News

Wednesday, October 18, 2006

SecurityFocus Newsletter #372

SecurityFocus Newsletter #372
----------------------------------------

This Issue is Sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus

------------------------------------------------------------------
I. FRONT AND CENTER
1. ModSecurity 2.0 with Ivan Ristic
2. Hacking Web 2.0 Applications with Firefox
II. BUGTRAQ SUMMARY
1. Microsoft Windows XP .Manifest Denial of Service Vulnerability
2. Libksba Signature Verification Denial of Service Vulnerability
3. PHPMybibli Multiple Remote File Include Vulnerabilities
4. PHPList Index.PHP Cross-Site Scripting Vulnerability
5. Boonex Dolphin Index.php Remote File Include Vulnerability
6. PHPRecipeBook Import_MM.Class.PHP Remote File Include Vulnerability
7. Mozilla Bugzilla Multiple Input Validation and Information disclosure Vulnerabilities
8. AROUNDMe P_New_Password.TPL.PHP Remote File Include Vulnerability
9. Osprey GetRecord.PHP Remote File Include Vulnerability
10. Internet Security Systems ZWDeleteFile Function Arbitrary File Deletion Vulnerability
11. XFire Packet Handling Denial Of Service Vulnerability
12. ViewVC UTF-7 Charset Unspecified HTML Injection Vulnerability
13. PHPBurningPortal Multiple Remote File Include Vulnerabilities
14. BBSNew Index2.PHP Remote File Include Vulnerability
15. Asbru Software Web Content Editor Shell Command Execution Vulnerability
16. Def-Blog Comadd.PHP SQL Injection Vulnerability
17. IronWebMail Directory Traversal Information Disclosure Vulnerability
18. Yukihiro Matsumoto Ruby Multiple SAFE Level Restriction Bypass Vulnerabilities
19. PHPMyConferences Config.Inc.PHP Remote File Include Vulnerability
20. KMail HTML Element Handling Denial Of Service Vulnerability
21. WebYep Webyep_SIncludePath Parameter Multiple Remote File Include Vulnerabilities
22. WebSpell Index.PHP SQL Injection Vulnerability
23. 4Images Details.PHP Cross-Site Scripting Vulnerability
24. WowBB Forum Multiple Unspecified Remote Input Validation Vulnerabilities
25. TorrentFlux Startpop.PHP Cross-Site Scripting Vulnerability
26. GNU GZip Archive Handling Multiple Remote Vulnerabilities
27. OpenSSL SSL_Get_Shared_Ciphers Buffer Overflow Vulnerability
28. OpenSSH Duplicated Block Remote Denial of Service Vulnerability
29. OpenSSL ASN.1 Structures Denial of Service Vulnerability
30. Streamripper HTTP Header Parsing Buffer Overflow Vulnerability
31. OpenSSL Public Key Processing Denial of Service Vulnerability
32. OpenSSL SSLv2 Null Pointer Dereference Client Denial of Service Vulnerability
33. Clam Anti-Virus PE Rebuilding Heap Buffer Overflow Vulnerability
34. KDE KDM Session Type Symbolic Link Vulnerability
35. PhpMyManga Multiple Remote File Include Vulnerabilities
36. Woltlab Burning Books Variable Overwrite Vulnerability
37. Python Repr() Function Remote Code Execution Vulnerability
38. Specimen Image Database Remote File Include Vulnerability
39. Microsoft PowerPoint Unspecified Remote Unspecified Code Execution Vulnerability
40. NVidia Binary Graphics Driver For Linux Buffer Overflow Vulnerability
41. OpenDock FullCore Remote File Include Vulnerabilities
42. P-News P-news.PHP Remote File Include Vulnerability
43. Apple Xcode Openbase Multiple Privilege Escalation Vulnerabilities
44. SuperMod Multiple Remote File Include Vulnerabilities
45. Mozilla Firefox JavaScript Handler Race Condition Memory Corruption Vulnerability
46. PHPBB Archive for Search Engines PHPBB_Root_Path Parameter Remote File Include Vulnerability
47. SuperMod Multiple Remote File Include Vulnerabilities
48. Open Conference Systsems Fullpath Remote File Include Vulnerability
49. OpenSSL PKCS Padding RSA Signature Forgery Vulnerability
50. Comdev One Admin Pro Adminfoot.PHP Remote File Include Vulnerability
51. CAPI4Hylafax Remote Arbitrary Command Execution Vulnerability
52. Mozilla Firefox/Thunderbird/Seamonkey Multiple Remote Vulnerabilities
53. Linux Kernel Unspecified Socket Buffer Handling Remote Denial of Service Vulnerability
54. Linux Kernel IBM S/390 strnlen_user Local Vulnerability
55. Linux Kernel Security Key Functions Local Copy_To_User Race Vulnerability
56. Multiple Vendor AMD CPU Local FPU Information Disclosure Vulnerability
57. Linux Kernel Ssockaddr_In.Sin_Zero Kernel Memory Disclosure Vulnerabilities
58. Linux Kernel SELinux_PTrace Local Denial of Service Vulnerability
59. Linux Kernel SCTP Multiple Remote Denial of Service Vulnerabilities
60. Mozilla Multiple Products Remote Vulnerabilities
61. Linux Kernel IP ID Information Disclosure Weakness
62. Mozilla Firefox, SeaMonkey, Camino, and Thunderbird Multiple Remote Vulnerabilities
63. Linux Kernel die_if_kernel Local Denial of Service Vulnerability
64. Linux Kernel Signal_32.C Local Denial of Service Vulnerability
65. Linux Kernel USB Subsystem Local Denial Of Service Vulnerability
66. Linux Kernel Netfilter Conntrack_Proto_SCTP.C Denial of Service Vulnerability
67. Linux Kernel 2.6.16.13 Multiple SCTP Remote Denial of Service Vulnerabilities
68. Linux Kernel NFS ACL Access Control Bypass Vulnerability
69. Linux Kernel Netfilter Do_Replace Local Buffer Overflow Vulnerability
70. HP-UX CIFS Unspecified Security Restriction Bypass Vulnerability
71. PowerMovieList Edit User HTML Injection Vulnerability
72. Campware Campsite Thankyou.PHP Remote File Include Vulnerability
73. Microsoft Class Package Export Tool Clspack.exe Local Buffer Overflow Vulnerability
74. PHP Symbolic Link Open_Basedir Bypass Vulnerability
75. PHP ZendEngine ECalloc Integer Overflow Vulnerability
76. WEBGENEius GOOP Gallery Directory Traversal Vulnerability
77. Maintain Example6.PHP Remote File Include Vulnerability
78. Portable OpenSSH GSSAPI Remote Code Execution Vulnerability
79. PHP Ini_Restore() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
80. PHPBB ACP User Registration PHPBB_Root_Path Parameter Remote File Include Vulnerability
81. Lodel CMS Calcul-Page.PHP Remote File Include Vulnerability
82. Back-End CMS Multiple Remote File Include Vulnerabilities
83. Smarty Smarty.Class.PHP Remote File Include Vulnerability
84. Clam Anti-Virus CHM Unpacker Denial Of Service Vulnerability
85. Simplog Comments.PHP SQL Injection Vulnerability
86. CyberBrau Track.PHP Remote File Include Vulnerability
87. Webgenius Goop Gallery Index.PHP Cross-Site Scripting Vulnerability
88. Mambo MostlyCE HTMLTemplate.PHP Remote File Include Vulnerability
89. X.Org XDM XSession Script Race Condition Vulnerability
90. Vikingboard Topic.PHP SQL Injection Vulnerability
91. Opera Web Browser URI Tag Parsing Heap Buffer Overflow Vulnerability
92. Dev Web Manager System Index.PHP Cross-Site Scripting Vulnerability
93. Oracle October 2006 Security Update Multiple Vulnerabilities
94. Sun Solaris TCP Fusion Local Denial of Service Vulnerability
95. Alice-CMSGuestbook/Index.PHP Remote File Include Vulnerability
96. Kerio WinRoute Firewall Denial of Service Vulnerability
97. F5 FirePass 1000 SSL VPN My.AccTab.PHP3 Cross-Site Scripting Vulnerability
98. VBulletin Registration Requests Remote Denial of Service Vulnerability
99. HP DTMail Attachment Argument Buffer Overflow Vulnerability
100. TorrentFlux Admin.PHP Multiple HTML Injection Vulnerabilities
III. SECURITYFOCUS NEWS
1. Targeted Trojan attacks on the rise
2. Google Code Search peers into programs' flaws
3. Mozilla flaws more joke than jeopardy
4. Tag-team attack exploits IE flaw
IV. SECURITY JOBS LIST SUMMARY
1. [SJ-JOB] Auditor, Columbia
2. [SJ-JOB] Security Architect, Chicago
3. [SJ-JOB] Sr. Security Analyst, Pittsburgh
4. [SJ-JOB] Sr. Security Analyst, Vienna, VA
5. [SJ-JOB] Security Engineer, London
6. [SJ-JOB] Sr. Security Analyst, Doha
7. [SJ-JOB] Forensics Engineer, Washington, DC
8. [SJ-JOB] Manager, Information Security, Doha
9. [SJ-JOB] Security Engineer, Cupertino
10. [SJ-JOB] Sr. Security Analyst, Doha
11. [SJ-JOB] Manager, Information Security, Chicago
12. [SJ-JOB] Developer, Cupertino
13. [SJ-JOB] Sales Representative, Washington
14. [SJ-JOB] Sr. Security Analyst, Pittsburgh
15. [SJ-JOB] Sr. Security Analyst, Reading
16. [SJ-JOB] Security Engineer, Pittsburgh
17. [SJ-JOB] Security Architect, Chicago
18. [SJ-JOB] Customer Support, Superior
19. [SJ-JOB] Security System Administrator, Melbourne
20. [SJ-JOB] Instructor, Various
21. [SJ-JOB] Penetration Engineer, NEW YORK
22. [SJ-JOB] Senior Software Engineer, NEW YORK
23. [SJ-JOB] Security Engineer, New York
24. [SJ-JOB] Senior Software Engineer, Dallas
25. [SJ-JOB] Application Security Architect, Ashburn
26. [SJ-JOB] Penetration Engineer, Dallas
27. [SJ-JOB] Security Consultant, NEW YORK
28. [SJ-JOB] Security Consultant, Dallas
29. [SJ-JOB] Sales Engineer, Washington
30. [SJ-JOB] Sales Engineer, New York
31. [SJ-JOB] Sales Engineer, New York
32. [SJ-JOB] Security Auditor, Not Disclosed
33. [SJ-JOB] Sales Engineer, Boston
34. [SJ-JOB] Security Engineer, New York
35. [SJ-JOB] Jr. Security Analyst, New York
36. [SJ-JOB] Sales Engineer, Washington
37. [SJ-JOB] Technical Support Engineer, Washington
38. [SJ-JOB] Sr. Security Engineer, ottawa
39. [SJ-JOB] Security Auditor, Lanham
40. [SJ-JOB] Information Assurance Engineer, Cedar Rapids
41. [SJ-JOB] Product Strategist, New York
42. [SJ-JOB] Manager, Information Security, Richardson
43. [SJ-JOB] Information Assurance Engineer, Carlsbad
44. [SJ-JOB] Security Researcher, Santa Clara
45. [SJ-JOB] Software Engineer, Santa Clara
46. [SJ-JOB] Manager, Information Security, Vienna
47. [SJ-JOB] Sales Representative, Chicago
48. [SJ-JOB] Technology Risk Consultant, Chicago
49. [SJ-JOB] Jr. Security Analyst, Chicago
50. [SJ-JOB] Security Product Manager, Chicago
51. [SJ-JOB] Sr. Security Analyst, Peoria
52. [SJ-JOB] Security Consultant, New York
53. [SJ-JOB] Security Engineer, Pittsburgh
54. [SJ-JOB] Management, Doha
55. [SJ-JOB] Security Architect, Pittsburgh
56. [SJ-JOB] Sales Engineer, Seattle
57. [SJ-JOB] Software Engineer, Pittsburgh
58. [SJ-JOB] Sales Representative, Boston
59. [SJ-JOB] Security Engineer, Pittsburgh
60. [SJ-JOB] Security Engineer, Schaumburg
61. [SJ-JOB] Jr. Security Analyst, New York City
62. [SJ-JOB] Sr. Security Analyst, Pittsburgh
63. [SJ-JOB] Sales Engineer, Burlington
64. [SJ-JOB] Penetration Engineer, New York
65. [SJ-JOB] Security Engineer, Dallas
66. [SJ-JOB] Security Researcher, Marlboro
67. [SJ-JOB] Security Engineer, New York City
68. [SJ-JOB] Security Architect, seattle
69. [SJ-JOB] Incident Handler, Pittsburgh
70. [SJ-JOB] Account Manager, Napa
71. [SJ-JOB] Technical Support Engineer, Boca Raton
72. [SJ-JOB] Database Security Engineer, Tel-Aviv
73. [SJ-JOB] Security Consultant, London
74. [SJ-JOB] Sales Engineer, New York City
75. [SJ-JOB] Security Consultant, London
76. [SJ-JOB] Developer, Redwood Shores
77. [SJ-JOB] Quality Assurance, Superior
78. [SJ-JOB] Sr. Security Engineer, Minneapolis
79. [SJ-JOB] Compliance Officer, Toronto
80. [SJ-JOB] Application Security Architect, Minneapolis
81. [SJ-JOB] Software Engineer, Westboro
82. [SJ-JOB] Threat Analyst, Lexington
83. [SJ-JOB] Security Researcher, Seattle/Redmond
84. [SJ-JOB] Technical Writer, Superior
85. [SJ-JOB] Senior Software Engineer, Superior
86. [SJ-JOB] Security Researcher, Herndon
87. [SJ-JOB] Security Consultant, Denver
88. [SJ-JOB] Security Engineer, Livermore
89. [SJ-JOB] Security Researcher, Marlboro
90. [SJ-JOB] Security Engineer, Boston
91. [SJ-JOB] Sales Engineer, Reston
92. [SJ-JOB] Quality Assurance, Superior
93. [SJ-JOB] Management, Columbia
94. [SJ-JOB] Developer, Superior
95. [SJ-JOB] Jr. Security Analyst, Palm Beach Gardens
96. [SJ-JOB] Security Architect, McLean
97. [SJ-JOB] Management, Atlanta
98. [SJ-JOB] Sr. Security Analyst, Beaverton
V. INCIDENTS LIST SUMMARY
1. policyd-weight - brief explanation by author
2. possible SMTP attack: command=HELO/EHLO, count=3
3. strange http get requests in apache access logs
4. Administrivia: Signing off...
5. RES: Massive SPAM Increase
6. Massive SPAM Increase
VI. VULN-DEV RESEARCH LIST SUMMARY
1. [w4ck1ng] Darkside of the Internet
2. UTF-8 + tolower() getpc stubs
3. Black Hat CFP, Registration, and Announcements for October
VII. MICROSOFT FOCUS LIST SUMMARY
1. Hacker Defender v0.84-1.0.0 backdoor -wath Vulnerabiliti it uses to get in
2. Log Parser queries
3. Set dialup password from cmdline
4. SecurityFocus Microsoft Newsletter #312
5. security implications of disabling WMI service
VIII. SUN FOCUS LIST SUMMARY
IX. LINUX FOCUS LIST SUMMARY
1. Dynamic firewall based on bandwidth usage ?
X. UNSUBSCRIBE INSTRUCTIONS
XI. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. ModSecurity 2.0 with Ivan Ristic
By Federico Biancuzzi
ModSecurity is an open source web application firewall that runs as an Apache module, and version 2.0 offers many new features and improvements. Federico Biancuzzi interviewed Ivan Ristic to discuss the new logging system, events tracking and correlation, filtering AJAX or AFLAX applications, and just-in-time patching for closed source applications.
http://www.securityfocus.com/columnists/418

