Membres
Alertes sécurité des applications PHP et MySQL
Alertes sécurité des applications PHP et MySQL
Alertes sécurité des applications PHP et MySQLPHP et MySQL ne font l\'objet d\'aucune alerte sécurité dans leurs versions courantes : PHP 5.0.4 et 4.4.0; MySQL 4.0.25, 4.1.14 et 5.0.10. Les mises à jour sont fortement recommandées vers ces versions. 26 alertes de sécurité ont été émises cette semaine, concernant des applications suivantes : AreaEdit, Beehive, Coppermine, Foojan, FUDForum, LiveSupport, Mantis, MyBB, MyBulletinBoard, Nephp, Netquery, PaFileDB, phpAdsNew, PHPFreeNews, phpGroupWare, PHPKit, PHPOutsourcing, phpPgAds, PostNuke, RunCMS, SaveWebPortal, SquirrelMail, TikiWiki, vBulletin, W-Agora, WebCalendar, Woltlab et Zorum + AreaEdit SpellChecker lang Variable Arbitrary Code Execution http://www.net-security.org/vulnerability.php?id=18853 + Beehive Forum Webtag Multiple SQL Injection Vulnerabilities http://www.securityfocus.com/bid/14361 + Coppermine Photo Gallery EXIF Data Cross Site Scripting Issue http://www.frsirt.com/bulletins/1807 + Foojan WMS \'gmain.php\' Lets Remote Users Inject HTML Code http://www.SecurityTracker.com/alerts/2005/Aug/1014789.html + FUDForum Tree View Access Validation Vulnerability http://www.securityfocus.com/bid/14556 + LiveSupport XML-RPC Remote PHP Code Execution Vulnerability http://www.frsirt.com/bulletins/1796 + Mantis Cross-Site Scripting and SQL Injection Vulnerabilities http://secunia.com/advisories/16506/ + MyBulletinBoard Multiple Scripts Remote SQL Injection Vulnerabilities http://www.frsirt.com/bulletins/1802 + Nephp Publisher Enterprise 3.04 Cross Site Scripting http://www.securityfocus.com/archive/1/408757 + Netquery \"host\" Parameter Arbitrary Command Execution http://secunia.com/advisories/16523/ + PaFileDB Administrative User Authentication SQL Injection http://secunia.com/advisories/16566/ + phpAdsNew Multiple Bugs Permit SQL Injection and Local File Inclusion and XML-RPC Bug Lets Remote Users Execute Arbitrary Code http://www.SecurityTracker.com/alerts/2005/Aug/1014735.html + PHPFreeNews SearchResults.php Multiple Variable XSS http://www.osvdb.org/displayvuln.php?osvdb_id=18852 + phpGroupWare Remote Code Execution and Security Bypass Issues http://www.frsirt.com/bulletins/1826 + PHPKit Multiple Parameters Remote SQL Injection Vulnerabilities http://www.frsirt.com/bulletins/1815 + PHPOutsourcing Zorum \"prod.php\" Remote Command Execution http://www.frsirt.com/bulletins/1797 + phpPgAds / phpAdsNew js-form.php language Variable Traversal Arbitrary File Access http://www.osvdb.org/displayvuln.php?osvdb_id=18887 + PostNuke \"dl-viewdownload.php\" Remote SQL Injection Vulnerability http://www.frsirt.com/bulletins/1827 + RunCMS Remote SQL Injection and Arbitrary Variable Overwrite http://www.frsirt.com/bulletins/1809 + SaveWebPortal Unauthorized Access Vulnerability http://www.securityfocus.com/bid/14639 + SquirrelMail Variable Handling Vulnerability http://www.securityfocus.com/bid/14254 + TikiWiki XML-RPC Nested XML Tags PHP Code Execution http://secunia.com/advisories/16563/ + vBulletin BBCode IMG Tag Cross-Site Request Forgery http://secunia.com/advisories/16516/ + W-Agora \"Site\" Parameter Remote Directory Traversal Vulnerability http://www.frsirt.com/bulletins/1799 + WebCalendar \"includedir\" Remote PHP File Inclusion Vulnerability http://www.frsirt.com/bulletins/1816 + Woltlab Burning Board \"modcp.php\" SQL Injection Vulnerability http://www.frsirt.com/bulletins/1805 + Zorum prod.php Arbitrary Command Execution Vulnerability http://secunia.com/advisories/16504/ osvdb : www.osvdb.org securityfocus : www.securityfocus.com Source de : Nexen écrit par sky Poster un commentaire sur cette article |
Nous - Plan du site - Informations légale - Contact - © Graphiks.net