SECUNIA ADVISORY ID: SA31683

VERIFY ADVISORY: http://secunia.com/advisories/31683/

CRITICAL: Moderately critical

IMPACT: Hijacking, Manipulation of data, Exposure of sensitive information, System access.

SOFTWARE: Invision Power Board 2.x - http://secunia.com/product/3705/

DESCRIPTION: DarkFig has reported some vulnerabilities in Invision Power Board (IP.Board), which can be exploited by malicious users to disclose sensitive information and compromise a vulnerable system, and by malicious people to conduct SQL injection attacks.
 Read More...

kguske writes:  

From Joomla:
A flaw in the reset token validation mechanism allows for non-validating tokens to be forged. This will allow an unauthenticated, unauthorized user to reset the password of the first enabled user (lowest id). Typically, this is an administrator user. Note, that changing the first users username may lessen the impact of this exploit (since the person who changed the password does not know the login associated with the new password). However, the only way to completely rectify the issue is to upgrade to 1.5.6 (or patch the /components/com_user/models/reset.php file).

SECUNIA ADVISORY ID: SA31549

VERIFY ADVISORY: http://secunia.com/advisories/31549/

CRITICAL: Highly critical

IMPACT: Security Bypass, Spoofing, Exposure of sensitive information, DoS, System

SOFTWARE:
Opera 5.x - http://secunia.com/product/82/
Opera 6.x - http://secunia.com/product/81/
Opera 7.x - http://secunia.com/product/761/
Opera 8.x - http://secunia.com/product/4932/
Opera 9.x - http://secunia.com/product/10615/

DESCRIPTION: Some vulnerabilities have been reported in Opera, which can be exploited by malicious people to conduct spoofing and cross-site scripting attacks, bypass certain security restrictions, disclose potentially sensitive information, or potentially compromise a user's system.
 Read More...

SECUNIA ADVISORY ID: SA31504

VERIFY ADVISORY: http://secunia.com/advisories/31504/

CRITICAL: Moderately critical

IMPACT: System access

SOFTWARE:
Ipswitch WS_FTP Professional 2007 - http://secunia.com/product/13838/
Ipswitch WS_FTP Home 2007 - http://secunia.com/product/19609/

DESCRIPTION: securfrog has discovered a vulnerability in WS_FTP Home and Professional, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to a format string error when processing responses of the FTP server. This can be exploited by e.g. tricking a user into connecting to a malicious FTP server. Successful exploitation may allow the execution of arbitrary code. The vulnerability is confirmed in WS_FTP Home version 2007.0.0.2 and WS_FTP Professional version 2007.1.0.0. Other versions may also be affected.

SOLUTION: Connect to trusted servers only.

PROVIDED AND/OR DISCOVERED BY: securfrog

ORIGINAL ADVISORY: http://milw0rm.com/exploits/6257

SECUNIA ADVISORY ID: SA31409

VERIFY ADVISORY: http://secunia.com/advisories/31409/

CRITICAL: Moderately critical

IMPACT: Unknown, Exposure of sensitive information, DoS, System access

SOFTWARE: PHP 4.4.x - http://secunia.com/product/5768/

DESCRIPTION: Some vulnerabilities have been reported in PHP, where some have an unknown impact and others can potentially be exploited by malicious people to disclose sensitive information, cause a DoS (Denial of Service), or compromise a vulnerable system. Read More...

SECUNIA ADVISORY ID: SA31375

VERIFY ADVISORY: http://secunia.com/advisories/31375/

CRITICAL: Highly critical

IMPACT: System access

SOFTWARE:
Microsoft Internet Explorer 5.01 - http://secunia.com/product/9/
Microsoft Internet Explorer 6.x - http://secunia.com/product/11/
Microsoft Internet Explorer 7.x - http://secunia.com/product/12366/

DESCRIPTION: Multiple vulnerabilities have been reported in Internet Explorer, which can be exploited by malicious people to compromise a user's system.  Read More...