Secunia Advisories

August 17, 2005

Below are the Secunia Security Advisories rated as Highly Critical (or higher) from August 17, 2005.

• Secunia Advisory 16454
  CPAINT Ajax Toolkit Command Execution Vulnerabilities
  • Criticality: High
  • Description: Thor Larholm has reported some vulnerabilities in CPAINT, which can be exploited by malicious people to conduct cross-site scripting attacks or compromise a vulnerable system.
    1. Input passed to the "cpaint_argument[]" parameter is not properly sanitised before being executed. This can be exploited to execute arbitrary code on the server by concatenation of the arguments.
    2. The "checkBlacklist()" function in cpaint.inc.asp does not check for the presence of "ExecuteGlobal" and "GetRef" statements. This can be exploited for code execution.
  • Secunia Advisory: http://secunia.com/advisories/16454/

• Secunia Advisory 16468
  phpAdsNew Multiple Vulnerabilities
  • Criticality: High
  • Description: Some vulnerabilities have been reported in phpAdsNew, which can be exploited by malicious people to disclose certain sensitive information, conduct SQL injection attacks, or compromise a vulnerable system.
  • Secunia Advisory: http://secunia.com/advisories/16468/

• Secunia Advisory 16469
  phpPgAds Multiple Vulnerabilities
  • Criticality: High
  • Description: Some vulnerabilities have been reported in phpPgAds, which can be exploited by malicious people to disclose certain sensitive information, conduct SQL injection attacks or compromise a vulnerable system.
  • Secunia Advisory: http://secunia.com/advisories/16469/