NYCPHP Meetup

NYPHP.org

[nycphp-talk] PHP in SecurityFocus #366

Daniel Convissor danielc at analysisandsolutions.com
Sun Sep 24 05:54:29 EDT 2006 

These summaries are available online
RSS:  http://phpsec.org/projects/vulnerabilities/securityfocus.xml
HTML: http://phpsec.org/projects/vulnerabilities/securityfocus.html

Alerts from SecurityFocus Newsletter #366

The RSA signature forgery issue sounds problematic...

APPLICATIONS USING PHP
----------------------
Joomla! Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/19749

PhpGroupWare Calendar Class.Holidaycalc.Inc.PHP Local File Include Vulnerability
http://www.securityfocus.com/bid/19751

Gallery Stats Module Information Disclosure Vulnerability
http://www.securityfocus.com/bid/19453

IntegraMOD PHPbb_Root_Path Multiple Remote File Include Vulnerabilities
http://www.securityfocus.com/bid/19809

Membrepass Multiple Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/19789

 Membrepass Recherchemembre.PHP SQL Injection Vulnerability
http://www.securityfocus.com/bid/19791

Membrepass Variable.PHP Remote File Include Vulnerability
http://www.securityfocus.com/bid/19790

E-vision CMS Path Parameter Multiple Remote File Include Vulnerabilities
http://www.securityfocus.com/bid/19788

ExBB Home_Path Parameter Multiple Remote File Include Vulnerabilities
http://www.securityfocus.com/bid/19787

PortailPHP Mod_PHPAlbum Sommaire_Admin.PHP Remote File Include Vulnerability
http://www.securityfocus.com/bid/19750

CubeCart Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/19782

Graphiks GrapAgenda Index.PHP Remote File Include Vulnerability
http://www.securityfocus.com/bid/19857

AnnoncesV Annonce.PHP Remote File Include Vulnerability
http://www.securityfocus.com/bid/19854

MySpeach JScript.PHP Remote File Include Vulnerability
http://www.securityfocus.com/bid/19851

ToendaCMS Remote File Include Vulnerability
http://www.securityfocus.com/bid/19806

Papoo CMS IBrowser Remote File Include Vulnerability
http://www.securityfocus.com/bid/19807

VBZoom Profile.PHP Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/19803

YACS Multiple Remote File Include Vulnerabilities
http://www.securityfocus.com/bid/19799

Xoops Edituser.PHP SQL Injection Vulnerability
http://www.securityfocus.com/bid/19720


RELATED STUFF
-------------
OpenSSL PKCS Padding RSA Signature Forgery Vulnerability
http://www.securityfocus.com/bid/19849
Attackers may be able to forge a PKCS #1 v1.5 signature when an RSA
key with exponent 3 is used. This is fixed in OpenSSL 0.9.7k and
0.9.8c.

MySQL Multiupdate and Subselects Denial Of Service Vulnerability
http://www.securityfocus.com/bid/19794
For some reason this is the first time this very old issue made it
into the SF newsletters.

More information about the talk mailing list