PHP Archives - Page 2 of 2 - Security Affairs

Pierluigi Paganini August 17, 2018

Black Hat 2018 – Expert demonstrated a new PHP code execution attack

The security researcher Sam Thomas from Secarma, has discovered a new attack technique that leverages critical deserialization vulnerabilities in PHP programming language. The flaws potentially expose web applications written in the popular language to cyber attacks, including websites running CMSs like WordPress and Typo3. The expert discovered that an attacker can use low-risk functions against Phar archives to trigger […]

Pierluigi Paganini December 10, 2017

Severe flaws in most popular programming languages could expose to hack any secure application built on top of them

Security expert discovered severe flaws in most popular programming languages that could expose to hack any secure application built on top of them. Last week, IOActive Senior Security Consultant Fernando Arnaboldi presented at the Black Hat Europe 2017 security conference the results of an interesting research about vulnerabilities in several popular interpreted programming languages. Arnaboldi […]

Pierluigi Paganini January 03, 2017

Critical RCE vulnerabilities affect SwiftMailer, PhpMailer and ZendMail

The security expert Dawid Golunski from Legal Hackers has reported critical RCE flaws in the popular PHP libraries SwiftMailer, PhpMailer and ZendMail. Recently the security expert Dawid Golunski from Legal Hackers has reported a critical RCE vulnerability, tracked as CVE-2016-10033, in one of the popular open source PHP library, the PHPMailer. The critical vulnerability in the […]

Pierluigi Paganini April 19, 2016

IBM warns a spike in the number of PHP C99 Webshell Attacks

IBM Security has warned the WordPress community about a spike in the number of attacks leveraging a specific variant of the PHP C99 Webshell. Security experts at IBM reported a spike in the number of cyber attacks pushing a variant of the popular C99 webshell in February and March, a 45 percent increase compared to the previous period. […]

Pierluigi Paganini July 29, 2015

Disclosed critical vulnerabilities affecting the PHP file Manager

PHP File Manager was affected by several critical vulnerabilities for nearly 5 years, according to the security consultant Sijmen Ruwhof. In July 2010 Ruwhof was looking for a web base file manager that he could use in his own web server when he came across with PHP file Manager. At the time, he found out […]

Pierluigi Paganini September 14, 2014

Flaws in php5 could cause crash or run programs on Ubuntu

Ubuntu has issued a security notice to inform users about flaws in php5 exploitable to crash or run programs if it received specially crafted network traffic. According to the recent Ubuntu Security Notice php5 could be made to crash or run arbitrary code if it received specially crafted network traffic. “Summary -php5 could be made […]

Pierluigi Paganini April 28, 2014

How to hide a backdoor using PHP Callback Functions

Securi firm has published an interesting post to explain how malware authors could hide a backdoor using PHP Callback functions. Security expert Peter Gramantik at Security Firm has written an interesting blog post to describe how it is possible to hide a backdoor using common PHP callback functions. The technique could surprise the laymen, but malware authors are […]

Pierluigi Paganini March 24, 2014

Cisco on large-scale attacks against unpatched or not updated servers

Cisco observed 400 hosts were infected on daily base and more than 2,700 URLs have been used in a multistage attack against websites running older OS versions. In the last months a growing number of large-scale attacks hit systems all over the world, many of them, like the Snake campaign, are attributable to state-sponsored hackers […]

Pierluigi Paganini November 28, 2013

Internet of Things – Symantec has discovered a new Linux worm

Symantec security experts have discovered a new Linux worm that was designed to target the “Internet of things” infecting Intel x86-powered Linux devices. Symantec security experts have detected across a worm that exploits various vulnerabilities in PHP to infect Intel x86-powered Linux devices. Home internet kits with x86 chips are exposed to the risk of […]

Pierluigi Paganini September 12, 2013

PHP SuperGlobal variables gaining popularity within hacking community

Imperva security researchers observed Web attacks involving PHP SuperGlobal variables are gaining popularity within the hacking community. Security researchers sounded the alarm for the possible abuse of PHP SuperGlobal variables by attackers, it is very frequent to read on PHP application that are hacked cyber cybercriminals. Security experts from Imperva sustains that PHP applications are vulnerable due the […]

PHP

Black Hat 2018 – Expert demonstrated a new PHP code execution attack

Severe flaws in most popular programming languages could expose to hack any secure application built on top of them

Critical RCE vulnerabilities affect SwiftMailer, PhpMailer and ZendMail

IBM warns a spike in the number of PHP C99 Webshell Attacks

Disclosed critical vulnerabilities affecting the PHP file Manager

Flaws in php5 could cause crash or run programs on Ubuntu

How to hide a backdoor using PHP Callback Functions

Cisco on large-scale attacks against unpatched or not updated servers

Internet of Things – Symantec has discovered a new Linux worm

PHP SuperGlobal variables gaining popularity within hacking community

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Coyote malware is first-ever malware abusing Windows UI Automation

SonicWall fixed critical flaw in SMA 100 devices exploited in Overstep malware attacks

DSPM & AI Are Booming: $17.87B and $4.8T Markets by 2033

Stealth backdoor found in WordPress mu-Plugins folder

U.S. CISA adds CrushFTP, Google Chromium, and SysAid flaws to its Known Exploited Vulnerabilities catalog

QUICK LINKS

PHP

newsletter

Subscribe to my email list and stay up-to-date!

recent articles

Subscribe to my email list and stay
up-to-date!