:: Backends RSS
:: Links
:: Articles
:: Submit news
:: Promote us
:: Team
:: Mail us
:: Presse
PHPSecure II
 Â«? phpsecure(); ?»
Last holes
Siemens OpenScape Branch / SBC /core/getLog.php Remote Command Execution
2013-06-15
(35hits)
Siemens OpenScape Branch / SBC /core/getLog.php Arbitrary File Access
2013-06-15
(35hits)
Siemens OpenScape Branch / SBC /core/handleTw.php XSS
2013-06-15
(33hits)
Siemens OpenScape Branch / SBC /core/getLog.php Server Statistic Remote Information Disclosure
2013-06-15
(34hits)
ginkgosnmp.inc in HP System Management Homepage (SMH) allows remote authenticated users to execute arbitrary commands via shell metacharacters in the PATH_INFO to smhutil/snmpchp.php.en.
2013-06-15
(31hits)
hpdiags/frontend2/help/pageview.php in HP Insight Diagnostics 9.4.0.4710 does not properly restrict PHP include or require statements, which allows remote attackers to include arbitrary hpdiags/frontend2/help/ .html files via the path parameter.
2013-06-14
(36hits)
Absolute path traversal vulnerability in hpdiags/frontend2/commands/saveCompareConfig.php in HP Insight Diagnostics 9.4.0.4710 allows remote attackers to write data to arbitrary files via a full pathname in the argument to the devicePath (aka mount)
2013-06-14
(37hits)
Parallels Plesk / Small Business Panel "phppath" Arbitrary PHP Code Execution Vulnerability
2013-06-14
(42hits)
Dolphin /administration/categories.php pathes[] Parameter SQL Injection
2013-06-14
(34hits)
Nanobb create_topic.php post_content Parameter XSS
2013-06-14
(30hits)
Nanobb topic.php id Parameter SQL Injection
2013-06-14
(33hits)
Nanobb category.php id Parameter SQL Injection
2013-06-14
(31hits)
Fobuc Guestbook index.php category Parameter SQL Injection
2013-06-14
(35hits)
WP-SendSMS Plugin for WordPress wp-admin/admin.php Multiple Parameter XSS
2013-06-14
(20hits)
concrete5 index.php/dashboard/system/attributes/sets/ asName Parameter XSS
2013-06-14
(17hits)
concrete5 index.php/dashboard/users/add_group/ gName Parameter XSS
2013-06-14
(19hits)
Mail Subscribe List Plugin for WordPress index.php Multiple Parameter XSS
2013-06-14
(17hits)
WordPress class-phpass.php crypt_private() Function Crafted Password Cookie Handling Resource Consumption Remote DoS
2013-06-14
(17hits)
Fobuc Guestbook "category" SQL Injection Vulnerability
2013-06-12
(36hits)
WordPress Mail Subscribe List Plugin Script Insertion Vulnerability
2013-06-12
(36hits)
Bugtraq: SQL Injection in Dolphin
2013-06-12
(41hits)
PHP Ticket System Password Manipulation CSRF
2013-06-12
(30hits)
RuubikCMS tinybrowser.php folder Parameter Traversal Arbitrary File Access
2013-06-12
(31hits)
Simple PHP Agenda edit_event.php eventid Parameter SQL Injection
2013-06-12
(30hits)
RuubikCMS sitesetup.php Multiple Parameter XSS
2013-06-12
(25hits)
RuubikCMS users.php Multiple Parameter XSS
2013-06-12
(25hits)
RuubikCMS index.php name Parameter XSS
2013-06-12
(23hits)
RuubikCMS extranet.php name Parameter XSS
2013-06-12
(25hits)
WordPress Bug in 'class-phpass.php' Lets Remote Users Deny Service
2013-06-12
(40hits)
PHP up to 5.4.16 denial of service
2013-06-11
(124hits)
WordPress Password Protected Posts Denial of Service Vulnerability
2013-06-11
(35hits)
Cuppa CMS alertConfigField.php urlConfig Parameter Remote File Inclusion
2013-06-11
(23hits)
PhpTax index.php Multiple Parameter Remote Code Execution
2013-06-11
(22hits)
Vuln: PHP CVE-2013-2110 Heap Based Buffer Overflow Vulnerability
2013-06-11
(23hits)
Resin Input Validation Flaw in 'index.php' Permits Cross-Site Scripting Attacks
2013-06-11
(32hits)
HP Insight Diagnostics pageview.php path Parameter Local HTML File Inclusion
2013-06-11
(47hits)
Network Weathermap editor.php mapname Parameter Traversal Arbitrary File Access
2013-06-11
(38hits)
HP Insight Diagnostics saveCompareConfig.php devicePath Parameter Arbitrary File Manipulation
2013-06-11
(42hits)
Caucho Resin index.php logout Parameter XSS
2013-06-11
