[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Month of PHP Security - Summary - 1st May - 10th May



Hi everyone,

10 days ago the Month of PHP Security 2010 has started at
http://www.php-security.org/ and meanwhile 20 vulnerabilities were
posted and also 4 user submitted articles were published. Here is a
short summary of what was released so far. You can follow the Month of
PHP Security on Twitter, too. Just follow @mops_2010

Vulnerabilities in PHP Applications
-----------------------------------

MOPS-2010-020: Xinha WYSIWYG Plugin Configuration Injection
Vulnerability - http://bit.ly/bLHmuS
MOPS-2010-019: Serendipity WYSIWYG Editor Plugin Configuration Injection
Vulnerability - http://bit.ly/cdxZHX
MOPS-2010-018: EFront ask_chat chatrooms_ID SQL Injection Vulnerability
- http://bit.ly/crEATq
MOPS-2010-011: DeluxeBB newthread SQL Injection Vulnerability -
http://bit.ly/aAFdMM
MOPS-2010-007: ClanTiger Shoutbox Module s_email SQL Injection
vulnerability - http://bit.ly/cbSJxo
MOPS-2010-005: ClanSphere MySQL Driver Generic SQL Injection
Vulnerability - http://bit.ly/cTU3ug
MOPS-2010-004: ClanSphere Captcha Generator Blind SQL Injection
Vulnerability - http://bit.ly/dfQfuN
MOPS-2010-002: Campsite TinyMCE Article Attachment SQL Injection
Vulnerability - http://bit.ly/d4v9ft

Vulnerabilities in PHP
----------------------

MOPS-2010-017: PHP preg_quote() Interruption Information Leak
Vulnerability - http://bit.ly/cUYsbj
MOPS-2010-016: PHP ZEND_SR Opcode Interruption Address Information Leak
Vulnerability - http://bit.ly/bwT28V
MOPS-2010-015: PHP ZEND_SL Opcode Interruption Address Information Leak
Vulnerability - http://bit.ly/a3BonY
MOPS-2010-014: PHP ZEND_BW_XOR Opcode Interruption Address Information
Leak Vulnerability - http://bit.ly/cdMzTo
MOPS-2010-013: PHP sqlite_array_query() Uninitialized Memory Usage
Vulnerability - http://bit.ly/bhHyrj
MOPS-2010-012: PHP sqlite_single_query() Uninitialized Memory Usage
Vulnerability - http://bit.ly/8Z8xYt
MOPS-2010-010: PHP html_entity_decode() Interruption Information Leak
Vulnerability - http://bit.ly/doxAXk
MOPS-2010-009: PHP shm_put_var() Already Freed Resource Access
Vulnerability - http://bit.ly/b4NBD8
MOPS-2010-008: PHP chunk_split() Interruption Information Leak
Vulnerability - http://bit.ly/cVoWoM
MOPS-2010-006: PHP addcslashes() Interruption Information Leak
Vulnerability - http://bit.ly/b5gkaf
MOPS-2010-003: PHP dechunk Filter Signed Comparison Vulnerability -
http://bit.ly/bXDivD
MOPS-2010-001: PHP hash_update_file() Already Freed Resource Access
Vulnerability - http://bit.ly/aZDRha

User Submissions
----------------

MOPS Submission 04 â Generating Unpredictable Session IDs and Hashes -
http://bit.ly/ahBiwT
MOPS Submission 03 â sqlite_single_query(), sqlite_array_query()
Uninitialized Memory Usage - http://bit.ly/b61NN3
MOPS Submission 02 â Context-aware HTML escaping - http://bit.ly/d4eqqm
MOPS Submission 01 â A New Open Source Tool: OWASP ESAPI for PHP -
http://bit.ly/cSQh9v

Internal Submission
-------------------

MOPS Article: PHP Web Security (INCOMPLETE) - http://bit.ly/baE4ya


Thank you
Stefan Esser
Organiser
Month of PHP Security / php-security.org
SektionEins GmbH / www.sektioneins.com