Internet / Network Security
  1. Home
  2. Computing & Technology
  3. Internet / Network Security

Secunia Advisories
September 1, 2006

From Tony Bradley, CISSP-ISSAP, for About.com

Below are the Secunia Security Advisories rated as Highly Critical (or higher) from September 1, 2006.

  • Secunia Advisory 21678
    Pheap "lpref" File Inclusion Vulnerability
    • Criticality: High
    • Description: SHiKaA has discovered a vulnerability in Pheap, which can be exploited by malicious people to compromise a vulnerable system.

      Input passed to the "lpref" parameter in lib/config.php and settings.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local or external resources.

      The vulnerability has been confirmed in version 1.2. Other versions may also be affected.

    • Secunia Advisory: http://secunia.com/advisories/21678/

  • Secunia Advisory 21680
    YACS "context[path_to_root]" File Inclusion Vulnerabilities
    • Criticality: High
    • Description: MATASANOS has discovered some vulnerabilities in YACS, which can be exploited by malicious people to compromise a vulnerable system.

      Input passed to the "context[path_to_root]" parameter in multiple files is not properly verified before being used to include files. This can be exploited to execute arbitrary PHP code by including files from local or external resources.

    • Secunia Advisory: http://secunia.com/advisories/21680/

  • Secunia Advisory 21715
    Membrepass Multiple Vulnerabilities
    • Criticality: High
    • Description: DarkFig has discovered some vulnerabilities in Membrepass, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks, and to compromise a vulnerable system.
    • Secunia Advisory: http://secunia.com/advisories/21715/

  • Secunia Advisory 21718
    Tumbleweed EMF ZOO Archive Processing Buffer Overflow
    • Criticality: High
    • Description: A vulnerability has been reported in Tumbleweed EMF, which can be exploited by malicious people to compromise a vulnerable system.
    • Secunia Advisory: http://secunia.com/advisories/21718/

  • Secunia Advisory 21722
    Debian update for capi4hylafax
    • Criticality: High
    • Description: Debian has issued an advisory for capi4hylafax. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a vulnerable system.
    • Secunia Advisory: http://secunia.com/advisories/21722/
Explore Internet / Network Security
About.com Special Features
Family Tech Center

Stay connected and entertained with reviews on tips on the latest HDTVs, cellphones and more. More >

Connect Your Home Computers

Easy ways to connect two computers for networking purposes. More >

Internet / Network Security
  1. Home
  2. Computing & Technology
  3. Internet / Network Security
  4. Security Bulletins
  5. Secunia Advisories
  6. Secunia Advisories - September 1, 2006

©2009 About.com, a part of The New York Times Company.

All rights reserved.