Browsing tag
WordPress has released version 6.4.2 with a patch for a critical security flaw that could be exploited by threat actors by combining it with another bug to execute arbitrary PHP code on vulnerable sites. “A remote code execution vulnerability that is not directly exploitable in core; however, the security team feels that there is a […]
The maintainers of the open-source file-sharing software ownCloud have warned of three critical security flaws that could be exploited to disclose sensitive information and modify files. A brief description of the vulnerabilities is as follows – Disclosure of sensitive credentials and configuration in containerized deployments impacting graphapi versions from 0.2.0 to 0.3.0. (CVSS score: 10.0) […]
Researchers have disclosed details about a now-patched high-severity security flaw in Packagist, a PHP software package repository, that could have been exploited to mount software supply chain attacks. “This vulnerability allows gaining control of Packagist,” SonarSource researcher Thomas Chauchefoin said in a report shared with The Hacker News. Packagist is used by the PHP package […]
QNAP, Taiwanese maker of network-attached storage (NAS) devices, on Wednesday said it’s in the process of fixing a critical three-year-old PHP vulnerability that could be abused to achieve remote code execution. “A vulnerability has been reported to affect PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24, and 7.3.x below 7.3.11 with improper nginx config,” the […]
The maintainers of the PHP programming language have issued an update regarding the security incident that came to light late last month, stating that the actors may have gotten hold of a user database containing their passwords to make unauthorized changes to the repository. “We no longer believe the git.php.net server has been compromised. However, […]
Web application security specialists report the finding of a security vulnerability in the PHP programming language. This is one of the most used resources on the Internet, as it is the cornerstone of content management systems (such as WordPress and Drupal), as well as of some web applications, such as Facebook. The latest iteration of […]
An ethical hacker from the International Institute of Cyber Security reports the discovery of critical security vulnerability in TCPDF, one of the most used PHP libraries to generate PDF files. According to the ethical hacker, the vulnerability could be exploited by malicious users to perform a remote code execution on web pages and applications that […]
Kotlin 1.2 Moving to Kotlin–the latest programming language to get official Android support. JetBrains announced Kotlin 1.2 and called it a major release which will let the devs reuse code between JVM and JS. The release announcement states that now one can write the business logic of an app once and reuse for the backend, […]
If you’re related to the vast field of programming and creating something new with code, you might be knowing that your choice of programming language determines your workflow and ease. You will be surprised to know that the choice of programming language also depends on the financial status of a country, i.e., whether it’s a […]
Introduction The Google Forms WordPress Plugin fetches a published Google Form using a WordPress custom post or shortcode, removes the Google wrapper HTML and then renders it as an HTML form embedded in your blog post or page. A PHP Object injection vulnerability was found in the Google Forms WordPress Plugin, which can be used […]
PHP 7 is affected by an unpatched vulnerability that opens servers running the latest branch of the PHP programming language to attacks. The vulnerability, yet unpatched is part of a trifecta of bugs disclosed during a presentation by Yannay Livneh, Check Point researcher, at this year’s 33rd Chaos Communication Congress. Vulnerabilities affect PHP 7’s unserialize […]
A security flaw discovered in a common PHP script allows knowledgeable attackers to execute code on a website that uses a vulnerable version of the script, which in turn can allow an attacker to take control over the underlying server. The vulnerable library is PHPMailer, a PHP script that allows developers to automate the task […]
Short Bytes: Pornhub hosted a bug bounty program a couple of months ago. A team of three research has been awarded $20,000 cash prize for finding two PHP Zero Day bugs in the website code which would lead the hacker to access user information and root privileges to a hacker. A researcher trio – Dario […]
Short Bytes: Can you imagine learning to code in a new programming language for a few days and later becoming a billionaire? This is a true story and it involves Facebook’s early days when it was a tiny startup with 50 people. Read more and know how Zuckerberg’s roommate Dustin Moskovitz became Facebook co-founder by learning […]
Image: zend Short Bytes: The PHP development team has released PHP 7.0.0, marking the new major PHP 7 series. This new version comes with new improvements and a new version of Zend Engine. To make the websites faster and bring better web services to the users, PHP development team has announced the release of PHP 7.0. […]
Short Bytes: In the past, time and again, people have called the scripting languages a root cause of software vulnerability and the latest Veracode results prove the same. Using a unique metric called Flaw Density per MB, Veracode has found that PHP is one of the major causes of software vulnerabilities. If we start investigating the […]