Read more articles in Cenzic SmartAttack Updates for Web Vulnerabilities
|
 |
| May 15, 2009 | | A PHP String Evaluation Vulnerability is now detectable in the Cenzic Web Server SmartAttack | As of May 15, 2009, Cenzic can detect the PHP 'mb_ereg_replace()' String Evaluation Vulnerability (BugtraqID 34873). The 'mb_ereg_replace()' function of PHP is prone to a vulnerability that can result in the improper evaluation of user-supplied input. Exploiting this issue allows attackers to execute arbitrary PHP commands in the context of the affected application. This week’s product update also includes an enhancement to our Weak Password SmartAttack (version 1.2.6). The injection file was enhanced to increase the “depth” of the SmartAttack. Background on Cenzic’s SmartAttacks
Every week, Cenzic’s suite of products is updated with the latest vulnerabilities (custom, commercial, and open-source) to better detect "holes" in Web applications. These Web application vulnerabilities include (but not limited to) cross site scripting, buffer overflow, path or directory traversal, SQL injection, HTTP response splitting, and other workflow types. by
Erin Swanson
Eswanson@cenzic.com | | |
|
|
