Secunia Advisories
October 16, 2006

From Tony Bradley, CISSP-ISSAP, for About.com

Filed In:

(Continued from Page 2)

Secunia Advisory 22440
Avaya Products PHP Multiple Vulnerabilities
- Criticality: High
- Description: Avaya has acknowledged some vulnerabilities in PHP included in various Avaya products, which can be exploited by malicious, local users to bypass certain security restrictions, and by malicious people to conduct cross-site scripting and HTTP response splitting attacks, cause a DoS (Denial of Service), and potentially compromise a vulnerable system.
- Secunia Advisory: http://secunia.com/advisories/22440/
Secunia Advisory 22443
phpBB Archive for Search Engines "phpbb_root_path" File Inclusion
- Criticality: High
- Description: Ashiyane Corporation has reported a vulnerability in the phpBB Archive for Search Engines module, which can be exploited by malicious people to compromise a vulnerable system.
  Input passed to the "phpbb_root_path" parameter in templates/archive/archive_topic.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local or external resources.
- Secunia Advisory: http://secunia.com/advisories/22443/
Secunia Advisory 22458
Apache HTTP Server mod_tcl Format String Vulnerabilities
- Criticality: High
- Description: Some vulnerabilities have been reported in the mod_tcl module for Apache HTTP server, which can be exploited by malicious people to compromise a vulnerable system.
  The vulnerabilities are caused due to format string errors in tcl_cmds.c and tcl_core.c when calling the "set_var()" function with user-supplied input. This can be exploited by sending a specially crafted request containing format specifiers.
- Secunia Advisory: http://secunia.com/advisories/22458/

Explore Internet / Network Security

Must Reads

Secunia AdvisoriesOctober 16, 2006

Secunia Advisories
October 16, 2006