NYCPHP Meetup

NYPHP.org

[nycphp-talk] PHP in SecurityFocus #327

Daniel Convissor danielc at analysisandsolutions.com
Sat Dec 24 13:44:41 EST 2005 

These summaries are available online
RSS:  http://phpsec.org/projects/vulnerabilities/securityfocus.xml
HTML: http://phpsec.org/projects/vulnerabilities/securityfocus.html

Alerts from SecurityFocus Newsletter #327

Holy cow! PHP applications account for 72% of the announcements this
week!


APPLICATIONS USING PHP
----------------------
Drupal Image Upload HTML Injection Vulnerability
http://www.securityfocus.com/bid/15663

Drupal View User Profile Authorization Bypass Vulnerability  
http://www.securityfocus.com/bid/15674

PBLang Bulletin Board System Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/15573

Athena PHP Website Administration Remote File Include Vulnerability
http://www.securityfocus.com/bid/15574

PHPGreetz Remote File Include Vulnerability
http://www.securityfocus.com/bid/15575

Q-News Remote File Include Vulnerability
http://www.securityfocus.com/bid/15576

Enterprise Connector SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/15578

Zainu SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/15579

Babe Logger SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/15580

Top Music Module SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/15581

PHPWordPress Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/15582

Bedeng PSP SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/15583

Nelogic Nephp Publisher SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/15584

Softbiz Resource Repository Script SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/15585

BerliOS SourceWell SQL Injection Vulnerability
http://www.securityfocus.com/bid/15586

AllWeb Search SQL Injection Vulnerability
http://www.securityfocus.com/bid/15587

K-Search SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/15588

EdmoBBS SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/15589

JBB SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/15590

UGroup SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/15591

ShockBoard Offset Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/15592

Netzbrett P_Entry Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/15593

SimpleBBS Search Module Parameters SQL Injection Vulnerability
http://www.securityfocus.com/bid/15594

ADC2000 NG Pro SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/15595

Simple Document Management System SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/15596

Nicecoder iDesk FAQ.PHP SQL Injection Vulnerability
http://www.securityfocus.com/bid/15597

PDJK-support Suite Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/15598

Randshop Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/15599

FreeWebStat Multiple Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/15601

PHP Web Statistik Content Injection Vulnerabilities
http://www.securityfocus.com/bid/15603

Helpdesk Issue Manager Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/15604

WebCalendar Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/15606

WebCalendar Export_Handler.PHP File Corruption Vulnerability
http://www.securityfocus.com/bid/15608

GuppY Error.PHP Remote File Include and Command Execution Vulnerability
http://www.securityfocus.com/bid/15609

GuppY Multiple Local File Include and Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/15610

PHP Doc System Local File Include Vulnerability
http://www.securityfocus.com/bid/15611

SearchSolutions Multiple Products Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/15612

Gallery Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/15614

PHP Upload Center Index.PHP Directory Traversal Vulnerability
http://www.securityfocus.com/bid/15621

PHP Upload Center Directory Traversal Vulnerability
http://www.securityfocus.com/bid/15626

Fantastic Scripts Fantastic News News.PHP SQL Injection Vulnerability
http://www.securityfocus.com/bid/15622

Xaraya Directory Traversal Vulnerability
http://www.securityfocus.com/bid/15623

DotClear Unspecified Trackback Vulnerability
http://www.securityfocus.com/bid/15624

DotClear Session.PHP SQL Injection Vulnerability
http://www.securityfocus.com/bid/15667

DMANews Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/15628

DRZES HMS Register_domain.PHP Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/15630

DRZES HMS Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/15644

Entergal MX Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/15631

BosDates Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/15632

Post Affiliate Pro Index.PHP SQL Injection Vulnerability
http://www.securityfocus.com/bid/15633

GhostScripter Amazon Shop Search.PHP SQL Injection Vulnerability
http://www.securityfocus.com/bid/15634

KBase Express Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/15635

ltwCalendar Calendar.PHP SQL Injection Vulnerability
http://www.securityfocus.com/bid/15636

Orca Knowledgebase Knowledgebase.PHP SQL Injection Vulnerability
http://www.securityfocus.com/bid/15637

Orca Blog Blog.PHP SQL Injection Vulnerability
http://www.securityfocus.com/bid/15638

Orca Ringmaker Ringmaker.PHP SQL Injection Vulnerability
http://www.securityfocus.com/bid/15639

FAQ System Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/15640

Survey System Survey.PHP SQL Injection Vulnerability
http://www.securityfocus.com/bid/15641

N-13 News SQL Injection Vulnerability
http://www.securityfocus.com/bid/15643

SocketKB Index.PHP SQL Injection Vulnerability
http://www.securityfocus.com/bid/15650

PHPAlbum Local File Include Vulnerability
http://www.securityfocus.com/bid/15651

Softbiz B2B Trading Marketplace Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/15652

Softbiz FAQ Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/15653

Atlantis Knowledge Base Search.PHP SQL Injection Vulnerability
http://www.securityfocus.com/bid/15654

FAQRing Answer.PHP SQL Injection Vulnerability
http://www.securityfocus.com/bid/15655

WSN Knowledge Base Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/15656

O-Kiraku Nikki Nikki.PHP SQL Injection Vulnerability
http://www.securityfocus.com/bid/15657

88Scripts Event Calendar Index.PHP SQL Injection Vulnerability
http://www.securityfocus.com/bid/15658

Instant Photo Gallery Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/15659

WebCalendar Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/15662

Lore Article.PHP SQL Injection Vulnerability
http://www.securityfocus.com/bid/15665

WebCalendar Layers_Toggle.PHP HTTP Response Splitting Vulnerability
http://www.securityfocus.com/bid/15673

More information about the talk mailing list