开发者社区> cnbird> 正文
阿里云
为了无法计算的价值
打开APP
阿里云APP内打开

Month of PHP Security - Summary

简介: it is 21th of May. The Month of PHP Security(http://www.
+关注继续查看

it is 21th of May. The Month of PHP Security
(http://www.php-security.org) is still running and we have reached a
vulnerability count of 40 vulnerabilities, which is nearly as much as we
disclosed during the whole Month of PHP Bugs in 2007. However there are
11 more days until the end of May and therefore there are still plenty
of more vulnerabilities to come. Escpecially the amount of SQL injection
vulnerabilites in PHP applications will increase, because it is called
SQL injection marathon for a reason. And we also have several articles
and submissions left.

There have been some changes to the website that should make it easier
to read and we also added the possiblity to comment on bugs/entries/news
and articles.

For those that don't already know you can follow the Month of PHP
Security on Twitter, too. Just follow @mops_2010

Here is the summary of what happened during the last 10 days.

Related Events
--------------

Returning into the PHP Interpreter – Remote Exploitation of Memory
Corruptions in PHP is not over, yet.
http://php-security.org/2010/05/21/related-event-returning-into-the-php-interpreter-remote-exploitation-of-memory-corruptions-in-php-is-not-over-yet/

PHP Security Course – Advanced PHP Auditing at Source and Bytecode level
http://php-security.org/2010/05/19/related-event-php-security-course-advanced-php-auditing-at-source-and-bytecode-level/


Articles
--------

MOPS Submission 07: Our Dynamic PHP – Obvious and not so obvious PHP
code injection and evaluation
http://php-security.org/2010/05/20/mops-submission-07-our-dynamic-php/

MOPS Submission 06: Variable Initialization in PHP
http://php-security.org/2010/05/17/mops-submission-06-variable-initialization-in-php/

Article: Decoding a User Space Encoded PHP Script
http://php-security.org/2010/05/13/article-decoding-a-user-space-encoded-php-script/

MOPS Submission 05 – The Minerva PHP Fuzzer
http://php-security.org/2010/05/11/mops-submission-05-the-minerva-php-fuzzer/


PHP Vulnerabilities
-------------------

MOPS-2010-040: PHP strtr() Interruption Information Leak Vulnerability
http://php-security.org/2010/05/21/mops-2010-040-php-strtr-interruption-information-leak-vulnerability/

MOPS-2010-039: PHP strpbrk() Interruption Information Leak Vulnerability
http://php-security.org/2010/05/21/mops-2010-039-php-strpbrk-interruption-information-leak-vulnerability/

MOPS-2010-038: PHP http_build_query() Interruption Information Leak
Vulnerability
http://php-security.org/2010/05/21/mops-2010-038-php-http_build_query-interruption-information-leak-vulnerability/

MOPS-2010-037: PHP str_getcsv() Interruption Information Leak Vulnerability
http://php-security.org/2010/05/21/mops-2010-037-php-str_getcsv-interruption-information-leak-vulnerability/

MOPS-2010-036: PHP htmlentities() and htmlspecialchars() Interruption
Information Leak Vulnerability
http://php-security.org/2010/05/21/mops-2010-036-php-htmlentities-and-htmlspecialchars-interruption-information-leak-vulnerability/

MOPS-2010-034: PHP iconv_mime_encode() Interruption Information Leak
Vulnerability
http://php-security.org/2010/05/18/mops-2010-034-php-iconv_mime_encode-interruption-information-leak-vulnerability/

MOPS-2010-033: PHP iconv_substr() Interruption Information Leak
Vulnerability
http://php-security.org/2010/05/18/mops-2010-033-php-iconv_substr-interruption-information-leak-vulnerability/

MOPS-2010-032: PHP iconv_mime_decode() Interruption Information Leak
Vulnerability
http://php-security.org/2010/05/18/mops-2010-032-php-iconv_mime_decode-interruption-information-leak-vulnerability/

MOPS-2010-028: PHP phar_wrapper_open_url Format String Vulnerabilities
http://php-security.org/2010/05/14/mops-2010-028-php-phar_wrapper_open_url-format-string-vulnerabilities/

MOPS-2010-027: PHP phar_parse_url Format String Vulnerabilities
http://php-security.org/2010/05/14/mops-2010-027-php-phar_parse_url-format-string-vulnerabilities/

MOPS-2010-026: PHP phar_wrapper_unlink Format String Vulnerability
http://php-security.org/2010/05/14/mops-2010-026-php-phar_wrapper_unlink-format-string-vulnerability/

