Search cyberveille.decio.ch

CVE-2022-35650 Analysis

CVE-2022-35650 The vulnerability was found in Moodle, occurs due to input validation error when importing lesson questions. This insufficient path checks results in arbitrary file read risk. This vulnerability allows a remote attacker to perform directory traversal attacks. The capability to access this feature is only available to teachers, managers and admins by default.

#Anna #0x1337 #CVE-2022-35650 #Analysis #Moodle #vulnerability #PHP

·0x1337.ninja·Aug 4, 2022

CVE-2022-35650 Analysis

PyPI package 'ctx' and PHP library 'phpass' compromised to steal environment variables

This week, immensely popular PyPI package 'ctx' has been compromised and altered to steal environment variables from its users. Additionally, a forked PHP project 'phpass' also suffered a repo-hijacking attack with the project tained with identical malicious payload.

#PyPI #ctx #PHP #supplychain #attack #sonatype #EN #2022 #exfiltration #steal #Supply-chain-security

·blog.sonatype.com·May 25, 2022

PyPI package 'ctx' and PHP library 'phpass' compromised to steal environment variables

CVE-2022-35650 Analysis

CVE-2022-35650 The vulnerability was found in Moodle, occurs due to input validation error when importing lesson questions. This insufficient path checks results in arbitrary file read risk. This vulnerability allows a remote attacker to perform directory traversal attacks. The capability to access this feature is only available to teachers, managers and admins by default.

#Anna #0x1337 #CVE-2022-35650 #Analysis #Moodle #vulnerability #PHP

·0x1337.ninja·Aug 4, 2022

CVE-2022-35650 Analysis

PyPI package 'ctx' and PHP library 'phpass' compromised to steal environment variables

This week, immensely popular PyPI package 'ctx' has been compromised and altered to steal environment variables from its users. Additionally, a forked PHP project 'phpass' also suffered a repo-hijacking attack with the project tained with identical malicious payload.

#PyPI #ctx #PHP #supplychain #attack #sonatype #EN #2022 #exfiltration #steal #Supply-chain-security

·blog.sonatype.com·May 25, 2022

PyPI package 'ctx' and PHP library 'phpass' compromised to steal environment variables

PHP Obfuscator with Backdoor

An online tool offers a service to obfuscate PHP code, but it also silently inserts a backdoor into the code that allows any other PHP code to be executed!

#andreadraghetti #EN #2024 #php #obfuscation #backdoor #online

·andreadraghetti.it·Mar 30, 2024

PHP Obfuscator with Backdoor

Joomla: PHP Bug Introduces Multiple XSS Vulnerabilities

Sonar’s Vulnerability Research Team has discovered an issue that led to multiple XSS vulnerabilities in the popular Content Management System Joomla. The issue discovered with the help of SonarCloud affects Joomla’s core filter component and is tracked as CVE-2024-21726. Attackers can leverage the issue to gain remote code execution by tricking an administrator into clicking on a malicious link. The underlying PHP bug is an inconsistency in how PHP’s mbstring functions handle invalid multibyte sequences. The bug was fixed with PHP versions 8.3 and 8.4, but not backported to older PHP versions. * Joomla released a security announcement and published version 5.0.3/4.4.3, which mitigates the vulnerability.

#sonarsource #EN #2024 #Joomla #PHP #Bug #CVE-2024-21726

·sonarsource.com·Feb 27, 2024

Joomla: PHP Bug Introduces Multiple XSS Vulnerabilities

CVE-2022-35650 Analysis

CVE-2022-35650 The vulnerability was found in Moodle, occurs due to input validation error when importing lesson questions. This insufficient path checks results in arbitrary file read risk. This vulnerability allows a remote attacker to perform directory traversal attacks. The capability to access this feature is only available to teachers, managers and admins by default.

#Anna #0x1337 #CVE-2022-35650 #Analysis #Moodle #vulnerability #PHP

·0x1337.ninja·Aug 4, 2022

CVE-2022-35650 Analysis

PyPI package 'ctx' and PHP library 'phpass' compromised to steal environment variables

This week, immensely popular PyPI package 'ctx' has been compromised and altered to steal environment variables from its users. Additionally, a forked PHP project 'phpass' also suffered a repo-hijacking attack with the project tained with identical malicious payload.

