NYCPHP Meetup

[Daniel Convissor]

These summaries are available online
RSS:  http://phpsec.org/projects/vulnerabilities/securityfocus.xml
HTML: http://phpsec.org/projects/vulnerabilities/securityfocus.html

Alerts from SecurityFocus Newsletter #333

PHP
---
PHP MySQLI Error Logging Remote Format String Vulnerability
http://www.securityfocus.com/bid/16219
Upgrade to PHP 5.1.2

PHP 5 User-Supplied Session ID Input Validation Vulnerability
http://www.securityfocus.com/bid/16220
Upgrade to PHP 5.1.2


APPLICATIONS USING PHP
----------------------
Navboard Multiple BBCode Tag Script Injection Vulnerabilities
http://www.securityfocus.com/bid/16165

AppServ Open Project Remote File Include Vulnerability
http://www.securityfocus.com/bid/16166

427BB Showthread.PHP SQL Injection Vulnerability
http://www.securityfocus.com/bid/16169

427BB Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/16178

Foxrum Multiple BBCode Tag Script Injection Vulnerabilities
http://www.securityfocus.com/bid/16172

PHP PEAR Go-Pear.PHP Arbitrary Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/16174

SysCP WebFTP Module Local File Include Vulnerability
http://www.securityfocus.com/bid/16175

Venom Board Post.PHP3 Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/16176

PHPChamber Search_result.PHP Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/16180

Magic News Plus Administrator Password Change Vulnerability
http://www.securityfocus.com/bid/16182

Andromeda Andromeda.PHP Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/16183

Joomla Vcard Access Information Disclosure Vulnerability
http://www.securityfocus.com/bid/16185

PHPNuke EV Search Module SQL Injection Vulnerability
http://www.securityfocus.com/bid/16186

PHPNuke Multiple Modules IMG Tag HTML Injection Vulnerability
http://www.securityfocus.com/bid/16192

ADOdb Server.PHP SQL Injection Vulnerability
http://www.securityfocus.com/bid/16187

Xoops Pool Module IMG Tag HTML Injection Vulnerability
http://www.securityfocus.com/bid/16189

Trac HTML WikiProcessor Wiki Content HTML Injection Vulnerability
http://www.securityfocus.com/bid/16198

Orjinweb Index.PHP Remote File Include Vulnerability
http://www.securityfocus.com/bid/16199

CaLogic Calendars Add Event Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/16206

MyPhPim Addresses.PHP3 Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/16208

MyPhPim Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/16210

Interspire TrackPoint NX Index.PHP Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/16214

PHP Toolkit for PayPal IPN_success.PHP Logfile Injection Vulnerability
http://www.securityfocus.com/bid/16218

Wordcircle Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/16227

TankLogger General Functions Script SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/16228

Light Weight Calendar Index.PHP Remote Command Execution Vulnerability
http://www.securityfocus.com/bid/16229

MyBB Usercp.PHP SQL Injection Vulnerability
http://www.securityfocus.com/bid/16230

DCP Portal Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/16232

 AlstraSoft Template Seller Pro Fullview.PHP Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/16233

EZDatabase Remote PHP Script Code Execution Vulnerability
http://www.securityfocus.com/bid/16237