Month Of PHP Security - Xinha WYSIWYG Plugin Configuration Injection Vulnerability. Versions 0.96 Beta 2 and below are affected.
c66014e0c6768bd3c9c1aa70a314d4064c4c0468b8bf98545b2f42a206c4e70b
Month Of PHP Security - EFront ask_chat chatrooms_ID SQL Injection Vulnerability. Versions 3.6.2 and below are affected.
bd70db2bcd76336b6a4f5c231f16033f042aefde8dc98f8e10731ab10ccba7c9
Month Of PHP Security - PHP preg_quote() Interruption Information Leak Vulnerability. PHP versions 5.2.13 and below and 5.3.2 and below are affected.
e515968ea6988e8d0807efab6970363eaf0993abc5894542f5986b54ff16775a
Month Of PHP Security - PHP ZEND_SL Opcode Interruption Address Information Leak Vulnerability. PHP versions 5.2.13 and below and 5.3.2 and below are affected.
2907e511f86cca7358b45fea35061b6efab3d3f08dabede076d55e375e76e680
Month Of PHP Security - PHP ZEND_SR Opcode Interruption Address Information Leak Vulnerability. PHP versions 5.2.13 and below and 5.3.2 and below are affected.
5b99778ede255d29c72816503ca902ab9c5dd9959bcb79a46e5a309a31cfa132
Month Of PHP Security - PHP ZEND_BW_XOR Opcode Interruption Address Information Leak Vulnerability. PHP versions 5.2.13 and below and 5.3.2 and below are affected.
ee2f34c9c80af2c8f60fb317ecffe89f45b2e012058e8906eeac7a6b4ecb2e11
Month Of PHP Security - DeluxeBB newthread SQL Injection Vulnerability. Versions 1.3 and below are affected.
d69337c26c2a6c3970dd5fd8963e5d44313915ca5b8cedf37d5ab51d48d75d52
Month Of PHP Security - PHP html_entity_decode() Interruption Information Leak Vulnerability. PHP versions 5.2.13 and below and 5.3.2 and below are affected.
05d20cc7a50287ac2532f5c71d9fe20888f9ec171855cca57c63e139215aaefa
Month Of PHP Security - PHP shm_put_var() Already Freed Resource Access Vulnerability. PHP versions 5.2.13 and below and 5.3.2 and below are affected.
c9357ce50f070bf1ad0f6cfd9433075d4b5babdaae0bd5ec73aa09d6988c02b1
Month Of PHP Security - ClanTiger Shoutbox Module s_email SQL Injection Vulnerability. Versions 1.1.3 and below are affected.
dc8610d2eb0a74d5b32a73aacf834c6a4c5684800a218ec20badd5811c8f3a2a
Month Of PHP Security - PHP chunk_split() Interruption Information Leak Vulnerability. PHP versions 5.2.13 and below and 5.3.2 and below are affected.
15a97cc60de3d9bc83c68252758420e3b9bd58a88fb8e784c48c80f6b6eb5f33
Month Of PHP Security - PHP addcslashes() Interruption Information Leak Vulnerability. PHP versions 5.2.13 and below and 5.3.2 and below are affected.
f6746f43dfc72d30fc8e08e9f054b30111e25a63d28fcbb7a542dcf629c5ac63
Month Of PHP Security - ClanSphere MySQL Driver Generic SQL Injection Vulnerability. Versions 2009.0.3 and below are affected.
748214c939564743d8a2aae546501f0ee10f6ef4c65c98ba8ef12e643b1ce952
Month Of PHP Security - PHP dechunk Filter Signed Comparison Vulnerability. PHP versions 5.3 through 5.3.2 are affected.
f72ac91b2a0964283b5872aa6b09b5112ec8564b4c6d008c0ed1e51f3c575edd
Month Of PHP Security - ClanSphere Captcha Generator Blind SQL Injection Vulnerability. Versions 2009.0.3 and below are affected.
b5f7e1131958cc781e0958bf42fcdf75d5384cc31a59c5d247dc9f5cb260ce25
Month Of PHP Security - PHP hash_update_file() Already Freed Resource Access Vulnerability. PHP versions 5.2.13 and below and 5.3.2 and below are affected.
f117a9d1c4ad0a4fd3f7c64c2aedb1da11a377360cd3fe1e6ac8c25fa68c39bd
Month Of PHP Security - Campsite TinyMCE Article Attachment SQL Injection Vulnerability. Campsite versions 3.3.5 and below are affected.
cac61fc7f648ff63af296e71fd6608f547e45e56f612ded64428e567be187b46
MyBB versions 1.4.11 and below suffer from a password reset weak random number vulnerability.
76401bf313ed59fd28899756d38cace82dd2d12586e3c58956850da0f8a12cc1
MyBB versions 1.4.11 and below suffer from a password reset vulnerability.
eebecf174ba3f29f1d553d050fbff4e47f7d1b2b733b9981a342465b41506447
It was discovered that Piwik versions 0.4.5 and below unserialize data from the user supplied cookie. By unserializing some of Piwik's objects it is possible to write arbitrary files to writable locations on the webserver which can be used to upload e.g. PHP files to writable directories within the webserver's document root which usually exist in a standard Piwik installation. In newer versions of Piwik it is also possible to execute arbitrary PHP code directly.
a00c0312ce8b82b8cd2813df0c76f936110fcb0c4c828532db7a31e0622117d2
PHPIDS versions 0.6.2 and below unserializes() user input which allows an attacker to send a carefully crafted cookie that when unserialized can utilize existing classes which e.g. can lead to upload of arbitrary files or execution of arbitrary PHP code in Zend Framework Applications.
2b8975c5803e603dad1a6004fc5744a745207c5abcd0dc71d48308c12e249650
This Metasploit module exploits an integer overflow vulnerability in the unserialize() function of the PHP web server extension.
436f0bc029967671da472d8ca912c40b8636846cfd3d8f81e3a0fd1d8a030e1f
Horde Application Framework versions 3.2.4 and below suffer from a Horde_Form_Type_image arbitrary file overwrite vulnerability.
6b36254b02daaded256bbf6076bafdff753a55113f60cdbc47ec7d1dfe52ffb0
Whitepaper called State Of The Art Post Exploitation In Hardened PHP Environments.
7928c94b9af3be5e10b1f29f0a78a75c860ab2291068409148ffbbe3e6f3808f
PHP versions 5.2.6 and below suffer from a directory traversal vulnerability in ZipArchive::extractTo().
eef814d8f1daf79eb48fd58c0722cd5768082f124ee55a347e0683274424e5eb