(34hits)
PHP ext/standard/quot_print.c php_quot_print_encode() Function Crafted String Handling Heap Buffer Overflow
2013-06-10
(61hits)
PHP MP3 File Mimetype Handling DoS
2013-06-10
(49hits)
PHP Heap Overflow in quoted_printable_encode() Lets Remote Users Execute Arbitrary Code
2013-06-08
(41hits)
Vanilla Forums index.php p Parameter Arbitrary Draft Disclosure
2013-06-08
(34hits)
AVE.CMS index.php module Parameter SQL Injection
2013-06-08
(34hits)
PHP up to 5.5.0 RC1 User Input Sanitizer SndToJewish buffer overflow
2013-06-07
(195hits)
Parallels Plesk Panel Bug Lets Remote Users Execute Arbitrary PHP Code
2013-06-07
(27hits)
PHP "php_quot_print_encode()" Buffer Overflow Vulnerability
2013-06-07
(27hits)
Parallels Plesk Panel PHP CGI Arbitrary PHP Code Execution Vulnerability
2013-06-07
(25hits)
Parallels Plesk Panel Crafted Request Handling Remote PHP Code Execution
2013-06-07
(27hits)
Vuln: Drupal Services Module Cross Site Request Forgery Vulnerability
2013-06-07
(36hits)
SweetRice as/index.php search Parameter XSS
2013-06-06
(48hits)
Vuln: Gallery Multiple Cross Site Scripting Vulnerabilities
2013-06-05
(48hits)
BoltWire index.php Multiple Parameter XSS
2013-06-05
(34hits)
PHD Help Desk abro_adjunto.php file Parameter SQL Injection
2013-06-05
(31hits)
PHD Help Desk login.php operador Parameter SQL Injection
2013-06-05
(47hits)
Telaen /telaen/inc/init.php Direct Request Path Disclosure
2013-06-05
(41hits)
Telaen /telaen/index.php f_email Parameter XSS
2013-06-05
(51hits)
Telaen /telaen/redir.php Arbitrary Site Redirect
2013-06-05
(44hits)
PHD Help Desk Two SQL Injection Vulnerabilities
2013-06-04
(47hits)
Exploit Scanner Plugin for WordPress exploit-scanner.php Direct Request Path Disclosure
2013-06-04
(46hits)
Bugtraq: [ISecAuditors Security Advisories] Multiple Vulnerabilities in Telaen <= 1.3.0
2013-06-03
(36hits)
Cross-site scripting (XSS) vulnerability in wp-admin/admin.php in the GRAND FlAGallery plugin before 2.72 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter in a flag-manage-gallery action.
2013-06-01
(49hits)
** DISPUTED ** The Zend Engine in PHP before 5.4.16 RC1, and 5.5.0 before RC2, does not properly determine whether a parser error occurred, which allows context-dependent attackers to cause a denial of service (memory consumption and application crash)
2013-06-01
(63hits)
SQL injection vulnerability in awards.php in PsychoStats 3.2.2b allows remote attackers to execute arbitrary SQL commands via the d parameter.
2013-05-31
(53hits)
Cross-site scripting (XSS) vulnerability in widget_remove.php in the Feedweb plugin before 1.9 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML via the wp_post_id parameter.
2013-05-31
(51hits)
Cross-site scripting (XSS) vulnerability in the aiContactSafe component before 2.0.21 for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
2013-05-31
(42hits)
Xataface "-template" File Disclosure Vulnerability
2013-05-30
(54hits)
ADIF Log Search Widget Plugin for WordPress /wp-content/plugins/adif-log-search-widget/logbook_search.php call Parameter XSS
2013-05-30
(36hits)
data/class/pages/forgot/LC_Page_Forgot.php in LOCKON EC-CUBE 2.11.0 through 2.12.3enP2 does not properly validate the input to the password reminder function, which allows remote attackers to obtain sensitive information via a crafted request.
2013-05-29
(49hits)
Cross-site scripting (XSS) vulnerability in the adminAuthorization function in data/class/helper/SC_Helper_Session.php in LOCKON EC-CUBE 2.11.0 through 2.12.3enP2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL associated
2013-05-29
(56hits)
Vuln: Drupal Node Access User Reference Module Access Bypass Vulnerability
2013-05-29
(60hits)
Vuln: Drupal Edit Limit Module Access Bypass Vulnerability
2013-05-29
(54hits)
Vuln: Moodle 'Gradebook' CVE-2013-2080 Information Disclosure Vulnerability
2013-05-29
(41hits)
GRAND FlAGallery Plugin for WordPress wp-admin/admin.php s Parameter XSS
