TITLE: phpBB foing Module "phpbb_root_path" File Inclusion

SECUNIA ADVISORY ID: SA20092

VERIFY ADVISORY: http://secunia.com/advisories/20092/

CRITICAL: Highly critical

IMPACT: System access

WHERE: >From remote

SOFTWARE: foing 0.x (phpBB module)
http://secunia.com/product/9935/

DESCRIPTION:
Kurdish Security has discovered some vulnerabilities in the foing module for phpBB, which can be exploited by malicious people to compromise a vulnerable system.

Input passed to the "phpbb_root_path" parameter in index.php,song.php, faq.php, list.php, gen_m3u.php, and playlist.php isn't properly verified, before it is used to include files. This can be exploited to include arbitrary files from external and local resources.

The vulnerabilities have been confirmed in version 0.7.0 and have also been reported in versions 0.6.0, 0.5.0, 0.4.0, 0.3.0, and 0.2.0. Other versions may also be affected.

SOLUTION: Edit the source code to ensure that input is properly verified.

Use another product.

PROVIDED AND/OR DISCOVERED BY: Kurdish Security

ORIGINAL ADVISORY:
http://kurdishsecurity.blogspot.com/2006/05/kurdish-security-7-foing-remote-file.html

Guardian2003 writes:  

For the latest security vulnerabilities that may impact your phpNuke installation, visit the forums at http://www.code-authors.com

We receive all the Secunia security alerts and filter them so we only show what is pertinent to you.
We do the hard work, so you don't have to.

Recent vulnerabilities:
phpBB Top List
phpBB Advanced Guestbook
4images

SECUNIA ADVISORY ID: SA19892

VERIFY ADVISORY: http://secunia.com/advisories/19892/

CRITICAL: Highly critical

IMPACT: System access

WHERE: From remote

SOFTWARE: Knowledge Base Mod 2.x (module for phpBB) http://secunia.com/product/9638/

DESCRIPTION:
[Oo] has discovered a vulnerability Knowledge Base Mod for phpBB, which can be exploited by malicious people to compromise a vulnerable system.

Input passed to the "module_root_path" parameter in /includes/kb_constants.php isn't properly verified, before it is used to include files. This can be exploited to include arbitrary files from external and local resources.

Successful exploitation requires that "register_globals" is enabled.

The vulnerability has been confirmed in version 2.0.2. Other versions may also be affected.

SOLUTION:
Edit the source code to ensure that input is properly sanitised.

PROVIDED AND/OR DISCOVERED BY: [Oo]

ORIGINAL ADVISORY: http://milw0rm.com/exploits/1728

nb1 writes:  

Symantec earlier this week warned of vulnerabilities within its Scan Engine, a programming interface that allows third parties to incorporate scanning technologies into their applications. The security software maker has rated the vulnerabilities as a "medium risk."
According to the advisory, the first problem lies within an issue in authenticating Web-based logins. "Anyone with knowledge of the underlying communication mechanism can control the Scan Engine server,
" Another flaw opens the program up to a "man-in-the-middle attack." According to Symantec, the DSA key used for SSL communications is easily extracted.
Remote users could also download any file in the installation directory of the program through a third flaw. Using regular or specially crafted HTTP requests, the information could be easily accessed. The company stressed that these vulnerabilities only affect the Scan Engine and none of its desktop applications.
Customers are urged to upgrade to Symantec Scan Engine 5.1 in order to protect themselves from the flaw. At this time, there are no known available exploits. However, proof-of-concept code has already been published, security researchers warn. View: Symantec Security Advisory

nb1 writes:  

Users have been urged to upgrade to the latest versions of Mozilla's software to protect themselves from a series of critical security holes. The Computer Emergency Readiness Team (CERT) warned on Monday that earlier versions of Firefox, and other Mozilla software based on Firefox code, contain a clutch of vulnerabilities that expose users to attack. The Mozilla Foundation released a new version of Firefox last week, version 1.5.0.2, which it said contained fixes for several security flaws.

View: The full story

SECUNIA ADVISORY ID: SA19631

VERIFY ADVISORY: http://secunia.com/advisories/19631/

CRITICAL: Highly critical

IMPACT: Security Bypass, Cross Site Scripting, Spoofing, Exposure of sensitive information, DoS, System access

WHERE: >From remote

SOFTWARE:
Mozilla Firefox 0.x
http://secunia.com/product/3256/
Mozilla Firefox 1.x
http://secunia.com/product/4227/

SOLUTION:
Update to versions 1.0.8 or 1.5.0.2. http://www.mozilla.com/firefox/

DESCRIPTION: Multiple vulnerabilities have been reported in Firefox, which can be exploited by malicious people to conduct cross-site scripting and phishing attacks, bypass certain security restrictions, disclose sensitive information, and potentially compromise a user's system.

Read on for the full description ....  Read More...