phpSecure.info - Welcome .. script, faille, hack, news, developpement, securité, open source php security related articles and vulnerabilities, vulnérabilités, by tobozo , frogman and calimero

«? phpsecure(); ?»

Last trous

[3/5] vBulletin Visitor Messages Script Insertion Vulnerability (7hits)	2008-11-21
Private Messaging System for PunBB Local File Inclusion Vulner... (7hits)	2008-11-21
Vuln: wPortfolio '/admin/userinfo.php' Authentication Bypass V... (13hits)	2008-11-21
Vuln: vBulletin 'admincp/image.php' SQL Injection Vulnerability (24hits)	2008-11-19
Vuln: Musicbox 'viewalbums.php' SQL Injection Vulnerability (19hits)	2008-11-19
[1/5] vBulletin SQL Injection Vulnerabilities (30hits)	2008-11-18
[1/5] vBulletin Calender SQL Injection Vulnerability (21hits)	2008-11-18
[3/5] mxCamArchive Information Disclosure and PHP Code Execution (21hits)	2008-11-18
[3/5] E-topbiz AdManager "group" SQL Injection Vulnerability (16hits)	2008-11-18
[4/5] phpFan "includepath" File Inclusion Vulnerability (22hits)	2008-11-18
[2/5] Streber Unspecified Cross-Site Request Forgery Vulnerab... (18hits)	2008-11-18
[3/5] VideoScript "admin/cp.php" Security Bypass Vulnerability (20hits)	2008-11-18
Vuln: Pre Simple CMS 'adminlogin.php' SQL Injection Vulnerability (16hits)	2008-11-18
Bugtraq: [waraxe-2008-SA#069] - Multiple Sql Injection in vBul... (20hits)	2008-11-18
Vuln: Parallels Plesk Billing 'new_language' Parameter Cross S... (16hits)	2008-11-18
PHPStore Wholesale "id" Parameter Remote SQL Injection Vulnera... (20hits)	2008-11-17
Bugtraq: [waraxe-2008-SA#068] - Sql Injection in vBulletin 3.7... (19hits)	2008-11-17
Vuln: ClipShare Pro 'channel_detail.php' SQL Injection Vulnera... (19hits)	2008-11-17
Vuln: Wholesale 'track.php' SQL Injection Vulnerability (20hits)	2008-11-17
Bugtraq: [ GLSA 200811-05 ] PHP: Multiple vulnerabilities (20hits)	2008-11-17
Vuln: HOSTNOMI Real Estate Portal Pro 'index.php' SQL Injectio... (21hits)	2008-11-17
Vuln: Minigal 'index.php' Directory Traversal Vulnerability (20hits)	2008-11-17
Joomla! Flash Tree Gallery Component Remote File Include (19hits)	2008-11-17
CuteNews aj-fork "path" Parameter Remote File Include (16hits)	2008-11-17
Micro CMS "microcms-admin-home.php" Security Bypass (18hits)	2008-11-17
Acc Scripts Acc PHP eMail Cookie Authentication Bypass (18hits)	2008-11-17
Vuln: PHP FastCGI Module File Extension Denial Of Service Vuln... (25hits)	2008-11-17
[3/5] PHPStore Wholesales "id" SQL Injection Vulnerability (19hits)	2008-11-17
[3/5] PHPStore Yahoo Answers "id" SQL Injection Vulnerability (19hits)	2008-11-17
Vuln: AlstraSoft SendIt Pro Arbitrary File Upload Vulnerability (35hits)	2008-11-14
TYPO3 Backend Module "file" Cross Site Scripting Vulnerability (29hits)	2008-11-13
Vuln: rtgdictionary for TYPO3 Arbitrary File Upload Vulnerability (29hits)	2008-11-13
[3/5] AlstraSoft Article Manager Pro "username" SQL Injection... (30hits)	2008-11-13
[3/5] AlstraSoft Web Host Directory "pwd" SQL Injection Vulne... (32hits)	2008-11-13
