NYCPHP Meetup

NYPHP.org

[nycphp-talk] PHP in SecurityFocus #346

Daniel Convissor danielc at analysisandsolutions.com
Sun Apr 23 23:00:13 EDT 2006 

These summaries are available online
RSS:  http://phpsec.org/projects/vulnerabilities/securityfocus.xml
HTML: http://phpsec.org/projects/vulnerabilities/securityfocus.html

Alerts from SecurityFocus Newsletter #346

This week brings many issues in PHP applications.  More importantly,
you better upgrade your Mozilla programs!

APPLICATIONS USING PHP
----------------------
MODxCMS Index.PHP Directory Traversal Vulnerability
http://www.securityfocus.com/bid/17533

MODxCMS Index.PHP Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/17532

AWebBB Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/17352

Papoo Print.PHP Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/17530

LifeType Index.PHP Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/17529

Simplog Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/17491

Simplog Remote File Include Vulnerability
http://www.securityfocus.com/bid/17490

Simplog Login.PHP Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/17493

PowerClan Member.PHP SQL Injection Vulnerability
http://www.securityfocus.com/bid/17528

RedCMS Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/17336

PlanetSearch + Planetsearchplus.PHP Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/17527

AR-Blog Print.PHP Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/17522

Warforge.NEWS Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/17520

FlexBB Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/17574

FlexBB Index.PHP SQL Injection Vulnerability
http://www.securityfocus.com/bid/17568

FlexBB Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/17539

MD News Admin.PHP SQL Injection Vulnerability
http://www.securityfocus.com/bid/17394

Serendipity Blog Config.PHP Script Injection Vulnerability
http://www.securityfocus.com/bid/17566

Coppermine Index.PHP Local File Include Vulnerability
http://www.securityfocus.com/bid/17570

MyBB Global Variable Overwrite Vulnerability
http://www.securityfocus.com/bid/17564

Jax Guestbook Jax_guestbook.PHP Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/17560

Calendarix YearCal.PHP Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/17562

BoastMachine Search.PHP Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/17550

DbbS Topics.PHP SQL Injection Vulnerability
http://www.securityfocus.com/bid/17338

DbbS Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/17559

PHPWebFTP Index.PHP Directory Traversal Vulnerability
http://www.securityfocus.com/bid/17557

BetaBoard User Profile HTML Injection Vulnerability
http://www.securityfocus.com/bid/17556

Blursoft Blur6ex Index.PHP Local File Include Vulnerability
http://www.securityfocus.com/bid/17554

BlackOrpheus Member.PHP SQL Injection Vulnerability
http://www.securityfocus.com/bid/17558

Neuron Blog Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/17552

TinyPHPForum Multiple Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/17553

Monster Top List Functions.PHP Remote File Include Vulnerability
http://www.securityfocus.com/bid/17546

Boardsolution Index.PHP Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/17549

ShoutBOOK Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/17548

myEvent Multiple Remote File Include Vulnerabilities
http://www.securityfocus.com/bid/17575

myEvent Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/17580

MusicBox Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/17545

Snipe Gallery Multiple Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/17543

Snipe Gallery Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/15844

PHPGraphy Index.PHP Unauthorized Access Vulnerability
http://www.securityfocus.com/bid/17567

phpFaber TopSites Index.PHP Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/17542

PHPLister Index.PHP Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/17591

RechnungsZentrale V2 Authent.PHP4 Remote File Include Vulnerability
http://www.securityfocus.com/bid/17589

RechnungsZentrale V2 Authent.PHP4 SQL Injection Vulnerability
http://www.securityfocus.com/bid/17588

phpLinks Index.PHP Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/17586

PHPGuestbook HTML Injection Vulnerability
http://www.securityfocus.com/bid/17537

Tiny Web Gallery Index.PHP Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/17536

FarsiNews Search.PHP Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/17534


RELATED STUFF
-------------
Mozilla Suite, Firefox, SeaMonkey, and Thunderbird Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/17516
These problems have been fixed in the following versions:
Firefox versions 1.0.8 and 1.5.0.2
Thunderbird versions 1.0.8 and 1.5.0.2
Mozilla Suite version 1.7.13
SeaMonkey version 1.0.1

More information about the talk mailing list