NYCPHP Meetup

[Daniel Convissor]

These summaries are available online
RSS:  http://phpsec.org/projects/vulnerabilities/securityfocus.xml
HTML: http://phpsec.org/projects/vulnerabilities/securityfocus.html

Alerts from SecurityFocus Newsletter #344

PHP
---
PHP PHPInfo Large Input Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/17362
This was fixed in CVS on March 30, so should show up in PHP 5.1.3 when
it's released.


APPLICATIONS USING PHP
----------------------
PHPBB Profile.PHP Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/17355

Horde MIME Viewer Inline Attachment HTML Injection Vulnerability
http://www.securityfocus.com/bid/15535

Esqlanelapse Unspecified Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/17331

Mon Album Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/17327

Mantis View_All_Set.PHP Multiple Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/17326

Horde Help Viewer Remote PHP Code Execution Vulnerability
http://www.securityfocus.com/bid/17292

O2PHP Oxygen Post.PHP SQL Injection Vulnerability
http://www.securityfocus.com/bid/17324

MediaSlash Gallery Index.PHP Remote File Include Vulnerability
http://www.securityfocus.com/bid/17323

VNews Multiple Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/17317

VNews Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/17316

VBook Index.PHP SQL Injection Vulnerability
http://www.securityfocus.com/bid/17320

VBook Multiple Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/17319

VWar Functions_Admin.PHP Remote File Include Vulnerability
http://www.securityfocus.com/bid/17315

VWar Get_header.PHP Remote File Include Vulnerability
http://www.securityfocus.com/bid/17358

X-Changer Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/17322

PHPNewsManager Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/17301

PHPNuke-Clan Functions_Common.PHP Remote File Include Vulnerability
http://www.securityfocus.com/bid/17356

AngelineCMS Loadkernel.PHP Remote File Include Vulnerability
http://www.securityfocus.com/bid/17371

MyBulletinBoard Email BBCode Tag HTML Injection Vulnerability
http://www.securityfocus.com/bid/17368

LucidCMS Index.PHP Multiple Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/17360

WebAPP Multiple Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/17359

Exponent CMS Banner Module Arbitrary Script Execution Vulnerability
http://www.securityfocus.com/bid/17357

Basic Analysis and Security Engine Base_maintenance.PHP Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/17354

ReloadCMS User-Agent HTML Injection Vulnerability
http://www.securityfocus.com/bid/17353

PHPSelect Submit-A-Link HTML Injection Vulnerability
http://www.securityfocus.com/bid/17348

Blank'N'Berg Directory Traversal Vulnerability
http://www.securityfocus.com/bid/17345

Blank'N'Berg Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/17346

Claroline Rqmkhtml.PHP Information Disclosure Vulnerability
http://www.securityfocus.com/bid/17343

Claroline RQMKHTML.PHP Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/17344

Claroline ScormExport.inc.PHP File Include Vulnerability
http://www.securityfocus.com/bid/17341

RedCMS Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/17336

Softbiz Image Gallery Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/17339

DbbS Topics.PHP SQL Injection Vulnerability
http://www.securityfocus.com/bid/17338

Warcraft III Replay Parser for PHP Index.PHP Remote File Include Vulnerability
http://www.securityfocus.com/bid/17334

V-creator Remote Shell Code Execution Vulnerability
http://www.securityfocus.com/bid/17328

QLnews Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/17335

qliteNews Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/17333

GTD-PHP Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/17366


RELATED STUFF
-------------
Apache Struts Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/17342