2013-05-29
(50hits)
Export To Text Plugin for WordPress /wp-content/plugins/export-to-text/export-to-text_dl_txt.php download Parameter Remote File Inclusion
2013-05-29
(63hits)
TWSL2013-002.txt - Multiple XSS Vulnerabilities in The Bug Genie
2013-05-28
(68hits)
TWSL2012-016.txt - Multiple Vulnerabilities in Bitweaver
2013-05-28
(51hits)
TWSL2012-019 - Cross-Site Scripting Vulnerability in Support Incident Tracker
2013-05-28
(64hits)
Wordpress Export To Text Plugin "download" Remote File Inclusion Vulnerability
2013-05-28
(40hits)
SPIP filtres.php Security Bypass Vulnerability
2013-05-27
(53hits)
SPIP /inc/filtres.php Unspecified Editorial Control Privilege Escalation
2013-05-27
(69hits)
The MoodleQuickForm class in lib/formslib.php in Moodle through 2.1.10, 2.2.x before 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 does not properly handle a certain array-element syntax, which allows remote attackers to bypass intended form-data
2013-05-25
(58hits)
Moodle through 2.1.10, 2.2.x before 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 does not enforce capability requirements for reading blog comments, which allows remote attackers to obtain sensitive information via a crafted request.
2013-05-25
(46hits)
Moodle through 2.1.10, 2.2.x before 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 does not consider "don't send" attributes during hub registration, which allows remote hubs to obtain sensitive site information by reading form data.
2013-05-25
(144hits)
The core_grade component in Moodle through 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 does not properly consider the existence of hidden grades, which allows remote authenticated users to obtain sensitive information by leveraging the student role
2013-05-25
(729hits)
mod/assign/locallib.php in the assignment module in Moodle 2.3.x before 2.3.7 and 2.4.x before 2.4.4 does not consider capability requirements during the processing of ZIP assignment-archive download (aka downloadall) requests, which allows remote
2013-05-25
(44hits)
Spider Event Calendar Plugin for WordPress calendar_functions.php Multiple Function Multiple Parameter SQL Injection
2013-05-25
(41hits)
Spider Event Calendar Plugin for WordPress nav_functionnav_html_func.php Multiple Parameter XSS
2013-05-25
(39hits)
Spider Event Calendar Plugin for WordPress functions_for_xml_and_ajax.php Multiple Parameter XSS
2013-05-25
(41hits)
Spider Catalog Plugin for Wordpress Categories.php Multiple Function id Parameter SQL Injection
2013-05-25
(42hits)
Spider Catalog Plugin for Wordpress Categories.html.php Multiple Parameter XSS
2013-05-25
(42hits)
Spider Catalog Plugin for Wordpress Products.html.php Multiple Parameter XSS
2013-05-25
(45hits)
Spider Catalog Plugin for Wordpress spiderBox/spiderBox.js.php Multiple Parameter XSS
2013-05-25
(41hits)
Spider Catalog Plugin for Wordpress catalog.php spider_box_js_php() Function Multiple Parameter XSS
2013-05-25
(39hits)
Spider Event Calendar Plugin for WordPress calendar.php Multiple Function AJAX Operations Access Restriciton Weakness Remote Privilege Escalation
2013-05-25
(40hits)
Spider Event Calendar Plugin for WordPress calendar.php Multiple Function calendar_id Parameter SQL Injection
2013-05-25
(39hits)
Spider Catalog Plugin for Wordpress catalog.php catalog_after_search_results() Function s Parameter SQL Injection
2013-05-25
(49hits)
Spider Catalog Plugin for Wordpress products.php Multiple Function Multiple Parameter SQL Injection
2013-05-25
(42hits)
Grand Flagallery Plugin for WordPress /wp-content/plugins/flagallery-skins/compact_music_player/gallery.php playlist Parameter SQL Injection
2013-05-25
(55hits)
Kimai db_restore.php dates[] Parameter SQL Injection
2013-05-25
(40hits)
PHP Advisories/Bugs/Vulns frequency for this month
20 1271630 210110 1350 0 0 0 0 0 0 0 0 0 0 0 0 0 0 
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30

