[nycphp-talk] PHP in SecurityFocus #335
Daniel Convissor
danielc at analysisandsolutions.com
Sat Feb 4 14:56:22 EST 2006
These summaries are available online
RSS: http://phpsec.org/projects/vulnerabilities/securityfocus.xml
HTML: http://phpsec.org/projects/vulnerabilities/securityfocus.html
Alerts from SecurityFocus Newsletter #335
Please take a careful look at this issue. There are several serious
vulnerabilities in the PHP and many important open source
applications including Firefox, OpenSSL, OpenSSH, mod_ssl, MySQL,
bzip2, Drupal, the TCP protocol and several Adobe products.
PHP
---
PHP Parse_Str Register_Globals Activation Weakness
http://www.securityfocus.com/bid/15249
This is very troubling. Attackers can turn on register_globals by
overwriting memory. If the site running via mod_php, register_globals
will then stay on until Apache is restarted. PHP 5.1 and 4.4.1 contain
the necessary fixes.
PHP File Upload GLOBAL Variable Overwrite Vulnerability
http://www.securityfocus.com/bid/15250
This dangerous issue allows the GLOBAL super-global to be overwritten
via POST (and I assume GET) data. It has been resolved by changes in
5.1 and 4.4.1.
PHP PHPInfo Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/15248
This isn't a big deal since nobody exposes the output of phpinfo() to
the public, right? :)
APPLICATIONS USING PHP
----------------------
Ashwebstudio Ashnews Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/16426
Nuked-klaN Index.PHP Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/16424
CRE Loaded Files.PHP Access Validation Vulnerability
http://www.securityfocus.com/bid/16415
sPaiz-Nuke Modules.PHP Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/16412
Drupal Image Upload HTML Injection Vulnerability
http://www.securityfocus.com/bid/15663
This is old news, having been addressed in prior releases: 4.6.4 and
4.5.6.
Drupal View User Profile Authorization Bypass Vulnerability
http://www.securityfocus.com/bid/15674
This too is old news, addressed in prior releases: 4.6.4 and 4.5.6.
Drupal Submitted Content HTML Injection Vulnerability
http://www.securityfocus.com/bid/15677
Yet another problem fixed in prior releases: 4.6.4 and 4.5.6.
Invision Power Board Portal Plugin Index.PHP SQL Injection Vulnerability
http://www.securityfocus.com/bid/16447
Calendarix Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/16456
SZUserMgnt Username Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/16454
FarsiNews Loginout.PHP Remote File Include Vulnerability
http://www.securityfocus.com/bid/16440
EasyCMS Multiple Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/16430
phpBB Rlink Module Rlink.PHP Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/16448
PunctWeb MyCO Name Field HTML Injection Vulnerability
http://www.securityfocus.com/bid/16444
MyBB Index.PHP Referrer Cookie SQL Injection Vulnerability
http://www.securityfocus.com/bid/16443
Cerberus Helpdesk Clients.PHP Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/16439
AshWebStudio AshNews Remote File Include Vulnerability
http://www.securityfocus.com/bid/16436
BrowserCRM Results.PHP Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/16435
Edgewall Software Trac HTML WikiProcessor Wiki Content HTML Injection Vulnerability
http://www.securityfocus.com/bid/16198
Edgewall Software Trac Search Module SQL Injection Vulnerability
http://www.securityfocus.com/bid/15720
PmWiki Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/16421
Phpclanwebsite Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/16391
Phpclanwebsite Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/16391
AZ Bulletin Board Post.PHP HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/16351
RELATED STUFF
-------------
Apache Mod_SSL Custom Error Document Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/16152
This only impacts Apache 2.x and has been fixed in version 2.0.55
OpenSSH SCP Shell Command Execution Vulnerability
http://www.securityfocus.com/bid/16369
Changes to version 4.3 resolve this issue.
OpenSSH GSSAPI Credential Disclosure Vulnerability
http://www.securityfocus.com/bid/14729
This was addressed back in version 4.2.
OpenSSH DynamicForward Inadvertent GatewayPorts Activation Vulnerability
http://www.securityfocus.com/bid/14727
This was addressed back in version 4.2.
OpenSSL Insecure Protocol Negotiation Weakness
http://www.securityfocus.com/bid/15071
Upgrade to versions 0.9.8a or 0.9.7h.
Multiple Vendor TCP Timestamp PAWS Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/13676
Mozilla Firefox XBL -MOZ-BINDING Property Cross-Domain Scripting Vulnerability
http://www.securityfocus.com/bid/16427
BZip2 CHMod File Permission Modification Race Condition Weakness
http://www.securityfocus.com/bid/12954
MySQL mysql_install_db Insecure Temporary File Creation Vulnerability
http://www.securityfocus.com/bid/13660
This isn't that big a deal because proper server management restricts
the permissions necessary to successfully run the mysql_install_db
script.
ImageMagick File Name Handling Remote Format String Vulnerability
http://www.securityfocus.com/bid/12717
Adobe Multiple Unspecified Local Privilege Escalation Vulnerabilities
http://www.securityfocus.com/bid/16451
Microsoft Internet Explorer Dialog Manipulation Vulnerability
http://www.securityfocus.com/bid/15823
More information about the talk
mailing list