NYCPHP Meetup

NYPHP.org

[nycphp-talk] PHP in SecurityFocus #339

Daniel Convissor danielc at analysisandsolutions.com
Sun Mar 26 19:27:22 EST 2006 

These summaries are available online
RSS:  http://phpsec.org/projects/vulnerabilities/securityfocus.xml
HTML: http://phpsec.org/projects/vulnerabilities/securityfocus.html

Alerts from SecurityFocus Newsletter #339

APPLICATIONS USING PHP
----------------------
EZ Publish ImageCatalogue Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/16817

Mambo Open Source Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/16775

PHP-Nuke Mainfile.PHP SQL Injection Vulnerability
http://www.securityfocus.com/bid/16831

PHP PEAR::Archive_Tar Remote Directory Traversal Vulnerability
http://www.securityfocus.com/bid/16805

iGenus WebMail Config_Inc.PHP Remote File Include Vulnerability
http://www.securityfocus.com/bid/16829

DCI-Taskeen Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/16828

PHPWebSite Topics.PHP SQL Injection Vulnerability
http://www.securityfocus.com/bid/16825

SPiD Scan_Lang_Insert.PHP Local File Include Vulnerability
http://www.securityfocus.com/bid/16822

CubeCart Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/16796

NOCC Webmail Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/16793

PHPLIB Unspecified Code Execution Vulnerability
http://www.securityfocus.com/bid/16801

MyPHPNuke Multiple Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/16815

DEV Web Management System HTML Injection Vulnerability
http://www.securityfocus.com/bid/16812

JGS-Gallery Module Multiple Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/16810

PwsPHP Index.PHP SQL Injection Vulnerability
http://www.securityfocus.com/bid/16567

4images Index.PHP Remote File Include Vulnerability
http://www.securityfocus.com/bid/16855

Archangel Weblog Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/16848

Woltlab Burning Board Multiple Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/16843

Fantastic Scripts Fantastic News SQL Injection Vulnerability
http://www.securityfocus.com/bid/16842

Lansuite Board Module SQL Injection Vulnerability
http://www.securityfocus.com/bid/16836

PHPRPC Library Remote Code Execution Vulnerability   
http://www.securityfocus.com/bid/16833
Other projects relying on this library, such as RunCMS, are probably
affected by this problem.

PHPX XCode Tag HTML Injection Vulnerability
http://www.securityfocus.com/bid/16799

D3Jeeb Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/16853


RELATED STUFF
-------------
MySQL Query Logging Bypass Vulnerability
http://www.securityfocus.com/bid/16850
Using the NULL character causes query logging to fail.  For example:
mysql_query('/*'.chr(0).'*/ SELECT * FROM table');

More information about the talk mailing list