Alerts from SecurityFocus Newsletter #346

Summarized by Daniel Convissor

This week brings many issues in PHP applications. More importantly, you better upgrade your Mozilla programs!

APPLICATIONS USING PHP

• MODxCMS Index.PHP Directory Traversal Vulnerability
• MODxCMS Index.PHP Cross-Site Scripting Vulnerability
• AWebBB Multiple Input Validation Vulnerabilities
• Papoo Print.PHP Cross-Site Scripting Vulnerability
• LifeType Index.PHP Cross-Site Scripting Vulnerability
• Simplog Multiple SQL Injection Vulnerabilities
• Simplog Remote File Include Vulnerability
• Simplog Login.PHP Cross-Site Scripting Vulnerability
• PowerClan Member.PHP SQL Injection Vulnerability
• RedCMS Multiple Input Validation Vulnerabilities
• PlanetSearch + Planetsearchplus.PHP Cross-Site Scripting Vulnerability
• AR-Blog Print.PHP Cross-Site Scripting Vulnerability
• Warforge.NEWS Multiple Input Validation Vulnerabilities
• FlexBB Multiple Input Validation Vulnerabilities
• FlexBB Index.PHP SQL Injection Vulnerability
• FlexBB Multiple HTML Injection Vulnerabilities
• MD News Admin.PHP SQL Injection Vulnerability
• Serendipity Blog Config.PHP Script Injection Vulnerability
• Coppermine Index.PHP Local File Include Vulnerability
• MyBB Global Variable Overwrite Vulnerability
• Jax Guestbook Jax_guestbook.PHP Cross-Site Scripting Vulnerability
• Calendarix YearCal.PHP Cross-Site Scripting Vulnerability
• BoastMachine Search.PHP Cross-Site Scripting Vulnerability
• DbbS Topics.PHP SQL Injection Vulnerability
• DbbS Multiple Input Validation Vulnerabilities
• PHPWebFTP Index.PHP Directory Traversal Vulnerability
• BetaBoard User Profile HTML Injection Vulnerability
• Blursoft Blur6ex Index.PHP Local File Include Vulnerability
• BlackOrpheus Member.PHP SQL Injection Vulnerability
• Neuron Blog Multiple HTML Injection Vulnerabilities
• TinyPHPForum Multiple Cross-Site Scripting Vulnerabilities
• Monster Top List Functions.PHP Remote File Include Vulnerability
• Boardsolution Index.PHP Cross-Site Scripting Vulnerability
• ShoutBOOK Multiple HTML Injection Vulnerabilities
• myEvent Multiple Remote File Include Vulnerabilities
• myEvent Multiple Input Validation Vulnerabilities
• MusicBox Multiple Input Validation Vulnerabilities
• Snipe Gallery Multiple Cross-Site Scripting Vulnerabilities
• Snipe Gallery Multiple Input Validation Vulnerabilities
• PHPGraphy Index.PHP Unauthorized Access Vulnerability
• phpFaber TopSites Index.PHP Cross-Site Scripting Vulnerability
• PHPLister Index.PHP Cross-Site Scripting Vulnerability
• RechnungsZentrale V2 Authent.PHP4 Remote File Include Vulnerability
• RechnungsZentrale V2 Authent.PHP4 SQL Injection Vulnerability
• phpLinks Index.PHP Cross-Site Scripting Vulnerability
• PHPGuestbook HTML Injection Vulnerability
• Tiny Web Gallery Index.PHP Cross-Site Scripting Vulnerability
• FarsiNews Search.PHP Cross-Site Scripting Vulnerability

RELATED STUFF

• Mozilla Suite, Firefox, SeaMonkey, and Thunderbird Multiple Remote Vulnerabilities
  These problems have been fixed in the following versions:
  Firefox versions 1.0.8 and 1.5.0.2
  Thunderbird versions 1.0.8 and 1.5.0.2
  Mozilla Suite version 1.7.13
  SeaMonkey version 1.0.1