Actualités
MySQL ne fait l'objet d'aucune alerte de sécurité dans ses versions courantes : MySQL 5.0.37 (communauté) et 5.0.38 (entreprise), 4.1.22, ainsi que 5.1.17-beta et 5.2.3-alpha.
Les mises à jour sont recommandées vers ces versions.
Pour PHP 5.2.1, 14 vulnérabilités sont identifiées depuis durant le mois de la sécurité PHP. Une version RC1 de PHP 5.2.2 est en cours de tests, de même que PHP 4.4.7 (voir le site de la QA (http://qa.php.net).
14 alertes de sécurité ont été émises cette semaine, concernant des applications suivantes :
Gallery, Invision Power Board, Joomla, PHP Nuke, PhpWiki, Smarty, WordPress, XAMPP, Xoops, ez, phpAdsNew, phpBB, phpMyAdmin et phpmailer
- jGallery "G_JGALL" Parameter Handling Remote File Inclusion Vulnerability
http://www.frsirt.com/bulletins/10008 (13 visites)
Site : http://gallery.sourceforge.net/ (9 visites) - IPB (Invision Power Board) Full Path Disclusure
http://securityvulns.com/Qdocument804.html (11 visites)
Site : http://www.invisionboard.com/ (10 visites) - Multiple PHP remote file inclusion vulnerabilities in the Jx Development Article 1.1 and earlier component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to com_articles.php in (1) compo
http://cve.mitre.org/cgibin/cvename.cgi?name=CVE20072089 (11 visites)
Site : http://www.frsirt.com/bulletins/10040 (9 visites) - PHP-Nuke Multiple Security Bypass and Remote SQL Query Injection Vulnerabilities
http://cve.mitre.org/cgibin/cvename.cgi?name=CVE20072025 (15 visites)
Site : http://phpwiki.sourceforge.net/ (11 visites) - Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a va
http://cve.mitre.org/cgibin/cvename.cgi?name=CVE20067193 (9 visites)
Site : http://smarty.php.net/ (9 visites) - ** DISPUTED ** PHP remote file inclusion vulnerability in unit_test/test_cases.php in Smarty 2.6.1 allows remote attackers to execute arbitrary PHP code via a URL in the SMARTY_DIR parameter. NOTE: this issue is disputed by CVE and a third party because S
http://www.secunia.com/advisories/24951/ (9 visites)
Site : http://wordpress.org/ (10 visites) - WordPress Pingback Denial of Service Security Issue
http://cve.mitre.org/cgibin/cvename.cgi?name=CVE20072079 (12 visites)
Site : http://www.apachefriends.org/en/xampp.html (10 visites) - The ADONewConnection Connect function in adodb.php in XAMPP 1.6.0a and earlier for Windows uses untrusted input for the database server hostname, which allows remote attackers to trigger a library buffer overflow and execute arbitrary code via a long host
http://cve.mitre.org/cgibin/cvename.cgi?name=CVE20071976 (10 visites)
Site : http://www.xoops.org/ (12 visites) - ** DISPUTED ** PHP remote file inclusion vulnerability in index.php in the Virii Info 1.10 and earlier module for Xoops allows remote attackers to execute arbitrary PHP code via a URL in the xoopsConfig parameter. NOTE: the issue has been disputed by a re
http://www.frsirt.com/bulletins/10011 (9 visites)
Site : http://www.ez.no/ (11 visites) - Rezervi Generic "root" Parameter Handling Remote PHP File Inclusion Vulnerabilities
http://cve.mitre.org/cgibin/cvename.cgi?name=CVE20072046 (10 visites)
Site : http://www.phpadsnew.com/ (10 visites) - Multiple CRLF injection vulnerabilities in adclick.php in (a) Openads (phpAdsNew) 2.0.11 and earlier and (b) Openads for PostgreSQL (phpPgAds) 2.0.11 and earlier allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting a
http://cve.mitre.org/cgibin/cvename.cgi?name=CVE20071961 (9 visites)
Site : http://www.phpbb.com/ (11 visites) - PHP remote file inclusion vulnerability in mutant_functions.php in the Mutant 0.9.2 portal for phpBB 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
http://cve.mitre.org/cgibin/cvename.cgi?name=CVE20072016 (12 visites)
Site : http://www.phpmyadmin.net/ (10 visites) - Cross-site scripting (XSS) vulnerability in mysql/phpinfo.php in phpMyAdmin 2.6.1 allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
http://cve.mitre.org/cgibin/cvename.cgi?name=CVE20072021 (11 visites)
Site : http://phpmailer.sourceforge.net/ (12 visites) - Multiple PHP remote file inclusion vulnerabilities in Pineapple Technologies Lore 1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) lang_path parameter to third_party/phpmailer/class.phpmailer.php or the (2) get_plugin_file_path
frsirt (12 visites)
Site : phpsecure (15 visites)
- secunia (9 visites)
| < Précédent | Suivant > |
|---|
Commentaires
Vous pouvez ajouter votre commentaire! |
Vous devez vous connecter pour commenter