Lucene search
K

328 matches found

Malwarebytes
Malwarebytes
added 2021/03/30 2:48 p.m.44 views

Malicious commits found in PHP code repository: What you need to know

You’ve probably heard that PHP’s Git repository was recently compromised, allowing backdoors to be added to the code located there. You may also be wondering what that means, what a supply chain attack is, and how you could be affected. Read on and well lead you though a straightforward descripti...

6.9AI score
Exploits0
ThreatPost
ThreatPost
added 2021/03/29 3:42 p.m.211 views

PHP Infiltrated with Backdoor Malware

The PHP project on Sunday announced that attackers were able to gain access to its main Git server, uploading two malicious commits, including a backdoor. They were discovered before they went into production. PHP is a widely used open-source scripting language often used for web development. It...

7.3AI score
Exploits0References10
CNVD
CNVD
added 2021/03/09 12:0 a.m.7 views

Vapor Resource Management Error Vulnerability

vapor is a Swift web development framework for individual developers. Can be used to develop high-performance Web applications , support for iOS, OS X and Ubuntu systems. Vapor versions prior to 4.40.1 have a security vulnerability that can be exploited by attackers to launch DoS attacks...

5.3CVSS6.8AI score0.01625EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2021/02/22 12:0 a.m.40 views

Debian DLA-2569-1 : python-django security update

It was discovered that there was a web cache poisoning attack in Django, a popular Python-based web development framework. This was caused by the unsafe handling of ';' characters in Python's urllib.parse.parseqsl method which had been backported to Django's codebase to fix some other security...

5.9CVSS7.2AI score0.35963EPSS
Exploits1References4
Debian
Debian
added 2021/02/19 4:24 p.m.109 views

[SECURITY] [DLA 2569-1] python-django security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2569-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb February 19, 2021 https://wiki.debian.org/LTS -...

5.9CVSS6.9AI score0.35963EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2021/02/18 12:0 a.m.37 views

FreeBSD : Rails -- multiple vulnerabilities (8e670b85-706e-11eb-abb2-08002728f74c)

Ruby on Rails blog : Rails version 5.2.4.5, 6.0.3.5 and 6.1.2.1 have been released! Those version are security releases and addresses two issues : CVE-2021-22880: Possible DoS Vulnerability in Active Record PostgreSQL adapter. CVE-2021-22881: Possible Open Redirect in Host Authorization Middlewar...

7.5CVSS7.2AI score0.87301EPSS
Exploits2References6
Tenable Nessus
Tenable Nessus
added 2021/02/02 12:0 a.m.44 views

Debian DLA-2540-1 : python-django security update

It was discovered that there was a potential directory-traversal in Django, a Python-based web development framework. For Debian 9 'Stretch', this problem has been fixed in version 1:1.10.7-2+deb9u10. We recommend that you upgrade your python-django packages. For the detailed security status of...

5.3CVSS6.5AI score0.07605EPSS
Exploits1References4
CNVD
CNVD
added 2021/01/12 12:0 a.m.4 views

HBuilder windows version has dll hijacking vulnerability

HBuilder is a web development IDE that supports HTML5 from DCloud Digital Heaven. A dll hijacking vulnerability exists in HBuilder windows version. An attacker can exploit this vulnerability to execute malicious code...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2020/12/16 1:41 p.m.35 views

What is Geocoding? — How to Find Coordinates of An Address

How can your app hook into a geocoding service that offers forward and reverse geocoding and an auto-completion facility? Geocoding turns a location name or address into geocoordinates. The service gets used by thousands of applications like Uber and Grubhub to track and plot their map data. Yet,...

6.5AI score
Exploits0
Akamai Blog
Akamai Blog
added 2020/11/30 2:0 p.m.73 views

Alternatives to Animated GIFs

We have all been amused by animated GIFs on lots of websites -- dancing babies, cute cats, flying birds, funny memes, and countless others. Despite their popularity, animated GIFs can be very heavy and can contribute significantly to page performance issues. How significantly? We have seen...

0.8AI score
Exploits0
Fedora
Fedora
added 2020/04/25 3:3 a.m.10 views

[SECURITY] Fedora 31 Update: php-7.3.17-1.fc31

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

0.4AI score
Exploits0
Fedora
Fedora
added 2020/04/25 2:43 a.m.13 views

[SECURITY] Fedora 30 Update: php-7.3.17-1.fc30

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

0.4AI score
Exploits0
CNVD
CNVD
added 2020/02/22 12:0 a.m.1 views

Guangzhou Shantai Electronic Technology Co., Ltd. builds website with SQL injection vulnerability

Guangzhou Shantai Electronic Technology Co., Ltd. is an Internet application service integration provider, the main business includes: brand website planning and development, search engine optimization SEO, enterprise e-commerce platform development, WEB application development office OA, CRM...

7.6AI score
Exploits0
CNVD
CNVD
added 2019/12/23 12:0 a.m.2 views

PHP Buffer Overflow Vulnerability

PHP PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language jointly maintained by the PHPGroup and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. A...

5.3CVSS7.1AI score0.04082EPSS
Exploits0References1
Ubuntu
Ubuntu
added 2019/12/19 1:2 a.m.139 views

USN-4224-1: Django vulnerability

Simon Charette discovered that the password reset functionality in Django used a Unicode case insensitive query to retrieve accounts associated with an email address. An attacker could possibly use this to obtain password reset tokens and hijack accounts...

9.8CVSS7.1AI score0.3481EPSS
Exploits7
ThreatPost
ThreatPost
added 2019/12/10 4:37 p.m.34 views

Adobe Fixes 17 Critical Acrobat, Photoshop and Brackets Flaws

Adobe Systems is stomping out 17 critical vulnerabilities in Acrobat Reader, Photoshop and Brackets, which could lead to arbitrary code execution if exploited. Overall, Adobe released patches – as part of its regularly-scheduled updates – addressing 25 CVEs across various products, including its...

10CVSS1.7AI score0.34676EPSS
Exploits2References14
CNVD
CNVD
added 2019/10/30 12:0 a.m.2 views

SQL Injection Vulnerability in Qingdao Business-to-Business Web Development System

Qingdao Business to Faith Network Technology Co., Ltd, founded in March 2001, was initially a high-tech specialized company specializing in e-commerce, network marketing, software development, IDC and related network value-added services. A SQL injection vulnerability exists in Qingdao Business t...

7.6AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2019/10/25 12:0 a.m.141 views

PHP: Arbitrary code execution

Background PHP is an open source general-purpose scripting language that is especially suited for web development. Description A underflow in envpathinfo in PHP-FPM under certain configurations can be exploited to gain remote code execution. Impact A remote attacker, by sending special crafted HT...

9.8CVSS2.3AI score0.9947EPSS
Exploits54
Fedora
Fedora
added 2019/08/08 1:53 a.m.47 views

[SECURITY] Fedora 29 Update: php-7.2.21-1.fc29

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

7.5CVSS0.4AI score0.07065EPSS
Exploits1
OpenVAS
OpenVAS
added 2019/08/07 12:0 a.m.55 views

Debian: Security Advisory (DLA-1872-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.8AI score0.03502EPSS
Exploits0References3
Rows per page
Query Builder