French Security Incident Response Team

FrSIRT   

      

   français French  anglais English

 
Vulnerability Notification Service
 FrSIRT Partner Program
 14-Day Free Trial
Contact FrSIRT Sales Dept.
 

Security Advisories
Linux Security Advisories
Virus and Threats Advisories
Latest Security News
Latest Zero Day Threats
Security Vulnerabilities and Advisories Search Engine
 

Report a security incident
Report a new vulnerability
Security Mailinglist
 

Our Company
FrSIRT in the News
Advertise on FrSIRT.COM
Security Researchers and Exploit Writers Jobs
Contact Us

FrSIRT Security Advisories by Vendor


                                                                            

 

PHP Security Advisories :

  30.09.2008 : WebBiscuits Events Calendar "path[docroot]" File Inclusion Vulnerability

  23.09.2008 : basebuilder "mj_config[src_path]" PHP File Inclusion Vulnerability

  23.09.2008 : Basic PHP Events Lister "id" Parameter SQL Injection Vulnerability

  18.09.2008 : phpRealty "INC" Parameter Remote File Inclusion Vulnerability

  18.09.2008 : PHP-Crawler "footer_file" Remote PHP File Inclusion Vulnerability

  18.09.2008 : Technote "shop_this_skin_path" Remote File Inclusion Vulnerability

  18.09.2008 : E-Php CMS "es_id" Parameter Remote SQL Injection Vulnerability

  16.09.2008 : phpMyAdmin "sort_by" Parameter PHP Code Injection Vulnerability

  08.09.2008 : E-Php Shopping Cart Script "cid" Remote SQL Injection Vulnerability

  04.09.2008 : Slackware Security Update Fixes Multiple PHP Vulnerabilities

  27.08.2008 : AWStats Totals Code Execution and Cross Ste Scripting Vulnerabilities

  20.08.2008 : XNova "xnova_root_path" Parameter Remote File Inclusion Vulnerability

  20.08.2008 : DeeEmm CMS Remote File Inclusion and SQL Injection Vulnerabilities

  12.08.2008 : PHP Multiple Buffer Overflow and Security Bypass Vulnerabilities

  01.08.2008 : Apple Mac OS X Code Execution and Security Bypass Vulnerabilities

  29.07.2008 : ATutor "type" Parameter Handling Remote File Inclusion Vulnerability

  24.07.2008 : Redhat Security Update Fixes PHP Multiple Remote Vulnerabilities

  18.07.2008 : Turbolinux Security Update Fixes PHP Security Bypass Vulnerabilities

  11.07.2008 : gapicms "dirDepth" Remote PHP File Inclusion Vulnerability

  09.07.2008 : BoonEx Ray "sIncPath" Remote PHP File Inclusion Vulnerability

  08.07.2008 : Mandriva Security Update Fixes PHP Security Bypass Vulnerabilities

  08.07.2008 : WebXell Editor "upload_pictures.php" Arbitrary File Upload Vulnerability

  07.07.2008 : Redhat Security Update Fixes PHP Buffer Overflow and Security Bypass

  27.06.2008 : MyPHP CMS "pid" Parameter Remote SQL Injection Vulnerability

  27.06.2008 : Page Manager "upload.php" Arbitrary File Upload Vulnerability

  23.06.2008 : Fedora Security Update Fixes PHP Multiple Remote Vulnerabilities

  11.06.2008 : HP-UX Apache and Tomcat PHP Remote Code Execution Vulnerability

  04.06.2008 : 1Book Data Processing Remote Command Injection Vulnerability

  28.05.2008 : rPath Linux Security Update Fixes PHP Code Execution Vulnerabilities

  27.05.2008 : ClassSystem "teacher_id" Parameter Remote SQL Injection Vulnerability

  26.05.2008 : PhpRaider "pConfig_auth[phpbb_path]" PHP File Inlusion Vulnerability

