Project ListAlerts from SecurityFocus Newsletter #306
APPLICATIONS USING PHP
- XML-RPC for PHP Remote Code Injection Vulnerability
Below is most of the software containing this vulnerability and which version fixes the problem:- Serendipity 0.8.2
- PEAR XML_RPC 1.3.1 (and 1.3.2 fixes additional vulnerabilities)
- XML-RPC for PHP 1.1.1
- Drupal 4.6.2 or 4.5.4
- Xoops 2.0.12a
- phpMyFAQ 1.4.9 or 1.5.0 RC5
- WordPress 1.5.1.3
- Nucleus CMS 3.21
- phpAdsNew 2.0.5
- phpPgAds 2.0.5
- Drupal Arbitrary PHP Code Execution Vulnerability
- Mambo Open Source Multiple Unspecified Injection Vulnerabilities
- Mambo Open Source Session ID Spoofing Vulnerability
- Mambo Open Source MosDBTable Class Unspecified Vulnerability
- Xoops XMLRPC Multiple SQL Injection Vulnerabilities
- Xoops Multiple Cross-Site Scripting Vulnerabilities
- PHP-Fusion SUBMIT.PHP HTML Injection Vulnerabilities
- Mensajeitor IP Parameter HTML Injection Vulnerability
- WebCalendar Assistant_Edit.PHP Unauthorized Access Vulnerability
- UBBDesign JCDex Lite Index.PHP Remote File Include Vulnerability
- PHPBB Viewtopic.PHP Remote Code Execution Vulnerability
- Comdev eCommerce Review Form HTML Injection Vulnerability
- Pavsta Auto Site SitePath Remote File Include Vulnerability
- Comdev eCommerce Index.PHP Cross-Site Scripting Vulnerability
- OSTicket Multiple Input Validation Vulnerabilities
- RaXnet Cacti Input Filter Multiple SQL Injection Vulnerabilities
- RaXnet Cacti Graph_Image.PHP Remote Command Execution Variant Vulnerability
- RaXnet Cacti Config.PHP Design Error Vulnerability
