News

Tuesday, September 18, 2007

SecurityFocus Newsletter #419

SecurityFocus Newsletter #419
----------------------------------------

This Issue is Sponsored by: Symantec Endpoint Protection

_______________________

Prepare Your Environment for the Next Generation AntiVirus

For a limited time, Symantec Endpoint Protection 11.0 is ready for testing in your own environment. This revolutionary solution includes new, updated versions of Symantec's industry leading solutions-Antivirus, Antispyware, Client Firewall, Intrusion Prevention, and Device Control-now in a single deployable agent.
http://www4.symantec.com/Vrt/offer?_requestid=481493&a_id=42133&


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.Windows Anti-Debug Reference
2.VoIP Hopping: A Method of Testing VoIP security or Voice VLANs
II. BUGTRAQ SUMMARY
1. ZoneAlarm Vsdatant.SYS Driver Local Denial of Service Vulnerability
2. Elastic Path User Details Multiple HTML Injection Vulnerabilities
3. Axis Communications 207W Network Camera Web Interface Vulnerabilities
4. Quagga Routing Suite Multiple Denial Of Service Vulnerabilities
5. X.Org X Server Composite Extension Local Buffer Overflow Vulnerability
6. id3lib Insecure Temporary File Creation Vulnerability
7. Eggdrop Server Module Message Handling Remote Buffer Overflow Vulnerability
8. Flac123 Local__VCentry_Parse_Value() Stack Buffer Overflow Vulnerability
9. RealPlayer/HelixPlayer ParseWallClockValue Function Buffer Overflow Vulnerability
10. Gene6 FTP Server Remote Default Install Code Execution Vulnerability
11. Linux Kernel CIFS Local Privilege Escalation Vulnerability
12. Boa Administrator Password Overwrite Authentication Bypass Vulnerability
13. Php-Stats Tracking.PHP Cross-Site Scripting Vulnerability
14. Samba NSS_Info Plugin Local Privilege Escalation Vulnerability
15. HP System Management Homepage Incomplete Update Installation Weakness
16. Multiple HP Products hpqutil.dll ActiveX Control Heap Buffer Overflow Vulnerability
17. AOL Instant Messenger Notification Window Remote Script Code Execution Vulnerability
18. Sun Java Web Proxy Server Multiple Buffer Overflow Vulnerabilities
19. Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
20. JBlog ID Parameter Multiple SQL Injection Vulnerabilities
21. GForge Topic EditProfile.PHP SQL Injection Vulnerability
22. Joomla! Joomla!Radio Component Local File Include Vulnerability
23. LetterGrade Multiple Cross-Site Scripting Vulnerabilities
24. LetterGrade Email Address HTML Injection Vulnerability
25. netInvoicing Unspecified Security Vulnerability
26. COWON America jetCast Server Remote Denial Of Service Vulnerability
27. Merak Mail Server Email Message HTML Injection Vulnerability
28. Trolltech QT ToUnicode Function Off By One Buffer Overflow Vulnerability
29. Ghost Security Suite SSDT Hooks Multiple Local Vulnerabilities
30. G DATA Internet Security SSDT Hooks Multiple Local Vulnerabilities
31. Sunbelt Kerio Personal Firewall Multiple Local Denial of Service Vulnerabilities
32. Kaspersky Internet Security 6 SSDT Hooks Multiple Local Vulnerabilities
33. Internet Security Systems BlackICE Local Denial of Service Vulnerability
34. Apple QuickTime Plug-In Arbitrary Script Execution Weakness
35. Symantec Norton Personal Firewall 2006 SPBBCDrv Driver Local Denial of Service Vulnerability
36. Outpost Firewall PRO Multiple Local Denial of Service Vulnerabilities
37. Comodo Firewall CMDMon.SYS Multiple Denial of Service Vulnerabilities
38. GCALDaemon Content-Length Header Denial of Service Vulnerability
39. Mozilla Firefox WYCIWYG:// URI Cache Zone Bypass Vulnerability
