[nycphp-talk] messy stuff in sec focus #245
Dan Horning
lists at mx2pro.com
Wed Apr 21 07:33:04 EDT 2004
the funny thing -
most of those software packages noted are not the problem
it appears that everything is a module that "has been reported that...."
IMHO - you shouldn't place blame on a a piece of software which isn't
causing the problem
if the modules followed the devguide then there's almost no chance of not
having sanitized input
(specifically postnuke - which I've watched for a real SecFocus article for
quite some time)
> -----Original Message-----
> From: talk-bounces at lists.nyphp.org
> [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Daniel Convissor
> Sent: Tuesday, April 20, 2004 2:02 PM
> To: NYPHP Talk
> Subject: [nycphp-talk] messy stuff in sec focus #245
>
> SecurityFocus Newsletter #245
>
> TikiWiki Project Multiple Input Validation Vulnerabilities
> http://www.securityfocus.com/bid/10100
>
> Nuked-Klan Multiple Vulnerabilities
> http://www.securityfocus.com/bid/10104
>
> PHP-Nuke CookieDecode Cross-Site Scripting Vulnerability
> http://www.securityfocus.com/bid/10128
>
> TUTOS Multiple Input Validation Vulnerabilities
> http://www.securityfocus.com/bid/10129
>
> PHP-Nuke Multiple SQL Injection Vulnerabilities
> http://www.securityfocus.com/bid/10135
>
> PostNuke Pheonix Multiple Module SQL Injection Vulnerabiliti...
> http://www.securityfocus.com/bid/10146
>
> PHPBugTracker Multiple Input Validation Vulnerabilities
> http://www.securityfocus.com/bid/10153
>
> Gemitel Affich.PHP Remote File Include Command Injection Vul...
> http://www.securityfocus.com/bid/10156
>
> --
> T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y
> data intensive web and database programming
> http://www.AnalysisAndSolutions.com/
> 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
>
More information about the talk
mailing list