NYCPHP Meetup

NYPHP.org

[nycphp-talk] Alerts from SecurityFocus Newsletter #306

Daniel Convissor danielc at analysisandsolutions.com
Fri Jul 8 15:38:34 EDT 2005 

Alerts from SecurityFocus Newsletter #306

APPLICATIONS USING PHP
----------------------
XML-RPC for PHP Remote Code Injection Vulnerability
http://www.securityfocus.com/bid/14088

Below is most of the software containing this vulnerability
and which version fixes the problem:
    Serendipity 0.8.2
    PEAR XML_RPC 1.3.1 (and 1.3.2 fixes additional vulnerabilities)
    XML-RPC for PHP 1.1.1
    Drupal 4.6.2 or 4.5.4
    Xoops 2.0.12a
    phpMyFAQ 1.4.9 or 1.5.0 RC5
    WordPress 1.5.1.3
    Nucleus CMS 3.21
    phpAdsNew 2.0.5
    phpPgAds 2.0.5

Drupal Arbitrary PHP Code Execution Vulnerability
http://www.securityfocus.com/bid/14110

Mambo Open Source Multiple Unspecified Injection Vulnerabilities
http://www.securityfocus.com/bid/14117

Mambo Open Source Session ID Spoofing Vulnerability
http://www.securityfocus.com/bid/14119

Mambo Open Source MosDBTable Class Unspecified Vulnerability
http://www.securityfocus.com/bid/14120

Xoops XMLRPC Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/14094

Xoops Multiple Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/14096

PHP-Fusion SUBMIT.PHP HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/14066

Mensajeitor IP Parameter HTML Injection Vulnerability
http://www.securityfocus.com/bid/14071

WebCalendar Assistant_Edit.PHP Unauthorized Access Vulnerability
http://www.securityfocus.com/bid/14072

UBBDesign JCDex Lite Index.PHP Remote File Include Vulnerability
http://www.securityfocus.com/bid/14081

PHPBB Viewtopic.PHP Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/14086

Comdev eCommerce Review Form HTML Injection Vulnerability
http://www.securityfocus.com/bid/14107

Pavsta Auto Site SitePath Remote File Include Vulnerability
http://www.securityfocus.com/bid/14108

Comdev eCommerce Index.PHP Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/14109

OSTicket Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/14127

RaXnet Cacti Input Filter Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/14128

RaXnet Cacti Graph_Image.PHP Remote Command Execution Variant 
Vulnerability
http://www.securityfocus.com/bid/14129

RaXnet Cacti Config.PHP Design Error Vulnerability
http://www.securityfocus.com/bid/14130


RELATED STUFF
-------------
Apache HTTP Request Smuggling Vulnerability
http://www.securityfocus.com/bid/14106

-- 
 T H E   A N A L Y S I S   A N D   S O L U T I O N S   C O M P A N Y
            data intensive web and database programming
                http://www.AnalysisAndSolutions.com/
 4015 7th Ave #4, Brooklyn NY 11232  v: 718-854-0335 f: 718-854-0409

More information about the talk mailing list