The Hacker News Logo
Subscribe to Newsletter
CrowdSec

The Hacker News - Cybersecurity News and Analysis: Wikipedia

Facebook Patches "Memory Disclosure Using JPEG Images" Flaws in HHVM Servers

Facebook Patches "Memory Disclosure Using JPEG Images" Flaws in HHVM Servers

September 09, 2019Wang Wei
Facebook has patched two high-severity vulnerabilities in its server application that could have allowed remote attackers to unauthorisedly obtain sensitive information or cause a denial of service just by uploading a maliciously constructed JPEG image file. The vulnerabilities reside in HHVM (HipHop Virtual Machine)—a high-performance, open source virtual machine developed by Facebook for executing programs written in PHP and Hack programming languages. HHVM uses a just-in-time (JIT) compilation approach to achieve superior performance of your Hack and PHP code while maintaining the development flexibility that the PHP language provides. Since the affected HHVM server application is open-source and free, both issues may also impact other websites that use HHVM, including Wikipedia, Box and especially those which allow their users to upload images on the server. Both the vulnerabilities, as listed below, reside due to a possible memory overflow in the GD extension of HHVM wh
MediaWiki Remote Code Execution vulnerability leaves Wikipedia open for Cyber attacks

MediaWiki Remote Code Execution vulnerability leaves Wikipedia open for Cyber attacks

January 30, 2014Anonymous
The Encyclopedia giant WIKIPEDIA has been found vulnerable to remote code execution because of a critical flaw in the MediaWiki software . Wikipedia is a name which has become a major source of information for all of us. It has webpages on almost every topic you need to search. This giant is powered by an open source wiki software called MediaWiki. MediaWiki not only empowers Wikipedia, but also a number of other wiki websites. This software is a product of the Wikimedia Foundation and is coded in PHP with a database as backend. Cyber Point Software Technologies found a remote code execution vulnerability in MediaWiki, " This vulnerability affects all versions of MediaWiki from 1.8 onwards. " The vulnerability assigned with ID CVE-2014-1610 allows an attacker to execute shell code remotely via an incorrectly sanitized parameter on the MediaWiki application server. "Shell meta characters can be passed in the page parameter to the thumb.php." Bug 60339
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.