Internet / Network Security

  1. Home
  2. Computing & Technology
  3. Internet / Network Security

Secunia Advisories

September 1, 2006

From Tony Bradley, CISSP-ISSAP, for About.com

Below are the Secunia Security Advisories rated as Highly Critical (or higher) from September 1, 2006.

  • Secunia Advisory 21678
    Pheap "lpref" File Inclusion Vulnerability
    • Criticality: High
    • Description: SHiKaA has discovered a vulnerability in Pheap, which can be exploited by malicious people to compromise a vulnerable system.

      Input passed to the "lpref" parameter in lib/config.php and settings.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local or external resources.

      The vulnerability has been confirmed in version 1.2. Other versions may also be affected.

    • Secunia Advisory: http://secunia.com/advisories/21678/

  • Secunia Advisory 21680
    YACS "context[path_to_root]" File Inclusion Vulnerabilities
    • Criticality: High
    • Description: MATASANOS has discovered some vulnerabilities in YACS, which can be exploited by malicious people to compromise a vulnerable system.

      Input passed to the "context[path_to_root]" parameter in multiple files is not properly verified before being used to include files. This can be exploited to execute arbitrary PHP code by including files from local or external resources.

    • Secunia Advisory: http://secunia.com/advisories/21680/

  • Secunia Advisory 21715
    Membrepass Multiple Vulnerabilities
    • Criticality: High
    • Description: DarkFig has discovered some vulnerabilities in Membrepass, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks, and to compromise a vulnerable system.
    • Secunia Advisory: http://secunia.com/advisories/21715/

  • Secunia Advisory 21718
    Tumbleweed EMF ZOO Archive Processing Buffer Overflow
    • Criticality: High
    • Description: A vulnerability has been reported in Tumbleweed EMF, which can be exploited by malicious people to compromise a vulnerable system.
    • Secunia Advisory: http://secunia.com/advisories/21718/

  • Secunia Advisory 21722
    Debian update for capi4hylafax
    • Criticality: High
    • Description: Debian has issued an advisory for capi4hylafax. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a vulnerable system.
    • Secunia Advisory: http://secunia.com/advisories/21722/

Explore Internet / Network Security

About.com Special Features

Browse All About.com

Internet / Network Security

  1. Home
  2. Computing & Technology
  3. Internet / Network Security
  4. Security Bulletins
  5. Secunia Advisories
  6. Secunia Advisories - September 1, 2006

©2009 About.com, a part of The New York Times Company.

All rights reserved.