團結四海添喜 下聯:政策稱心五虎逢春

上聯:選賢任能唯才是舉 下聯:勵精圖治振興在望

上聯:炊煙裊裊 家家忙年飯 下聯:清風陣陣 處處樂新春

上聯:春回大地 形勢壹片好 下聯:香飄神州 風光無限新

CVE-2014-9562 OptimalSite Content Management System (CMS) XSS (Cross-Site Scripting) Web Security Vulnerabilities

18638880

CVE-2014-9562 OptimalSite Content Management System (CMS) XSS (Cross-Site Scripting) Web Security Vulnerabilities


Exploit Title: OptimalSite CMS /display_dialog.php image Parameter XSS Web Security Vulnerability

Vendor: OptimalSite

Product: OptimalSite Content Management System (CMS)

Vulnerable Versions: V.1 V2.4

Tested Version: V.1 V2.4

Advisory Publication: January 24, 2015

Latest Update: January 31, 2015

Vulnerability Type: Cross-Site Scripting [CWE-79]

CVE Reference: CVE-2014-9562

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 8.6

CVSS Version 2 Metrics:

Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism

Access Complexity: Medium

Authentication: Not required to exploit

Impact Type: Allows unauthorized modification

Credit: Jing Wang [School of Physical and Mathematical Sciences, Nanyang Technological University (NTU), Singapore] (@justqdjing)





Suggestion Details:

(1) Vendor & Product Description

Vendor:

OptimalSite


Product & Version:

OptimalSite Content Management System (CMS)

V.1

V2.4


Vendor URL & Download:

The product can be obtained from here,

http://www.optimalsite.com/en/


Product Description Overview:

“Content management system OptimalSite is an online software package that enables the management of information published on a website. OptimalSite consists of the system core and integrated modules, which allow expanding website possibilities and functionality. You may select a set of modules that suits your needs best.


Website page structure

Website page structure is presented in a tree structure similar to Windows Explorer, so that several page levels can be created for each item on the menu. The website’s structure itself can be easily edited: you can create new website pages, delete unnecessary ones, and temporarily disable individual pages.


Website languages

OptimalSite may be used to create a website in different languages, the number of which is not limited. Different information may be presented in each separate language and the structure of pages in each language may also differ.


WYSIWYG (What You See Is What You Get) text editor

Using this universal text editor makes posting and replacing information on the website effortless. Even a minimum knowledge of MS Word and MS Excel will make it easy to use the tools of WYSIWYG text editor and implement your ideas.


Search function in the system

By using search function system’s administrator is able to find any information that is published in administrative environment. It is possible to execute a search in the whole system and in separate its’ modules as well.


Recycle bin function

System administrator is able to delete useless data. All deleted data is stored in recycle bin, so administrator can restore information anytime. “




(2) Vulnerability Details:

OptimalSite web application has a computer security bug problem. It can be exploited by stored XSS attacks. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user’s browser session within the trust relationship between their browser and the server.

Several other the similar product 0-day vulnerabilities have been found by some other bug hunter researchers before. OptinalSite has patched some of them. “Openwall software releases and other related files are also available from the Openwall file archive and its mirrors. You are encouraged to use the mirrors, but be sure to verify the signatures on software you download. The more experienced users and software developers may use our CVSweb server to browse through the source code for most pieces of Openwall software along with revision history information for each source file. We publish articles, make presentations, and offer professional services.” Openwall has published suggestions, advisories, solutions details related to XSS vulnerabilities.


