NYCPHP Meetup

NYPHP.org

[nycphp-talk] PHP in SecurityFocus #322

Daniel Convissor danielc at analysisandsolutions.com
Sat Nov 19 09:56:23 EST 2005 

These summaries are available online
RSS:  http://phpsec.org/projects/vulnerabilities/securityfocus.xml
HTML: http://phpsec.org/projects/vulnerabilities/securityfocus.html

Alerts from SecurityFocus Newsletter #322

PHP
---
PHP Apache 2 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/15177
This SF report says the matter has been resolved in 4.4.1.  But
looking at the CVS log messages at
http://cvs.php.net/php-src/sapi/apache2handler/sapi_apache2.c one can
see that further important fixes for this SAPI were implemented on 18
Nov 2005 which have yet to be incorporated into an official release.


APPLICATIONS USING PHP
----------------------
phpMyAdmin Theme Variable Local File Inclusion Vulnerability
http://www.securityfocus.com/bid/15169

phpBB Avatar Upload HTML Injection Vulnerability
http://www.securityfocus.com/bid/15170

PHPNuke Multiple Modules SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/15178

PunBB Common.PHP Remote File Include Vulnerability
http://www.securityfocus.com/bid/15175

Nuked Klan Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/15181

FlatNuke Index.PHP Multiple Remote File Include Vulnerabilities
http://www.securityfocus.com/bid/15172

FlatNuke Index.PHP Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/15176

TriggerTG TClanPortal Index.PHP SQL Injection Vulnerability
http://www.securityfocus.com/bid/15173

Platinum DBoardGear Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/15174

Platinum DBoardGear Theme Import SQL Injection Vulnerability
http://www.securityfocus.com/bid/15194

Zomplog Detail.PHP HTML Injection Vulnerability
http://www.securityfocus.com/bid/15168

DCP-Portal Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/15183

SAPHP Lesson Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/15185

PHP-Fusion Message Post HTML Injection Vulnerability
http://www.securityfocus.com/bid/15187

PHP ICalendar Default_View Remote File Include Vulnerability
http://www.securityfocus.com/bid/15193

XOOPS Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/15195

Basic Analysis And Security Engine Base_qry_main.PHP SQL Injection Vulnerability
http://www.securityfocus.com/bid/15199

AR-Blog Comment HTML Injection Vulnerability
http://www.securityfocus.com/bid/15201

AR-Blog Remote Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/15203

SparkleBlog Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/15202

MyBulletinBoard Usercp.PHP SQL Injection Vulnerability
http://www.securityfocus.com/bid/15204

IPBProArcade GameID Parameter Remote SQL Injection Vulnerability
http://www.securityfocus.com/bid/15205

Belchior Foundry VCard Remote File Include Vulnerability
http://www.securityfocus.com/bid/15207

Flyspray Multiple Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/15209

Mantis Multiple Unspecified SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/15210

Mantis Bug_sponsorship_list_view_inc.PHP File Include Vulnerability
http://www.securityfocus.com/bid/15212

Mantis Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/15227

Woltlab Info-DB Info_db.PHP Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/15214

GCards News.PHP SQL Injection Vulnerability
http://www.securityfocus.com/bid/15216

Search Enhanced Module for PHP-Nuke HTML Injection Vulnerability
http://www.securityfocus.com/bid/15218

ATutor Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/15221

PBLang Multiple Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/15223

PHPESP Multiple Unspecified Input Validation Vulnerabilities
http://www.securityfocus.com/bid/15232

MG2 Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/15235

PHP Advanced Transfer Manager Remote Unauthorized Access Vulnerability
http://www.securityfocus.com/bid/15237

Subdreamer Multiple Remote SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/15238


RELATED STUFF
-------------
Apache Mod_Auth_Shadow Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/15224


ITEMS OF INTEREST FROM OTHER SOURCES
------------------------------------
PEAR HTML_Form Cross-Site Scripting and Remote Code Injection Vulnerabilities
http://www.securityfocus.com/bid/
Release 1.3.0 of PEAR's HTML_Form package contains important security
fixes.

More information about the talk mailing list