NYCPHP Meetup

NYPHP.org

[nycphp-talk] security focus newsletter 221

Analysis & Solutions danielc at analysisandsolutions.com
Mon Nov 3 21:03:39 EST 2003 

APACHE
------
Apache Web Server Multiple Module Local Buffer Overflow Vuln...
http://www.securityfocus.com/bid/8911
The problem is reported to exist in mod_alias and mod_rewrite modules of
the software. It has been reported that the problems presents itself if a
regular expression is configured with more the 9 captures using
parenthesis.  It is reported that the vulnerability is in an Apache
wrapper function for the regex interface.

Apache Mod_Security Module Heap Corruption Vulnerability
http://www.securityfocus.com/bid/8919
A vulnerability has been discovered in the mod_security module when
handling specific data transmitted by the Apache server. The problem
occurs within sec_filter_out() function located in the mod_security.c
source file.

Apache Web Server mod_cgid Module CGI Data Redirection Vulne...
http://www.securityfocus.com/bid/8926
Apache has reported a potential vulnerability in the mod_cgid module when
the threaded MPM (Multi-Processing Module) is used. The problem is said to
be due to mishandling of CGI redirect paths. Reportedly, the module will 
incorrectly redirect the CGI output data to a seperate, unrelated thread.


PHP
---
Multiple Advanced Poll PHP Vulnerabilities
http://www.securityfocus.com/bid/8890

Chi Kien Uong Guestbook [multiple] Vulnerabilities
http://www.securityfocus.com/bid/8895
http://www.securityfocus.com/bid/8896

Les Visiteurs Multiple Remote File Include Vulnerabilities 
http://www.securityfocus.com/bid/8902

Bytehoard Files.INC.PHP Root Directory Disclosure Vulnerabil... 
http://www.securityfocus.com/bid/8910

E107 Chatbox.php Denial of Service Vulnerability
http://www.securityfocus.com/bid/8930

Booby Error Message Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/8932

Ledscripts LedForums Multiple Fileds HTML Injection Vulnerab...
http://www.securityfocus.com/bid/8934


Enjoy,

--Dan

-- 
     FREE scripts that make web and database programming easier
           http://www.analysisandsolutions.com/software/
 T H E   A N A L Y S I S   A N D   S O L U T I O N S   C O M P A N Y
 4015 7th Ave #4AJ, Brooklyn NY    v: 718-854-0335   f: 718-854-0409

More information about the talk mailing list