it is 21th of May. The Month of PHP Security
(http://www.php-security.org) is still running and we have reached a
vulnerability count of 40 vulnerabilities, which is nearly as much as we
disclosed during the whole Month of PHP Bugs in 2007. However there are
11 more days until the end of May and therefore there are still plenty
of more vulnerabilities to come. Escpecially the amount of SQL injection
vulnerabilites in PHP applications will increase, because it is called
SQL injection marathon for a reason. And we also have several articles
and submissions left.
There have been some changes to the website that should make it easier
to read and we also added the possiblity to comment on bugs/entries/news
and articles.
For those that don't already know you can follow the Month of PHP
Security on Twitter, too. Just follow @mops_2010
Here is the summary of what happened during the last 10 days.
Related Events
--------------
Returning into the PHP Interpreter – Remote Exploitation of Memory
Corruptions in PHP is not over, yet.
http://php-security.org/2010/05/21/related-event-returning-into-the-php-interpreter-remote-exploitation-of-memory-corruptions-in-php-is-not-over-yet/
PHP Security Course – Advanced PHP Auditing at Source and Bytecode level
http://php-security.org/2010/05/19/related-event-php-security-course-advanced-php-auditing-at-source-and-bytecode-level/
Articles
--------
MOPS Submission 07: Our Dynamic PHP – Obvious and not so obvious PHP
code injection and evaluation
http://php-security.org/2010/05/20/mops-submission-07-our-dynamic-php/
MOPS Submission 06: Variable Initialization in PHP
http://php-security.org/2010/05/17/mops-submission-06-variable-initialization-in-php/
Article: Decoding a User Space Encoded PHP Script
http://php-security.org/2010/05/13/article-decoding-a-user-space-encoded-php-script/
MOPS Submission 05 – The Minerva PHP Fuzzer
http://php-security.org/2010/05/11/mops-submission-05-the-minerva-php-fuzzer/
PHP Vulnerabilities
-------------------
MOPS-2010-040: PHP strtr() Interruption Information Leak Vulnerability
http://php-security.org/2010/05/21/mops-2010-040-php-strtr-interruption-information-leak-vulnerability/
MOPS-2010-039: PHP strpbrk() Interruption Information Leak Vulnerability
http://php-security.org/2010/05/21/mops-2010-039-php-strpbrk-interruption-information-leak-vulnerability/
MOPS-2010-038: PHP http_build_query() Interruption Information Leak
Vulnerability
http://php-security.org/2010/05/21/mops-2010-038-php-http_build_query-interruption-information-leak-vulnerability/
MOPS-2010-037: PHP str_getcsv() Interruption Information Leak Vulnerability
http://php-security.org/2010/05/21/mops-2010-037-php-str_getcsv-interruption-information-leak-vulnerability/
MOPS-2010-036: PHP htmlentities() and htmlspecialchars() Interruption
Information Leak Vulnerability
http://php-security.org/2010/05/21/mops-2010-036-php-htmlentities-and-htmlspecialchars-interruption-information-leak-vulnerability/
MOPS-2010-034: PHP iconv_mime_encode() Interruption Information Leak
Vulnerability
http://php-security.org/2010/05/18/mops-2010-034-php-iconv_mime_encode-interruption-information-leak-vulnerability/
MOPS-2010-033: PHP iconv_substr() Interruption Information Leak
Vulnerability
http://php-security.org/2010/05/18/mops-2010-033-php-iconv_substr-interruption-information-leak-vulnerability/
MOPS-2010-032: PHP iconv_mime_decode() Interruption Information Leak
Vulnerability
http://php-security.org/2010/05/18/mops-2010-032-php-iconv_mime_decode-interruption-information-leak-vulnerability/
MOPS-2010-028: PHP phar_wrapper_open_url Format String Vulnerabilities
http://php-security.org/2010/05/14/mops-2010-028-php-phar_wrapper_open_url-format-string-vulnerabilities/
MOPS-2010-027: PHP phar_parse_url Format String Vulnerabilities
http://php-security.org/2010/05/14/mops-2010-027-php-phar_parse_url-format-string-vulnerabilities/
MOPS-2010-026: PHP phar_wrapper_unlink Format String Vulnerability
