Project ListAlerts from SecurityFocus Newsletter #368
gzip has several holes in it plus Mozilla has come out with new editions.APPLICATIONS USING PHP
- Mambo Hotornot Component Uploadfile.PHP Arbitrary File Upload Vulnerability
- Mambo Extended Registration Component mosConfig_absolute_path Remote File Include Vulnerability
- Vikingboard Topic.PHP SQL Injection Vulnerability
- Vikingboard Multiple Cross-Site Scripting Vulnerabilities
- PHPQuiz Multiple Input Validation Vulnerabilities
- Artmedic Links Index.PHP Remote File Include Vulnerability
- Aceboard Recherche.PHP Cross-Site Scripting Vulnerability
- PHP-Post Multiple Input Validation Vulnerabilities
- Nuked-Klan Query Parameter Cross-Site Scripting Vulnerability
- Claroline Claro_Init_Local.Inc.PHP Remote File Include Vulnerability
- Site@School Multiple Input Validation Vulnerabilities
- AlstraSoft Efriends GetStartOptions.PHP Local File Include Vulnerability
- EShoppingPro Search_Run.ASP SQL Injection Vulnerability
- PhotoPost Pro Multiple Remote File Include Vulnerabilities
- NixieAffiliate Delete.PHP Authentication Bypass Vulnerability
- Moodle Edit.PHP SQL Injection Vulnerability
- NixieAffiliate Lostpassword.PHP Cross-Site Scripting Vulnerability
- PHP DocWriter Index.PHP Remote File Include Vulnerability
- IDevSpot BizDirectory Multiple Cross-Site Scripting Vulnerabilities
- MyBulletinBoard Generic_Error.PHP Multiple Cross-Site Scripting Vulnerabilities
- MobilePublisherPHP Header.PHP Remote File Include Vulnerability
- GuanxiCRM Business Solution PHPXD.PHP Remote File Include Vulnerability
- UNAK-CMS Dirroot Parameter Remote File Include Vulnerability
- GNUTurk T_ID Parameter SQL Injection Vulnerability
- AEDating Dir[INC] Parameter Remote File Include Vulnerability
- Exponent CMS Index.PHP Local File Include Vulnerability
- Qualiteam X-Cart CMPI.PHP Arbitrary Variable Overwrite Vulnerability
- ESyndiCat Search.PHP Cross-Site Scripting Vulnerability
- MyReview Functions.PHP SQL Injection Vulnerability
- Innovate Portal Index.PHP Cross-Site Scripting Vulnerability
- Simple Discussion Board Multiple Remote File Include Vulnerabilities
- Tekman Portal Uye_Profil.ASP SQL Injection Vulnerability
- More.groupware Week.PHP SQL Injection Vulnerability
RELATED STUFF
- GNU GZip Archive Handling Multiple Remote Vulnerabilities
The GNU folks (http://www.gzip.org/) haven't released a patch as of yet, but RedHat has put out updated RPM's (http://rhn.redhat.com/errata/RHSA-2006-0667.html). - Mozilla Firefox/Thunderbird/Seamonkey Multiple Remote Vulnerabilities
Upgrade your installs to the following versions:
Firefox 1.5.0.7
Thunderbird 1.5.0.7
SeaMonkey 1.0.5
Camino 1.0.3
