Ubuntu: Security Advisory (USN-7171-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-7171-1: PHPUnit vulnerability

It was discovered that PHPUnit incorrectly handled web requests if exposed to the internet. An attacker could possibly use this issue to achive remote code execution or obtain sensitive information...

USN-7171-1 phpunit vulnerability

It was discovered that PHPUnit incorrectly handled web requests if exposed to the internet. An attacker could possibly use this issue to achive remote code execution or obtain sensitive information...

Ubuntu 16.04 LTS : PHPUnit vulnerability (USN-7171-1)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-7171-1 advisory. It was discovered that PHPUnit incorrectly handled web requests if exposed to the internet. An attacker could possibly use this issue to achive remote code...

AndroxGh0st Malware Integrates Mozi Botnet to Target IoT and Cloud Services

The threat actors behind the AndroxGh0st malware are now exploiting a broader set of security flaws impacting various internet-facing applications, while also deploying the Mozi botnet malware. "This botnet utilizes remote code execution and credential-stealing methods to maintain persistent...

CVE-2024-6565

The AForms — Form Builder for Price Calculator & Cost Estimation plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.2.6. This is due to the plugin utilizing the aura library and allowing direct access to the phpunit test files. This makes it possibl...

CVE-2024-6565

CVE-2024-6565 (AForms – Form Builder for Price Calculator & Cost Estimation, WordPress) is an information disclosure vulnerability in all versions up to 2.2.6, caused by the plugin’s use of the aura library and direct access to phpunit test files, enabling unauthenticated full path disclosure. Pu...

AndroxGh0st Malware Targets Laravel Apps to Steal Cloud Credentials

Cybersecurity researchers have shed light on a tool referred to as AndroxGh0st that's used to target Laravel applications and steal sensitive data. "It works by scanning and taking out important information from .env files, revealing login details linked to AWS and Twilio," Juniper Threat Labs...

Imperva uncovers new Indicators of Compromise for FBI and CISA-flagged AndroxGh0st botnet

On January 16, a joint alert from FBI and CISA warned about a concerning development: the emergence of a botnet driven by AndroxGh0st malware targeting vulnerable applications and web servers. AndroxGh0st is a Python-based malware, first seen in late 2022, designed to target Laravel .env files an...

Exploit for Code Injection in Phpunit_Project Phpunit

VulnerabilityScanner for PHPUnit RCE A specialized vulne...

Exploit for Code Injection in Phpunit_Project Phpunit

MASS CVE-2017-9841 Usage sh apt install python...

[SECURITY] Fedora 36 Update: php-symfony4-4.4.50-1.fc36

Symfony PHP framework version 4. NOTE: Does not require PHPUnit bridge...

[SECURITY] Fedora 37 Update: php-symfony4-4.4.50-1.fc37

Symfony PHP framework version 4. NOTE: Does not require PHPUnit bridge...

Kinsing Crypto Malware Hits Kubernetes Clusters via Misconfigured PostgreSQL

The threat actors behind the Kinsing cryptojacking operation have been spotted exploiting misconfigured and exposed PostgreSQL servers to obtain initial access to Kubernetes environments. A second initial access vector technique entails the use of vulnerable images, Sunders Bruskin, security...

PHPUnit extension for TYPO3 vulnerable to Cross-site Scripting

Cross-site scripting XSS vulnerability in the PHPUnit extension before 3.5.15 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

GHSA-C5X3-GQ36-PRRP PHPUnit extension for TYPO3 vulnerable to Cross-site Scripting

Cross-site scripting XSS vulnerability in the PHPUnit extension before 3.5.15 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

GHSA-R7C9-C69M-RPH8 Code Injection in PHPUnit

Util/PHP/eval-stdin.php in PHPUnit starting with 4.8.19 and before 4.8.28, as well as 5.x before 5.6.3, allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a ?php substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external...

Code Injection in PHPUnit

Util/PHP/eval-stdin.php in PHPUnit starting with 4.8.19 and before 4.8.28, as well as 5.x before 5.6.3, allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a ?php substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external...

PHPUnit Command Injection Vulnerability

PHPUnit allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php URI...

[SECURITY] Fedora 34 Update: php-symfony4-4.4.35-1.fc34

Symfony PHP framework version 4. NOTE: Does not require PHPUnit bridge...