NYCPHP Meetup

NYPHP.org

[nycphp-talk] latest vulnerabilities...

Hans Zaunere zaunere at yahoo.com
Tue Jun 10 08:36:33 EDT 2003 

--- Analysis & Solutions <danielc at analysisandsolutions.com> wrote:
> Hey Folks:
> 
> Here are the highlights from SecurityFocus's latest newsletter...

*sigh*

Like sendmail, I think we need to start a "Don't Blame PHP" campaign.  All
except one of these issues is application related - not PHP itself.  Yet,
when talking with "outsiders" about PHP, a common theme is insecurity.

H

> ------------------
> PHP Transparent Session ID Cross Site Scripting Vulnerability
> http://www.securityfocus.com/bid/7761
> 
> A cross-site scripting vulnerability has been discovered in PHP version
> 4.3.1 and earlier.
> 
> ------------------
> Yet another PHP-Nuke vulnerability...
> 
> PHP-Nuke User/Admin Cookie SQL Injection Vulnerability
> http://www.securityfocus.com/bid/7762
> 
> ------------------
> Multiple Mod_Gzip Debug Mode Vulnerabilities
> http://www.securityfocus.com/bid/7769
> 
> Mod_gzip is an Apache web server module that compresses web content before
> sending it to the client.  Mod_gzip is not a standard module for Apache.
> 
> ------------------
> Webfroot Shoutbox Expanded.PHP Remote Command Execution Vulnerability
> http://www.securityfocus.com/bid/7772
> 
> Webfroot Shoutbox is a web application designed to allow web site visitors
> a chance to leave messages. It is implemented in PHP...
> 
> ------------------
> Webchat Module Path Disclosure Weakness
> http://www.securityfocus.com/bid/7774
> 
> Webchat is a web based chat module designed for use with PHP-Nuke.
> 
> ------------------
> SPChat Module Remote File Include Vulnerability
> http://www.securityfocus.com/bid/7780
> 
> SPChat is a web based chat module designed for use with PHP-Nuke.
> 
> ------------------
> Multiple vulnerabilities in Cafelog b2
> http://www.securityfocus.com/bid/7782
> http://www.securityfocus.com/bid/7783
> http://www.securityfocus.com/bid/7786
> 
> CafeLog b2 WebLog Tool allows users to generate news pages and weblogs
> dynamically. It is implemented in PHP
> 
> ------------------
> multiple Wordpress vulnerabilities
> http://www.securityfocus.com/bid/7784
> http://www.securityfocus.com/bid/7785
> 
> Wordpress allows users to generate news pages and weblogs dynamically. It
> uses PHP and a MySQL database to generate dynamic pages.
> 
> ------------------
> While this isn't PHP related, cPanel was discussed on the list recently...
> 
> cPanel/Formail-Clone E-Mail Restriction Bypass Vulnerability
> http://www.securityfocus.com/bid/7758
> 
> ------------------
> Interesting thing to look out for if you run servers or have
> scripts which send email...
> 
> Linux /bin/mail Carbon Copy Field Buffer Overrun Vulnerability
> http://www.securityfocus.com/bid/7760
> 
> 
> Enjoy,
> 
> --Dan
> 
> -- 
>      FREE scripts that make web and database programming easier
>            http://www.analysisandsolutions.com/software/
>  T H E   A N A L Y S I S   A N D   S O L U T I O N S   C O M P A N Y
>  4015 7th Ave #4AJ, Brooklyn NY    v: 718-854-0335   f: 718-854-0409
> 
> 
> --- Unsubscribe at http://nyphp.org/list/ ---
> 
>

More information about the talk mailing list