----------------------------------------
This Issue is Sponsored by: SecureWave
Free Pod Slurping Whitepaper - Stop Data Theft Now
The 4 most important steps your organization should take to prevent data loss via ipods, mp3 players or any other removable usb devices.
http://newsletter.industrybrains.com/c?fe;1;633a9;16eaa;2ce;0;da4
------------------------------------------------------------------
I. FRONT AND CENTER
1. All I Want For Christmas
2. Password Management Concerns with IE and Firefox, part two
II. BUGTRAQ SUMMARY
1. Linux Kernel SDLA IOCTL Unauthorized Local Firmware Access Vulnerability
2. Linux Kernel IPv6 FlowLable Denial Of Service Vulnerability
3. Nortel CallPilot Server Unspecified Vulnerability
4. Linux Kernel USB Driver Data Queue Local Denial of Service Vulnerability
5. Linux Kernel CD-ROM Driver Local Buffer Overflow Vulnerability
6. Drupal MySite Module Title Field HTML Injection Vulnerability
7. Linux Kernel Unspecified Socket Buffer Handling Remote Denial of Service Vulnerability
8. Linux Kernel SNMP NAT Helper Remote Denial of Service Vulnerability
9. Linux Kernel LSM ReadV/WriteV Security Restriction Bypass Vulnerability
10. Linux Kernel DM-Crypt Local Information Disclosure Vulnerability
11. Linux Kernel Multiple Security Vulnerabilities
12. GnuPG Make_Printable_String Remote Buffer Overflow Vulnerability
13. Linux Kernel Choose_New_Parent Local Denial of Service Vulnerability
14. GnuPG OpenPGP Packet Processing Function Pointer Overwrite Vulnerability
15. Microsoft Outlook ActiveX Control Remote Internet Explorer Denial of Service Vulnerability
16. Linux Kernel SG Driver Direct IO Local Denial of Service Vulnerability
17. PostgreSQL Set Session Authorization Denial of Service Vulnerability
18. Linux Kernel Ssockaddr_In.Sin_Zero Kernel Memory Disclosure Vulnerabilities
19. Linux Kernel SELinux_PTrace Local Denial of Service Vulnerability
20. Linux Kernel NFS ReadLink Remote Denial of Service Vulnerability
21. Clam Anti-Virus Attachment Wrapping Denial Of Service Vulnerability
22. Linux Kernel Direct-IO.C Local Denial of Service Vulnerability
23. Upload_download_de_fichiers Administre2.PHP SQL Injection Vulnerability
24. OpenSSH SCP Shell Command Execution Vulnerability
25. OpenSSH Duplicated Block Remote Denial of Service Vulnerability
26. IBM DB2 Remote SQLJRA Packet Denial of Service Vulnerability
27. Windows Media Player Remote ASF File Buffer Overflow Vulnerability
28. Linux Kernel IP_VS_CONN_FLUSH Local Denial of Service Vulnerability
29. Linux Kernel Do_Coredump Security Bypass Vulnerability
30. OTRS Multiple Input Validation Vulnerabilities
31. Horde Kronolith Multiple HTML Injection Vulnerabilities
32. Mozilla Firefox/SeaMonkey/Thunderbird Multiple Remote Vulnerabilities
33. AstonSoft DeepBurner DBR Compilation Buffer Overflow Vulnerability
34. Linux Kernel Stack Fault Exceptions Unspecified Local Denial of Service Vulnerability
35. GNOME Evolution Multiple Format String Vulnerabilities
36. Sudo Python Environment Variable Handling Security Bypass Vulnerability
37. XPDF Multiple Unspecified Vulnerabilities
38. Citrix Presentation Server Client WFICA.OCX ActiveX Component Heap Buffer Overflow Vulnerability
39. Sun Java Runtime Environment Information Disclosure Vulnerabilities
40. Apache HTTP Server Arbitrary HTTP Request Headers Security Weakness
41. PmWiki Search Cross-Site Scripting Vulnerability
42. Linux Kernel NAT Handling Memory Corruption Denial of Service Vulnerability
43. Linux Kernel Find_Target Local Denial Of Service Vulnerability
44. OpenSSL SSL_Get_Shared_Ciphers Buffer Overflow Vulnerability
45. OpenSSL SSLv2 Null Pointer Dereference Client Denial of Service Vulnerability
46. OpenSSL Insecure Protocol Negotiation Weakness
47. Python Repr() Function Remote Code Execution Vulnerability
48. Symantec Antivirus Remote Stack Buffer Overflow Vulnerability
49. GnuPG Detached Signature Verification Bypass Vulnerability
50. Mozilla Firefox 2 Password Manager Cross-Site Information Disclosure Weakness
51. Linux Kernel Multiple Vulnerabilities
52. Info-ZIP UnZip File Name Buffer Overflow Vulnerability
53. Linux Kernel ICMP_Send Remote Denial Of Service Vulnerability
54. Oracle Portal Calendar.JSP HTTP Response Splitting Vulnerability
55. Valdersoft Shopping Cart Common.PHP Remote File Include Vulnerability
56. Web-App.Org and Web-App.Net Multiple Input Validation Vulnerabilities
57. CWMExplorer Index.PHP Source Code Information Disclosure Vulnerability
58. NOD32 Anti-Virus Multiple File Parsing Vulnerabilities
59. Computer Associates Multiple CleverPath Portal Environments Session Hijacking Vulnerability
60. Typo3 Class.TX_RTEHTMLArea_PI1.PHP Multiple Remote Command Execution Vulnerabilities
61. Ozeki HTTP-SMS Gateway Password Information Disclosure Vulnerability
62. Novell NetWare Welcome Web-App Unspecified Cross-Site Scripting Vulnerability
63. Sun Java Runtime Environment Multiple Remote Privilege Escalation Vulnerabilities
64. GNU Tar GNUTYPE_NAMES Remote Directory Traversal Vulnerability
65. Apple Mac OS X Quicktime For Java Information Disclosure Vulnerability
66. Burak Yilmaz Download Portal Down.ASP SQL Injection Vulnerability
67. PHP ZendEngine ECalloc Integer Overflow Vulnerability
68. PHP Multiple Input Validation Vulnerabilities
69. PHP Ini_Restore() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
70. CWMCounter Statistic.PHP Remote File Include Vulnerability
71. OSTicket Support Cards View.PHP Cross-Site Scripting Vulnerability
72. PHPProfiles Multiple Remote File Include Vulnerabilities
73. CWMVote Archive.PHP Remote File Include Vulnerability
74. AWStats AWstats.PL Multiple Cross-Site Scripting Vulnerabilities
75. HP Printer FTP Print Server List Command Buffer Overflow Vulnerability
76. Paristemi BuyCD.PHP Remote File Include Vulnerability
77. SquirrelMail Multiple Cross Site Scripting and Input Validation Vulnerabilities
78. KOffice PPT Files Integer Overflow Vulnerability
79. GNOME Display Manager GDMChooser Local Format String Vulnerability
80. GNU GV Stack Buffer Overflow Vulnerability
81. GNU GZip Archive Handling Multiple Remote Vulnerabilities
82. PHPFanBase Protection.PHP Remote File Include Vulnerability
83. KDE LibkHTML NodeType Function Denial Of Service Vulnerability
84. Oracle Multiple Unspecified Vulnerabilities
85. Zope CSV_Table Information Disclosure Vulnerability
86. Microsoft Word Code Execution Vulnerability
87. Marathon Aleph One Unspecified Denial Of Service Vulnerability
88. D-Bus Signals.C Local Denial of Service Vulnerability
89. ProFTPD Controls Module Local Buffer Overflow Vulnerability
90. RARLAB WinRAR LHA Filename Handling Buffer Overflow Vulnerability
91. Linux Kernel SCTP SO_LINGER Local Denial of Service Vulnerability
92. NeoScale Systems CryptoStor Tape 700 Series Appliance SmartCard Authentication Bypass Vulnerability
93. Linux Kernel UDF Denial of Service Vulnerability
94. Linux Kernel PPC970 Systems Local Denial of Service Vulnerability
95. Linux Kernel SCTP_Make_Abort_User Function Buffer Overflow Vulnerability
96. Linux Kernel NFS and EXT3 Combination Remote Denial of Service Vulnerability
97. GNU Wget FTP_Syst Function Remote Denial of Service Vulnerability
98. Mini Web Shop View.PHP Viewcategory.PHP Cross-Site Scripting Vulnerability
99. Sun Java RunTime Environment Multiple Buffer Overflow Vulnerabilities
100. Linux Kernel MinCore User Space Access Locking Local Denial of Service Vulnerability
III. SECURITYFOCUS NEWS
1. PHP security under scrutiny
2. UCLA alerts 800,000 to data breach
3. MySpace teams to create sex-offender database
4. Social sites' insecurity increasingly worrisome
IV. SECURITY JOBS LIST SUMMARY
1. [SJ-JOB] Penetration Engineer, Anywhere in the Northeast
2. [SJ-JOB] CISO, New York City
3. [SJ-JOB] Senior Software Engineer, Waltham
4. [SJ-JOB] CISO, New York
5. [SJ-JOB] Security Engineer, Grapevine
