Archive for the ‘php security’ Category

Watch Out IT Admins! Two Unpatched Critical RCE Flaws Disclosed in rConfig

November 3rd, 2019
If you're using the popular rConfig network configuration management utility to protect and manage your network devices, here we have an important and urgent warning for you. A cybersecurity researcher has recently published details and proof-of-concept exploits for two unpatched, critical remote code execution vulnerabilities in the rConfig utility, at least one of which could allow

Posted in cyber security, Network Device Management, network security, networking, php security, rConfig, remote code execution, Zero-Day Vulnerability | Comments (0)

New PHP Flaw Could Let Attackers Hack Sites Running On Nginx Servers

October 26th, 2019
If you're running any PHP based website on NGINX server and have PHP-FPM feature enabled for better performance, then beware of a newly disclosed vulnerability that could allow unauthorized attackers to hack your website server remotely. The vulnerability, tracked as CVE-2019-11043, affects websites with certain configurations of PHP-FPM that is reportedly not uncommon in the wild and could

Posted in hacking web server, hosting web server, Nginx, php 7, php security, PHP Vulnerability, PHP-FPM, Vulnerability, website security | Comments (0)

Hackers Actively Exploiting Widely-Used Social Share Plugin for WordPress

April 23rd, 2019
Hackers have been found exploiting a pair of critical security vulnerabilities in one of the popular social media sharing plugins to take control over WordPress websites that are still running a vulnerable version of the plugin. The vulnerable plugin in question is Social Warfare which is a popular and widely deployed WordPress plugin with more than 900,000 downloads. It is used to add social

Posted in cyber security, hack wordpress, hacking news, php security, remote code execution, website security, WordPress, Wordpress hacking, Wordpress Security | Comments (0)

Drupal Releases Core CMS Updates to Patch Several Vulnerabilities

April 17th, 2019
Drupal, the popular open-source content management system, has released security updates to address multiple "moderately critical" vulnerabilities in Drupal Core that could allow remote attackers to compromise the security of hundreds of thousands of websites. According to the advisories published today by the Drupal developers, all security vulnerabilities Drupal patched this month reside in

Posted in Cross site scripting, cybersecurity, Drupal, Drupal hacking, hacking news, JQuery, php security, remote code execution, Vulnerability, website security | Comments (0)

Critical PHPMailer Flaw leaves Millions of Websites Vulnerable to Remote Exploit

December 26th, 2016

A critical vulnerability has been discovered in PHPMailer, which is one of the most popular open source PHP libraries to send emails used by more than 9 Million users worldwide.

Millions of PHP websites and popular open source web applications, including WordPress, Drupal, 1CRM, SugarCRM, Yii, and Joomla comes with PHPMailer library for sending emails using a variety of methods, including

Posted in hacking news, php backdoor, PHP script, php security, phpmailer, remote code execution, Vulnerability, website hacking, website security | Comments (0)

Critical Vulnerability Patched in Roundcube Webmail

December 7th, 2016

Open source webmail provider Roundcube was patched against a vulnerability that could be trivially exploited to run code on servers or access email accounts.

Posted in code execution, command execution, email security, Hendrik Buchwald, input sanitation, Input validation, Open Source Security, PHP fifth parameter, php security, RIPS Technologies, Roundcube, vulnerabilities, Vulnerability, Web Security | Comments (0)

PornHub Pays Hackers $20,000 to Find Zero-day Flaws in its Website

July 25th, 2016

Cyber attacks get bigger, smarter, more damaging.

P*rnHub launched its bug bounty program two months ago to encourage hackers and bug bounty hunters to find and responsibly report flaws in its services and get rewarded.

Now, it turns out that the world’s most popular p*rn*graphy site has paid its first bounty payout. But how much?

US $20,000!
<!– adsense –>
Yes, P*rnHub has paid $20,000

Posted in Bug Bounty Program, hacking news, php backdoor, PHP script, php security, remote code execution, website hacking, zero-day exploit | Comments (0)

These Top 10 Programming Languages Have Most Vulnerable Apps on the Internet

December 4th, 2015

A new research showed that Scripting languages, in general, give birth to more security vulnerabilities in web applications, which raised concerns over potential security bugs in millions of websites.

The app security firm Veracode has released its State of Software Security: Focus on Application Development report (PDF), analyzing more than 200,000 separate applications from October 1,

Posted in computer programming, hacking news, Java, php security, programming language, security news, Vulnerability, Zero-Day Vulnerability | Comments (0)