* phpSecure.info - Welcome .. script, faille, hack, news, developpement, securité, open source php security related articles and vulnerabilities, vulnérabilités, by tobozo , frogman and calimero

Search with google

«? phpsecure(); ?»

Last trous

LibrettoCMS PGRFileManager.php Multiple File Extension Upload Arbitrary Code Execution

2013-06-19

(25hits)

SPBAS Business Automation Software /customers/index.php Customer Information Manipulation CSRF

2013-06-18

(36hits)

WHMPHP /admin/changepwd.php Unauthenticated Admin Password Manipulation

2013-06-18

(35hits)

Siemens OpenScape Branch / SBC /core/getLog.php Remote Command Execution

2013-06-15

(41hits)

Siemens OpenScape Branch / SBC /core/getLog.php Arbitrary File Access

2013-06-15

(40hits)

Siemens OpenScape Branch / SBC /core/handleTw.php XSS

2013-06-15

(37hits)

Siemens OpenScape Branch / SBC /core/getLog.php Server Statistic Remote Information Disclosure

2013-06-15

(39hits)

ginkgosnmp.inc in HP System Management Homepage (SMH) allows remote authenticated users to execute arbitrary commands via shell metacharacters in the PATH_INFO to smhutil/snmpchp.php.en.

2013-06-15

(35hits)

hpdiags/frontend2/help/pageview.php in HP Insight Diagnostics 9.4.0.4710 does not properly restrict PHP include or require statements, which allows remote attackers to include arbitrary hpdiags/frontend2/help/ .html files via the path parameter.

2013-06-14

(39hits)

Absolute path traversal vulnerability in hpdiags/frontend2/commands/saveCompareConfig.php in HP Insight Diagnostics 9.4.0.4710 allows remote attackers to write data to arbitrary files via a full pathname in the argument to the devicePath (aka mount)

2013-06-14

(43hits)

Parallels Plesk / Small Business Panel "phppath" Arbitrary PHP Code Execution Vulnerability

2013-06-14

(45hits)

Dolphin /administration/categories.php pathes[] Parameter SQL Injection

2013-06-14

(38hits)

Nanobb create_topic.php post_content Parameter XSS

2013-06-14

(34hits)

Nanobb topic.php id Parameter SQL Injection

2013-06-14

(39hits)

Nanobb category.php id Parameter SQL Injection

2013-06-14

(35hits)

Fobuc Guestbook index.php category Parameter SQL Injection

2013-06-14

(41hits)

WP-SendSMS Plugin for WordPress wp-admin/admin.php Multiple Parameter XSS

2013-06-14

(24hits)

concrete5 index.php/dashboard/system/attributes/sets/ asName Parameter XSS

2013-06-14

(21hits)

concrete5 index.php/dashboard/users/add_group/ gName Parameter XSS

2013-06-14

(23hits)

Mail Subscribe List Plugin for WordPress index.php Multiple Parameter XSS

2013-06-14

(20hits)

WordPress class-phpass.php crypt_private() Function Crafted Password Cookie Handling Resource Consumption Remote DoS

2013-06-14

(20hits)

Fobuc Guestbook "category" SQL Injection Vulnerability

2013-06-12

(39hits)

WordPress Mail Subscribe List Plugin Script Insertion Vulnerability

2013-06-12

(38hits)

Bugtraq: SQL Injection in Dolphin

2013-06-12

(44hits)

PHP Ticket System Password Manipulation CSRF

2013-06-12

(33hits)

RuubikCMS tinybrowser.php folder Parameter Traversal Arbitrary File Access

2013-06-12

(34hits)

Simple PHP Agenda edit_event.php eventid Parameter SQL Injection

2013-06-12

(33hits)

RuubikCMS sitesetup.php Multiple Parameter XSS

2013-06-12

(28hits)

RuubikCMS users.php Multiple Parameter XSS

2013-06-12

(30hits)

RuubikCMS index.php name Parameter XSS

2013-06-12

(27hits)

