Project ListAlerts from SecurityFocus Newsletter #366
The RSA signature forgery issue sounds problematic...APPLICATIONS USING PHP
- Joomla! Multiple Security Vulnerabilities
- PhpGroupWare Calendar Class.Holidaycalc.Inc.PHP Local File Include Vulnerability
- Gallery Stats Module Information Disclosure Vulnerability
- IntegraMOD PHPbb_Root_Path Multiple Remote File Include Vulnerabilities
- Membrepass Multiple Cross-Site Scripting Vulnerabilities
- Membrepass Recherchemembre.PHP SQL Injection Vulnerability
- Membrepass Variable.PHP Remote File Include Vulnerability
- E-vision CMS Path Parameter Multiple Remote File Include Vulnerabilities
- ExBB Home_Path Parameter Multiple Remote File Include Vulnerabilities
- PortailPHP Mod_PHPAlbum Sommaire_Admin.PHP Remote File Include Vulnerability
- CubeCart Multiple Security Vulnerabilities
- Graphiks GrapAgenda Index.PHP Remote File Include Vulnerability
- AnnoncesV Annonce.PHP Remote File Include Vulnerability
- MySpeach JScript.PHP Remote File Include Vulnerability
- ToendaCMS Remote File Include Vulnerability
- Papoo CMS IBrowser Remote File Include Vulnerability
- VBZoom Profile.PHP Cross-Site Scripting Vulnerability
- YACS Multiple Remote File Include Vulnerabilities
- Xoops Edituser.PHP SQL Injection Vulnerability
RELATED STUFF
- OpenSSL PKCS Padding RSA Signature Forgery Vulnerability
Attackers may be able to forge a PKCS #1 v1.5 signature when an RSA key with exponent 3 is used. This is fixed in OpenSSL 0.9.7k and 0.9.8c. - MySQL Multiupdate and Subselects Denial Of Service Vulnerability
For some reason this is the first time this very old issue made it into the SF newsletters.