2. Hacking Web 2.0 Applications with Firefox
By Shreeraj Shah
This article looks at some of the methods, tools and tricks to dissect web 2.0 applications (including Ajax) and discover security holes using Firefox and its plugins.
http://www.securityfocus.com/infocus/1879


II. BUGTRAQ SUMMARY
--------------------
1. Microsoft Windows XP .Manifest Denial of Service Vulnerability
BugTraq ID: 3942
Remote: No
Last Updated: 2006-10-17
Relevant URL: http://www.securityfocus.com/bid/3942
Summary:
Microsoft Windows XP uses .manifest file to enable desktop skinning (filename.exe.manifest). This file contains XML code that tells Windows XP to use the XP controls.

Due to a flaw, the XML code within .manifest file is not properly verified by Windows XP.

If XML code is modified, the associated application will not start, causing a denial of service.

This issue could pose a more serious threat if the XML code associated with explorer.exe is modified. If explorer.exe.manifest is modified, upon restart, the system will hang and explorer.exe will not load. This will cause a denial of system services.

Reportedly the repair function will not resolve this issue.

2. Libksba Signature Verification Denial of Service Vulnerability
BugTraq ID: 20565
Remote: Yes
Last Updated: 2006-10-17
Relevant URL: http://www.securityfocus.com/bid/20565
Summary:
The libksba library is prone to a denial-of-service vulnerability because it crashes when verifying a signature with a malformed X.509 certificate.

Attackers can exploit this issue to crash the KSBA library, and in turn cause various programs that depend on the library to cease functioning, effectively denying service.

The following versions are affected:

- SUSE Linux's version 0.9.12
- Ubuntu libksba8 version 0.9.9-2ubuntu0.5.04.

Other individual implementations may also be vulnerable.

3. PHPMybibli Multiple Remote File Include Vulnerabilities
BugTraq ID: 20578
Remote: Yes
Last Updated: 2006-10-17
Relevant URL: http://www.securityfocus.com/bid/20578
Summary:
PHPmybibli is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input.

A successful exploit of these issues allows an attacker to execute arbitrary server-side script code on an affected computer with the privileges of the webserver process. This may facilitate unauthorized access.

PHPmybibli versions 2.1 and prior are vulnerable to these issues.

4. PHPList Index.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 20577
Remote: Yes
Last Updated: 2006-10-17
Relevant URL: http://www.securityfocus.com/bid/20577
Summary:
PHPList is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Version 2.10.2 is vulnerable; other versions may also be affected.

5. Boonex Dolphin Index.php Remote File Include Vulnerability
BugTraq ID: 20576
Remote: Yes
Last Updated: 2006-10-17
Relevant URL: http://www.securityfocus.com/bid/20576
Summary:
Dolphin is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input.

A successful exploit of this issue allows an attacker to execute arbitrary server-side script code on an affected computer with the privileges of the webserver process. This may facilitate unauthorized access.

Versions 5.2 and prior are vulnerable to this issue.

6. PHPRecipeBook Import_MM.Class.PHP Remote File Include Vulnerability
BugTraq ID: 20575
Remote: Yes
Last Updated: 2006-10-17
Relevant URL: http://www.securityfocus.com/bid/20575
Summary:
PHPRecipeBook is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

This vulnerability may allow remote script code being executed in the context of the affected webserver process. This could lead to the compromise of the affected software and other attacks.

7. Mozilla Bugzilla Multiple Input Validation and Information disclosure Vulnerabilities
BugTraq ID: 20538
Remote: Yes
Last Updated: 2006-10-16
Relevant URL: http://www.securityfocus.com/bid/20538
Summary:
Bugzilla is affected by multiple input-validation and information-disclosure vulnerabilities because the application fails to properly sanitize user-supplied input and to protect sensitive information from unauthorized users.

An attacker can leverage these issues to access attachment and deadline information that are marked private or are otherwise protected and to conduct cross-site scripting and HTML-injection attacks. Exploiting these input-validation issues may allow attackers to steal cookie-based authentication credentials and to launch other attacks.

