the Month of PHP Security
"improving the security of the PHP ecosystem"
about
news
vulnerabilities
articles & tools
sponsors
Imprint
Impressum
Month of PHP Bugs
MOPB 2007
MOPS 2010 CFP
Sponsors
Codescan Ltd.
SektionEins
SyScan 2010
Links
Hardened-PHP Project
PHP Project
Suhosin PHP Protection
Tag

Digg
Furl

Cosmos
Stumble It!
Twitter
RSS
About
the PHP ecosystem by disclosing vulnerabilities in PHP and PHP applications on the one hand and on the other hand
by publishing articles and tools that help PHP application developers to develop more secure PHP applications.
Winners of the Month of PHP Security
June 10th, 2010
Read the rest of this entry »
Related Event: Returning into the PHP Interpreter – Remote Exploitation of Memory Corruptions in PHP is not over, yet.
May 21st, 2010
Read the rest of this entry »
« Older News Entries
Articles / Tools
Date
Title
Description
May 31st
Article: Virtual Meta-Scripting Bytecode for PHP and JavaScript
May 26th
MOPS Submission 10: How to manage a PHP application’s users and passwords
May 24th
MOPS Submission 09: RIPS – A static source code analyser for vulnerabilities in PHP scripts
May 22nd
MOPS Submission 08: Configuration Encryption Patch for Suhosin
May 20th
MOPS Submission 07: Our Dynamic PHP – Obvious and not so obvious PHP code injection and evaluation
May 17th
MOPS Submission 06: Variable Initialization in PHP
May 13th
Article: Decoding a User Space Encoded PHP Script
May 11th
MOPS Submission 05 – The Minerva PHP Fuzzer
May 9th
MOPS Submission 04 – Generating Unpredictable Session IDs and Hashes
May 7th
MOPS Submission 03 – sqlite_single_query(), sqlite_array_query() Uninitialized Memory Usage
May 5th
MOPS Submission 02 – Context-aware HTML escaping
May 3rd
MOPS Submission 01 – A New Open Source Tool: OWASP ESAPI for PHP
May 1st
Article: PHP Web Security
Bugs
#
Date
Title
Description
61
June 25th
PHP SplObjectStorage Deserialization Use-After-Free Vulnerability
60
May 31st
PHP Session Serializer Session Data Injection Vulnerability
59
May 31st
PHP php_mysqlnd_auth_write() Stack Buffer Overflow Vulnerability
58
May 31st
PHP php_mysqlnd_read_error_from_line() Buffer Overflow Vulnerability
57
May 31st
PHP php_mysqlnd_rset_header_read() Buffer Overflow Vulnerability
56
May 31st
PHP php_mysqlnd_ok_read() Information Leak Vulnerability
55
May 31st
PHP ArrayObject::uasort() Interruption Memory Corruption Vulnerability
54
May 31st
PHP ZEND_CONCAT/ZEND_ASSIGN_CONCAT Opcode Interruption Information Leak and Memory Corruption Vulnerability
53
May 31st
PHP ZEND_FETCH_RW Opcode Interruption Information Leak Vulnerability
52
May 31st
PHP pack() Interruption Information Leak Vulnerability
51
May 31st
PHP unpack() Interruption Information Leak Vulnerability
50
May 31st
PHP preg_match() Interruption Information Leak Vulnerability
49
May 31st
PHP parse_str() Interruption Memory Corruption Vulnerability
48
May 30th
PHP substr_replace()