40. Mozilla Firefox URLBar Null Byte File Remote Code Execution Vulnerability
41. Microsoft Internet Explorer and Mozilla Firefox URI Handler Command Injection Vulnerability
42. KwsPHP Multiple SQL Injection Vulnerabilities
43. Mozilla Firefox About:Blank IFrame Cross Domain Information Disclosure Vulnerability
44. Mozilla Firefox 2.0.0.4 Multiple Remote Vulnerabilities
45. Mozilla Firefox/Thunderbird/SeaMonkey Chrome-Loaded About:Blank Script Execution Vulnerability
46. obedit Save Function HTML Injection Vulnerability
47. OpenSSH X11 Cookie Local Authentication Bypass Vulnerability
48. Fastjar Archive Extraction Directory Traversal Vulnerability
49. Sun Solaris Dtsession Local Buffer Overflow Vulnerability
50. RSA enVision Platform Cross-Site Scripting Vulnerability
51. WinImage Image Files Denial of Service and Directory Traversal Vulnerabilities
52. Coppermine Photo Gallery Multiple Input Validation Vulnerabilities
53. b1gMail hilfe.php Cross Site Scripting Vulnerability
54. Avahi Empty TXT Data Denial Of Service Vulnerability
55. Microsoft MFC Library CFileFind::FindFile Buffer Overflow Vulnerability
56. PHP Chunk_Split() Function Integer Overflow Vulnerability
57. PHP 5.2.3 and Prior Versions Multiple Vulnerabilities
58. TCPDump IEEE802.11 printer Remote Buffer Overflow Vulnerability
59. tcpdump Print-bgp.C Remote Integer Underflow Vulnerability
60. SWsoft Plesk PLESKSESSID Parameter Multiple SQL Injection Vulnerabilities
61. Shop-Script FREE Multiple Remote Vulnerabilities
62. KwsPHP Sondages Module ID Parameter SQL Injection Vulnerability
63. OpenOffice TIFF File Parser Multiple Integer Overflow Vulnerabilities
64. Privatefirewall SSDT Hooks Multiple Local Vulnerabilities
65. Online Armor Personal Firewall SSDT Hooks Multiple Local Vulnerabilities
66. ktauber.com Styles Demo MOD for phpBB Multiple Input Validation Vulnerabilities
67. MW6 Technologies QRCode ActiveX Control Multiple Arbitrary File Overwrite Vulnerabilities
68. phpSyncML Base_Dir Parameter Multiple Remote File Include Vulnerabilities
69. Python ImageOP Module Multiple Integer Overflow Vulnerabilities
70. Alcatel-Lucent OmniPCX Enterprise Remote Command Execution Vulnerability
71. Fcron Convert-FCronTab Directory Traversal Vulnerability
72. Lighttpd Mod_FastCGI Request Headers Remote Buffer Overflow Vulnerability
73. Gelato CMS Index.PHP SQL Injection Vulnerability
74. Omnistar Article Manager Article.PHP SQL Injection Vulnerability
75. Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
76. Rsync F_Name Off-By-One Buffer Overflow Vulnerability
77. PHP .Htaccess Safe_Mode and Open_Basedir Restriction-Bypass Vulnerability
78. ClamAV Popen Function Remote Code Execution Vulnerability
79. MIT Kerberos 5 KAdminD Server SVCAuth_GSS_Validate Stack Buffer Overflow Vulnerability
80. ClamAV Multiple Remote Denial of Service Vulnerabilities
81. Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
82. Joomla!12Pictures Component MosConfig_Live_Site Remote File Include Vulnerability
83. Vim HelpTags Command Remote Format String Vulnerability
84. Apache HTTP Server Mod_Cache Denial of Service Vulnerability
85. TinyWebGallery Multiple Cross-Site Scripting Vulnerabilities
86. RemoteDocs R-Viewer Remote Code Execution and Information Disclosure Vulnerabilities
87. SimpCMS Index.PHP SQL Injection Vulnerability
88. Linux Kernel Perfmon.c Local Denial of Service Vulnerability
89. Linux Kernel CapiUtil.c Buffer Overflow Vulnerability
90. Media Player Classic Remote Malformed Video File Remote Denial of Service Vulnerability
