Alerts from SecurityFocus Newsletter #349

Summarized by Daniel Convissor

APPLICATIONS USING PHP

• Drupal Project Module HTML Injection Vulnerability
• Dokeos LDAP_VAR.INC.PHP Remote File Include Vulnerability
• PHPRaid Multiple Remote File Include Vulnerabilities
• Claroline Multiple Remote File Include Vulnerabilities
• Singapore Index.PHP Cross-Site Scripting Vulnerability
• ISPConfig Session.INC.PHP Remote File Include Vulnerability
• MyBB Showthread.PHP SQL Injection Vulnerability
• X-POLL Add.PHP Input Validation Vulnerability
• Timobraun Dynamic Galerie Multiple Input Validation Vulnerabilities
• PHP-Fusion Multiple Local File Include Vulnerabilities
• FaktoryStudios EasyEvent Index.PHP Cross-Site Scripting Vulnerability
• EvoTopsite Index.PHP Multiple SQL Injection Vulnerabilities
• StatIt Visible_count_inc.PHP Remote File Include Vulnerability
• ACal Day.PHP Remote File Include Vulnerability
• Online Universal Payment System Script Multiple Input Validation Vulnerabilities
• Creative Community Portal Multiple SQL Injection Vulnerabilities
• EQDKP DBal.PHP Remote File Include Vulnerability
• Phil's Bookmark Script Admin.PHP Authentication Bypass Vulnerability