http://feedproxy.google.com/~r/sucuri/blog/~3/zwipU_PCCcw/thinkphp-5-x-remote-code-execution.html Earlier this year, we noticed an increase in attacks aiming at ThinkPHP, which is a PHP framework that is very popular in Asia. If you keep track of your site’s activity, the following log may look familiar: POST: /index.php?s=captcha HTTP/1.1 Data: _method=__construct&filter[]=system&method=get&server[REQUEST_METHOD]=uname&ipconfig In December 2018, a working exploit was
More info:
http://feedproxy.google.com/~r/sucuri/blog/~3/zwipU_PCCcw/thinkphp-5-x-remote-code-execution.html
Several vulnerabilities have been discovered in the Rubygems included inthe interpreter for the Ruby language, which may result in denial ofservice or the execution of arbitrary code.
More info:
https://www.debian.org/security/2019/dsa-4433
Cedric Buissart discovered two vulnerabilities in Ghostscript, the GPLPostScript/PDF interpreter, which could result in bypass of file systemrestrictions of the dSAFER sandbox.
More info:
https://www.debian.org/security/2019/dsa-4432
https://www.wordfence.com/blog/2019/04/podcast-episode-7-the-tyler-lau-interview-assange-thought-experiments-airbnb-scams-and-more/ This week we look at the Assange arrest, an irresponsible security researcher affecting the WordPress community and do a bit of a thought experiment. We also look at Google’s Sensorvault and how it’s being used by law enforcement, the fascinating rise and fall of the Bayrob malware gang, and some tips for avoiding […]
More info:
https://www.wordfence.com/blog/2019/04/podcast-episode-7-the-tyler-lau-interview-assange-thought-experiments-airbnb-scams-and-more/
