----------------------------------------------------------------------


Use WSUS to deploy 3rd party patches

Public BETA
http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/


----------------------------------------------------------------------

TITLE:
Web Wiz Forums Cross-Site Request Forgery

SECUNIA ADVISORY ID:
SA38997

VERIFY ADVISORY:
http://secunia.com/advisories/38997/

DESCRIPTION:
Russ McRee has reported a vulnerability in Web Wiz Forums, which can
be exploited by malicious people to conduct cross-site request
forgery attacks.

The application allows users to perform certain actions via HTTP
requests without performing any validity checks to verify the
requests. This can be exploited to e.g. add a buddy, delete a buddy,
delete private messages, send private messages, upload new files,
delete uploaded files, create new posts, edit posted messages, reply
to posts, create new polls, and create new forum topic by tricking a
logged in user into visiting a malicious web site.

The vulnerability is reported in versions prior to 9.66.

SOLUTION:
Update to version 9.66.

PROVIDED AND/OR DISCOVERED BY:
Russ McRee, HolisticInfoSec

ORIGINAL ADVISORY:
Web Wiz Forums:
http://www.webwizguide.com/webwizforums/kb/release_notes.asp

HolisticInfoSec:
http://holisticinfosec.org/content/view/136/45/

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

----------------------------------------------------------------------