Alerts from SecurityFocus Newsletter #304

Summarized by Daniel Convissor

APPLICATIONS USING PHP

• Mambo Open Source Com_Contents SQL Injection Vulnerability
• SquirrelMail Multiple Unspecified Cross-Site Scripting Vulnerabilities
• osCommerce Multiple HTTP Response Splitting Vulnerabilities
• XAMMP Lang.PHP HTML Injection Vulnerability
• XAMMP Lang.PHP Directory Traversal Vulnerability
• Ajax-Spell HTML Tag Script Injection Vulnerability
  Ajax-Spell is a plugin for WordPress
• Singapore Image Gallery Index.PHP Cross-Site Scripting Vulnerability
• FusionBB Multiple Input Validation Vulnerabilities
• Annuaire 1Two Commentaires.PHP Multiple HTML Injection Vulnerabilities
• Annuaire 1Two Index.PHP Cross-Site Scripting Vulnerability
• McGallery Lang Argument File Disclosure Vulnerability
• Bitrix Site Manager Remote File Include Vulnerability
• Ultimate PHP Board Multiple Cross-Site Scripting Vulnerabilities
• Ultimate PHP Board Weak Password Encryption Vulnerability
• ATutor Multiple Cross-Site Scripting Vulnerabilities

RELATED STUFF

• Opera Web Browser Cross-Site Scripting Local File Disclosure Vulnerability
• Opera Web Browser XMLHttpRequest Object Cross-Domain Access Vulnerability