SECUNIA ADVISORY ID: SA31789

VERIFY ADVISORY: http://secunia.com/advisories/31789/

CRITICAL: Moderately critical

IMPACT: Unknown, Brute force

SOFTWARE: Joomla! 1.x - http://secunia.com/advisories/product/5788/

DESCRIPTION: Some vulnerabilities and a security issue have been reported in Joomla!, where some have an unknown impact and others can potentially be exploited by malicious people to conduct brute force attacks. The vulnerabilities and security issue are reported in versions prior to version 1.5.7.
 Read More...

SECUNIA ADVISORY ID: SA31724

VERIFY ADVISORY: http://secunia.com/advisories/31724/

CRITICAL: Highly critical

IMPACT: System access

SOFTWARE: Microsoft Windows Media Encoder 9.x - http://secunia.com/product/5895/

DESCRIPTION: A vulnerability has been reported in Windows Media Encoder, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in the WMEX.DLL ActiveX control. This can be exploited to cause a buffer overflow by tricking a user into e.g. visiting a malicious website. Successful exploitation may allow execution of arbitrary code.
 Read More...

SECUNIA ADVISORY ID: SA31726

VERIFY ADVISORY: http://secunia.com/advisories/31726/

CRITICAL: Highly critical

IMPACT: System access

SOFTWARE: Microsoft Windows Media Player 11.x - http://secunia.com/product/11280/

DESCRIPTION: A vulnerability has been reported in Windows Media Player, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error when handling sampling rates. This can be exploited via a specially crafted audio file streamed from a server-side playlist (SSPL). Successful exploitation may allow execution of arbitrary code.
 Read More...

SECUNIA ADVISORY ID: SA31758

VERIFY ADVISORY: http://secunia.com/advisories/31758/

CRITICAL: Moderately critical

IMPACT: Manipulation of data

SOFTWARE: Zen Cart 1.x - http://secunia.com/product/3488/

DESCRIPTION: James Bercegay has reported two vulnerabilities in Zen Cart, which can be exploited by malicious people to conduct SQL injection attacks. Successful exploitation requires in both cases that "magic_quotes_gpc" is disabled. The vulnerabilities are reported in versions 1.2.0d to 1.3.8a.
 Read More...

From http://blogs.zdnet.com/

"Could a simple flash file redirector pushing fake security software actually trick a large number of users? Of course, especially when the files are hosted at legitimate services, the message localized to a native language, and the links spammed to millions of users."

Read the entire article Malware and spam attacks exploiting Picasa and ImageShack

Whoa! Google Chrome has crashed. Restart now? While Google’s Chrome team is cheering, Rishi Narang from Evil Fingers is typing and releasing a proof of concept for a denial of service vulnerability that is successfully crashing the Chrome browser with all tabs.

Read it all!