SECUNIA ADVISORY ID: SA28791

VERIFY ADVISORY: http://secunia.com/advisories/28791/

CRITICAL: Highly critical

IMPACT: System access

SOFTWARE:
Skype for Windows 3.x - http://secunia.com/product/12919/
Skype for Windows 2.x - http://secunia.com/product/7268/
Skype for Windows 1.x - http://secunia.com/product/4250/

DESCRIPTION: An update has been released for Skype, which implements security enhancements to prevent compromise of users' systems. Skype uses the Internet Explorer web control to render HTML from certain websites (e.g. DailyMotion, Metacafe, and SkypeFind). As the content is rendered in the "Local Machine" security zone, this allows execution of arbitrary script code on a user's system via script insertion vulnerabilities present in these websites.
 Read More...

SECUNIA ADVISORY ID: SA28682

VERIFY ADVISORY: http://secunia.com/advisories/28682/

CRITICAL: Moderately critical

IMPACT: Cross Site Scripting, Manipulation of data, System access

SOFTWARE: Coppermine Photo Gallery 1.x - http://secunia.com/product/1427/

DESCRIPTION: Some vulnerabilities have been reported in Coppermine Photo Gallery, which can be exploited by malicious people to conduct cross-site scripting attacks and by malicious users to conduct SQL injection attacks or compromise a vulnerable system. Successful exploitation of the vulnerabilities requires valid user credentials.
 Read More...

SECUNIA ADVISORY ID: SA28688

VERIFY ADVISORY: http://secunia.com/advisories/28688/

CRITICAL: Highly critical

IMPACT: System access

SOFTWARE: IrfanView FlashPix Plug-In 3.x - http://secunia.com/product/17367/

DESCRIPTION: Marsu has discovered a vulnerability in the FlashPix plug-in for IrfanView, which potentially can be exploited by malicious people to compromise a vulnerable system. The vulnerability is confirmed in version 3.9.8.0 of fpx.dll. Other versions may also be affected.
 Read More...

Evaders99 writes:  

Another security bug, this time with phpBB. You could possibly delete your entire Private Message inbox, but only if you are logged in and get sent some nasty code.

phpBB 2.0.22 Remote PM Delete XSRF Vulnerability

See the link for the fix

Also if you didn't see the more urgent SQL injection in the Search module...
PHP-Nuke modules/Search/index.php SQL fix is here

SECUNIA ADVISORY ID: SA28630

VERIFY ADVISORY: http://secunia.com/advisories/28630/

CRITICAL: Less critical

IMPACT: Cross Site Scripting, Manipulation of data

SOFTWARE: phpBB 2.x - http://secunia.com/product/463/



DESCRIPTION: NBBN has discovered a vulnerability in phpBB, which can be exploited by malicious people to conduct cross-site request forgery attacks. The vulnerability is confirmed in version 2.0.22. Other versions may also be affected.
 Read More...

Note: 

Montego added: Evaders has tested and released a fix for phpBB 2.0.22 and BBToNuke 2.0.22 See: http://evaders.swrebellion.com/forums/postt96.html

SECUNIA ADVISORY ID: SA28646

VERIFY ADVISORY: http://secunia.com/advisories/28646/

CRITICAL: Moderately critical

IMPACT: Exposure of system information, Exposure of sensitive information

SOFTWARE: Seagull PHP Framework 0.x - http://secunia.com/product/5387/

DESCRIPTION: fuzion has discovered a vulnerability in Seagull PHP Framework, which can be exploited by malicious people to disclose sensitive information.
 Read More...