#PyPI #ctx #PHP #supplychain #attack #sonatype #EN #2022 #exfiltration #steal #Supply-chain-security

·blog.sonatype.com·May 25, 2022

PyPI package 'ctx' and PHP library 'phpass' compromised to steal environment variables

CVE-2022-35650 Analysis

CVE-2022-35650 The vulnerability was found in Moodle, occurs due to input validation error when importing lesson questions. This insufficient path checks results in arbitrary file read risk. This vulnerability allows a remote attacker to perform directory traversal attacks. The capability to access this feature is only available to teachers, managers and admins by default.

#Anna #0x1337 #CVE-2022-35650 #Analysis #Moodle #vulnerability #PHP

·0x1337.ninja·Aug 4, 2022

CVE-2022-35650 Analysis

PyPI package 'ctx' and PHP library 'phpass' compromised to steal environment variables

This week, immensely popular PyPI package 'ctx' has been compromised and altered to steal environment variables from its users. Additionally, a forked PHP project 'phpass' also suffered a repo-hijacking attack with the project tained with identical malicious payload.

#PyPI #ctx #PHP #supplychain #attack #sonatype #EN #2022 #exfiltration #steal #Supply-chain-security

·blog.sonatype.com·May 25, 2022

PyPI package 'ctx' and PHP library 'phpass' compromised to steal environment variables

50K WordPress sites exposed to RCE attacks by critical bug in backup plugin

A critical severity vulnerability in a WordPress plugin with more than 90,000 installs can let attackers gain remote code execution to fully compromise vulnerable websites.

#bleepingcomputer #EN #2023 #Backup-Migration #Code-Injection #CVE-2023-6553 #PHP #RCE #Remote-Code-Execution #WordPress

·bleepingcomputer.com·Dec 12, 2023

50K WordPress sites exposed to RCE attacks by critical bug in backup plugin

CVE-2022-35650 Analysis

CVE-2022-35650 The vulnerability was found in Moodle, occurs due to input validation error when importing lesson questions. This insufficient path checks results in arbitrary file read risk. This vulnerability allows a remote attacker to perform directory traversal attacks. The capability to access this feature is only available to teachers, managers and admins by default.

#Anna #0x1337 #CVE-2022-35650 #Analysis #Moodle #vulnerability #PHP

·0x1337.ninja·Aug 4, 2022

CVE-2022-35650 Analysis

PyPI package 'ctx' and PHP library 'phpass' compromised to steal environment variables

This week, immensely popular PyPI package 'ctx' has been compromised and altered to steal environment variables from its users. Additionally, a forked PHP project 'phpass' also suffered a repo-hijacking attack with the project tained with identical malicious payload.

#PyPI #ctx #PHP #supplychain #attack #sonatype #EN #2022 #exfiltration #steal #Supply-chain-security

·blog.sonatype.com·May 25, 2022

PyPI package 'ctx' and PHP library 'phpass' compromised to steal environment variables

CVE-2022-35650 Analysis

CVE-2022-35650 The vulnerability was found in Moodle, occurs due to input validation error when importing lesson questions. This insufficient path checks results in arbitrary file read risk. This vulnerability allows a remote attacker to perform directory traversal attacks. The capability to access this feature is only available to teachers, managers and admins by default.

#Anna #0x1337 #CVE-2022-35650 #Analysis #Moodle #vulnerability #PHP

·0x1337.ninja·Aug 4, 2022

CVE-2022-35650 Analysis

PyPI package 'ctx' and PHP library 'phpass' compromised to steal environment variables

This week, immensely popular PyPI package 'ctx' has been compromised and altered to steal environment variables from its users. Additionally, a forked PHP project 'phpass' also suffered a repo-hijacking attack with the project tained with identical malicious payload.

