[TOOL] Analyzer - PHP Security Prober
From: SecuriTeam (support_at_securiteam.com)
Date: 09/19/05
- Previous message: SecuriTeam: "[NT] BNBT EasyTracker DoS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: list@securiteam.com Date: 19 Sep 2005 10:27:45 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
Analyzer - PHP Security Prober
------------------------------------------------------------------------
SUMMARY
DETAILS
Analyzer is a PHP open source script that tests and debugs any kind of
PHP-Nuke based installation.
Security checks are done for them, including MySQL, PHP, and PHP.INI
settings such as register_globals. Script can run in any OS environment
that supports PHP. Helps disable forum GZIP compression (fixes the double
GZIP bug), checks SMTP/MTA availability, among others.
It checks the following versions and reports if newer versions exist:
* MySQL
* PHP
* Apache
* phpNuke
* phpBB
It also checks certain settings in the php.ini file such as
register_globals and provides the full path.
Available here:
<http://www.download.com/Analyzer/3000-2648_4-10397073.html>
http://www.download.com/Analyzer/3000-2648_4-10397073.html
The script itself is written in PHP by CastleCops.
ADDITIONAL INFORMATION
The information has been provided by <mailto:zx@castlecops.com> Paul
Laudanski.
To keep updated with the tool visit the project's homepage at:
<http://www.download.com/Analyzer/3000-2648_4-10397073.html>
http://www.download.com/Analyzer/3000-2648_4-10397073.html
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: SecuriTeam: "[NT] BNBT EasyTracker DoS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
- [UNIX] Multiple Vulnerabilities within PHP 4/5 (pack, unpack, safe_mode_exec_dir, safe_mode, realpat
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... PHP is "a widely-used general-purpose
scripting language that is ... several vulnerabilities within PHP were ... unserialize()
- Wrong Handling of Negative References ... (Securiteam) - [UNIX] Dotdeb PHP Email Header Injection Vulnerability
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... Dotdeb PHP Email Header Injection
Vulnerability ... This patch adds an X-PHP-Script header to ... (Securiteam) - [NEWS] PHP getimagesize() Multiple DoS Vulnerabilities
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... PHP is a widely-used general-purpose
scripting language that is especially ... Remote exploitation of a denial of service condition
in the PHP ... Local exploitation of an input validation vulnerability in The PHP Group's
... (Securiteam) - [UNIX] PHP 5.1.6 / 4.4.4 Critical php_admin* Bypass by ini_restore()
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... There is a privilage escalation
vulnerability in PHP. ... Used to set a boolean configuration directive. ...
can not be overridden by .htaccess or virtualhost directives. ... (Securiteam) - [UNIX] PHP Globals Filtering Bypass
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... PHP Globals Filtering Bypass
... Please note that the PHP globals must be on in order to be vulnerable. ... In
no event shall we be liable for any damages whatsoever including direct, indirect, incidental,
consequential, loss of business profits or special damages. ... (Securiteam)
