Alerts from SecurityFocus Newsletter #348

Summarized by Daniel Convissor

Make sure to check out the bottom item covering some MySQL bugs.

APPLICATIONS USING PHP

• Artmedic Event Index.PHP Remote File Include Vulnerability
• Network Administration Visualized Multiple SQL Injection Vulnerabilities
• CoolMenus Index.PHP Remote File Include Vulnerability
• Free-PHP.net Simple Poll Authentication Bypass Vulnerability
• Ruperts News Script Login.PHP SQL Injection Vulnerability
• DeltaScripts PHP Pro Publish Multiple SQL Injection Vulnerabilities
• Limbo CMS SQL.PHP Remote File Include Vulnerability
• PHP Newsfeed Multiple SQL Injection Vulnerabilities
• DMCounter Kopf.PHP Remote File Include Vulnerability
• CmScout Multiple HTML Injection Vulnerabilities
• Pinnacle Cart Index.PHP Cross-Site Scripting Vulnerability
• Invision Gallery Post.PHP SQL Injection Vulnerability
• Virtual Hosting Control System Server_day_stats.PHP Multiple Cross-Site Scripting Vulnerabilities
• FileProtection Express Authentication Bypass Vulnerability
• GeoBlog Viewcat.PHP Cross-Site Scripting Vulnerability
• SF-Users Username HTML Injection Vulnerability
• SBlog Search.PHP SQL Injection Vulnerability
• XDT Pro Stats.PHP Cross-Site Scripting Vulnerability
• Zenphoto Multiple Cross-Site Scripting Vulnerabilities
• JSBoard Login.PHP Cross-Site Scripting Vulnerability
• X7 Chat Index.PHP Local File Include Vulnerability
• JMK Picture Gallery Admin_Gallery.PHP3 Authentication Bypass Vulnerability
• PlanetGallery Gallery_admin.PHP Authentication Bypass Vulnerability
• W-Agora BBCode Script Injection Vulnerability
• TextFileBB Multiple Tag Script Injection Vulnerabilities
• PHPNuke Downloads Module SQL Injection Vulnerability
• 4Images Multiple SQL Injection Vulnerabilities
• I-RATER Platinum Config_settings.TPL.PHP Remote File Include Vulnerability
• Thyme Search Page HTML Injection Vulnerability
• Advanced GuestBook Addentry.PHP Remote File Include Vulnerability
• Blog Mod Weblog_posting.PHP SQL Injection Vulnerability
• OpenPHPnuke Remote File Include Vulnerability
• SunShop Shopping Cart Multiple Cross-Site Scripting Vulnerabilities
• OrbitHYIP Multiple Cross-Site Scripting Vulnerabilities
• MaxTrade Multiple SQL Injection Vulnerabilities
• phpBB Knowledge Base Mod KB_constants.PHP Remote File Include Vulnerability
• AZNEWS News.PHP SQL Injection Vulnerability
• PostNuke Multiple Cross-Site Scripting Vulnerabilities

RELATED STUFF

• MySQL Remote Information Disclosure and Buffer Overflow Vulnerabilities
  Upgrade to 5.0.21, 4.0.27, 4.1.19 or 5.1.10.