Alerts from SecurityFocus Newsletter #344

Summarized by Daniel Convissor

PHP

• PHP PHPInfo Large Input Cross-Site Scripting Vulnerability
  This was fixed in CVS on March 30, so should show up in PHP 5.1.3 when it's released.

APPLICATIONS USING PHP

• PHPBB Profile.PHP Cross-Site Scripting Vulnerability
• Horde MIME Viewer Inline Attachment HTML Injection Vulnerability
• Esqlanelapse Unspecified Cross-Site Scripting Vulnerability
• Mon Album Multiple SQL Injection Vulnerabilities
• Mantis View_All_Set.PHP Multiple Cross-Site Scripting Vulnerabilities
• Horde Help Viewer Remote PHP Code Execution Vulnerability
• O2PHP Oxygen Post.PHP SQL Injection Vulnerability
• MediaSlash Gallery Index.PHP Remote File Include Vulnerability
• VNews Multiple Cross-Site Scripting Vulnerabilities
• VNews Multiple SQL Injection Vulnerabilities
• VBook Index.PHP SQL Injection Vulnerability
• VBook Multiple Cross-Site Scripting Vulnerabilities
• VWar Functions_Admin.PHP Remote File Include Vulnerability
• VWar Get_header.PHP Remote File Include Vulnerability
• X-Changer Multiple SQL Injection Vulnerabilities
• PHPNewsManager Multiple SQL Injection Vulnerabilities
• PHPNuke-Clan Functions_Common.PHP Remote File Include Vulnerability
• AngelineCMS Loadkernel.PHP Remote File Include Vulnerability
• MyBulletinBoard Email BBCode Tag HTML Injection Vulnerability
• LucidCMS Index.PHP Multiple Cross-Site Scripting Vulnerabilities
• WebAPP Multiple Cross-Site Scripting Vulnerabilities
• Exponent CMS Banner Module Arbitrary Script Execution Vulnerability
• Basic Analysis and Security Engine Base_maintenance.PHP Authentication Bypass Vulnerability
• ReloadCMS User-Agent HTML Injection Vulnerability
• PHPSelect Submit-A-Link HTML Injection Vulnerability
• Blank'N'Berg Directory Traversal Vulnerability
• Blank'N'Berg Cross-Site Scripting Vulnerability
• Claroline Rqmkhtml.PHP Information Disclosure Vulnerability
• Claroline RQMKHTML.PHP Cross-Site Scripting Vulnerability
• Claroline ScormExport.inc.PHP File Include Vulnerability
• RedCMS Multiple Input Validation Vulnerabilities
• Softbiz Image Gallery Multiple SQL Injection Vulnerabilities
• DbbS Topics.PHP SQL Injection Vulnerability
• Warcraft III Replay Parser for PHP Index.PHP Remote File Include Vulnerability
• V-creator Remote Shell Code Execution Vulnerability
• QLnews Multiple Input Validation Vulnerabilities
• qliteNews Multiple SQL Injection Vulnerabilities
• GTD-PHP Multiple Input Validation Vulnerabilities

RELATED STUFF

• Apache Struts Multiple Remote Vulnerabilities