SECUNIA ADVISORY ID: SA22272

VERIFY ADVISORY: http://secunia.com/advisories/22272/

CRITICAL: Less critical

IMPACT: Hijacking, Manipulation of data

WHERE: >From remote

SOFTWARE: Invision Power Board 2.x - http://secunia.com/product/3705/ Read More...

SECUNIA ADVISORY ID: SA22280

VERIFY ADVISORY: http://secunia.com/advisories/22280/

CRITICAL: Moderately critical

IMPACT: DoS, System access

WHERE: >From remote

SOFTWARE: PHP 5.1.x - http://secunia.com/product/6796/

DESCRIPTION: A vulnerability has been reported in PHP, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. The vulnerability is caused due to an integer overflow within the "_ecalloc" function. This can potentially be exploited to execute arbitrary code via specially crafted requests if a PHP script allocates memory based on attacker supplied data.

SOLUTION: The vulnerability has been fixed in the CVS repository: http://cvs.php.net/viewvc.cgi/ZendEngine2/zend_alloc.c?r1=1.161&r2=1.162

PROVIDED AND/OR DISCOVERED BY: Disclosed via vendor CVS commit.

ORIGINAL ADVISORY: http://cvs.php.net/viewvc.cgi/ZendEngine2/zend_alloc.c?r1=1.161&r2=1.162

SECUNIA ADVISORY ID: SA22275

VERIFY ADVISORY: http://secunia.com/advisories/22275/

CRITICAL: Less critical

IMPACT: Cross Site Scripting

WHERE: >From remote

SOFTWARE: osCommerce 2.x - http://secunia.com/product/1308/

DESCRIPTION: Some vulnerabilities have been reported in osCommerce, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "page" parameter in multiple files and to the "zpage" parameter in admin/geo_zones.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in an administrator's browser session in context of an affected site. The vulnerabilities have been reported in osCommerce 2.2 Milestone 2 Update 060817. Other versions may also be affected.

Affected files: Read More...

SECUNIA ADVISORY ID: SA22235

VERIFY ADVISORY: http://secunia.com/advisories/22235/

CRITICAL: Less critical

IMPACT: Security Bypass

WHERE: Local system

SOFTWARE:
PHP 5.1.x - http://secunia.com/product/6796/
PHP 5.0.x - http://secunia.com/product/3919/
PHP 4.4.x - http://secunia.com/product/5768/
PHP 4.3.x - http://secunia.com/product/922/
PHP 4.2.x - http://secunia.com/product/105/
PHP 4.1.x - http://secunia.com/product/1654/
PHP 4.0.x - http://secunia.com/product/1655/

DESCRIPTION: Stefan Esser has reported a vulnerability in PHP, which can be exploited by malicious, local users to bypass certain security restrictions. The vulnerability is caused due to a race condition in the handling of symlinks and can be exploited to bypass the open_basedir protection mechanism. The vulnerability has been reported in PHP4 and PHP5.

SOLUTION: Disable the "symlink()" function in php.ini.

PROVIDED AND/OR DISCOVERED BY: Stefan Esser

ORIGINAL ADVISORY: http://www.hardened-php.net/advisory_082006.132.html

SECUNIA ADVISORY ID: SA22188

VERIFY ADVISORY: http://secunia.com/advisories/22188/

CRITICAL: Less critical

IMPACT: System access

WHERE: >From remote

SOFTWARE: phpBB 2.x - http://secunia.com/product/463/

DESCRIPTION: ShAnKaR has discovered a vulnerability in phpBB, which can be exploited by malicious users to compromise a vulnerable system. Input passed to the "avatar_path" parameter in admin/admin_board.php is not properly sanitized before being used as a configuration variable to store avatar images. This can be exploited to upload and execute arbitrary PHP code by changing "avatar_path" to a file with a trailing NULL byte. Successful exploitation requires privileges to the administration section. The vulnerability has been confirmed in version 2.0.21. Other versions may also be affected.

SOLUTION: Grant only trusted users access to the administration section. Edit the source code to ensure that input is properly sanitized.

PROVIDED AND/OR DISCOVERED BY: ShAnKaR

TITLE: FileZilla / FileZilla Server Multiple Vulnerabilities

SECUNIA ADVISORY ID: SA22094

VERIFY ADVISORY: http://secunia.com/advisories/22094/

CRITICAL: Highly critical

IMPACT: DoS, System access

WHERE: >From remote

SOFTWARE:
FileZilla Server 0.x - http://secunia.com/product/3848/
FileZilla 2.x - http://secunia.com/product/2925/

DESCRIPTION: Some vulnerabilities have been reported in FileZilla and FileZilla Server, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system. The vulnerabilities are caused due to the use of a vulnerable OpenSSL version.

For more information: SA22130

SOLUTION:
FileZilla: Update to version 2.2.28.
FileZilla Server: Update to version 0.9.19.
ORIGINAL ADVISORY: http://sourceforge.net/forum/forum.php?forum_id=617485
OTHER REFERENCES: SA22130: http://secunia.com/advisories/22130/