Alerts from SecurityFocus Newsletter #314

Summarized by Daniel Convissor

APPLICATIONS USING PHP

• PHPMyAdmin Cookie.Auth.Lib.PHP HTML Injection Vulnerability
  This issue has been addressed in phpMyAdmin 2.6.4-rc1.
• PHPMyAdmin Error.PHP Cross-Site Scripting Vulnerability
  This issue has been addressed in phpMyAdmin 2.6.4-rc1.
• Land Down Under Signature HTML Injection Vulnerability
• FUDforum Avatar Upload Arbitrary Script Upload Vulnerability
• PHPWebNotes Api.PHP Remote File Include Vulnerability
• Simple PHP Blog Comment_Delete_CGI.PHP Directory Traversal Vulnerability
• MyBB Member.PHP SQL Injection Vulnerability
• AutoLinks Pro Al_initialize.PHP Remote File Include Vulnerability
• PHP-Fusion BBCode URL Tag Script Injection Vulnerability
• Hesk Admin.PHP Authentication Bypass Vulnerability
• PHPLDAPAdmin Unauthorized Access Vulnerability
• PHPLDAPAdmin Welcome.PHP Multiple Vulnerabilities
• e107 Forum_post.PHP Arbitrary Post Creation Vulnerability
• FlatNuke ID Parameter Directory Traversal Vulnerability
• FlatNuke USR Parameter Cross-Site Scripting Vulnerability
• CMS Made Simple Lang.PHP Remote File Include Vulnerability
• DownFile Multiple Cross-Site Scripting Vulnerabilities
• DownFile Administrator Unauthorized Access Vulnerability
• GBook Multiple Unspecified Cross-Site Scripting Vulnerabilities
• PBLang Bulletin Board System Multiple Remote Vulnerabilities

RELATED STUFF

• Apache Mod_SSL SSLVerifyClient Restriction Bypass Vulnerability
• OpenSSH DynamicForward Inadvertent GatewayPorts Activation Vulnerability
• OpenSSH GSSAPI Credential Disclosure Vulnerability