Alerts from SecurityFocus Newsletter #320

Summarized by Daniel Convissor

APPLICATIONS USING PHP

• PHPMyAdmin Local File Include Vulnerability
  Upgrade to phpMyAdmin 2.6.4-pl3 or newer.
• VersatileBulletinBoard Multiple SQL Injection Vulnerabilities
• VersatileBulletinBoard Multiple Cross-Site Scripting Vulnerabilities
• VersatileBulletinBoard Information Disclosure Vulnerability
• PHP Advanced Transfer Manager Arbitrary File Upload Vulnerability
• Zeroblog Thread.PHP Cross-Site Scripting Vulnerability
• Xeobook Multiple HTML Injection Vulnerabilities
• PHPWebSite Search Module SQL Injection Vulnerability
• Yapig View.PHP Cross-Site Scripting Vulnerability
• YaPig Homepage Form Field HTML Injection Vulnerability
• Gallery Main.PHP Directory Traversal Vulnerability
• W-Agora Multiple Arbitrary PHP Code Injection Vulnerabilities
• Complete PHP Counter SQL Injection Vulnerability
• Complete PHP Counter Cross-Site Scripting Vulnerability
• PunBB Search.PHP SQL Injection Vulnerability

RELATED STUFF

• OpenSSL Insecure Protocol Negotiation Weakness
  Upgrade to 0.9.7h or 0.9.8a
• Multiple Vendor WGet/Curl NTLM Username Buffer Overflow Vulnerability
  curl and libcurl: <= 7.10.5 and >= 7.15.0 are not affected or have been fixed.
  Wget: upgrade to 1.10.2.