AlstraSoft Article Manager Pro "username" SQL Injection Vulner... (28hits)	2008-11-13
[2/5] TYPO3 "file" Backend Module Cross-Site Scripting Vulner... (32hits)	2008-11-13
Vuln: TYPO3 Wir ber uns Extension SQL Injection and Cross Site... (31hits)	2008-11-13
Vuln: Free simple PHP guestbook 'act.php' Arbitrary Script Inj... (44hits)	2008-11-13
Catalog Production for Joomla "id" Remote SQL Injection Vulner... (31hits)	2008-11-12
Simple RSS Reader for Joomla Remote File Inclusion Vulnerability (35hits)	2008-11-12
[4/5] PHPStore Multiple Products File Upload Vulnerability (31hits)	2008-11-12
ComingChina.com U-Mail "edit.php" Arbitrary File Upload (31hits)	2008-11-12
Scripts For Sites EZ Auction "viewfaqs.php" SQL Injection (34hits)	2008-11-12
Mambo and Joomla! SimpleBoard "image_upload.php" Arbitrary Fil... (33hits)	2008-11-12
Free Simple Guestbook PHP Script Code Execution Vulnerability (41hits)	2008-11-11
PHPStore Job Search Arbitrary PHP File Upload Vulnerability (39hits)	2008-11-11
PHPStore Real Estate Arbitrary PHP File Upload Vulnerability (32hits)	2008-11-11
JooBlog Component for Joomla "PostID" SQL Injection Vulnerability (37hits)	2008-11-11
PHPStore Car Dealers Arbitrary PHP File Upload Vulnerability (37hits)	2008-11-11
PHPStore Complete Classifieds Script File Upload Vulnerability (33hits)	2008-11-11
Joomla! "weblinks" and "content" Cross Site Scripting Issues (37hits)	2008-11-11
MyGallery "gallery.inc.php" Parameter Cross-Site Scripting (34hits)	2008-11-11
KKE Info Media Kmita Gallery Multiple Cross-Site Scripting Vul... (32hits)	2008-11-11
WebCards "admin.php" Login Page SQL Injection (36hits)	2008-11-11
Matpo.de Link "view.php" Cross-Site Scripting (32hits)	2008-11-11
Bugtraq: Joomla Component JooBlog 0.1.1 (PostID) SQL Injection... (33hits)	2008-11-11
[3/5] Joomla! Script Insertion Vulnerabilities (35hits)	2008-11-11
[4/5] Sanusart Simple PHP Guestbook Script PHP Code Execution (41hits)	2008-11-11
[3/5] PHP Shop "admin_username" SQL Injection Vulnerability (32hits)	2008-11-11
[3/5] WOW Raid Manager "auth_phpbb3.php" Authentication Bypass (34hits)	2008-11-11
Vuln: MyioSoft EasyBookMarker 'bookmarker_backend.php' SQL Inj... (34hits)	2008-11-11
Vuln: E-topbiz eStore 'index.php' SQL Injection Vulnerability (30hits)	2008-11-11
Vuln: Domain Seller Pro 'index.php' SQL Injection Vulnerability (33hits)	2008-11-11
Vuln: PHP Auto Listings Script 'adminlogin.php' SQL Injection ... (32hits)	2008-11-11
DeltaScripts PHP Classifieds "siteid" Remote SQL Injection Vul... (33hits)	2008-11-10
ExoPHPDesk "user" Parameter Remote SQL Injection Vulnerability (33hits)	2008-11-10
V3 Chat Profiles/Dating Script Multiple Unauthorized Access Vu... (34hits)	2008-11-10
V3 Chat Live Support Remote Authentication Bypass Vulnerability (34hits)	2008-11-10
Vuln: Gallery Prior to 2.2.6 Multiple Vulnerabilities (37hits)	2008-11-10
Vuln: Indiscripts Enthusiast 'show_joined.php' Remote File Inc... (39hits)	2008-11-09
