php


At the end of last year, a critical vulnerability in PHPMailer that affected millions of websites – CVE-2016-10033 -  was discovered by Polish security researcher Dawid. This vulnerability allows an attacker to compromise the target’s web application by executing remote code on the vulnerable web server. There are numerous open source web applications that use PHPMailer as their main library for sending emails, including WordPress, Joomla, Yii, SugarCRM… More than a month after PHPMailer released a patch for this critical... [Read More]
by RSS Tien Phan   |  Feb 16, 2017  |  Filed in: Security Research
PHP is an open source, general-purpose scripting language used for web development that can also be embedded into HTML. It has over 9 million users, and is used by many popular tools, such as WordPress, Drupal, Joomla!, and so on. This week, a high-level security update was released to fix a remote code execution vulnerability (CVE-2016-10033) in PHPMailer, which is an open source PHP library for sending emails from PHP websites. This critical vulnerability is caused by class.phpmailer.php incorrectly processing user requests. As a result, remote... [Read More]
by RSS Zhouyuan Yang  |  Jan 05, 2017  |  Filed in: Security Research
PHP is a programming language that was created in 1995 by Rasmus Lerdorf. And according to W3Techs, it’s dynamically generating content on more than 82% of all websites worldwide. That means hundreds of millions of web servers are vulnerable to the flaws we are describing below. Last month, FortiGuard discovered two security issues in PHP’s core (CVE-2016-6189) and in PHP’s zip (CVE-2016-6197). These issues affect both the current PHP version 5 and its upcoming version 7. These bugs are located in different part of the code,... [Read More]
by RSS Tony Loi  |  Aug 10, 2016  |  Filed in: Security Research
PCRE, or Perl Compatible Regular Expressions, is a library of functions that implements regular expression pattern matching. It is used widely in applications ranging from MariaDB to Apache. It is also used extensively by PHP which underpins many web applications and is increasingly turning up in Internet of Things devices. FortiGuard researchers recently discovered vulnerabilities in the PCRE library with broad impacts across several such applications. In this case, there are two separate but similar heap overflow vulnerabilities. Insufficient... [Read More]
by RSS Alex Harvey  |  Jun 08, 2015  |  Filed in: Industry Trends
Vulnerabilities and more vulnerabilities plagued the security landscape the week of April 30-May 5. Adobe patched a major Flash flaw, while security experts warned of gaping holes in PHP. Meanwhile, it appears that Intel is going to do something with its McAfee purchase after all. Here's a look at this week in security. Adobe Patches Critical Flaw: Adobe released a patch last week for a critical Flash vulnerability pivotal in targeted attacks that exploit a vulnerable version of Flash on Windows running the Internet Explorer Web browser. Altogether,... [Read More]
by RSS Stefanie Hoffman  |  May 08, 2012  |  Filed in: Industry Trends