Reprinted from http://nukescripts.net

This has been verified on Snopes.com (exact link listed below) and by the FBI (their link is also included below).

It is spreading fast so be prepared should you get this call. Most of us take those summons for jury duty seriously, but enough people skip out on their civic duty that a new and ominous kind of scam has surfaced.


Fall for it and your identity could be stolen, reports CBS. In this con, someone calls pretending to be a court official who threateningly says a warrant has been issued for your arrest because you didn't show up for jury duty. The caller claims to be a jury coordinator. If you protest that you never received a summons for jury duty, the scammer asks you for your Social Security number and date of birth so he or she can verify the information and cancel the arrest warrant. Sometimes they even ask for credit card numbers. Give out any of this information and bingo! Your identity just got stolen.

The scam has been reported so far in 11 states, including Oklahoma, Illinois, and Colorado. This (scam) is particularly insidious because they use intimidation over the phone to try to bully people into giving information by pretending they're with the court system. The FBI and the federal court system have issued nationwide alerts on their web sites, warning consumers about the fraud.

Check it out here:
Snopes
FBI

TITLE: PHP Event Calendar "path_to_calendar" File Inclusion

SECUNIA ADVISORY ID: SA21074

VERIFY ADVISORY: http://secunia.com/advisories/21074/

CRITICAL: Highly critical

IMPACT: System access

WHERE: >From remote

SOFTWARE: PHP Event Calendar 1.x
http://secunia.com/product/7964/

DESCRIPTION: Solpot has reported a vulnerability in PHP Event Calendar, which can be exploited by malicious people to compromise a vulnerable system. Input passed to the "path_to_calendar" parameter in cl_files/calendar.php is not properly verified before being used to include files. This can be exploited to execute arbitrary PHP code by including files from local or external resources.

The vulnerability has been reported in version 1.4. Other versions may also be affected.

SOLUTION: Update to version 1.5.1.

PROVIDED AND/OR DISCOVERED BY: Solpot

ORIGINAL ADVISORY: http://www.solpotcrew.org/adv/solpot-adv-01.txt

TITLE: phpBB Mail2Forum Module "m2f_root_path" File Inclusion

SECUNIA ADVISORY ID: SA21083

VERIFY ADVISORY: http://secunia.com/advisories/21083/

CRITICAL: Highly critical

IMPACT: System access

WHERE: >From remote

SOFTWARE: Mail2Forum 1.x (module for phpBB)
http://secunia.com/product/11080/

DESCRIPTION: OLiBekaS has reported a vulnerability in the Mail2Forum module for phpBB, which can be exploited by malicious people to compromise a vulnerable system. Input passed to the "m2f_root_path" parameter in m2f/m2f_phpbb204.php, m2f/m2f_forum.php, m2f/m2f_mailinglist.php, and m2f/m2f_cron.php is not properly verified before being used to include files. This can be exploited to execute arbitrary PHP code by including files from local or external resources.

Successful exploitation requires that "register_globals" is enabled.

The vulnerability has been reported in version 1.2. Other versions may also be affected.

SOLUTION: Edit the source code to ensure that input is properly verified.

PROVIDED AND/OR DISCOVERED BY: OLiBekaS

ORIGINAL ADVISORY: http://milw0rm.com/exploits/2019

TITLE: Virtual War "war.php" SQL Injection Vulnerabilities

SECUNIA ADVISORY ID: SA20696

VERIFY ADVISORY: http://secunia.com/advisories/20696/

CRITICAL: Moderately critical

IMPACT: Manipulation of data

WHERE: >From remote

SOFTWARE: Virtual War 1.x -- http://secunia.com/product/9014/

DESCRIPTION: r0t has discovered some vulnerabilities in Virtual War, which can be exploited by malicious people to conduct SQL injection attacks. Input passed to the "s", "showgame", "sortorder", and "sortby" parameters in "war.php" isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerabilities have been confirmed in version 1.5.0 R14. Other versions may also be affected.

SOLUTION: Edit the source code to ensure that input is properly sanitised.

PROVIDED AND/OR DISCOVERED BY: r0t

ORIGINAL ADVISORY: http://pridels.blogspot.com/2006/06/virtual-war-multiple-sql-inj-vuln.html

TITLE: Coppermine Photo Gallery "add_hit()" SQL Injection

SECUNIA ADVISORY ID: SA20597

VERIFY ADVISORY: http://secunia.com/advisories/20597/

CRITICAL: Moderately critical

IMPACT: Manipulation of data

WHERE: >From remote

SOFTWARE: Coppermine Photo Gallery 1.x
http://secunia.com/product/1427/

DESCRIPTION: imei addmimistrator has discovered two vulnerabilities in Coppermine Photo Gallery, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "referer" and "user-agent" HTTP headers isn't properly sanitised before being used in a SQL query in the "add_hit()" function. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Successful exploitation requires that "magic_quotes_gpc" is disabled and that the "Keep detailed hit statistics" setting is enabled (not enabled by default).

The vulnerabilities have been confirmed in version 1.4.8. Other versions may also be affected.

SOLUTION: Edit the source code to ensure that input is properly sanitised. Disable the "Keep detailed hit statistics" setting.

PROVIDED AND/OR DISCOVERED BY: imei addmimistrator

ORIGINAL ADVISORY

TITLE: Coppermine Photo Gallery usermgr.php Unspecified Vulnerability

SECUNIA ADVISORY ID: SA20465

VERIFY ADVISORY: http://secunia.com/advisories/20465/

CRITICAL: Moderately critical

IMPACT: Unknown

WHERE: >From remote

SOFTWARE: Coppermine Photo Gallery 1.x
http://secunia.com/product/1427/

DESCRIPTION: A vulnerability with an unknown impact has been reported in Coppermine Photo Gallery.

The vulnerability is caused due to an unspecified error in usermgr.php.

SOLUTION: Update to version 1.4.7.
http://sourceforge.net/project/showfiles.php?group_id=89658

PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.

ORIGINAL ADVISORY: http://coppermine-gallery.net/forum/index.php?topic=32333.0