Project ListAlerts from SecurityFocus Newsletter #315
APPLICATIONS USING PHP
- MyBloggie login.php SQL Injection Vulnerability
- MAXdev MD-Pro Cross-Site Scripting Vulnerability
- Land Down Under Events.PHP HTML Injection Vulnerability
- NewsBoard Description Field HTML Injection Vulnerability
- MAXdev MD-Pro Arbitrary Remote File Upload Vulnerability
- MAXdev MD-Pro Multiple Cross-Site Scripting Vulnerabilities
- GuppY PrintFAQ.PHP Cross-Site Scripting Vulnerability
- GuppY Error.PHP HTML Injection Vulnerability
- MyBulletinBoard Forumdisplay.PHP Cross-Site Scripting Vulnerability
- MyBulletinBoard Multiple SQL Injection Vulnerabilities
- MyBulletinBoard Forumdisplay.PHP Fid Parameter Cross-Site Scripting Vulnerability
- MyBulletinBoard RateThread.PHP SQL Injection Vulnerability
- PHPCommunityCalendar Multiple SQL Injection Vulnerabilities
- PHPCommunityCalendar Multiple Remote Cross-Site Scripting Vulnerabilities
- PBLang Bulletin Board System SetCookie.PHP Directory Traversal Vulnerability
- PBLang Bulletin Board System HTML Injection Vulnerability
- Class-1 Forum SQL Injection Vulnerability
- Stylemotion WEB//NEWS Multiple SQL Injection Vulnerabilities
- AMember Remote File Include Vulnerability
RELATED STUFF
- Mozilla/Netscape/Firefox Browsers Domain Name Remote Buffer Overflow Vulnerability
Firefox 1.0.6 and 1.5 Beta 1 are vulnerable to this issue. Mozilla 1.7.11 and Netscape 8.0.3.3 and 7.2 are affected as well.
A temporary fix is to disable International Domain Name support by setting network.enableIDN to false in about:config.
See the announcement on Mozilla's website for more information.
