[nycphp-talk] php problems from SecurityFocus Newsletter # 210

Analysis & Solutions danielc at
Mon Aug 18 16:07:25 EDT 2003

Hey Folks:

Last weeks lull has been more than made up by this weeks flood, including 
a vulnerability in PHP itself...

PHP DLOpen Arbitrary Web Server Process Memory Vulnerability

A problem has been reported in the dlopen function of PHP when used with
the Apache web server.  Because of this, an attacker may be able to gain
unauthorized access to potentially sensitive information.

The problem is in the ability to access the memory of the calling process.
When a PHP script is executed by an Apache process, it is possible to
dump the contents of the Apache process memory to a text file.  This could
be used by an attacker to gain access to potentially sensitive information
which could include authentication credentials.  The function may also
permit other attacks, such as allowing an attacker to deliver different
content other than what the server is configured to serve.

[Yet more] PostNuke Downloads / Web_Links Modules TTitle Cross-site Scr...

Multiple geeeekShop Information Disclosure Vulnerabilities

Invision Power Board Admin.PHP Cross-Site Scripting Vulnerab...

DCForum+ Subject Field HTML Injection Vulnerability
[This issue is exposed through the dcboard.php script.]

Better Basket Pro Store Builder Remote Path Disclosure Vulne...

PHPOutSourcing Zorum Cross-Site Scripting Vulnerability

News Wizard Path Disclosure Vulnerability

PHP Website Calendar Module SQL Injection Vulnerabilities

PHP Website Multiple Module Cross-Site Scripting Vulnerabili...

PHPOutsourcing Zorum Path Disclosure Vulnerability

Horde Application Framework Account Hijacking Vulnerability

HostAdmin Path Disclosure Vulnerability

Xoops BBCode HTML Injection Vulnerability

HolaCMS HTMLtags.PHP Local File Include Vulnerability



     FREE scripts that make web and database programming easier
 T H E   A N A L Y S I S   A N D   S O L U T I O N S   C O M P A N Y
 4015 7th Ave #4AJ, Brooklyn NY    v: 718-854-0335   f: 718-854-0409

More information about the talk mailing list