6. [SJ-JOB] Account Manager, New York
7. [SJ-JOB] Jr. Security Analyst, Warren
8. [SJ-JOB] Jr. Security Analyst, New Castle
9. [SJ-JOB] Threat Analyst, New Castle
10. [SJ-JOB] Security Engineer, Seattle
11. [SJ-JOB] Security Engineer, Austin
12. [SJ-JOB] Customer Support, Boston
13. [SJ-JOB] Security Engineer, Austin
14. [SJ-JOB] Security Engineer, Austin
15. [SJ-JOB] Senior Software Engineer, San Diego
16. [SJ-JOB] Security Engineer, Santa Clara
17. [SJ-JOB] Security Researcher, Santa Clara
18. [SJ-JOB] Quality Assurance, Redmond
19. [SJ-JOB] Jr. Security Analyst, Denver
20. [SJ-JOB] Security System Administrator, LEXINGTON
21. [SJ-JOB] Security System Administrator, Sydney
22. [SJ-JOB] Channel / Business Development, Boston area
23. [SJ-JOB] VP of Marketing, Napa
24. [SJ-JOB] Sr. Security Engineer, Lincoln
25. [SJ-JOB] Channel / Business Development, Napa
26. [SJ-JOB] Sales Engineer, Napa
27. [SJ-JOB] Security Engineer, Sunnyvale
28. [SJ-JOB] Sales Representative, Boston
29. [SJ-JOB] Software Engineer, Sunnyvale
30. [SJ-JOB] Sales Representative, Philadelphia
31. [SJ-JOB] Security Auditor, Phoenix
32. [SJ-JOB] Security Engineer, New York
33. [SJ-JOB] Security Engineer, Palo Alto
34. [SJ-JOB] Remediation Security Analyst, PLANO
35. [SJ-JOB] Security Engineer, New York
36. [SJ-JOB] Sr. Security Engineer, London and UK
37. [SJ-JOB] Security Consultant, Bangalore
38. [SJ-JOB] Application Security Engineer, Bangalore
39. [SJ-JOB] Sr. Security Engineer, London and UK
40. [SJ-JOB] Security Engineer, Phoenix
41. [SJ-JOB] Account Manager, Dallas
42. [SJ-JOB] Application Security Architect, Bangalore
43. [SJ-JOB] Penetration Engineer, Jeddah, Riyadh, Abu Dhabi & Dubai
44. [SJ-JOB] Sales Engineer, Remote
45. [SJ-JOB] Sr. Security Analyst, Mountain View
46. [SJ-JOB] Security Engineer, Kirkland
47. [SJ-JOB] Security Engineer, Santa Monica
V. INCIDENTS LIST SUMMARY
1. Spam and SYN Flood?
2. udp port 17304
3. http://thebesthack.altervista.org/input.txt
VI. VULN-DEV RESEARCH LIST SUMMARY
1. CanSecWest 2007 (April 18-20) Call For Papers (Deadline January 7th)
VII. MICROSOFT FOCUS LIST SUMMARY
1. Expiring inactive accounts
2. Strange modifications to HD
3. Is explorer.exe (XP) a high risk process
4. strange new virus
VIII. SUN FOCUS LIST SUMMARY
IX. LINUX FOCUS LIST SUMMARY
1. HITBSecConf2007 - Dubai - Call for Papers now open!
X. UNSUBSCRIBE INSTRUCTIONS
XI. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. All I Want For Christmas
By Mark Rasch
Mark Rasch takes a step back and offers his holiday and New Year's wish list of all things security - items that should exist, be made available and be easy to use for everyone over the coming year.
http://www.securityfocus.com/columnists/426
2. Password Management Concerns with IE and Firefox, part two
By Mikhael Felker
This two-part paper presents an analysis of the security mechanisms, risks, attacks, and defenses of the two most commonly used password management systems for web browsers, found in Internet Explorer and Firefox. The article specifically addresses IE 6 and 7 and Firefox 1.5 and 2.0.
http://www.securityfocus.com/infocus/1883
II. BUGTRAQ SUMMARY
--------------------
1. Linux Kernel SDLA IOCTL Unauthorized Local Firmware Access Vulnerability
BugTraq ID: 16304
Remote: No
Last Updated: 2006-12-20
Relevant URL: http://www.securityfocus.com/bid/16304
Summary:
The Linux kernel is susceptible to a local access-validation vulnerability in the SDLA driver.
This issue allows local users with the 'CAP_NET_ADMIN' capability, but without the 'CAP_SYS_RAWIO' capability, to read and write to the SDLA device firmware. This may cause a denial-of-service issue if attackers write an invalid firmware. Other attacks may also be possibly by writing modified firmware files.
2. Linux Kernel IPv6 FlowLable Denial Of Service Vulnerability
BugTraq ID: 15729
Remote: No
Last Updated: 2006-12-20
Relevant URL: http://www.securityfocus.com/bid/15729
Summary:
Linux Kernel is prone to a local denial-of-service vulnerability.
Local attackers can exploit this vulnerability to corrupt kernel memory or free non-allocated memory. Successful exploitation will crash the kernel, effectively denying service to legitimate users.
3. Nortel CallPilot Server Unspecified Vulnerability
BugTraq ID: 21660
Remote: Yes
Last Updated: 2006-12-19
Relevant URL: http://www.securityfocus.com/bid/21660
Summary:
Nortel Callpilot Server is prone to an unspecified vulnerability.
Currently, very little is known about this issue. This BID will be updated as more information becomes available.
4. Linux Kernel USB Driver Data Queue Local Denial of Service Vulnerability
BugTraq ID: 19033
Remote: No
Last Updated: 2006-12-18
Relevant URL: http://www.securityfocus.com/bid/19033
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability. This issue is due to a design error in the USB FTDI SIO driver.
This vulnerability allows local users to consume all available memory resources, denying further service to legitimate users.
This issue affects Linux kernel versions prior to 2.6.16.27.
5. Linux Kernel CD-ROM Driver Local Buffer Overflow Vulnerability
BugTraq ID: 18847
Remote: No
Last Updated: 2006-12-18
Relevant URL: http://www.securityfocus.com/bid/18847
Summary:
The Linux kernel is prone to a local buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before using it in a memory copy operation.
This issue allows local attackers to overwrite kernel memory with arbitrary data, potentially allowing them to execute malicious machine code in the context of affected kernels. This vulnerability facilitates the complete compromise of affected computers.
Linux kernel version 2.6.17.3 and prior are affected by this issue.
6. Drupal MySite Module Title Field HTML Injection Vulnerability
BugTraq ID: 21651
Remote: Yes
Last Updated: 2006-12-18
Relevant URL: http://www.securityfocus.com/bid/21651
Summary:
The Drupal MySite module is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input data.
Exploiting this issue may allow an attacker to execute HTML and script code in the context of the affected site, to steal cookie-based authentication credentials, or to control how the site is rendered to the user; other attacks are also possible.
7. Linux Kernel Unspecified Socket Buffer Handling Remote Denial of Service Vulnerability
BugTraq ID: 19475
Remote: Yes
Last Updated: 2006-12-18
Relevant URL: http://www.securityfocus.com/bid/19475
Summary:
The Linux kernel is prone to an unspecified remote denial-of-service vulnerability.
This issue allows remote attackers to cause kernel panics, denying service to legitimate users.
No further information is currently available. This BID will be updated as more information is released.
Specific version information is currently unavailable. Kernel versions in the 2.6 series are currently considered vulnerable.
8. Linux Kernel SNMP NAT Helper Remote Denial of Service Vulnerability
BugTraq ID: 18081
Remote: Yes
Last Updated: 2006-12-18
Relevant URL: http://www.securityfocus.com/bid/18081
Summary:
The Linux SNMP NAT helper is susceptible to a remote denial-of-service vulnerability.
This issue allows remote attackers to potentially corrupt memory and ultimately trigger a denial of service for legitimate users.
Kernel versions prior to 2.6.16.18 are vulnerable to this issue.
9. Linux Kernel LSM ReadV/WriteV Security Restriction Bypass Vulnerability
BugTraq ID: 18105
Remote: No
Last Updated: 2006-12-18
Relevant URL: http://www.securityfocus.com/bid/18105
Summary:
The Linux kernel is susceptible to a security-restriction-bypass vulnerability. This issue is due to the kernel's failure to properly enforce Linux Security Module security checks.
This issue allows local attackers to bypass security restrictions, allowing them to read and write to files they do not have permissions to access. This may aid them in further attacks.
