Monday, October 31. 2005
Right in time for a scary halloween the phpBB project and the PHP project have released security updates. My advisories and a short article are released at the usual places.
Advisory 17/2005: phpBB Multiple Vulnerabilities
Advisory 18/2005: PHP Cross Site Scripting (XSS) Vulnerability in phpinfo()
Advisory 19/2005: PHP register_globals Activation Vulnerability in parse_str()
Advisory 20/2005: PHP File-Upload $GLOBALS Overwrite Vulnerability
Article: $GLOBALS Overwrite and it's Consequences
Please upgrade your servers and have a scary halloween...