Intelligence Reporting

php (2)

PHP Code Execution Attack A new exploitation technique has been discovered that allow attackers to trigger critical deserialization vulnerabilities in PHP programming language using previously low-risk considered functions. The new technique leaves web applications open to remote code execution attacks, including websites powered by some popular content management systems like WordPress and Typo3. PHP unserialization was first discovered in 2009 which allows attackers to perform various attacks…
RCE in LG Network Storage Devices A flaw has been discovered in LG Network attached Storage Devices that allow attackers to execute remote code and steal data from the device without authentication. A pre-authenticated remote command injection vulnerability exists, which can allow attacker to perform virtually full computer functioning to include access to sensitive data and tamper with the user data and content. Attackers can then upload and distribute malware across the network using this…