SECUNIA ADVISORY ID: SA30330

VERIFY ADVISORY: http://secunia.com/advisories/30330/

CRITICAL: Highly critical

IMPACT: DoS, System access

SOFTWARE:
FileZilla 2.x http://secunia.com/product/2925/
FileZilla 3.x http://secunia.com/product/15691/

DESCRIPTION: Some vulnerabilities have been reported in FileZilla, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise a user's system. The vulnerabilities are caused due to the precompiled packages including a vulnerable version of the GnuTLS library. The vulnerabilities are reported in versions prior to 3.0.10.
 Read More...

Mozilla is warning that a Vietnamese language pack for Firefox 2 is carrying malware. In her blog, Mozilla security chief Window Snyder writes:

The Vietnamese language pack for Firefox 2 contains inserted code to load remote content. This code is the result of a virus infection, but does not contain the virus itself. This usually results in the user seeing unwanted ads, but may be used for more malicious actions. Everyone who downloaded the most recent Vietnamese language pack since February 18, 2008 got an infected copy. While we cannot determine the exact number of compromised downloads, there have been 16,667 total downloads of the Vietnamese language pack since November 2007, so we anticipate the impact on users to be limited.

Also follow the bug for the issue. Snyder also noted that Mozilla scans for viruses at upload time, but the scanner didn’t catch this problem “until several months after the upload.” Mozilla is adding additional virus scans to catch these issues in the future.

SECUNIA ADVISORY ID: SA30050

VERIFY ADVISORY: http://secunia.com/advisories/30050/

CRITICAL: Moderately critical

IMPACT: DoS

SOFTWARE: Call of Duty 4: Modern Warfare - http://secunia.com/product/18568/

DESCRIPTION: Luigi Auriemma has reported a vulnerability in Call of Duty 4: Modern Warfare, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is reported in version 1.5. Other versions may also be affected.
 Read More...

papamike writes:  

I spent a whole bunch of years as a Network Engineer (retired PhD). And in all of that time one thing I pushed was strong passwords.

I violated my own goldplated rule and allowed one of the people I host to have a 'weak' password because of his physical condition.

Now today I'm paying the price for violating my rule in the number of hours spent weeding out implanted code within php and html files scattered all over the site in question.

Please, for your own sake, keep the passwords strong and don't give them out to anyone. Your friend today just could be your enemy tomorrow.

SECUNIA ADVISORY ID: SA29852

VERIFY ADVISORY: http://secunia.com/advisories/29852/

CRITICAL: Highly critical

IMPACT: System access

SOFTWARE:
OpenOffice.org 2.x http://secunia.com/product/6157/
OpenOffice 1.1.x http://secunia.com/product/302/
OpenOffice 1.0.x http://secunia.com/product/303/

DESCRIPTION: Some vulnerabilities have been reported in OpenOffice, which can be exploited by malicious people to potentially compromise a user's system. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. The vulnerabilities are reported in versions prior to 2.4.  Read More...

SECUNIA ADVISORY ID: SA29846

VERIFY ADVISORY: http://secunia.com/advisories/29846/

CRITICAL: Highly critical

IMPACT: Cross Site Scripting, DoS, System access

SOFTWARE:
Safari 3.x http://secunia.com/product/17989/
Safari for Windows 3.x http://secunia.com/product/17978/

DESCRIPTION: Some vulnerabilities have been reported in Safari, which can be exploited by malicious people to conduct cross-site scripting attacks or potentially to compromise a user's system. Successful exploitation may allow execution of arbitrary code e.g. when a user visits a malicious web page. The vulnerabilities are reported in versions prior to 3.1.1.
 Read More...