SECUNIA ADVISORY ID: SA22394

VERIFY ADVISORY: http://secunia.com/advisories/22394/

CRITICAL: Highly critical

IMPACT: System access

WHERE: >From remote

SOFTWARE:
Microsoft Powerpoint 2003 - http://secunia.com/product/5274/
Microsoft PowerPoint 2002 - http://secunia.com/product/2223/
Microsoft PowerPoint 2000 - http://secunia.com/product/3052/
Microsoft Office XP - http://secunia.com/product/23/  Read More...

SECUNIA ADVISORY ID: SA22356

VERIFY ADVISORY: http://secunia.com/advisories/22356/

CRITICAL: Highly critical

IMPACT: System access

WHERE: >From remote

SOFTWARE: SpamBlockerMod 1.x (module for phpBB) - http://secunia.com/product/12298/

DESCRIPTION: Ashiyane Corporation has reported a vulnerability in the SpamBlockerMod module for phpBB, which can be exploited by malicious people to compromise a vulnerable system. Read More...

SECUNIA ADVISORY ID: SA22400

VERIFY ADVISORY: http://secunia.com/advisories/22400/

CRITICAL: Moderately critical

IMPACT: Manipulation of data, Exposure of sensitive information

WHERE: >From remote

SOFTWARE: Invision Gallery 2.x - http://secunia.com/product/6022/

DESCRIPTION: _1nf3ct0r_ has reported some vulnerabilities in Invision Gallery, which can be exploited by malicious people to disclose potentially sensitive information and conduct SQL injection attacks. The vulnerabilities are reported in version 2.0.7. Other versions may also be affected.

1) Input passed to the "dir" parameter in index.php is not properly verified before being used in a "readfile()" call. Read More...

SECUNIA ADVISORY ID: SA22371

VERIFY ADVISORY: http://secunia.com/advisories/22371/

CRITICAL: Less critical

IMPACT: DoS

WHERE: >From local network

SOFTWARE:
McAfee Personal Firewall Plus 7.x/2006 - http://secunia.com/product/267/
McAfee Internet Security Suite 2006 - http://secunia.com/product/11210/
McAfee VirusScan 10.x/2006 - http://secunia.com/product/9052/

DESCRIPTION: JAAScois has discovered a vulnerability in various McAfee products,which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error in McAfee Network Agent (McNASvc.exe) when processing received network messages. This can be exploited to crash the service by sending a specially crafted message with an invalid value in the string position field. The vulnerability is confirmed in McAfee Internet Security Suite 2006 including McAfee Network Agent version 1.0.178.0. Other versions and products may also be affected.

SOLUTION: Restrict access to the service.

PROVIDED AND/OR DISCOVERED BY: JAAScois

aman writes:  

ajax Blocks Administration for phpnuke - Fixed: Cannot work with chatserv-patch-3.3 [Fatal error: Cannot redeclare opentable()].

Download ajaxBlocksEditor-1.33+

SECUNIA ADVISORY ID: SA22286

VERIFY ADVISORY: http://secunia.com/advisories/22286/

CRITICAL: Moderately critical

IMPACT: Security Bypass, Cross Site Scripting, Manipulation of data, Exposure of sensitive information

WHERE: >From remote

SOFTWARE: Eazy Cart 2.x - http://secunia.com/product/12259/

DESCRIPTION: Some vulnerabilities have been discovered in Eazy Cart, which can be exploited by malicious people to bypass certain security restriction, disclose sensitive information, manipulate orders, and to conduct cross-site scripting attacks. The vulnerabilities have been confirmed in version 2.01. Other versions may also be affected. Read More...