NYCPHP Meetup

NYPHP.org

[nycphp-talk] PHP in SecurityFocus #366

Daniel Convissor danielc at analysisandsolutions.com
Sun Sep 24 05:54:29 EDT 2006 

These summaries are available online
RSS:  http://phpsec.org/projects/vulnerabilities/securityfocus.xml
HTML: http://phpsec.org/projects/vulnerabilities/securityfocus.html

Alerts from SecurityFocus Newsletter #366

The RSA signature forgery issue sounds problematic...

APPLICATIONS USING PHP
----------------------
Joomla! Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/19749

PhpGroupWare Calendar Class.Holidaycalc.Inc.PHP Local File Include Vulnerability
http://www.securityfocus.com/bid/19751

Gallery Stats Module Information Disclosure Vulnerability
http://www.securityfocus.com/bid/19453

IntegraMOD PHPbb_Root_Path Multiple Remote File Include Vulnerabilities
http://www.securityfocus.com/bid/19809

Membrepass Multiple Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/19789

 Membrepass Recherchemembre.PHP SQL Injection Vulnerability
http://www.securityfocus.com/bid/19791

Membrepass Variable.PHP Remote File Include Vulnerability
http://www.securityfocus.com/bid/19790

E-vision CMS Path Parameter Multiple Remote File Include Vulnerabilities
http://www.securityfocus.com/bid/19788

ExBB Home_Path Parameter Multiple Remote File Include Vulnerabilities
http://www.securityfocus.com/bid/19787

PortailPHP Mod_PHPAlbum Sommaire_Admin.PHP Remote File Include Vulnerability
http://www.securityfocus.com/bid/19750

CubeCart Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/19782

Graphiks GrapAgenda Index.PHP Remote File Include Vulnerability
http://www.securityfocus.com/bid/19857

AnnoncesV Annonce.PHP Remote File Include Vulnerability
http://www.securityfocus.com/bid/19854

MySpeach JScript.PHP Remote File Include Vulnerability
http://www.securityfocus.com/bid/19851

ToendaCMS Remote File Include Vulnerability
http://www.securityfocus.com/bid/19806

Papoo CMS IBrowser Remote File Include Vulnerability
http://www.securityfocus.com/bid/19807

VBZoom Profile.PHP Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/19803

YACS Multiple Remote File Include Vulnerabilities
http://www.securityfocus.com/bid/19799

Xoops Edituser.PHP SQL Injection Vulnerability
http://www.securityfocus.com/bid/19720


RELATED STUFF
-------------
OpenSSL PKCS Padding RSA Signature Forgery Vulnerability
http://www.securityfocus.com/bid/19849
Attackers may be able to forge a PKCS #1 v1.5 signature when an RSA
key with exponent 3 is used. This is fixed in OpenSSL 0.9.7k and
0.9.8c.

MySQL Multiupdate and Subselects Denial Of Service Vulnerability
http://www.securityfocus.com/bid/19794
For some reason this is the first time this very old issue made it
into the SF newsletters.

More information about the talk mailing list
Automatic Email Organization without missing anything!