Webremix Articles

Basic OOP In PHP Part One

Fri, 27 Aug 2010 18:59:26 GMT

Object-Oriented Programming, OOP for short, is a concept that has root as far back as the 1960's, but has not been in common use within mainstream software development until the 1990's. With the release of PHP5 in 2004, the PHP code finally gained a whole OOP infrastructure to compete with the likes of Java and C# and the popularity of using OOP in ...

CVE-2009-4993

Wed, 25 Aug 2010 00:00:00 GMT

PHP remote file inclusion vulnerability in home.php in LM Starmail Paidmail 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.

CVE-2009-4985 (accessories_me_php_affiliate_script)

Wed, 25 Aug 2010 00:00:00 GMT

SQL injection vulnerability in browse.php in Accessories Me PHP Affiliate Script 1.4 allows remote attackers to execute arbitrary SQL commands via the Go parameter.

CVE-2009-4977 (mybackup)

Wed, 25 Aug 2010 00:00:00 GMT

PHP remote file inclusion vulnerability in index.php in MyBackup 1.4.0 allows remote authenticated users to execute arbitrary PHP code via a URL in the main_content parameter.

CVE-2009-4984 (accessories_me_php_affiliate_script)

Wed, 25 Aug 2010 00:00:00 GMT

Multiple cross-site scripting (XSS) vulnerabilities in Accessories Me PHP Affiliate Script 1.4 allow remote attackers to inject arbitrary web script or HTML via the (1) Keywords parameter to search.php and (2) SearchIndex parameter to browse.php.

CVE-2009-4980 (photokorn_gallery)

Wed, 25 Aug 2010 00:00:00 GMT

Multiple cross-site scripting (XSS) vulnerabilities in Photokorn Gallery 1.81 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) where[] parameter to search.php and (2) qc parameter to admin.php.

CVE-2009-4983 (silurus_system)

Wed, 25 Aug 2010 00:00:00 GMT

Multiple cross-site scripting (XSS) vulnerabilities in Silurus Classifieds 1.0 allow remote attackers to inject arbitrary web script or HTML via the ID parameter to (1) category.php and (2) wcategory.php, and the (3) keywords parameter to search.php.

CVE-2010-3056 (phpmyadmin)

Tue, 24 Aug 2010 00:00:00 GMT

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.11.x before 2.11.10.1 and 3.x before 3.3.5.1 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) db_search.php, (2) db_sql.php, (3) db_structure.php, (4) js/messages.php, (5) libraries/common.lib.php, (6) libraries/database_interface.lib.php, (7) libraries/dbi/mysql.dbi.lib.php, (8) libraries/dbi/mysqli.dbi.lib.php, (9) libraries/db_info.inc.php, (10) libraries/sanitizing.lib.php, (11) lib...

CVE-2010-2545 (cacti)

Mon, 23 Aug 2010 00:00:00 GMT

Multiple cross-site scripting (XSS) vulnerabilities in Cacti before 0.8.7g, as used in Red Hat High Performance Computing (HPC) Solution and other products, allow remote attackers to inject arbitrary web script or HTML via (1) the name element in an XML template to templates_import.php; and allow remote authenticated administrators to inject arbitrary web script or HTML via vectors related to (2) cdef.php, (3) data_input.php, (4) data_queries.php, (5) data_sources.php, (6) data_templates.php,...

Vuln: SlideShowPro Director 'p.php' Directory Traversal Vulnerability

Fri, 20 Aug 2010 00:00:00 GMT

SlideShowPro Director 'p.php' Directory Traversal Vulnerability

Vuln: CMS Made Simple 'modules/Printing/output.php' CMS Local File Include Vulnerability

Thu, 19 Aug 2010 00:00:00 GMT

CMS Made Simple 'modules/Printing/output.php' CMS Local File Include Vulnerability

Run PHP tests in your Perl test suite

Tue, 17 Aug 2010 22:30:54 GMT

Sometimes you've got a big codebase that isn't just Perl. Maybe you've got PHP mixed in with it, and you want to test the PHP along with all the Perl code, too. Perl's prove program doesn't care if the testing...

Run PHP tests in your Perl test suite

Tue, 17 Aug 2010 22:30:54 GMT

Embarcadero tackles the cloud with tools for PHP and Windows

Tue, 17 Aug 2010 13:47:38 GMT

Embarcadero Technologies will release later this month upgraded development tools for Windows and PHP as part of its RAD Studio XE suite.

