Month of PHP Security - Summary-白红宇

Month of PHP Security - Summary

阅读量：2437 次

发布时间：2019-05-10

本文共 3003 字，大约阅读时间需要 10 分钟。

it is 21th of May. The Month of PHP Security

() is still running and we have reached a

vulnerability count of 40 vulnerabilities, which is nearly as much as we

disclosed during the whole Month of PHP Bugs in 2007. However there are

11 more days until the end of May and therefore there are still plenty

of more vulnerabilities to come. Escpecially the amount of SQL injection

vulnerabilites in PHP applications will increase, because it is called

SQL injection marathon for a reason. And we also have several articles

and submissions left.

There have been some changes to the website that should make it easier

to read and we also added the possiblity to comment on bugs/entries/news

and articles.

For those that don't already know you can follow the Month of PHP

Security on Twitter, too. Just follow @mops_2010

Here is the summary of what happened during the last 10 days.

Related Events

--------------

Returning into the PHP Interpreter – Remote Exploitation of Memory

Corruptions in PHP is not over, yet.

PHP Security Course – Advanced PHP Auditing at Source and Bytecode level

Articles

--------

MOPS Submission 07: Our Dynamic PHP – Obvious and not so obvious PHP

code injection and evaluation

MOPS Submission 06: Variable Initialization in PHP

Article: Decoding a User Space Encoded PHP Script

MOPS Submission 05 – The Minerva PHP Fuzzer

PHP Vulnerabilities

-------------------

MOPS-2010-040: PHP strtr() Interruption Information Leak Vulnerability

MOPS-2010-039: PHP strpbrk() Interruption Information Leak Vulnerability

MOPS-2010-038: PHP http_build_query() Interruption Information Leak

Vulnerability

MOPS-2010-037: PHP str_getcsv() Interruption Information Leak Vulnerability

MOPS-2010-036: PHP htmlentities() and htmlspecialchars() Interruption

Information Leak Vulnerability

MOPS-2010-034: PHP iconv_mime_encode() Interruption Information Leak

Vulnerability

MOPS-2010-033: PHP iconv_substr() Interruption Information Leak

Vulnerability

MOPS-2010-032: PHP iconv_mime_decode() Interruption Information Leak

Vulnerability

MOPS-2010-028: PHP phar_wrapper_open_url Format String Vulnerabilities

MOPS-2010-027: PHP phar_parse_url Format String Vulnerabilities

MOPS-2010-026: PHP phar_wrapper_unlink Format String Vulnerability

MOPS-2010-025: PHP phar_wrapper_open_dir Format String Vulnerability

MOPS-2010-024: PHP phar_stream_flush Format String Vulnerability

MOPS-2010-022: PHP Stream Context Use After Free on Request Shutdown

Vulnerability

MOPS-2010-021: PHP fnmatch() Stack Exhaustion Vulnerability

PHP Application Vulnerabilities

-------------------------------

MOPS-2010-035: e107 BBCode Remote PHP Code Execution Vulnerability

MOPS-2010-031: e107 Usersettings loginname SQL Injection Vulnerability

(UPDATED)

MOPS-2010-030: CMSQlite mod Parameter Local File Inclusion Vulnerability

MOPS-2010-029: CMSQlite c Parameter SQL Injection Vulnerability

MOPS-2010-023: Cacti Graph Viewer SQL Injection Vulnerability

Thank you

Stefan Esser

Month of PHP Security / php-security.org

SektionEins GmbH /

转载地址：http://yoqmb.baihongyu.com/

你可能感兴趣的文章

多线程——背景了解

查看>>

power designer使Comment与Name相同.txt

查看>>

学习Spring 开发指南------基础语义

查看>>

IE下的图片空隙间距BUG和解决办法

查看>>

[pb]从excel导入数据到datawindow

查看>>

CSS Padding in Outlook 2007 and 2010

查看>>

有关内存的思考题

查看>>

What is the difference between gross sales and revenue?

查看>>

Dreamweaver默认打开后缀名为ftl的文件时

J.U.C之ConcurrentHashMap分析

查看>>

J.U.C之CopyOnWriteArrayList