NYCPHP Meetup

NYPHP.org

[nycphp-talk] PHP in SecurityFocus #343

Daniel Convissor danielc at analysisandsolutions.com
Sat Apr 15 16:23:07 EDT 2006 

These summaries are available online
RSS:  http://phpsec.org/projects/vulnerabilities/securityfocus.xml
HTML: http://phpsec.org/projects/vulnerabilities/securityfocus.html

Alerts from SecurityFocus Newsletter #343

Wow! This week's newsletter has a plethora problematic PHP programs.
PHP
---
PHP html_entity_decode() Information Disclosure Vulnerability
http://www.securityfocus.com/bid/17296
This has been fixed in 5.1.3-RC1. The patch was also applied to the
4.4 branch but hasn't made it into a release yet.


APPLICATIONS USING PHP
----------------------
PHPAdsNew and PHPPGAds Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/17251

AkoComment akocomment.PHP Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/17241

Nuked-Klan Index.PHP SQL Injection Vulnerability
http://www.securityfocus.com/bid/17233

SaphpLesson Print.PHP SQL Injection Vulnerability
http://www.securityfocus.com/bid/17239

Calendar Express Multiple Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/17240

WEBalbum Remote Command Execution Vulnerability
http://www.securityfocus.com/bid/17228

ConfTool Index.PHP Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/17231

PHP-Stats Multiple Input Validation and Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/16963

PHPBookingCalendar Details_View.PHP SQL Injection Vulnerability
http://www.securityfocus.com/bid/17230

PHP Ticket Search.PHP SQL Injection Vulnerability
http://www.securityfocus.com/bid/17229

DSDownload Multiple SQL-Injection Vulnerabilities
http://www.securityfocus.com/bid/17116

DSCounter Index.PHP SQL Injection Vulnerability
http://www.securityfocus.com/bid/17112

eXpandable Home Page CMS Multiple Access Validation Vulnerabilities
http://www.securityfocus.com/bid/17209

PhxContacts Login.PHP Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/17307

Null News Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/17300

PHP Classifieds Search.PHP Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/17305

Sourceworkshop Newsletter Newsletter.PHP SQL Injection Vulnerability
http://www.securityfocus.com/bid/17304

PhxContacts Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/17306

vCounter vCounter.PHP SQL Injection Vulnerability
http://www.securityfocus.com/bid/17302

PHPNewsManager Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/17301

Tilde CMS Index.PHP SQL Injection Vulnerability
http://www.securityfocus.com/bid/17299

PhpCollab Sendpassword.PHP SQL Injection Vulnerability
http://www.securityfocus.com/bid/17283

NetOffice Sendpassword.PHP SQL Injection Vulnerability
http://www.securityfocus.com/bid/17286

OneOrZero Helpdesk Index.PHP SQL Injection Vulnerability
http://www.securityfocus.com/bid/17298

PHP Script Index Search Parameter Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/17297

Horde Help Viewer Remote PHP Code Execution Vulnerability
http://www.securityfocus.com/bid/17292

PHPKIT Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/17291

VWar Functions_install.PHP Remote File Include Vulnerability
http://www.securityfocus.com/bid/17290

AL-Caricatier Multiple Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/17289

CONTROLzx HMS Multiple Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/17282

PHPmyfamily Track.PHP Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/17278

phpCOIN Multiple Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/17279

Tachyondecay VSNS Lemon Final_functions.PHP SQL Injection Vulnerability
http://www.securityfocus.com/bid/17281

ActiveCampaign SupportTrio Multiple Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/17276

MediaWiki Encoded Page Link HTML Injection Vulnerability
http://www.securityfocus.com/bid/17269

TFT Gallery Administrator Password Information Disclosure Vulnerability
http://www.securityfocus.com/bid/17250

DSLogin Index.PHP Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/17262

Pixel Motion Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/17260

Meeting Reserve SearchResult.PHP Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/17256

G-Book HTML Injection Vulnerability
http://www.securityfocus.com/bid/17253

Maian Weblog Multiple SQL-Injection Vulnerabilities
http://www.securityfocus.com/bid/17247


RELATED STUFF
-------------
Sendmail Asynchronous Signal Handling Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/17192

More information about the talk mailing list