Vuln: Retired: CruxCMS 'login.php' Cross-Site Scripting Vulnerability

Mon, 16 Aug 2010 00:00:00 GMT

Retired: CruxCMS 'login.php' Cross-Site Scripting Vulnerability

Vuln: CMSQLite 'admin/mediaAdmin.php' Arbitrary File Upload Vulnerability

Mon, 16 Aug 2010 00:00:00 GMT

CMSQLite 'admin/mediaAdmin.php' Arbitrary File Upload Vulnerability

Vuln: clearBudget 'controller.class.php' Remote File Include Vulnerability

Wed, 11 Aug 2010 00:00:00 GMT

clearBudget 'controller.class.php' Remote File Include Vulnerability

Vuln: PHP Versions Prior to 5.3.3/5.2.14 Multiple Vulnerabilities

Mon, 09 Aug 2010 00:00:00 GMT

PHP Versions Prior to 5.3.3/5.2.14 Multiple Vulnerabilities

CVE-2010-2790 (zabbix)

Thu, 05 Aug 2010 00:00:00 GMT

Multiple cross-site scripting (XSS) vulnerabilities in the formatQuery function in frontends/php/include/classes/class.curl.php in Zabbix before 1.8.3rc1 allow remote attackers to inject arbitrary web script or HTML via the (1) filter_set, (2) show_details, (3) filter_rst, or (4) txt_select parameters to the triggers page (tr_status.php). NOTE: some of these details are obtained from third party information.

Vuln: RETIRED: PhotoPost PHP 'index.php' SQL Injection Vulnerability

Tue, 03 Aug 2010 00:00:00 GMT

RETIRED: PhotoPost PHP 'index.php' SQL Injection Vulnerability

Vuln: All Enthusiast Photopost PHP Pro Multiple Input Validation Vulnerabilities

Tue, 03 Aug 2010 00:00:00 GMT

All Enthusiast Photopost PHP Pro Multiple Input Validation Vulnerabilities

CVE-2010-2918

Fri, 30 Jul 2010 00:00:00 GMT

PHP remote file inclusion vulnerability in core/include/myMailer.class.php in the Visites (com_joomla-visites) component 1.1 RC2 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

Vuln: PHP Traverser 'mp3_id.php' Remote File Include Vulnerability

Thu, 29 Jul 2010 00:00:00 GMT

PHP Traverser 'mp3_id.php' Remote File Include Vulnerability

CVE-2010-2909

Wed, 28 Jul 2010 00:00:00 GMT

SQL injection vulnerability in ttvideo.php in the TTVideo (com_ttvideo) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter in a video action to index.php.

Bugtraq: [ MDVSA-2010:140 ] php

Tue, 27 Jul 2010 23:20:51 GMT

[ MDVSA-2010:140 ] php

Vuln: vBulletin 'faq.php' Information Disclosure Vulnerability

Thu, 22 Jul 2010 00:00:00 GMT

vBulletin 'faq.php' Information Disclosure Vulnerability

CVE-2009-4936 (small_pirate)

Thu, 22 Jul 2010 00:00:00 GMT

Multiple SQL injection vulnerabilities in Small Pirate (SPirate) 2.1 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to the default URI in an rss .xml action, or the id parameter to (2) pag1.php, (3) pag1-guest.php, (4) rss-comment_post.php (aka rss-coment_post.php), or (5) rss-pic-comment.php.

Philippine-Listed Firms 1Q Combined Net Profit More Than Doubled To PHP137 Billion

Tue, 20 Jul 2010 08:16:58 GMT

MANILA -(Dow Jones)- The combined net earnings of companies listed on the local bourse more than doubled to PHP137.08 billion ($2.95 billion) in the first quarter from PHP64.08 billion a year earlier...

CVE-2010-2715 (tcw_php_album)

Tue, 13 Jul 2010 00:00:00 GMT

Cross-site scripting (XSS) vulnerability in photos/index.php in TCW PHP Album 1.0 allows remote attackers to inject arbitrary web script or HTML via the album parameter.

CVE-2010-2714 (tcw_php_album)

Tue, 13 Jul 2010 00:00:00 GMT

SQL injection vulnerability in photos/index.php in TCW PHP Album 1.0 allows remote attackers to execute arbitrary SQL commands via the album parameter.

CVE-2010-2718 (cruxpa)

Tue, 13 Jul 2010 00:00:00 GMT

Multiple cross-site scripting (XSS) vulnerabilities in CruxSoftware CruxPA 2.00, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) txtusername parameter to login.php, (2) todo parameter to newtodo.php, and unspecified vectors to (3) newtelephone.php and (4) newappointment.php.

CVE-2010-2716 (psnews)

Tue, 13 Jul 2010 00:00:00 GMT

Multiple SQL injection vulnerabilities in PsNews 1.3 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) ndetail.php and (2) print.php.

CVE-2009-4926 (online_contact_manager)

Mon, 12 Jul 2010 00:00:00 GMT

Multiple cross-site scripting (XSS) vulnerabilities in Online Contact Manager (formerly EContact PRO) 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) showGroup parameter to (a) index.php and the (2) id parameter to (b) view.php, (c) email.php, (d) edit.php, and (e) delete.php.

CVE-2010-2681 (com_sef)

Mon, 12 Jul 2010 00:00:00 GMT

PHP remote file inclusion vulnerability in the SEF404x (com_sef) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig.absolute.path parameter to index.php.