Versions 2.18.5, 2.20.2, 2.22, and 2.23.2 are affected by these vulnerabilities.

8. AROUNDMe P_New_Password.TPL.PHP Remote File Include Vulnerability
BugTraq ID: 20553
Remote: Yes
Last Updated: 2006-10-16
Relevant URL: http://www.securityfocus.com/bid/20553
Summary:
AROUNDMe is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting this issue could allow an attacker to compromise the application and the underlying system; other attacks are also possible.

This issue affects version 0.5.2 and earlier.

9. Osprey GetRecord.PHP Remote File Include Vulnerability
BugTraq ID: 20552
Remote: Yes
Last Updated: 2006-10-16
Relevant URL: http://www.securityfocus.com/bid/20552
Summary:
Osprey is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting this issue could allow an attacker to compromise the application and the underlying system; other attacks are also possible.

This issue affects version 1.0 and earlier.

10. Internet Security Systems ZWDeleteFile Function Arbitrary File Deletion Vulnerability
BugTraq ID: 20546
Remote: No
Last Updated: 2006-10-16
Relevant URL: http://www.securityfocus.com/bid/20546
Summary:
Internet Security Systems (ISS) BlackICE PC Protection is prone to a file-deletion vulnerability.

An attacker can exploit this issue to delete arbitrary files within the context of the affected application. This could lead to other attacks.

Versions 3.6.cpu, 3.6.cpj are vulnerable to this issue; other versions may also be affected.

11. XFire Packet Handling Denial Of Service Vulnerability
BugTraq ID: 20548
Remote: Yes
Last Updated: 2006-10-16
Relevant URL: http://www.securityfocus.com/bid/20548
Summary:
Xfire is prone to a denial-of-service vulnerability.

An attacker can exploit this issue to crash the affected client application, denying service to legitimate users. Remote code execution may also be possible; this has not been confirmed.

This issue affects version 1.6.4; earlier versions may also be vulnerable.

12. ViewVC UTF-7 Charset Unspecified HTML Injection Vulnerability
BugTraq ID: 20543
Remote: Yes
Last Updated: 2006-10-16
Relevant URL: http://www.securityfocus.com/bid/20543
Summary:
ViewVC is prone to a HTML-injection vulnerability because of it fails to specify a charset in the HTML body or the HTTP header.

Exploiting this issue could allow an attacker to execute attacker-supplied script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

ViewVC 1.0.2 and prior versions are vulnerable; other versions may also be affected.

13. PHPBurningPortal Multiple Remote File Include Vulnerabilities
BugTraq ID: 20547
Remote: Yes
Last Updated: 2006-10-16
Relevant URL: http://www.securityfocus.com/bid/20547
Summary:
PHPBurningPortal is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues could allow an attacker to compromise the application and the underlying system; other attacks are also possible.

PHPBurningPortal 1.0.1 and prior versions are vulnerable to these issues.

14. BBSNew Index2.PHP Remote File Include Vulnerability
BugTraq ID: 20204
Remote: Yes
Last Updated: 2006-10-16
Relevant URL: http://www.securityfocus.com/bid/20204
Summary:
bbsNew is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input.

A successful exploit of this issue allows an attacker to execute arbitrary server-side script code on an affected computer with the privileges of the webserver process. This may facilitate unauthorized access.

15. Asbru Software Web Content Editor Shell Command Execution Vulnerability
BugTraq ID: 20544
Remote: Yes
Last Updated: 2006-10-16
Relevant URL: http://www.securityfocus.com/bid/20544
Summary:
The Asbru Software Web Content Editor is prone to a vulnerability that may permit the execution of arbitrary shell commands. This issue occurs because the application fails to properly sanitize user-supplied input before using it in a process creation function call.

Exploiting this issue allows attackers to execute arbitrary shell commands with the privileges of users executing a vulnerable version of the application.

This issue affects versions prior to 6.0.22.

16. Def-Blog Comadd.PHP SQL Injection Vulnerability
BugTraq ID: 20545
Remote: Yes
Last Updated: 2006-10-16
Relevant URL: http://www.securityfocus.com/bid/20545
Summary:
Def-BLog is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.

This issue affects version 1.0.1 and earlier.

17. IronWebMail Directory Traversal Information Disclosure Vulnerability
BugTraq ID: 20436
Remote: Yes
Last Updated: 2006-10-16
Relevant URL: http://www.securityfocus.com/bid/20436
Summary:
IronWebMail is prone to a remote information-disclosure vulnerability because the application fails to properly sanitize user-supplied input.

Exploiting this issue allows remote, unauthenticated attackers to retrieve the contents of arbitrary files from vulnerable computers with the privileges of the webserver process. Information harvested may aid in further attacks.

IronWebMail versions prior to 6.1.1 HotFix-17 are affected by this vulnerability.

18. Yukihiro Matsumoto Ruby Multiple SAFE Level Restriction Bypass Vulnerabilities
BugTraq ID: 18944
Remote: Yes
Last Updated: 2006-10-16
Relevant URL: http://www.securityfocus.com/bid/18944
Summary:
Ruby is prone to multiple vulnerabilities that let attackers bypass SAFE-level restrictions.

These issues allow attackers to bypass the expected SAFE-level restrictions, possibly allowing them to execute unauthorized script code in the context of affected applications. The specific impact of these issues depends on the implementation of scripts that use SAFE-level security checks.

19. PHPMyConferences Config.Inc.PHP Remote File Include Vulnerability
BugTraq ID: 20541
Remote: Yes
Last Updated: 2006-10-16
Relevant URL: http://www.securityfocus.com/bid/20541
Summary:
phpMyConference is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting this issue could allow an attacker to compromise the application and the underlying system; other attacks are also possible.

phpMyConference 8.0.2 and prior versions are vulnerable to this issue.

20. KMail HTML Element Handling Denial Of Service Vulnerability
BugTraq ID: 20539
Remote: Yes
Last Updated: 2006-10-16
Relevant URL: http://www.securityfocus.com/bid/20539
Summary:
KMail is prone to an unspecified denial-of-service vulnerability.

An attacker can exploit this issue to crash the affected application, denying service to legitimate users.

KMail 1.9.1 and prior versions are vulnerable to this issue.

21. WebYep Webyep_SIncludePath Parameter Multiple Remote File Include Vulnerabilities
BugTraq ID: 20406
Remote: Yes
Last Updated: 2006-10-16
Relevant URL: http://www.securityfocus.com/bid/20406
Summary:
WebYep is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues could allow an attacker to compromise the application and the underlying system; other attacks are also possible.

WebYep 1.1.9 and prior versions are affected by these issues.

22. WebSpell Index.PHP SQL Injection Vulnerability
BugTraq ID: 20540
Remote: Yes
Last Updated: 2006-10-16
Relevant URL: http://www.securityfocus.com/bid/20540
Summary:
webSPELL is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.

23. 4Images Details.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 20488
Remote: Yes
Last Updated: 2006-10-16
Relevant URL: http://www.securityfocus.com/bid/20488
Summary:
4images is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input.

An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Version 1.7.3 is vulnerable; other versions may also be affected.

24. WowBB Forum Multiple Unspecified Remote Input Validation Vulnerabilities
BugTraq ID: 11429
Remote: Yes
Last Updated: 2006-10-16
Relevant URL: http://www.securityfocus.com/bid/11429
Summary:
WowBB is reportedly affected by multiple-input validation vulnerabilities because the application fails to properly sanitize user-supplied input gbefore including it in dynamic web content and SQL database queries.

An attacker can leverage these issues to manipulate or reveal database contents through SQL-injection attacks and may carry out other attacks and steal cookie-based authentication credentials through cross-site scripting attacks.

25. TorrentFlux Startpop.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 20534
Remote: Yes
Last Updated: 2006-10-16
Relevant URL: http://www.securityfocus.com/bid/20534
Summary:
TorrentFlux is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting this issue could allow an attacker to execute attacker-supplied script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Version 2.1 is vulnerable; other versions may also be affected.

26. GNU GZip Archive Handling Multiple Remote Vulnerabilities
BugTraq ID: 20101
Remote: Yes
Last Updated: 2006-10-16
Relevant URL: http://www.securityfocus.com/bid/20101
Summary:
The gzip utility is prone to multiple remote buffer-overflow and denial-of-service vulnerabilities when handling malicious archive files.

Successful exploits may allow a remote attacker to corrupt process memory by triggering an overflow condition. This may lead to arbitrary code execution in the context of an affected user and may facilitate a remote compromise. Attackers may also trigger denial-of-service conditions by crashing or hanging the application.

Specific information regarding affected versions of gzip is currently unavailable. This BID will be updated as more information is released.

27. OpenSSL SSL_Get_Shared_Ciphers Buffer Overflow Vulnerability
BugTraq ID: 20249
Remote: Yes
Last Updated: 2006-10-17
Relevant URL: http://www.securityfocus.com/bid/20249
Summary:
OpenSSL is prone to a buffer-overflow vulnerability because the library fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

Successfully exploiting this issue may result in the execution of arbitrary machine code in the context of applications that use the affected library. Failed exploit attempts may crash applications, denying service to legitimate users.

28. OpenSSH Duplicated Block Remote Denial of Service Vulnerability
BugTraq ID: 20216
Remote: Yes
Last Updated: 2006-10-17
Relevant URL: http://www.securityfocus.com/bid/20216
Summary:
OpenSSH is prone to a remote denial-of-service vulnerability because it fails to properly handle incoming duplicate blocks.

Remote attackers may exploit this issue to consume excessive CPU resources, potentially denying service to legitimate users.

This issue occurs only when OpenSSH is configured to accept SSH Version One traffic.

29. OpenSSL ASN.1 Structures Denial of Service Vulnerability
BugTraq ID: 20248
Remote: Yes
Last Updated: 2006-10-17
Relevant URL: http://www.securityfocus.com/bid/20248
Summary:
OpenSSL is prone to a denial-of-service vulnerability.

