Project ListAlerts from SecurityFocus Newsletter #339
APPLICATIONS USING PHP
- EZ Publish ImageCatalogue Cross-Site Scripting Vulnerability
- Mambo Open Source Multiple SQL Injection Vulnerabilities
- PHP-Nuke Mainfile.PHP SQL Injection Vulnerability
- PHP PEAR::Archive_Tar Remote Directory Traversal Vulnerability
- iGenus WebMail Config_Inc.PHP Remote File Include Vulnerability
- DCI-Taskeen Multiple SQL Injection Vulnerabilities
- PHPWebSite Topics.PHP SQL Injection Vulnerability
- SPiD Scan_Lang_Insert.PHP Local File Include Vulnerability
- CubeCart Arbitrary File Upload Vulnerability
- NOCC Webmail Multiple Input Validation Vulnerabilities
- PHPLIB Unspecified Code Execution Vulnerability
- MyPHPNuke Multiple Cross-Site Scripting Vulnerabilities
- DEV Web Management System HTML Injection Vulnerability
- JGS-Gallery Module Multiple Cross-Site Scripting Vulnerabilities
- PwsPHP Index.PHP SQL Injection Vulnerability
- 4images Index.PHP Remote File Include Vulnerability
- Archangel Weblog Authentication Bypass Vulnerability
- Woltlab Burning Board Multiple Cross-Site Scripting Vulnerabilities
- Fantastic Scripts Fantastic News SQL Injection Vulnerability
- Lansuite Board Module SQL Injection Vulnerability
- PHPRPC Library Remote Code Execution Vulnerability
Other projects relying on this library, such as RunCMS, are probably affected by this problem. - PHPX XCode Tag HTML Injection Vulnerability
- D3Jeeb Multiple SQL Injection Vulnerabilities
RELATED STUFF
- MySQL Query Logging Bypass Vulnerability
Using the NULL character causes query logging to fail. For example: mysql_query('/*'.chr(0).'*/ SELECT * FROM table');