91. PhotoChannel Networks Photo Upload Plugin ActiveX Control Multiple Buffer Overflow Vulnerabilities
92. Module jeuxflash for Kwsphp ID Parameter SQL Injection Vulnerability
93. osCMax URL Cross-Site Scripting Vulnerability
94. ewire Payment Client Command Execution Vulnerability
95. Trolltech Qt QTextEdit Multiple Format String Vulnerabilities
96. ISC BIND 9 Remote Cache Poisoning Vulnerability
97. NetBSD Vga_allocattr Local Denial of Service Vulnerability
98. Chupix CMS download.php Arbitrary File Download Vulnerability
99. Joomla! FlashFun Component mosConfig_live_site Remote File Include Vulnerability
100. GNU Tar Dot_Dot Function Remote Directory Traversal Vulnerability
III. SECURITYFOCUS NEWS
1. Customers: TD Ameritrade failed to warn of breach
2. Max Vision charged with hacking -- again
3. Embassy leaks highlight pitfalls of Tor
4. China on hot seat over alleged hacks
IV. SECURITY JOBS LIST SUMMARY
1. [SJ-JOB] Security Engineer, Herndon
2. [SJ-JOB] Jr. Security Analyst, Arlington
3. [SJ-JOB] Security Engineer, Arlington
4. [SJ-JOB] Threat Analyst, Arlington
5. [SJ-JOB] Security Consultant, Montgomery
6. [SJ-JOB] Security Engineer, Chantilly
7. [SJ-JOB] Security Auditor, Arlington
8. [SJ-JOB] Senior Software Engineer, New York
9. [SJ-JOB] Quality Assurance, Atlanta
10. [SJ-JOB] Sr. Security Engineer, Scottsdale
11. [SJ-JOB] Security Engineer, Tucson
12. [SJ-JOB] Software Engineer, Mountain View
13. [SJ-JOB] Security Architect, Scottsdale
14. [SJ-JOB] Customer Support, Mountain View
15. [SJ-JOB] Principal Software Engineer, Mountain View
16. [SJ-JOB] Security Architect, Mountain View
17. [SJ-JOB] Sr. Security Engineer, Dallas
18. [SJ-JOB] Sales Engineer, Dallas
19. [SJ-JOB] Manager, Information Security, boca raton
20. [SJ-JOB] Director, Information Security, Denver
21. [SJ-JOB] VP of Marketing, Los Angeles
22. [SJ-JOB] Security Architect, Denver
23. [SJ-JOB] Sales Representative, Chicago
24. [SJ-JOB] VP of Regional Sales, San Mateo
25. [SJ-JOB] Sales Engineer, Los Angeles
26. [SJ-JOB] Software Engineer, Austin
27. [SJ-JOB] Software Engineer, Austin
28. [SJ-JOB] Technology Risk Consultant, Seattle
29. [SJ-JOB] Sales Engineer, San Mateo
30. [SJ-JOB] Sr. Security Analyst, Tempe
31. [SJ-JOB] Security System Administrator, New York
32. [SJ-JOB] Sr. Security Analyst, London
33. [SJ-JOB] Sr. Security Analyst, Manama
34. [SJ-JOB] Developer, ATLANTA
35. [SJ-JOB] Security System Administrator, London
36. [SJ-JOB] Security Engineer, Lexington Park
37. [SJ-JOB] Security Architect, Valley Forge
38. [SJ-JOB] Technology Risk Consultant, San Francisco
39. [SJ-JOB] Manager, Information Security, London
40. [SJ-JOB] Security Consultant, New York
41. [SJ-JOB] Sales Engineer, New York
42. [SJ-JOB] Security Engineer, Washington D.C.
43. [SJ-JOB] Security Consultant, Dubai
44. [SJ-JOB] Manager, Information Security, New York
45. [SJ-JOB] Quality Assurance, Seattle
46. [SJ-JOB] Security Engineer, Carpinteria
47. [SJ-JOB] Security System Administrator, Boulder
48. [SJ-JOB] Security Researcher, Cupertino
49. [SJ-JOB] Security Consultant, New York
V. INCIDENTS LIST SUMMARY
VI. VULN-DEV RESEARCH LIST SUMMARY
1. Uninformed Journal Release Announcement: Volume 8
VII. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #359
VIII. SUN FOCUS LIST SUMMARY
IX. LINUX FOCUS LIST SUMMARY
X. UNSUBSCRIBE INSTRUCTIONS
XI. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.Windows Anti-Debug Reference
By Nicolas Falliere
This paper classifies and presents several anti-debugging techniques used on Windows NT-based operating systems.