CVE-2009-4928 (totalcalendar)

Mon, 12 Jul 2010 00:00:00 GMT

PHP remote file inclusion vulnerability in config.php in TotalCalendar 2.4 allows remote attackers to execute arbitrary PHP code via a URL in the inc_dir parameter, a different vector than CVE-2006-1922 and CVE-2006-7055.

CVE-2010-2700

Mon, 12 Jul 2010 00:00:00 GMT

Cross-site scripting (XSS) vulnerability in index.php in Edge PHP Clickbank Affiliate Marketplace Script (CBQuick) allows remote attackers to inject arbitrary web script or HTML via the search parameter.

CVE-2010-2699

Mon, 12 Jul 2010 00:00:00 GMT

SQL injection vulnerability in index.php in Edge PHP Clickbank Affiliate Marketplace Script (CBQuick) allows remote attackers to execute arbitrary SQL commands via the search parameter.

CVE-2010-2691 (custom_t-shirt_design_script)

Mon, 12 Jul 2010 00:00:00 GMT

Multiple SQL injection vulnerabilities in 2daybiz Custom T-Shirt Design Script allow remote attackers to execute arbitrary SQL commands via the (1) sbid parameter to products_details.php, (2) pid parameter to products/products.php, and (3) designid parameter to designview.php.

CVE-2010-2654 (advanced_management_module)

Thu, 08 Jul 2010 00:00:00 GMT

Multiple cross-site scripting (XSS) vulnerabilities on the IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, allow remote attackers to inject arbitrary web script or HTML via the (1) INDEX or (2) IPADDR parameter to private/cindefn.php, (3) the domain parameter to private/power_management_policy_options.php, the slot parameter to (4) private/pm_temp.php or (5) private/power_module.php, (6) the WEBINDEX parameter to...

CVE-2010-2677

Thu, 08 Jul 2010 00:00:00 GMT

PHP remote file inclusion vulnerability in mw_plugin.php in Open Web Analytics (OWA) 1.2.3, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the IP parameter. NOTE: some of these details are obtained from third party information.

Resources: Windows Azure for PHP developers

Tue, 06 Jul 2010 22:59:11 GMT

Many thanks to the folks who came out for my talk last week at Atlanta PHP on Windows Azure.

Vuln: BrotherScripts Auto Dealer Software 'info.php' SQL Injection Vulnerability

Tue, 06 Jul 2010 00:00:00 GMT

BrotherScripts Auto Dealer Software 'info.php' SQL Injection Vulnerability

CVE-2010-1328 (tornadostore)

Tue, 06 Jul 2010 00:00:00 GMT

Multiple cross-site scripting (XSS) vulnerabilities in TornadoStore 1.4.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) tipo or (2) destino parameter to login_registrese.php3 in the Services section, (3) the rubro parameter to precios.php3 in the Products section, (4) the arti parameter to recomenda_articulo.php3 in the Products section, (5) the descrip parameter in a profile action to control/abm_det.php3 in the e-Commerce section, (6) the tit paramete...

Vuln: phpFK PHP Forum ohne 'search.php' Cross Site Scripting Vulnerability

Mon, 05 Jul 2010 00:00:00 GMT

phpFK PHP Forum ohne 'search.php' Cross Site Scripting Vulnerability

Vuln: iScripts SocialWare 'events.php' SQL Injection Vulnerability

Mon, 05 Jul 2010 00:00:00 GMT

iScripts SocialWare 'events.php' SQL Injection Vulnerability

Vuln: Wiki Web Help 'uploadimage.php' Arbitrary File Upload Vulnerability

Mon, 05 Jul 2010 00:00:00 GMT

Wiki Web Help 'uploadimage.php' Arbitrary File Upload Vulnerability

CVE-2010-2624

Fri, 02 Jul 2010 00:00:00 GMT

Multiple SQL injection vulnerabilities in iScripts EasySnaps 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) comment parameter to add_comments.php, (2) values parameter to tags_details.php, or (3) begin parameter to greetings.php.

CVE-2010-2618 (adapcms)

Fri, 02 Jul 2010 00:00:00 GMT

PHP remote file inclusion vulnerability in inc/smarty/libs/init.php in AdaptCMS 2.0.0 Beta, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the sitepath parameter.

CVE-2010-2617 (php_bible_search)

Fri, 02 Jul 2010 00:00:00 GMT

Cross-site scripting (XSS) vulnerability in bible.php in PHP Bible Search allows remote attackers to inject arbitrary web script or HTML via the chapter parameter.

CVE-2010-2616 (php_bible_search)

Fri, 02 Jul 2010 00:00:00 GMT

SQL injection vulnerability in bible.php in PHP Bible Search, probably 0.99, allows remote attackers to execute arbitrary SQL commands via the chapter parameter.