Internet / Network Security

  1. Home
  2. Computing & Technology
  3. Internet / Network Security

Secunia Advisories

September 6, 2006

From Tony Bradley, CISSP-ISSAP, for About.com

Below are the Secunia Security Advisories rated as Highly Critical (or higher) from September 6, 2006.

  • Secunia Advisory 21758
    C-News "path" File Inclusion Vulnerabilities
    • Criticality: High
    • Description: Some vulnerabilities have been reported in C-News, which can be exploited by malicious people to compromise a vulnerable system.

      Input passed to the "path" parameter in multiple files is not properly verified before being used to include files. This can be exploited to execute arbitrary PHP code by including files from local or external resources.

    • Secunia Advisory: http://secunia.com/advisories/21758/

  • Secunia Advisory 21760
    Sponge News "sndir" File Inclusion Vulnerability
    • Criticality: High
    • Description: SHiKaA has reported a vulnerability in Sponge News, which can be exploited by malicious people to compromise a vulnerable system.

      Input passed to the "sndir" parameter in news.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local or external resources.

    • Secunia Advisory: http://secunia.com/advisories/21760/

  • Secunia Advisory 21772
    annoncesV "page" Parameter File Inclusion Vulnerability
    • Criticality: High
    • Description: botan has discovered a vulnerability in annoncesV, which can be exploited by malicious people to compromise a vulnerable system.

      Input passed to the "page" parameter in annonce.php isn't properly verified, before it is used to include files. This can be exploited to include arbitrary files from external and local resources.

    • Secunia Advisory: http://secunia.com/advisories/21772/

  • Secunia Advisory 21775
    GrapAgenda "page" File Inclusion Vulnerability
    • Criticality: High
    • Description: botan has discovered a vulnerability in GrapAgenda, which can be exploited by malicious people to compromise a vulnerable system.

      Input passed to the "page" parameter in index.php is not properly verified before being used to include files. This can be exploited to execute arbitrary PHP code by including files from local or external resources.

    • Secunia Advisory: http://secunia.com/advisories/21775/

  • Secunia Advisory 21777
    MySpeach "my_ms[root]" Parameter File Inclusion Vulnerability
    • Criticality: High
    • Description: SHiKaA has discovered a vulnerability in MySpeach, which can be exploited by malicious people to compromise a vulnerable system.

      Input passed to the "my_ms[root]" parameter in jscript.php isn't properly verified, before it is used to include files. This can be exploited to include arbitrary files from external and local resources.

    • Secunia Advisory: http://secunia.com/advisories/21777/

Explore Internet / Network Security

About.com Special Features

Browse All About.com

Internet / Network Security

  1. Home
  2. Computing & Technology
  3. Internet / Network Security
  4. Security Bulletins
  5. Secunia Advisories
  6. Secunia Advisories - September 6, 2006

©2009 About.com, a part of The New York Times Company.

All rights reserved.