Security-Database

Rewriting lot's of our code to be PSR-2/PSR-4 compliant. Ouch ;) Need moral support ;) Really.

Back to business

Wow! Tricky!!

How we broke PHP, hacked Pornhub and earned 20.000$ | Bug Bounties - Evonide We audited Pornhub, then PHP and broke both. In particular, we have gained remote code ex*****on on pornhub.com and have earned a 20.000$ bug bounty.

https://www.security-database.com/toolswatch/Handle-of-the-CPE-Deprecated.html

CPE Deprecated Dictionary integration This update is one of our biggest ’technical’ updates. We will now fully handle the CPE Deprecated Dictionary made by NVD. Thousand lines of codes, tests, checks, re checks and more. Again, our data quality, but also our alerts, will be greater.But what is "Deprecated CPE Dictionary."It means that w...

Seeing the light, but have underestimated the work to implement Deprecated CPE. Specially when we needed to update users CPE. Lot's of test case. Everything is done. Testing and testing again before Production!

Reply from NVD: cpe:/h:::::~~~x86~~ is a good CPE and comply with the standard but are not intended to be included in the official CPE dictionary, but can be used by security tools to identify potentially vulnerable platform configurations.

Ok, it comply, but really? It mean a vulnerability affect all x86 hardware? We will not include this one ;)