Critical Vulnerability in PHPMailer library found

Critical Vulnerability in PHPMailer library found The hole allows to remotely execute a code in the context of web server and compromize the web application. Polish security researcher Dawid Golunski from Legal Hackers has found a critical hole in one of the most popular open source code libraries PHPMailer. Using it, a hacker can remotely execute a code in the context of web server and compromize the web application. A hacker can exploit the hole (CVE-2016-10033) in such website components as...


Google releases new tools to prevent XSS-attacks

Google releases new tools to prevent XSS-attacks Googleinfo-icon has released new tools and related documentation to help developers reduce the risk of XSS attacks using the Content Security Policy (CSP) standard. XSS-vulnerabilities continue to affect many web applications, including those developed by large companies. In the past two years, Google paid experts 1.2 million dollars for detection of these vulnerabilities. One of the most effective ways to reduce the risk of XSS is CSP; it is a...