Critical Vulnerability in PHPMailer library found
Critical Vulnerability in PHPMailer library found The hole allows to remotely execute a code in the context of web server and compromize the web application. Polish security researcher Dawid Golunski from Legal Hackers has found a critical hole in one of the most popular open source code libraries PHPMailer. Using it, a hacker can remotely execute a code in the context of web server and compromize the web application. A hacker can exploit the hole (CVE-2016-10033) in such website components as...
Google releases new tools to prevent XSS-attacks
Google releases new tools to prevent XSS-attacks Googleinfo-icon has released new tools and related documentation to help developers reduce the risk of XSS attacks using the Content Security Policy (CSP) standard. XSS-vulnerabilities continue to affect many web applications, including those developed by large companies. In the past two years, Google paid experts 1.2 million dollars for detection of these vulnerabilities. One of the most effective ways to reduce the risk of XSS is CSP; it is a...
Unidentified hackers compromised ethereum.org forum’s database
Unidentified hackers compromised ethereum.org forum’s database December 19, 2016, a notice appeared in Ethereum Project’s official blog, warning that ethereum.org forum was compromised by unknown attackers. The administration learned about the data leak on December 16, 2016. The first results of the investigation showed the following picture. The information stolen by hackers is a backup of the forum database dated April 2016. The backup contained data of 16,500 forum users. The date, which...
