[nycphp-talk] PHP in SecurityFocus #362

Daniel Convissor danielc at
Sun Sep 24 05:54:27 EDT 2006

These summaries are available online

Alerts from SecurityFocus Newsletter #362

PHP SSCANF() Safe_Mode Restriction-Bypass Vulnerability
This is fixed in 5.1.5 and 4.4.4.

Netious CMS Authorization Bypass Vulnerability

MyBloggie Trackback.PHP Multiple SQL Injection Vulnerabilities

PHPCodeCabinet Core.PHP Remote File Include Vulnerability

VBulletin Multiple Cross-Site Scripting Vulnerabilities

Tinyportal Guestbook Multiple HTML Injection Vulnerabilities

O2PHP Oxygen Post.PHP SQL Injection Vulnerability

PHPPrintAnalyzer Index.php Remote File Include Vulnerability

Visual Events Calendar Calendar.PHP Remote File Include Vulnerability

Blur6ex Title HTML Injection Vulnerability

Simple CMS Auth.PHP Remote Authentication Bypass Vulnerability

DeluxeBB Newpost.PHP Cross-Site Scripting Vulnerability

Torbstoff News News.PHP Remote File Include Vulnerability

PHPCC Base_Dir Parameter Remote File Include Vulnerability

TurnkeyWebTools PHP Simple Shop Multiple Remote File Include Vulnerabilities

NewSolved ABS_Path Parameter Remote File Include Vulnerability

XennoBB Profile.PHP Multiple SQL Injection Vulnerabilities

CakePHP Error.PHP Multiple Cross-Site Scripting Vulnerabilities

JD Wiki For Joomla Main.PHP Remote File Include Vulnerability

phNNTP File_newsportal Remote File Include Vulnerability

Netious CMS Username Parameter SQL Injection Vulnerability

Simplog Archive.PHP Cross-Site Scripting Vulnerability

The Address Book Login Page Multiple SQL Injection Vulnerabilities

The Address Book Reloaded Unspecified Multiple SQL Injection Vulnerabilities

Multiple SAPID Products Multiple Remote File Include Vulnerabilities

 MySQL MERGE Priviledge Revoke Bypass Vulnerability
The issue allows continued access to MERGE tables if privileges on the
original table subsequently got revoked. Upgrade to 5.0.24 or 4.1.21
for the fix.

Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability in LDAP scheme handling
This is fixed in 1.3.37, 2.0.59, 2.2.3.

More information about the talk mailing list