-
Secunia Advisory 16339
XOOPS PHPMailer and XML-RPC Vulnerabilities- Criticality: High
- Description: Some vulnerabilities have been reported in XOOPS, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.
- Secunia Advisory: http://secunia.com/advisories/16339/
-
Secunia Advisory 16341
Conectiva update for krb5- Criticality: High
- Description: Conectiva has issued an update for krb5. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
- Secunia Advisory: http://secunia.com/advisories/16341/
-
Secunia Advisory 16342
Gravity Board X Multiple Vulnerabilities- Criticality: High
- Description: rgod has discovered some vulnerabilities in Gravity Board X, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, or compromise a vulnerable system.
- Input passed to the "email" parameter in index.php isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
Successful exploitation allows logon as administrator without requiring knowledge of the password, but requires that "magic_quotes_gpc" is disabled.
- Input passed to the "board_id" parameter in deletethread.php isn't properly sanitised before being returned to users. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
- Missing access restrictions on the "editcss.php" script can be exploited to include arbitrary PHP scripts in the style sheet.
- Input passed to the "email" parameter in index.php isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
- Secunia Advisory: http://secunia.com/advisories/16342/
-
Secunia Advisory 16363
Ubuntu update for ekg/libgadu3- Criticality: High
- Description: Ubuntu has issued updates for ekg and libgadu3. These fix some vulnerabilities, which can be exploited by malicious, local users to perform certain actions with escalated privileges, or by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.
- Secunia Advisory: http://secunia.com/advisories/16363/
-
Secunia Advisory 16373
Internet Explorer Three Vulnerabilities- Criticality: High
- Description: Three vulnerabilities have been reported in Internet Explorer, which can be exploited by malicious people to conduct cross-site scripting attacks or compromise a user's system.
- A memory corruption error within the processing of JPEG images can be exploited to execute arbitrary code by tricking a user into e.g. visiting a web site or view an HTML e-mail containing a specially crafted JPEG image.
- A validation error during the interpretation of certain URLs when browsing from a web site to a web folder view using WebDAV can be exploited to execute arbitrary script code in another domain (e.g. on the user's system in the "Local Machine" security zone).
- An error in the way COM objects are instantiated as ActiveX controls can be exploited to corrupt system memory and allows execution of arbitrary code on a user's system when e.g. a malicious web site is visited.
- Secunia Advisory: http://secunia.com/advisories/16373/
Below are the Secunia Security Advisories rated as Highly Critical (or higher) from August 9, 2005.
Explore Internet / Network Security
Must Reads
More from About.com
Work Hard, Travel Easy
The best tips for business travelers.Dog Care
Get tips on training and caring for dogs of all ages.48 Hours in Vegas
Plan a hot weekend in Sin City.Hotel Advice
The must-stay hotels worldwide.
©2008 About.com, a part of The New York Times Company.
All rights reserved.