Project ListAlerts from SecurityFocus Newsletter #321
PHP
- PHP Safedir Restriction Bypass Vulnerabilities
This report is a bit off base. The reporter calls it "safedir" when they probably mean "safe_mode" and these issues were already raised in SF report 14957. That aside, these issues are fixed in the upcoming 4.4.1 and 5.0.6 releases of PHP.
APPLICATIONS USING PHP
- phpMyAdmin Theme Variable Local File Inclusion Vulnerability
- PHPNuke Modules.PHP Search Module Remote Directory Traversal Vulnerability
- PHP-Nuke Modules.PHP NukeFixes Addon Remote Directory Traversal Vulnerability
- phpBB Avatar Upload HTML Injection Vulnerability
- E107 Resetcore.PHP SQL Injection Vulnerability
- MySource Multiple Cross-Site Scripting Vulnerabilities
- MySource Multiple Remote File Include Vulnerabilities
- Chipmunk Multiple Cross-Site Scripting Vulnerabilities
- Splatt Forums Remote Authentication Bypass Vulnerability
- AL-Caricatier SS.PHP Authentication Bypass Vulnerability
- TikiWiki Unspecified Cross-Site Scripting Vulnerability
- Nuked Klan Multiple HTML Injection Vulnerabilities
- Zomplog Detail.PHP HTML Injection Vulnerability
- FlatNuke Index.PHP Multiple Remote File Include Vulnerabilities