These PHP advisories are also available as a rss feed and on the dedicated twitter account @phpavdisories
My Validation lundi 17 juin
my-validation lundi 17 juin
cLogger dimanche 16 juin
Siemens OpenScape Branch / SBC /core/getLog.php Server Statistic Remote Information Disclosure samedi 15 juin
Siemens OpenScape Branch / SBC /core/handleTw.php XSS samedi 15 juin
Siemens OpenScape Branch / SBC /core/getLog.php Arbitrary File Access samedi 15 juin
Siemens OpenScape Branch / SBC /core/getLog.php Remote Command Execution samedi 15 juin
ExecScript samedi 15 juin
ginkgosnmp.inc in HP System Management Homepage (SMH) allows remote authenticated users to execute arbitrary commands via shell metacharacters in the PATH_INFO to smhutil/snmpchp.php.en. samedi 15 juin
Absolute path traversal vulnerability in hpdiags/frontend2/commands/saveCompareConfig.php in HP Insight Diagnostics 9.4.0.4710 allows remote attackers to write data to arbitrary files via a full pathname in the argument to the devicePath (aka mount) vendredi 14 juin
hpdiags/frontend2/help/pageview.php in HP Insight Diagnostics 9.4.0.4710 does not properly restrict PHP include or require statements, which allows remote attackers to include arbitrary hpdiags/frontend2/help/ .html files via the path parameter. vendredi 14 juin
Parallels Plesk / Small Business Panel "phppath" Arbitrary PHP Code Execution Vulnerability vendredi 14 juin
PHP Text to Speech Class vendredi 14 juin
WordPress class-phpass.php crypt_private() Function Crafted Password Cookie Handling Resource Consumption Remote DoS vendredi 14 juin
Mail Subscribe List Plugin for WordPress index.php Multiple Parameter XSS vendredi 14 juin
  News browser

SQLi The SQL Injection Knowledge Base is the ultimate resource regarding SQL Injections. Here you will find everything there is to know about SQL Injections.

phpseclib phpSec is a open-source, PSR-0 compatible, PHP security library that takes care of the common security tasks a web developer faces.

Class:sql_inject - This class is meant to search in your SQL data values for special characters that may change the meaning of your SQL data and execute actions that may compromise the security of servers.

Top 10 Links

÷ KillerProtection
÷ phpforge
÷ PY-Membres
÷ ALP - Banner Ad
÷ phpMyNewsletter
÷ PhenHP Album
÷ CuteNews
÷ LokwaBB
÷ Avotravis
÷ Kietu










Online: