http://www.webremix.info/ Webremix : all the web new, remixed webremix.info http://www.securityfocus.com/archive/1/521479 [SECURITY] [DSA 2403-1] php5 security update Fri, 03 Feb 2012 22:23:13 GMT http://www.securityfocus.com/archive/1/521479 2012-02-03T22:23:13Z http://www.securityfocus.com/bid/51830 PHP 'php_register_variable_ex()' Function Arbitrary Code Execution Vulnerability Fri, 03 Feb 2012 00:00:00 GMT http://www.securityfocus.com/bid/51830 2012-02-03T00:00:00Z http://www.securityfocus.com/bid/51806 PHP CVE-2012-0057 Security Bypass Vulnerability Thu, 02 Feb 2012 11:28:58 GMT http://www.securityfocus.com/bid/51806 2012-02-02T11:28:58Z http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0980 SQL injection vulnerability in download.php in phux Download Manager allows remote attackers to execute arbitrary SQL commands via the file parameter. Thu, 02 Feb 2012 00:00:00 GMT http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0980 2012-02-02T00:00:00Z http://www.securityfocus.com/archive/1/521426 [SECURITY] [DSA 2399-2] php5 regression fix Tue, 31 Jan 2012 23:11:52 GMT http://www.securityfocus.com/archive/1/521426 2012-01-31T23:11:52Z http://www.securityfocus.com/archive/1/521420 [SECURITY] [DSA 2399-1] php5 security update Tue, 31 Jan 2012 22:56:52 GMT http://www.securityfocus.com/archive/1/521420 2012-01-31T22:56:52Z http://story.venezuelastar.com/index.php/ct/9/cid/3a8a80d6f705f8cc/id/203072114/ MANILA – Bank of the Philippine Islands' (BPI.PH) 2011 net profit increased 13% to PHP12.8 billion ($299 million) from PHP11. 3 billion in 2010, buoyed by a larger net loan portfolio and ... Mon, 30 Jan 2012 05:57:53 GMT http://story.venezuelastar.com/index.php/ct/9/cid/3a8a80d6f705f8cc/id/203072114/ 2012-01-30T05:57:53Z http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-5073 Multiple cross-site scripting (XSS) vulnerabilities in Support Incident Tracker (aka SiT!) before 3.65 allow remote attackers to inject arbitrary web script or HTML via the (1) mode parameter to contact_support.php; (2) contractid parameter to contract_add_service.php; (3) user parameter to edit_backup_users.php; (4) id parameter to edit_escalation_path.php; the Referer to (5) forgotpwd.php, (6) an approvalpage action to billable_incidents.php, or (7) transactions.php; (8) action parameter to... Sun, 29 Jan 2012 00:00:00 GMT http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-5073 2012-01-29T00:00:00Z http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-5072 Multiple SQL injection vulnerabilities in Support Incident Tracker (aka SiT!) before 3.65 allow remote attackers to execute arbitrary SQL commands via the (1) start parameter to portal/kb.php; (2) contractid parameter to contract_add_service.php; (3) id parameter to edit_escalation_path.php; (4) unlock, (5) lock, or (6) selected parameter to holding_queue.php; inc parameter in a report action to (7) report_customers.php or (8) report_incidents_by_site.php; (9) start parameter to search.php; o... Sun, 29 Jan 2012 00:00:00 GMT http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-5072 2012-01-29T00:00:00Z http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4337 Static code injection vulnerability in translate.php in Support Incident Tracker (aka SiT!) 3.45 through 3.65 allows remote attackers to inject arbitrary PHP code into an executable language file in the i18n directory via the lang variable. Sun, 29 Jan 2012 00:00:00 GMT http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4337 2012-01-29T00:00:00Z http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0934 PHP remote file inclusion vulnerability in ajax/savetag.php in the Theme Tuner plugin for WordPress before 0.8 allows remote attackers to execute arbitrary PHP code via a URL in the tt-abspath parameter. Sat, 28 Jan 2012 00:00:00 GMT http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0934 2012-01-28T00:00:00Z http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-5071 Multiple SQL injection vulnerabilities in Support Incident Tracker (aka SiT!) before 3.64 allow remote attackers to execute arbitrary SQL commands via the (1) exc[] parameter to report_marketing.php, (2) selected[] parameter to tasks.php, (3) sites[] parameter to billable_incidents.php, or (4) search_string parameter to search.php. NOTE: some of these details are obtained from third party information. Sat, 28 Jan 2012 00:00:00 GMT http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-5071 2012-01-28T00:00:00Z http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3832 Eval injection vulnerability in config.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated administrators to execute arbitrary PHP code via the application_name parameter in a save action. Sat, 28 Jan 2012 00:00:00 GMT http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3832 2012-01-28T00:00:00Z http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-5070 Multiple cross-site scripting (XSS) vulnerabilities in Support Incident Tracker (aka SiT!) 3.65 allow remote attackers to inject arbitrary web script or HTML via (1) the file name to incident_attachments.php; (2) unspecified vectors in link_add.php, possibly involving origref, linkref, linktype parameters, which are not properly handled in the clean_int function in lib/base.inc.php, or the redirect parameter, which is not properly handled in the html_redirect function in lib/html.inc.php; and... Sat, 28 Jan 2012 00:00:00 GMT http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-5070 2012-01-28T00:00:00Z http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3833 Unrestricted file upload vulnerability in ftp_upload_file.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated users to execute arbitrary PHP code by uploading a PHP file, then accessing it via a direct request to the file in an unspecified directory. Sat, 28 Jan 2012 00:00:00 GMT http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3833 2012-01-28T00:00:00Z http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0069 SQL injection vulnerability in ajax.php in Batavi before 1.2.1 allows remote attackers to execute arbitrary SQL commands via the boxToReload parameter. Tue, 24 Jan 2012 00:00:00 GMT http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0069 2012-01-24T00:00:00Z http://www.securityfocus.com/archive/1/521337 Wordpress Kish Guest Posting Plugin 1.0 (uploadify.php) Unrestricted File Upload Vulnerability Mon, 23 Jan 2012 22:57:29 GMT http://www.securityfocus.com/archive/1/521337 2012-01-23T22:57:29Z http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0900 Multiple cross-site scripting (XSS) vulnerabilities in Beehive Forum 1.0.1 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) forum/register.php or (2) forum/logon.php. Fri, 20 Jan 2012 00:00:00 GMT http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0900 2012-01-20T00:00:00Z http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0899 Cross-site scripting (XSS) vulnerability in referencement/sites_inscription.php in Annuaire PHP allows remote attackers to inject arbitrary web script or HTML via the url parameter and possibly the nom parameter. Fri, 20 Jan 2012 00:00:00 GMT http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0899 2012-01-20T00:00:00Z http://www.securityfocus.com/archive/1/521309 Advisory 01/2012: Suhosin PHP Extension Transparent Cookie Encryption Stack Buffer Overflow Thu, 19 Jan 2012 23:12:12 GMT http://www.securityfocus.com/archive/1/521309 2012-01-19T23:12:12Z http://www.howtoforge.com/installing-apache2-with-php5-and-mysql-support-on-fedora-16-lamp Installing Apache2 With PHP5 And MySQL Support On Fedora 16 (LAMP) LAMP is short for Linux, Apache, MySQL, PHP. This tutorial shows how you can install an Apache2 webserver on a Fedora 16 server with PHP5 support (mod_php) and MySQL support. Sun, 15 Jan 2012 19:40:20 GMT http://www.howtoforge.com/installing-apache2-with-php5-and-mysql-support-on-fedora-16-lamp 2012-01-15T19:40:20Z http://blog.ulf-wendel.de/2012/php-mysqli-quickstart-is-online/ New in the PHP manual: a mysqli quickstart. You are new to PHP but you know how to code, you know SQL, you know relational databases and MySQL? Then, I hope, this is for you. All you need is a quick overview on the concepts? The rest is in the reference section! Here you go. The quickstart contains: Dual procedural and object-oriented interface: something pioneerd by MySQL when PHP learned OOP at 5.0 times. Connections: how, options, persistent/pooled connections. Executing statements: buffered, unbuffered, impact of MySQL Client Server protocol flavour used Prepared Statements: what, how, pros and cons Stored Procedures: how, parameters, prepared statements Multiple Statements: what, security considerations API support for transactions Metadata In case you prefer listening over reading there is a PHP MySQL web seminar series on PHP for you (hint: search "On Demand" for more). To please everybody, we are giving a webinar summary in german as well on 18.01.2012, register now. Please, note that I am inpatient and linking to the PHP documentation teams server: http://docs.php.net/manual/en/mysqli.quickstart.php. The php.net mirrors will need a while to catch up. Happy hacking! @Ulf_Wendel Thu, 12 Jan 2012 18:31:40 GMT http://blog.ulf-wendel.de/2012/php-mysqli-quickstart-is-online/ 2012-01-12T18:31:40Z http://schlueters.de/blog/archives/165-guid.html Over the last few weeks I had been quite silent, but that's about to change: Over the next few weeks I'll give a few presentations. Feel free to join any of those. January, 18th: Erstellung hochperformanter PHP-Anwendungen mit MySQL (German)MySQL Webinar, Online February, 9th: MySQL Konnectoren (German)OTN Developer Day: MySQL, Frankfurt, Germany February 24th/25th: PHP under the hood (English)PHP UK Conference, London, UK Thu, 12 Jan 2012 10:54:40 GMT http://schlueters.de/blog/archives/165-guid.html 2012-01-12T10:54:40Z http://www.howtoforge.com/installing-apache2-with-php5-and-mysql-support-on-centos-6.1-lamp Installing Apache2 With PHP5 And MySQL Support On CentOS 6.1 (LAMP) LAMP is short for Linux, Apache, MySQL, PHP. This tutorial shows how you can install an Apache2 webserver on a CentOS 6.1 server with PHP5 support (mod_php) and MySQL support. Mon, 09 Jan 2012 17:42:56 GMT http://www.howtoforge.com/installing-apache2-with-php5-and-mysql-support-on-centos-6.1-lamp 2012-01-09T17:42:56Z http://www.securityfocus.com/bid/49798 ImpressPages CMS 'actions.php' Remote Code Execution Vulnerability Thu, 05 Jan 2012 00:00:00 GMT http://www.securityfocus.com/bid/49798 2012-01-05T00:00:00Z http://www.securityfocus.com/bid/51237 WordPress 'wp-comments-post.php' Cross Site Scripting Vulnerability Wed, 04 Jan 2012 00:00:00 GMT http://www.securityfocus.com/bid/51237 2012-01-04T00:00:00Z http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4920 Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.26, and other versions before 1.0.0, allow remote attackers to inject arbitrary web script or HTML via the URL to (1) e107_images/thumb.php or (2) rate.php, (3) resend_name parameter to e107_admin/users.php, and (4) link BBCode in user signatures. Wed, 04 Jan 2012 00:00:00 GMT http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4920 2012-01-04T00:00:00Z http://www.securityfocus.com/archive/1/521096 Re: PHP Booking Calendar 10e XSS Tue, 03 Jan 2012 23:06:24 GMT http://www.securityfocus.com/archive/1/521096 2012-01-03T23:06:24Z http://www.securityfocus.com/bid/51193 PHP Web Form Hash Collision Denial Of Service Vulnerability Mon, 02 Jan 2012 00:00:00 GMT http://www.securityfocus.com/bid/51193 2012-01-02T00:00:00Z http://www.securityfocus.com/bid/51220 WordPress WP Live.php 's' Parameter Cross Site Scripting Vulnerability Sun, 01 Jan 2012 00:00:00 GMT http://www.securityfocus.com/bid/51220 2012-01-01T00:00:00Z http://www.securityfocus.com/archive/1/521060 [ MDVSA-2011:197 ] php Fri, 30 Dec 2011 22:50:39 GMT http://www.securityfocus.com/archive/1/521060 2011-12-30T22:50:39Z http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-5045 Cross-site scripting (XSS) vulnerability in details_view.php in PHP Booking Calendar 10e allows remote attackers to inject arbitrary web script or HTML via the page_info_message parameter. Fri, 30 Dec 2011 00:00:00 GMT http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-5045 2011-12-30T00:00:00Z http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-5040 Multiple cross-site scripting (XSS) vulnerabilities in Infoproject Biznis Heroj allow remote attackers to inject arbitrary web script or HTML via the config parameter to (1) nalozi_naslov.php and (2) widget.dokumenti_lista.php. Fri, 30 Dec 2011 00:00:00 GMT http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-5040 2011-12-30T00:00:00Z http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-5039 Multiple SQL injection vulnerabilities in Infoproject Biznis Heroj allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters to login.php, (3) the filter parameter to widget.dokumenti_lista.php, and (4) the fin_nalog_id parameter to nalozi_naslov.php. Fri, 30 Dec 2011 00:00:00 GMT http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-5039 2011-12-30T00:00:00Z http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4615 Multiple cross-site scripting (XSS) vulnerabilities in Zabbix before 1.8.10 allow remote attackers to inject arbitrary web script or HTML via the gname parameter (aka host groups name) to (1) hostgroups.php and (2) usergrps.php, the update action to (3) hosts.php and (4) scripts.php, and (5) maintenance.php. Thu, 29 Dec 2011 00:00:00 GMT http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4615 2011-12-29T00:00:00Z http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-5029 Multiple cross-site scripting (XSS) vulnerabilities in Simple PHP Blog 0.7.0 and possibly earlier allow remote attackers to inject arbitrary web script or HTML via the (1) entry parameter to delete.php or (2) category parameter to index.php. Thu, 29 Dec 2011 00:00:00 GMT http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-5029 2011-12-29T00:00:00Z http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-5022 SQL injection vulnerability in search.php in Pligg CMS 1.1.2 allows remote attackers to execute arbitrary SQL commands via the status parameter. Thu, 29 Dec 2011 00:00:00 GMT http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-5022 2011-12-29T00:00:00Z http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3835 Multiple cross-site scripting (XSS) vulnerabilities in Wuzly 2.0 allow remote attackers to inject arbitrary web script or HTML via the Referer header to (1) admin/login.php and (2) admin/404.php; the (3) q parameter to search.php; the (4) theme_name parameter to theme_settings.php, (5) extension_name parameter to extension_settings.php, (6) q parameter to search.php, (7) type parameter to comments.php, sort parameter to (8) pages.php and (9) posts.php, and the (10) type and (11) q parameter t... Sat, 24 Dec 2011 00:00:00 GMT http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3835 2011-12-24T00:00:00Z http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3838 Multiple SQL injection vulnerabilities in Wuzly 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) u parameter to fp.php, (2) epage parameter to newpage.php, (3) epost parameter to newpost.php, and (4) username parameter to login.php in admin/; or the (5) username parameter to mobile/login.php. Sat, 24 Dec 2011 00:00:00 GMT http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3838 2011-12-24T00:00:00Z http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3837 Directory traversal vulnerability in blog_system/data_functions.php in Wuzly 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the preview parameter to index.php. Sat, 24 Dec 2011 00:00:00 GMT http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3837 2011-12-24T00:00:00Z http://www.securityfocus.com/archive/1/521009 Tiki Wiki CMS Groupware <= 8.2 (snarf_ajax.php) Remote PHP Code Injection Fri, 23 Dec 2011 23:10:06 GMT http://www.securityfocus.com/archive/1/521009 2011-12-23T23:10:06Z http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4453 The PageListSort function in scripts/pagelist.php in PmWiki 2.x before 2.2.35 allows remote attackers to execute arbitrary code via PHP sequences in a crafted order parameter in a pagelist directive, leading to unintended use of the PHP create_function function. Thu, 22 Dec 2011 00:00:00 GMT http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4453 2011-12-22T00:00:00Z http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4753 Multiple SQL injection vulnerabilities in Parallels Plesk Small Business Panel 10.2.0 allow remote attackers to execute arbitrary SQL commands via crafted input to a PHP script, as demonstrated by domains/sitebuilder_edit.php and certain other files. Fri, 16 Dec 2011 00:00:00 GMT http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4753 2011-12-16T00:00:00Z http://www.securityfocus.com/archive/1/520887 [ MDVSA-2011:187 ] php-pear Thu, 15 Dec 2011 22:38:28 GMT http://www.securityfocus.com/archive/1/520887 2011-12-15T22:38:28Z http://www.securityfocus.com/archive/1/520877 PHP-SCMS 1.6.8 "lang" parameter XSS vulnerability Wed, 14 Dec 2011 22:53:53 GMT http://www.securityfocus.com/archive/1/520877 2011-12-14T22:53:53Z http://osnews.com/story/25426/Facebook_Looks_to_Fix_PHP_performance_with_HipHop_Virtual_Machine PHP's popularity and simplicity made it easy for the company's developers to quickly build new features. But PHP's (lack of) performance makes scaling Facebook's site to handle hundreds of billions of page views a month problematic, so Facebook has made big investments in making it leaner and faster. The latest product of those efforts is the HipHop VM (HHVM), a PHP virtual machine that significantly boosts performance of dynamic pages . And Facebook is sharing it with the world as open-source. Wed, 14 Dec 2011 16:01:35 GMT http://osnews.com/story/25426/Facebook_Looks_to_Fix_PHP_performance_with_HipHop_Virtual_Machine 2011-12-14T16:01:35Z http://feedproxy.google.com/~r/oreilly/radar/atom/~3/SU1EAI98NwM/four-short-links-14-december-2-2.html The HipHop Virtual Machine (Facebook) -- inside the new virtual machine for PHP from Facebook. PHP Fog's Free Thinkup Hosting (Expert Labs) -- ThinkUp archives your tweets and other social media activity for you to search, visualize, and analyze. PHPFog hosts PHP apps scalably, and I'm delighted to be an advisor. Andy's made a video showing how to get... Wed, 14 Dec 2011 11:00:00 GMT http://feedproxy.google.com/~r/oreilly/radar/atom/~3/SU1EAI98NwM/four-short-links-14-december-2-2.html 2011-12-14T11:00:00Z http://www.securityfocus.com/bid/50907 PHP 'exif_process_IFD_TAG()' Remote Integer Overflow Vulnerability Wed, 14 Dec 2011 00:00:00 GMT http://www.securityfocus.com/bid/50907 2011-12-14T00:00:00Z http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4827 Multiple cross-site scripting (XSS) vulnerabilities in AutoSec Tools V-CMS 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) p parameter to redirect.php and (2) box parameter to includes/TrueColorPicker/index.php, which is not properly handled in includes/TrueColorPicker/class.TrueColorPicker.php. Wed, 14 Dec 2011 00:00:00 GMT http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4827 2011-12-14T00:00:00Z http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4825 Static code injection vulnerability in inc/function.base.php in Ajax File and Image Manager before 1.1, as used in tinymce before 1.4.2, phpMyFAQ 2.6 before 2.6.19 and 2.7 before 2.7.1, and possibly other products, allows remote attackers to inject arbitrary PHP code into data.php via crafted parameters. Wed, 14 Dec 2011 00:00:00 GMT http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4825 2011-12-14T00:00:00Z