Internet / Network Security

  1. Home
  2. Computing & Technology
  3. Internet / Network Security

Secunia Advisories

September 11, 2006

From Tony Bradley, CISSP-ISSAP, for About.com

Below are the Secunia Security Advisories rated as Highly Critical (or higher) from September 11, 2006.

  • Secunia Advisory 21817
    MyABraCaDaWeb "base" File Inclusion Vulnerabilities
    • Criticality: High
    • Description: ERNE has reported some vulnerabilities in MyABraCaDaWeb, which can be exploited by malicious people to compromise a vulnerable system.

      Input passed to the "base" parameter in index.php and pop.php is not properly verified before being used. This can be exploited to execute arbitrary PHP code by including files from local and external resources.

    • Secunia Advisory: http://secunia.com/advisories/21817/

  • Secunia Advisory 21833
    RaidenHTTPD "SoftParserFileXml" File Inclusion Vulnerability
    • Criticality: High
    • Description: rgod has discovered a vulnerability in RaidenHTTPD, which can be exploited by malicious people to compromise a vulnerable system.

      Input passed to the "SoftParserFileXml" parameter in raidenhttpd-admin/slice/check.php is not verified before being used to include files. This can be exploited to execute arbitrary PHP code by calling the script directly and including a file from a local or external resource.

    • Secunia Advisory: http://secunia.com/advisories/21833/

  • Secunia Advisory 21842
    Mandriva update for php
    • Criticality: High
    • Description: Mandriva has issued an update for php. This fixes some vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions, or by malicious people to potentially compromise a vulnerable system.
    • Secunia Advisory: http://secunia.com/advisories/21842/

  • Secunia Advisory 21850
    mcGalleryPRO "path_to_folder" File Inclusion Vulnerability
    • Criticality: High
    • Description: Solpot has reported a vulnerability in mcGalleryPRO, which can be exploited by malicious people to compromise a vulnerable system.

      Input passed to the "path_to_folder" parameter in random2.php is not properly verified before being used to include files. This can be exploited to execute arbitrary PHP code by including files from local or external resources.

    • Secunia Advisory: http://secunia.com/advisories/21850/

  • Secunia Advisory 21855
    Vivvo Article Management CMS SQL Injection and File Inclusion
    • Criticality: High
    • Description: MercilessTurk has reported some vulnerabilities in Vivvo Article Management CMS, which can be exploited by malicious people to conduct SQL injection attacks and to compromise a vulnerable system.
    • Secunia Advisory: http://secunia.com/advisories/21855/

  • Secunia Advisory 21857
    Socketwiz Bookmarks "root_dir" File Inclusion Vulnerability
    • Criticality: High
    • Description: Kacper has reported a vulnerability in Socketwiz Bookmarks, which can be exploited by malicious people to compromise a vulnerable system.

      Input passed to the "root_dir" parameter in smarty_config.php is not properly verified before being used to include files. This can be exploited to execute arbitrary PHP code by including files from local or external resources.

    • Secunia Advisory: http://secunia.com/advisories/21857/

Explore Internet / Network Security

About.com Special Features

Build Your Own Website

Step-by-step advice on how to do everything from choosing a Web host to promoting your content. More >

Connect Your Home Computers

Easy ways to connect two computers for networking purposes. More >

Browse All About.com

Internet / Network Security

  1. Home
  2. Computing & Technology
  3. Internet / Network Security
  4. Security Bulletins
  5. Secunia Advisories
  6. Secunia Advisories - September 11, 2006

©2009 About.com, a part of The New York Times Company.

All rights reserved.