SECUNIA ADVISORY ID: SA25627

VERIFY ADVISORY: http://secunia.com/advisories/25627/

CRITICAL: Highly critical

IMPACT: Cross Site Scripting, Spoofing, System access

WHERE: >From remote

SOFTWARE:
Microsoft Internet Explorer 5.01 - http://secunia.com/product/9/
Microsoft Internet Explorer 6.x - http://secunia.com/product/11/
Microsoft Internet Explorer 7.x - http://secunia.com/product/12366/

DESCRIPTION: Multiple vulnerabilities have been reported in Internet Explorer, which can be exploited by malicious people to conduct phishing attacks or compromise a user's system.
 Read More...

SECUNIA ADVISORY ID: SA25601

VERIFY ADVISORY: http://secunia.com/advisories/25601/

CRITICAL: Moderately critical

IMPACT: System access

WHERE: >From local network

SOFTWARE: Firebird 2.x - http://secunia.com/product/11516/

DESCRIPTION: Cody Pierce has reported a vulnerability in Firebird, which can be exploited by malicious people to compromise a vulnerable system.
 Read More...

forgotz writes:  

DaDaNuke is proud to announce that we have expanded our current inventory to offer products, service and support for Nuke-Evolution. Click here to see our new site! Nuke-Evolution is a variant of the CMS (Content Management System) PHP-Nuke, version 7.6. "Evo", as it is affectionately know, has it's roots in the former TechGFX project, PHP-Nuke Platinum. Although the continuation of that project under another development team may be found here. Consider partly, that Nuke-Evolution is a lessons learned exercise, as a result of the experience of former Platinum developers, who now make the core of the Nuke-Evolution development team. Read More... for complete story. Read More...

Guardian2003 writes:  

A vulnerability has been discovered in the NSN Supporters Module which, under some conditions may allow a hacker to conduct a successful XSS attack on affected sites.

The conditions required are either incorrectly set MIME TYPEs at server level or if the module is configured to allow upload of Supporter images.

With immediate effect:
If you are using this module, ensure you have not allowed image uploads.
A temporary fix is discussed here:
http://ravenphpscripts.com/postx13183-0-0.html Read More...

SECUNIA ADVISORY ID: SA24949

VERIFY ADVISORY: http://secunia.com/advisories/24949/

CRITICAL: Moderately critical

IMPACT: Security Bypass, Manipulation of data, Exposure of sensitive information

WHERE: >From remote

SOFTWARE: PHP-Nuke 7.x - http://secunia.com/product/2385/

DESCRIPTION: Aleksandar has discovered some vulnerabilities in PHP-Nuke, which can be exploited by malicious people to conduct SQL injection attacks and to bypass certain security restrictions.
 Read More...

Note: 

Please note that RavenNuke(tm) is not affected by this exploit. We also could not recreate it if your site is protected by NukeSentinel(tm)

SECUNIA ADVISORY ID: SA24956

VERIFY ADVISORY: http://secunia.com/advisories/24956/

CRITICAL: Highly critical

IMPACT: System access

WHERE: >From remote

SOFTWARE: jGallery 1.x - http://secunia.com/product/13992/

DESCRIPTION: Dj7xpl has discovered a vulnerability in jGallery, which can be exploited by malicious people to compromise a vulnerable system.
 Read More...