This issue occurs during read and write calls that occur after files have been opened. During the open process, proper security checks are enforced. This means that this issue is exploitable only when access to files is revoked after they have already been opened by an attacker.
Linux kernel versions prior to 2.6.16.12 are vulnerable to this issue.
10. Linux Kernel DM-Crypt Local Information Disclosure Vulnerability
BugTraq ID: 16301
Remote: No
Last Updated: 2006-12-18
Relevant URL: http://www.securityfocus.com/bid/16301
Summary:
The Linux kernel 'dm-crypt' module is susceptible to a local information-disclosure vulnerability. This issue is due to the module's failure to properly zero-sensitive memory buffers before freeing the memory.
This issue may allow local attackers to gain access to potentially sensitive memory that contains information on the cryptographic key used for the encrypted storage. This may aid attackers in further attacks.
This issue affects the 2.6 series of the Linux kernel.
11. Linux Kernel Multiple Security Vulnerabilities
BugTraq ID: 16414
Remote: Yes
Last Updated: 2006-12-18
Relevant URL: http://www.securityfocus.com/bid/16414
Summary:
Linux kernel is prone to multiple vulnerabilities. These issues can allow local and remote attackers to trigger denial-of-service conditions or to corrupt memory to potentially execute arbitrary code.
These issues affect kernel versions 2.6.15 and prior.
12. GnuPG Make_Printable_String Remote Buffer Overflow Vulnerability
BugTraq ID: 21306
Remote: Yes
Last Updated: 2006-12-18
Relevant URL: http://www.securityfocus.com/bid/21306
Summary:
GnuPG is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.
Exploiting this issue may allow remote attackers to execute arbitrary machine code in the context of the affected application, but this has not been confirmed.
GnuPG versions 1.4.5 and 2.0.0 are vulnerable to this issue; previous versions may also be affected.
13. Linux Kernel Choose_New_Parent Local Denial of Service Vulnerability
BugTraq ID: 18099
Remote: No
Last Updated: 2006-12-18
Relevant URL: http://www.securityfocus.com/bid/18099
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability. This issue is due to a design error in the 'choose_new_parent' function.
This vulnerability allows local users to cause a kernel panic, denying further service to legitimate users.
This issue affects Linux kernel versions prior to 2.6.11.12.
14. GnuPG OpenPGP Packet Processing Function Pointer Overwrite Vulnerability
BugTraq ID: 21462
Remote: Yes
Last Updated: 2006-12-18
Relevant URL: http://www.securityfocus.com/bid/21462
Summary:
GnuPG is prone to a vulnerability that could permit an attacker to overwrite a function pointer.
This issue occurs because of a design error when dealing with OpenPGP packets. Attackers may exploit this issue to execute arbitrary code.
Successful exploits may result in the remote compromise of computers using the vulnerable application.
15. Microsoft Outlook ActiveX Control Remote Internet Explorer Denial of Service Vulnerability
BugTraq ID: 21649
Remote: Yes
Last Updated: 2006-12-18
Relevant URL: http://www.securityfocus.com/bid/21649
Summary:
The Microsoft Office Outlook Recipient Control is prone to a denial-of-service vulnerability.
An attacker can exploit this issue to trigger denial-of-service conditions in Internet Explorer or other applications that use the ActiveX control.
Specific information regarding affected packages is currently unavailable. This BID will be updated as more information becomes available.
16. Linux Kernel SG Driver Direct IO Local Denial of Service Vulnerability
BugTraq ID: 18101
Remote: No
Last Updated: 2006-12-18
Relevant URL: http://www.securityfocus.com/bid/18101
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability. This issue is due to a design error in the SG driver.
This vulnerability allows local users to cause a kernel panic, denying further service to legitimate users.
This issue affects Linux kernel versions prior to 2.6.13.
17. PostgreSQL Set Session Authorization Denial of Service Vulnerability
BugTraq ID: 16650
Remote: Yes
Last Updated: 2006-12-18
Relevant URL: http://www.securityfocus.com/bid/16650
Summary:
PostgreSQL is prone to a remote denial-of-service vulnerability.
An attacker can exploit this issue to cause a loss of service to other database users. Repeated attacks will result in a prolonged denial-of-service condition.
Successful exploitation of this issue requires that the application be compiled with 'Asserts' enabled; this is not the default setting.
18. Linux Kernel Ssockaddr_In.Sin_Zero Kernel Memory Disclosure Vulnerabilities
BugTraq ID: 17203
Remote: No
Last Updated: 2006-12-18
Relevant URL: http://www.securityfocus.com/bid/17203
Summary:
The Linux kernel is affected by local memory-disclosure vulnerabilities. These issues are due to the kernel's failure to properly clear previously used kernel memory before returning it to local users.
These issues allow an attacker to read kernel memory and potentially gather information to use in further attacks.
19. Linux Kernel SELinux_PTrace Local Denial of Service Vulnerability
BugTraq ID: 17830
Remote: No
Last Updated: 2006-12-18
Relevant URL: http://www.securityfocus.com/bid/17830
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability. This issue is due to a design error when SELinux is enabled and ptrace is used.
This vulnerability allows local users to panic the kernel, denying further service to legitimate users.
20. Linux Kernel NFS ReadLink Remote Denial of Service Vulnerability
BugTraq ID: 20186
Remote: Yes
Last Updated: 2006-12-18
Relevant URL: http://www.securityfocus.com/bid/20186
Summary:
The Linux kernel is prone to a remote denial-of-service vulnerability because the NFS client code fails to properly handle unexpected conditions.
Attackers controlling malicious NFS servers -- or performing man-in-the-middle attacks between NFS client and server computers -- may cause vulnerable NFS client computers to crash.
Linux kernel versions 2.4 through 2.4.31 are vulnerable to this issue.
21. Clam Anti-Virus Attachment Wrapping Denial Of Service Vulnerability
BugTraq ID: 21609
Remote: Yes
Last Updated: 2006-12-18
Relevant URL: http://www.securityfocus.com/bid/21609
Summary:
ClamAV is prone to a denial-of-service vulnerability because it fails to handle specific multipart attachments.
A successful exploit of this issue will cause the application to crash, resulting in a denial-of-service condition.
This issue affects version 0.88.6 and earlier.
22. Linux Kernel Direct-IO.C Local Denial of Service Vulnerability
BugTraq ID: 19665
Remote: No
Last Updated: 2006-12-18
Relevant URL: http://www.securityfocus.com/bid/19665
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability. This issue is due to a design error in the direct IO driver.
This vulnerability allows local users to cause a kernel panic, denying further service to legitimate users.
This issue affects the Linux kernel 2.6 series prior to 2.6.10.
23. Upload_download_de_fichiers Administre2.PHP SQL Injection Vulnerability
BugTraq ID: 21648
Remote: Yes
Last Updated: 2006-12-18
Relevant URL: http://www.securityfocus.com/bid/21648
Summary:
The 'upload_download_de_fichiers' application is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query.
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
Version 3 is vulnerable.
24. OpenSSH SCP Shell Command Execution Vulnerability
BugTraq ID: 16369
Remote: Yes
Last Updated: 2006-12-18
Relevant URL: http://www.securityfocus.com/bid/16369
Summary:
OpenSSH is prone to an SCP shell command-execution vulnerability because the application fails to properly sanitize user-supplied input before using it in a 'system()' function call.
This issue allows attackers to execute arbitrary shell commands with the privileges of users executing a vulnerable version of SCP.
This issue reportedly affects version 4.2 of OpenSSH. Other versions may also be affected.
25. OpenSSH Duplicated Block Remote Denial of Service Vulnerability
BugTraq ID: 20216
Remote: Yes
Last Updated: 2006-12-18
Relevant URL: http://www.securityfocus.com/bid/20216
Summary:
OpenSSH is prone to a remote denial-of-service vulnerability because it fails to properly handle incoming duplicate blocks.
Remote attackers may exploit this issue to consume excessive CPU resources, potentially denying service to legitimate users.
This issue occurs only when OpenSSH is configured to accept SSH Version One traffic.
26. IBM DB2 Remote SQLJRA Packet Denial of Service Vulnerability
BugTraq ID: 21646
Remote: Yes
Last Updated: 2006-12-18
Relevant URL: http://www.securityfocus.com/bid/21646
Summary:
DB2 Universal Database is affected by a remote denial-of-service vulnerability because the application fails to properly handle malformed packets in CONNECT data streams.
An attacker can exploit this vulnerability to cause a denial-of-service condition in affected database servers.
27. Windows Media Player Remote ASF File Buffer Overflow Vulnerability
BugTraq ID: 21505
Remote: Yes
Last Updated: 2006-12-20
Relevant URL: http://www.securityfocus.com/bid/21505
Summary:
Windows Media Player is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data.
