NYCPHP Meetup

[Daniel Convissor]

These summaries are available online
RSS:  http://phpsec.org/projects/vulnerabilities/securityfocus.xml
HTML: http://phpsec.org/projects/vulnerabilities/securityfocus.html

Alerts from SecurityFocus Newsletter #345

PHP
---
PHP Multiple Safe_Mode and Open_Basedir Restriction Bypass Vulnerabilities
http://www.securityfocus.com/bid/17439
This was fixed in CVS on April 6, so should show up in PHP 5.1.3.


APPLICATIONS USING PHP
----------------------
Gallery Unspecified Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/17437

Horde Help Viewer Remote PHP Code Execution Vulnerability
http://www.securityfocus.com/bid/17292

PHPWebGallery Multiple Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/17421

phpMyForum Index.PHP Multiple Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/17420

MyBulletinBoard Newthread.PHP HTML Injection Vulnerability
http://www.securityfocus.com/bid/17427

Clever Copy Connect.INC Information Disclosure Vulnerability
http://www.securityfocus.com/bid/17461

JetPhoto Multiple Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/17449

SIRE Lire.PHP Remote File Include Vulnerability
http://www.securityfocus.com/bid/17428

APT-webshop Modules.PHP Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/17425

SPIP Spip_login.PHP Remote File Include Vulnerability
http://www.securityfocus.com/bid/17423

JBook Index.PHP Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/17419

AWeb's Scripts Seller Buy.PHP Authorization Bypass Vulnerability
http://www.securityfocus.com/bid/17417

AWeb's Banner Generator Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/17416

PHPList Index.PHP Local File Include Vulnerability
http://www.securityfocus.com/bid/17429

Clansys Index.PHP SQL Injection Vulnerability
http://www.securityfocus.com/bid/17456

SmartISoft phpListPro Config.PHP Remote File Include Vulnerability
http://www.securityfocus.com/bid/17448

AzDGVote Remote File Include Vulnerability
http://www.securityfocus.com/bid/17447

XMB Forum Flash Video Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/17445

VWar Admin.PHP Remote File Include Vulnerability
http://www.securityfocus.com/bid/17443

ShopWeezle Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/17441

XBrite Members.PHP SQL Injection Vulnerability
http://www.securityfocus.com/bid/17424

Shadowed Portal Load.PHP Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/17430

SQuery LibPath Parameter Multiple Remote File Include Vulnerabilities
http://www.securityfocus.com/bid/17434

VegaDNS Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/17433

Design Nation DNGuestbook Admin.PHP SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/17435

SIRE Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/17431

Indexu Multiple Remote File Include Vulnerabilities
http://www.securityfocus.com/bid/17470

PHPKIT Include.PHP SQL Injection Vulnerability
http://www.securityfocus.com/bid/17467

Blursoft Blur6ex Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/17465

Dokeos Viewtopic.PHP SQL Injection Vulnerability
http://www.securityfocus.com/bid/17463

JBook Form.PHP SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/17458