Project ListAlerts from SecurityFocus Newsletter #323
PHP
- PHP Parse_Str Register_Globals Activation Weakness
This matter was fixed in CVS on September 29. Upgrade to PHP 4.4.1 or 5.1.0-RC2. For PHP 5.0.x, compile from updated sources. - PHP File Upload GLOBAL Variable Overwrite Vulnerability
This matter was fixed in CVS on September 29. Upgrade to PHP 4.4.1 or 5.1.0-RC2. For PHP 5.0.x, compile from updated sources. - PHP PHPInfo Cross-Site Scripting Vulnerability
This issue was addressed in CVS on August 15. Upgade to PHP 4.4.1, 5.0.5 or 5.1.0-RC1. But people who are security conscious don't have phpinfo() output laying around in the first place, RIGHT?
APPLICATIONS USING PHP
- PHPBB Global Variable Deregistration Bypass Vulnerabilities
- PHPBB Multiple Unspecified Vulnerabilities
- Invision Gallery Index.PHP SQL Injection Vulnerability
- Invision Gallery Image Upload HTML Injection Vulnerability
- MG2 Authentication Bypass Vulnerability
- PHP Advanced Transfer Manager Remote Unauthorized Access Vulnerability
- Subdreamer Multiple Remote SQL Injection Vulnerabilities
- PHPCafe Tutorial Manager Index.PHP SQL Injection Vulnerability
- OaBoard Forum.PHP Multiple SQL Injection Vulnerabilities
- Belchior Foundry vCard Pro Addrbook.PHP SQL Injection Vulnerability
- EyeOS Desktop.PHP HTML Injection Vulnerability
- EyeOS User And Password Information Disclosure Vulnerability
- VUBB Index.PHP Cross-Site Scripting Vulnerability
- XMB Forum Post.PHP SQL Injection Vulnerability
- News2Net Index.PHP SQL Injection Vulnerability
- phpWebThings Forum.PHP Cross-Site Scripting Vulnerability
- PHPWebThing Forum.PHP SQL Injection Vulnerability
- Simple PHP Blog Multiple Input Validation Vulnerabilities
- PHP Handicapper Multiple Cross-Site Scripting Vulnerabilities
- PHP Handicapper Process_signup.PHP SQL Injection Vulnerability
- PHP Handicapper Process_signup.PHP HTTP Response Splitting Vulnerability
- CutePHP CuteNews Directory Traversal Vulnerability
- vBulletin Image Upload HTML Injection Vulnerability
- Movable Type Blog Entry Posting HTML Injection Vulnerability
- Galerie ShowGallery.PHP SQL Injection Vulnerability
- PunBB/Blog:CMS Image Upload HTML Injection Vulnerability
- JPortal Multiple SQL Injection Vulnerabilities
- PunBB/BLOG:CMS Origin Spoofing Vulnerability
- PunBB/BLOG:CMS Unspecified Information Disclosure Vulnerability
- ibProArcade User ID SQL Injection Vulnerability