  26.05.2008 : plusPHP Short URL "_pages_dir" Remote File Inlusion Vulnerability

  26.05.2008 : Slackware Security Update Fixes PHP Multiple Remote Vulnerabilities

  26.05.2008 : rPath Security Update Fixes PHP Multiple Remote Vulnerabilities

  21.05.2008 : Mantis Multiple Cross Site Scripting and Security Bypass Vulnerabilities

  19.05.2008 : Debian Security Update Fixes PHP Buffer Overflow and Security Bypass

  13.05.2008 : Debian Security Update Fixes PHP Code Execution Vulnerabilities

  05.05.2008 : Scorp News "site" Parameter Remote File Inclusion Vulnerability

  02.05.2008 : PHP Multiple Buffer Overflow and Restriction Bypass Vulnerabilities

  29.04.2008 : PHP Forge "id" Parameter Remote SQL Query Injection Vulnerability

  28.04.2008 : WordPress Cookie Integrity Protection Privilege Escalation Vulnerability

  22.04.2008 : Tr Script News "nb" Parameter Remote SQL Injection Vulnerability

  21.04.2008 : Debian Security Update Fixes suPHP Privilege Escalation Vulnerabilities

  21.04.2008 : Fedora Security Update Fixes Smarty PHP Code Injection Vulnerability

  16.04.2008 : XplodPHP AutoTutorials "id" Parameter SQL Injection Vulnerability

  16.04.2008 : KwsPHP "action" Parameter Handling Local File Inclusion Vulnerability

  14.04.2008 : Mandriva Security Update Fixes PHP-APC Buffer Overflow Vulnerability

  09.04.2008 : LokiCMS "default" Parameter Arbitrary Code Injection Vulnerability

  08.04.2008 : ChartDirector "file" Parameter Arbitrary File Disclosure Vulnerability

  08.04.2008 : iScripts SocialWare "id" Parameter Remote SQL Injection Vulnerability

  07.04.2008 : VisualPic "_CONFIG[files][functions_page]" File Inclusion Vulnerability

  07.04.2008 : Blog Pixel Motion Arbitrary File Upload and SQL Injection Vulnerabilities

  03.04.2008 : Fedora Security Update Fixes suPHP Privilege Escalation Vulnerabilities

  03.04.2008 : suPHP Two Race Condition and Privilege Escalation Vulnerabilities

  18.03.2008 : fuzzylime (cms) "admindir" Parameter Remote File Inclusion Vulnerability

  17.03.2008 : Debian Security Update Fixes Smarty PHP Code Injection Vulnerability

  05.03.2008 : GROUP-E Collaboration Software Remote File Inclusion Vulnerability

  18.02.2008 : PHPizabi Arbitrary File Upload Remote Code Execution Vulnerability

  15.02.2008 : Slackware Security Update Fixes PHP Code Execution Vulnerabilities

  31.01.2008 : Hal Networks Products Unspecified Cross Site Scripting Vulnerabilities

  31.01.2008 : Connectix Boards "template_path" Remote File Inclusion Vulnerability

  31.01.2008 : Smart Publisher "filedata" Parameter Remote Code Injection Vulnerability

  30.01.2008 : SuSE Security Update Fixes PHP Security Bypass and Code Execution

  29.01.2008 : Tiger Php News System "catid" Parameter SQL Injection Vulnerability

  29.01.2008 : Seagull PHP Framework "files" Parameter File Disclosure Vulnerability

  14.01.2008 : Drupal Multiple Cross Site Scripting and Request Forgery Vulnerabilities

  09.01.2008 : OneCMS Remote SQL Injection and Arbitrary File Upload Vulnerabilities

  08.01.2008 : PHP Security Update Fixes Multiple Integer Overflow and Security Bypass

  07.01.2008 : SNETWORKS PHP CLASSIFIEDS "path_escape" Remote File Inclusion

  27.12.2007 : PMOS Help Desk "form.php" Header Handling Code Injection Vulnerability

  27.12.2007 : NmnNewsletter "output" Parameter Remote File Inclusion Vulnerability