An attacker may exploit this issue to cause applications that use the vulnerable library to consume excessive CPU and memory resources and crash, denying further service to legitimate users.

30. Streamripper HTTP Header Parsing Buffer Overflow Vulnerability
BugTraq ID: 19707
Remote: Yes
Last Updated: 2006-10-17
Relevant URL: http://www.securityfocus.com/bid/19707
Summary:
Streamripper is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input data before copying it to an insufficiently sized memory buffer.

An attacker may cause malicious code to execute by forcing the application to parse malformed HTTP headers, with the privileges of the user running the application.

31. OpenSSL Public Key Processing Denial of Service Vulnerability
BugTraq ID: 20247
Remote: Yes
Last Updated: 2006-10-17
Relevant URL: http://www.securityfocus.com/bid/20247
Summary:
OpenSSL is prone to a denial-of-service vulnerability because it fails to validate the lengths of public keys being used.

An attacker can exploit this issue to crash an affected server using OpenSSL.

32. OpenSSL SSLv2 Null Pointer Dereference Client Denial of Service Vulnerability
BugTraq ID: 20246
Remote: Yes
Last Updated: 2006-10-17
Relevant URL: http://www.securityfocus.com/bid/20246
Summary:
OpenSSL is prone to a denial-of-service vulnerability.

A malicious server could cause a vulnerable client application to crash, effectively denying service.

33. Clam Anti-Virus PE Rebuilding Heap Buffer Overflow Vulnerability
BugTraq ID: 20535
Remote: Yes
Last Updated: 2006-10-17
Relevant URL: http://www.securityfocus.com/bid/20535
Summary:
ClamAV is prone to a heap-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.

Exploiting this issue could allow attacker-supplied machine code to execute in the context of the affected application. The issue would occur when the malformed file is scanned manually or automatically in deployments such as email gateways.

ClamAV version 0.88.4 is vulnerable to this issue.

34. KDE KDM Session Type Symbolic Link Vulnerability
BugTraq ID: 18431
Remote: No
Last Updated: 2006-10-17
Relevant URL: http://www.securityfocus.com/bid/18431
Summary:
KDM is prone to a vulnerability that may permit symbolic-link attacks when processing the user's session type.

An attacker with local access could potentially exploit this issue to view files and obtain privileged information.

A successful attack would most likely result in the loss of confidentiality and the theft of privileged information.

35. PhpMyManga Multiple Remote File Include Vulnerabilities
BugTraq ID: 20572
Remote: Yes
Last Updated: 2006-10-17
Relevant URL: http://www.securityfocus.com/bid/20572
Summary:
PhpMyManga is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input.

A successful exploit of these issues allows an attacker to execute arbitrary server-side script code on an affected computer with the privileges of the webserver process. This may facilitate unauthorized access.

PhpMyManga 0.8.1 and prior versions are vulnerable to these issues.

36. Woltlab Burning Books Variable Overwrite Vulnerability
BugTraq ID: 20563
Remote: Yes
Last Updated: 2006-10-17
Relevant URL: http://www.securityfocus.com/bid/20563
Summary:
Woltlab Burning Books is prone to a variable-overwrite vulnerability because the application fails to sufficiently sanitize user-supplied input.

An attacker can exploit this issue to overwrite the configuration variables with arbitrary input. The attacker may then be able perform cross-site scripting, SQL-injection, and other attacks.

Version 1.1.2 is vulnerable to this issue; other versions may also be affected.

37. Python Repr() Function Remote Code Execution Vulnerability
BugTraq ID: 20376
Remote: Yes
Last Updated: 2006-10-17
Relevant URL: http://www.securityfocus.com/bid/20376
Summary:
Python is prone to a remote code-execution vulnerability because the application fails to properly handle UTF-32/UCS-4 strings.

Exploiting this issue allows remote attackers to execute arbitrary machine code with the privileges of the Python application.

38. Specimen Image Database Remote File Include Vulnerability
BugTraq ID: 20574
Remote: Yes
Last Updated: 2006-10-17
Relevant URL: http://www.securityfocus.com/bid/20574
Summary:
Specimen Image Database is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input.

A successful exploit of this issue allows an attacker to execute arbitrary server-side script code on an affected computer with the privileges of the webserver process. This may facilitate unauthorized access.

39. Microsoft PowerPoint Unspecified Remote Unspecified Code Execution Vulnerability
BugTraq ID: 20495
Remote: Yes
Last Updated: 2006-10-17
Relevant URL: http://www.securityfocus.com/bid/20495
Summary:
Microsoft PowerPoint is prone to an unspecified remote code-execution vulnerability.

Successfully exploiting this issue allows a remote attacker to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely crash the application.

Due to a lack of information, further details cannot be provided. This BID will be updated when more information becomes available.

40. NVidia Binary Graphics Driver For Linux Buffer Overflow Vulnerability
BugTraq ID: 20559
Remote: Yes
Last Updated: 2006-10-17
Relevant URL: http://www.securityfocus.com/bid/20559
Summary:
The NVIDIA binary graphics driver is prone to a buffer-overflow vulnerability.

An attacker can exploit this issue to execute arbitrary code with superuser privileges, completely compromising the affected computer. Failed exploit attempts will result in a denial-of-service.

NVidia Driver for Linux versions 8774 and 8762 are vulnerable to this issue; other versions may also be affected.

41. OpenDock FullCore Remote File Include Vulnerabilities
BugTraq ID: 20573
Remote: Yes
Last Updated: 2006-10-17
Relevant URL: http://www.securityfocus.com/bid/20573
Summary:
OpenDock FullCore is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues could allow an attacker to compromise the application and the underlying system; other attacks are also possible.

Version 4.4 is reported affected.

42. P-News P-news.PHP Remote File Include Vulnerability
BugTraq ID: 20569
Remote: Yes
Last Updated: 2006-10-17
Relevant URL: http://www.securityfocus.com/bid/20569
Summary:
P-News is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input.

A successful exploit of this issue allows an attacker to execute arbitrary server-side script code on an affected computer with the privileges of the webserver process. This may facilitate unauthorized access.

Versions 1.16 and 1.17 are reported vulnerable to this issue; other versions may also be affected.

43. Apple Xcode Openbase Multiple Privilege Escalation Vulnerabilities
BugTraq ID: 20562
Remote: No
Last Updated: 2006-10-17
Relevant URL: http://www.securityfocus.com/bid/20562
Summary:
The Openbase application shipped with Apple Xcode is prone to multiple privilege-escalation issues. These vulnerabilities exist because the application fails to handle exceptional conditions when executing setuid programs.

A local attacker can exploit these issues to gain superuser privileges. A successful exploit would lead to the complete compromise of affected computers.

Apple Xcode version 2.2 and prior is reported vulnerable.

44. SuperMod Multiple Remote File Include Vulnerabilities
BugTraq ID: 20568
Remote: Yes
Last Updated: 2006-10-17
Relevant URL: http://www.securityfocus.com/bid/20568
Summary:
SuperMod is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues could allow an attacker to compromise the application and the underlying system; other attacks are also possible.

SuperMod 3.0 is vulnerable to these issues.

45. Mozilla Firefox JavaScript Handler Race Condition Memory Corruption Vulnerability
BugTraq ID: 19488
Remote: Yes
Last Updated: 2006-10-17
Relevant URL: http://www.securityfocus.com/bid/19488
Summary:
Mozilla Firefox is prone to a remote memory-corruption vulnerability. This issue is due to a race condition that may result in double-free or other memory-corruption issues.

Attackers may likely exploit this issue to execute arbitrary machine code in the context of the vulnerable application, but this has not been confirmed. Failed exploit attempts will likely crash the application.

Mozilla Firefox is vulnerable to this issue. Due to code reuse, other Mozilla products are also likely affected.

46. PHPBB Archive for Search Engines PHPBB_Root_Path Parameter Remote File Include Vulnerability
BugTraq ID: 20571
Remote: Yes
Last Updated: 2006-10-17
Relevant URL: http://www.securityfocus.com/bid/20571
Summary:
Archive for Search Engines is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting this issue could allow an attacker to compromise the application and the underlying system; other attacks are also possible.

47. SuperMod Multiple Remote File Include Vulnerabilities
BugTraq ID: 20570
Remote: Yes
Last Updated: 2006-10-17
Relevant URL: http://www.securityfocus.com/bid/20570
Summary:
SuperMod is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input.

A successful exploit of these issues allows an attacker to execute arbitrary server-side script code on an affected computer with the privileges of the webserver process. This may facilitate unauthorized access.

SuperMod version 3.0.0 is vulnerable to these issues.

48. Open Conference Systsems Fullpath Remote File Include Vulnerability
BugTraq ID: 20567
Remote: Yes
Last Updated: 2006-10-17
Relevant URL: http://www.securityfocus.com/bid/20567
Summary:
Open Conference Systems is prone to a remote file-include vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary server-side script code on an affected computer with the privileges of the webserver process. This may facilitate unauthorized access.

Version 1.1.3 is vulnerable to this issue. Other versions may be affected as well.

49. OpenSSL PKCS Padding RSA Signature Forgery Vulnerability
BugTraq ID: 19849
Remote: Yes
Last Updated: 2006-10-17
Relevant URL: http://www.securityfocus.com/bid/19849
Summary:
OpenSSL is prone to a vulnerability that may allow an attacker to forge an RSA signature. The attacker may be able to forge a PKCS #1 v1.5 signature when an RSA key with exponent 3 is used.

An attacker may exploit this issue to sign digital certificates or RSA keys and take advantage of trust relationships that depend on these credentials, possibly posing as a trusted party and signing a certificate or key.

All versions of OpenSSL prior to and including 0.9.7j and 0.9.8b are affected by this vulnerability. Updates are available.

