Right in time for a scary halloween the phpBB project and the PHP project have released security updates. My advisories and a short article are released at the usual places.

Advisory 17/2005: phpBB Multiple Vulnerabilities

Advisory 18/2005: PHP Cross Site Scripting (XSS) Vulnerability in phpinfo()

Advisory 19/2005: PHP register_globals Activation Vulnerability in parse_str()

Advisory 20/2005: PHP File-Upload $GLOBALS Overwrite Vulnerability

Article: $GLOBALS Overwrite and it's Consequences

Please upgrade your servers and have a scary halloween...