Date Author Title
2024-12-17Guy BruneauCommand Injection Exploit For PHPUnit before 4.8.28 and 5.x before 5.6.3 [Guest Diary]
2024-11-06Jesse La Grew[Guest Diary] Insights from August Web Traffic Surge
2024-03-29Xavier MertensQuick Forensics Analysis of Apache logs
2023-09-23Guy BruneauScanning for Laravel - a PHP Framework for Web Artisants
2022-09-07Johannes UllrichPHP Deserialization Exploit attempt
2022-02-02Johannes UllrichFinding elFinder: Who is looking for your files?
2021-11-30Johannes UllrichHunting for PHPUnit Installed via Composer
2020-06-05Remco VerhoefNot so FastCGI!
2019-07-18Xavier MertensMalicious PHP Script Back on Stage?
2019-04-04Xavier MertensNew Waves of Scans Detected by an Old Rule
2018-11-16Xavier MertensBasic Obfuscation With Permissive Languages
2018-07-11Remco VerhoefWell, Hello Again Peppa!
2018-07-02Guy BruneauHello Peppa! - PHP Scans
2018-06-13Xavier MertensA Bunch of Compromized Wordpress Sites
2018-05-06Guy BruneauScans Attempting to use PowerShell to Download PHP Script
2017-09-14Xavier MertensAnother webshell, another backdoor!
2017-08-07Xavier MertensIncrease of phpMyAdmin scans
2017-02-28Xavier MertensAnalysis of a Simple PHP Backdoor
2016-12-26Russ McReeCritical security update: PHPMailer 5.2.20 (CVE-2016-10045)
2016-07-13Xavier MertensDrupal: Patch released today to fix a highly critical RCE in contributed modules
2015-07-12Guy BruneauPHP 5.x Security Updates
2014-09-19Guy BruneauPHP Fixes Several Bugs in Version 5.4 and 5.5
2014-08-22Richard PorterPHP 5.4.32 Released http://www.php.net/ChangeLog-5.php#5.4.32
2014-08-22Richard PorterPHP 5.5.16 is available http://www.php.net/ChangeLog-5.php#5.5.16
2014-08-16Lenny ZeltserWeb Server Attack Investigation - Installing a Bot and Reverse Shell via a PHP Vulnerability
2014-04-04Stephen HallPHP 5.4.27 released
2014-03-27Alex StanfordMass XSSodus in PHP
2013-10-25Johannes UllrichPHP.net compromise aftermath: Why Code Signing Beats Hashes
2013-10-24Johannes UllrichFalse Positive: php.net Malware Alert
2013-09-19Bojan ZdrnjaArrays in requests, PHP and DedeCMS
2013-08-11Bojan ZdrnjaXATattacks (attacks on xat.com)
2013-08-04Johannes UllrichBBCode tag "[php]" used to inject php code
2013-06-07Daniel WesemannPHP patches - see http://www.php.net/ChangeLog-5.php - fixes CVE2013-2110
2013-02-22Chris MohanPHP 5.4.12 and PHP 5.3.22 released http://www.php.net/ChangeLog-5.php
2013-01-17Russ McReePHP 5.4.11 and PHP 5.3.21 released
2012-09-19Russ McReeScript kiddie scavenging with Shellbot.S
2012-06-14Johannes UllrichPHP 5.4.4 and 5.3.14 released with fixes for DES crypt issue and phar heap overflow
2012-05-08Kevin ListonPHP 5.4.3 and PHP 5.3.13 Released
2012-04-05Johannes UllrichEvil hides everywhere: Web Application Exploits in Headers
2012-03-07Johannes UllrichWhat happened to RFI attacks?
2012-02-07Johannes UllrichSecure E-Mail Access
2012-02-03Guy BruneauPHP 5.3.10 Released, Fixes CVE-2012-0830 available for download http://www.php.net/archive/2012.php#id2012-02-02-1
2012-02-03Johannes UllrichCritical PHP bug patched
2012-01-16Kevin Shorttphp 5.3.9 released -Jan-10-2011
2012-01-12Rob VandenBrinkPHP 5.39 was release on the 10th, amongst other things, it addresses CVE-2011-4885 (prevents attacks based on hash collisions) and CVE-2011-4566 (integer overflow when parsing invalid exif header)
2011-08-22Jim ClausingDO NOT upgrade to PHP 5.3.7, significant bug in crypt() function, see http://www.php.net/
2011-08-18Rob VandenBrinkPHP 5.37 release. Some security updates, plus lots of bug fixes ==> http://www.php.net/archive/2011.php#id2011-08-18-1
2010-08-31Bojan ZdrnjaInteresting PHP injection
2010-08-10Daniel WesemannSSH - new brute force tool?
2010-07-04Manuel Humberto Santander PelaezInteresting analysis of the PHP SplObjectStorage Vulnerability
2010-06-14Manuel Humberto Santander PelaezAnother way to get protection for application-level attacks
2010-05-23Manuel Humberto Santander Pelaeze-mail scam announcing Fidel Castro's funeral ... and nasty malware to your computer.
2010-02-27Guy BruneauPHP 5.2.13 Security Update
2010-01-29Johannes UllrichAnalyzing isc.sans.org weblogs, part 2, RFI attacks
2009-12-28Johannes Ullrich8 Basic Rules to Implement Secure File Uploads http://jbu.me/48 (inspired by IIS ; bug)
2009-11-20Mark Hofman PHP 5.3.1 is released. With many of the websites on the net relying on PHP and the number of attacks we see, consider upgrading. This release has over 100 bug fixes, some of which are security related.
2009-08-01Deborah HaleWebsite Warnings
2009-06-26Mark HofmanPHPMYADMIN scans
2009-06-24Kyle HaugsnessExploit tools are publicly available for phpMyAdmin
2009-06-21Scott FendleyphpMyAdmin Scans
2009-04-07Johannes UllrichCommon Apache Misconception
2009-02-03Swa FrantzenOn the importance of patching fast
2008-12-10Stephen HallPHP Group has released PHP version 5.2.8
2008-09-09Swa Frantzenwordpress upgrade
2008-08-19Johannes UllrichA morning stroll through my web logs
2008-05-05John BambenekPHP 5.2.6 out w/ security updates
2006-12-24Swa FrantzenphpBB 2.0.22 - upgrade time
2006-11-29Toby KohlenbergNew Vulnerability Announcement and patches from Apple
2006-09-13Swa FrantzenPHP - shared hosters, take note.