sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.
CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
While SIEM still serves a valid purpose in the market, our teams were still missing alerts that led to significant data breaches. Enterprises were creating more data than ever before, hackers were getting smarter and making strategic hires in the security market was getting tougher.
Finding out if your API keys and other critical credentials have been compromised is crucial, and Canada-based developer Luke Mclaren has created a script that can help them see if they were dumped online.
Ivan Ristic is well-known in the information security world, and his name has become almost a synonym for SSL Labs. Before that, he was mostly known for his work with OWASP and the development of ModSecurity.