NYCPHP Meetup

[Daniel Convissor]

Alerts from SecurityFocus Newsletter #320

APPLICATIONS USING PHP
----------------------
PHPMyAdmin Local File Include Vulnerability
http://www.securityfocus.com/bid/15053
Upgrade to phpMyAdmin 2.6.4-pl3 or newer.

VersatileBulletinBoard Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/15068

VersatileBulletinBoard Multiple Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/15073

VersatileBulletinBoard Information Disclosure Vulnerability
http://www.securityfocus.com/bid/15075

PHP Advanced Transfer Manager Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/15074

Zeroblog Thread.PHP Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/15078

Xeobook Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/15086

PHPWebSite Search Module SQL Injection Vulnerability
http://www.securityfocus.com/bid/15088

Yapig View.PHP Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/15092

YaPig Homepage Form Field HTML Injection Vulnerability
http://www.securityfocus.com/bid/15095

Gallery Main.PHP Directory Traversal Vulnerability
http://www.securityfocus.com/bid/15108

W-Agora Multiple Arbitrary PHP Code Injection Vulnerabilities
http://www.securityfocus.com/bid/15110

Complete PHP Counter SQL Injection Vulnerability
http://www.securityfocus.com/bid/15111

Complete PHP Counter Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/15112

PunBB Search.PHP SQL Injection Vulnerability
http://www.securityfocus.com/bid/15114


RELATED STUFF
-------------
OpenSSL Insecure Protocol Negotiation Weakness
http://www.securityfocus.com/bid/15071
Upgrade to 0.9.7h or 0.9.8a

Multiple Vendor WGet/Curl NTLM Username Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/15102
curl and libcurl: <= 7.10.5 and >= 7.15.0 are not affected or
fixed.<br />Wget: upgrade to 1.10.2.