Alerts from SecurityFocus Newsletter #335

Summarized by Daniel Convissor

APPLICATIONS USING PHP

• Ashwebstudio Ashnews Cross-Site Scripting Vulnerability
• Nuked-klaN Index.PHP Cross-Site Scripting Vulnerability
• CRE Loaded Files.PHP Access Validation Vulnerability
• sPaiz-Nuke Modules.PHP Cross-Site Scripting Vulnerability
• Invision Power Board Portal Plugin Index.PHP SQL Injection Vulnerability
• Calendarix Multiple SQL Injection Vulnerabilities
• SZUserMgnt Username Parameter SQL Injection Vulnerability
• FarsiNews Loginout.PHP Remote File Include Vulnerability
• EasyCMS Multiple Cross-Site Scripting Vulnerabilities
• phpBB Rlink Module Rlink.PHP Cross-Site Scripting Vulnerability
• PunctWeb MyCO Name Field HTML Injection Vulnerability
• MyBB Index.PHP Referrer Cookie SQL Injection Vulnerability
• Cerberus Helpdesk Clients.PHP Cross-Site Scripting Vulnerability
• AshWebStudio AshNews Remote File Include Vulnerability
• BrowserCRM Results.PHP Cross-Site Scripting Vulnerability
• PmWiki Multiple Input Validation Vulnerabilities
• Phpclanwebsite Multiple Input Validation Vulnerabilities
• Phpclanwebsite Multiple Input Validation Vulnerabilities
• AZ Bulletin Board Post.PHP HTML Injection Vulnerabilities

RELATED STUFF

• OpenSSH SCP Shell Command Execution Vulnerability
  Changes to version 4.3 resolve this issue.
• Mozilla Firefox XBL -MOZ-BINDING Property Cross-Domain Scripting Vulnerability
• Adobe Multiple Unspecified Local Privilege Escalation Vulnerabilities