Vuln: MySQL Quick Admin 'actions.php' Local File Include Vulne... (44hits)	2008-11-08
Vuln: SoftComplex PHP Image Gallery Multiple SQL Injection Vul... (34hits)	2008-11-08
[3/5] PHP Classifieds "admin_username" SQL Injection Vulnerab... (46hits)	2008-11-07
[4/5] hMAilServer PHPWebAdmin File Inclusion Vulnerabilities (35hits)	2008-11-07
[4/5] ModernBill Cross-Site Scripting and "DIR" File Inclusio... (36hits)	2008-11-07
[3/5] DevelopItEasy Photo Gallery Multiple SQL Injection Vuln... (39hits)	2008-11-07
Bugtraq: Arab Portal v2.1 Remote File Disclosure (Win32) (39hits)	2008-11-06
Bugtraq: Re: phpWebSite links.php Sql Injection (42hits)	2008-11-06
[4/5] Joomla Dada Mail Manager Component "mosConfig_absolute_... (43hits)	2008-11-06
[3/5] PHP Auto Listings "itemno" SQL Injection Vulnerability (40hits)	2008-11-06
[3/5] PHPX "news_id" SQL Injection Vulnerability (45hits)	2008-11-06
Drupal Content Construction Kit Cross Site Scripting Vulnerabi... (41hits)	2008-11-06
Pre Shopping Mall Cookie Handling Unauthorized Access Vulnerab... (40hits)	2008-11-06
Vuln: Micro CMS 'microcms-admin-home.php' Security Bypass Vul... (43hits)	2008-11-06
Vuln: Article Publisher PRO Cookie Authentication Bypass Vulne... (45hits)	2008-11-06
[3/5] U-Mail "edit.php" Arbitrary File Creation Vulnerability (48hits)	2008-11-05
[4/5] Joomla VirtueMart Google Base Component "mosConfig_abso... (47hits)	2008-11-05
[3/5] Joomla Pro Desk Component "include_file" Local File Inc... (48hits)	2008-11-05
All In One Control Panel "cp_polls_results.php" SQL Injection (46hits)	2008-11-05
Vuln: Smarty Template Engine 'Smarty_Compiler.class.php' Secu... (45hits)	2008-11-05
Vuln: KTorrent PHP Code Injection And Security Bypass Vulnerab... (46hits)	2008-11-05
[2/5] DHCart "order.php" Two Cross-Site Scripting Vulnerabili... (44hits)	2008-11-05
bcoos "modules/banners/click.php" SQL Injection (49hits)	2008-11-04
PozScripts Classified Ads "gotourl.php" SQL Injection (51hits)	2008-11-04
Iamma Nuke Simple Gallery "upload.php" Arbitrary File Upload (49hits)	2008-11-04
Vuln: EZ BIZ PRO 'track.php' SQL Injection Vulnerability (46hits)	2008-11-04
Vuln: Article Publisher Pro 'admin.php' SQL Injection Vulnerab... (48hits)	2008-11-04
[3/5] Acc PHP eMail "NEWSLETTERLOGIN" Cookie Security Bypass ... (47hits)	2008-11-04
Vuln: PPPBlog Randompic.PHP Directory Traversal Vulnerability (51hits)	2008-11-04
Maran PHP Shop "id" Parameter Remote SQL Injection Vulnerability (52hits)	2008-11-03
[3/5] GeSHi Unspecified Code Execution Vulnerability (53hits)	2008-11-03
[2/5] MyGallery "mghash" Cross-Site Scripting Vulnerability (57hits)	2008-11-03
[3/5] Article Publisher Pro SQL Injection Vulnerabilities (62hits)	2008-11-03
[3/5] Chipmunk CMS "reguser.php" Security Bypass Vulnerability (52hits)	2008-11-03
[4/5] Joomla Flash Tree Gallery Component "mosConfig_live_sit... (54hits)	2008-11-03
Vuln: Joomla! Flash Tree Gallery Component Remote File Include... (53hits)	2008-11-03
Bugtraq: Typo <= 5.1.3 Multiple Vulnerabilities (70hits)	2008-11-01
...More
Less