MOPS-2010-025: PHP phar_wrapper_open_dir Format String Vulnerability
http://php-security.org/2010/05/14/mops-2010-025-php-phar_wrapper_open_dir-format-string-vulnerability/

MOPS-2010-024: PHP phar_stream_flush Format String Vulnerability
http://php-security.org/2010/05/14/mops-2010-024-php-phar_stream_flush-format-string-vulnerability/

MOPS-2010-022: PHP Stream Context Use After Free on Request Shutdown
Vulnerability
http://php-security.org/2010/05/12/mops-2010-022-php-stream-context-use-after-free-on-request-shutdown-vulnerability/

MOPS-2010-021: PHP fnmatch() Stack Exhaustion Vulnerability
http://php-security.org/2010/05/11/mops-2010-021-php-fnmatch-stack-exhaustion-vulnerability/


PHP Application Vulnerabilities
-------------------------------

MOPS-2010-035: e107 BBCode Remote PHP Code Execution Vulnerability
http://php-security.org/2010/05/19/mops-2010-035-e107-bbcode-remote-php-code-execution-vulnerability/

MOPS-2010-031: e107 Usersettings loginname SQL Injection Vulnerability
(UPDATED)
http://php-security.org/2010/05/16/mops-2010-031-e107-usersettings-loginname-sql-injection-vulnerability/

MOPS-2010-030: CMSQlite mod Parameter Local File Inclusion Vulnerability
http://php-security.org/2010/05/15/mops-2010-030-cmsqlite-mod-parameter-local-file-inclusion-vulnerability/

MOPS-2010-029: CMSQlite c Parameter SQL Injection Vulnerability
http://php-security.org/2010/05/15/mops-2010-029-cmsqlite-c-parameter-sql-injection-vulnerability/

MOPS-2010-023: Cacti Graph Viewer SQL Injection Vulnerability
http://php-security.org/2010/05/13/mops-2010-023-cacti-graph-viewer-sql-injection-vulnerability/


Thank you
Stefan Esser

Month of PHP Security / php-security.org
SektionEins GmbH / www.sektioneins.com

版权声明:本文内容由阿里云实名注册用户自发贡献,版权归原作者所有,阿里云开发者社区不拥有其著作权,亦不承担相应法律责任。具体规则请查看《阿里云开发者社区用户服务协议》和《阿里云开发者社区知识产权保护指引》。如果您发现本社区中有涉嫌抄袭的内容,填写侵权投诉表单进行举报,一经查实,本社区将立刻删除涉嫌侵权内容。

相关文章
ECS配置mySQL\MariaDB和PHP环境
ECS配置mySQL\MariaDB和PHP环境
0 0
php操作mysql防止sql注入(合集)
php操作mysql防止sql注入(合集)
0 0
Centos中查看nginx、apache、php、mysql配置文件路径
Centos中查看nginx、apache、php、mysql配置文件路径
0 0
MySQL事务的四种隔离类型以及PHP框架Yii2中的源码解读和实际应用
MySQL事务的四种隔离类型以及PHP框架Yii2中的源码解读和实际应用
0 0
头歌php mysql操作答案
头歌php mysql操作答案
0 0
PHP连接MySQL 8.0报错的解决办法
PHP连接MySQL 8.0报错的解决办法
0 0
PHP连接MySQL 8.0报错的解决办法
PHP连接MySQL 8.0报错的解决办法
0 0
PHP+MySQL打造XXX管理系统
PHP+MySQL打造XXX管理系统
0 0
PHP error:mysql_fetch_row() expects parameter 1 to be resource, boolean given 的错误
PHP error:mysql_fetch_row() expects parameter 1 to be resource, boolean given 的错误
0 0
SaltStack安装Apache/Mysql/PHP部署Wordpress
SaltStack是一个服务器基础架构集中化管理平台,具备配置管理、远程执行、监控等功能,基于Python语言实现,结合轻量级消息队列(ZeroMQ)与Python第三方模块(Pyzmq、PyCrypto、Pyjinjia2、python-msgpack和PyYAML等)构建。 SaltStack 采用 C/S模式,server端就是salt的master,client端就是minion,minion与master之间通过ZeroMQ消息队列通信。 master监听4505和4506端口,4505对应的是ZMQ的PUB system,用来发送消息,4506对应的是REP system是来接受
0 0
+关注
cnbird
阿里云安全专家,主要负责阿里云云产品安全。
文章
问答
文章排行榜
最热
最新
相关电子书
更多
The Next Gen of PHP
立即下载
低代码开发师(初级)实战教程
立即下载
阿里巴巴DevOps 最佳实践手册
立即下载