lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 10 May 2010 21:05:16 +0200
From: Stefan Esser <>
	full-disclosure <>
Subject: Month of PHP Security - Summary - 1st May - 10th

Hi everyone,

10 days ago the Month of PHP Security 2010 has started at and meanwhile 20 vulnerabilities were
posted and also 4 user submitted articles were published. Here is a
short summary of what was released so far. You can follow the Month of
PHP Security on Twitter, too. Just follow @mops_2010

Vulnerabilities in PHP Applications

MOPS-2010-020: Xinha WYSIWYG Plugin Configuration Injection
Vulnerability -
MOPS-2010-019: Serendipity WYSIWYG Editor Plugin Configuration Injection
Vulnerability -
MOPS-2010-018: EFront ask_chat chatrooms_ID SQL Injection Vulnerability
MOPS-2010-011: DeluxeBB newthread SQL Injection Vulnerability -
MOPS-2010-007: ClanTiger Shoutbox Module s_email SQL Injection
vulnerability -
MOPS-2010-005: ClanSphere MySQL Driver Generic SQL Injection
Vulnerability -
MOPS-2010-004: ClanSphere Captcha Generator Blind SQL Injection
Vulnerability -
MOPS-2010-002: Campsite TinyMCE Article Attachment SQL Injection
Vulnerability -

Vulnerabilities in PHP

MOPS-2010-017: PHP preg_quote() Interruption Information Leak
Vulnerability -
MOPS-2010-016: PHP ZEND_SR Opcode Interruption Address Information Leak
Vulnerability -
MOPS-2010-015: PHP ZEND_SL Opcode Interruption Address Information Leak
Vulnerability -
MOPS-2010-014: PHP ZEND_BW_XOR Opcode Interruption Address Information
Leak Vulnerability -
MOPS-2010-013: PHP sqlite_array_query() Uninitialized Memory Usage
Vulnerability -
MOPS-2010-012: PHP sqlite_single_query() Uninitialized Memory Usage
Vulnerability -
MOPS-2010-010: PHP html_entity_decode() Interruption Information Leak
Vulnerability -
MOPS-2010-009: PHP shm_put_var() Already Freed Resource Access
Vulnerability -
MOPS-2010-008: PHP chunk_split() Interruption Information Leak
Vulnerability -
MOPS-2010-006: PHP addcslashes() Interruption Information Leak
Vulnerability -
MOPS-2010-003: PHP dechunk Filter Signed Comparison Vulnerability -
MOPS-2010-001: PHP hash_update_file() Already Freed Resource Access
Vulnerability -

User Submissions

MOPS Submission 04 – Generating Unpredictable Session IDs and Hashes -
MOPS Submission 03 – sqlite_single_query(), sqlite_array_query()
Uninitialized Memory Usage -
MOPS Submission 02 – Context-aware HTML escaping -
MOPS Submission 01 – A New Open Source Tool: OWASP ESAPI for PHP -

Internal Submission

MOPS Article: PHP Web Security (INCOMPLETE) -

Thank you
Stefan Esser
Month of PHP Security /
SektionEins GmbH /

Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia -

Powered by blists - more mailing lists