Alerts from SecurityFocus Newsletter #343

Summarized by Daniel Convissor

Wow! This week's newsletter has a plethora problematic PHP programs.

PHP

• PHP html_entity_decode() Information Disclosure Vulnerability
  This has been fixed in 5.1.3-RC1. The patch was also applied to the 4.4 branch but hasn't made it into a release yet.

APPLICATIONS USING PHP

• PHPAdsNew and PHPPGAds Multiple Input Validation Vulnerabilities
• AkoComment akocomment.PHP Multiple SQL Injection Vulnerabilities
• Nuked-Klan Index.PHP SQL Injection Vulnerability
• SaphpLesson Print.PHP SQL Injection Vulnerability
• Calendar Express Multiple Cross-Site Scripting Vulnerabilities
• WEBalbum Remote Command Execution Vulnerability
• ConfTool Index.PHP Cross-Site Scripting Vulnerability
• PHP-Stats Multiple Input Validation and Information Disclosure Vulnerabilities
• PHPBookingCalendar Details_View.PHP SQL Injection Vulnerability
• PHP Ticket Search.PHP SQL Injection Vulnerability
• DSDownload Multiple SQL-Injection Vulnerabilities
• DSCounter Index.PHP SQL Injection Vulnerability
• eXpandable Home Page CMS Multiple Access Validation Vulnerabilities
• PhxContacts Login.PHP Cross-Site Scripting Vulnerability
• Null News Multiple SQL Injection Vulnerabilities
• PHP Classifieds Search.PHP Cross-Site Scripting Vulnerability
• Sourceworkshop Newsletter Newsletter.PHP SQL Injection Vulnerability
• PhxContacts Multiple SQL Injection Vulnerabilities
• vCounter vCounter.PHP SQL Injection Vulnerability
• PHPNewsManager Multiple SQL Injection Vulnerabilities
• Tilde CMS Index.PHP SQL Injection Vulnerability
• PhpCollab Sendpassword.PHP SQL Injection Vulnerability
• NetOffice Sendpassword.PHP SQL Injection Vulnerability
• OneOrZero Helpdesk Index.PHP SQL Injection Vulnerability
• PHP Script Index Search Parameter Cross-Site Scripting Vulnerability
• Horde Help Viewer Remote PHP Code Execution Vulnerability
• PHPKIT Cross-Site Scripting Vulnerability
• VWar Functions_install.PHP Remote File Include Vulnerability
• AL-Caricatier Multiple Cross-Site Scripting Vulnerabilities
• CONTROLzx HMS Multiple Cross-Site Scripting Vulnerabilities
• PHPmyfamily Track.PHP Cross-Site Scripting Vulnerability
• phpCOIN Multiple Cross-Site Scripting Vulnerabilities
• Tachyondecay VSNS Lemon Final_functions.PHP SQL Injection Vulnerability
• ActiveCampaign SupportTrio Multiple Cross-Site Scripting Vulnerabilities
• MediaWiki Encoded Page Link HTML Injection Vulnerability
• TFT Gallery Administrator Password Information Disclosure Vulnerability
• DSLogin Index.PHP Multiple SQL Injection Vulnerabilities
• Pixel Motion Multiple SQL Injection Vulnerabilities
• Meeting Reserve SearchResult.PHP Cross-Site Scripting Vulnerability
• G-Book HTML Injection Vulnerability
• Maian Weblog Multiple SQL-Injection Vulnerabilities

RELATED STUFF

• Sendmail Asynchronous Signal Handling Remote Code Execution Vulnerability