50. Comdev One Admin Pro Adminfoot.PHP Remote File Include Vulnerability
BugTraq ID: 20566
Remote: Yes
Last Updated: 2006-10-17
Relevant URL: http://www.securityfocus.com/bid/20566
Summary:
Comdev One Admin Pro is prone to a remote file-include vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary server-side script code on an affected computer with the privileges of the webserver process. This may facilitate unauthorized access.

Version 4.1 is vulnerable to this issue.

51. CAPI4Hylafax Remote Arbitrary Command Execution Vulnerability
BugTraq ID: 19801
Remote: Yes
Last Updated: 2006-10-17
Relevant URL: http://www.securityfocus.com/bid/19801
Summary:
CAP4Hylafax is prone to an arbitrary command-execution vulnerability.

An attacker can exploit this vulnerability to execute arbitrary commands in the context of the affected application.

52. Mozilla Firefox/Thunderbird/Seamonkey Multiple Remote Vulnerabilities
BugTraq ID: 20042
Remote: Yes
Last Updated: 2006-10-17
Relevant URL: http://www.securityfocus.com/bid/20042
Summary:
The Mozilla Foundation has released six security advisories specifying vulnerabilities in Mozilla Firefox, SeaMonkey, and Thunderbird.

These vulnerabilities allow attackers to:

- execute arbitrary code
- perform cross-site scripting attacks
- supply malicious data through updates
- inject arbitrary content
- execute arbitrary JavaScript
- crash affected applications and potentially execute arbitrary code.

Other attacks may also be possible.

The issues described here will be split into individual BIDs as more information becomes available.

These issues are fixed in:

- Mozilla Firefox version 1.5.0.7
- Mozilla Thunderbird version 1.5.0.7
- Mozilla SeaMonkey version 1.0.5

53. Linux Kernel Unspecified Socket Buffer Handling Remote Denial of Service Vulnerability
BugTraq ID: 19475
Remote: Yes
Last Updated: 2006-10-17
Relevant URL: http://www.securityfocus.com/bid/19475
Summary:
The Linux kernel is prone to an unspecified remote denial-of-service vulnerability.

This issue allows remote attackers to cause kernel panics, denying service to legitimate users.

No further information is currently available. This BID will be updated as more information is released.

Specific version information is currently unavailable. Kernel versions in the 2.6 series are currently considered vulnerable.

54. Linux Kernel IBM S/390 strnlen_user Local Vulnerability
BugTraq ID: 18687
Remote: No
Last Updated: 2006-10-17
Relevant URL: http://www.securityfocus.com/bid/18687
Summary:
The Linux kernel on IBM S/390 platforms is prone to a local vulnerability. This issue is due to a flaw in the 'strnlen_user()' kernel function.

The direct impact of exploiting this issue is currently unknown, but local users may potentially exploit this issue to cause denial-of-service conditions or possibly gain access to potentially sensitive information.

This BID will be updated as more information is disclosed.

This issue affects Linux kernel versions prior to 2.6.16 running on the IBM S/390 platform.

55. Linux Kernel Security Key Functions Local Copy_To_User Race Vulnerability
BugTraq ID: 17084
Remote: No
Last Updated: 2006-10-17
Relevant URL: http://www.securityfocus.com/bid/17084
Summary:
The Linux kernel is susceptible to a local race-condition vulnerability in its security-key functionality. This issue is due to a race condition that allows attackers to modify an argument of a copy operation after is has been validated, but before it is used.

This vulnerability allows local attackers to crash the kernel, denying service to legitimate users. It may also allow attackers to read portions of kernel memory, and thus gain access to potentially sensitive information. This may aid them in further attacks.

56. Multiple Vendor AMD CPU Local FPU Information Disclosure Vulnerability
BugTraq ID: 17600
Remote: No
Last Updated: 2006-10-17
Relevant URL: http://www.securityfocus.com/bid/17600
Summary:
Multiple vendors' operating systems are prone to a local information-disclosure vulnerability. This issue is due to a flaw in the operating systems that fail to properly use AMD CPUs.

Local attackers may exploit this vulnerability to gain access to potentially sensitive information regarding other processes executing on affected computers. This may aid attackers in retrieving information regarding cryptographic keys or other sensitive information.

This issue affects Linux and FreeBSD operating systems that use generations 7 and 8 AMD CPUs.

57. Linux Kernel Ssockaddr_In.Sin_Zero Kernel Memory Disclosure Vulnerabilities
BugTraq ID: 17203
Remote: No
Last Updated: 2006-10-17
Relevant URL: http://www.securityfocus.com/bid/17203
Summary:
The Linux kernel is affected by local memory-disclosure vulnerabilities. These issues are due to the kernel's failure to properly clear previously used kernel memory before returning it to local users.

These issues allow an attacker to read kernel memory and potentially gather information to use in further attacks.

58. Linux Kernel SELinux_PTrace Local Denial of Service Vulnerability
BugTraq ID: 17830
Remote: No
Last Updated: 2006-10-17
Relevant URL: http://www.securityfocus.com/bid/17830
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability. This issue is due to a design error when SELinux is enabled and ptrace is used.

This vulnerability allows local users to panic the kernel, denying further service to legitimate users.

59. Linux Kernel SCTP Multiple Remote Denial of Service Vulnerabilities
BugTraq ID: 18085
Remote: Yes
Last Updated: 2006-10-17
Relevant URL: http://www.securityfocus.com/bid/18085
Summary:
The Linux kernel SCTP module is prone to remote denial-of-service vulnerabilities. These issues are triggered when the kernel handles unexpected SCTP packets.

These issues allow remote attackers to trigger kernel panics, denying further service to legitimate users.

The Linux kernel version 2.6.16 is vulnerable to these issues; prior versions may also be affected.

60. Mozilla Multiple Products Remote Vulnerabilities
BugTraq ID: 19181
Remote: Yes
Last Updated: 2006-10-17
Relevant URL: http://www.securityfocus.com/bid/19181
Summary:
The Mozilla Foundation has released thirteen security advisories specifying vulnerabilities in Mozilla Firefox, SeaMonkey, and Thunderbird.

These vulnerabilities allow attackers to:

- execute arbitrary machine code in the context of the vulnerable application
- crash affected applications
- run arbitrary script code with elevated privileges
- gain access to potentially sensitive information
- carry out cross-domain scripting attacks.

Other attacks may also be possible.

The issues described here will be split into individual BIDs as more information becomes available.

These issues are fixed in:

- Mozilla Firefox version 1.5.0.5
- Mozilla Thunderbird version 1.5.0.5
- Mozilla SeaMonkey version 1.0.3

61. Linux Kernel IP ID Information Disclosure Weakness
BugTraq ID: 17109
Remote: Yes
Last Updated: 2006-10-17
Relevant URL: http://www.securityfocus.com/bid/17109
Summary:
The Linux kernel is prone to a remote information-disclosure weakness. This issue is due to an implementation flaw of a zero 'ip_id' information-disclosure countermeasure.

This issue allows remote attackers to use affected computers in stealth network port and trust scans.

The Linux kernel 2.6 series, as well as some kernels in the 2.4 series, are affected by this weakness.

62. Mozilla Firefox, SeaMonkey, Camino, and Thunderbird Multiple Remote Vulnerabilities
BugTraq ID: 18228
Remote: Yes
Last Updated: 2006-10-17
Relevant URL: http://www.securityfocus.com/bid/18228
Summary:
The Mozilla Foundation has released thirteen security advisories specifying security vulnerabilities in Mozilla Firefox, SeaMonkey, Camino, and Thunderbird.

These vulnerabilities allow attackers to:

- execute arbitrary machine code in the context of the vulnerable application
- crash affected applications
- run JavaScript code with elevated privileges, potentially allowing the remote execution of machine code
- gain access to potentially sensitive information.

Other attacks may also be possible.

The issues described here will be split into individual BIDs as further information becomes available.

These issues are fixed in:
- Mozilla Firefox version 1.5.0.4
- Mozilla Thunderbird version 1.5.0.4
- Mozilla SeaMonkey version 1.0.2
- Mozilla Camino 1.0.2

63. Linux Kernel die_if_kernel Local Denial of Service Vulnerability
BugTraq ID: 16993
Remote: No
Last Updated: 2006-10-17
Relevant URL: http://www.securityfocus.com/bid/16993
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability. This issue is due to a design error in the 'die_if_kernel()' function.

This vulnerability allows local users to panic the kernel, denying further service to legitimate users.

This issue affects Linux kernel versions prior to 2.6.15.6 running on Itanium systems.

64. Linux Kernel Signal_32.C Local Denial of Service Vulnerability
BugTraq ID: 18616
Remote: No
Last Updated: 2006-10-17
Relevant URL: http://www.securityfocus.com/bid/18616
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability. This issue is due to a design error in 'signal_32.c'.

This vulnerability allows local users to panic the kernel, denying further service to legitimate users.

This issue affects Linux kernel versions prior to 2.6.16.21.

65. Linux Kernel USB Subsystem Local Denial Of Service Vulnerability
BugTraq ID: 14955
Remote: No
Last Updated: 2006-10-17
Relevant URL: http://www.securityfocus.com/bid/14955
Summary:
A local denial-of-service vulnerability affects the Linux kernel's USB subsystem. This issue is due to the kernel's failure to properly handle unexpected conditions when trying to handle URBs (USB Request Blocks).

Local attackers may exploit this vulnerability to trigger a kernel 'oops' on computers where the vulnerable USB subsystem is enabled. This would deny service to legitimate users.

66. Linux Kernel Netfilter Conntrack_Proto_SCTP.C Denial of Service Vulnerability
BugTraq ID: 18755
Remote: Yes
Last Updated: 2006-10-17
Relevant URL: http://www.securityfocus.com/bid/18755
Summary:
The Linux kernel 'netfilter' module is prone to a denial-of-service vulnerability.

Successful exploits of this vulnerability will cause the kernel to crash, effectively denying service to legitimate users.

