Alerts from SecurityFocus Newsletter #329

Summarized by Daniel Convissor

The large number of Perl items in this week's newsletter is surprising.

APPLICATIONS USING PHP

• Flatnuke Index.PHP Directory Traversal Vulnerability
• Netref Index.php SQL Injection Scripting Vulnerability
• Netref Index.PHP SQL Injection Vulnerability
• Horde Turba Multiple HTML Injection Vulnerabilities
• Horde Mnemo Remote HTML Injection Vulnerabilities
• Horde Nag Remote HTML Injection Vulnerabilities
• Horde Application Framework Input Validation Vulnerabilities
• Horde Kronolith Multiple HTML Injection Vulnerabilities
• Horde Application Framework CSV File Upload Code Execution Vulnerability
• UseBB PHP_SELF Cross-Site Scripting Vulnerability
• Scout Portal Toolkit Multiple Input Validation Vulnerabilities
• Arab Portal Link.PHP SQL Injection Vulnerabilities
• PHPCoin Coin_CFG.PHP SQL Injection Vulnerability
• PHPCoin Config.PHP File Include Vulnerability
• EncapsGallery Gallery.PHP SQL Injection Vulnerability
• PHPWebGallery Multiple SQL Injection Vulnerabilities
• Plogger Index.PHP Multiple Input Validation Vulnerabilities
• PHP JackKnife Cross-Site Scripting Vulnerability
• Mantis View_filters_page.PHP Cross-Site Scripting Vulnerability
• Link Up Gold Multiple Input Validation Vulnerabilities
• Snipe Gallery Multiple Input Validation Vulnerabilities
• mcGallery PRO Multiple Input Validation Vulnerabilities
• PHP Web Scripts Ad Manager Pro Advertiser_statistic.PHP SQL Injection Vulnerability
• Jamit Job Board Index.PHP SQL Injection Vulnerability
• DreamLevels Dream Poll View_Results.PHP SQL Injection Vulnerability
• MySQL Auction Search Module Cross-Site Scripting Vulnerability
• PHP Support Tickets Multiple SQL Injection Vulnerabilities
• CKGold Search.PHP Cross-Site Scripting Vulnerability
• PHPNuke Content Filtering Byapss Vulnerability
• WHMCompleteSolution Knowledgebase.PHP Cross-Site Scripting Vulnerability
• WikkaWiki TextSearch.PHP Cross-Site Scripting Vulnerability
• QuickPayPro Multiple Input Validation Vulnerabilities
• MarmaraWeb E-Commerce Remote File Include Vulnerability
• MarmaraWeb E-Commerce Cross-Site Scripting Vulnerability
• TML CMS Multiple Input Validation Vulnerabilities
• AlmondSoft Almond Classifieds SQL Injection Vulnerability

RELATED STUFF

• cURL / libcURL URL Parser Buffer Overflow Vulnerability
  Upgrade to 7.15.1.
• Apache Mod_IMAP Referer Cross-Site Scripting Vulnerability