RuubikCMS extranet.php name Parameter XSS

2013-06-12

(28hits)

WordPress Bug in 'class-phpass.php' Lets Remote Users Deny Service

2013-06-12

(43hits)

PHP up to 5.4.16 denial of service

2013-06-11

(143hits)

WordPress Password Protected Posts Denial of Service Vulnerability

2013-06-11

(37hits)

Cuppa CMS alertConfigField.php urlConfig Parameter Remote File Inclusion

2013-06-11

(28hits)

PhpTax index.php Multiple Parameter Remote Code Execution

2013-06-11

(25hits)

Vuln: PHP CVE-2013-2110 Heap Based Buffer Overflow Vulnerability

2013-06-11

(25hits)

Resin Input Validation Flaw in 'index.php' Permits Cross-Site Scripting Attacks

2013-06-11

(35hits)

HP Insight Diagnostics pageview.php path Parameter Local HTML File Inclusion

2013-06-11

(52hits)

Network Weathermap editor.php mapname Parameter Traversal Arbitrary File Access

2013-06-11

(41hits)

HP Insight Diagnostics saveCompareConfig.php devicePath Parameter Arbitrary File Manipulation

2013-06-11

(46hits)

Caucho Resin index.php logout Parameter XSS

2013-06-11

(37hits)

PHP ext/standard/quot_print.c php_quot_print_encode() Function Crafted String Handling Heap Buffer Overflow

2013-06-10

(64hits)

PHP MP3 File Mimetype Handling DoS

2013-06-10

(51hits)

PHP Heap Overflow in quoted_printable_encode() Lets Remote Users Execute Arbitrary Code

2013-06-08

(43hits)

Vanilla Forums index.php p Parameter Arbitrary Draft Disclosure

2013-06-08

(36hits)

AVE.CMS index.php module Parameter SQL Injection

2013-06-08

(37hits)

PHP up to 5.5.0 RC1 User Input Sanitizer SndToJewish buffer overflow

2013-06-07

(212hits)

Parallels Plesk Panel Bug Lets Remote Users Execute Arbitrary PHP Code

2013-06-07

(29hits)

PHP "php_quot_print_encode()" Buffer Overflow Vulnerability

2013-06-07

(29hits)

Parallels Plesk Panel PHP CGI Arbitrary PHP Code Execution Vulnerability

2013-06-07

(27hits)

Parallels Plesk Panel Crafted Request Handling Remote PHP Code Execution

2013-06-07

(29hits)

Vuln: Drupal Services Module Cross Site Request Forgery Vulnerability

2013-06-07

(38hits)

SweetRice as/index.php search Parameter XSS

2013-06-06

(50hits)

Vuln: Gallery Multiple Cross Site Scripting Vulnerabilities

2013-06-05

(50hits)

BoltWire index.php Multiple Parameter XSS

2013-06-05

(36hits)

PHD Help Desk abro_adjunto.php file Parameter SQL Injection

2013-06-05

(33hits)

PHD Help Desk login.php operador Parameter SQL Injection

2013-06-05

(50hits)

Telaen /telaen/inc/init.php Direct Request Path Disclosure

2013-06-05

(43hits)

Telaen /telaen/index.php f_email Parameter XSS

2013-06-05

(55hits)

Telaen /telaen/redir.php Arbitrary Site Redirect

2013-06-05

(46hits)

PHD Help Desk Two SQL Injection Vulnerabilities

2013-06-04

(49hits)

Exploit Scanner Plugin for WordPress exploit-scanner.php Direct Request Path Disclosure

2013-06-04

(48hits)

Bugtraq: [ISecAuditors Security Advisories] Multiple Vulnerabilities in Telaen <= 1.3.0

2013-06-03

(38hits)

Cross-site scripting (XSS) vulnerability in wp-admin/admin.php in the GRAND FlAGallery plugin before 2.72 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter in a flag-manage-gallery action.

