Project ListAlerts from SecurityFocus Newsletter #362
PHP
- PHP SSCANF() Safe_Mode Restriction-Bypass Vulnerability
This is fixed in 5.1.5 and 4.4.4.
APPLICATIONS USING PHP
- Netious CMS Authorization Bypass Vulnerability
- MyBloggie Trackback.PHP Multiple SQL Injection Vulnerabilities
- PHPCodeCabinet Core.PHP Remote File Include Vulnerability
- VBulletin Multiple Cross-Site Scripting Vulnerabilities
- Tinyportal Guestbook Multiple HTML Injection Vulnerabilities
- O2PHP Oxygen Post.PHP SQL Injection Vulnerability
- PHPPrintAnalyzer Index.php Remote File Include Vulnerability
- Visual Events Calendar Calendar.PHP Remote File Include Vulnerability
- Blur6ex Title HTML Injection Vulnerability
- Simple CMS Auth.PHP Remote Authentication Bypass Vulnerability
- DeluxeBB Newpost.PHP Cross-Site Scripting Vulnerability
- Torbstoff News News.PHP Remote File Include Vulnerability
- PHPCC Base_Dir Parameter Remote File Include Vulnerability
- TurnkeyWebTools PHP Simple Shop Multiple Remote File Include Vulnerabilities
- NewSolved ABS_Path Parameter Remote File Include Vulnerability
- XennoBB Profile.PHP Multiple SQL Injection Vulnerabilities
- CakePHP Error.PHP Multiple Cross-Site Scripting Vulnerabilities
- JD Wiki For Joomla Main.PHP Remote File Include Vulnerability
- phNNTP File_newsportal Remote File Include Vulnerability
- Netious CMS Username Parameter SQL Injection Vulnerability
- Simplog Archive.PHP Cross-Site Scripting Vulnerability
- The Address Book Login Page Multiple SQL Injection Vulnerabilities
- The Address Book Reloaded Unspecified Multiple SQL Injection Vulnerabilities
- Multiple SAPID Products Multiple Remote File Include Vulnerabilities
RELATED STUFF
- MySQL MERGE Priviledge Revoke Bypass Vulnerability
The issue allows continued access to MERGE tables if privileges on the original table subsequently got revoked. Upgrade to 5.0.24 or 4.1.21 for the fix. - Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability in LDAP scheme handling
This is fixed in 1.3.37, 2.0.59, 2.2.3.
