SECUNIA ADVISORY ID: SA22973

VERIFY ADVISORY: http://secunia.com/advisories/22973/

CRITICAL: Moderately critical

IMPACT: Exposure of system information, Exposure of sensitive information, System access

SOFTWARE: PHP Upload Tool 1.x - http://secunia.com/product/12655/

DESCRIPTION: Some vulnerabilities have been discovered in PHP Upload Tool, which can be exploited by malicious users to gain system access or by malicious people to expose sensitive information. The vulnerabilities are confirmed in version 1.0. Other versions may also be affected.

1) The bin/main_user.php script fails to validate the extension of an uploaded file. This can be exploited to upload files with arbitrary extensions (e.g. ".php") and execute arbitrary PHP code on the server. Successful exploitation requires valid user credentials.

2) Input passed to the "filename" parameter in bin/download.php is not properly sanitised before being used to download files. Successful exploitation allows for downloading of arbitrary files on the system, e.g. "/etc/passwd" or "conf/users.conf" (the product's usernames and password hashes).

SOLUTION: Edit the source code to ensure that input is properly verified and sanitised. Restrict access to the application, e.g. with an ".htaccess" file.

PROVIDED AND/OR DISCOVERED BY: Craig Heffner and an anonymous person

ORIGINAL ADVISORY: 2) http://www.craigheffner.com/security/exploits/upload_tool_php.txt

SECUNIA ADVISORY ID: SA22955

VERIFY ADVISORY: http://secunia.com/advisories/22955/

CRITICAL: Moderately critical

IMPACT: Manipulation of data

SOFTWARE: Enthrallweb eShopping Cart - http://secunia.com/product/12651/

DESCRIPTION: Laurent Gaffié and Benjamin Mossé have reported some vulnerabilities in Enthrallweb eShopping Cart, which can be exploited by malicious people to conduct SQL injection attacks. Input passed to the "ProductID" in reviews.asp and productdetail.asp, and to the "cat_id" and "sub_id" parameters in subProducts.asp is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

SOLUTION: Edit the source code to ensure that input is properly sanitised.

PROVIDED AND/OR DISCOVERED BY: Laurent Gaffié and Benjamin Mossé

SECUNIA ADVISORY ID: SA22825

VERIFY ADVISORY: http://secunia.com/advisories/22825/

CRITICAL: Less critical

IMPACT: Hijacking, Cross Site Scripting

WHERE: >From remote

SOFTWARE: cPanel 10.x - http://secunia.com/product/5280/

DESCRIPTION: Aria-Security has reported some vulnerabilities in cPanel, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site scripting and cross-site request forgery attacks. Read More...

SECUNIA ADVISORY ID: SA22782

VERIFY ADVISORY: http://secunia.com/advisories/22782/

CRITICAL: Moderately critical

IMPACT: Exposure of sensitive information

WHERE: >From remote

SOFTWARE: phpMyChat Plus 1.x - http://secunia.com/product/12556/

DESCRIPTION: ajann has discovered several vulnerabilities in phpMyChat Plus, which can be exploited by malicious people to disclose potentially sensitive information. Input passed to the "ChatPath" parameter in colorhelp_popup.php and color_popup.php and the "L" parameter in avatar.php and logs.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources. Successful exploitation requires that "magic_quotes_gpc" is disabled. Successful exploitation of the colorhelp_popup.php script also requires that "register_globals" is enabled. The vulnerabilities are confirmed in version 1.90_fixed_060917. Other versions may also be affected.

SOLUTION: Edit the source code to ensure that input is properly verified.

PROVIDED AND/OR DISCOVERED BY: ajann

SECUNIA ADVISORY ID: SA22770

VERIFY ADVISORY: http://secunia.com/advisories/22770/

CRITICAL: Moderately critical

IMPACT: Security Bypass, Cross Site Scripting, DoS, System access

WHERE: >From remote

SOFTWARE: Mozilla Thunderbird 1.5.x - http://secunia.com/product/4652/

DESCRIPTION: Some vulnerabilities have been reported in Mozilla Thunderbird, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, and potentially compromise a vulnerable system.

1) The bundled Network Security Services (NSS) library contains an incomplete fix for the RSA signature verification vulnerability reported in MFSA 2006-60.

For more information: SA21903 Read More...

SECUNIA ADVISORY ID: SA22722

VERIFY ADVISORY: http://secunia.com/advisories/22722/

CRITICAL: Highly critical

IMPACT: Security Bypass, Cross Site Scripting, DoS, System access

WHERE: >From remote

SOFTWARE:
Mozilla Firefox 1.x - http://secunia.com/product/4227/
Mozilla SeaMonkey 1.x - http://secunia.com/product/9126/

DESCRIPTION: Some vulnerabilities have been reported in Mozilla Firefox and Mozilla SeaMonkey, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, and potentially compromise a vulnerable system. 1) The bundled Network Security Services (NSS) library contains an incomplete fix for the RSA signature verification vulnerability reported in MFSA 2006-60.

For more information: SA21903 Read More...