Project ListAlerts from SecurityFocus Newsletter #353
Wow. Lot's of PHP app issues this week. Plus announcements for MySQL, PostgreSQL and the GD graphics library.APPLICATIONS USING PHP
- Wikiwig WK_lang.PHP Remote File Include Vulnerability
- Alex NewsEngine Newscomments.PHP SQL Injection Vulnerability
- DokuWiki Remote PHP Script Code Injection Vulnerability
- DreamCost HostAdmin Multiple Remote File Include Vulnerabilities
- Bookmark4U Multiple Remote File Include Vulnerabilities
- ESTsoft InternetDisk Arbitrary File Upload and Script Execution Vulnerability
- Kmita FAQ Multiple Input Validation Vulnerabilities
- OSADS Alliance Database Board Comment HTML Injection Vulnerability
- Pixelpost Multiple SQL Injection Vulnerabilities
- dotProject Unspecified Cross-Site Scripting Vulnerability
- CyBoards PHP Lite Common.PHP Remote File Include Vulnerability
- Particle Wiki Index.PHP SQL Injection Vulnerability
- Particle Gallery Viewimage.PHP SQL Injection Vulnerability
- CoolForum Editpost.PHP SQL Injection Vulnerability
- TikiWiki Multiple Cross-Site Scripting Vulnerabilities
- KnowledgeTree Open Source Cross-site Scripting Vulnerability
- ScriptsEZ Easy Ad-Manager Details.PHP Cross-Site Scripting Vulnerability
- ScriptsEZ Chemical Dictionary Dictionary.PHP Cross-Site Scripting Vulnerability
- ScriptsEZ E-Dating System Multiple Input Validation Vulnerabilities
- DGbook HTML Injection Vulnerabilities
- CMS Mundo HTML Injection Vulnerability
- PostNuke Multiple Input Validation Vulnerabilities
- Vice Stats VS_Resource.PHP SQL Injection Vulnerability
- Calendar Express Month.PHP SQL Injection Vulnerability
- MiraksGalerie Multiple Remote File Include Vulnerabilities
- WebCalendar Index.PHP Information Disclosure Vulnerability
- AZ Photo Album Script Pro Cross-Site Scripting Vulnerability
- TinyPHPForum Profile.PHP Local File Include Vulnerability
- MyBulletinBoard Private.PHP Cross-Site Scripting Vulnerability
- Basic Analysis and Security Engine Multiple Remote File Include Vulnerabilities
- GANTTy Index.PHP Cross-Site Scripting Vulnerability
- DreamAccount Multiple Remote File Include Vulnerabilities
- Alex DownloadEngine Comments.PHP SQL Injection Vulnerability
RELATED STUFF
- MySQL Mysql_real_escape Function SQL Injection Vulnerability
Upgrade to version 5.0.22-1-0.1 or 4.1.20. - PostgreSQL Multibyte Character Encoding SQL Injection Vulnerabilities
Upgrade to versions 8.1.4, 8.0.8, 7.4.13 or 7.3.15. - GD Graphics Library Remote Denial of Service Vulnerability
