NYCPHP Meetup

NYPHP.org

[nycphp-talk] php in SecurityFocus Newsletter #291

Daniel Convissor danielc at analysisandsolutions.com
Sun Mar 13 11:47:18 EST 2005 

Another exciting installment of your favorite drama!

SecurityFocus Newsletter #291

PHP ISSUES
7. FCKeditor For PHP-Nuke Arbitrary File Upload Vulnerability
BugTraq ID: 12676

9. PHPBB Authentication Bypass Vulnerability
BugTraq ID: 12678

14. PostNuke Pheonix CATID Parameter Remote SQL Injection Vulner...
BugTraq ID: 12683

15. PostNuke Pheonix SHOW Parameter Remote SQL Injection Vulnera...
BugTraq ID: 12684

16. PostNuke Phoenix Download Module Multiple Cross-Site Scripti...
BugTraq ID: 12685

16. PostNuke Phoenix Download Module Multiple Cross-Site Scripti...
BugTraq ID: 12685

18. PHP Arena PANews Remote Input Validation Vulnerabilities
BugTraq ID: 12687

21. PBLang Bulletin Board System SendPM.PHP Directory Traversal ...
BugTraq ID: 12690

22. CutePHP CuteNews X-Forwarded-For Script Injection Vulnerabil...
BugTraq ID: 12691

23. SafeHTML Multiple HTML Entity Bypass Vulnerabilities
BugTraq ID: 12692
I recall an earlier BugTraq listing along these lines, so this may be a 
duplicate report.

25. PBLang Bulletin Board System DelPM.PHP Arbitrary Personal Me...
BugTraq ID: 12694

27. PHPNews Auth.PHP Remote File Include Vulnerability
BugTraq ID: 12696

30. PHP Glob Function Local Information Disclosure Vulnerability   
BugTraq ID: 12701

35. MercuryBoard Avatar HTML Injection Vulnerability
BugTraq ID: 12706

36. MercuryBoard Index.PHP SQL Injection Vulnerability
BugTraq ID: 12707

47. WoltLab Burning Board/Burning Board Lite Sessoin.PHP Multipl...       
BugTraq ID: 12718

48. PABox HTML Injection Vulnerability
BugTraq ID: 12719

49. D-Forum Nav.PHP3 Cross-Site Scripting Vulnerability
BugTraq ID: 12720

50. Typo3 CMW_Linklist Extension SQL Injection Vulnerability
BugTraq ID: 12721

54. Stadtaus.Com Download Center Lite Arbitrary Remote PHP File ...
BugTraq ID: 12726

38. ProjectBB Multiple Remote Cross-Site Scripting Vulnerabiliti...
BugTraq ID: 12709

39. ProjectBB Multiple SQL Injection Vulnerabilities
BugTraq ID: 12710

37. auraCMS Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 12708

24. 427BB Multiple Remote HTML Injection Vulnerabilities
BugTraq ID: 12693

20. Forumwa Multiple Remote Input Validation Vulnerabilities
BugTraq ID: 12689



OTHER IMPORTANT WEB RELATED ISSUES
4. Mozilla Firefox Address Bar Image Dragging Remote Script Exe...
BugTraq ID: 12672

45. Squid Proxy Set-Cookie Headers Information Disclosure Vulner...
BugTraq ID: 12716

46. ImageMagick File Name Handling Remote Format String Vulnerab...
BugTraq ID: 12717

56. Mozilla Suite/Firefox HTTP Authentication Dialogs Tab Focus ...
BugTraq ID: 12728


-- 
 T H E   A N A L Y S I S   A N D   S O L U T I O N S   C O M P A N Y
            data intensive web and database programming
                http://www.AnalysisAndSolutions.com/
 4015 7th Ave #4, Brooklyn NY 11232  v: 718-854-0335 f: 718-854-0409

More information about the talk mailing list