kguske writes:  

nukeSEO.com released a security update for nukeWYSIWYG(tm) today, version 2.6.4.1. This update involves 4 files which can be overwritten when uploading. Other files included in the update are version number changes only.

Note: this is ONLY an upgrade from nukeWYSIWYG(tm) 2.6.4. If not upgrading from nukeWYSIWYG(tm) 2.6.4, download the full nukeWYSIWYG(tm) 2.6.4.1 or the upgrade from 2.6.3.

What is included in this minor upgrade?

• File manager security

This issue should be addressed by admin authentication implemented in 2.6.4 (which was included in the recent release of RavenNuke(tm)), but security changes should be applied when possible.

Download the upgrade from nukeWYSIWYG(tm) 2.6.4 here (free membership is required)

SECUNIA ADVISORY ID: SA35550

VERIFY ADVISORY: http://secunia.com/advisories/35550/

CRITICAL: Moderately Critical

DESCRIPTION: A vulnerability has been discovered in Zen Cart, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is confirmed in version 1.3.8a (full fileset 12112007). Other versions may also be affected.
 Read More...

SECUNIA ADVISORY ID: SA35544

VERIFY ADVISORY: http://secunia.com/advisories/35544/

CRITICAL: Highly Critical

DESCRIPTION: A vulnerability has been reported in Shockwave Player, which can be exploited by malicious people to compromise a user's system. The vulnerability is reported in versions prior to 11.5.0.600. The vulnerability is caused due to an unspecified error when processing Shockwave Player 10 content and can be exploited to execute arbitrary code.

SOLUTION: Uninstall versions prior to 11.5.0.600, restart the system, and install version 11.5.0.600: http://get.adobe.com/shockwave/

PROVIDED AND/OR DISCOVERED BY: The vendor credits Paul Kurczaba, reported via ZDI.

ORIGINAL ADVISORY: http://www.adobe.com/support/security/bulletins/apsb09-08.html

SECUNIA ADVISORY ID: SA35125

VERIFY ADVISORY: http://secunia.com/advisories/35125/

Critical: Moderately Critical

DESCRIPTION: A vulnerability has been reported in PHP Dir Submit, which can be exploited by malicious people to conduct SQL injection attacks.
 Read More...

SECUNIA ADVISORY ID: SA35144

VERIFY ADVISORY: http://secunia.com/advisories/35144/

CRITICAL: Moderately Critical

DESCRIPTION: girex has discovered some vulnerabilities in Coppermine Photo Gallery, which can be exploited by malicious people to conduct SQL injection attacks, disclose sensitive information, or potentially compromise a vulnerable system. The vulnerabilities are confirmed in version 1.4.22. Other versions may also be affected.
 Read More...

Southern writes:  

Is your website being targeted by malware?

This search engine allows to search terms in specific malware configuration files. For example, to check whether a specific website is targeted by the malware, enter the website's domain name into the search box and click Search.
trusteer.com