NYCPHP Meetup

NYPHP.org

[nycphp-talk] Alerts from SecurityFocus Newsletter #315

Daniel Convissor danielc at analysisandsolutions.com
Sat Oct 22 18:35:16 EDT 2005 

Alerts from SecurityFocus Newsletter #315

APPLICATIONS USING PHP
----------------------
MyBloggie login.php SQL Injection Vulnerability
http://www.securityfocus.com/bid/14739

MAXdev MD-Pro Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/14742

Land Down Under Events.PHP HTML Injection Vulnerability
http://www.securityfocus.com/bid/14746

NewsBoard Description Field HTML Injection Vulnerability
http://www.securityfocus.com/bid/14748

MAXdev MD-Pro Arbitrary Remote File Upload Vulnerability
http://www.securityfocus.com/bid/14750

MAXdev MD-Pro Multiple Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/14751

GuppY PrintFAQ.PHP Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/14752

GuppY Error.PHP HTML Injection Vulnerability
http://www.securityfocus.com/bid/14753

MyBulletinBoard Forumdisplay.PHP Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/14754

MyBulletinBoard Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/14762

MyBulletinBoard Forumdisplay.PHP Fid Parameter Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/14782

MyBulletinBoard RateThread.PHP SQL Injection Vulnerability
http://www.securityfocus.com/bid/14786

PHPCommunityCalendar Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/14763

PHPCommunityCalendar Multiple Remote Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/14767

PBLang Bulletin Board System SetCookie.PHP Directory Traversal Vulnerability
http://www.securityfocus.com/bid/14765

PBLang Bulletin Board System HTML Injection Vulnerability
http://www.securityfocus.com/bid/14766

Class-1 Forum SQL Injection Vulnerability
http://www.securityfocus.com/bid/14774

Stylemotion WEB//NEWS Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/14776

AMember Remote File Include Vulnerability
http://www.securityfocus.com/bid/14777


RELATED STUFF
-------------
Mozilla/Netscape/Firefox Browsers Domain Name Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/14784
Firefox 1.0.6 and 1.5 Beta 1 are vulnerable to this issue.  Mozilla
1.7.11 and Netscape 8.0.3.3 and 7.2 are affected as well.
<br/>A temporary fix is to disable International Domain Name support
by setting network.enableIDN to false in about:config.
<br/>See the <a
href="https://addons.mozilla.org/messages/307259.html">announcement</a>
on Mozilla's website for more information.

More information about the talk mailing list