Attackers may attempt to exploit this issue by coercing users to visit a malicious website or to access malicious ASF files.
Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the user running the affected application. This facilitates the remote compromise of affected computers.
28. Linux Kernel IP_VS_CONN_FLUSH Local Denial of Service Vulnerability
BugTraq ID: 15528
Remote: No
Last Updated: 2006-12-20
Relevant URL: http://www.securityfocus.com/bid/15528
Summary:
Linux Kernel is reported prone to a local denial-of-service vulnerability.
Reports indicate that the 'ip_vs_conn_flush' function may allow local users to cause a denial of service due to a NULL-pointer dereference.
Kernel versions prior to 2.6.13 and 2.4.32-pre2 are affected.
29. Linux Kernel Do_Coredump Security Bypass Vulnerability
BugTraq ID: 21591
Remote: No
Last Updated: 2006-12-20
Relevant URL: http://www.securityfocus.com/bid/21591
Summary:
Linux Kernel is prone to a vulnerability that can allow local unauthorized attackers to modify certain files.
Kernel versions prior to 2.6.19.1 are vulnerable.
30. OTRS Multiple Input Validation Vulnerabilities
BugTraq ID: 15537
Remote: Yes
Last Updated: 2006-12-20
Relevant URL: http://www.securityfocus.com/bid/15537
Summary:
OTRS is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
The application is prone to multiple SQL-injection vulnerabilities, an HTML-injection vulnerability, and multiple cross-site scripting vulnerabilities.
31. Horde Kronolith Multiple HTML Injection Vulnerabilities
BugTraq ID: 15808
Remote: Yes
Last Updated: 2006-12-20
Relevant URL: http://www.securityfocus.com/bid/15808
Summary:
Kronolith is prone to multiple HTML-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content.
Attacker-supplied HTML and script code would be executed in the context of the affected website, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit these issues to control how the site is rendered to the user; other attacks are also possible.
32. Mozilla Firefox/SeaMonkey/Thunderbird Multiple Remote Vulnerabilities
BugTraq ID: 21668
Remote: Yes
Last Updated: 2006-12-20
Relevant URL: http://www.securityfocus.com/bid/21668
Summary:
The Mozilla Foundation has released nine security advisories specifying vulnerabilities in Firefox, SeaMonkey, and Thunderbird.
These vulnerabilities allow attackers to:
- execute arbitrary code
- perform cross-site scripting attacks
- inject arbitrary content
- gain escalated privileges
- crash affected applications and potentially execute arbitrary code.
Other attacks may also be possible.
33. AstonSoft DeepBurner DBR Compilation Buffer Overflow Vulnerability
BugTraq ID: 21657
Remote: Yes
Last Updated: 2006-12-20
Relevant URL: http://www.securityfocus.com/bid/21657
Summary:
AstonSoft DeepBurner is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before using it in a memory copy operation.
Exploiting this issue allows remote attackers to overwrite a sensitive memory buffer with arbitrary data, potentially allowing them to execute malicious machine code in the context of the affected application. This vulnerability may facilitate the compromise of affected computers.
AstonSoft DeepBurner version 1.8.0 is affected; previous versions may be vulnerable as well.
34. Linux Kernel Stack Fault Exceptions Unspecified Local Denial of Service Vulnerability
BugTraq ID: 14467
Remote: No
Last Updated: 2006-12-20
Relevant URL: http://www.securityfocus.com/bid/14467
Summary:
Linux kernel is reported prone to an unspecified local denial-of-service vulnerability.
Reportedly, this issue arises when a local user triggers stack fault exceptions. A local attacker may exploit this issue to carry out a denial-of-service attack against a vulnerable computer by crashing the kernel.
35. GNOME Evolution Multiple Format String Vulnerabilities
BugTraq ID: 14532
Remote: Yes
Last Updated: 2006-12-20
Relevant URL: http://www.securityfocus.com/bid/14532
Summary:
Evolution is affected by multiple format-string vulnerabilities.
These issues can allow remote attackers to execute arbitrary code in the context of the client.
Evolution versions 1.5 to 2.3.6.1 are affected.
36. Sudo Python Environment Variable Handling Security Bypass Vulnerability
BugTraq ID: 16184
Remote: No
Last Updated: 2006-12-20
Relevant URL: http://www.securityfocus.com/bid/16184
Summary:
Sudo is prone to a security-bypass vulnerability that could lead to arbitrary code execution. This issue is due to an error in the application when handling environment variables.
A local attacker with the ability to run Python scripts can exploit this vulnerability to gain access to an interactive Python prompt. That attacker may then execute arbitrary code with elevated privileges, facilitating the complete compromise of affected computers.
An attacker must have the ability to run Python scripts through Sudo to exploit this vulnerability.
This issue is similar to BID 15394 (Sudo Perl Environment Variable Handling Security Bypass Vulnerability).
37. XPDF Multiple Unspecified Vulnerabilities
BugTraq ID: 16748
Remote: Yes
Last Updated: 2006-12-20
Relevant URL: http://www.securityfocus.com/bid/16748
Summary:
The 'xpdf' utility is reportedly prone to multiple unspecified security vulnerabilities. The cause and impact of these issues are currently unknown.
All versions of xpdf are considered vulnerable at the moment. This BID will updated when more information becomes available.
38. Citrix Presentation Server Client WFICA.OCX ActiveX Component Heap Buffer Overflow Vulnerability
BugTraq ID: 21458
Remote: Yes
Last Updated: 2006-12-20
Relevant URL: http://www.securityfocus.com/bid/21458
Summary:
Citrix Presentation Server Client is prone to a heap buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.
An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in denial-of-service conditions.
Version 9.200 is vulnerable; other versions may also be affected.
39. Sun Java Runtime Environment Information Disclosure Vulnerabilities
BugTraq ID: 21674
Remote: Yes
Last Updated: 2006-12-20
Relevant URL: http://www.securityfocus.com/bid/21674
Summary:
The Sun Java runtime environment is prone to multiple information-disclosure vulnerabilities. These issues are due to a design flaw in the affected application.
An attacker can exploit these issues to gain access to sensitive information. This may lead to other attacks.
40. Apache HTTP Server Arbitrary HTTP Request Headers Security Weakness
BugTraq ID: 19661
Remote: Yes
Last Updated: 2006-12-20
Relevant URL: http://www.securityfocus.com/bid/19661
Summary:
Apache HTTP server is prone to an HTTP request header security weakness.
An attacker may exploit this issue to steal cookie-based authentication credentials and launch other attacks.
41. PmWiki Search Cross-Site Scripting Vulnerability
BugTraq ID: 15539
Remote: Yes
Last Updated: 2006-12-20
Relevant URL: http://www.securityfocus.com/bid/15539
Summary:
PmWiki is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
Version 2.0 up to and including 2.0.12 are vulnerable; other versions may also be affected.
42. Linux Kernel NAT Handling Memory Corruption Denial of Service Vulnerability
BugTraq ID: 15531
Remote: Yes
Last Updated: 2006-12-20
Relevant URL: http://www.securityfocus.com/bid/15531
Summary:
Linux Kernel is reported prone to a denial-of-service vulnerability.
Due to a design error in the kernel, an attacker can cause a memory corruption that will ultimately crash the kernel, denying service to legitimate users.
43. Linux Kernel Find_Target Local Denial Of Service Vulnerability
BugTraq ID: 14965
Remote: No
Last Updated: 2006-12-20
Relevant URL: http://www.securityfocus.com/bid/14965
Summary:
A local denial-of-service vulnerability affects the 'find_target()' function of the Linux kernel. This issue is due to this function's failure to properly handle unexpected conditions when trying to handle a NULL return value from another function.
Local attackers may exploit this vulnerability to trigger a kernel crash, denying service to legitimate users.
This issue likely affects only the x86_64 architecture.
44. OpenSSL SSL_Get_Shared_Ciphers Buffer Overflow Vulnerability
BugTraq ID: 20249
Remote: Yes
Last Updated: 2006-12-20
Relevant URL: http://www.securityfocus.com/bid/20249
Summary:
OpenSSL is prone to a buffer-overflow vulnerability because the library fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.
Successfully exploiting this issue may result in the execution of arbitrary machine code in the context of applications that use the affected library. Failed exploit attempts may crash applications, denying service to legitimate users.
45. OpenSSL SSLv2 Null Pointer Dereference Client Denial of Service Vulnerability
BugTraq ID: 20246
Remote: Yes
Last Updated: 2006-12-20
Relevant URL: http://www.securityfocus.com/bid/20246
Summary:
OpenSSL is prone to a denial-of-service vulnerability.
A malicious server could cause a vulnerable client application to crash, effectively denying service.
