Martijn Lammerts
My own digital place with a little of everything

PHPMailer < 5.2.18 Remote Code Execution [updated advisory] [CVE-2016-10033]

Posted by Dawid Golunski on Dec 27

PHPMailer < 5.2.18 Remote Code Execution

Here's an updated version of the advisory with more details + simple PoC.

Still incomplete. There will be more updates/exploits soon at:
Continue reading...

Security Risks of TSA PreCheck

Former TSA Administrator Kip Hawley wrote an op-ed pointing out the security vulnerabilities in the TSA's PreCheck program: The first vulnerability in the system is its enrollment process, which seeks to verify an applicant's identity. We know verification is a challenge: A 2011 Government Accountability Office report on TSA's system for checking airport workers' identities concluded that it was "not...
Continue reading...