Martijn Lammerts
My own digital place with a little of everything

PHPMailer < 5.2.18 Remote Code Execution [updated advisory] [CVE-2016-10033]

Posted by Dawid Golunski on Dec 27

PHPMailer < 5.2.18 Remote Code Execution
CVE-2016-10033

Here's an updated version of the advisory with more details + simple PoC.

Still incomplete. There will be more updates/exploits soon at:

https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html

https://twitter.com/dawid_golunski
Continue reading...

Security Risks of TSA PreCheck

Former TSA Administrator Kip Hawley wrote an op-ed pointing out the security vulnerabilities in the TSA's PreCheck program: The first vulnerability in the system is its enrollment process, which seeks to verify an applicant's identity. We know verification is a challenge: A 2011 Government Accountability Office report on TSA's system for checking airport workers' identities concluded that it was "not...
Continue reading...