http://www.securityfocus.com/infocus/1893

2.VoIP Hopping: A Method of Testing VoIP security or Voice VLANs
By Jason Ostrom and John Kindervag
Testing Protection Controls on a VoIP Network - A Case Study and Method
http://www.securityfocus.com/infocus/1892


II. BUGTRAQ SUMMARY
--------------------
1. ZoneAlarm Vsdatant.SYS Driver Local Denial of Service Vulnerability
BugTraq ID: 23494
Remote: No
Last Updated: 2007-09-18
Relevant URL: http://www.securityfocus.com/bid/23494
Summary:
ZoneAlarm is prone to a local denial-of-service vulnerability.

This issue occurs when attackers supply invalid argument values to the 'vsdatant.sys' driver.

A local attacker may exploit this issue to crash affected computers, denying service to legitimate users.

ZoneAlarm Pro 6.5.737.000 and 6.1.744.001 are prone to this issue; other versions may be affected as well.

2. Elastic Path User Details Multiple HTML Injection Vulnerabilities
BugTraq ID: 25706
Remote: Yes
Last Updated: 2007-09-18
Relevant URL: http://www.securityfocus.com/bid/25706
Summary:
Elastic Path is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input data.

Exploiting these issues may allow an attacker to execute HTML and script code in the context of the affected site, to steal cookie-based authentication credentials, or to control how the site is rendered to the user; other attacks are also possible.

These issues affect Elastic Path 5.0; prior versions may also be affected.

3. Axis Communications 207W Network Camera Web Interface Vulnerabilities
BugTraq ID: 25678
Remote: Yes
Last Updated: 2007-09-17
Relevant URL: http://www.securityfocus.com/bid/25678
Summary:
Axis Communications 207W Network Camera is prone to multiple vulnerabilities in the web interface. Three issues were reported: a cross-site scripting vulnerability, a cross-site request-forgery vulnerability, and a denial-of-service vulnerability.

Exploiting these issues may allow an attacker to compromise the device or to prevent other users from using the device.

4. Quagga Routing Suite Multiple Denial Of Service Vulnerabilities
BugTraq ID: 25634
Remote: Yes
Last Updated: 2007-09-17
Relevant URL: http://www.securityfocus.com/bid/25634
Summary:
Quagga Routing Suite is prone to a multiple denial-of-service vulnerabilities.

An attacker can exploit these issues to crash the affected application, denying service to legitimate users.

These issues affect versions prior to Quagga Routing Suite 0.99.9.

5. X.Org X Server Composite Extension Local Buffer Overflow Vulnerability
BugTraq ID: 25606
Remote: No
Last Updated: 2007-09-17
Relevant URL: http://www.securityfocus.com/bid/25606
Summary:
The X.Org X Window System is prone to a local buffer-overflow vulnerability.

A local attacker can exploit this issue to execute arbitrary code with elevated privileges. This may facilitate a compromise of the affected computer.

6. id3lib Insecure Temporary File Creation Vulnerability
BugTraq ID: 25372
Remote: No
Last Updated: 2007-09-17
Relevant URL: http://www.securityfocus.com/bid/25372
Summary:
The id3lib library creates temporary files in an insecure manner.

An attacker with local access could potentially exploit this issue to perform symlink attacks, overwriting arbitrary files in the context of applications using the affected library.

Successfully mounting a symbolic-link attack may allow the attacker to overwrite or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.

7. Eggdrop Server Module Message Handling Remote Buffer Overflow Vulnerability
BugTraq ID: 24070
Remote: Yes
Last Updated: 2007-09-17
Relevant URL: http://www.securityfocus.com/bid/24070
Summary:
Eggdrop Server Module is prone to a remote buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

Eggdrop 1.6.18 is known to be vulnerable; other versions may be affected as well.

8. Flac123 Local__VCentry_Parse_Value() Stack Buffer Overflow Vulnerability
BugTraq ID: 24712
Remote: Yes
Last Updated: 2007-09-17
Relevant URL: http://www.securityfocus.com/bid/24712
Summary:
The 'flac123' utility is prone to a stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of a user running the application. Failed attempts will likely cause denial-of-service conditions.

This issue affects 'flac123' 0.0.9; other versions may also be affected.

