SECUNIA ADVISORY ID: SA27277

VERIFY ADVISORY: http://secunia.com/advisories/27277/

CRITICAL: Highly critical

IMPACT: Cross Site Scripting, System access

WHERE: >From remote

SOFTWARE:
Opera 5.x - http://secunia.com/product/82/
Opera 6.x - http://secunia.com/product/81/
Opera 7.x - http://secunia.com/product/761/
Opera 8.x - http://secunia.com/product/4932/
Opera 9.x - http://secunia.com/product/10615/

DESCRIPTION: Two vulnerabilities have been reported in Opera, which can be exploited by malicious people to conduct cross-site scripting attacks and to compromise a user's system.
 Read More...

SECUNIA ADVISORY ID: SA26619

VERIFY ADVISORY: http://secunia.com/advisories/26619/

CRITICAL: Moderately critical

IMPACT: System access

WHERE: >From remote

SOFTWARE:
IrfanView 4.x: http://secunia.com/product/14192/
IrfanView 3.x: http://secunia.com/product/2532/

DESCRIPTION: Secunia Research has discovered a vulnerability in IrfanView, which can be exploited by malicious people to compromise a user's system.
 Read More...

SECUNIA ADVISORY ID: SA27001

VERIFY ADVISORY: http://secunia.com/advisories/27001/

CRITICAL: Highly critical

IMPACT: Exposure of system information, Exposure of sensitive information, System access

WHERE: >From remote

SOFTWARE: phpbb-openid (module for phpBB) 0.x - http://secunia.com/product/15904/

DESCRIPTION: xoron has reported a vulnerability in the phpbb-openid module for phpBB, which can be exploited by malicious people to disclose sensitive information or to compromise a vulnerable system.
 Read More...

SECUNIA ADVISORY ID: SA26958

VERIFY ADVISORY: http://secunia.com/advisories/26958/

CRITICAL: Moderately critical

IMPACT: Exposure of system information, Exposure of sensitive information

WHERE: >From remote

SOFTWARE: Dance Music 1.x (module for PHP-Nuke) - http://secunia.com/product/15830/

DESCRIPTION: Janek Vind has discovered a vulnerability in the Dance Music module for PHP-Nuke, which can be exploited by malicious people to disclose sensitive information.
 Read More...

Duck writes:  

I would like to inform the community that I discovered a vulnerability in the Hall of Shame Module (HoS) I wrote.

It came to my attention that my server was running a script that was using up processor resources and lagging my shared host environment. The process was running under my account so I did some searching and found out there were files uploaded to the HoS punkss and punkdemo folders where files uploaded by admins are stored.

It seems they were using my server as a mail and chat relay. I still looking into the matter to figure out how they got in and how to make sure it doesn't happen again but in the meantime I wanted to inform the community so people can secure themselves as quickly as possible.

First step to do is check for any sub-folders under punkss and punkdemos and  Read More...

SECUNIA ADVISORY ID: SA26926

VERIFY ADVISORY: http://secunia.com/advisories/26926/

CRITICAL: Highly critical

IMPACT: DoS, System access

WHERE: >From remote

SOFTWARE:
ImageMagick 6.x - http://secunia.com/product/3763/
ImageMagick 5.x - http://secunia.com/product/1791/

DESCRIPTION: Some vulnerabilities have been reported in ImageMagick, which can be exploited by malicious people to conduct DoS (Denial of Service) attacks or compromise a user's system.
 Read More...