Tag
#php
The Snyk php plugin is vulnerable to Code Injection when scanning an untrusted PHP project. The vulnerability can be triggered if Snyk test is run inside the untrusted project due to the improper handling of the current working directory name. Snyk recommends only scanning trusted projects.
ABB Cylon Aspect version 3.08.01 suffers from an unauthenticated log information disclosure vulnerability. An unauthorized attacker can reference the affected page and disclose the webserver's log file containing system information running on the device.
ABB Cylon Aspect version 3.08.01 suffers from an unauthenticated log information disclosure vulnerability. An unauthorized attacker can reference the affected page and disclose the webserver's log file containing system information running on the device.
WarmCookie is a malware family that emerged in April 2024 and has been distributed via regularly conducted malspam and malvertising campaigns.
The ABB BMS/BAS controller suffers from an unauthenticated log information disclosure vulnerability. An unauthorized attacker can reference the affected page and disclose the webserver's log file containing system information running on the device.
The ABB BMS/BAS controller suffers from an unauthenticated log information disclosure vulnerability. An unauthorized attacker can reference the affected page and disclose the webserver's log file containing system information running on the device.
ABB Cylon Aspect version 3.08.01 suffers from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the directory HTTP POST parameter called by the persistenceManagerAjax.php script.
Bad actors have been observed targeting Docker remote API servers to deploy the SRBMiner crypto miner on compromised instances, according to new findings from Trend Micro. "In this attack, the threat actor used the gRPC protocol over h2c to evade security solutions and execute their crypto mining operations on the Docker host," researchers Abdelrahman Esmail and Sunil Bharti said in a technical
Cisco Talos recently discovered a phishing campaign using an open-source phishing toolkit called Gophish by an unknown threat actor.
The ABB BMS/BAS controller suffers from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the 'directory' HTTP POST parameter called by the persistenceManagerAjax.php script.