  13.12.2007 : ViArt Products "root_folder_path" Parameter File Inclusion Vulnerability

  13.12.2007 : Fastpublish "config[fsBase]" Parameter PHP File Inclusion Vulnerability

  04.12.2007 : Ubuntu Security Update Fixes PHP Buffer Overflow and Security Bypass

  26.11.2007 : WorkingOnWeb "idevent" Parameter Remote SQL Injection Vulnerability

  26.11.2007 : Mp3 ToolBox "skin_file" Parameter Remote File Inclusion Vulnerability

  23.11.2007 : DevMass Shopping Cart "kfm_base_path" PHP File Inclusion Vulnerability

  22.11.2007 : TalkBack Multiple Parameter Remote PHP File Inclusion Vulnerabilities

  20.11.2007 : rPath Linux Security Update Fixes PHP Multiple Function Vulnerabilities

  19.11.2007 : meBiblio "action" Parameter Remote PHP File Inclusion Vulnerability

  19.11.2007 : Carousel Flash Image Gallery for Joomla PHP File Inclusion Vulnerability

  19.11.2007 : Datecomm Social Networking Script File Inclusion and SQL Injection

  19.11.2007 : patBBCode "example" Parameter Remote PHP File Inclusion Vulnerability

  14.11.2007 : Slackware Security Update Fixes PHP Multiple Function Vulnerabilities

  12.11.2007 : PHP Multiple Function Buffer Overflow and Security Bypass Vulnerabilities

  07.11.2007 : SiteBar Multiple Code Execution and Information Disclosure Vulnerabilities

  06.11.2007 : nuBoard "site" Parameter Handling Remote File Inclusion Vulnerability

  06.11.2007 : scWiki "pathdot" Parameter Handling Remote File Inclusion Vulnerability

  06.11.2007 : GuppY "selskin" Parameter Local and Remote File Inclusion Vulnerability

  06.11.2007 : SyndeoCMS "cmsdir" Parameter Remote PHP File Inclusion Vulnerability

  06.11.2007 : Scribe "username" Parameter Remote Command Injection Vulnerability

  06.11.2007 : BackUpWordPress "bkpwp_plugin_path" PHP File Inclusion Vulnerabilities

  30.10.2007 : Light FMan PHP Unspecified Actions Security Vulnerabilities

  29.10.2007 : CaupoShop Pro "action" Parameter Remote File Inclusion Vulnerability

  29.10.2007 : Sige "SYS_PATH" Parameter Handling Remote File Inclusion Vulnerability

  29.10.2007 : teatro "basePath" Parameter Handling Remote File Inclusion Vulnerability

  29.10.2007 : Redhat Security Update Fixes PHP Buffer Overflow and Security Bypass

  25.10.2007 : rPath Security Update Fixes PHP Buffer Overflow and Security Bypass

  25.10.2007 : Redhat Security Update Fixes PHP Buffer Overflow and Security Bypass

  25.10.2007 : Redhat Security Update Fixes PHP Buffer Overflow and Security Bypass

  23.10.2007 : PHP for Windows COM Objects Handling Security Bypass Vulnerability

  15.10.2007 : KwsPHP "album" Parameter Processing SQL Query Injection Vulnerability

  11.10.2007 : Knowledgeroot Knowledgebase FCKEditor PHP File Upload Vulnerability

  11.10.2007 : FCKEditor Multiple File Extension Handling PHP File Upload Vulnerability

  10.10.2007 : LiveAlbum "livealbum_dir" Parameter Remote File Inclusion Vulnerability

  09.10.2007 : Flash Image Gallery for Joomla "mosConfig_live_site" File Inclusion Issue

  09.10.2007 : IDMOS "site_absolute_path" Variable Remote File Inclusion Vulnerability

  09.10.2007 : Picturesolution "path" Parameter Remote PHP File Inclusion Vulnerability

  09.10.2007 : Crea-CMS "cfg[document_uri]" Remote PHP File Inclusion Vulnerabilities

