Security News > 2016 > May > Web servers and sites under attack via ImageMagick zero-day flaw (Help Net Security)
2016-05-04 15:33
A zero-day remote code execution flaw has been found in ImageMagick, an image processing library that allows image uploads from untrusted users (site visitors) and is widely used by web services (social media, blogging sites, etc.). The flaw (CVE-2016–3714) is extremely easy to take advantage of – a booby-trapped image file that carries the exploit that will force the ImageMagick software to run malicious code on the server will do the trick. What’s more, it … More →
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/NR37MxWM2I4/
Related news
- XE Hacker Group Exploits VeraCore Zero-Day to Deploy Persistent Web Shells (source)
- Apple fixes zero-day exploited in 'extremely sophisticated' attacks (source)
- Apple fixes zero-day flaw exploited in “extremely sophisticated” attack (CVE-2025-24200) (source)
- PostgreSQL Vulnerability Exploited Alongside BeyondTrust Zero-Day in Targeted Attacks (source)
- Critical PostgreSQL bug tied to zero-day attack on US Treasury (source)
- New OpenSSH flaws expose SSH servers to MiTM and DoS attacks (source)
- Microsoft fixes Power Pages zero-day bug exploited in attacks (source)
- CrowdStrike Security Report: Generative AI Powers Social Engineering Attacks (source)
- Broadcom fixes three VMware zero-days exploited in attacks (source)
- Over 37,000 VMware ESXi servers vulnerable to ongoing attacks (source)