NYCPHP Meetup

[Daniel Convissor]

Alerts from SecurityFocus Newsletter #318

PHP
---
PHP Open_BaseDir Security Restriction Bypass Vulnerability
http://www.securityfocus.com/bid/14957
This bug (http://bugs.php.net/32937) was fixed in CVS on 2005-09-27
(http://cvs.php.net/php-src/main/fopen_wrappers.c).


APPLICATIONS USING PHP
----------------------
AlstraSoft E-Friends Remote File Include Vulnerability
http://www.securityfocus.com/bid/14932

UNU Networks MailGust User_email.PHP SQL Injection Vulnerability
http://www.securityfocus.com/bid/14933

SEO-Board Admin.PHP SQL Injection Vulnerability
http://www.securityfocus.com/bid/14936

CMS Made Simple Index.PHP Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/14937

Riverdark RSS Syndicator Module RSS.PHP Multiple Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/14940

LucidCMS Index.PHP Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/14951

CJ LinkOut Top.PHP Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/14953

CJ Tag Board Multiple Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/14954

CJ Web2Mail Multiple Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/14956

PostNuke PN_BBCode Local File Include Vulnerability
http://www.securityfocus.com/bid/14958

CubeCart Multiple Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/14962

PHP-Fusion Messages.PHP SQL Injection Vulnerability
http://www.securityfocus.com/bid/14964

SquirrelMail Address Add Plugin Add.PHP Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/14973

EasyGuppy Printfaq.PHP Directory Traversal Vulnerability
http://www.securityfocus.com/bid/14984

MediaWiki Multiple Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/14987

PHP-Fusion Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/14992