phpSecure.info - Welcome .. script, faille, hack, news, developpement, securité, open source php security related articles and vulnerabilities, vulnérabilités, by tobozo , frogman and calimero

«? phpsecure(); ?»

Last trous

Vuln: vBulletin 'admincp/image.php' SQL Injection Vulnerability (7hits)	2008-11-19
Vuln: Musicbox 'viewalbums.php' SQL Injection Vulnerability (6hits)	2008-11-19
[1/5] vBulletin SQL Injection Vulnerabilities (18hits)	2008-11-18
[1/5] vBulletin Calender SQL Injection Vulnerability (10hits)	2008-11-18
[3/5] mxCamArchive Information Disclosure and PHP Code Execution (8hits)	2008-11-18
[3/5] E-topbiz AdManager "group" SQL Injection Vulnerability (10hits)	2008-11-18
[4/5] phpFan "includepath" File Inclusion Vulnerability (12hits)	2008-11-18
[2/5] Streber Unspecified Cross-Site Request Forgery Vulnerab... (10hits)	2008-11-18
[3/5] VideoScript "admin/cp.php" Security Bypass Vulnerability (11hits)	2008-11-18
Bugtraq: [waraxe-2008-SA#069] - Multiple Sql Injection in vBul... (10hits)	2008-11-18
Vuln: Parallels Plesk Billing 'new_language' Parameter Cross S... (9hits)	2008-11-18
Vuln: Pre Simple CMS 'adminlogin.php' SQL Injection Vulnerability (8hits)	2008-11-18
PHPStore Wholesale "id" Parameter Remote SQL Injection Vulnera... (11hits)	2008-11-17
Bugtraq: [ GLSA 200811-05 ] PHP: Multiple vulnerabilities (11hits)	2008-11-17
Vuln: HOSTNOMI Real Estate Portal Pro 'index.php' SQL Injectio... (11hits)	2008-11-17
Vuln: Minigal 'index.php' Directory Traversal Vulnerability (11hits)	2008-11-17
Bugtraq: [waraxe-2008-SA#068] - Sql Injection in vBulletin 3.7... (10hits)	2008-11-17
Vuln: ClipShare Pro 'channel_detail.php' SQL Injection Vulnera... (11hits)	2008-11-17
Vuln: Wholesale 'track.php' SQL Injection Vulnerability (11hits)	2008-11-17
Joomla! Flash Tree Gallery Component Remote File Include (10hits)	2008-11-17
CuteNews aj-fork "path" Parameter Remote File Include (8hits)	2008-11-17
Micro CMS "microcms-admin-home.php" Security Bypass (11hits)	2008-11-17
Acc Scripts Acc PHP eMail Cookie Authentication Bypass (11hits)	2008-11-17
Vuln: PHP FastCGI Module File Extension Denial Of Service Vuln... (13hits)	2008-11-17
[3/5] PHPStore Wholesales "id" SQL Injection Vulnerability (9hits)	2008-11-17
[3/5] PHPStore Yahoo Answers "id" SQL Injection Vulnerability (11hits)	2008-11-17
Vuln: AlstraSoft SendIt Pro Arbitrary File Upload Vulnerability (28hits)	2008-11-14
TYPO3 Backend Module "file" Cross Site Scripting Vulnerability (23hits)	2008-11-13
Vuln: rtgdictionary for TYPO3 Arbitrary File Upload Vulnerability (22hits)	2008-11-13
[3/5] AlstraSoft Article Manager Pro "username" SQL Injection... (25hits)	2008-11-13
[3/5] AlstraSoft Web Host Directory "pwd" SQL Injection Vulne... (27hits)	2008-11-13
AlstraSoft Article Manager Pro "username" SQL Injection Vulner... (22hits)	2008-11-13
[2/5] TYPO3 "file" Backend Module Cross-Site Scripting Vulner... (25hits)	2008-11-13
