Several security vulnerabilities have been found in PHP7 which include: a) Bug #49876 (Fix LDAP path lookup on 64-bit distros). b) Bug #54289 (Phar::extractTo() does not accept specific directories to be extracted). c) Bug #65414 (deal with leading slash when adding files correctly). d) Bug #65414 (deal with leading slash while adding files correctly). e) …
The Internet Systems Consortium (ISC) has released a security update stating that a vulnerability in the Berkeley Internet Name Domain (BIND) has been found which, if exploited an attacker, could cause a Denial of Service (DoS) condition. This vulnerability is caused by a malformed packet BIND erroneously selecting a SERVFAIL rcode instead of a FORMERR …
Drupal has released several security updates to make developers ware that multiple vulnerabilities exist in both Drupal 7 and Drupal 8 including a) Users with permission to post comments are able to view content and comments they do not have access to, and are also able to add comments to this content. b) Drupal has …
Cisco has a released a security update stating that a vulnerability has been identified in the application configuration of Cisco Unified Communications Domain Manager where an insecure key is generated during application configuration allowing an attacker to exploit this by using a known insecure key value to bypass security protections by sending arbitrary requests using …
A Denial of Service (DoS) attack is an attempt to make a system unavailable to the intended user(s), such as preventing access to a website. A successful DoS attack consumes all available network or system resources, usually resulting in a slowdown or server crash. Whenever multiple sources are coordinating in the DoS attack, it becomes …
SQL injection was one of the primary attack vectors responsible for many of 2011’s high profile compromises including Sony Pictures, HBGary, and PBS. It was also responsible for the more recent Adobe data breach in which names, email addresses, and password hashes were stolen from one of their customer databases. SQL injection is a dangerous …
Microsoft has stated that it has released critical security updates for several of its products including: a) Microsoft Internet Explorer 9, 10, 11 b) Microsoft Edge c) Microsoft Windows: 7, 8.1, RT 8.1, 10 d) Microsoft Windows Server: 2008, 2008 R2, 2012, 2012 R2, 2016 e) Microsoft Office Suite 2007 f) Microsoft Office 2010, 2013, …
Adobe has released a security update stating that Multiple vulnerabilities have been discovered in Adobe Acrobat and Reader, the most severe of which could allow for arbitrary code execution. Details are as follows: a) One security mitigation bypass vulnerability that could allow for privilege escalation (CVE-2018-4872) b) Four heap overflow vulnerabilities that could allow for …
Multiple vulnerabilities have been discovered in Google Android OS, the most severe of which could allow for remote code execution within the context of a privileged process. Details are as follows: a) Multiple remote code execution vulnerabilities in Media Framework (CVE-2017-13228, CVE-2017-13230) b) An information disclosure vulnerability in Media Framework (CVE-2017-13232) c) An elevation of …
A vulnerability has been discovered in the GNU C Library of all Linux Distributions which could allow for arbitrary code execution. It is caused due to internal memalign() and malloc() functions in glibc failing to properly report allocation errors. This vulnerability can be exploited when the system processes maliciously crafted data. Successful exploitation could result …