NYCPHP Meetup

NYPHP.org

[nycphp-talk] PHP in SecurityFocus #337

Daniel Convissor danielc at analysisandsolutions.com
Sun Mar 26 19:27:16 EST 2006 

These summaries are available online
RSS:  http://phpsec.org/projects/vulnerabilities/securityfocus.xml
HTML: http://phpsec.org/projects/vulnerabilities/securityfocus.html

Alerts from SecurityFocus Newsletter #337

While it's good to see SecurityFocus' systems are back in order, it
unfortunately means we'll be reporting on lots of vulnerabilities in
PHP apps...
APPLICATIONS USING PHP
----------------------
LinPHA Multiple Local File Inclusion and PHP Code Injection Vulnerabilities
http://www.securityfocus.com/bid/16592

Multiple HiveMail Vulnerabilities
http://www.securityfocus.com/bid/16591

PHP Event Calendar HTML Injection Vulnerability
http://www.securityfocus.com/bid/16588

Multiple Scriptme Applications BBCode URL Tag Script Injection Vulnerability
http://www.securityfocus.com/bid/16585

Scriptme SmE GB Host Login.PHP SQL Injection Vulnerability
http://www.securityfocus.com/bid/16609

FarsiNews Directory Traversal and Local File Include Vulnerabilities
http://www.securityfocus.com/bid/16580

GuestBookHost Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/16545

CPG Dragonfly CMS Remote Command Execution Vulnerability
http://www.securityfocus.com/bid/16546

RunCMS Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/16578

QwikiWiki Search.PHP Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/16638

CALimba RB_auth.PHP Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/16632

Time Tracking Software Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/16630

MyBBoard Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/16631

Dotproject Multiple Remote File Include Vulnerabilities
http://www.securityfocus.com/bid/16648

Horde Kronolith Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/15808

Gallery Data Unspecified Code Execution Vulnerability
http://www.securityfocus.com/bid/16533

PHP/MYSQL Timesheet Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/16620

Flyspray ADODBPath Remote File Include Vulnerability
http://www.securityfocus.com/bid/16618

E107 Website System BBCode HTML Injection Vulnerability
http://www.securityfocus.com/bid/16614

Gastebuch Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/16615

Invision Power Board User Registration Denial of Service Vulnerability
http://www.securityfocus.com/bid/16616

RunCMS PMLite.PHP SQL Injection Vulnerability
http://www.securityfocus.com/bid/16652

sNews Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/16647

Magic Calendar Lite Index.PHP Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/16646

DeltaScripts PHP Classifieds Member_Login.PHP SQL Injection Vulnerability
http://www.securityfocus.com/bid/16642

PHPNuke Header.PHP Pagetitle Parameter Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/16608

IPB Army System Army.PHP SQL Injection Vulnerability
http://www.securityfocus.com/bid/16606

Clever Copy Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/16607

Ansilove Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/16603

DocMGR Process.PHP Remote File Include Vulnerability
http://www.securityfocus.com/bid/16601

XMB Forum Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/16604

Lawrence Osiris DB_eSession Class SQL Injection Vulnerability
http://www.securityfocus.com/bid/16598

Siteframe Beaumont Search.PHP Q Parameter Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/16596

ImageVue Multiple Vulnerabilities
http://www.securityfocus.com/bid/16594


RELATED STUFF
-------------
LibPNG Graphics Library PNG_Set_Strip_Alpha Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/16626

ImageMagick File Name Handling Remote Format String Vulnerability
http://www.securityfocus.com/bid/12717

PostgreSQL Set Session Authorization Denial of Service Vulnerability
http://www.securityfocus.com/bid/16650

PostgreSQL Remote SET ROLE Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/16649

More information about the talk mailing list