2013-06-01

(51hits)

** DISPUTED ** The Zend Engine in PHP before 5.4.16 RC1, and 5.5.0 before RC2, does not properly determine whether a parser error occurred, which allows context-dependent attackers to cause a denial of service (memory consumption and application crash)

2013-06-01

(66hits)

SQL injection vulnerability in awards.php in PsychoStats 3.2.2b allows remote attackers to execute arbitrary SQL commands via the d parameter.

2013-05-31

(55hits)

Cross-site scripting (XSS) vulnerability in widget_remove.php in the Feedweb plugin before 1.9 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML via the wp_post_id parameter.

2013-05-31

(53hits)

Cross-site scripting (XSS) vulnerability in the aiContactSafe component before 2.0.21 for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

2013-05-31

(44hits)

Xataface "-template" File Disclosure Vulnerability

2013-05-30

(56hits)

ADIF Log Search Widget Plugin for WordPress /wp-content/plugins/adif-log-search-widget/logbook_search.php call Parameter XSS

2013-05-30

(38hits)

data/class/pages/forgot/LC_Page_Forgot.php in LOCKON EC-CUBE 2.11.0 through 2.12.3enP2 does not properly validate the input to the password reminder function, which allows remote attackers to obtain sensitive information via a crafted request.

2013-05-29

(52hits)

Cross-site scripting (XSS) vulnerability in the adminAuthorization function in data/class/helper/SC_Helper_Session.php in LOCKON EC-CUBE 2.11.0 through 2.12.3enP2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL associated

2013-05-29

(59hits)

Vuln: Drupal Node Access User Reference Module Access Bypass Vulnerability

2013-05-29

(63hits)

Vuln: Drupal Edit Limit Module Access Bypass Vulnerability

2013-05-29

(56hits)

Vuln: Moodle 'Gradebook' CVE-2013-2080 Information Disclosure Vulnerability

2013-05-29

(44hits)

GRAND FlAGallery Plugin for WordPress wp-admin/admin.php s Parameter XSS

2013-05-29

(52hits)

Export To Text Plugin for WordPress /wp-content/plugins/export-to-text/export-to-text_dl_txt.php download Parameter Remote File Inclusion

2013-05-29

(66hits)

TWSL2013-002.txt - Multiple XSS Vulnerabilities in The Bug Genie

2013-05-28

(72hits)

TWSL2012-016.txt - Multiple Vulnerabilities in Bitweaver

2013-05-28

(53hits)

TWSL2012-019 - Cross-Site Scripting Vulnerability in Support Incident Tracker

2013-05-28

(66hits)

Wordpress Export To Text Plugin "download" Remote File Inclusion Vulnerability

2013-05-28

(42hits)

SPIP filtres.php Security Bypass Vulnerability

2013-05-27

(56hits)

SPIP /inc/filtres.php Unspecified Editorial Control Privilege Escalation

2013-05-27

(71hits)

The MoodleQuickForm class in lib/formslib.php in Moodle through 2.1.10, 2.2.x before 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 does not properly handle a certain array-element syntax, which allows remote attackers to bypass intended form-data

2013-05-25

(60hits)

Moodle through 2.1.10, 2.2.x before 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 does not enforce capability requirements for reading blog comments, which allows remote attackers to obtain sensitive information via a crafted request.

2013-05-25

(50hits)

Moodle through 2.1.10, 2.2.x before 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 does not consider "don't send" attributes during hub registration, which allows remote hubs to obtain sensitive site information by reading form data.

