[nycphp-talk] PHP in SecurityFocus #362
Daniel Convissor
danielc at analysisandsolutions.com
Sun Sep 24 05:54:27 EDT 2006
These summaries are available online
RSS: http://phpsec.org/projects/vulnerabilities/securityfocus.xml
HTML: http://phpsec.org/projects/vulnerabilities/securityfocus.html
Alerts from SecurityFocus Newsletter #362
PHP
---
PHP SSCANF() Safe_Mode Restriction-Bypass Vulnerability
http://www.securityfocus.com/bid/19415
This is fixed in 5.1.5 and 4.4.4.
APPLICATIONS USING PHP
----------------------
Netious CMS Authorization Bypass Vulnerability
http://www.securityfocus.com/bid/19421
MyBloggie Trackback.PHP Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/19362
PHPCodeCabinet Core.PHP Remote File Include Vulnerability
http://www.securityfocus.com/bid/19359
VBulletin Multiple Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/19358
Tinyportal Guestbook Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/19357
O2PHP Oxygen Post.PHP SQL Injection Vulnerability
http://www.securityfocus.com/bid/17324
PHPPrintAnalyzer Index.php Remote File Include Vulnerability
http://www.securityfocus.com/bid/19397
Visual Events Calendar Calendar.PHP Remote File Include Vulnerability
http://www.securityfocus.com/bid/19395
Blur6ex Title HTML Injection Vulnerability
http://www.securityfocus.com/bid/19392
Simple CMS Auth.PHP Remote Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/19386
DeluxeBB Newpost.PHP Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/19390
Torbstoff News News.PHP Remote File Include Vulnerability
http://www.securityfocus.com/bid/19385
PHPCC Base_Dir Parameter Remote File Include Vulnerability
http://www.securityfocus.com/bid/19376
TurnkeyWebTools PHP Simple Shop Multiple Remote File Include Vulnerabilities
http://www.securityfocus.com/bid/19382
NewSolved ABS_Path Parameter Remote File Include Vulnerability
http://www.securityfocus.com/bid/19379
XennoBB Profile.PHP Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/19374
CakePHP Error.PHP Multiple Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/19372
JD Wiki For Joomla Main.PHP Remote File Include Vulnerability
http://www.securityfocus.com/bid/19373
phNNTP File_newsportal Remote File Include Vulnerability
http://www.securityfocus.com/bid/19423
Netious CMS Username Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/19419
Simplog Archive.PHP Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/19411
The Address Book Login Page Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/19378
The Address Book Reloaded Unspecified Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/19380
Multiple SAPID Products Multiple Remote File Include Vulnerabilities
http://www.securityfocus.com/bid/19383
RELATED STUFF
-------------
MySQL MERGE Priviledge Revoke Bypass Vulnerability
http://www.securityfocus.com/bid/19279
The issue allows continued access to MERGE tables if privileges on the
original table subsequently got revoked. Upgrade to 5.0.24 or 4.1.21
for the fix.
Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability in LDAP scheme handling
http://www.securityfocus.com/bid/19204
This is fixed in 1.3.37, 2.0.59, 2.2.3.
More information about the talk
mailing list