Hi everyone, 10 days ago the Month of PHP Security 2010 has started at http://www.php-security.org/ and meanwhile 20 vulnerabilities were posted and also 4 user submitted articles were published. Here is a short summary of what was released so far. You can follow the Month of PHP Security on Twitter, too. Just follow @mops_2010 Vulnerabilities in PHP Applications ----------------------------------- MOPS-2010-020: Xinha WYSIWYG Plugin Configuration Injection Vulnerability - http://bit.ly/bLHmuS MOPS-2010-019: Serendipity WYSIWYG Editor Plugin Configuration Injection Vulnerability - http://bit.ly/cdxZHX MOPS-2010-018: EFront ask_chat chatrooms_ID SQL Injection Vulnerability - http://bit.ly/crEATq MOPS-2010-011: DeluxeBB newthread SQL Injection Vulnerability - http://bit.ly/aAFdMM MOPS-2010-007: ClanTiger Shoutbox Module s_email SQL Injection vulnerability - http://bit.ly/cbSJxo MOPS-2010-005: ClanSphere MySQL Driver Generic SQL Injection Vulnerability - http://bit.ly/cTU3ug MOPS-2010-004: ClanSphere Captcha Generator Blind SQL Injection Vulnerability - http://bit.ly/dfQfuN MOPS-2010-002: Campsite TinyMCE Article Attachment SQL Injection Vulnerability - http://bit.ly/d4v9ft Vulnerabilities in PHP ---------------------- MOPS-2010-017: PHP preg_quote() Interruption Information Leak Vulnerability - http://bit.ly/cUYsbj MOPS-2010-016: PHP ZEND_SR Opcode Interruption Address Information Leak Vulnerability - http://bit.ly/bwT28V MOPS-2010-015: PHP ZEND_SL Opcode Interruption Address Information Leak Vulnerability - http://bit.ly/a3BonY MOPS-2010-014: PHP ZEND_BW_XOR Opcode Interruption Address Information Leak Vulnerability - http://bit.ly/cdMzTo MOPS-2010-013: PHP sqlite_array_query() Uninitialized Memory Usage Vulnerability - http://bit.ly/bhHyrj MOPS-2010-012: PHP sqlite_single_query() Uninitialized Memory Usage Vulnerability - http://bit.ly/8Z8xYt MOPS-2010-010: PHP html_entity_decode() Interruption Information Leak Vulnerability - http://bit.ly/doxAXk MOPS-2010-009: PHP shm_put_var() Already Freed Resource Access Vulnerability - http://bit.ly/b4NBD8 MOPS-2010-008: PHP chunk_split() Interruption Information Leak Vulnerability - http://bit.ly/cVoWoM MOPS-2010-006: PHP addcslashes() Interruption Information Leak Vulnerability - http://bit.ly/b5gkaf MOPS-2010-003: PHP dechunk Filter Signed Comparison Vulnerability - http://bit.ly/bXDivD MOPS-2010-001: PHP hash_update_file() Already Freed Resource Access Vulnerability - http://bit.ly/aZDRha User Submissions ---------------- MOPS Submission 04 – Generating Unpredictable Session IDs and Hashes - http://bit.ly/ahBiwT MOPS Submission 03 – sqlite_single_query(), sqlite_array_query() Uninitialized Memory Usage - http://bit.ly/b61NN3 MOPS Submission 02 – Context-aware HTML escaping - http://bit.ly/d4eqqm MOPS Submission 01 – A New Open Source Tool: OWASP ESAPI for PHP - http://bit.ly/cSQh9v Internal Submission ------------------- MOPS Article: PHP Web Security (INCOMPLETE) - http://bit.ly/baE4ya Thank you Stefan Esser Organiser Month of PHP Security / php-security.org SektionEins GmbH / www.sektioneins.com
