You are on: Home | Advisories


 Subscribe via RSS

Here is the complete list of advisories released by members of the Hardened-PHP Project Team:

Advisory 03/2007: Multiple Browsers Cross Domain Charset Inheritance Vulnerability

Advisory 02/2007: WordPress Trackback Charset Decoding SQL Injection Vulnerability

Advisory 01/2007: WordPress CSRF Protection XSS Vulnerability

Advisory 14/2006: Dotdeb PHP Email Header Injection Vulnerability

Advisory 13/2006: PHP HTML Entity Encoder Heap Overflow Vulnerability

Advisory 12/2006: phpMyAdmin - error.php XSS Vulnerability

Advisory 11/2006: Serendipity Weblog XSS Vulnerabilities

Advisory 10/2006: ViewVC Undefined Charset UTF-7 XSS Vulnerability

Advisory 09/2006: PHP unserialize() Array Creation Integer Overflow

Advisory 08/2006: PHP open_basedir Race Condition Vulnerability

Advisory 07/2006: phpMyAdmin Multiple CSRF Vulnerabilities

Advisory 06/2006: PHProjekt (Remote) Include Vulnerabilities

Advisory 05/2006 - Zend Platform Multiple Remote Vulnerabilities

Advisory 04/2006: DokuWiki PHP code execution vulnerability in spellchecker

Advisory 03/2006: KisMAC Cisco Vendor Tag Encapsulated SSID Overflow

Advisory 02/2006: PHP ext/mysqli Format String Vulnerability

Advisory 01/2006: PHP ext/session HTTP Response Splitting Vulnerability

Advisory 26/2005: TinyMCE Compressor Vulnerabilities

Advisory 25/2005: phpMyAdmin Variables Overwrite Vulnerability

Advisory 24/2005: libcurl URL parsing vulnerability

Advisory 23/2005: vTiger multiple vulnerabilities

Advisory 22/2005:Multiple vulnerabilities in phpSysInfo

Advisory 21/2005: Multiple vulnerabilities in PHPKIT

Advisory 20/2005: PHP File-Upload $GLOBALS Overwrite Vulnerability

Advisory 19/2005: PHP register_globals Activation Vulnerability in parse_str()

Advisory 18/2005: PHP Cross Site Scripting (XSS) Vulnerability in phpinfo()

Advisory 17/2005: phpBB Multiple Vulnerabilities

Advisory 16/2005: phpMyAdmin Local File Inclusion Vulnerability

Advisory 15/2005: PHPXMLRPC Remote PHP Code Injection Vulnerability

Advisory 14/2005: PEAR XML_RPC Remote PHP Code Injection Vulnerability

Advisory 13/2005: Remote code execution in SysCP

Advisory 12/2005: UseBB Multiple Vulnerabilities

Advisory 11/2005: Multiple vulnerabilities in Contrexx

Advisory 10/2005: Yawp/YaWiki Remote URL Include Vulnerability

Advisory 09/2005: PunBB arbitrary PHP code inclusion vulnerability

Advisory 08/2005: PunBB SQL Injection Vulnerability

Advisory 07/2005: Jaws Multiple Remote Code Execution Vulnerabilities

Advisory 06/2005: Geeklog SQL Injection Vulnerability

Advisory 05/2005 - Cacti Authentification/Addslashes Bypass Vulnerability

Advisory 04/2005 - Cacti Remote Command Execution Vulnerability

Advisory 03/2005 - Cacti multiple SQL Injection Vulnerabilities

Advisory 02/2005 - Remote code execution in Serendipity

Advisory 01/2005 - Fileupload/download vulnerability in Trac

Advisory 01/2004 - Multiple vulnerabilities within PHP 4/5

Advisory EM15/2004: Cyrus IMAP Server multiple remote vulnerabilities

Advisory EM14/2004: Linux 2.x smbfs multiple remote vulnerabilities

Advisory EM13/2004: Samba 3.x QFILEPATHINFO unicode filename buffer overflow

Advisory EM12/2004: PHP strip_tags() bypass vulnerability

Advisory EM11/2004: PHP memory_limit remote vulnerability

Advisory EM10/2004: Chora CVS/SVN Viewer remote vulnerability

Advisory EM09/2004: More CVS remote vulnerabilities

Advisory EM08/2004: Subversion remote vulnerability

Advisory EM07/2004: CVS remote vulnerability

Advisory EM06/2004: libneon date parsing vulnerability

Advisory EM05/2004: phpMyFAQ local file inclusion vulnerability

Advisory EM04/2004: Net(Free)BSD Systrace local root vulnerability

Advisory EM03/2004: Multiple (13) Ethereal remote overflows

Advisory EM02/2004: Trillian remote overflows

Advisory EM01/2004: 12 x Gaim remote overflows

Advisory EM02/2003: eMule/lmule/xmule multiple remote vulnerabilities

Advisory EM01/2003: CVS remote vulnerability

Advisory EM05/2002: Fetchmail remote vulnerability

Advisory EM04/2002: Multiple MySQL vulnerabilities

Advisory EM03/2002: Fetchmail remote vulnerabilities

Advisory EM02/2002: Remote Compromise/DOS Vulnerability in PHP

Advisory EM01/2002: Multiple Remote Vulnerabilites within PHP's fileupload code

Advisory EM01/2001: Interner Explorer HTTPS certificate attack

© Hardened PHP Project