46. OpenSSL Insecure Protocol Negotiation Weakness
BugTraq ID: 15071
Remote: Yes
Last Updated: 2006-12-20
Relevant URL: http://www.securityfocus.com/bid/15071
Summary:
OpenSSL is susceptible to a remote protocol-negotiation weakness. This issue is due to the implementation of the 'SSL_OP_MSIE_SSLV2_RSA_PADDING' option to maintain compatibility with third-party software.
This issue presents itself when two peers try to negotiate the protocol they wish to communicate with. Attackers who can intercept and modify the SSL communications may exploit this weakness to force SSL version 2 to be chosen.
The attacker may then exploit various insecurities in SSL version 2 to gain access to or tamper with the cleartext communications between the targeted client and server.
Note that the 'SSL_OP_MSIE_SSLV2_RSA_PADDING' option is enabled with the frequently used 'SSL_OP_ALL' option.
SSL peers that are configured to disallow SSL version 2 are not affected by this issue.
47. Python Repr() Function Remote Code Execution Vulnerability
BugTraq ID: 20376
Remote: Yes
Last Updated: 2006-12-20
Relevant URL: http://www.securityfocus.com/bid/20376
Summary:
Python is prone to a remote code-execution vulnerability because the application fails to properly handle UTF-32/UCS-4 strings.
Exploiting this issue allows remote attackers to execute arbitrary machine code with the privileges of the Python application.
48. Symantec Antivirus Remote Stack Buffer Overflow Vulnerability
BugTraq ID: 18107
Remote: Yes
Last Updated: 2006-12-20
Relevant URL: http://www.securityfocus.com/bid/18107
Summary:
Multiple Symantec products are susceptible to a remote stack buffer-overflow vulnerability.
This issue allows remote attackers to execute arbitrary machine code with SYSTEM-level privileges, facilitating the complete compromise of affected computers.
Symantec Antivirus Corporate Edition 10.1 and Symantec Client Security 3.1 are currently known to be vulnerable to this issue.
49. GnuPG Detached Signature Verification Bypass Vulnerability
BugTraq ID: 16663
Remote: Yes
Last Updated: 2006-12-20
Relevant URL: http://www.securityfocus.com/bid/16663
Summary:
GnuPG is affected by a detached signature verification-bypass vulnerability because it fails to properly notify scripts that an invalid detached signature was presented and that the verification process has failed.
Exploiting this issue allows attackers to bypass the signature-verification process used in some automated scripts. Depending on the use of GnuPG, this may result in a false sense of security, the installation of malicious packages, the execution of attacker-supplied code, or other attacks.
50. Mozilla Firefox 2 Password Manager Cross-Site Information Disclosure Weakness
BugTraq ID: 21240
Remote: Yes
Last Updated: 2006-12-20
Relevant URL: http://www.securityfocus.com/bid/21240
Summary:
Mozilla Firefox is reportedly prone to an information-disclosure weakness because it fails to properly notify users of automatic form field population in disparate URLs deriving from the same domain.
This issue may allow attackers to obtain user credentials that have been saved in forms deriving from the same website that attack code resides. The most common manifestation of this condition would typically be in blogs or forums. This may allow attackers to gain access to potentially sensitive information that would facilitate the success of phishing attacks.
Initial reports and preliminary testing indicate that this issue only affects Firefox 2.
51. Linux Kernel Multiple Vulnerabilities
BugTraq ID: 12598
Remote: No
Last Updated: 2006-12-20
Relevant URL: http://www.securityfocus.com/bid/12598
Summary:
Linux Kernel is reported prone to multiple vulnerabilities. These issues may allow a local attacker to carry out denial-of-service attacks, access kernel memory, and potentially gain elevated privileges.
The following specific issues were identified:
- Reportedly, the filesystem Native Language Support ASCII translation table is affected by a vulnerability that results from the use of incorrect tables sizes. This issue can lead to a crash.
- Another issue affecting the kernel may allow users to unlock arbitrary shared-memory segments.
- Another vulnerability is reported to affect the 'netfilter/iptables' module. An attacker can exploit this issue to crash the kernel or bypass firewall rules.
- Reportedly, a vulnerability affects the OUTS instruction on the AMD64 and Intel EM64T architecture. This issue may lead to privilege escalation.
These issues reportedly affect Linux kernel 2.6.x versions.
Due to lack of details, further information is not available at the moment. This BID will be updated when more information becomes available.
52. Info-ZIP UnZip File Name Buffer Overflow Vulnerability
BugTraq ID: 15968
Remote: Yes
Last Updated: 2006-12-20
Relevant URL: http://www.securityfocus.com/bid/15968
Summary:
Info-ZIP 'unzip' is susceptible to a filename buffer-overflow vulnerability. The application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.
This issue allows attackers to execute arbitrary machine code in the context of users running the affected application.
53. Linux Kernel ICMP_Send Remote Denial Of Service Vulnerability
BugTraq ID: 16532
Remote: Yes
Last Updated: 2006-12-20
Relevant URL: http://www.securityfocus.com/bid/16532
Summary:
Linux kernel is prone to a remote denial-of-service vulnerability.
Remote attackers can exploit this vulnerability to crash affected kernels, effectively denying service to legitimate users.
Linux kernel versions 2.6.15.2 and prior in the 2.6 series are vulnerable to this issue.
54. Oracle Portal Calendar.JSP HTTP Response Splitting Vulnerability
BugTraq ID: 21686
Remote: Yes
Last Updated: 2006-12-20
Relevant URL: http://www.securityfocus.com/bid/21686
Summary:
Oracle Portal is prone to an HTTP response-splitting vulnerability because the application fails to properly sanitize user-supplied input.
A remote attacker may exploit this vulnerability to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that attempt to entice client users into a false sense of trust.
55. Valdersoft Shopping Cart Common.PHP Remote File Include Vulnerability
BugTraq ID: 21685
Remote: Yes
Last Updated: 2006-12-20
Relevant URL: http://www.securityfocus.com/bid/21685
Summary:
Valdersoft Shopping Cart is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.
Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
Version 3.0 is vulnerable; other versions may also be affected.
56. Web-App.Org and Web-App.Net Multiple Input Validation Vulnerabilities
BugTraq ID: 21684
Remote: Yes
Last Updated: 2006-12-20
Relevant URL: http://www.securityfocus.com/bid/21684
Summary:
Web-APP.org and Web-APP.net are prone to multiple input-validation vulnerabilities: these issues include, a cross-site vulnerability and multiple filter-bypass vulnerabilities.
An attacker may leverage these issues to bypass the applications filtering mechanism and have arbitrary script code execute in the browser of an unsuspecting user an. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
These issues affect Web-APP.net 0.9.9.3.4NE, Web-APP.org 0.9.9.4.
57. CWMExplorer Index.PHP Source Code Information Disclosure Vulnerability
BugTraq ID: 21683
Remote: Yes
Last Updated: 2006-12-20
Relevant URL: http://www.securityfocus.com/bid/21683
Summary:
cwmExplorer is prone to an information-disclosure vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this issue to retrieve script source code. Information obtained may aid in further attacks.
Version 1.0 is vulnerable to this issue; other versions may also be affected.
58. NOD32 Anti-Virus Multiple File Parsing Vulnerabilities
BugTraq ID: 21682
Remote: Yes
Last Updated: 2006-12-20
Relevant URL: http://www.securityfocus.com/bid/21682
Summary:
NOD32 antivirus is prone to multiple remote vulnerabilities because the application fails to properly parse specially crafted files.
An attacker can exploit one of issues to execute arbitrary code with SYSTEM-level privileges. Successful exploits will result in the complete compromise of affected computers. The other vulnerability will trigger denial-of-service conditions.
Versions prior to 1.1743 are vulnerable to these issues.
59. Computer Associates Multiple CleverPath Portal Environments Session Hijacking Vulnerability
BugTraq ID: 21681
Remote: Yes
Last Updated: 2006-12-20
Relevant URL: http://www.securityfocus.com/bid/21681
Summary:
Computer Associates multiple CleverPath Portal environments are prone to a session-hijacking vulnerability.
The vulnerability only affects multi-server CleverPath Portal environments and this is not the default deployment.
An attacker can exploit this issue to hijack the portal session and associated security authentication of a user running on another portal server.
This issue affects the CleverPath Portal solution and other products that embed this portal technology.
60. Typo3 Class.TX_RTEHTMLArea_PI1.PHP Multiple Remote Command Execution Vulnerabilities
BugTraq ID: 21680
Remote: Yes
Last Updated: 2006-12-20
Relevant URL: http://www.securityfocus.com/bid/21680
Summary:
TYPO3 is prone to multiple vulnerabilities that permit the execution of arbitrary commands. This issue occurs because the application fails to properly sanitize user-supplied data.
Exploiting these issues allows unauthenticated attackers to execute arbitrary system commands with the privileges of the application.
