code execution

On the PHPClasses.org blog there's a new post detailing an issue that came up in the PHP 5.3.9 release that caused a large security issue (PHP 5.3.10 has, however, already been released to correct the issue).

In this recent post to his blog Anson Cheung provides a set of helpful hints for sysadmins to follow when installing (or just securing) the PHP installations on their systems.

On the PHP on Windows blog from DZone.com Krzysztof Kotowicz has a new post - part one in a series on securing your PHP application - a look at securely including remote code from a source outside of your application.

The May Security Bulletins address remote code execution vulnerabilities in Windows Server and Microsoft Office.

The March security patch, released on Tuesday, addresses four vulnerabilities related to remote code execution exploits in Windows and related applications.

ZDNet: "Adobe's ubiquitous Flash Player software is vulnerable to at least six critical security vulnerabilities that could allow hackers to launch remote code execution attacks, the company warned in an advisory."

It was discovered that access control to the [php] bbcode which allows executing PHP code is wrongly implemented in e107.

This allows unauthenticated users to execute arbitrary PHP code easily.

Affected versions

Affected is e107 <= 0.7.20

Risk

Highly Critical.

Credits

The vulnerability was discovered by Stefan Esser.

A local file inclusion vulnerability was discovered in CMSQlite that might allow remote PHP code execution.

Affected versions

Affected is CMSQlite <= 1.2

Risk

Critical.

Credits

The vulnerability was discovered by Stefan Esser as part of the SQL Injection Marathon.

A new zero-day remote code execution vulnerability has come to Redmond's attention, this time affecting Microsoft Office PowerPoint.

Microsoft is looking into public reports of a new-found vulnerability in its Microsoft Office Excel spreadsheet application that could enable a remote code execution attack by hackers.