NYCPHP Meetup

[nycphp-talk] SecurityFocus Newsletter #285

Daniel Convissor danielc at analysisandsolutions.com
Sat Jan 29 16:59:47 EST 2005


Hey Folks:

Just because you haven't received one of these summaries from me in 
several months doesn't mean there haven't been vulnerabilities in PHP 
apps. :)

The most recent newsletter is sure helping me making up for lost time.  
There are LOADS of problems!

SecurityFocus Newsletter #285
-----------------------------

PHP STUFF
---------
SparkleBlog Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/12272

Minis Remote Directory Traversal Vulnerability
http://www.securityfocus.com/bid/12279

Gallery Multiple Unspecified Input Validation Vulnerabilitie...
http://www.securityfocus.com/bid/12286

SafeHTML HTML Entity Bypass Vulnerability
http://www.securityfocus.com/bid/12288

PHP Gift Registry Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/12289

ITA Forum Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/12290

Gallery Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/12292

VBulletin Init.PHP Unspecified Remote Vulnerability
http://www.securityfocus.com/bid/12299

CMSimple Multiple Remote Input Validation Vulnerabilities
http://www.securityfocus.com/bid/12303

Siteman User Database Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/12304

MediaWiki Multiple Arbitrary PHP Code Execution Vulnerabilit...
http://www.securityfocus.com/bid/12305

ExBB Nested BBcode Remote Script Injection Vulnerability
http://www.securityfocus.com/bid/12306

JSBoard Local File Include File Disclosure Vulnerability
http://www.securityfocus.com/bid/12319

TikiWiki Multiple Remote Unspecified PHP Script Code Executi...
http://www.securityfocus.com/bid/12328



OTHER POTENTIALLY IMPORTANT STUFF
---------------------------------
Oracle Database Multiple Vulnerabilities
http://www.securityfocus.com/bid/12301

MySQL Database MySQLAccess Local Insecure Temporary File Cre...
http://www.securityfocus.com/bid/12277

Apache Utilities Insecure Temporary File Creation Vulnerabil...
http://www.securityfocus.com/bid/12308

Linux Kernel Audit Subsystem Local Denial Of Service Vulnera...
http://www.securityfocus.com/bid/12309

Linux Kernel Unspecified Local NFS I/O Denial of Service Vul...
http://www.securityfocus.com/bid/12330

Netscape Navigator Infinite Array Sort Denial of Service Vul...
http://www.securityfocus.com/bid/12331

Microsoft Internet Explorer Remote Information Disclosure Vu...
http://www.securityfocus.com/bid/12294

RealNetworks RealOne Player And RealPlayer ShowPreferences A...
http://www.securityfocus.com/bid/12311

MySQL MaxDB WebAgent Remote Denial of Service Vulnerabilitie...
http://www.securityfocus.com/bid/12313

Sun Java Plug-in [for IE] Multiple Applet Vulnerabilities
http://www.securityfocus.com/bid/12317

Squid Proxy NTLM Fakeauth_Auth Memory Leak Remote Denial Of ...
http://www.securityfocus.com/bid/12324

-- 
 T H E   A N A L Y S I S   A N D   S O L U T I O N S   C O M P A N Y
            data intensive web and database programming
                http://www.AnalysisAndSolutions.com/
 4015 7th Ave #4, Brooklyn NY 11232  v: 718-854-0335 f: 718-854-0409



More information about the talk mailing list