Versions 4.0 to 4.0.3 and 4.1beta are vulnerable; versions 3.7 and 3.8 are also vulnerable if they have the optional 'rtehtmlarea' extension installed.
61. Ozeki HTTP-SMS Gateway Password Information Disclosure Vulnerability
BugTraq ID: 21679
Remote: No
Last Updated: 2006-12-20
Relevant URL: http://www.securityfocus.com/bid/21679
Summary:
Ozeki HTTP-SMS Gateway is prone to a local information-disclosure vulnerability because the application fails to protect sensitive information to unprivileged users.
A local attacker can exploit this issue to gain access to sensitive information. This may lead to other attacks.
This issue affects version 1.0; other versions may also be affected.
62. Novell NetWare Welcome Web-App Unspecified Cross-Site Scripting Vulnerability
BugTraq ID: 21678
Remote: Yes
Last Updated: 2006-12-20
Relevant URL: http://www.securityfocus.com/bid/21678
Summary:
Novell NetWare Welcome Web-App is prone to an unspecified cross-site scripting vulnerability.
An attacker can exploit this issue to execute arbitrary HTML and script code in a userâ??s browser session in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
The vulnerability is reported in version 6.5 SP5 and 6.5 SP6.
63. Sun Java Runtime Environment Multiple Remote Privilege Escalation Vulnerabilities
BugTraq ID: 21673
Remote: Yes
Last Updated: 2006-12-19
Relevant URL: http://www.securityfocus.com/bid/21673
Summary:
The Sun Java Runtime Environment is prone to multiple remote privilege-escalation vulnerabilities.
An attacker can execute arbitrary code and commands in the context of a user who invokes the java applet or application.
A successful attack can facilitate privilege escalation.
64. GNU Tar GNUTYPE_NAMES Remote Directory Traversal Vulnerability
BugTraq ID: 21235
Remote: Yes
Last Updated: 2006-12-19
Relevant URL: http://www.securityfocus.com/bid/21235
Summary:
GNU Tar is prone to a vulnerability that may allow an attacker to place files and overwrite files in arbitrary locations on a vulnerable computer. These issues present themselves when the application processes malicious archives.
A successful attack can allow the attacker to place potentially malicious files and overwrite files on a computer in the context of the user running the affected application. Successful exploits may aid in further attacks.
65. Apple Mac OS X Quicktime For Java Information Disclosure Vulnerability
BugTraq ID: 21672
Remote: Yes
Last Updated: 2006-12-19
Relevant URL: http://www.securityfocus.com/bid/21672
Summary:
Apple Mac OS X is prone to an information-disclosure vulnerability.
Attackers may exploit this issue by convincing victims into visiting a malicious website.
Exploiting this issue may allow remote attackers to capture images rendered locally on screen that may contain sensitive information.
66. Burak Yilmaz Download Portal Down.ASP SQL Injection Vulnerability
BugTraq ID: 21676
Remote: Yes
Last Updated: 2006-12-19
Relevant URL: http://www.securityfocus.com/bid/21676
Summary:
Burak Yilmaz Download Portal is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
67. PHP ZendEngine ECalloc Integer Overflow Vulnerability
BugTraq ID: 20349
Remote: Yes
Last Updated: 2006-12-19
Relevant URL: http://www.securityfocus.com/bid/20349
Summary:
PHP is prone to an integer-overflow vulnerability because the application fails to do proper bounds checking on user-supplied data.
An attacker can exploit this vulnerability to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely cause denial-of-service conditions.
68. PHP Multiple Input Validation Vulnerabilities
BugTraq ID: 19582
Remote: No
Last Updated: 2006-12-19
Relevant URL: http://www.securityfocus.com/bid/19582
Summary:
PHP is prone to multiple input-validation vulnerabilities. Successful exploits could allow an attacker to write files in unauthorized locations, cause a denial-of-service condition, and potentially execute code.
These issues are reported to affect PHP versions 4.4.3 and 5.1.4; other versions may also be vulnerable.
69. PHP Ini_Restore() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
BugTraq ID: 19933
Remote: No
Last Updated: 2006-12-19
Relevant URL: http://www.securityfocus.com/bid/19933
Summary:
PHP is prone to a 'safe_mode' and 'open_basedir' restriction-bypass vulnerability. Successful exploits could allow an attacker to access sensitive information or to write files in unauthorized locations.
This vulnerability would be an issue in shared-hosting configurations where multiple users can create and execute arbitrary PHP script code; in such cases, the 'safe_mode' and 'open_basedir' restrictions are expected to isolate users from each other.
These issues are reported to affect PHP versions 5.1.6, 4.4.4, and earlier.
Reports indicate that fixes may be available to address this issue, but this has not been confirmed.
70. CWMCounter Statistic.PHP Remote File Include Vulnerability
BugTraq ID: 21671
Remote: Yes
Last Updated: 2006-12-19
Relevant URL: http://www.securityfocus.com/bid/21671
Summary:
cwmCounter is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input.
An attacker can exploit this issue to execute arbitrary PHP code in the context of the webserver process. This may facilitate a remote compromise of the underlying system; other attacks are also possible.
This issue affects version 5.1.1; other versions may also be affected.
71. OSTicket Support Cards View.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 21669
Remote: Yes
Last Updated: 2006-12-19
Relevant URL: http://www.securityfocus.com/bid/21669
Summary:
osTicket Support Cards is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
72. PHPProfiles Multiple Remote File Include Vulnerabilities
BugTraq ID: 21667
Remote: Yes
Last Updated: 2006-12-19
Relevant URL: http://www.securityfocus.com/bid/21667
Summary:
phpProfiles is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input.
A successful exploit of these issues allows an attacker to execute arbitrary server-side script code on an affected computer with the privileges of the webserver process. This may facilitate unauthorized access.
phpProfiles 3.1.2b and prior versions are vulnerable to these issues.
73. CWMVote Archive.PHP Remote File Include Vulnerability
BugTraq ID: 21670
Remote: Yes
Last Updated: 2006-12-19
Relevant URL: http://www.securityfocus.com/bid/21670
Summary:
cwmVote is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input.
An attacker can exploit this issue to execute arbitrary PHP code in the context of the webserver process. This may facilitate a remote compromise of the underlying system; other attacks are also possible.
This issue affects version 1.0; other versions may also be vulnerable.
74. AWStats AWstats.PL Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 17621
Remote: Yes
Last Updated: 2006-12-19
Relevant URL: http://www.securityfocus.com/bid/17621
Summary:
AWStats is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
AWStats version 6.5 (build 1.857) and prior are vulnerable to these issues.
75. HP Printer FTP Print Server List Command Buffer Overflow Vulnerability
BugTraq ID: 21666
Remote: Yes
Last Updated: 2006-12-19
Relevant URL: http://www.securityfocus.com/bid/21666
Summary:
-HP Printers running FTP Print Server are prone to a buffer-overflow vulnerability. This issue occurs because the application fails to boundscheck user-supplied data before copying it into an insufficiently sized buffer.
An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service.
76. Paristemi BuyCD.PHP Remote File Include Vulnerability
BugTraq ID: 21665
Remote: Yes
Last Updated: 2006-12-19
Relevant URL: http://www.securityfocus.com/bid/21665
Summary:
Paristemi is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.
Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
Version 0.8.3 is vulnerable to this issue; other versions may also be affected.
77. SquirrelMail Multiple Cross Site Scripting and Input Validation Vulnerabilities
BugTraq ID: 21414
Remote: Yes
Last Updated: 2006-12-19
Relevant URL: http://www.securityfocus.com/bid/21414
Summary:
SquirrelMail is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials and to launch other attacks.
Versions prior to 1.4.9a are vulnerable.
78. KOffice PPT Files Integer Overflow Vulnerability
BugTraq ID: 21354
Remote: Yes
Last Updated: 2006-12-19
Relevant URL: http://www.securityfocus.com/bid/21354
Summary:
KOffice is prone to an integer-overflow vulnerability because it fails to properly validate user-supplied data.
An attacker can exploit this vulnerability to execute arbitrary code in the context of the application. Failed exploit attempts will likely cause denial-of-service conditions.
KOffice versions prior to 1.6.1 are affected.
79. GNOME Display Manager GDMChooser Local Format String Vulnerability
BugTraq ID: 21597
Remote: No
Last Updated: 2006-12-19
Relevant URL: http://www.securityfocus.com/bid/21597
Summary:
GNOME Display Manager (GDM) is prone to a local format-string vulnerability because it fails to properly sanitize user-supplied input before including it in the format-specifier argument of a formatted-printing function.
A local attacker may exploit this issue to execute arbitrary machine code in the context of the affected application.
80. GNU GV Stack Buffer Overflow Vulnerability
BugTraq ID: 20978
Remote: Yes
Last Updated: 2006-12-19
Relevant URL: http://www.securityfocus.com/bid/20978
Summary:
GNU gv is prone to a stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.
