1) Coppermine Photo Gallery Multiple Remote Command Execution Vulnerabilities
Coppermine Photo Gallery is susceptible to multiple remote command execution vulnerabilties. Remote attackers can exploit this vulnerability to execute arbitrary commands with the privileges of the affected application, possibly leading to compromise of the application and the underlying web server. Coppermine Photo Gallery 1.4.15 has been released to resolve these and other issues. Contact the vendor for additonal information.
2) PHP-Nuke Search Module 'sid' Parameter SQL Injection Vulnerability
PHP-Nuke is susceptible to a SQL Injection vulnerability. SQL Injection can allow an attacker full access to a backend database, and in certain circumstances can be utilized to take complete control of a system. A fix has not yet been released. Contact the vendor for further details.
3) Novell GroupWise WebAccess Multiple Cross-Site Scripting Vulnerabilities
Novell GroupWise WebAccess is susceptible to multiple instances of Cross-Site Scripting. If successful, Cross-Site Scripting vulnerabilities can be exploited to manipulate or steal cookies, create requests that can be mistaken for those of a valid user, compromise confidential information, or execute malicious code on end user systems. Fixes which address these issues have been released. Contact the vendor for more details.
4) WordPress Plug-ins Multiple Vulnerabilities
Several WordPress plug-ins are susceptible to vulnerabilities including SQL Injection and Cross-Site Scripting. If successfully exploited, these vulnerabilities could allow an attacker to steal confidential information and cookie-based authentication credentials, and possibly lead to execution of arbitrary code in the browser of an unsuspecting user. No upgrade or patch has yet been released to resolve these issues. Contact the vendor for additional information.
http://www.securityfocus.com/bid/27525
http://www.securityfocus.com/bid/27504
http://www.securityfocus.com/bid/27504
http://www.securityfocus.com/bid/27504
http://www.securityfocus.com/bid/27504
http://www.securityfocus.com/bid/27504
http://www.securityfocus.com/bid/27504
http://www.securityfocus.com/bid/27504
http://www.securityfocus.com/bid/27504
http://www.securityfocus.com/bid/27464
http://www.securityfocus.com/bid/27362
http://www.securityfocus.com/bid/27362
http://www.securityfocus.com/bid/27362
http://www.securityfocus.com/bid/27362
http://www.securityfocus.com/bid/27362
http://www.securityfocus.com/bid/27362
http://www.securityfocus.com/bid/27362
http://www.securityfocus.com/bid/27362
5) Drupal Modules Multiple Vulnerabilities
Several Drupal modules are susceptible to vulnerabilities including Authentication Bypass, Cross-Site Scripting, and HTML Injection. Successful exploitation can lead to escalation of privileges, alter how the site appears, steal authentication credentials, or execute malicious scripts in the browsers of unsuspecting users. Upgrades which resolve these issues have been released. Contact the vendor for further information.
Posted
02-04-2008 5:18 PM
by
mark.painter