SECUNIA ADVISORY ID: SA22511

VERIFY ADVISORY: http://secunia.com/advisories/22511/

CRITICAL: Moderately critical

IMPACT: Manipulation of data

WHERE: >From remote

SOFTWARE: PHP-Nuke 7.x - http://secunia.com/product/2385/

DESCRIPTION: Paisterist has discovered a vulnerability in PHP-Nuke, which can be exploited by malicious people to conduct SQL injection attacks. Read More...

Note: 

Admin: If you are up-to-date with your patches you will not be affected by this. Also, I beleive this is an old exploit, but I'm not sure

Monday, 16 October 2006, 12:21 AM CET

Microsoft agreed to make it easier for customers of its forthcoming Vista operating system to use outside security vendors, such as those who make popular antivirus and anti-spyware programs.

Until now, Microsoft had planned to block those companies from installing their products in the deepest levels of the new operating system, which is scheduled for release early next year.

Read More at the Washington Post.

lippylion writes:  

Nukequiz has just gone through some major changes and has been updated online for testing. It now inlcudes the ability to mix question types, such as multi answer questions, multi choice and single answer, all with the ability to add images or sounds to the question. We are updating changes and have changed the version history to reflect those changes.

To test the quiz you will need to be registered which is free and fully automated. For more details on the changes please read Nukequiz Version History in the Nukequiz Online Help Manual (Also undergoing changes)

Kommius writes:  

Hi everyone!!

As some of you were able to notice, we have been closed for the past year and a half, and that being due to our old webhost whom with we lost our entire database!!

However, this has allowed us to develop this new version of NukeClan with the new team, Read More...

SECUNIA ADVISORY ID: SA22521

VERIFY ADVISORY: http://secunia.com/advisories/22521/

CRITICAL: Highly critical

IMPACT: System access

WHERE: >From remote

SOFTWARE: MambWeather 1.x (module for Mambo) - http://secunia.com/product/12390/

DESCRIPTION: h4ntu has discovered a vulnerability in the MambWeather module for Mambo, which can be exploited by malicious people to compromise a vulnerable system. Input passed to the "mosConfig_absolute_path" parameter in modules/MambWeather/Savant2/Savant2_Plugin_options.php is not properly verified before being used to include files. This can be exploited to execute arbitrary PHP code by including files from local or external resources. Successful exploitation requires that "register_globals" is enabled. The vulnerability is confirmed in version 1.8.1. Other versions may also be affected.

SOLUTION: Edit the source code to ensure that input is properly verified. Set "register_globals" to "Off".

PROVIDED AND/OR DISCOVERED BY: h4ntu

ORIGINAL ADVISORY: http://milw0rm.com/exploits/2613

forgotz writes:  

A simple PHP-Nuke hack, allowing for easy access to native Headlines Administration. Add and manage RSS feeds. ALWAYS backup your database! Import the provided SQL file and have fewer and more relevant PHP-Nuke RSS feeds.

Click here for screen shots.
Click here for download (registration required). Read More...