NYCPHP Meetup

[Daniel Convissor]

These summaries are available online
RSS:  http://phpsec.org/projects/vulnerabilities/securityfocus.xml
HTML: http://phpsec.org/projects/vulnerabilities/securityfocus.html

Alerts from SecurityFocus Newsletter #362

PHP
---
PHP SSCANF() Safe_Mode Restriction-Bypass Vulnerability
http://www.securityfocus.com/bid/19415
This is fixed in 5.1.5 and 4.4.4.


APPLICATIONS USING PHP
----------------------
Netious CMS Authorization Bypass Vulnerability
http://www.securityfocus.com/bid/19421

MyBloggie Trackback.PHP Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/19362

PHPCodeCabinet Core.PHP Remote File Include Vulnerability
http://www.securityfocus.com/bid/19359

VBulletin Multiple Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/19358

Tinyportal Guestbook Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/19357

O2PHP Oxygen Post.PHP SQL Injection Vulnerability
http://www.securityfocus.com/bid/17324

PHPPrintAnalyzer Index.php Remote File Include Vulnerability
http://www.securityfocus.com/bid/19397

Visual Events Calendar Calendar.PHP Remote File Include Vulnerability
http://www.securityfocus.com/bid/19395

Blur6ex Title HTML Injection Vulnerability
http://www.securityfocus.com/bid/19392

Simple CMS Auth.PHP Remote Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/19386

DeluxeBB Newpost.PHP Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/19390

Torbstoff News News.PHP Remote File Include Vulnerability
http://www.securityfocus.com/bid/19385

PHPCC Base_Dir Parameter Remote File Include Vulnerability
http://www.securityfocus.com/bid/19376

TurnkeyWebTools PHP Simple Shop Multiple Remote File Include Vulnerabilities
http://www.securityfocus.com/bid/19382

NewSolved ABS_Path Parameter Remote File Include Vulnerability
http://www.securityfocus.com/bid/19379

XennoBB Profile.PHP Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/19374

CakePHP Error.PHP Multiple Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/19372

JD Wiki For Joomla Main.PHP Remote File Include Vulnerability
http://www.securityfocus.com/bid/19373

phNNTP File_newsportal Remote File Include Vulnerability
http://www.securityfocus.com/bid/19423

Netious CMS Username Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/19419

Simplog Archive.PHP Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/19411

The Address Book Login Page Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/19378

The Address Book Reloaded Unspecified Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/19380

Multiple SAPID Products Multiple Remote File Include Vulnerabilities
http://www.securityfocus.com/bid/19383


RELATED STUFF
-------------
 MySQL MERGE Priviledge Revoke Bypass Vulnerability
http://www.securityfocus.com/bid/19279
The issue allows continued access to MERGE tables if privileges on the
original table subsequently got revoked. Upgrade to 5.0.24 or 4.1.21
for the fix.

Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability in LDAP scheme handling
http://www.securityfocus.com/bid/19204
This is fixed in 1.3.37, 2.0.59, 2.2.3.