NYCPHP Meetup

[Daniel Convissor]

These summaries are available online
RSS:  http://phpsec.org/projects/vulnerabilities/securityfocus.xml
HTML: http://phpsec.org/projects/vulnerabilities/securityfocus.html

Alerts from SecurityFocus Newsletter #321

PHP
---
PHP Safedir Restriction Bypass Vulnerabilities
http://www.securityfocus.com/bid/15119
This report is a bit off base.  The reporter calls it
"safedir" when they probably mean "safe_mode" and
these issues were already raised in SF report 14957. That aside, these
issues are fixed in the upcoming 4.4.1 and 5.0.6 releases of PHP.


APPLICATIONS USING PHP
----------------------
phpMyAdmin Theme Variable Local File Inclusion Vulnerability
http://www.securityfocus.com/bid/15169

PHPNuke Modules.PHP Search Module Remote Directory Traversal Vulnerability
http://www.securityfocus.com/bid/15137

PHP-Nuke Modules.PHP NukeFixes Addon Remote Directory Traversal Vulnerability
http://www.securityfocus.com/bid/15150

phpBB Avatar Upload HTML Injection Vulnerability
http://www.securityfocus.com/bid/15170

E107 Resetcore.PHP SQL Injection Vulnerability
http://www.securityfocus.com/bid/15125

MySource Multiple Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/15132

MySource Multiple Remote File Include Vulnerabilities
http://www.securityfocus.com/bid/15133

Chipmunk Multiple Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/15149

Splatt Forums Remote Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/15152

AL-Caricatier SS.PHP Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/15162

TikiWiki Unspecified Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/15164

Nuked Klan Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/15166

Zomplog Detail.PHP HTML Injection Vulnerability
http://www.securityfocus.com/bid/15168

FlatNuke Index.PHP Multiple Remote File Include Vulnerabilities
http://www.securityfocus.com/bid/15172