[nycphp-talk] PHP in SecurityFocus #367
Daniel Convissor
danielc at analysisandsolutions.com
Sun Sep 24 05:54:29 EDT 2006
These summaries are available online
RSS: http://phpsec.org/projects/vulnerabilities/securityfocus.xml
HTML: http://phpsec.org/projects/vulnerabilities/securityfocus.html
Alerts from SecurityFocus Newsletter #367
RSA key forgeries and Flash vulnerabilities are in the news this week.
APPLICATIONS USING PHP
----------------------
Drupal Userreview Module Unspecified Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/20015
Mambo Serverstat Component Install.Serverstat.PHP Remote File Include Vulnerability
http://www.securityfocus.com/bid/20018
Quicksilver Forums Activeutil.PHP Remote File Include Vulnerability
http://www.securityfocus.com/bid/19991
ForumJBC Haut.PHP Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/19992
WM-News Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/19988
Vitrax Premodded Functions_Portal.PHP Remote File Include Vulnerability
http://www.securityfocus.com/bid/19979
CCHost Index.PHP SQL Injection Vulnerability
http://www.securityfocus.com/bid/19978
WebSPELL Database.PHP Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/19975
Ractive Popper Childwindow.Inc.PHP Remote File Include Vulnerability
http://www.securityfocus.com/bid/19972
TeamCal Pro Footer.HTML.Inc.PHP Remote File Include Vulnerability
http://www.securityfocus.com/bid/20030
DCP-Portal Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/20024
Tagger LE Multiple PHP Code Injection Vulnerabilities
http://www.securityfocus.com/bid/20023
PHPATM Multiple Remote File Include Vulnerabilities
http://www.securityfocus.com/bid/19765
PHPQuiz Index.PHP Remote File Include Vulnerability
http://www.securityfocus.com/bid/20019
ActiveCampaign KnowledgeBuilder Remote File Include Vulnerability
http://www.securityfocus.com/bid/20020
Reamday Enterprises Magic News Pro News_page.PHP Remote File Include Vulnerability
http://www.securityfocus.com/bid/20014
EmuCMS Index.PHP Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/20013
NX5Linkx Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/20010
NX5Linkx Links.PHP HTTP Response Splitting Vulnerability
http://www.securityfocus.com/bid/20011
NX5Linkx Link.PHP Directory Traversal Vulnerability
http://www.securityfocus.com/bid/20008
Vmist Downstat Remote File Include Vulnerabilities
http://www.securityfocus.com/bid/20007
Shadowed Portal Bottom.PHP Remote File Include Vulnerability
http://www.securityfocus.com/bid/20006
DokuWiki Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/19911
e107 CMS Multiple Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/19997
CJ Tag Board Tag.PHP Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/20000
Telekorn Signkorn Guestbook Dir_Path Multiple Remote File Include Vulnerabilities
http://www.securityfocus.com/bid/19977
PHP Event Calendar Index.PHP Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/20001
Moodle Multiple Input Validation and Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/19995
K2News Management Ratings.PHP Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/19994
PhotoPost Pro Zipndownload.PHP Remote File Include Vulnerability
http://www.securityfocus.com/bid/20028
PHPUnity.Postcard PHPUnity-Postcard.PHP Remote File Include Vulnerability
http://www.securityfocus.com/bid/19993
RELATED STUFF
-------------
Adobe Flash Player Multiple Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/19980
Versions 8.0.24.0 and 9.0.16.0 fix this problem.
GNUTLS PKCS RSA Signature Forgery Vulnerability
http://www.securityfocus.com/bid/20027
Attackers may be able to forge a PKCS #1 v1.5 signature when an RSA
key with exponent 3 is used. GnuTLS 1.4.3 takes care of this issue.
More information about the talk
mailing list