67. Linux Kernel 2.6.16.13 Multiple SCTP Remote Denial of Service Vulnerabilities
BugTraq ID: 17955
Remote: Yes
Last Updated: 2006-10-17
Relevant URL: http://www.securityfocus.com/bid/17955
Summary:
The Linux kernel SCTP module is susceptible to remote denial-of-service vulnerabilities. These issues are triggered when the kernel handles unexpected SCTP packets.

These issues allow remote attackers to trigger kernel deadlock and infinite recursion, denying further service to legitimate users.

The Linux kernel version 2.6.16 is vulnerable to these issues; prior versions may also be affected.

68. Linux Kernel NFS ACL Access Control Bypass Vulnerability
BugTraq ID: 16570
Remote: Yes
Last Updated: 2006-10-17
Relevant URL: http://www.securityfocus.com/bid/16570
Summary:
The Linux kernel's NFS implementation is prone to a remote access-control-bypass vulnerability. The software fails to validate the privileges of remote users before setting ACLs.

This issue allows remote attackers to improperly alter ACLs on NFS filesystems, allowing them to bypass access controls. Disclosure of sensitive information, modification of arbitrary files, and other attacks are possible.

Kernel versions prior to 2.6.14.5 in the 2.6 kernel series are vulnerable to this issue.

69. Linux Kernel Netfilter Do_Replace Local Buffer Overflow Vulnerability
BugTraq ID: 17178
Remote: No
Last Updated: 2006-10-17
Relevant URL: http://www.securityfocus.com/bid/17178
Summary:
The Linux kernel is prone to a local buffer-overflow vulnerability because the kernel fails to properly bounds-check user-supplied input before using it in a memory copy operation.

Exploiting this issue allows local attackers to overwrite kernel memory with arbitrary data, potentially allowing them to execute malicious machine code in the context of affected kernels. This vulnerability facilitates the complete compromise of affected computers.

This issue is exploitable only by local users who have superuser privileges or have the CAP_NET_ADMIN capability. This issue is therefore a security concern only if computers run virtualization software that allows users to have superuser access to guest operating systems or if the CAP_NET_ADMIN capability is given to untrusted users.

Linux kernel versions prior to 2.6.16 in the 2.6 series are affected by this issue.

70. HP-UX CIFS Unspecified Security Restriction Bypass Vulnerability
BugTraq ID: 20179
Remote: No
Last Updated: 2006-10-17
Relevant URL: http://www.securityfocus.com/bid/20179
Summary:
HP-UX CIFS (Samba) is prone to an unspecified vulnerability that allows attackers to bypass certain security restrictions.

The problem affects SMB-mounted filesystems ('cifs'). A local attacker can exploit this issue to bypass the security restrictions and gain unauthorized access to the filesystem. This may allow the attacker to escalate their privileges and then conduct further exploits.

Versions of HP CIFS Server (Samba) up to and including A.02.02.01 are affected.

71. PowerMovieList Edit User HTML Injection Vulnerability
BugTraq ID: 20564
Remote: Yes
Last Updated: 2006-10-17
Relevant URL: http://www.securityfocus.com/bid/20564
Summary:
PowerMovieList is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.

Attacker-supplied HTML and script code would execute in the context of the affected website, potentially allowing an attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible.

72. Campware Campsite Thankyou.PHP Remote File Include Vulnerability
BugTraq ID: 20519
Remote: Yes
Last Updated: 2006-10-17
Relevant URL: http://www.securityfocus.com/bid/20519
Summary:
CampSite is prone to a remote file-include vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary server-side script code on an affected computer with the privileges of the webserver process. This may facilitate unauthorized access.

CampSite 2.6.1 and prior versions are vulnerable to this issue.

73. Microsoft Class Package Export Tool Clspack.exe Local Buffer Overflow Vulnerability
BugTraq ID: 20561
Remote: No
Last Updated: 2006-10-17
Relevant URL: http://www.securityfocus.com/bid/20561
Summary:
Microsoft Class Package Export Tool ('clspack.exe') is prone to a local buffer-overflow vulnerability because the application fails to properly size attacker-supplied data before copying it into an insuficiently sized memory buffer.

Exploiting this issue allows local attackers to execute arbitrary machine code in the context of the user running the application. Failed exploit attempts will likely crash the application, denying service to legitimate users.

74. PHP Symbolic Link Open_Basedir Bypass Vulnerability
BugTraq ID: 20326
Remote: No
Last Updated: 2006-10-17
Relevant URL: http://www.securityfocus.com/bid/20326
Summary:
PHP is prone to an 'open_basedir' restriction-bypass vulnerability. Successful exploits could allow an attacker to access sensitive information or to write files in unauthorized locations.

This vulnerability would be an issue in shared-hosting configurations where multiple users can create and execute arbitrary PHP script code; in such cases, the 'open_basedir' restriction is expected to isolate users from each other.

This issue is reported to affect PHP versions 4 and 5.

75. PHP ZendEngine ECalloc Integer Overflow Vulnerability
BugTraq ID: 20349
Remote: Yes
Last Updated: 2006-10-17
Relevant URL: http://www.securityfocus.com/bid/20349
Summary:
PHP is prone to an integer-overflow vulnerability because the application fails to do proper bounds checking on user-supplied data.

An attacker can exploit this vulnerability to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely cause denial-of-service conditions.

76. WEBGENEius GOOP Gallery Directory Traversal Vulnerability
BugTraq ID: 20331
Remote: Yes
Last Updated: 2006-10-17
Relevant URL: http://www.securityfocus.com/bid/20331
Summary:
GOOP Gallery is prone to a directory-traversal vulnerability because the application fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable system in the context of the affected application. Information obtained may aid attackers in further attacks.

GOOP Gallery 2.0.2 is reported vulnerable; other versions may be affected as well.

77. Maintain Example6.PHP Remote File Include Vulnerability
BugTraq ID: 20560
Remote: Yes
Last Updated: 2006-10-17
Relevant URL: http://www.securityfocus.com/bid/20560
Summary:
Maintain is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.

Maintain version 3.0.0 RC2 is affected.

78. Portable OpenSSH GSSAPI Remote Code Execution Vulnerability
BugTraq ID: 20241
Remote: Yes
Last Updated: 2006-10-17
Relevant URL: http://www.securityfocus.com/bid/20241
Summary:
Portable OpenSSH is prone to a remote code-execution vulnerability. The issue derives from a race condition in a vulnerable signal handler.

Reportedly, under specific conditions, it is theoretically possible to execute code remotely prior to authentication when GSSAPI authentication is enabled. This has not been confirmed; the chance of a successful exploit of this nature is considered minimal.

On non-Portable OpenSSH implementations, this same race condition can be exploited to cause a pre-authentication denial of service.

This issue occurs when OpenSSH and Portable OpenSSH are configured to accept GSSAPI authentication.

79. PHP Ini_Restore() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
BugTraq ID: 19933
Remote: No
Last Updated: 2006-10-17
Relevant URL: http://www.securityfocus.com/bid/19933
Summary:
PHP is prone to a 'safe_mode' and 'open_basedir' restriction-bypass vulnerability. Successful exploits could allow an attacker to access sensitive information or to write files in unauthorized locations.

This vulnerability would be an issue in shared-hosting configurations where multiple users can create and execute arbitrary PHP script code; in such cases, the 'safe_mode' and 'open_basedir' restrictions are expected to isolate users from each other.

These issues are reported to affect PHP versions 5.1.6, 4.4.4, and earlier.

Reports indicate that fixes may be available to address this issue, but this has not been confirmed.

80. PHPBB ACP User Registration PHPBB_Root_Path Parameter Remote File Include Vulnerability
BugTraq ID: 20558
Remote: Yes
Last Updated: 2006-10-17
Relevant URL: http://www.securityfocus.com/bid/20558
Summary:
ACP User Registration is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting this issue could allow an attacker to compromise the application and the underlying system; other attacks are also possible.

81. Lodel CMS Calcul-Page.PHP Remote File Include Vulnerability
BugTraq ID: 20551
Remote: Yes
Last Updated: 2006-10-17
Relevant URL: http://www.securityfocus.com/bid/20551
Summary:
Lodel CMS is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input.

A successful exploit of this issue allows an attacker to execute arbitrary server-side script code on an affected computer with the privileges of the webserver process. This may facilitate unauthorized access.

Version 0.7.3 is vulnerable to this issue; other versions may also be affected.

82. Back-End CMS Multiple Remote File Include Vulnerabilities
BugTraq ID: 20207
Remote: Yes
Last Updated: 2006-10-17
Relevant URL: http://www.securityfocus.com/bid/20207
Summary:
Back-End CMS is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input.

A successful exploit of these issues allows an attacker to execute arbitrary server-side script code on an affected computer with the privileges of the webserver process. This may facilitate unauthorized access.

Back-End CMS version 0.4.5 is vulnerable to these issues.

83. Smarty Smarty.Class.PHP Remote File Include Vulnerability
BugTraq ID: 20557
Remote: Yes
Last Updated: 2006-10-17
Relevant URL: http://www.securityfocus.com/bid/20557
Summary:
Smarty is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.

Version 2.6.9 is affected.

84. Clam Anti-Virus CHM Unpacker Denial Of Service Vulnerability
BugTraq ID: 20537
Remote: Yes
Last Updated: 2006-10-17
Relevant URL: http://www.securityfocus.com/bid/20537
Summary:
ClamAV is prone to a denial-of-service vulnerability because of an unspecified failure in the CHM unpacker.

Exploitation could cause the application to crash, resulting in a denial of service.

85. Simplog Comments.PHP SQL Injection Vulnerability
BugTraq ID: 20556
Remote: Yes
Last Updated: 2006-10-17
Relevant URL: http://www.securityfocus.com/bid/20556
Summary:
Simplog is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.

This issue affects version 0.9.3.1; other versions may also be vulnerable.

86. CyberBrau Track.PHP Remote File Include Vulnerability
BugTraq ID: 20555
Remote: Yes
Last Updated: 2006-10-17
Relevant URL: http://www.securityfocus.com/bid/20555
Summary:
CyberBrau is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting this issue could allow an attacker to compromise the application and the underlying system; other attacks are also possible.