(2.1) The code programming flaw occurs at “&image” parameter in “display_dialog.php” page.






http://lists.openwall.net/full-disclosure/2015/02/02/3

http://static-173-79-223-25.washdc.fios.verizon.net/?a=139222176300014&r=1&w=2

http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1546

https://zuiyuxiang.wordpress.com/2015/05/10/cve-2014-9562-optimalsite-content-management-system-cms-xss-cross-site-scripting-security-vulnerabilities/

http://frenchairing.blogspot.com/2015/05/cve-2014-9562-optimalsite-content.html

http://tetraph.blog.163.com/blog/static/234603051201541082835108/

https://www.facebook.com/permalink.php?story_fbid=1623045457913931&id=1567915086760302

https://twitter.com/buttercarrot/status/597377286996791299

http://www.weibo.com/5099722551/ChdSxaqGR?ref=home&rid=4_0_1_2669612892358968742&type=comment

https://plus.google.com/113115469311022848114/posts/9mdeMorsS2C

http://ittechnology.lofter.com/post/1cfbf60d_6e93c47

http://itinfotech.tumblr.com/post/118602673596/securitypost-cve-2014-9562-optimalsite-content

CVE-2014-9560 Softbb.net SoftBB SQL Injection Security Vulnerabilities

maxresdefault
Exploit Title: Softbb.net SoftBB /redir_last_post_list.php post Parameter SQL Injection
Product: SoftBB (mods)
Vendor: Softbb.net
Vulnerable Versions: v0.1.3
Tested Version: v0.1.3
Advisory Publication: Jan 10, 2015
Latest Update: Jan 10, 2015
Vulnerability Type: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) (CWE-89)
CVE Reference: CVE-2014-9560
CVSS Severity (version 2.0):
CVSS v2 Base Score: 7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)
Impact Subscore: 6.4
Exploitability Subscore: 10.0
Credit: Wang Jing [Mathematics, Nanyang Technological University (NTU), Singapore]

http://webtechhut.blogspot.com/2015/02/cve-2014-9560-softbbnet-softbb-sql.html

CVE-2014-9561 Softbb.net SoftBB XSS (Cross-Site Scripting) Security Vulnerability

it_photo_110980

Exploit Title: Softbb.net SoftBB /redir_last_post_list.php post Parameter XSS

Product: SoftBB (mods)

Vendor: Softbb.net

Vulnerable Versions: v0.1.3

Tested Version: v0.1.3

Advisory Publication: Jan 10, 2015

Latest Update: Jan 10, 2015

Vulnerability Type: Cross-Site Scripting [CWE-79]

CVE Reference: CVE-2014-9561

CVSS Severity (version 2.0):

CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 8.6

Credit: Wang Jing [Mathematics, Nanyang Technological University (NTU), Singapore]

http://diebiyi.com/articles/%E5%AE%89%E5%85%A8/xss-vulnerability/cve-2014-9561-softbb-net-softbb-xss-cross-site-scripting-security-vulnerability/

CVE-2014-7294 NYU OpenSSO Integration Open Redirect Security Vulnerability

examine_binary-300x215

Exploit Title: NYU OpenSSO Integration Logon Page url Parameter Open Redirect

Product: OpenSSO Integration

Vendor: NYU

Vulnerable Versions: 2.1 and probability prior

Tested Version: 2.1

Advisory Publication: DEC 29, 2014

Latest Update: DEC 29, 2014

Vulnerability Type: Open Redirect [CWE-601]

CVE Reference: CVE-2014-7294

CVSS v2 Base Score: 5.8 (MEDIUM) (AV:N/AC:M/Au:N/C:P/I:P/A:N) (legend)

Impact Subscore: 4.9

Exploitability Subscore: 8.6

Credit: Wang Jing [CCRG, Nanyang Technological University (NTU), Singapore]

http://webtechhut.blogspot.com/2015/02/cve-2014-7294-nyu-opensso-integration.html

CVE-2014-7293 NYU OpenSSO Integration XSS (Cross-Site Scripting) Security Vulnerability

Computer Circuit Board

Exploit Title: NYU OpenSSO Integration Logon Page url Parameter XSS

Product: OpenSSO Integration

Vendor: NYU

Vulnerable Versions: 2.1 and probability prior

Tested Version: 2.1

Advisory Publication: DEC 29, 2014

Latest Update: DEC 29, 2014

Vulnerability Type: Cross-Site Scripting [CWE-79]

CVE Reference: CVE-2014-7293

Risk Level: Medium

CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)

Credit: Wang Jing [CCRG, Nanyang Technological University (NTU), Singapore]

http://whitehatpost.blog.163.com/blog/static/24223205420151109249850