Vuln: Free simple PHP guestbook 'act.php' Arbitrary Script Inj... (27hits)	2008-11-13
Vuln: TYPO3 Wir ber uns Extension SQL Injection and Cross Site... (23hits)	2008-11-13
Simple RSS Reader for Joomla Remote File Inclusion Vulnerability (28hits)	2008-11-12
Catalog Production for Joomla "id" Remote SQL Injection Vulner... (26hits)	2008-11-12
[4/5] PHPStore Multiple Products File Upload Vulnerability (24hits)	2008-11-12
ComingChina.com U-Mail "edit.php" Arbitrary File Upload (26hits)	2008-11-12
Scripts For Sites EZ Auction "viewfaqs.php" SQL Injection (29hits)	2008-11-12
Mambo and Joomla! SimpleBoard "image_upload.php" Arbitrary Fil... (29hits)	2008-11-12
PHPStore Job Search Arbitrary PHP File Upload Vulnerability (29hits)	2008-11-11
PHPStore Real Estate Arbitrary PHP File Upload Vulnerability (27hits)	2008-11-11
JooBlog Component for Joomla "PostID" SQL Injection Vulnerability (30hits)	2008-11-11
PHPStore Car Dealers Arbitrary PHP File Upload Vulnerability (32hits)	2008-11-11
PHPStore Complete Classifieds Script File Upload Vulnerability (28hits)	2008-11-11
Joomla! "weblinks" and "content" Cross Site Scripting Issues (33hits)	2008-11-11
Free Simple Guestbook PHP Script Code Execution Vulnerability (29hits)	2008-11-11
WebCards "admin.php" Login Page SQL Injection (30hits)	2008-11-11
Matpo.de Link "view.php" Cross-Site Scripting (26hits)	2008-11-11
MyGallery "gallery.inc.php" Parameter Cross-Site Scripting (28hits)	2008-11-11
KKE Info Media Kmita Gallery Multiple Cross-Site Scripting Vul... (28hits)	2008-11-11
Bugtraq: Joomla Component JooBlog 0.1.1 (PostID) SQL Injection... (29hits)	2008-11-11
[3/5] Joomla! Script Insertion Vulnerabilities (29hits)	2008-11-11
[4/5] Sanusart Simple PHP Guestbook Script PHP Code Execution (29hits)	2008-11-11
[3/5] PHP Shop "admin_username" SQL Injection Vulnerability (27hits)	2008-11-11
[3/5] WOW Raid Manager "auth_phpbb3.php" Authentication Bypass (28hits)	2008-11-11
Vuln: Domain Seller Pro 'index.php' SQL Injection Vulnerability (26hits)	2008-11-11
Vuln: PHP Auto Listings Script 'adminlogin.php' SQL Injection ... (26hits)	2008-11-11
Vuln: MyioSoft EasyBookMarker 'bookmarker_backend.php' SQL Inj... (28hits)	2008-11-11
Vuln: E-topbiz eStore 'index.php' SQL Injection Vulnerability (25hits)	2008-11-11
ExoPHPDesk "user" Parameter Remote SQL Injection Vulnerability (29hits)	2008-11-10
V3 Chat Profiles/Dating Script Multiple Unauthorized Access Vu... (29hits)	2008-11-10
V3 Chat Live Support Remote Authentication Bypass Vulnerability (30hits)	2008-11-10
DeltaScripts PHP Classifieds "siteid" Remote SQL Injection Vul... (29hits)	2008-11-10
Vuln: Gallery Prior to 2.2.6 Multiple Vulnerabilities (30hits)	2008-11-10
Vuln: Indiscripts Enthusiast 'show_joined.php' Remote File Inc... (32hits)	2008-11-09
Vuln: SoftComplex PHP Image Gallery Multiple SQL Injection Vul... (31hits)	2008-11-08
Vuln: MySQL Quick Admin 'actions.php' Local File Include Vulne... (41hits)	2008-11-08
[3/5] PHP Classifieds "admin_username" SQL Injection Vulnerab... (41hits)	2008-11-07
[4/5] hMAilServer PHPWebAdmin File Inclusion Vulnerabilities (31hits)	2008-11-07
[4/5] ModernBill Cross-Site Scripting and "DIR" File Inclusio... (32hits)	2008-11-07
[3/5] DevelopItEasy Photo Gallery Multiple SQL Injection Vuln... (34hits)	2008-11-07
Bugtraq: Re: phpWebSite links.php Sql Injection (37hits)	2008-11-06
Bugtraq: Arab Portal v2.1 Remote File Disclosure (Win32) (34hits)	2008-11-06
[4/5] Joomla Dada Mail Manager Component "mosConfig_absolute_... (39hits)	2008-11-06
[3/5] PHP Auto Listings "itemno" SQL Injection Vulnerability (36hits)	2008-11-06
[3/5] PHPX "news_id" SQL Injection Vulnerability (37hits)	2008-11-06
Pre Shopping Mall Cookie Handling Unauthorized Access Vulnerab... (34hits)	2008-11-06
Drupal Content Construction Kit Cross Site Scripting Vulnerabi... (35hits)	2008-11-06
Vuln: Article Publisher PRO Cookie Authentication Bypass Vulne... (40hits)	2008-11-06
Vuln: Micro CMS 'microcms-admin-home.php' Security Bypass Vul... (36hits)	2008-11-06
[3/5] U-Mail "edit.php" Arbitrary File Creation Vulnerability (40hits)	2008-11-05
[4/5] Joomla VirtueMart Google Base Component "mosConfig_abso... (42hits)	2008-11-05
[3/5] Joomla Pro Desk Component "include_file" Local File Inc... (38hits)	2008-11-05
All In One Control Panel "cp_polls_results.php" SQL Injection (36hits)	2008-11-05
Vuln: KTorrent PHP Code Injection And Security Bypass Vulnerab... (36hits)	2008-11-05
Vuln: Smarty Template Engine 'Smarty_Compiler.class.php' Secu... (38hits)	2008-11-05
[2/5] DHCart "order.php" Two Cross-Site Scripting Vulnerabili... (37hits)	2008-11-05
bcoos "modules/banners/click.php" SQL Injection (46hits)	2008-11-04
PozScripts Classified Ads "gotourl.php" SQL Injection (44hits)	2008-11-04
Iamma Nuke Simple Gallery "upload.php" Arbitrary File Upload (42hits)	2008-11-04
Vuln: Article Publisher Pro 'admin.php' SQL Injection Vulnerab... (42hits)	2008-11-04
Vuln: EZ BIZ PRO 'track.php' SQL Injection Vulnerability (42hits)	2008-11-04
[3/5] Acc PHP eMail "NEWSLETTERLOGIN" Cookie Security Bypass ... (41hits)	2008-11-04
Vuln: PPPBlog Randompic.PHP Directory Traversal Vulnerability (42hits)	2008-11-04
Maran PHP Shop "id" Parameter Remote SQL Injection Vulnerability (46hits)	2008-11-03
[3/5] GeSHi Unspecified Code Execution Vulnerability (48hits)	2008-11-03
[2/5] MyGallery "mghash" Cross-Site Scripting Vulnerability (52hits)	2008-11-03
[3/5] Article Publisher Pro SQL Injection Vulnerabilities (56hits)	2008-11-03
[3/5] Chipmunk CMS "reguser.php" Security Bypass Vulnerability (47hits)	2008-11-03
[4/5] Joomla Flash Tree Gallery Component "mosConfig_live_sit... (49hits)	2008-11-03
Vuln: Joomla! Flash Tree Gallery Component Remote File Include... (48hits)	2008-11-03
Bugtraq: Typo <= 5.1.3 Multiple Vulnerabilities (64hits)	2008-11-01
...More
Less

PHP Advisories/Bugs/Vulns frequency for this month


1	2	3	4	5	6	7	8	9	10	11	12	13	14	15	16	17	18	19	20	21	22	23	24	25	26	27	28	29	30

Mailing-list phpAdvisories
Daily basis
Subscribe [phpAdvisories-subscribe@]
Unsubscribe [phpAdvisories-unsubscribe@]
Weekly basis
Subscribe [users-subscribe@]
Unsubscribe [users-unsubscribe@]

Actu du site par Tobozo

Le Forum PHP 2008

La 8e édition du forum PHP, organisée par l'Association Française des Utilisateurs de PHP (AFUP), se déroulera les 8 et 9 Décembre 2008 à Paris.

Damien Séguy va-t-il nous réconcilier avec la Sécurité des applications PHP avec son atelier « Hackez-moi ça ! » ? Rasmus va-t-il se faire encore braquer son laptop ? Vous le saurez en suivant les évolutions sur le site de l'AFUP qui va certainement êt

http://www.afup.org/
Source Nexen

Dernier article: Injections PHP/MySQL (2)

En plus de compléter l'article précédent sur l'injection MySQL et grâce à ses explications sur l'utilisation d'UNION, ce deuxième texte apporte de nouvelles techniques d'injection, ainsi que des éléments de sécurisation.

Injections PHP/MySQL (2)..

Injections PHP/MySQL (1)..

Injection d'headers dans la fonction mail()

Email Headers Injection with PHP

News de PHPSecure

vendredi 26 mai

Dmx Forum <= v2.1a SQL Injection, XSS, Full Path Disclorure, Cookie Bypass Login Authentification
Plusieurs vulnérabilités ont été identifiées dans Dmx Forum inférieur ou égal à la version 2.1a, le vendeur a été contacté. Voici le sommaire de l'Advisorie: 1]Code execution Weakness

par DarkFig

les Fonctions PHP cUrl bypassent les restrictions `open_basedir` des répertoires

Serveur de téléchargement du projet Postnuke corrompu

Failles dans les scripts @lex Guestbook 3 et @lex Poll 2

Vulnérabilité $_FILES

Vulnérabilité PHP

Deux failles importantes dans PHP !

Hardened-PHP (php renforcé)

Sortie de PHP 5, première version

mardi 07 mars

Statistiques PHP pour février 2006
En février 2006, les tendances actuelles se poursuivent, avec quelques distinction individuelles : * PHP 5.1.2 retient l'attention de tous les utilisateurs PHP 5.x * PHP 5 progresse lentement, et atteint 6.11

par Safari-MSI

Nouveau site: PHP-Help.net

SANS Top20 Vulnerabilities

Procès Full Disclosure

LinuxWorld San Francisco, avalanche d’annonces

Affaire Guillermito vs. T`'eg4'`m(*) : menace sur le full-disclosure

Les supports de confs du forum PHP en ligne

Nouvel maison pour les elePHPants

Smarty & SQL tutorial

vendredi 30 mars

Les CMS PortailPhp, Typo3 et Guppy dans Php Solutions Magazine Hors Serie (04/2007)
Les 3 CMS suivants PortailPhp, Typo3 et Guppy sont dans le magazine PhpSolutions Hors Série - AVRIL 2007. Portailphp.com : Cf. l'article 'Création de site internet en utilisant PortailPhp'(pages 58,59 et 60) Guppy

par Claced

Sortie de PortailPhp v2.0 !

Easy Web Portal 1.1c

PortailPhp à 2 ans !

XCMS, le CMS accessible et conforme aux standards sort en version béta.

Easy Px 41

Coyote

PHPFinal 0.10.13(b3)

Krystel, un CMS en PHP axé sur la sécurité et l'accessibilité

lundi 10 avril

CMS RPortal version 1.0.1 disponible
Cette nouvelle version corrige quelques bogues et des améliorations du framework de contenu. Au menu de cette nouvelle version: - nouveau type de champ: champ listesql - amélioration du type de champ fichier - amél

par rodrigue

PHPSecAuth

Construire sa solution de publicité en PHP

Nuked-KlaN 1.7

phpMyVisites, Outil de statistiques en php/mysql

NARVAL / Nouvelle version de NPDS

RPortal 0.6.0 est diponible

Nuked-Klan 1.6

Clanlite : Nouvelle version

Proposer une news

Explorer une catégorie

Afficher les dernieres news sur votre site

Les news francophones du web sur PHP

Symfony 1.1.5	mercredi 19 novembre
Zend Framework 1.7.0	mercredi 19 novembre