NYCPHP Meetup

NYPHP.org

[nycphp-talk] PHP in SecurityFocus #368

Daniel Convissor danielc at analysisandsolutions.com
Sun Sep 24 05:54:30 EDT 2006 

These summaries are available online
RSS:  http://phpsec.org/projects/vulnerabilities/securityfocus.xml
HTML: http://phpsec.org/projects/vulnerabilities/securityfocus.html

Alerts from SecurityFocus Newsletter #368

gzip has several holes in it plus Mozilla has come out with new
editions.

APPLICATIONS USING PHP
----------------------
Mambo Hotornot Component Uploadfile.PHP Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/20077

Mambo Extended Registration Component mosConfig_absolute_path Remote File Include Vulnerability
http://www.securityfocus.com/bid/20072

Vikingboard Topic.PHP SQL Injection Vulnerability
http://www.securityfocus.com/bid/19919

Vikingboard Multiple Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/19916

PHPQuiz Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/20065

Artmedic Links Index.PHP Remote File Include Vulnerability
http://www.securityfocus.com/bid/20064

Aceboard Recherche.PHP Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/20063

PHP-Post Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/20061

Nuked-Klan Query Parameter Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/20032

Claroline Claro_Init_Local.Inc.PHP Remote File Include Vulnerability
http://www.securityfocus.com/bid/20056

Site at School Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/20053

AlstraSoft Efriends GetStartOptions.PHP Local File Include Vulnerability
http://www.securityfocus.com/bid/20088

EShoppingPro Search_Run.ASP SQL Injection Vulnerability
http://www.securityfocus.com/bid/20089

PhotoPost Pro Multiple Remote File Include Vulnerabilities
http://www.securityfocus.com/bid/20028

NixieAffiliate Delete.PHP Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/20086

Moodle Edit.PHP SQL Injection Vulnerability
http://www.securityfocus.com/bid/20085

NixieAffiliate Lostpassword.PHP Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/20084

PHP DocWriter Index.PHP Remote File Include Vulnerability
http://www.securityfocus.com/bid/20041

IDevSpot BizDirectory Multiple Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/20081

MyBulletinBoard Generic_Error.PHP Multiple Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/20079

MobilePublisherPHP Header.PHP Remote File Include Vulnerability
http://www.securityfocus.com/bid/20078

GuanxiCRM Business Solution PHPXD.PHP Remote File Include Vulnerability
http://www.securityfocus.com/bid/20071

UNAK-CMS Dirroot Parameter Remote File Include Vulnerability
http://www.securityfocus.com/bid/20070

GNUTurk T_ID Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/20069

AEDating Dir[INC] Parameter Remote File Include Vulnerability
http://www.securityfocus.com/bid/20068

Exponent CMS Index.PHP Local File Include Vulnerability
http://www.securityfocus.com/bid/20111

Qualiteam X-Cart CMPI.PHP Arbitrary Variable Overwrite Vulnerability
http://www.securityfocus.com/bid/20108

ESyndiCat Search.PHP Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/20106

MyReview Functions.PHP SQL Injection Vulnerability
http://www.securityfocus.com/bid/20105

Innovate Portal Index.PHP Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/20104

Simple Discussion Board Multiple Remote File Include Vulnerabilities
http://www.securityfocus.com/bid/20103

Tekman Portal Uye_Profil.ASP SQL Injection Vulnerability
http://www.securityfocus.com/bid/20102

More.groupware Week.PHP SQL Injection Vulnerability
http://www.securityfocus.com/bid/20100


RELATED STUFF
-------------
GNU GZip Archive Handling Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/20101
The GNU folks (http://www.gzip.org/) haven't released a patch as of
yet, but RedHat has put out updated RPM's
(http://rhn.redhat.com/errata/RHSA-2006-0667.html).

Mozilla Firefox/Thunderbird/Seamonkey Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/20042
Upgrade your installs to the following versions:
Firefox 1.5.0.7
Thunderbird 1.5.0.7
SeaMonkey 1.0.5
Camino 1.0.3

More information about the talk mailing list