#PyPI #ctx #PHP #supplychain #attack #sonatype #EN #2022 #exfiltration #steal #Supply-chain-security

·blog.sonatype.com·May 25, 2022

PyPI package 'ctx' and PHP library 'phpass' compromised to steal environment variables

PHP Supply Chain Attack on Composer

We recently discovered a vulnerability in Composer, the main package manager for PHP, and were able to use it to take over the central repository, packagist.org.

#sonarsource #EN #2022 #php #supplychain #supply-chain #packagist.org

·blog.sonarsource.com·Oct 5, 2022

PHP Supply Chain Attack on Composer

CVE-2022-35650 Analysis

CVE-2022-35650 The vulnerability was found in Moodle, occurs due to input validation error when importing lesson questions. This insufficient path checks results in arbitrary file read risk. This vulnerability allows a remote attacker to perform directory traversal attacks. The capability to access this feature is only available to teachers, managers and admins by default.

#Anna #0x1337 #CVE-2022-35650 #Analysis #Moodle #vulnerability #PHP

·0x1337.ninja·Aug 4, 2022

CVE-2022-35650 Analysis

PyPI package 'ctx' and PHP library 'phpass' compromised to steal environment variables

This week, immensely popular PyPI package 'ctx' has been compromised and altered to steal environment variables from its users. Additionally, a forked PHP project 'phpass' also suffered a repo-hijacking attack with the project tained with identical malicious payload.

#PyPI #ctx #PHP #supplychain #attack #sonatype #EN #2022 #exfiltration #steal #Supply-chain-security

·blog.sonatype.com·May 25, 2022

PyPI package 'ctx' and PHP library 'phpass' compromised to steal environment variables

PHP Supply Chain Attack on Composer

We recently discovered a vulnerability in Composer, the main package manager for PHP, and were able to use it to take over the central repository, packagist.org.

#sonarsource #EN #2022 #php #supplychain #supply-chain #packagist.org

·blog.sonarsource.com·Oct 5, 2022

PHP Supply Chain Attack on Composer

CVE-2022-35650 Analysis

CVE-2022-35650 The vulnerability was found in Moodle, occurs due to input validation error when importing lesson questions. This insufficient path checks results in arbitrary file read risk. This vulnerability allows a remote attacker to perform directory traversal attacks. The capability to access this feature is only available to teachers, managers and admins by default.

#Anna #0x1337 #CVE-2022-35650 #Analysis #Moodle #vulnerability #PHP

·0x1337.ninja·Aug 4, 2022

CVE-2022-35650 Analysis

PyPI package 'ctx' and PHP library 'phpass' compromised to steal environment variables

This week, immensely popular PyPI package 'ctx' has been compromised and altered to steal environment variables from its users. Additionally, a forked PHP project 'phpass' also suffered a repo-hijacking attack with the project tained with identical malicious payload.

#PyPI #ctx #PHP #supplychain #attack #sonatype #EN #2022 #exfiltration #steal #Supply-chain-security

·blog.sonatype.com·May 25, 2022

PyPI package 'ctx' and PHP library 'phpass' compromised to steal environment variables

CVE-2022-35650 Analysis

CVE-2022-35650 The vulnerability was found in Moodle, occurs due to input validation error when importing lesson questions. This insufficient path checks results in arbitrary file read risk. This vulnerability allows a remote attacker to perform directory traversal attacks. The capability to access this feature is only available to teachers, managers and admins by default.

#Anna #0x1337 #CVE-2022-35650 #Analysis #Moodle #vulnerability #PHP

·0x1337.ninja·Aug 4, 2022

CVE-2022-35650 Analysis

PyPI package 'ctx' and PHP library 'phpass' compromised to steal environment variables

This week, immensely popular PyPI package 'ctx' has been compromised and altered to steal environment variables from its users. Additionally, a forked PHP project 'phpass' also suffered a repo-hijacking attack with the project tained with identical malicious payload.

#PyPI #ctx #PHP #supplychain #attack #sonatype #EN #2022 #exfiltration #steal #Supply-chain-security

·blog.sonatype.com·May 25, 2022

PyPI package 'ctx' and PHP library 'phpass' compromised to steal environment variables