Exploiting this issue allows attackers to execute arbitrary machine code in the context of users running the affected application. Failed attempts will likely crash the application, resulting in denial-of-service conditions.
Version 3.6.2 is reported vulnerable; other versions may also be affected.
NOTE: Various other applications may employ embedded GNU gv code and could also be vulnerable as a result.
81. GNU GZip Archive Handling Multiple Remote Vulnerabilities
BugTraq ID: 20101
Remote: Yes
Last Updated: 2006-12-19
Relevant URL: http://www.securityfocus.com/bid/20101
Summary:
The gzip utility is prone to multiple remote buffer-overflow and denial-of-service vulnerabilities when handling malicious archive files.
Successful exploits may allow a remote attacker to corrupt process memory by triggering an overflow condition. This may lead to arbitrary code execution in the context of an affected user and may facilitate a remote compromise. Attackers may also trigger denial-of-service conditions by crashing or hanging the application.
Specific information regarding affected versions of gzip is currently unavailable. This BID will be updated as more information is released.
82. PHPFanBase Protection.PHP Remote File Include Vulnerability
BugTraq ID: 21664
Remote: Yes
Last Updated: 2006-12-19
Relevant URL: http://www.securityfocus.com/bid/21664
Summary:
PHPFanBase is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.
Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
83. KDE LibkHTML NodeType Function Denial Of Service Vulnerability
BugTraq ID: 21662
Remote: Yes
Last Updated: 2006-12-19
Relevant URL: http://www.securityfocus.com/bid/21662
Summary:
KDE libkhtml is prone to a denial-of-service vulnerability.
This issue is triggered when an attacker convinces a victim user to open a malicious HTML document via an affected application such as kmail or Konqueror.
Remote attackers may exploit this issue to crash applications that use the affected library, effectively denying service to legitimate users.
84. Oracle Multiple Unspecified Vulnerabilities
BugTraq ID: 10871
Remote: Yes
Last Updated: 2006-12-19
Relevant URL: http://www.securityfocus.com/bid/10871
Summary:
Reportedly, multiple unspecified Oracle products contain multiple unspecified vulnerabilities.
The reported vulnerabilities include SQL-injection issues, buffer-overflow issues, and others.
There have also been reports that issues covered in this BID and resolved in the referenced Oracle patch include trigger-abuse issues, character-set-conversion bugs, and denial-of-service vulnerabilities. More information is pending.
Note that a number of unsupported versions of affected products may also potentially be vulnerable.
85. Zope CSV_Table Information Disclosure Vulnerability
BugTraq ID: 20022
Remote: Yes
Last Updated: 2006-12-19
Relevant URL: http://www.securityfocus.com/bid/20022
Summary:
Zope is prone to an information-disclosure vulnerability because the application fails to properly secure potentially sensitive information.
A remote attacker can exploit this issue to retrieve potentially sensitive information that may aid the attacker in further attacks.
86. Microsoft Word Code Execution Vulnerability
BugTraq ID: 21589
Remote: Yes
Last Updated: 2006-12-19
Relevant URL: http://www.securityfocus.com/bid/21589
Summary:
Microsoft Word is prone to a remote code-execution vulnerability.
An attacker could exploit this issue by enticing a victim to open a malicious Word file. If the attack is successful, the attacker may be able to execute arbitrary code in the context of the currently logged-in user.
Note that this issue is distinct from issues described in BID 21451 (Microsoft Word Unspecified Remote Code Execution Vulnerability) and BID 21518 (Microsoft Word Unspecified Code Execution Vulnerability).
87. Marathon Aleph One Unspecified Denial Of Service Vulnerability
BugTraq ID: 21655
Remote: Yes
Last Updated: 2006-12-19
Relevant URL: http://www.securityfocus.com/bid/21655
Summary:
Aleph One is prone to an unspecified denial-of-service vulnerability.
An attacker can exploit this issue on an affected computer to cause a denial-of-service condition.
Marathon Aleph One versions prior to 2006-12-17 and legacy Mac OS versions prior to 0.17.1 are vulnerable.
88. D-Bus Signals.C Local Denial of Service Vulnerability
BugTraq ID: 21571
Remote: No
Last Updated: 2006-12-19
Relevant URL: http://www.securityfocus.com/bid/21571
Summary:
D-Bus is prone to a local denial-of-service vulnerability.
Exploiting this issue allows local attackers to disable the ability of a specific process to receive certain messages, effectively denying service to legitimate users.
D-Bus versions prior to 1.0.2 are vulnerable to this issue.
89. ProFTPD Controls Module Local Buffer Overflow Vulnerability
BugTraq ID: 21587
Remote: No
Last Updated: 2006-12-19
Relevant URL: http://www.securityfocus.com/bid/21587
Summary:
ProFTPD is prone to a local stack-based buffer-overflow vulnerability.
Attackers may exploit this issue to corrupt memory and execute arbitrary code in the context of the server application, resulting in a complete compromise of affected computers.
NOTE: ProFTPD is vulnerable only when compiled with 'mod_ctrls' support and the module is enabled.
90. RARLAB WinRAR LHA Filename Handling Buffer Overflow Vulnerability
BugTraq ID: 19043
Remote: Yes
Last Updated: 2006-12-19
Relevant URL: http://www.securityfocus.com/bid/19043
Summary:
WinRAR is susceptible to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.
This vulnerability allows attackers to execute arbitrary machine code in the context of the affected application.
Versions of WinRAR from 3.0 to 3.60 beta 6 are vulnerable to this issue.
91. Linux Kernel SCTP SO_LINGER Local Denial of Service Vulnerability
BugTraq ID: 20087
Remote: No
Last Updated: 2006-12-19
Relevant URL: http://www.securityfocus.com/bid/20087
Summary:
The Linux kernel SCTP module is prone to a local denial-of-service vulnerability.
This issue allows local attackers to cause kernel crashes, denying service to legitimate users.
Specific information regarding affected versions of the Linux kernel is currently unavailable. This BID will be updated as further information is disclosed.
92. NeoScale Systems CryptoStor Tape 700 Series Appliance SmartCard Authentication Bypass Vulnerability
BugTraq ID: 21652
Remote: Yes
Last Updated: 2006-12-19
Relevant URL: http://www.securityfocus.com/bid/21652
Summary:
CryptoStor Tape is prone to an authentication-bypass vulnerability.
An attacker who has knowledge of the username and password of the administration console can bypass the smartcard security and gain adminstrative access to the affected device.
This issue affects CryptoStor 700 series with firmware version prior to 2.6.
93. Linux Kernel UDF Denial of Service Vulnerability
BugTraq ID: 19562
Remote: No
Last Updated: 2006-12-19
Relevant URL: http://www.securityfocus.com/bid/19562
Summary:
The Linux kernel UDF file module is prone to a denial-of-service vulnerability.
An attacker can exploit this issue to crash the kernel, denying further service to legitimate users.
94. Linux Kernel PPC970 Systems Local Denial of Service Vulnerability
BugTraq ID: 19615
Remote: No
Last Updated: 2006-12-19
Relevant URL: http://www.securityfocus.com/bid/19615
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability.
An attacker can exploit this issue to crash the kernel, denying further service to legitimate users.
95. Linux Kernel SCTP_Make_Abort_User Function Buffer Overflow Vulnerability
BugTraq ID: 19666
Remote: No
Last Updated: 2006-12-19
Relevant URL: http://www.securityfocus.com/bid/19666
Summary:
The Linux kernel is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.
A local attacker can exploit this issue to execute arbitrary code and potentially compromise the affected computer.
96. Linux Kernel NFS and EXT3 Combination Remote Denial of Service Vulnerability
BugTraq ID: 19396
Remote: No
Last Updated: 2006-12-19
Relevant URL: http://www.securityfocus.com/bid/19396
Summary:
The Linux kernel is susceptible to a remote denial-of-service vulnerability because the EXT3 filesystem code fails to properly handle unexpected conditions.
Remote attackers may trigger this issue by sending crafted UDP datagrams to affected computers that are configured as NFS servers, causing filesystem errors. Depending on the mount-time options of affected filesystems, this may result in remounting filesystems as read-only or cause a kernel panic.
Linux kernel versions 2.6.14.4, 2.6.17.6, and 2.6.17.7 are vulnerable to this issue; other versions in the 2.6 series are also likely affected.
97. GNU Wget FTP_Syst Function Remote Denial of Service Vulnerability
BugTraq ID: 21650
Remote: Yes
Last Updated: 2006-12-19
Relevant URL: http://www.securityfocus.com/bid/21650
Summary:
GNU Wget is prone to a remote denial-of-service vulnerability.
Exploiting this issue allows remote attackers to crash the application, denying further service to legitimate users.
Version 1.10.2 is vulnerable; other versions may also be affected.
