This article is written specifically for web developers who use a module. We will tell you how we got access to sensitive data on a staging server through Yii2 Gii Remote Code: First to the testing environment, and then to the production. Spoiler: We have notified the module developer about the problem and it will be fixed soon. A temporary patch is available on GitHub. Gii is a module used to automatically generate code…
One of the services Wallarm offers today are Pentest Audits. Our team has met a new challenging task at a recent project: penetration test & usage for Apache Solr V4.10.4. We want to use this blog to describe the way we have identified vulnerability & managed to execute commands with root privileges. Hope that it will help DevOps teams & sysadmins with Apache Solr deployment & to protect their data. While working on a new…
In addition to the same risks that web applications are exposed to, APIs are faced with a number of unique security risks and vulnerabilities. This blogs provides an overview of the new OWASP API Top 10 risk project.
The real cost of a security breach to your business is larger than many imagine. On the surface there is incredible expensive to recovering from breaches. What is often also at risk is the inestimable damage to company morale, brand reputation, and operations.
by bo0om, Wallarm Research Imaging a scary scenario: you open a simple html document, and after a little while, your proprietary files unbeknownst to you find their way to somebody else’s hard drive… Documents, source code, SSH keys, passwords…All the files you, the authorized user, have access to — gone. Impossible? Not quite. Some of the commonly used browsers may actually allow this scenario. Generally, an attack works something like this: User opens html document in a…
Is GHOST dangerous? Yes, it is. GHOST is a high severity vulnerability (CVE-2015–0235) that allows attackers to implement remote code execution (RCE) attack taking complete control of the victim system. It exploits a buffer overflow bug in glibc’s GetHOST functions (hence the name). Fortunately, Linux vendors already have necessary updates available as Qualys company was in touch with them before disclosing vulnerability. How to check if my systems is vulnerable? Linux systems that use versions…
Subscribe for the latest news
Subscribe