Let this be a reminder of the joys in programming PHP
I have started to take a look at a number of security silver bullets. The first on my list - SecurityOnion.
Fortunately, glossing over the source, the search didn't take longer than 3 minutes to find a few web vulnerabilities. The poor programming practice was an inherent trust in the malicious browser to do no harm.
I will leave the exercise of finding the RCE 0days to the reader. There exist 3 web and 11 network traffic based vectors to enact arbitrary remote code execution.
Disclosure may be found @
Patches may be found @