Alerts from SecurityFocus Newsletter #299

Summarized by Daniel Convissor

APPLICATIONS USING PHP

• PHPBB Profile.PHP Cross-Site Scripting Vulnerability
• PHPBB Viewtopic.PHP Cross-Site Scripting Vulnerability
• PHPMyVisites Part Variable Cross-Site Scripting Vulnerability
• PHPMyVisites Per Variable Cross-Site Scripting Vulnerability
• PHPMyVisites Site Variable Cross-Site Scripting Vulnerability
• PHPMyVisites Set_Lang File Include Vulnerability
• WoltLab Burning Board PMS.PHP Cross-Site Scripting Vulnerability
• SWSoft Confixx Change User SQL Injection Vulnerability
• Horde Vacation Remote Cross-Site Scripting Vulnerability
• Horde MNemo Remote Cross-Site Scripting Vulnerability
• Horde Nag Remote Cross-Site Scripting Vulnerability
• Horde Chora Remote Cross-Site Scripting Vulnerability
• Horde Accounts Module Remote Cross-Site Scripting Vulnerability
• Horde Forward Module Remote Cross-Site Scripting Vulnerability
• Yappa-NG Unspecified Remote File Include Vulnerability
• Yappa-NG Unspecified Cross-Site Scripting Vulnerability
• Invision Power Board QPid Parameter SQL Injection Vulnerability
• GrayCMS Error.PHP Remote File Include Vulnerability
• BBlog Index.PHP HTML Injection Vulnerability
• BBlog PostID Parameter SQL Injection Vulnerability
• PHP-Calendar Search.PHP SQL Injection Vulnerability
• PHPCart Input Validation Vulnerability
• Claroline E-Learning Application Multiple Remote Input Valid...
• S9Y Serendipity BBCode Plugin HTML Injection Vulnerability
• Dream4 Koobi CMS Index.PHP P Parameter SQL Injection Vulnerability
• Dream4 Koobi CMS Index.PHP Q Parameter SQL Injection Vulnerability
• Notes Module for PHPBB SQL Injection Vulnerability
• Just William's Amazon Webstore Closeup.PHP Image Parameter C...
• Just William's Amazon Webstore CurrentIsExpanded Parameter C...
• Just William's Amazon Webstore SearchFor Parameter Cross-Sit...
• Just William's Amazon Webstore CurrentNumber Parameter Cross...
• Just William's Amazon Webstore HTTP Response Splitting Vulnerability
• MyPHP Forum Post.PHP Username Spoofing Vulnerability
• MyPHP Forum Privmsg.PHP Username Spoofing Vulnerability
• PHPCoin Multiple SQL Injection Vulnerabilities

RELATED STUFF

• MySQL MaxDB HTTP GET Request Remote Buffer Overflow Vulnerability
• MySQL MaxDB WebDAV Lock Token Remote Buffer Overflow Vulnerability
• MySQL MaxDB WebDAV IF Parameter Remote Buffer Overflow Vulnerability