You are on: Home | Advisories

Advisories


 Subscribe via RSS

Here is the complete list of advisories released by members of the Hardened-PHP Project Team:

Advisory 03/2007: Multiple Browsers Cross Domain Charset Inheritance Vulnerability


Advisory 02/2007: WordPress Trackback Charset Decoding SQL Injection Vulnerability


Advisory 01/2007: WordPress CSRF Protection XSS Vulnerability


Advisory 14/2006: Dotdeb PHP Email Header Injection Vulnerability


Advisory 13/2006: PHP HTML Entity Encoder Heap Overflow Vulnerability


Advisory 12/2006: phpMyAdmin - error.php XSS Vulnerability


Advisory 11/2006: Serendipity Weblog XSS Vulnerabilities


Advisory 10/2006: ViewVC Undefined Charset UTF-7 XSS Vulnerability


Advisory 09/2006: PHP unserialize() Array Creation Integer Overflow


Advisory 08/2006: PHP open_basedir Race Condition Vulnerability


Advisory 07/2006: phpMyAdmin Multiple CSRF Vulnerabilities


Advisory 06/2006: PHProjekt (Remote) Include Vulnerabilities


Advisory 05/2006 - Zend Platform Multiple Remote Vulnerabilities


Advisory 04/2006: DokuWiki PHP code execution vulnerability in spellchecker


Advisory 03/2006: KisMAC Cisco Vendor Tag Encapsulated SSID Overflow


Advisory 02/2006: PHP ext/mysqli Format String Vulnerability


Advisory 01/2006: PHP ext/session HTTP Response Splitting Vulnerability


Advisory 26/2005: TinyMCE Compressor Vulnerabilities


Advisory 25/2005: phpMyAdmin Variables Overwrite Vulnerability


Advisory 24/2005: libcurl URL parsing vulnerability


Advisory 23/2005: vTiger multiple vulnerabilities


Advisory 22/2005:Multiple vulnerabilities in phpSysInfo


Advisory 21/2005: Multiple vulnerabilities in PHPKIT


Advisory 20/2005: PHP File-Upload $GLOBALS Overwrite Vulnerability


Advisory 19/2005: PHP register_globals Activation Vulnerability in parse_str()


Advisory 18/2005: PHP Cross Site Scripting (XSS) Vulnerability in phpinfo()


Advisory 17/2005: phpBB Multiple Vulnerabilities


Advisory 16/2005: phpMyAdmin Local File Inclusion Vulnerability


Advisory 15/2005: PHPXMLRPC Remote PHP Code Injection Vulnerability


Advisory 14/2005: PEAR XML_RPC Remote PHP Code Injection Vulnerability


Advisory 13/2005: Remote code execution in SysCP


Advisory 12/2005: UseBB Multiple Vulnerabilities


Advisory 11/2005: Multiple vulnerabilities in Contrexx


Advisory 10/2005: Yawp/YaWiki Remote URL Include Vulnerability


Advisory 09/2005: PunBB arbitrary PHP code inclusion vulnerability


Advisory 08/2005: PunBB SQL Injection Vulnerability


Advisory 07/2005: Jaws Multiple Remote Code Execution Vulnerabilities


Advisory 06/2005: Geeklog SQL Injection Vulnerability


Advisory 05/2005 - Cacti Authentification/Addslashes Bypass Vulnerability


Advisory 04/2005 - Cacti Remote Command Execution Vulnerability


Advisory 03/2005 - Cacti multiple SQL Injection Vulnerabilities


Advisory 02/2005 - Remote code execution in Serendipity


Advisory 01/2005 - Fileupload/download vulnerability in Trac


Advisory 01/2004 - Multiple vulnerabilities within PHP 4/5


Advisory EM15/2004: Cyrus IMAP Server multiple remote vulnerabilities


Advisory EM14/2004: Linux 2.x smbfs multiple remote vulnerabilities


Advisory EM13/2004: Samba 3.x QFILEPATHINFO unicode filename buffer overflow


Advisory EM12/2004: PHP strip_tags() bypass vulnerability


Advisory EM11/2004: PHP memory_limit remote vulnerability


Advisory EM10/2004: Chora CVS/SVN Viewer remote vulnerability


Advisory EM09/2004: More CVS remote vulnerabilities


Advisory EM08/2004: Subversion remote vulnerability


Advisory EM07/2004: CVS remote vulnerability


Advisory EM06/2004: libneon date parsing vulnerability


Advisory EM05/2004: phpMyFAQ local file inclusion vulnerability


Advisory EM04/2004: Net(Free)BSD Systrace local root vulnerability


Advisory EM03/2004: Multiple (13) Ethereal remote overflows


Advisory EM02/2004: Trillian remote overflows


Advisory EM01/2004: 12 x Gaim remote overflows


Advisory EM02/2003: eMule/lmule/xmule multiple remote vulnerabilities


Advisory EM01/2003: CVS remote vulnerability


Advisory EM05/2002: Fetchmail remote vulnerability


Advisory EM04/2002: Multiple MySQL vulnerabilities


Advisory EM03/2002: Fetchmail remote vulnerabilities


Advisory EM02/2002: Remote Compromise/DOS Vulnerability in PHP


Advisory EM01/2002: Multiple Remote Vulnerabilites within PHP's fileupload code


Advisory EM01/2001: Interner Explorer HTTPS certificate attack


© Hardened PHP Project