Project ListAlerts from SecurityFocus Newsletter #367
RSA key forgeries and Flash vulnerabilities are in the news this week.APPLICATIONS USING PHP
- Drupal Userreview Module Unspecified Cross-Site Scripting Vulnerability
- Mambo Serverstat Component Install.Serverstat.PHP Remote File Include Vulnerability
- Quicksilver Forums Activeutil.PHP Remote File Include Vulnerability
- ForumJBC Haut.PHP Cross-Site Scripting Vulnerability
- WM-News Multiple Input Validation Vulnerabilities
- Vitrax Premodded Functions_Portal.PHP Remote File Include Vulnerability
- CCHost Index.PHP SQL Injection Vulnerability
- WebSPELL Database.PHP Authentication Bypass Vulnerability
- Ractive Popper Childwindow.Inc.PHP Remote File Include Vulnerability
- TeamCal Pro Footer.HTML.Inc.PHP Remote File Include Vulnerability
- DCP-Portal Multiple Input Validation Vulnerabilities
- Tagger LE Multiple PHP Code Injection Vulnerabilities
- PHPATM Multiple Remote File Include Vulnerabilities
- PHPQuiz Index.PHP Remote File Include Vulnerability
- ActiveCampaign KnowledgeBuilder Remote File Include Vulnerability
- Reamday Enterprises Magic News Pro News_page.PHP Remote File Include Vulnerability
- EmuCMS Index.PHP Cross-Site Scripting Vulnerabilities
- NX5Linkx Multiple SQL Injection Vulnerabilities
- NX5Linkx Links.PHP HTTP Response Splitting Vulnerability
- NX5Linkx Link.PHP Directory Traversal Vulnerability
- Vmist Downstat Remote File Include Vulnerabilities
- Shadowed Portal Bottom.PHP Remote File Include Vulnerability
- DokuWiki Multiple Input Validation Vulnerabilities
- e107 CMS Multiple Cross-Site Scripting Vulnerabilities
- CJ Tag Board Tag.PHP Cross-Site Scripting Vulnerability
- Telekorn Signkorn Guestbook Dir_Path Multiple Remote File Include Vulnerabilities
- PHP Event Calendar Index.PHP Multiple Cross Site Scripting Vulnerabilities
- Moodle Multiple Input Validation and Information Disclosure Vulnerabilities
- K2News Management Ratings.PHP Cross-Site Scripting Vulnerability
- PhotoPost Pro Zipndownload.PHP Remote File Include Vulnerability
- PHPUnity.Postcard PHPUnity-Postcard.PHP Remote File Include Vulnerability
RELATED STUFF
- Adobe Flash Player Multiple Remote Code Execution Vulnerabilities
Versions 8.0.24.0 and 9.0.16.0 fix this problem. - GNUTLS PKCS RSA Signature Forgery Vulnerability
Attackers may be able to forge a PKCS #1 v1.5 signature when an RSA key with exponent 3 is used. GnuTLS 1.4.3 takes care of this issue.