http://php-security.org/2010/05/14/mops-2010-026-php-phar_wrapper_unlink-format-string-vulnerability/
MOPS-2010-025: PHP phar_wrapper_open_dir Format String Vulnerability
http://php-security.org/2010/05/14/mops-2010-025-php-phar_wrapper_open_dir-format-string-vulnerability/
MOPS-2010-024: PHP phar_stream_flush Format String Vulnerability
http://php-security.org/2010/05/14/mops-2010-024-php-phar_stream_flush-format-string-vulnerability/
MOPS-2010-022: PHP Stream Context Use After Free on Request Shutdown
Vulnerability
http://php-security.org/2010/05/12/mops-2010-022-php-stream-context-use-after-free-on-request-shutdown-vulnerability/
MOPS-2010-021: PHP fnmatch() Stack Exhaustion Vulnerability
http://php-security.org/2010/05/11/mops-2010-021-php-fnmatch-stack-exhaustion-vulnerability/
PHP Application Vulnerabilities
-------------------------------
MOPS-2010-035: e107 BBCode Remote PHP Code Execution Vulnerability
http://php-security.org/2010/05/19/mops-2010-035-e107-bbcode-remote-php-code-execution-vulnerability/
MOPS-2010-031: e107 Usersettings loginname SQL Injection Vulnerability
(UPDATED)
http://php-security.org/2010/05/16/mops-2010-031-e107-usersettings-loginname-sql-injection-vulnerability/
MOPS-2010-030: CMSQlite mod Parameter Local File Inclusion Vulnerability
http://php-security.org/2010/05/15/mops-2010-030-cmsqlite-mod-parameter-local-file-inclusion-vulnerability/
MOPS-2010-029: CMSQlite c Parameter SQL Injection Vulnerability
http://php-security.org/2010/05/15/mops-2010-029-cmsqlite-c-parameter-sql-injection-vulnerability/
MOPS-2010-023: Cacti Graph Viewer SQL Injection Vulnerability
http://php-security.org/2010/05/13/mops-2010-023-cacti-graph-viewer-sql-injection-vulnerability/
Thank you
Stefan Esser
Month of PHP Security / php-security.org
SektionEins GmbH / www.sektioneins.com
分享到:
相关推荐
learn-docker-in-a-month-of-lunches-
和learn-docker-in-a-month-of-lunches是同一个作者,这本书还是比较好的。
资源分类:Python库 所属语言:Python 资源全名:monthday-0.9.0-py2.py3-none-any.whl 资源来源:官方 安装方法:https://lanzao.blog.csdn.net/article/details/101784059
"Learn Linux in a Month of Lunches" English | 2016 | ISBN: 1617293288 | 304 pages | PDF | 19 MB Summary Learn Linux in a Month of Lunches shows you how to install and use Linux for all the things ...
Learn Windows PowerShell 3 in a Month of Lunches(2nd) 英文无水印pdf 第2版 pdf所有页面使用FoxitReader和PDF-XChangeViewer测试都可以打开 本资源转载自网络,如有侵权,请联系上传者或csdn删除 本资源...
这是一个jquery插件,可以实现年月份选择功能,简约美观,短小精悍,方便使用,同时也适合jquery插件开发学习。
docker学习笔记
Learn Git in a Month of Lunche 英文epub 本资源转载自网络,如有侵权,请联系上传者或csdn删除 本资源转载自网络,如有侵权,请联系上传者或csdn删除
Manning Learn Git in a Month of Lunches
{minute} {hour} {day-of-month} {month} {day-of-week} {full-path-to-shell-script} o minute:区间为 0 – 59 o hour:区间为0 – 23 o day-of-month:区间为0 – 31 o month:区间...
SAP FICO month closing activities work instruction with practical cases
Chapter 1 The Tar Pit 3 ...Chapter 18 Propositions of The Mythical Man-Month: True or False? 227 Chapter 19 The Mythical Man-Month after 20 Years - 251 Epilogue 291 Notes and References 293 Index 309
Learn Amazon Web Services in a Month of Lunches 英文无水印原版pdf pdf所有页面使用FoxitReader、PDF-XChangeViewer、SumatraPDF和Firefox测试都可以打开 本资源转载自网络,如有侵权,请联系上传者或csdn...
THE MYTHICAL MAN-MONTH,一本软件人员成长道路上必看的书,内容深厚!
罗马出租车原始轨迹数据,以及自己初步处理的结果 原始数据部分如下: 司机id 时间 纬度 经度 156;2014-02-01 00:00:00.739166+01;POINT(41.8836718276551 12.4877775603346) 187;2014-02-01 00:00:01.148457+01;...
gem 'week_of_month' 运行bundle install,不要忘了重启服务器。 您还可以从命令行以以下方式安装该gem: gem install 'week_of_month' 新的! 配置周开始日! 在application.rb中包含以下行: WeekOfMonth . ...
Learn Linux in a Month of Lunches shows you how to install and use Linux for all the things you do with your OS, like connecting to a network, installing software, and securing your system....
Comp_TIA_Security_Guide_to_Network_Security,The number one concern of computer professionals today continues to be information security, and with good reason. Consider the evidence: a computer cluster...