Internet / Network Security

  1. Home
  2. Computing & Technology
  3. Internet / Network Security

Secunia Advisories

September 14, 2006

From Tony Bradley, CISSP-ISSAP, for About.com

Below are the Secunia Security Advisories rated as Highly Critical (or higher) from September 14, 2006.

  • Secunia Advisory 21449
    Tagger LE PHP "eval()" Injection Vulnerabilities
    • Criticality: High
    • Description: Secunia Research has discovered some vulnerabilities in Tagger LE, which can be exploited by malicious people to compromise a vulnerable system.
    • Secunia Advisory: http://secunia.com/advisories/21449/

  • Secunia Advisory 21887
    Magic News Pro "script_path" File Inclusion Vulnerability
    • Criticality: High
    • Description: A vulnerability has been reported in Magic News Pro, which can be exploited by malicious people to compromise a vulnerable system.

      Input passed to the "script_path" parameter in scripts/news_page.php is not properly verified before being used to include files. This can be exploited to execute arbitrary PHP code by including files from local or external resources.

    • Secunia Advisory: http://secunia.com/advisories/21887/

  • Secunia Advisory 21892
    Quicksilver Forums "set[include_path]" File Inclusion Vulnerability
    • Criticality: High
    • Description: mdx has reported a vulnerability in Quicksilver Forums, which can be exploited by malicious people to compromise a vulnerable system.

      Input passed to the "set[include_path]" parameter in lib/activeutil.php is not properly verified before being used to include files. This can be exploited to execute arbitrary PHP code by including files from local or external resources.

    • Secunia Advisory: http://secunia.com/advisories/21892/

  • Secunia Advisory 21897
    phpunity.postcard "gallery_path" Parameter File Inclusion
    • Criticality: High
    • Description: Rivertam has discovered a vulnerability in phpunity.postcard, which can be exploited by malicious people to compromise a vulnerable system.

      Input passed to the "gallery_path" parameter in phpunity-postcard.php isn't properly verified, before it is used to include files. This can be exploited to include arbitrary files from external and local resources.

    • Secunia Advisory: http://secunia.com/advisories/21897/

  • Secunia Advisory 21910
    Internet Explorer daxctle.ocx "KeyFrame()" Method Vulnerability
    • Criticality: Extremely
    • Description: nop has discovered a vulnerability in Internet Explorer, which can be exploited by malicious people to compromise a user's system.

      The vulnerability is caused due to a memory corruption error in the Microsoft Multimedia Controls ActiveX control (daxctle.ocx) in the "CPathCtl::KeyFrame()" function. This can be exploited by e.g. tricking a user into viewing a malicious HTML document passing specially crafted arguments to the ActiveX control's "KeyFrame()" method.

    • Secunia Advisory: http://secunia.com/advisories/21910/

  • Secunia Advisory 21914
    Downstat "art" File Inclusion Vulnerability
    • Criticality: High
    • Description: sZ has discovered some vulnerabilities in Downstat, which can be exploited by malicious people to compromise a vulnerable system.

      Input passed to the "art" parameter in chart.php, modes.php, and stats.php is not properly verified before being used to include files. This can be exploited to execute arbitrary PHP code by including files from local or external resources.

    • Secunia Advisory: http://secunia.com/advisories/21914/

Explore Internet / Network Security

About.com Special Features

Browse All About.com

Internet / Network Security

  1. Home
  2. Computing & Technology
  3. Internet / Network Security
  4. Security Bulletins
  5. Secunia Advisories
  6. Secunia Advisories - September 14, 2006

©2009 About.com, a part of The New York Times Company.

All rights reserved.