NYCPHP Meetup

[Daniel Convissor]

These summaries are available online
RSS:  http://phpsec.org/projects/vulnerabilities/securityfocus.xml
HTML: http://phpsec.org/projects/vulnerabilities/securityfocus.html

Alerts from SecurityFocus Newsletter #323

PHP
---
PHP Parse_Str Register_Globals Activation Weakness
http://www.securityfocus.com/bid/15249
This matter was fixed in CVS on September 29. Upgrade to PHP 4.4.1 or
5.1.0-RC2. For PHP 5.0.x, compile from updated sources.

PHP File Upload GLOBAL Variable Overwrite Vulnerability
http://www.securityfocus.com/bid/15250
This matter was fixed in CVS on September 29. Upgrade to PHP 4.4.1 or
5.1.0-RC2. For PHP 5.0.x, compile from updated sources.

PHP PHPInfo Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/15248
This issue was addressed in CVS on August 15. Upgade to PHP 4.4.1,
5.0.5 or 5.1.0-RC1. But people who are security conscious don't have
phpinfo() output laying around in the first place, RIGHT?


APPLICATIONS USING PHP
----------------------
PHPBB Global Variable Deregistration Bypass Vulnerabilities
http://www.securityfocus.com/bid/15243

PHPBB Multiple Unspecified Vulnerabilities
http://www.securityfocus.com/bid/15246

Invision Gallery Index.PHP SQL Injection Vulnerability
http://www.securityfocus.com/bid/15240

Invision Gallery Image Upload HTML Injection Vulnerability
http://www.securityfocus.com/bid/15286

MG2 Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/15235

PHP Advanced Transfer Manager Remote Unauthorized Access Vulnerability
http://www.securityfocus.com/bid/15237

Subdreamer Multiple Remote SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/15238

PHPCafe Tutorial Manager Index.PHP SQL Injection Vulnerability
http://www.securityfocus.com/bid/15244

OaBoard Forum.PHP Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/15245

Belchior Foundry vCard Pro Addrbook.PHP SQL Injection Vulnerability
http://www.securityfocus.com/bid/15254

EyeOS Desktop.PHP HTML Injection Vulnerability
http://www.securityfocus.com/bid/15255

EyeOS User And Password Information Disclosure Vulnerability
http://www.securityfocus.com/bid/15256

VUBB Index.PHP Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/15260

XMB Forum Post.PHP SQL Injection Vulnerability
http://www.securityfocus.com/bid/15267

News2Net Index.PHP SQL Injection Vulnerability
http://www.securityfocus.com/bid/15274

phpWebThings Forum.PHP Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/15276

PHPWebThing Forum.PHP SQL Injection Vulnerability
http://www.securityfocus.com/bid/15277

Simple PHP Blog Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/15283

PHP Handicapper Multiple Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/15294

PHP Handicapper Process_signup.PHP SQL Injection Vulnerability
http://www.securityfocus.com/bid/15298

PHP Handicapper Process_signup.PHP HTTP Response Splitting Vulnerability
http://www.securityfocus.com/bid/15301

CutePHP CuteNews Directory Traversal Vulnerability
http://www.securityfocus.com/bid/15295

vBulletin Image Upload HTML Injection Vulnerability
http://www.securityfocus.com/bid/15296

Movable Type Blog Entry Posting HTML Injection Vulnerability
http://www.securityfocus.com/bid/15305

Galerie ShowGallery.PHP SQL Injection Vulnerability
http://www.securityfocus.com/bid/15313

PunBB/Blog:CMS Image Upload HTML Injection Vulnerability
http://www.securityfocus.com/bid/15322

JPortal Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/15324

PunBB/BLOG:CMS Origin Spoofing Vulnerability
http://www.securityfocus.com/bid/15326

PunBB/BLOG:CMS Unspecified Information Disclosure Vulnerability
http://www.securityfocus.com/bid/15328

ibProArcade User ID SQL Injection Vulnerability
http://www.securityfocus.com/bid/15333