PHP

PHP bug allowing site hijacking still menaces Internet 22 months on
Credit: http://en.wikipedia.org/wiki/PHP

A vulnerability that allows attackers to take control of websites running older versions of the PHP scripting language continues to threaten the Internet almost two years after security researchers first warned that attackers could use it to remotely execute malicious code on vulnerable servers.

l33tdawg Thu, 03/20/2014 - 01:53 PHP Security

Weird PHP-poking Linux worm slithers into home routers, Internet of Things

posted onNovember 28, 2013
by l33tdawg
Credit: http://en.wikipedia.org/wiki/PHP

Symantec has stumbled across a worm that exploits various vulnerabilities in PHP to infect Intel x86-powered Linux devices. The security biz says the malware threatens to compromise home broadband routers and similar equipment.

However, home internet kit with x86 chips are few and far between – most network-connected embedded devices are powered by ARM or MIPS processors – so the threat seems almost non-existent.

nocomment
READ MORE
PHP.net flagged for malware by Google, researchers confirm it was no false positive
Credit: http://en.wikipedia.org/wiki/PHP

On Thursday, PHP.net was flagged by Google's Safe Browsing for malware. The warning, sparked debate among the development and security communities, as the initial reaction claimed Google triggered a false positive. However, additional research makes that claim seem unlikely.

By mid-morning on Thursday, Google's Safe Browsing initiative was flagging PHP.net, warning visitors that the site was malicious. The root cause appears to be a JavaScript file that had undergone several modifications over the last 24-hours.

l33tdawg Thu, 10/24/2013 - 23:48 PHP Security Viruses & Malware
PHP patches actively exploited CGI vulnerability
Credit: http://en.wikipedia.org/wiki/PHP

The PHP Group has released PHP 5.4.3 and PHP 5.3.13 on Tuesday in order to address two remote code execution vulnerabilities, one of which is being actively exploited by hackers.

"The releases complete a fix for a vulnerability in CGI-based setups (CVE-2012-2311)," the PHP developers said in the release notes. Additionally, PHP 5.4.3 fixes a buffer overflow vulnerability, identified as CVE-2012-2329, in the apache_request_headers() function. 

l33tdawg Fri, 05/11/2012 - 07:15 Security PHP Software-Programming