SECUNIA ADVISORY ID: SA25652

VERIFY ADVISORY: http://secunia.com/advisories/25652/

CRITICAL: Highly critical

IMPACT: Exposure of system information, Exposure of sensitive information, System access

WHERE: >From remote

SOFTWARE: Tiny Content 1.x (module for Xoops) - http://secunia.com/product/14527/

DESCRIPTION: Sp[L]o1T has discovered a vulnerability in the Tiny Content module for Xoops, which can be exploited by malicious people to disclose sensitive information or to compromise a vulnerable system.
 Read More...

SECUNIA ADVISORY ID: SA25624

VERIFY ADVISORY: http://secunia.com/advisories/25624/

CRITICAL: Highly critical

IMPACT: System access

WHERE: >From remote

SOFTWARE: HP Help and Support Center 4.x - http://secunia.com/product/14525/

DESCRIPTION: HP has acknowledged a vulnerability in Help and Support Center, which can be exploited by malicious people to compromise a user's system.
 Read More...

SECUNIA ADVISORY ID: SA25656

VERIFY ADVISORY: http://secunia.com/advisories/25656/

CRITICAL: Highly critical

IMPACT: Privilege escalation

WHERE: >From remote

SOFTWARE: YaBB 2.x - http://secunia.com/product/6070/

DESCRIPTION: A vulnerability has been reported in YaBB, which can be exploited by malicious users and malicious people to gain escalated privileges.
 Read More...

SECUNIA ADVISORY ID: SA25651

VERIFY ADVISORY: http://secunia.com/advisories/25651/

CRITICAL: Highly critical

IMPACT: Exposure of system information, Exposure of sensitive information, System access

WHERE: >From remote

SOFTWARE: Horoscope 2.x (module for Xoops) - http://secunia.com/product/14526/

DESCRIPTION: BeyazKurt has discovered a vulnerability in the Horoscope module for Xoops, which can be exploited by malicious people to disclose sensitive information or to compromise a vulnerable system.
 Read More...

SECUNIA ADVISORY ID: SA25648

VERIFY ADVISORY: http://secunia.com/advisories/25648/

CRITICAL: Highly critical

IMPACT: System access

WHERE: >From remote

SOFTWARE:
OpenOffice 1.1.x - http://secunia.com/product/302/
OpenOffice.org 2.x - http://secunia.com/product/6157/
OpenOffice 1.0.x - http://secunia.com/product/303/

DESCRIPTION: A vulnerability has been reported in OpenOffice, which can potentially be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error in the parsing of RTF files and can be exploited to cause a heap based buffer overflow via a specially crafted RTF file. Successful exploitation may allow execution of arbitrary code.

SOLUTION: Do not open untrusted RTF files.

PROVIDED AND/OR DISCOVERED BY: Reported in a Debian advisory crediting John Heasman.

ORIGINAL ADVISORY: http://www.us.debian.org/security/2007/dsa-1307

According to Web Hosting Talk

A recent survey by Google's Anti-Malware Team seems to confirm what many of us have believed in the past: Microsoft's IIS (Internet Information Services) servers are more vulnerable to host malware than Apache servers. The statistics come from the recently launched Google Online Security Blog whereby Google's researchers looked at 70,000 domains that were either distributing malware or hosting attack code.

Google however does make it clear in its blog that just because IIS is serving malware doesn't mean that it has been compromised; it might be possible that most 'warez' related Web sites uses IIS. This study has caused many heated discussions amongst security advocates and bloggers who claim that this might be an emerging type of gamesmanship from Google to promote Apache over another product made by its rival.