For well over a decade our focus at ionCube has been on PHP security but recently with the release of ionCube24 we have been looking into different kinds of vulnerabilities. This post has a few of the interesting issues we have found this week.
A selection of this week’s more interesting vulnerability disclosures and cyber security news including how banking security is being replaced with photos of yourself instead of a password.
- Critical Drupal Updates Patch Several Vulnerabilities
- Drupal drips out ten new patches, one worthy of immediate attention (The Register)
- CVE-2016-2537 The is-my-json-valid package before 2.12.4 for Node.js has an incorrect exports[‘utc-millisec’] regular expression, which allows remote attackers to cause a denial of service (blocked event loop) via a crafted string. (CVSS:0.0) (Last Update:2016-02-23)
- I could have made you homeless: What happens when you dare hackers to do their worst? (Yahoo Security)
- Bugtraq: WordPress plugin wp-ultimate-exporter SQL injection vulnerability WordPress plugin wp-ultimate-exporter SQL injection vulnerability