Internet / Network Security

  1. Home
  2. Computing & Technology
  3. Internet / Network Security

Secunia Advisories

October 16, 2006

From Tony Bradley, CISSP-ISSAP, for About.com

Below are the Secunia Security Advisories rated as Highly Critical (or higher) from October 16, 2006.

  • Secunia Advisory 22363
    AFGB Guestbook "Htmls" File Inclusion Vulnerabilities
    • Criticality: High
    • Description: mdX has reported some vulnerabilities in AFGB Guestbook, which can be exploited by malicious people to compromise a vulnerable system.

      Input passed to the "Htmls" parameter in add.php, admin.php, look.php, and re.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local and external resources.

    • Secunia Advisory: http://secunia.com/advisories/22363/

  • Secunia Advisory 22370
    Clam AntiVirus CHM Unpacker and PE Rebuilding Vulnerabilities
    • Criticality: High
    • Description: Two vulnerabilities have been reported in Clam AntiVirus, which potentially can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.
    • Secunia Advisory: http://secunia.com/advisories/22370/

  • Secunia Advisory 22391
    Gentoo update for seamonkey
    • Criticality: High
    • Description: Gentoo has issued an update for seamonkey. This fixes some vulnerabilities, which can be exploited by malicious people to conduct spoofing attacks, bypass certain security restrictions, and potentially compromise a user's system.
    • Secunia Advisory: http://secunia.com/advisories/22391/

  • Secunia Advisory 22403
    NuralStorm Webmail "DEFAULT_SKIN" File Inclusion Vulnerability
    • Criticality: High
    • Description: Kw3rLn has reported a vulnerability in NuralStorm Webmail, which can be exploited by malicious people to compromise a vulnerable system.

      Input passed to the "DEFAULT_SKIN" parameter in process.php is not properly verified before being used to include files. This can be exploited to execute arbitrary PHP code by including files from local or external resources.

    • Secunia Advisory: http://secunia.com/advisories/22403/

  • Secunia Advisory 22411
    phpMyConference "lvc_include_path" File Inclusion Vulnerability
    • Criticality: High
    • Description: k1tk4t has reported a vulnerability in phpMyConference, which can be exploited by malicious people to compromise a vulnerable system.

      Input passed to the "lvc_include_dir" parameter in common/visiteurs/include/menus.inc.php is not properly verified before being used to include files. This can be exploited to execute arbitrary PHP code by including files from local or external resources.

    • Secunia Advisory: http://secunia.com/advisories/22411/

  • Secunia Advisory 22412
    Open Conference Systems "fullpath" File Inclusion Vulnerability
    • Criticality: High
    • Description: k1tk4t has reported a vulnerability in Open Conference Systems, which can be exploited by malicious people to compromise a vulnerable system.

      Input passed to the "fullpath" parameter in include/themes.inc.php and include/footer.inc.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local or external resources.

    • Secunia Advisory: http://secunia.com/advisories/22412/

  • Secunia Advisory 22414
    phpBB PlusXL "phpbb_root_path" File Inclusion Vulnerability
    • Criticality: High
    • Description: Ashiyane Corporation has reported a vulnerability in phpBB PlusXL, which can be exploited by malicious people to compromise a vulnerable system.

      Input passed to the "phpbb_root_path" parameter in mods/iai/includes/constants.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local or external resources.

    • Secunia Advisory: http://secunia.com/advisories/22414/

  • Secunia Advisory 22416
    CDS Agenda "AGE" File Inclusion Vulnerability
    • Criticality: High
    • Description: Drago84 has reported a vulnerability in CDS Agenda, which can be exploited by malicious people to compromise a vulnerable system.

      Input passed to the "AGE" parameter in modification/SendAlertEmail.php is not properly verified before being used to include files. This can be exploited to execute arbitrary PHP code by including files from local or external resources.

    • Secunia Advisory: http://secunia.com/advisories/22416/

Explore Internet / Network Security

About.com Special Features

Build Your Own Website

Step-by-step advice on how to do everything from choosing a Web host to promoting your content. More >

Connect Your Home Computers

Easy ways to connect two computers for networking purposes. More >

Browse All About.com

Internet / Network Security

  1. Home
  2. Computing & Technology
  3. Internet / Network Security
  4. Security Bulletins
  5. Secunia Advisories
  6. Secunia Advisories - October 16, 2006

©2009 About.com, a part of The New York Times Company.

All rights reserved.