NYCPHP Meetup

NYPHP.org

[nycphp-talk] PHP in SecurityFocus #324

Daniel Convissor danielc at analysisandsolutions.com
Sat Nov 19 09:56:29 EST 2005 

These summaries are available online
RSS:  http://phpsec.org/projects/vulnerabilities/securityfocus.xml
HTML: http://phpsec.org/projects/vulnerabilities/securityfocus.html

Alerts from SecurityFocus Newsletter #324

PHP
---
PHP Group Exif Module Infinite Recursion Denial Of Service Vulnerability
http://www.securityfocus.com/bid/15358
This is a relatively minor issue. It is only a denial of service and
only applies to users parsing EXIF data in corrupted JPEG images.


APPLICATIONS USING PHP
----------------------
Invision Power Board Multiple Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/15344

Invision Power Board Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/15345

PHPFM Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/15335

Debian Horde Default Administrator Password Vulnerability
http://www.securityfocus.com/bid/15337

XMB U2U.PHP Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/15342

toendaCMS Admin.PHP Directory Traversal Vulnerability
http://www.securityfocus.com/bid/15348

toendaCMS Remote File Upload Vulnerability
http://www.securityfocus.com/bid/15351

PHPList Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/15350

PHPKit Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/15354

ATutor Registration.PHP SQL Injection Vulnerability
http://www.securityfocus.com/bid/15355

YaBB Image Upload HTML Injection Vulnerability
http://www.securityfocus.com/bid/15368

TikiWiki Tiki-view_forum_thread.PHP Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/15371

TikiWiki Tiki-User_Preferences.PHP Directory Traversal Vulnerability
http://www.securityfocus.com/bid/15392

TikiWiki Tiki-Editpage.PHP Directory Traversal Vulnerability
http://www.securityfocus.com/bid/15390

Moodle Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/15380

phpAdsNew Lib-sessions.inc.PHP SQL Injection Vulnerability
http://www.securityfocus.com/bid/15385

OcoMon Multiple Unspecified SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/15386

Exponent CMS Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/15389

PHPSysInfo Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/15396

PHPWebThings Download.PHP File Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/15399

ActiveCampaign 1-2-All Broadcast Email Admin Control Panel Username SQL Injection Vulnerability
http://www.securityfocus.com/bid/15400

More information about the talk mailing list