[nycphp-talk] security focus newsletter 221
Analysis & Solutions
danielc at analysisandsolutions.com
Mon Nov 3 21:03:39 EST 2003
APACHE
------
Apache Web Server Multiple Module Local Buffer Overflow Vuln...
http://www.securityfocus.com/bid/8911
The problem is reported to exist in mod_alias and mod_rewrite modules of
the software. It has been reported that the problems presents itself if a
regular expression is configured with more the 9 captures using
parenthesis. It is reported that the vulnerability is in an Apache
wrapper function for the regex interface.
Apache Mod_Security Module Heap Corruption Vulnerability
http://www.securityfocus.com/bid/8919
A vulnerability has been discovered in the mod_security module when
handling specific data transmitted by the Apache server. The problem
occurs within sec_filter_out() function located in the mod_security.c
source file.
Apache Web Server mod_cgid Module CGI Data Redirection Vulne...
http://www.securityfocus.com/bid/8926
Apache has reported a potential vulnerability in the mod_cgid module when
the threaded MPM (Multi-Processing Module) is used. The problem is said to
be due to mishandling of CGI redirect paths. Reportedly, the module will
incorrectly redirect the CGI output data to a seperate, unrelated thread.
PHP
---
Multiple Advanced Poll PHP Vulnerabilities
http://www.securityfocus.com/bid/8890
Chi Kien Uong Guestbook [multiple] Vulnerabilities
http://www.securityfocus.com/bid/8895
http://www.securityfocus.com/bid/8896
Les Visiteurs Multiple Remote File Include Vulnerabilities
http://www.securityfocus.com/bid/8902
Bytehoard Files.INC.PHP Root Directory Disclosure Vulnerabil...
http://www.securityfocus.com/bid/8910
E107 Chatbox.php Denial of Service Vulnerability
http://www.securityfocus.com/bid/8930
Booby Error Message Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/8932
Ledscripts LedForums Multiple Fileds HTML Injection Vulnerab...
http://www.securityfocus.com/bid/8934
Enjoy,
--Dan
--
FREE scripts that make web and database programming easier
http://www.analysisandsolutions.com/software/
T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y
4015 7th Ave #4AJ, Brooklyn NY v: 718-854-0335 f: 718-854-0409
More information about the talk
mailing list