sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.
CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Posted on 21 January 2015. | Brandon Hoffman, Lumeta's CTO, talks about the management strategies that are essential in the information security industry. He also offers advice to those stepping into the CTO role for the first time, and talks about the evolution of network situational awareness.
Posted on 19 January 2015. | Security researcher Corey Thuen has made a surprising discovery when he reverse-engineered the firmware of the Snapshot tracking dongles that US-based Progressive Insurance gives out to its customers.
Posted on 19 January 2015. | Rather than spend resources on measures such as pen testing, itís now perhaps more relevant to find ways of monitoring for, rooting out, identifying and taking remedial action against malware and threats already inside a network.
Posted on 16 January 2015. | Since the three day terror attack that started in France with the attack on satirical newspaper Charlie Hebdo, 19,000 websites of French-based companies have been targeted by cyber attackers.