2013-05-25

(148hits)

The core_grade component in Moodle through 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 does not properly consider the existence of hidden grades, which allows remote authenticated users to obtain sensitive information by leveraging the student role

2013-05-25

(758hits)

mod/assign/locallib.php in the assignment module in Moodle 2.3.x before 2.3.7 and 2.4.x before 2.4.4 does not consider capability requirements during the processing of ZIP assignment-archive download (aka downloadall) requests, which allows remote

2013-05-25

(46hits)

Spider Event Calendar Plugin for WordPress calendar_functions.php Multiple Function Multiple Parameter SQL Injection

2013-05-25

(46hits)

Spider Event Calendar Plugin for WordPress nav_functionnav_html_func.php Multiple Parameter XSS

2013-05-25

(42hits)

Spider Event Calendar Plugin for WordPress functions_for_xml_and_ajax.php Multiple Parameter XSS

2013-05-25

(43hits)

Spider Catalog Plugin for Wordpress Categories.php Multiple Function id Parameter SQL Injection

2013-05-25

(44hits)

Spider Catalog Plugin for Wordpress Categories.html.php Multiple Parameter XSS

2013-05-25

(45hits)

Spider Catalog Plugin for Wordpress Products.html.php Multiple Parameter XSS

2013-05-25

(47hits)

Spider Catalog Plugin for Wordpress spiderBox/spiderBox.js.php Multiple Parameter XSS

2013-05-25

(44hits)

Spider Catalog Plugin for Wordpress catalog.php spider_box_js_php() Function Multiple Parameter XSS

2013-05-25

(41hits)

Spider Event Calendar Plugin for WordPress calendar.php Multiple Function AJAX Operations Access Restriciton Weakness Remote Privilege Escalation

2013-05-25

(43hits)

Spider Event Calendar Plugin for WordPress calendar.php Multiple Function calendar_id Parameter SQL Injection

2013-05-25

(41hits)

Spider Catalog Plugin for Wordpress catalog.php catalog_after_search_results() Function s Parameter SQL Injection

2013-05-25

(51hits)

PHP Advisories/Bugs/Vulns frequency for this month


1	2	3	4	5	6	7	8	9	10	11	12	13	14	15	16	17	18	19	20	21	22	23	24	25	26	27	28	29	30

These PHP advisories are also available as a rss feed and on the dedicated twitter account @phpavdisories

Follow @phpAdvisories

Soirée d'inauguration PHP 5.5

jeudi 06 juin

Redmine sur Debian - la méthode simple

mercredi 29 mai

Raspberry Pi utilise le Kindle d'Amazon comme écran

mercredi 29 mai

Alternatives à DropBox / Skydrive / Google Drive pour créer son propre système de stockage et de partage de fichiers

mercredi 29 mai

Windows 8 : Premières impressions, tests et fonctionnalités

mercredi 29 mai

Windowslinux.net : mise à jour importante

mercredi 29 mai

Migration du blog

mardi 28 mai

Lancement d'Outlook.com par Microsoft

mardi 28 mai

VMWare ESXi : L'hyperviseur gratuit

mardi 28 mai

Linux : Afficher l'adresse IP du poste avant l'invite de connexion

mardi 28 mai

Une nouvelle étude menée auprès de 3000 développeurs fait le point sur les tendances de développement et l'adoption du Cloud Computing

jeudi 28 juin

Une nouvelle étude sur l'état d'adoption de PHP en entreprise

vendredi 15 juin

Programmation de qualité au Forum PHP 2012

lundi 30 avril

Meetup MariaDB / LeMug.fr

mercredi 25 janvier

La nouvelle version de Zend Studio 9.0 est disponible

jeudi 17 novembre

Explorer une catégorie

SQLi The SQL Injection Knowledge Base is the ultimate resource regarding SQL Injections. Here you will find everything there is to know about SQL Injections.

phpseclib phpSec is a open-source, PSR-0 compatible, PHP security library that takes care of the common security tasks a web developer faces.

Class:sql_inject - This class is meant to search in your SQL data values for special characters that may change the meaning of your SQL data and execute actions that may compromise the security of servers.

Top 10 Links
÷ KillerProtection
÷ phpforge
÷ PY-Membres
÷ ALP - Banner Ad
÷ phpMyNewsletter
÷ PhenHP Album
÷ CuteNews
÷ LokwaBB
÷ Avotravis
÷ Kietu

Online: