PhpAdvisories

From SecurePHPWiki
Jump to: navigation, search

Latest security advisories about php applications

Bugtraq: Re: Aztek Forum 4.1 Multiple Vulnerabilities Exploit

RPW "sql_language" Parameter Handling Remote PHP File Inclusion Vulnerability

Inter7 vHostAdmin "MODULES_DIR" Parameter Remote PHP File Inclusion Vulnerability

Xero Portal "phpbb_root_path" Parameter Multiple Remote File Inclusion Vulnerabilities

[2/5 Drupal Project Issue Tracking Module Multiple Vulnerabilities]

PHProxy Multiple Parameter Handling Client-Side Cross Site Scripting Vulnerabilities

[2/5 MyBB private.php Cross-Site Request Forgery and Cross-Site Scripting]

[2/5 DokuWiki "media" CRLF Injection Vulnerability]

FreeWebshop Include File Bug in '/includes/login.php' Lets Remote Users Execute Arbitrary Code

Bugtraq: [Aria-Security Team MyBB Cross-Site Scripting]

[4/5 phpXMLDOM "path" File Inclusion Vulnerabilities]

[2/5 Drupal Acidfree Module "node titles" SQL Injection Vulnerability]

[3/5 PHP Link Directory "URL" Script Insertion Vulnerability]

phpXD "path" Parameter Handling Multiple Remote PHP File Inclusion Vulnerabilities

Project and Project Issue Tracking for Drupal Multiple Security Bypass Vulnerabilities

Openads "admin-search.php" and "affiliate-search.php" Cross Site Scripting Issues

Vote! Pro "poll_id" Parameter Handling Remote PHP Code Injection Vulnerability

Website Baker "is_remembered()" Cookie Handling Remote SQL Injection Vulnerability

Acidfree Module for Drupal Node Title Handling Remote SQL Injection Vulnerability

[3/5 Random PHP Quote pwd.txt Password Disclosure]

Bugtraq: RANDOM PHP QUOTE 1.0 (pwd.txt) Remote Password Disclosur

[2/5 PostNuke "cover" Cross-Site Scripting Vulnerability]

Bugtraq: Re: FishCart [injection sql] * Source : SecurityFocus Vuln Link : http://www.securityfocus.com/archive/1/457704 Hits : 21 Bugtraq: SQL Injection by using Cookie Poisoning for Website Baker Version 2.6.5 and before

webSPELL "gallery.php" Multiple Parameter Handling Remote SQL Injection Vulnerabilities

ComVironment "inc_dir" Parameter Handling Remote PHP File Inclusion Vulnerability

MySpeach "my_ms[root" Parameter Handling Remote PHP File Inclusion Vulnerability]

Upload-Service "maindir" Parameter Handling Remote PHP File Inclusion Vulnerability

phpIndexPage "env[inc_path" Parameter Handling Remote File Inclusion Vulnerability]

Bugtraq: FishCart [injection sql]

[4/5 MySpeach "up.php" File Inclusion Vulnerability]

Bradabra "include_path" Parameter Handling Remote PHP File Inclusion Vulnerability

PhpSherpa "racine" Parameter Handling Remote PHP File Inclusion Vulnerability

[4/5 PhpSherpa "racine" File Inclusion Vulnerability]

Bugtraq: SMF "index.php?action=pm" Cross Site-Scripting

Vuln: MGB Email.PHP SQL Injection Vulnerability

Vuln: VirtueMart Joomla ECommerce Edition Multiple Unspecified Input Validation Vulnerabilities

Vuln: Joomla CMS Multiple SQL Injection Vulnerabilities

myWebland myBloggie "PHP_SELF" Variable Handling Cross Site Scripting Vulnerabilities

MyBloggie Input Validation Flaws in 'index.php' and 'login.php' Permit Cross-Site Scripting Attacks

[2/5 myBloggie Two Cross-Site Scripting Vulnerabilities]

Oreon "file" Parameter Handling Remote PHP File Inclusion Vulnerability

PHPMyphorum "chem" Parameter Handling Remote PHP File Inclusion Vulnerability

Bugtraq: [x0n3-h4ck myBloggie 2.1.5 XSS exploit]

Indexu Multiple Parameter Handling Client-Side Cross Site Scripting Vulnerabilities

[2/5 Indexu Multiple Cross-Site Scripting Vulnerabilities]

[3/5 PHP-Nuke "cat" Old Articles Block SQL Injection]

[3/5 ThWboard "board[styleid]" SQL Injection Vulnerability]

Bugtraq: PHPATM Remote Password Disclosure Vulnerablity

Bugtraq: Gallery <= 1.4.4-pl4 (phpbb_root_path) Remote File Include Vulnerability

Vuln: WordPress Charset Decoding SQL Injection Vulnerability

PHP-Nuke Input Validation Flaw in 'block-Old_Articles.php' Lets Remote Users Inject SQL Commands

Vuln: Jshop Server Remote File Include Vulnerability

[4/5 LunarPoll "PollDir" File Inclusion Vulnerability]

[4/5 sNews Authentication Bypass Vulnerability]

LunarPoll "PollDir" Parameter Handling Remote PHP File Inclusion Vulnerability

TLM CMS "chemin" Parameter Handling Remote PHP File Inclusion Vulnerability

Bugtraq: PHP-Nuke <= 7.9 Old-Articles Block "cat" SQL Injection vulnerability

LunarPoll Include File Bug in 'show.php' Lets Remote Users Execute Arbitrary Code

Vuln: PHPMyAdmin Convcharset Cross-Site Scripting Vulnerability

Edit-X ECOMMERCE "include_dir" Parameter Remote PHP File Inclusion Vulnerability

Bugtraq: xss in phpmyadmin <= 2.8.1

@lex Guestbook "lang" Parameter Handling Remote SQL Query Injection Vulnerability

Magic Photo Storage "_config[site_path" Parameter Remote File Inclusion Vulnerability]

[4/5 Axiom Photo/News Gallery "baseAxiomPath" File Inclusion Vulnerability]

phpMyAdmin Unspecified Parameter Handling Client-Side Cross Site Scripting Vulnerabilities

Vuln: PHPKit Comment.PHP SQL Injection Vulnerability

[3/5 @lex Guestbook "lang" SQL Injection Vulnerability]

[2/5 phpMyAdmin Cross-Site Scripting and Unspecified Vulnerabilities]

Axiom Photo Gallery "baseAxiomPath" Parameter Remote File Inclusion Vulnerability

MediaWiki AJAX Module Unspecified Parameter Handling Cross Site Scripting Vulnerability

GForge Input Validation Hole in 'advanced_search.php' Permits Cross-Site Scripting Attacks

[2/5 GForge "advanced_search.php" Cross-Site Scripting Vulnerability]

[2/5 MediaWiki AJAX Unspecified Cross-Site Scripting]

[1/5 b2evolution "redirect_to" HTML Attribute Cross-Site Scripting]

Webdrivers Simple Forum message_details.php id Variable SQL Injection

Bugtraq: GForge Cross Site Scripting vulnerability

phpMyFAQ Unspecified Parameter Remote SQL Injection and File Upload Vulnerabilities

BinGoPHP NEWS Include File Bug in 'bn_smrep1.php' Lets Remote Users Execute Arbitrary Code

[3/5 Cuyahoga FCKEditor Security Bypass Issue]

[3/5 Wordpress SQL Injection and Cross-Site Scripting Vulnerabilities]

[4/5 phpMyFAQ SQL Injection and File Upload Vulnerability]

Bugtraq: [OpenPKG-SA-2007.005 OpenPKG Security Advisory (wordpress)]

WordPress "wp-login.php" Authentication Process Information Disclosure Vulnerability

Vuln: Drupal Unspecified Cross-Site Scripting Vulnerability

Vuln: Drupal Page Caching Denial of Service Vulnerability

WordPress Trackback Charset SQL Injection and Admin Cross Site Scripting Vulnerabilities

Bugtraq: Advisory 02/2007: WordPress Trackback Charset Decoding SQL Injection Vulnerability

Bugtraq: Advisory 01/2007: WordPress CSRF Protection XSS Vulnerability

[4/5 iG Shop PHP "eval()" Injection and SQL Injection Vulnerabilities]

[1/5 WordPress User Account Enumeration Weakness]

[1/5 Drupal Unspecified Page Not Found Spoofing Weakness]

Aratix "current_path" Parameter Handling Remote PHP File Inclusion Vulnerability

iG Shop Multiple Parameter Remote Code Execution and SQL Injection Vulnerabilities

Drupal Database Update Page Cache Poisoning Remote Denial of Service Vulnerability

iG Calendar "id" Parameter Handling Remote SQL Query Injection Vulnerability

Drupal "Filter" and "System" Modules Multiple Arguments Cross Site Scripting Issues

Vuln: iGeneric iG Calendar USER.PHP SQL Injection Vulnerability

Simple Web Content Management System "id" Parameter SQL Injection Vulnerability

OvBB "GetLocation()" Function Multiple Paramater Cross Site Scripting Vulnerabilities

[3/5 Simple Web Content Management System "id" SQL Injection]

[3/5 OvBB Script Insertion Vulnerability]

CMS Made Simple "searchinput" Parameter Handling Cross Site Scripting Vulnerability

[4/5 The Address Book Multiple Vulnerabilities]

[2/5 CMS Made Simple "searchinput" Cross-Site Scripting Vulnerability]

Zen Cart Unspecified Parameter Handling Client-Side Cross Site Scripting Vulnerabilities

Vuln: SH-News Misc.PHP Remote File Include Vulnerability

Bugtraq: Re: [Full-disclosure simplog 0.9.3.2 SQL injection]

Bugtraq: Re: PHP as a secure language? PHP worms?

[2/5 WordPress "file" Script Insertion Vulnerability]

IMGallery "users_adm/start1.php" Extension Handling Arbitrary File Upload Vulnerability

MDForum "PNSVlang" Cookie Parameter Handling Local File Inclusion Vulnerability

CMX Acronym Module for phpBB "id" Parameter Remote SQL Injection Vulnerability

STphp EasyNews PRO "data/users.txt" Remote Information Disclosure Vulnerability

[2/5 Zen Cart Unspecified Cross-Site Scripting Vulnerabilities]

Bugtraq: Re: PHP as a secure language? PHP worms? [was: Re: new linux malware]

Vuln: Cacti Copy_Cacti_User.PHP SQL Injection Vulnerability

Bugtraq: PHPIrc_bot <= Remote File Include

Bugtraq: vBulletin vCard PRO XSS