#php

Cisco Talos, in cooperation with CERT.NGO, has discovered new malicious components used by the Turla APT. New findings from Talos illustrate the inner workings of the command and control (C2) scripts deployed on the compromised WordPress servers utilized in the compromise we previously disclosed.

By Uzair Amir Eastern Europe is swiftly rising to prominence in the software development outsourcing sector. This ascendance is marked not… This is a post from HackRead.com Read the original post: Top Software Development Outsourcing Trends

### Summary php-svg-lib fails to validate that font-family doesn't contain a PHAR url, which might leads to RCE on PHP < 8.0, and doesn't validate if external references are allowed. This might leads to bypass of restrictions or RCE on projects that are using it, if they do not strictly revalidate the fontName that is passed by php-svg-lib. ### Details The Style::fromAttributes(), or the Style::parseCssStyle() should check the content of the `font-family` and prevents it to use a PHAR url, to avoid passing an invalid and dangerous `fontName` value to other libraries. The same check as done in the Style::fromStyleSheets might be reused : ``` if ( \array_key_exists("font-family", $styles) && ( \strtolower(\substr($this->href, 0, 7)) === "phar://" || ($this->document->allowExternalReferences === false && \strtolower(\substr($this->href, 0, 5)) !== "data:") ) ...

WordPress versions 6.4.3 and below appear to suffer from a REST API related username disclosure vulnerability.

ITFlow versions prior to commit 432488eca3998c5be6b6b9e8f8ba01f54bc12378 suffer from a cross site request forgery vulnerability.

WEBIGniter version 28.7.23 suffers from a persistent cross site scripting vulnerability.

## Overview A potential security vulnerability discovered in `pimcore/admin-ui-classic-bundle` version up to v1.3.3 . The vulnerability involves a Host Header Injection in the `invitationLinkAction` function of the UserController, specifically in the way `$loginUrl` trusts user input. ## Details The host header from incoming HTTP requests is used unsafely when generating URLs. An attacker can manipulate the HTTP host header in requests to the /admin/user/invitationlink endpoint, resulting in the generation of URLs with the attacker's domain. In fact, if a host header is injected in the POST request, the $loginURL parameter is constructed with this unvalidated host header. It is then used to send an invitation email to the provided user. Here is an excerpt from the affected section of UserController.php file: ``` // /src/Controller/Admin/UserController.php public function invitationLinkAction(Request $request, TranslatorInterface $translator): JsonResponse { ...

### Impact Knowing a user's email address and username, an unauthenticated attacker can hijack the user's account by poisoning the link in the password reset notification message. ### Patches https://github.com/mantisbt/mantisbt/commit/7055731d09ff12b2781410a372f790172e279744 ### Workarounds Define `$g_path` as appropriate in config_inc.php. ### References https://mantisbt.org/bugs/view.php?id=19381 ### Credits Thanks to the following security researchers for responsibly reporting and helping resolve this vulnerability. - Pier-Luc Maltais (https://twitter.com/plmaltais) - Hlib Yavorskyi (https://github.com/Kerkroups) - Jingshao Chen (https://github.com/shaozi) - Brandon Roldan - nhchoudhary

U.S. and U.K. authorities have seized the darknet websites run by LockBit, a prolific and destructive ransomware group that has claimed more than 2,000 victims worldwide and extorted over $120 million in payments. Instead of listing data stolen from ransomware victims who didn't pay, LockBit's victim shaming website now offers free recovery tools, as well as news about arrests and criminal charges involving LockBit affiliates.

Savsoft Quiz version 6.0 Enterprise suffers from a persistent cross site scripting vulnerability.