This issue affects version 0.9.4 and earlier.

87. Webgenius Goop Gallery Index.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 20554
Remote: Yes
Last Updated: 2006-10-17
Relevant URL: http://www.securityfocus.com/bid/20554
Summary:
GOOP Gallery is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

88. Mambo MostlyCE HTMLTemplate.PHP Remote File Include Vulnerability
BugTraq ID: 20549
Remote: Yes
Last Updated: 2006-10-17
Relevant URL: http://www.securityfocus.com/bid/20549
Summary:
Mambo MostlyCE is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting this issue could allow an attacker to compromise the application and the underlying system; other attacks are also possible.

89. X.Org XDM XSession Script Race Condition Vulnerability
BugTraq ID: 20400
Remote: No
Last Updated: 2006-10-17
Relevant URL: http://www.securityfocus.com/bid/20400
Summary:
The X.org XDM XSession script is prone to a race-condition vulnerability.

Local unprivileged attackers can exploit this issue to gain access to the primary or alternate 'xdm' error log files. A successful exploit will result in the unintended disclosure of sensitive information.

90. Vikingboard Topic.PHP SQL Injection Vulnerability
BugTraq ID: 19919
Remote: Yes
Last Updated: 2006-10-17
Relevant URL: http://www.securityfocus.com/bid/19919
Summary:
Viking board is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data.

This may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.

Version 0.1b is vulnerable; other versions may also be affected.

91. Opera Web Browser URI Tag Parsing Heap Buffer Overflow Vulnerability
BugTraq ID: 20591
Remote: Yes
Last Updated: 2006-10-17
Relevant URL: http://www.securityfocus.com/bid/20591
Summary:
Opera Web Browser is prone to a heap buffer-overflow vulnerability because it fails to sufficiently bounds check user-supplied data before copying it to the heap.

This issue may result in arbitrary code execution with the privileges of the user running the application.

92. Dev Web Manager System Index.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 20590
Remote: Yes
Last Updated: 2006-10-17
Relevant URL: http://www.securityfocus.com/bid/20590
Summary:
DEV Web Manager System is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input.

An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Versions 1.5 and prior are vulnerable; other versions may also be affected.

93. Oracle October 2006 Security Update Multiple Vulnerabilities
BugTraq ID: 20588
Remote: Yes
Last Updated: 2006-10-17
Relevant URL: http://www.securityfocus.com/bid/20588
Summary:
Various Oracle applications including Oracle Database, Oracle Application Server, Oracle Application Express, Oracle Collaboration Suite, Oracle E-Business Suite, Oracle Pharmaceutical Applications, Oracle PeopleSoft Enterprise PeopleTools and Portal Solutions, JD Edwards EnterpriseOne, and JD Edwards OneWorld Tools are affected by multiple vulnerabilities.

Oracle has released a Critical Patch Update advisory for October 2006 to address these vulnerabilities. This Critical Patch Update addresses the vulnerabilities for supported releases. Earlier unsupported releases are likely to be affected by these issues as well.

The Oracle advisory details 101 vulnerabilities in all. This BID will be updated as further analysis of the individual issues reveals more detailed information.

94. Sun Solaris TCP Fusion Local Denial of Service Vulnerability
BugTraq ID: 20587
Remote: No
Last Updated: 2006-10-17
Relevant URL: http://www.securityfocus.com/bid/20587
Summary:
Sun Solaris is prone to a local denial-of-service vulnerability.

An attacker can exploit this issue to crash the affected computer, denying service to legitimate users.

This issue affects the Solaris 10 operating system.

95. Alice-CMSGuestbook/Index.PHP Remote File Include Vulnerability
BugTraq ID: 20585
Remote: Yes
Last Updated: 2006-10-17
Relevant URL: http://www.securityfocus.com/bid/20585
Summary:
ALiCE-CMS is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting this issue could allow an attacker to compromise the application and the underlying system; other attacks are also possible.

96. Kerio WinRoute Firewall Denial of Service Vulnerability
BugTraq ID: 20584
Remote: Yes
Last Updated: 2006-10-17
Relevant URL: http://www.securityfocus.com/bid/20584
Summary:
Kerio WinRoute Firewall is prone to a remote denial-of-service vulnerability.

This may permit an attacker to crash affected devices, denying further network services to legitimate users.

Versions 6.2.2 and prior are vulnerable; other versions may also be affected.

97. F5 FirePass 1000 SSL VPN My.AccTab.PHP3 Cross-Site Scripting Vulnerability
BugTraq ID: 20583
Remote: Yes
Last Updated: 2006-10-17
Relevant URL: http://www.securityfocus.com/bid/20583
Summary:
F5 FirePass 1000 SSL VPN is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input.

An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Version 5.5 is vulnerable; other versions may also be affected.

98. VBulletin Registration Requests Remote Denial of Service Vulnerability
BugTraq ID: 20581
Remote: Yes
Last Updated: 2006-10-17
Relevant URL: http://www.securityfocus.com/bid/20581
Summary:
VBulletin is prone to a remote denial-of-service vulnerability.

An attacker can exploit this issue to crash the affected application, denying service to legitimate users.

Versions 3.6.0 and prior are vulnerable to this issue.

99. HP DTMail Attachment Argument Buffer Overflow Vulnerability
BugTraq ID: 20580
Remote: No
Last Updated: 2006-10-17
Relevant URL: http://www.securityfocus.com/bid/20580
Summary:
A buffer overflow vulnerability exists in dtmail when processing an overly-long argument to the '-a' flag of the application. The problem occurs due to insufficient bounds checking when copying a filename argument into an internal memory buffer.

This buffer overflow may be exploited to execute arbitrary code. In the case where an application has the 'setgid' bit turned on, a compromise in the context of a member of the group 'mail' is possible.

This vulnerability exists in dtmail version 5.1b; other versions might also be affected.

Conflicting details have been reported regarding this vulnerability; please see the references for more information.

100. TorrentFlux Admin.PHP Multiple HTML Injection Vulnerabilities
BugTraq ID: 20579
Remote: Yes
Last Updated: 2006-10-17
Relevant URL: http://www.securityfocus.com/bid/20579
Summary:
TorrentFlux is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input data.

Exploiting this issue may allow an attacker to execute HTML and script code in the context of the affected site, to steal cookie-based authentication credentials, or to control how the site is rendered to the user; other attacks are also possible.

Version 2.1 is vulnerable; other versions may also be affected.

III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Targeted Trojan attacks on the rise
By: Robert Lemos
Attacks crafted to escape detection by antivirus software are increasingly being used to gain entrance into corporate networks.
http://www.securityfocus.com/news/11418

2. Google Code Search peers into programs' flaws
By: Robert Lemos
Security professionals warn coders that they need to be aware that their open-source repositories are now searchable, allowing attackers to target programs that are likely to be flawed.
http://www.securityfocus.com/news/11417

3. Mozilla flaws more joke than jeopardy
By: Robert Lemos
Two ToorCon presenters razz the open-source browser group for an alleged flawed implementation of Javascript, but the lecture appears to be more stand-up comedy than substantiative research.
http://www.securityfocus.com/news/11416

4. Tag-team attack exploits IE flaw
By: Robert Lemos
Attackers exploit a zero-day vulnerability to cause a large number of Web sites to send their visitors to rogue pages carrying a second attack, this time against Microsoft's Internet Explorer.
http://www.securityfocus.com/news/11415

IV. SECURITY JOBS LIST SUMMARY
-------------------------------
1. [SJ-JOB] Auditor, Columbia
http://www.securityfocus.com/archive/77/448982

2. [SJ-JOB] Security Architect, Chicago
http://www.securityfocus.com/archive/77/448999

3. [SJ-JOB] Sr. Security Analyst, Pittsburgh
http://www.securityfocus.com/archive/77/448979

4. [SJ-JOB] Sr. Security Analyst, Vienna, VA
http://www.securityfocus.com/archive/77/448980

5. [SJ-JOB] Security Engineer, London
http://www.securityfocus.com/archive/77/448981

6. [SJ-JOB] Sr. Security Analyst, Doha
http://www.securityfocus.com/archive/77/448978

7. [SJ-JOB] Forensics Engineer, Washington, DC
http://www.securityfocus.com/archive/77/448917

8. [SJ-JOB] Manager, Information Security, Doha
http://www.securityfocus.com/archive/77/448918

9. [SJ-JOB] Security Engineer, Cupertino
http://www.securityfocus.com/archive/77/448919

10. [SJ-JOB] Sr. Security Analyst, Doha
http://www.securityfocus.com/archive/77/448920

11. [SJ-JOB] Manager, Information Security, Chicago
http://www.securityfocus.com/archive/77/448925

12. [SJ-JOB] Developer, Cupertino
http://www.securityfocus.com/archive/77/448854

13. [SJ-JOB] Sales Representative, Washington
http://www.securityfocus.com/archive/77/448892

14. [SJ-JOB] Sr. Security Analyst, Pittsburgh
http://www.securityfocus.com/archive/77/448886

15. [SJ-JOB] Sr. Security Analyst, Reading
http://www.securityfocus.com/archive/77/448890

16. [SJ-JOB] Security Engineer, Pittsburgh
http://www.securityfocus.com/archive/77/448893

17. [SJ-JOB] Security Architect, Chicago
http://www.securityfocus.com/archive/77/448894

18. [SJ-JOB] Customer Support, Superior
http://www.securityfocus.com/archive/77/448891

19. [SJ-JOB] Security System Administrator, Melbourne
http://www.securityfocus.com/archive/77/448775

20. [SJ-JOB] Instructor, Various
http://www.securityfocus.com/archive/77/448778

21. [SJ-JOB] Penetration Engineer, NEW YORK
http://www.securityfocus.com/archive/77/448839

22. [SJ-JOB] Senior Software Engineer, NEW YORK
http://www.securityfocus.com/archive/77/448771

