SECUNIA ADVISORY ID: SA22580

VERIFY ADVISORY: http://secunia.com/advisories/22580/

CRITICAL: Highly critical

IMPACT: Unknown

WHERE: >From remote

SOFTWARE:
WinAMP 2.x - http://secunia.com/product/894/
WinAMP 3.x - http://secunia.com/product/382/
Winamp 5.x - http://secunia.com/product/3021/

DESCRIPTION: Two vulnerabilities with an unknown impact have been reported in Winamp. Read More...

SECUNIA ADVISORY ID: SA22542

VERIFY ADVISORY: http://secunia.com/advisories/22542/

CRITICAL: Less critical

IMPACT: Spoofing

WHERE: >From remote

SOFTWARE: Microsoft Internet Explorer 7.x - http://secunia.com/product/12366/

DESCRIPTION: A weakness has been discovered in Internet Explorer, which can be exploited by malicious people to conduct phishing attacks. Read More...

SECUNIA ADVISORY ID: SA22499

VERIFY ADVISORY: http://secunia.com/advisories/22499/

CRITICAL: Highly critical

IMPACT: System access

WHERE: >From remote

SOFTWARE: Fully Modded phpBB - http://secunia.com/product/12401/

DESCRIPTION: Some vulnerabilities have been discovered in Fully Modded phpBB, which can be exploited by malicious people to compromise a vulnerable system. Input passed to the "foing_root_path" and "phpbb_root_path" parameters in player/includes/common.php is not properly verified before being used to include files. This can be exploited to execute arbitrary PHP code by including files from local or external resources. The vulnerabilities are confirmed in version 2021.4.40. Other versions may also be affected.

SOLUTION: Edit the source code to ensure that input is properly verified.

PROVIDED AND/OR DISCOVERED BY: 020 and an anonymous person

ORIGINAL ADVISORY: http://milw0rm.com/exploits/2621

SECUNIA ADVISORY ID: SA22511

VERIFY ADVISORY: http://secunia.com/advisories/22511/

CRITICAL: Moderately critical

IMPACT: Manipulation of data

WHERE: >From remote

SOFTWARE: PHP-Nuke 7.x - http://secunia.com/product/2385/

DESCRIPTION: Paisterist has discovered a vulnerability in PHP-Nuke, which can be exploited by malicious people to conduct SQL injection attacks. Read More...

Note: 

Admin: If you are up-to-date with your patches you will not be affected by this. Also, I beleive this is an old exploit, but I'm not sure

SECUNIA ADVISORY ID: SA22478

VERIFY ADVISORY: http://secunia.com/advisories/22478/

CRITICAL: Less critical

IMPACT: Privilege escalation

WHERE: Local system

SOFTWARE:
Kaspersky Anti-Virus 6.x - http://secunia.com/product/10470/
Kaspersky Anti-Virus 5.x - http://secunia.com/product/2781/
Kaspersky Anti-Virus 4.x - http://secunia.com/product/916/

DESCRIPTION: A vulnerability has been reported in Kaspersky Labs Anti-Virus, which can be exploited by malicious, local users to gain escalated privileges. A design error due to improper address space validation in the KLIN.sys and KLICK.sys device drivers when processing IOCTL 0x80052110 requests can be exploited via a specially crafted IRP structure passed to the vulnerable IOCTL handler. Successful exploitation allows execution of arbitrary code with kernel-level privileges. The vulnerability is reported in version 2.0.0.281 of the device drivers, which are included in Kaspersky Labs Anti-Virus 6.0.0.303. Other versions may also be affected.

SOLUTION: Update to version 2.0.0.333 of the device drivers via Kaspersky's Update service.

PROVIDED AND/OR DISCOVERED BY: Rubén Santamarta, reversemode.com.

ORIGINAL ADVISORY: iDefense Labs: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=425

SECUNIA ADVISORY ID: SA22394

VERIFY ADVISORY: http://secunia.com/advisories/22394/

CRITICAL: Highly critical

IMPACT: System access

WHERE: >From remote

SOFTWARE:
Microsoft Powerpoint 2003 - http://secunia.com/product/5274/
Microsoft PowerPoint 2002 - http://secunia.com/product/2223/
Microsoft PowerPoint 2000 - http://secunia.com/product/3052/
Microsoft Office XP - http://secunia.com/product/23/  Read More...