Alerts from SecurityFocus Newsletter #371

Summarized by Daniel Convissor

PHP

• PHP ZendEngine ECalloc Integer Overflow Vulnerability

APPLICATIONS USING PHP

• RegistroTL Main.PHP Remote File Include Vulnerability
• 4Images Search.PHP SQL Injection Vulnerability
• Dokeos Multiple Remote File Includes Vulnerabilities
• CommunityPortals Bug.PHP Remote File Include Vulnerability
• FlatNuke Index.PHP Arbitrary File Upload Vulnerability
• Noah's Classifieds Index.PHP Cross-Site Scripting Vulnerability
• N@Board Naboard_PNR.PHP Remote File Include Vulnerability
• PhpMyAgenda Language Local File Include Vulnerability
• Eboli Index.PHP Remote File Include Vulnerability
• Jasmine-Web Index.PHP Remote File Include Vulnerability
• Polaring General.PHP Remote File Include Vulnerability
• PHP Live! Help Script File Include Vulnerability
• Webmedia Explorer Core.Lib.PHP Remote File Include Vulnerability
• Easy Gallery Doc_Directory Parameter Multiple Remote File Include Vulnerabilities
• Eazy Cart Multiple Input Validation and Authentication Bypass Vulnerabilities
• Moodle Blog Module SQL Injection Vulnerability
• EXPBlog Multiple Cross-Site Scripting Vulnerabilities
• Blue Smiley Organizer Unspecified SQL Injection Vulnerabilities
• ZABBIX Multiple Unspecified Remote Code Execution Vulnerabilities
• Cahier De Textes SQL Injection Vulnerabilities
• AAIPortal Unspecified SQL Injection Vulnerabilities

RELATED STUFF

• OpenSSH-Portable Existing Password Remote Information Disclosure Weakness