Debian Security Advisory 1371-1 - Several vulnerabilities have been discovered in phpWiki, a wiki engine written in PHP. It was discovered that phpWiki performs insufficient file name validation, which allows unrestricted file uploads. It was discovered that phpWiki performs insufficient file name validation, which allows unrestricted file uploads. If the configuration lacks a nonzero PASSWORD_LENGTH_MINIMUM, phpWiki might allow remote attackers to bypass authentication via an empty password, which causes ldap_bind to return true when used with certain LDAP implementations.
b7b01d7f2a959335ad4e537ebb5fba440c7f535ac3481c32a0333098d6941ddf
Gentoo Linux Security Advisory GLSA 200705-16 - Harold Hallikainen has reported that the Upload page fails to properly check the extension of a file. Versions less than 1.3.10-r3 are affected.
60c159150a0498f92fb6138edacb9b60a1965224aafeaac9734cbd4a13e2339b