[nycphp-talk] SecurityFocus Newsletter #285

Daniel Convissor danielc at
Sat Jan 29 16:59:47 EST 2005

Hey Folks:

Just because you haven't received one of these summaries from me in 
several months doesn't mean there haven't been vulnerabilities in PHP 
apps. :)

The most recent newsletter is sure helping me making up for lost time.  
There are LOADS of problems!

SecurityFocus Newsletter #285

SparkleBlog Multiple Input Validation Vulnerabilities

Minis Remote Directory Traversal Vulnerability

Gallery Multiple Unspecified Input Validation Vulnerabilitie...

SafeHTML HTML Entity Bypass Vulnerability

PHP Gift Registry Multiple SQL Injection Vulnerabilities

ITA Forum Multiple SQL Injection Vulnerabilities

Gallery Multiple Remote Vulnerabilities

VBulletin Init.PHP Unspecified Remote Vulnerability

CMSimple Multiple Remote Input Validation Vulnerabilities

Siteman User Database Privilege Escalation Vulnerability

MediaWiki Multiple Arbitrary PHP Code Execution Vulnerabilit...

ExBB Nested BBcode Remote Script Injection Vulnerability

JSBoard Local File Include File Disclosure Vulnerability

TikiWiki Multiple Remote Unspecified PHP Script Code Executi...

Oracle Database Multiple Vulnerabilities

MySQL Database MySQLAccess Local Insecure Temporary File Cre...

Apache Utilities Insecure Temporary File Creation Vulnerabil...

Linux Kernel Audit Subsystem Local Denial Of Service Vulnera...

Linux Kernel Unspecified Local NFS I/O Denial of Service Vul...

Netscape Navigator Infinite Array Sort Denial of Service Vul...

Microsoft Internet Explorer Remote Information Disclosure Vu...

RealNetworks RealOne Player And RealPlayer ShowPreferences A...

MySQL MaxDB WebAgent Remote Denial of Service Vulnerabilitie...

Sun Java Plug-in [for IE] Multiple Applet Vulnerabilities

Squid Proxy NTLM Fakeauth_Auth Memory Leak Remote Denial Of ...

 T H E   A N A L Y S I S   A N D   S O L U T I O N S   C O M P A N Y
            data intensive web and database programming
 4015 7th Ave #4, Brooklyn NY 11232  v: 718-854-0335 f: 718-854-0409

More information about the talk mailing list