SECUNIA ADVISORY ID: SA23236

VERIFY ADVISORY: http://secunia.com/advisories/23236/

CRITICAL: Moderately critical

IMPACT: DoS

SOFTWARE: DenyHosts 2.x - http://secunia.com/product/12830/

DESCRIPTION: Tavis Ormandy has discovered a vulnerability in DenyHosts, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error in the parsing of log files before adding an entry in /etc/hosts.deny. Read More...

SECUNIA ADVISORY ID: SA23232

VERIFY ADVISORY: http://secunia.com/advisories/23232/

CRITICAL: Extremely critical

IMPACT: System access

DESCRIPTION: A vulnerability has been reported in Microsoft Word, which potentially can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an unspecified error in the handling of Word documents can be exploited to cause a memory corruption. Successful exploitation may allow execution of arbitrary code.

SOFTWARE: Read More...

SECUNIA ADVISORY ID: SA23168

VERIFY ADVISORY: http://secunia.com/advisories/23168/

CRITICAL: Moderately critical

IMPACT: Exposure of sensitive information

SOFTWARE: Quick.Cart 2.x - http://secunia.com/product/12801/

DESCRIPTION: r0ut3r has reported some vulnerabilities in Quick.Cart, which can be exploited by malicious people to disclose sensitive information. Successful exploitation requires that "register_globals" is enabled and "magic_quotes_gpc" is disabled. The vulnerabilities are reported in version 2.0. Other versions may also be affected. Input passed to the "config[db_type]" parameter in multiple files is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal attacks.

Examples: Read More...

SECUNIA ADVISORY ID: SA23218

VERIFY ADVISORY: http://secunia.com/advisories/23218/

CRITICAL: Highly critical

IMPACT: DoS, System access

SOFTWARE: xine-lib 1.x - http://secunia.com/product/3410/

DESCRIPTION: Some vulnerabilities have been reported in xine-lib, which potentially can be exploited by malicious people to compromise a user's system. Successful exploitation may allow the execution of arbitrary code. The vulnerabilities are reported in versions prior to 1.1.3. Read More...

SECUNIA ADVISORY ID: SA23206

VERIFY ADVISORY: http://secunia.com/advisories/23206/

CRITICAL: Highly critical

IMPACT: System access

SOFTWARE: mx_tinies (module for mxBB) 1.x - http://secunia.com/product/12794/

DESCRIPTION: bd0rk has reported a vulnerability in the mx_tinies module for MxBB, which can be exploited by malicious people to compromise a vulnerable system. Input passed to the "module_root_path" parameter in includes/common.php is not properly verified before being used to include files. This can be exploited to execute arbitrary PHP code by including files from local or external resources. Successful exploitation requires that "register_globals" is enabled. The vulnerability is reported in version 1.3.0. Other versions may also be affected. Read More...

SECUNIA ADVISORY ID: SA23204

VERIFY ADVISORY: http://secunia.com/advisories/23204/

CRITICAL: Highly critical

IMPACT: System access

SOFTWARE: PHP Upload Center 2.x - http://secunia.com/product/12792/

DESCRIPTION: GregStar has discovered two vulnerabilities in PHP Upload Center, which can be exploited by malicious people to compromise a vulnerable system. Successful exploitation with other file extensions than ".php" requires that "magic_quotes_gpc" is disabled. The vulnerabilities are confirmed in version 2.0. Other versions may also be affected. Read More...