98. Mini Web Shop View.PHP Viewcategory.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 21677
Remote: Yes
Last Updated: 2006-12-19
Relevant URL: http://www.securityfocus.com/bid/21677
Summary:
Mini Web Shop is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Version 2.1.c is vulnerable to this issue; other versions may also be affected.
99. Sun Java RunTime Environment Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 21675
Remote: No
Last Updated: 2006-12-19
Relevant URL: http://www.securityfocus.com/bid/21675
Summary:
The Java Runtime Environment is prone to multiple buffer-overflow vulnerabilities. These issues occur because the application fails to bound-check user-supplied data before copying it into an insufficiently sized buffer.
A local attacker can exploit these issues to execute arbitrary code with administrative privileges. A successful exploit attempt will lead to the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service.
100. Linux Kernel MinCore User Space Access Locking Local Denial of Service Vulnerability
BugTraq ID: 21663
Remote: No
Last Updated: 2006-12-19
Relevant URL: http://www.securityfocus.com/bid/21663
Summary:
The Linux Kernel is prone to a denial-of-service vulnerability due to a design error.
A local attacker can exploit this issue to cause the kernel to become unresponsive, denying further service to legitimate users.
Linux Kernel versions prior to 2.4.33.6 are vulnerable.
III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. PHP security under scrutiny
By: Robert Lemos
The departure of a security team member and recent data showing that PHP Web applications account for four out of every ten security flaws found in 2006 highlight the need for better protections, say experts.
http://www.securityfocus.com/news/11430
2. UCLA alerts 800,000 to data breach
By: Robert Lemos
An unknown attacker uses a security flaw to access a restricted database containing Social Security numbers and other personal information on students, faculty and staff of the University of California, Los Angeles.
http://www.securityfocus.com/news/11429
3. MySpace teams to create sex-offender database
By: Robert Lemos
The social networking site has paired up with an ID verification firm to build a national database of convicted sex offenders, a technology the service hopes will enable it to keep predators out of its community.
http://www.securityfocus.com/news/11428
4. Social sites' insecurity increasingly worrisome
By: Robert Lemos
Security issues at MySpace and other sites have raised fears over protecting users against Trojan horse programs masquerading as user-created content.
http://www.securityfocus.com/news/11427
IV. SECURITY JOBS LIST SUMMARY
-------------------------------
1. [SJ-JOB] Penetration Engineer, Anywhere in the Northeast
http://www.securityfocus.com/archive/77/454934
2. [SJ-JOB] CISO, New York City
http://www.securityfocus.com/archive/77/454935
3. [SJ-JOB] Senior Software Engineer, Waltham
http://www.securityfocus.com/archive/77/454936
4. [SJ-JOB] CISO, New York
http://www.securityfocus.com/archive/77/454950
5. [SJ-JOB] Security Engineer, Grapevine
http://www.securityfocus.com/archive/77/454937
6. [SJ-JOB] Account Manager, New York
http://www.securityfocus.com/archive/77/454938
7. [SJ-JOB] Jr. Security Analyst, Warren
http://www.securityfocus.com/archive/77/454848
8. [SJ-JOB] Jr. Security Analyst, New Castle
http://www.securityfocus.com/archive/77/454849
9. [SJ-JOB] Threat Analyst, New Castle
http://www.securityfocus.com/archive/77/454850
10. [SJ-JOB] Security Engineer, Seattle
http://www.securityfocus.com/archive/77/454851
11. [SJ-JOB] Security Engineer, Austin
http://www.securityfocus.com/archive/77/454795
12. [SJ-JOB] Customer Support, Boston
http://www.securityfocus.com/archive/77/454796
13. [SJ-JOB] Security Engineer, Austin
http://www.securityfocus.com/archive/77/454797
14. [SJ-JOB] Security Engineer, Austin
http://www.securityfocus.com/archive/77/454798
15. [SJ-JOB] Senior Software Engineer, San Diego
http://www.securityfocus.com/archive/77/454799
16. [SJ-JOB] Security Engineer, Santa Clara
http://www.securityfocus.com/archive/77/454749
17. [SJ-JOB] Security Researcher, Santa Clara
http://www.securityfocus.com/archive/77/454752
18. [SJ-JOB] Quality Assurance, Redmond
http://www.securityfocus.com/archive/77/454747
19. [SJ-JOB] Jr. Security Analyst, Denver
http://www.securityfocus.com/archive/77/454751
20. [SJ-JOB] Security System Administrator, LEXINGTON
http://www.securityfocus.com/archive/77/454748
21. [SJ-JOB] Security System Administrator, Sydney
http://www.securityfocus.com/archive/77/454698
22. [SJ-JOB] Channel / Business Development, Boston area
http://www.securityfocus.com/archive/77/454710
23. [SJ-JOB] VP of Marketing, Napa
http://www.securityfocus.com/archive/77/454699
24. [SJ-JOB] Sr. Security Engineer, Lincoln
http://www.securityfocus.com/archive/77/454716
25. [SJ-JOB] Channel / Business Development, Napa
http://www.securityfocus.com/archive/77/454717
26. [SJ-JOB] Sales Engineer, Napa
http://www.securityfocus.com/archive/77/454718
27. [SJ-JOB] Security Engineer, Sunnyvale
http://www.securityfocus.com/archive/77/454543
28. [SJ-JOB] Sales Representative, Boston
http://www.securityfocus.com/archive/77/454544
29. [SJ-JOB] Software Engineer, Sunnyvale
http://www.securityfocus.com/archive/77/454541
30. [SJ-JOB] Sales Representative, Philadelphia
http://www.securityfocus.com/archive/77/454542
31. [SJ-JOB] Security Auditor, Phoenix
http://www.securityfocus.com/archive/77/454516
32. [SJ-JOB] Security Engineer, New York
http://www.securityfocus.com/archive/77/454515
33. [SJ-JOB] Security Engineer, Palo Alto
http://www.securityfocus.com/archive/77/454517
34. [SJ-JOB] Remediation Security Analyst, PLANO
http://www.securityfocus.com/archive/77/454511
35. [SJ-JOB] Security Engineer, New York
http://www.securityfocus.com/archive/77/454512
36. [SJ-JOB] Sr. Security Engineer, London and UK
http://www.securityfocus.com/archive/77/454513
37. [SJ-JOB] Security Consultant, Bangalore
http://www.securityfocus.com/archive/77/454470
38. [SJ-JOB] Application Security Engineer, Bangalore
http://www.securityfocus.com/archive/77/454461
39. [SJ-JOB] Sr. Security Engineer, London and UK
http://www.securityfocus.com/archive/77/454462
40. [SJ-JOB] Security Engineer, Phoenix
http://www.securityfocus.com/archive/77/454469
41. [SJ-JOB] Account Manager, Dallas
http://www.securityfocus.com/archive/77/454463
42. [SJ-JOB] Application Security Architect, Bangalore
http://www.securityfocus.com/archive/77/454467
43. [SJ-JOB] Penetration Engineer, Jeddah, Riyadh, Abu Dhabi & Dubai
http://www.securityfocus.com/archive/77/454468
44. [SJ-JOB] Sales Engineer, Remote
http://www.securityfocus.com/archive/77/454324
45. [SJ-JOB] Sr. Security Analyst, Mountain View
http://www.securityfocus.com/archive/77/454328
46. [SJ-JOB] Security Engineer, Kirkland
http://www.securityfocus.com/archive/77/454329
47. [SJ-JOB] Security Engineer, Santa Monica
http://www.securityfocus.com/archive/77/454331
V. INCIDENTS LIST SUMMARY
---------------------------
1. Spam and SYN Flood?
http://www.securityfocus.com/archive/75/454743
2. udp port 17304
http://www.securityfocus.com/archive/75/454557
3. http://thebesthack.altervista.org/input.txt
http://www.securityfocus.com/archive/75/454341
VI. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
1. CanSecWest 2007 (April 18-20) Call For Papers (Deadline January 7th)
http://www.securityfocus.com/archive/82/454520
VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Expiring inactive accounts
http://www.securityfocus.com/archive/88/454928
2. Strange modifications to HD
http://www.securityfocus.com/archive/88/454540
3. Is explorer.exe (XP) a high risk process
http://www.securityfocus.com/archive/88/454402
4. strange new virus
http://www.securityfocus.com/archive/88/454248
VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
1. HITBSecConf2007 - Dubai - Call for Papers now open!
http://www.securityfocus.com/archive/91/454801
X. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.
XI. SPONSOR INFORMATION
------------------------
This Issue is Sponsored by: SecureWave
Free Pod Slurping Whitepaper - Stop Data Theft Now
The 4 most important steps your organization should take to prevent data loss via ipods, mp3 players or any other removable usb devices.
http://newsletter.industrybrains.com/c?fe;1;633a9;16eaa;2ce;0;da4
No comments:
Post a Comment