  09.10.2007 : Else If CMS Multiple File Inclusion and Cross Site Scripting Vulnerabilities

  09.10.2007 : Panoramic Picture Viewer for Joomla Remote File Inclusion Vulnerability

  09.10.2007 : xKiosk WEB "PEARPATH" Parameter Remote File Inclusion Vulnerability

  09.10.2007 : PHP Homepage M "id" Parameter Remote SQL Query Injection Vulnerability

  09.10.2007 : Gentoo Security Update Fixes PHP Buffer Overflow and Security Bypass

  03.10.2007 : Poppawid "form" Parameter Handling Remote File Inclusion Vulnerability

  03.10.2007 : Segue CMS "themesdir" Variable Remote PHP File Inclusion Vulnerability

  02.10.2007 : phpbb-openid "openid_root_path" Remote PHP File Inclusion Vulnerability

  02.10.2007 : Mx At A Glance for mxBB "mx_root_path" Remote File Inclusion Vulnerability

  01.10.2007 : actSite "BaseCfg[BaseDir]" Parameter Remote File Inclusion Vulnerability

  01.10.2007 : Xoops Uploader Class PHP4 Extension Arbitrary File Upload Vulnerability

  01.10.2007 : PhFiTo "SRC_PATH" Parameter Handling Remote File Inclusion Vulnerability

  01.10.2007 : Public Media Manager "indir" Parameter Remote File Inclusion Vulnerability

  01.10.2007 : IntegraMOD Nederland(s) "phpbb_root_path" PHP File Inclusion Vulnerability

  27.09.2007 : Redhat Security Update Fixes PHP Buffer Overflow and Security Bypass Issues

  26.09.2007 : Fedora Security Update Fixes PHP Buffer Overflow and Security Bypass Issues

  25.09.2007 : SK.LOG "SKIN_URL" Parameter Handling Remote File Inclusion Vulnerability

  25.09.2007 : Helplink "file" Parameter Processing Remote File Inclusion Vulnerability

  25.09.2007 : WordSmith "_path" Parameter Processing Remote File Inclusion Vulnerability

  24.09.2007 : phpBB2 Plus "phpbb_root_path" Remote PHP File Inclusion Vulnerabilities

  24.09.2007 : Mandriva Security Update Fixes PHP Buffer Overflow and Security Bypass

  21.09.2007 : Redhat Security Update Fixes PHP Integer Overflow and Security Bypass

  19.09.2007 : rPath Security Update Fixes PHP Buffer Overflow and Security Bypass Issues

  17.09.2007 : PHP Webquest "id_actividad" Parameter Remote SQL Injection Vulnerability

  17.09.2007 : phpFFL "PHPFFL_FILE_ROOT" Parameter PHP File Inclusion Vulnerabilities

  17.09.2007 : Ajax File Browser "approot" Parameter Remote File Inclusion Vulnerability

  17.09.2007 : Joomla!Radio for Joomla "mosConfig_live_site" File Inclusion Vulnerability

  17.09.2007 : KwsPHP Jeuxflash Module "id" Parameter Remote SQL Injection Vulnerability

  13.09.2007 : Restaurante Component for Joomla Arbitrary File Upload Vulnerability

  11.09.2007 : phpMyTourney "functions_file" Parameter Remote File Inclusion Vulnerability

  11.09.2007 : Lighttpd "mod_fastcgi" Headers Handling Remote Code Execution Vulnerability

  07.09.2007 : PHP Object Framework "PHPOF_INCLUDE_PATH" File Inclusion Vulnerability

  07.09.2007 : eNetman "page" Parameter Processing Remote File Inclusion Vulnerability

  31.08.2007 : PHP Multiple Function and Extension Code Execution and Security Bypass Issues

  29.08.2007 : SomeryC "skindir" Parameter Processing Remote File Inclusion Vulnerability

  14.08.2007 : Php Blue Dragon CMS "vsDragonRootPath" Remote File Inclusion Vulnerability

