NYCPHP Meetup

NYPHP.org

latest vulnerabilities...

Analysis & Solutions danielc at analysisandsolutions.com
Mon Jun 9 23:24:16 EDT 2003 

Hey Folks:

Here are the highlights from SecurityFocus's latest newsletter...


------------------
PHP Transparent Session ID Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/7761

A cross-site scripting vulnerability has been discovered in PHP version
4.3.1 and earlier.

------------------
Yet another PHP-Nuke vulnerability...

PHP-Nuke User/Admin Cookie SQL Injection Vulnerability
http://www.securityfocus.com/bid/7762

------------------
Multiple Mod_Gzip Debug Mode Vulnerabilities
http://www.securityfocus.com/bid/7769

Mod_gzip is an Apache web server module that compresses web content before
sending it to the client.  Mod_gzip is not a standard module for Apache.

------------------
Webfroot Shoutbox Expanded.PHP Remote Command Execution Vulnerability
http://www.securityfocus.com/bid/7772

Webfroot Shoutbox is a web application designed to allow web site visitors
a chance to leave messages. It is implemented in PHP...

------------------
Webchat Module Path Disclosure Weakness
http://www.securityfocus.com/bid/7774

Webchat is a web based chat module designed for use with PHP-Nuke.

------------------
SPChat Module Remote File Include Vulnerability
http://www.securityfocus.com/bid/7780

SPChat is a web based chat module designed for use with PHP-Nuke.

------------------
Multiple vulnerabilities in Cafelog b2
http://www.securityfocus.com/bid/7782
http://www.securityfocus.com/bid/7783
http://www.securityfocus.com/bid/7786

CafeLog b2 WebLog Tool allows users to generate news pages and weblogs
dynamically. It is implemented in PHP

------------------
multiple Wordpress vulnerabilities
http://www.securityfocus.com/bid/7784
http://www.securityfocus.com/bid/7785

Wordpress allows users to generate news pages and weblogs dynamically. It
uses PHP and a MySQL database to generate dynamic pages.

------------------
While this isn't PHP related, cPanel was discussed on the list recently...

cPanel/Formail-Clone E-Mail Restriction Bypass Vulnerability
http://www.securityfocus.com/bid/7758

------------------
Interesting thing to look out for if you run servers or have
scripts which send email...

Linux /bin/mail Carbon Copy Field Buffer Overrun Vulnerability
http://www.securityfocus.com/bid/7760


Enjoy,

--Dan

-- 
     FREE scripts that make web and database programming easier
           http://www.analysisandsolutions.com/software/
 T H E   A N A L Y S I S   A N D   S O L U T I O N S   C O M P A N Y
 4015 7th Ave #4AJ, Brooklyn NY    v: 718-854-0335   f: 718-854-0409

More information about the talk mailing list