ext/standard/var_unserializer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an unserialize call that references a partially constructed object.
Monthly Archives: September 2016
CVE-2016-7412
ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag, which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata.
CVE-2016-7413
Use-after-free vulnerability in the wddx_stack_destroy function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a wddxPacket XML document that lacks an end-tag for a recordset field element, leading to mishandling in a wddx_deserialize call.
CVE-2016-7414
The ZIP signature-verification feature in PHP before 5.6.26 and 7.x before 7.0.11 does not ensure that the uncompressed_filesize field is large enough, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via a crafted PHAR archive, related to ext/phar/util.c and ext/phar/zip.c.
CVE-2016-7415
Stack-based buffer overflow in the Locale class in common/locid.cpp in International Components for Unicode (ICU) through 57.1 for C/C++ allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long locale string.
CVE-2016-7416
ext/intl/msgformat/msgformat_format.c in PHP before 5.6.26 and 7.x before 7.0.11 does not properly restrict the locale length provided to the Locale class in the ICU library, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a MessageFormatter::formatMessage call with a long first argument.
CVE-2016-7417
ext/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11 proceeds with SplArray unserialization without validating a return value and data type, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data.
CVE-2016-7418
The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service (invalid pointer access and out-of-bounds read) or possibly have unspecified other impact via an incorrect boolean element in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call.
CVE-2016-7419
Cross-site scripting (XSS) vulnerability in share.js in the gallery application in ownCloud Server before 9.0.4 and Nextcloud Server before 9.0.52 allows remote authenticated users to inject arbitrary web script or HTML via a crafted directory name.
Do you stand by all your tweets?
A wise man once said: “You should never share anything on the internet unless you are ready for it to be seen by the whole world”. This is certainly something you should keep in mind especially if in fear of judgment… This is also something to be careful about if you are a business owner and you want to turn your dream of a company IPO into reality. Hey, you should even watch out for your posts if you are a recent graduate looking for your next employment opportunity.
Twitter made it easy for you to search their feeds and some tweets are now even indexed on Google. Your thoughts are now visible to the whole world and this is something you need to consider every time you make your thoughts public. We have seen so many stories of people whose lives have been turned around due to a single tweet. Today’s world is not what it used to be and individuals and businesses alike need to adapt and care for their reputation. It’s a common misconception that only a live tweet could damage your reputation, tweets from years ago may be just as harmful as the ones you send out on a Friday night.
Years ago when Twitter was on the rise, many people created profiles tweeting things they wouldn’t necessarily agree with today. You would be surprised of the things people would say when under the soft blanket of internet anonymity. However, today’s internet is not as anonymous as it used to be. The toddler Twitter, which was just making its first steps into the world about ten years ago, grew up big and strong enough to place everything you said within reach of whoever is interested in digging for it.
The importance of managing your digital prints
Panda Security suggests you may want to do some research into your Twitter feed yourself. Get your hands dirty, do some digging of your own. Twitter history can reveal a lot of things for your personality which you may not necessarily want to share with the whole world, i.e. your mother’s maiden name, DOB, PayPal email address as well as your physical one, or the primary school you went to. Staying on top of your digital prints has never been as important as it is now.
However it is not all gloom and doom, there is a way out! It’s not an easy task to search through thousands of tweets but luckily, Twitter has an option for you to request your personal archive. You can go to ‘Settings’ and hit the ‘Request your archive’ option. You will get an email containing a zip file that includes all of your tweets since the beginning of time… or well the beginning of Twitter. The email usually takes a few working days to receive but once you get it, you will have the opportunity to search through all of your Twitter history in an easy way, mimicking the real interface of Twitter.
If you don’t want to wait for a few days just go to your Advanced Search option and search through your tweets. In the ‘From These Accounts’ field, enter your username, and in the ‘Words’ fields the key-words you are trying to find. Once you get the result you were looking for, you can delete the unwanted content. Easy peasy lemon squeezy!
The post Do you stand by all your tweets? appeared first on Panda Security Mediacenter.