  10.08.2007 : Web News "config[root_ordner]" Parameter Remote File Inclusion Vulnerability

  10.08.2007 : Bilder Galerie "config[root_ordner]" Parameter Remote File Inclusion Vulnerability

  10.08.2007 : Gastebuch "config[root_ordner]" Parameter Remote File Inclusion Vulnerability

  10.08.2007 : Bilder Uploader "config[root_ordner]" Parameter PHP File Inclusion Vulnerability

  10.08.2007 : Shoutbox "root" Parameter Processing Remote PHP File Inclusion Vulnerability

  10.08.2007 : Ncaster "adminfolder" Parameter Processing Remote File Inclusion Vulnerability

  10.08.2007 : File Uploader "config[root_ordner]" Parameter PHP File Inclusion Vulnerability

  08.08.2007 : PhpHostBot "svr_rootscript" Parameter Remote PHP File Inclusion Vulnerability

  08.08.2007 : CreAr PHPNews "format_menue" Parameter Remote File Inclusion Vulnerability

  08.08.2007 : FrontAccounting "path_to_root" Parameter Remote File Inclusion Vulnerability

  01.08.2007 : Confixx Pro "thisdir" Parameter Processing Remote File Inclusion Vulnerability

  30.07.2007 : Trustix Security Update Fixes Multiple Code Execution and Security Bypass Issues

  23.07.2007 : RGameScript Pro "id" Parameter Processing Remote File Inclusion Vulnerability

  23.07.2007 : Joomla "searchword" Parameter Processing Remote Code Injection Vulnerability

  23.07.2007 : BBS E-Market Professional "p_mode" Parameter PHP File Inclusion Vulnerability

  19.07.2007 : SupaNav Module for phpBB "phpbb_root_path" Remote File Inclusion Vulnerability

  17.07.2007 : PHP "glob()" Function Arguments Processing Arbitrary Code Execution Vulnerability

  13.07.2007 : SuSE Security Update Fixes PHP Buffer Overflow and Security Bypass Vulnerabilities

  12.07.2007 : FlashBB "phpbb_root_path" Parameter Handling Remote File Inclusion Vulnerability

  09.07.2007 : Debian Security Update Fixes PHP Multiple Remote Buffer Overflow Vulnerabilities

  09.07.2007 : Debian Security Update Fixes PHP Multiple Remote Buffer Overflow Vulnerabilities

  09.07.2007 : LimeSurvey "homedir" Parameter Handling Remote PHP File Inclusion Vulnerabilities

  04.07.2007 : SuperCali PHP Event Calendar "o" Parameter Remote SQL Injection Vulnerability

  02.07.2007 : PHP Director "id" Parameter Processing Remote SQL Query Injection Vulnerability

  02.07.2007 : sPHPell "SpellIncPath" Parameter Handling Remote PHP File Inclusion Vulnerabilities

  02.07.2007 : Ripe Wepsite Manager "level" Parameter Remote PHP File Inclusion Vulnerabilities

  02.07.2007 : Wheatblog "wb_class_dir" File Inclusion and "login" SQL Query Injection Vulnerabilities

  26.06.2007 : WordPress Security Update Fixes Code Execution and SQL Injection Vulnerabilities

  26.06.2007 : dreamLog "upload.php" Arbitrary File Upload Remote Code Execution Vulnerability

  26.06.2007 : B1G Bulletin Board "tfooter" Parameter Processing Remote File Inclusion Vulnerability

  25.06.2007 : Dagger "dir_edge_lang" Parameter Processing Remote File Inclusion Vulnerability

  25.06.2007 : Sun Board "sunPath" and "dir" Parameters Remote PHP File Inclusion Vulnerabilities

  25.06.2007 : Powl "_POWL[installPath]" Parameter Processing Remote File Inclusion Vulnerability

  22.06.2007 : SERWeb "_SERWEB[serwebdir]" Parameter Handling File Inclusion Vulnerability

  19