PHP Advisories/Bugs/Vulns frequency for this month


1	2	3	4	5	6	7	8	9	10	11	12	13	14	15	16	17	18	19	20	21	22	23	24	25	26	27	28	29	30

Mailing-list phpAdvisories
Daily basis
Subscribe [phpAdvisories-subscribe@]
Unsubscribe [phpAdvisories-unsubscribe@]
Weekly basis
Subscribe [users-subscribe@]
Unsubscribe [users-unsubscribe@]

Actu du site par Tobozo

Le Forum PHP 2008

La 8e édition du forum PHP, organisée par l'Association Française des Utilisateurs de PHP (AFUP), se déroulera les 8 et 9 Décembre 2008 à Paris.

Damien Séguy va-t-il nous réconcilier avec la Sécurité des applications PHP avec son atelier « Hackez-moi ça ! » ? Rasmus va-t-il se faire encore braquer son laptop ? Vous le saurez en suivant les évolutions sur le site de l'AFUP qui va certainement êt

http://www.afup.org/
Source Nexen

Dernier article: Injections PHP/MySQL (2)

En plus de compléter l'article précédent sur l'injection MySQL et grâce à ses explications sur l'utilisation d'UNION, ce deuxième texte apporte de nouvelles techniques d'injection, ainsi que des éléments de sécurisation.

Injections PHP/MySQL (2)..

Injections PHP/MySQL (1)..

Injection d'headers dans la fonction mail()

Email Headers Injection with PHP

News de PHPSecure

vendredi 26 mai

Dmx Forum <= v2.1a SQL Injection, XSS, Full Path Disclorure, Cookie Bypass Login Authentification
Plusieurs vulnérabilités ont été identifiées dans Dmx Forum inférieur ou égal à la version 2.1a, le vendeur a été contacté. Voici le sommaire de l'Advisorie: 1]Code execution Weakness

par DarkFig

les Fonctions PHP cUrl bypassent les restrictions `open_basedir` des répertoires

Serveur de téléchargement du projet Postnuke corrompu

Failles dans les scripts @lex Guestbook 3 et @lex Poll 2

Vulnérabilité $_FILES

Vulnérabilité PHP

Deux failles importantes dans PHP !

Hardened-PHP (php renforcé)

Sortie de PHP 5, première version

mardi 07 mars

Statistiques PHP pour février 2006
En février 2006, les tendances actuelles se poursuivent, avec quelques distinction individuelles : * PHP 5.1.2 retient l'attention de tous les utilisateurs PHP 5.x * PHP 5 progresse lentement, et atteint 6.11

par Safari-MSI

Nouveau site: PHP-Help.net

SANS Top20 Vulnerabilities

Procès Full Disclosure

LinuxWorld San Francisco, avalanche d’annonces

Affaire Guillermito vs. T`'eg4'`m(*) : menace sur le full-disclosure

Les supports de confs du forum PHP en ligne

Nouvel maison pour les elePHPants

Smarty & SQL tutorial

vendredi 30 mars

Les CMS PortailPhp, Typo3 et Guppy dans Php Solutions Magazine Hors Serie (04/2007)
Les 3 CMS suivants PortailPhp, Typo3 et Guppy sont dans le magazine PhpSolutions Hors Série - AVRIL 2007. Portailphp.com : Cf. l'article 'Création de site internet en utilisant PortailPhp'(pages 58,59 et 60) Guppy

par Claced

Sortie de PortailPhp v2.0 !

Easy Web Portal 1.1c

PortailPhp à 2 ans !

XCMS, le CMS accessible et conforme aux standards sort en version béta.

Easy Px 41

Coyote

PHPFinal 0.10.13(b3)

Krystel, un CMS en PHP axé sur la sécurité et l'accessibilité

lundi 10 avril

CMS RPortal version 1.0.1 disponible
Cette nouvelle version corrige quelques bogues et des améliorations du framework de contenu. Au menu de cette nouvelle version: - nouveau type de champ: champ listesql - amélioration du type de champ fichier - amél

par rodrigue

PHPSecAuth

Construire sa solution de publicité en PHP

Nuked-KlaN 1.7

phpMyVisites, Outil de statistiques en php/mysql

NARVAL / Nouvelle version de NPDS

RPortal 0.6.0 est diponible

Nuked-Klan 1.6

Clanlite : Nouvelle version

Proposer une news

Explorer une catégorie