328 matches found
Malicious commits found in PHP code repository: What you need to know
You’ve probably heard that PHP’s Git repository was recently compromised, allowing backdoors to be added to the code located there. You may also be wondering what that means, what a supply chain attack is, and how you could be affected. Read on and well lead you though a straightforward descripti...
PHP Infiltrated with Backdoor Malware
The PHP project on Sunday announced that attackers were able to gain access to its main Git server, uploading two malicious commits, including a backdoor. They were discovered before they went into production. PHP is a widely used open-source scripting language often used for web development. It...
Vapor Resource Management Error Vulnerability
vapor is a Swift web development framework for individual developers. Can be used to develop high-performance Web applications , support for iOS, OS X and Ubuntu systems. Vapor versions prior to 4.40.1 have a security vulnerability that can be exploited by attackers to launch DoS attacks...
Debian DLA-2569-1 : python-django security update
It was discovered that there was a web cache poisoning attack in Django, a popular Python-based web development framework. This was caused by the unsafe handling of ';' characters in Python's urllib.parse.parseqsl method which had been backported to Django's codebase to fix some other security...
[SECURITY] [DLA 2569-1] python-django security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2569-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb February 19, 2021 https://wiki.debian.org/LTS -...
FreeBSD : Rails -- multiple vulnerabilities (8e670b85-706e-11eb-abb2-08002728f74c)
Ruby on Rails blog : Rails version 5.2.4.5, 6.0.3.5 and 6.1.2.1 have been released! Those version are security releases and addresses two issues : CVE-2021-22880: Possible DoS Vulnerability in Active Record PostgreSQL adapter. CVE-2021-22881: Possible Open Redirect in Host Authorization Middlewar...
Debian DLA-2540-1 : python-django security update
It was discovered that there was a potential directory-traversal in Django, a Python-based web development framework. For Debian 9 'Stretch', this problem has been fixed in version 1:1.10.7-2+deb9u10. We recommend that you upgrade your python-django packages. For the detailed security status of...
HBuilder windows version has dll hijacking vulnerability
HBuilder is a web development IDE that supports HTML5 from DCloud Digital Heaven. A dll hijacking vulnerability exists in HBuilder windows version. An attacker can exploit this vulnerability to execute malicious code...
What is Geocoding? — How to Find Coordinates of An Address
How can your app hook into a geocoding service that offers forward and reverse geocoding and an auto-completion facility? Geocoding turns a location name or address into geocoordinates. The service gets used by thousands of applications like Uber and Grubhub to track and plot their map data. Yet,...
Alternatives to Animated GIFs
We have all been amused by animated GIFs on lots of websites -- dancing babies, cute cats, flying birds, funny memes, and countless others. Despite their popularity, animated GIFs can be very heavy and can contribute significantly to page performance issues. How significantly? We have seen...
[SECURITY] Fedora 31 Update: php-7.3.17-1.fc31
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...
[SECURITY] Fedora 30 Update: php-7.3.17-1.fc30
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...
Guangzhou Shantai Electronic Technology Co., Ltd. builds website with SQL injection vulnerability
Guangzhou Shantai Electronic Technology Co., Ltd. is an Internet application service integration provider, the main business includes: brand website planning and development, search engine optimization SEO, enterprise e-commerce platform development, WEB application development office OA, CRM...
PHP Buffer Overflow Vulnerability
PHP PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language jointly maintained by the PHPGroup and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. A...
USN-4224-1: Django vulnerability
Simon Charette discovered that the password reset functionality in Django used a Unicode case insensitive query to retrieve accounts associated with an email address. An attacker could possibly use this to obtain password reset tokens and hijack accounts...
Adobe Fixes 17 Critical Acrobat, Photoshop and Brackets Flaws
Adobe Systems is stomping out 17 critical vulnerabilities in Acrobat Reader, Photoshop and Brackets, which could lead to arbitrary code execution if exploited. Overall, Adobe released patches – as part of its regularly-scheduled updates – addressing 25 CVEs across various products, including its...
SQL Injection Vulnerability in Qingdao Business-to-Business Web Development System
Qingdao Business to Faith Network Technology Co., Ltd, founded in March 2001, was initially a high-tech specialized company specializing in e-commerce, network marketing, software development, IDC and related network value-added services. A SQL injection vulnerability exists in Qingdao Business t...
PHP: Arbitrary code execution
Background PHP is an open source general-purpose scripting language that is especially suited for web development. Description A underflow in envpathinfo in PHP-FPM under certain configurations can be exploited to gain remote code execution. Impact A remote attacker, by sending special crafted HT...
[SECURITY] Fedora 29 Update: php-7.2.21-1.fc29
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...
Debian: Security Advisory (DLA-1872-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...