Alerts from SecurityFocus Newsletter #327

Summarized by Daniel Convissor

Holy cow! PHP applications account for 72% of the announcements this week!

APPLICATIONS USING PHP

• Drupal Image Upload HTML Injection Vulnerability
• Drupal View User Profile Authorization Bypass Vulnerability
• PBLang Bulletin Board System Multiple HTML Injection Vulnerabilities
• Athena PHP Website Administration Remote File Include Vulnerability
• PHPGreetz Remote File Include Vulnerability
• Q-News Remote File Include Vulnerability
• Enterprise Connector SQL Injection Vulnerabilities
• Zainu SQL Injection Vulnerabilities
• Babe Logger SQL Injection Vulnerabilities
• Top Music Module SQL Injection Vulnerabilities
• PHPWordPress Multiple SQL Injection Vulnerabilities
• Bedeng PSP SQL Injection Vulnerabilities
• Nelogic Nephp Publisher SQL Injection Vulnerabilities
• Softbiz Resource Repository Script SQL Injection Vulnerabilities
• BerliOS SourceWell SQL Injection Vulnerability
• AllWeb Search SQL Injection Vulnerability
• K-Search SQL Injection Vulnerabilities
• EdmoBBS SQL Injection Vulnerabilities
• JBB SQL Injection Vulnerabilities
• UGroup SQL Injection Vulnerabilities
• ShockBoard Offset Parameter SQL Injection Vulnerability
• Netzbrett P_Entry Parameter SQL Injection Vulnerability
• SimpleBBS Search Module Parameters SQL Injection Vulnerability
• ADC2000 NG Pro SQL Injection Vulnerabilities
• Simple Document Management System SQL Injection Vulnerabilities
• Nicecoder iDesk FAQ.PHP SQL Injection Vulnerability
• PDJK-support Suite Multiple SQL Injection Vulnerabilities
• Randshop Multiple SQL Injection Vulnerabilities
• FreeWebStat Multiple Cross-Site Scripting Vulnerabilities
• PHP Web Statistik Content Injection Vulnerabilities
• Helpdesk Issue Manager Multiple SQL Injection Vulnerabilities
• WebCalendar Multiple SQL Injection Vulnerabilities
• WebCalendar Export_Handler.PHP File Corruption Vulnerability
• GuppY Error.PHP Remote File Include and Command Execution Vulnerability
• GuppY Multiple Local File Include and Information Disclosure Vulnerabilities
• PHP Doc System Local File Include Vulnerability
• SearchSolutions Multiple Products Cross-Site Scripting Vulnerabilities
• Gallery Multiple Input Validation Vulnerabilities
• PHP Upload Center Index.PHP Directory Traversal Vulnerability
• PHP Upload Center Directory Traversal Vulnerability
• Fantastic Scripts Fantastic News News.PHP SQL Injection Vulnerability
• Xaraya Directory Traversal Vulnerability
• DotClear Unspecified Trackback Vulnerability
• DotClear Session.PHP SQL Injection Vulnerability
• DMANews Multiple SQL Injection Vulnerabilities
• DRZES HMS Register_domain.PHP Cross-Site Scripting Vulnerability
• DRZES HMS Multiple SQL Injection Vulnerabilities
• Entergal MX Multiple SQL Injection Vulnerabilities
• BosDates Multiple SQL Injection Vulnerabilities
• Post Affiliate Pro Index.PHP SQL Injection Vulnerability
• GhostScripter Amazon Shop Search.PHP SQL Injection Vulnerability
• KBase Express Multiple SQL Injection Vulnerabilities
• ltwCalendar Calendar.PHP SQL Injection Vulnerability
• Orca Knowledgebase Knowledgebase.PHP SQL Injection Vulnerability
• Orca Blog Blog.PHP SQL Injection Vulnerability
• Orca Ringmaker Ringmaker.PHP SQL Injection Vulnerability
• FAQ System Multiple SQL Injection Vulnerabilities
• Survey System Survey.PHP SQL Injection Vulnerability
• N-13 News SQL Injection Vulnerability
• SocketKB Index.PHP SQL Injection Vulnerability
• PHPAlbum Local File Include Vulnerability
• Softbiz B2B Trading Marketplace Multiple SQL Injection Vulnerabilities
• Softbiz FAQ Multiple SQL Injection Vulnerabilities
• Atlantis Knowledge Base Search.PHP SQL Injection Vulnerability
• FAQRing Answer.PHP SQL Injection Vulnerability
• WSN Knowledge Base Multiple SQL Injection Vulnerabilities
• O-Kiraku Nikki Nikki.PHP SQL Injection Vulnerability
• 88Scripts Event Calendar Index.PHP SQL Injection Vulnerability
• Instant Photo Gallery Multiple SQL Injection Vulnerabilities
• WebCalendar Multiple SQL Injection Vulnerabilities
• Lore Article.PHP SQL Injection Vulnerability
• WebCalendar Layers_Toggle.PHP HTTP Response Splitting Vulnerability