Php-security - php-security.org - the Month of PHP Security
General Information:
Latest News:
MOPS-2010-061: PHP SplObjectStorage Deserialization Use-After-Free Vulnerability 26 Jun 2010 | 03:16 am
A use-after-free vulnerability was discovered in the deserialization of SPLObjectStorage objects that can be abused for leaking arbitrary memory blocks or execute arbitrary code remotely. Affected ve...
Winners of the Month of PHP Security 11 Jun 2010 | 08:13 am
The Month of PHP Security is over and the MOPS CFP Committee has made a final decision about the ranking of the articles and tools submitted to us. And the winners are… 1000 EUR + SyScan VIP Ticket +...
MOPS-2010-060: PHP Session Serializer Session Data Injection Vulnerability 1 Jun 2010 | 04:23 am
PHP’s default sesson serializer wrongly handles the PS_UNDEF_MARKER character Affected versions Affected is PHP 5.2 Credits The vulnerability was discovered by Stefan Esser. Detailed information ...
MOPS-2010-059: PHP php_mysqlnd_auth_write() Stack Buffer Overflow Vulnerability 1 Jun 2010 | 03:46 am
PHP’s php_mysqlnd_auth_write() does not check user supplied values which can result in a stack based buffer overflow. Affected versions Affected is PHP 5.3 Credits The vulnerability was discovered ...
MOPS-2010-058: PHP php_mysqlnd_read_error_from_line() Buffer Overflow Vulnerability 1 Jun 2010 | 03:41 am
PHP’s php_mysqlnd_read_error_from_line() trusts network data which can result in a heap based buffer overflow. Affected versions Affected is PHP 5.3 Credits The vulnerability was discovered by Stef...
MOPS-2010-057: PHP php_mysqlnd_rset_header_read() Buffer Overflow Vulnerability 1 Jun 2010 | 03:37 am
PHP’s php_mysqlnd_rset_header_read() trusts network data which can result in a heap based buffer overflow. Affected versions Affected is PHP 5.3 Credits The vulnerability was discovered by Stefan E...
MOPS-2010-056: PHP php_mysqlnd_ok_read() Information Leak Vulnerability 1 Jun 2010 | 03:34 am
PHP’s php_mysqlnd_ok_read() trusts network data which can result in a heap information leak. Affected versions Affected is PHP 5.3 Credits The vulnerability was discovered by Stefan Esser while aud...
Article: Virtual Meta-Scripting Bytecode for PHP and JavaScript 1 Jun 2010 | 02:34 am
As a last minute addition to the Month of PHP Security we present an article by Ben Fuhrmannek about virtual meta-scripting bytecode for PHP and JavaScript. Ben Fuhrmannek, 2010-05-31 Abstract Both...
MOPS-2010-055: PHP ArrayObject::uasort() Interruption Memory Corruption Vulnerability 1 Jun 2010 | 02:25 am
PHP’s ArrayObject::uasort() method can be interrupted and used for memory corruption attacks. Affected versions Affected is PHP 5.2 Credits The vulnerability was discovered by Stefan Esser during a...
MOPS-2010-054: PHP ZEND_CONCAT/ZEND_ASSIGN_CONCAT Opcode Interruption Information Leak and Memory Corruption Vulnerability 1 Jun 2010 | 02:03 am
PHP’s ZEND_CONCAT/ZEND_ASSIGN_CONCAT opcodes can be abused for information leakage or memory corruption by a userspace error handler interruption attack. This can be leveraged to execute arbitrary cod...