23. [SJ-JOB] Security Engineer, New York
http://www.securityfocus.com/archive/77/448782

24. [SJ-JOB] Senior Software Engineer, Dallas
http://www.securityfocus.com/archive/77/448783

25. [SJ-JOB] Application Security Architect, Ashburn
http://www.securityfocus.com/archive/77/448784

26. [SJ-JOB] Penetration Engineer, Dallas
http://www.securityfocus.com/archive/77/448887

27. [SJ-JOB] Security Consultant, NEW YORK
http://www.securityfocus.com/archive/77/448769

28. [SJ-JOB] Security Consultant, Dallas
http://www.securityfocus.com/archive/77/448770

29. [SJ-JOB] Sales Engineer, Washington
http://www.securityfocus.com/archive/77/448588

30. [SJ-JOB] Sales Engineer, New York
http://www.securityfocus.com/archive/77/448589

31. [SJ-JOB] Sales Engineer, New York
http://www.securityfocus.com/archive/77/448590

32. [SJ-JOB] Security Auditor, Not Disclosed
http://www.securityfocus.com/archive/77/448620

33. [SJ-JOB] Sales Engineer, Boston
http://www.securityfocus.com/archive/77/448591

34. [SJ-JOB] Security Engineer, New York
http://www.securityfocus.com/archive/77/448582

35. [SJ-JOB] Jr. Security Analyst, New York
http://www.securityfocus.com/archive/77/448609

36. [SJ-JOB] Sales Engineer, Washington
http://www.securityfocus.com/archive/77/448571

37. [SJ-JOB] Technical Support Engineer, Washington
http://www.securityfocus.com/archive/77/448572

38. [SJ-JOB] Sr. Security Engineer, ottawa
http://www.securityfocus.com/archive/77/448579

39. [SJ-JOB] Security Auditor, Lanham
http://www.securityfocus.com/archive/77/448536

40. [SJ-JOB] Information Assurance Engineer, Cedar Rapids
http://www.securityfocus.com/archive/77/448528

41. [SJ-JOB] Product Strategist, New York
http://www.securityfocus.com/archive/77/448529

42. [SJ-JOB] Manager, Information Security, Richardson
http://www.securityfocus.com/archive/77/448530

43. [SJ-JOB] Information Assurance Engineer, Carlsbad
http://www.securityfocus.com/archive/77/448537

44. [SJ-JOB] Security Researcher, Santa Clara
http://www.securityfocus.com/archive/77/448526

45. [SJ-JOB] Software Engineer, Santa Clara
http://www.securityfocus.com/archive/77/448527

46. [SJ-JOB] Manager, Information Security, Vienna
http://www.securityfocus.com/archive/77/448535

47. [SJ-JOB] Sales Representative, Chicago
http://www.securityfocus.com/archive/77/448540

48. [SJ-JOB] Technology Risk Consultant, Chicago
http://www.securityfocus.com/archive/77/448480

49. [SJ-JOB] Jr. Security Analyst, Chicago
http://www.securityfocus.com/archive/77/448484

50. [SJ-JOB] Security Product Manager, Chicago
http://www.securityfocus.com/archive/77/448486

51. [SJ-JOB] Sr. Security Analyst, Peoria
http://www.securityfocus.com/archive/77/448453

52. [SJ-JOB] Security Consultant, New York
http://www.securityfocus.com/archive/77/448455

53. [SJ-JOB] Security Engineer, Pittsburgh
http://www.securityfocus.com/archive/77/448470

54. [SJ-JOB] Management, Doha
http://www.securityfocus.com/archive/77/448473

55. [SJ-JOB] Security Architect, Pittsburgh
http://www.securityfocus.com/archive/77/448479

56. [SJ-JOB] Sales Engineer, Seattle
http://www.securityfocus.com/archive/77/448451

57. [SJ-JOB] Software Engineer, Pittsburgh
http://www.securityfocus.com/archive/77/448478

58. [SJ-JOB] Sales Representative, Boston
http://www.securityfocus.com/archive/77/448454

59. [SJ-JOB] Security Engineer, Pittsburgh
http://www.securityfocus.com/archive/77/448461

60. [SJ-JOB] Security Engineer, Schaumburg
http://www.securityfocus.com/archive/77/448436

61. [SJ-JOB] Jr. Security Analyst, New York City
http://www.securityfocus.com/archive/77/448432

62. [SJ-JOB] Sr. Security Analyst, Pittsburgh
http://www.securityfocus.com/archive/77/448433

63. [SJ-JOB] Sales Engineer, Burlington
http://www.securityfocus.com/archive/77/448435

64. [SJ-JOB] Penetration Engineer, New York
http://www.securityfocus.com/archive/77/448437

65. [SJ-JOB] Security Engineer, Dallas
http://www.securityfocus.com/archive/77/448441

66. [SJ-JOB] Security Researcher, Marlboro
http://www.securityfocus.com/archive/77/448402

67. [SJ-JOB] Security Engineer, New York City
http://www.securityfocus.com/archive/77/448403

68. [SJ-JOB] Security Architect, seattle
http://www.securityfocus.com/archive/77/448404

69. [SJ-JOB] Incident Handler, Pittsburgh
http://www.securityfocus.com/archive/77/448400

70. [SJ-JOB] Account Manager, Napa
http://www.securityfocus.com/archive/77/448401

71. [SJ-JOB] Technical Support Engineer, Boca Raton
http://www.securityfocus.com/archive/77/448355

72. [SJ-JOB] Database Security Engineer, Tel-Aviv
http://www.securityfocus.com/archive/77/448308

73. [SJ-JOB] Security Consultant, London
http://www.securityfocus.com/archive/77/448323

74. [SJ-JOB] Sales Engineer, New York City
http://www.securityfocus.com/archive/77/448324

75. [SJ-JOB] Security Consultant, London
http://www.securityfocus.com/archive/77/448325

76. [SJ-JOB] Developer, Redwood Shores
http://www.securityfocus.com/archive/77/448332

77. [SJ-JOB] Quality Assurance, Superior
http://www.securityfocus.com/archive/77/448351

78. [SJ-JOB] Sr. Security Engineer, Minneapolis
http://www.securityfocus.com/archive/77/448354

79. [SJ-JOB] Compliance Officer, Toronto
http://www.securityfocus.com/archive/77/448305

80. [SJ-JOB] Application Security Architect, Minneapolis
http://www.securityfocus.com/archive/77/448306

81. [SJ-JOB] Software Engineer, Westboro
http://www.securityfocus.com/archive/77/448359

82. [SJ-JOB] Threat Analyst, Lexington
http://www.securityfocus.com/archive/77/448314

83. [SJ-JOB] Security Researcher, Seattle/Redmond
http://www.securityfocus.com/archive/77/448315

84. [SJ-JOB] Technical Writer, Superior
http://www.securityfocus.com/archive/77/448319

85. [SJ-JOB] Senior Software Engineer, Superior
http://www.securityfocus.com/archive/77/448320

86. [SJ-JOB] Security Researcher, Herndon
http://www.securityfocus.com/archive/77/448317

87. [SJ-JOB] Security Consultant, Denver
http://www.securityfocus.com/archive/77/448262

88. [SJ-JOB] Security Engineer, Livermore
http://www.securityfocus.com/archive/77/448279

89. [SJ-JOB] Security Researcher, Marlboro
http://www.securityfocus.com/archive/77/448281

90. [SJ-JOB] Security Engineer, Boston
http://www.securityfocus.com/archive/77/448260

91. [SJ-JOB] Sales Engineer, Reston
http://www.securityfocus.com/archive/77/448263

92. [SJ-JOB] Quality Assurance, Superior
http://www.securityfocus.com/archive/77/448247

93. [SJ-JOB] Management, Columbia
http://www.securityfocus.com/archive/77/448249

94. [SJ-JOB] Developer, Superior
http://www.securityfocus.com/archive/77/448259

95. [SJ-JOB] Jr. Security Analyst, Palm Beach Gardens
http://www.securityfocus.com/archive/77/448261

96. [SJ-JOB] Security Architect, McLean
http://www.securityfocus.com/archive/77/448248

97. [SJ-JOB] Management, Atlanta
http://www.securityfocus.com/archive/77/448246

98. [SJ-JOB] Sr. Security Analyst, Beaverton
http://www.securityfocus.com/archive/77/448252

V. INCIDENTS LIST SUMMARY
---------------------------
1. policyd-weight - brief explanation by author
http://www.securityfocus.com/archive/75/448937

2. possible SMTP attack: command=HELO/EHLO, count=3
http://www.securityfocus.com/archive/75/448748

3. strange http get requests in apache access logs
http://www.securityfocus.com/archive/75/448534

4. Administrivia: Signing off...
http://www.securityfocus.com/archive/75/448439

5. RES: Massive SPAM Increase
http://www.securityfocus.com/archive/75/448183

6. Massive SPAM Increase
http://www.securityfocus.com/archive/75/447979

VI. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
1. [w4ck1ng] Darkside of the Internet
http://www.securityfocus.com/archive/82/448908

2. UTF-8 + tolower() getpc stubs
http://www.securityfocus.com/archive/82/448627

3. Black Hat CFP, Registration, and Announcements for October
http://www.securityfocus.com/archive/82/448533

VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Hacker Defender v0.84-1.0.0 backdoor -wath Vulnerabiliti it uses to get in
http://www.securityfocus.com/archive/88/448826

2. Log Parser queries
http://www.securityfocus.com/archive/88/448519

3. Set dialup password from cmdline
http://www.securityfocus.com/archive/88/448518

4. SecurityFocus Microsoft Newsletter #312
http://www.securityfocus.com/archive/88/448358

5. security implications of disabling WMI service
http://www.securityfocus.com/archive/88/448141

VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
1. Dynamic firewall based on bandwidth usage ?
http://www.securityfocus.com/archive/91/448124

X. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

XI. SPONSOR INFORMATION
------------------------
This Issue is Sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus

No comments:

Blog Archive