2024-12-17 | Guy Bruneau | Command Injection Exploit For PHPUnit before 4.8.28 and 5.x before 5.6.3 [Guest Diary] |
2024-11-06 | Jesse La Grew | [Guest Diary] Insights from August Web Traffic Surge |
2024-03-29 | Xavier Mertens | Quick Forensics Analysis of Apache logs |
2023-09-23 | Guy Bruneau | Scanning for Laravel - a PHP Framework for Web Artisants |
2022-09-07 | Johannes Ullrich | PHP Deserialization Exploit attempt |
2022-02-02 | Johannes Ullrich | Finding elFinder: Who is looking for your files? |
2022-01-26 | Jan Kopriva | Over 20 thousand servers have their iLO interfaces exposed to the internet, many with outdated and vulnerable versions of FW |
2021-11-30 | Johannes Ullrich | Hunting for PHPUnit Installed via Composer |
2020-06-05 | Remco Verhoef | Not so FastCGI! |
2019-07-18 | Xavier Mertens | Malicious PHP Script Back on Stage? |
2019-04-04 | Xavier Mertens | New Waves of Scans Detected by an Old Rule |
2018-11-16 | Xavier Mertens | Basic Obfuscation With Permissive Languages |
2018-07-11 | Remco Verhoef | Well, Hello Again Peppa! |
2018-07-02 | Guy Bruneau | Hello Peppa! - PHP Scans |
2018-06-13 | Xavier Mertens | A Bunch of Compromized Wordpress Sites |
2018-05-06 | Guy Bruneau | Scans Attempting to use PowerShell to Download PHP Script |
2017-09-14 | Xavier Mertens | Another webshell, another backdoor! |
2017-08-07 | Xavier Mertens | Increase of phpMyAdmin scans |
2017-02-28 | Xavier Mertens | Analysis of a Simple PHP Backdoor |
2016-12-26 | Russ McRee | Critical security update: PHPMailer 5.2.20 (CVE-2016-10045) |
2016-07-13 | Xavier Mertens | Drupal: Patch released today to fix a highly critical RCE in contributed modules |
2016-04-25 | Guy Bruneau | Highlights from the 2016 HPE Annual Cyber Threat Report |
2015-07-21 | Didier Stevens | Searching Through the VirusTotal Database |
2015-07-12 | Guy Bruneau | PHP 5.x Security Updates |
2014-09-19 | Guy Bruneau | PHP Fixes Several Bugs in Version 5.4 and 5.5 |
2014-08-22 | Richard Porter | PHP 5.4.32 Released http://www.php.net/ChangeLog-5.php#5.4.32 |
2014-08-22 | Richard Porter | PHP 5.5.16 is available http://www.php.net/ChangeLog-5.php#5.5.16 |
2014-08-16 | Lenny Zeltser | Web Server Attack Investigation - Installing a Bot and Reverse Shell via a PHP Vulnerability |
2014-04-04 | Stephen Hall | PHP 5.4.27 released |
2014-03-27 | Alex Stanford | Mass XSSodus in PHP |
2013-10-25 | Johannes Ullrich | PHP.net compromise aftermath: Why Code Signing Beats Hashes |
2013-10-24 | Johannes Ullrich | False Positive: php.net Malware Alert |
2013-09-19 | Bojan Zdrnja | Arrays in requests, PHP and DedeCMS |
2013-08-11 | Bojan Zdrnja | XATattacks (attacks on xat.com) |
2013-08-04 | Johannes Ullrich | BBCode tag "[php]" used to inject php code |
2013-06-07 | Daniel Wesemann | PHP patches - see http://www.php.net/ChangeLog-5.php - fixes CVE2013-2110 |
2013-02-22 | Chris Mohan | PHP 5.4.12 and PHP 5.3.22 released http://www.php.net/ChangeLog-5.php |
2013-01-27 | Tony Carothers | HP JetDirect Vulnerabilities Discussed |
2013-01-17 | Russ McRee | PHP 5.4.11 and PHP 5.3.21 released |
2012-09-19 | Russ McRee | Script kiddie scavenging with Shellbot.S |
2012-06-14 | Johannes Ullrich | PHP 5.4.4 and 5.3.14 released with fixes for DES crypt issue and phar heap overflow |
2012-05-08 | Kevin Liston | PHP 5.4.3 and PHP 5.3.13 Released |
2012-04-12 | Guy Bruneau | HP ProCurve 5400 zl Switch, Flash Cards Infected with Malware |
2012-04-05 | Johannes Ullrich | Evil hides everywhere: Web Application Exploits in Headers |
2012-03-07 | Johannes Ullrich | What happened to RFI attacks? |
2012-02-16 | Johannes Ullrich | Adobe Flash Player Update |
2012-02-07 | Johannes Ullrich | Secure E-Mail Access |
2012-02-03 | Guy Bruneau | PHP 5.3.10 Released, Fixes CVE-2012-0830 available for download http://www.php.net/archive/2012.php#id2012-02-02-1 |
2012-02-03 | Johannes Ullrich | Critical PHP bug patched |
2012-01-16 | Kevin Shortt | php 5.3.9 released -Jan-10-2011 |
2012-01-12 | Rob VandenBrink | PHP 5.39 was release on the 10th, amongst other things, it addresses CVE-2011-4885 (prevents attacks based on hash collisions) and CVE-2011-4566 (integer overflow when parsing invalid exif header) |
2011-11-29 | John Bambenek | Hacking HP Printers for Fun and Profit |
2011-08-22 | Jim Clausing | DO NOT upgrade to PHP 5.3.7, significant bug in crypt() function, see http://www.php.net/ |
2011-08-18 | Rob VandenBrink | PHP 5.37 release. Some security updates, plus lots of bug fixes ==> http://www.php.net/archive/2011.php#id2011-08-18-1 |
2011-03-07 | Johannes Ullrich | Outbound SSH Traffic from HP Virtual Connect Blades |
2010-12-15 | Manuel Humberto Santander Pelaez | HP StorageWorks P2000 G3 MSA hardcoded user |
2010-08-31 | Bojan Zdrnja | Interesting PHP injection |
2010-08-10 | Daniel Wesemann | SSH - new brute force tool? |
2010-07-04 | Manuel Humberto Santander Pelaez | Interesting analysis of the PHP SplObjectStorage Vulnerability |
2010-06-14 | Manuel Humberto Santander Pelaez | Another way to get protection for application-level attacks |
2010-05-23 | Manuel Humberto Santander Pelaez | e-mail scam announcing Fidel Castro's funeral ... and nasty malware to your computer. |
2010-02-27 | Guy Bruneau | PHP 5.2.13 Security Update |
2010-01-29 | Johannes Ullrich | Analyzing isc.sans.org weblogs, part 2, RFI attacks |
2009-12-28 | Johannes Ullrich | 8 Basic Rules to Implement Secure File Uploads http://jbu.me/48 (inspired by IIS ; bug) |
2009-11-20 | Mark Hofman | PHP 5.3.1 is released. With many of the websites on the net relying on PHP and the number of attacks we see, consider upgrading. This release has over 100 bug fixes, some of which are security related. |
2009-08-01 | Deborah Hale | Website Warnings |
2009-06-26 | Mark Hofman | PHPMYADMIN scans |
2009-06-24 | Kyle Haugsness | Exploit tools are publicly available for phpMyAdmin |
2009-06-21 | Scott Fendley | phpMyAdmin Scans |
2009-04-07 | Johannes Ullrich | Common Apache Misconception |
2009-02-06 | Adrien de Beaupre | Time to patch your HP printers |
2009-02-03 | Swa Frantzen | On the importance of patching fast |
2008-12-10 | Stephen Hall | PHP Group has released PHP version 5.2.8 |
2008-09-09 | Swa Frantzen | wordpress upgrade |
2008-08-19 | Johannes Ullrich | A morning stroll through my web logs |
2008-05-05 | John Bambenek | PHP 5.2.6 out w/ security updates |
2008-04-07 | John Bambenek | HP USB Keys Shipped with Malware for your Proliant Server |
2006-12-24 | Swa Frantzen | phpBB 2.0.22 - upgrade time |
2006-11-29 | Toby Kohlenberg | New Vulnerability Announcement and patches from Apple |
2006-09-13 | Swa Frantzen | PHP - shared hosters, take note. |