9. RealPlayer/HelixPlayer ParseWallClockValue Function Buffer Overflow Vulnerability
BugTraq ID: 24658
Remote: Yes
Last Updated: 2007-09-17
Relevant URL: http://www.securityfocus.com/bid/24658
Summary:
RealPlayer and HelixPlayer are prone to a buffer-overflow vulnerability because the applications fail to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.

This issue affects RealPlayer 10.5-GOLD and HelixPlayer 10.5-GOLD; other versions may also be affected.

10. Gene6 FTP Server Remote Default Install Code Execution Vulnerability
BugTraq ID: 12739
Remote: Yes
Last Updated: 2007-09-17
Relevant URL: http://www.securityfocus.com/bid/12739
Summary:
A remote code-execution vulnerability reportedly affects Gene6 FTP Server because of a configuration error that fails to secure critical functionality from default users.

An attacker that can authenticate to the affected FTP server can execute arbitrary code with SYSTEM privileges; this will facilitate privilege escalation.

11. Linux Kernel CIFS Local Privilege Escalation Vulnerability
BugTraq ID: 25672
Remote: No
Last Updated: 2007-09-17
Relevant URL: http://www.securityfocus.com/bid/25672
Summary:
The Linux kernel is prone to a local privilege-escalation vulnerability.

An attacker could exploit this issue to execute arbitrary code with the privileges of the victim.

12. Boa Administrator Password Overwrite Authentication Bypass Vulnerability
BugTraq ID: 25676
Remote: Yes
Last Updated: 2007-09-17
Relevant URL: http://www.securityfocus.com/bid/25676
Summary:
Boa is prone to an authentication-bypass vulnerability because the application fails to ensure that passwords are not overwritten by specially crafted HTTP Requests.

An attacker can exploit this issue to gain unauthorized access to the affected application. This may lead to other attacks.

This issue affects Boa 0.93.15; other versions may also be affected.

NOTE: This issue affects only Boa with Intersil Extensions installed.

13. Php-Stats Tracking.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 25674
Remote: Yes
Last Updated: 2007-09-17
Relevant URL: http://www.securityfocus.com/bid/25674
Summary:
Php-Stats is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

This issue affects Php-Stats 0.1.9.2; other versions may also be affected.

14. Samba NSS_Info Plugin Local Privilege Escalation Vulnerability
BugTraq ID: 25636
Remote: No
Last Updated: 2007-09-17
Relevant URL: http://www.securityfocus.com/bid/25636
Summary:
Samba is prone to a local privilege-escalation vulnerability due to a logic error in the Winbind daemon.

An attacker can exploit this issue to gain 'groupid 0' privileges on UNIX computers running the vulnerable Samba software. This may aid them in further attacks.

Samba 3.0.25 through 3.0.25c are vulnerable to this issue.

15. HP System Management Homepage Incomplete Update Installation Weakness
BugTraq ID: 25675
Remote: No
Last Updated: 2007-09-14
Relevant URL: http://www.securityfocus.com/bid/25675
Summary:
HP System Management Homepage is prone to a weakness that can result in a false sense of security.

This issue can cause incomplete OpenSSL security update installations that may leave the affected computer prone to the flaw that the update was intended to fix.

16. Multiple HP Products hpqutil.dll ActiveX Control Heap Buffer Overflow Vulnerability
BugTraq ID: 25673
Remote: Yes
Last Updated: 2007-09-14
Relevant URL: http://www.securityfocus.com/bid/25673
Summary:
HP All-in-One Series Web Release and HP Photo and Imaging Gallery are prone to a heap-based buffer-overflow vulnerability because the applications fail to perform adequate boundary-checks on user-supplied data.

Successfully exploiting this issue will allow an attacker to execute arbitrary code within the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts will result in a denial-of-service condition.

17. AOL Instant Messenger Notification Window Remote Script Code Execution Vulnerability
BugTraq ID: 25659
Remote: Yes
Last Updated: 2007-09-14
Relevant URL: http://www.securityfocus.com/bid/25659
Summary:
AOL Instant Messenger is prone to a remote script-code-execution vulnerability.

An attacker may leverage this issue to execute arbitrary script code in the notification window of an unsuspecting user. This may help the attacker launch other attacks.

AOL Instant Messenger 6.1.41.2 is vulnerable; other versions may also be affected.

18. Sun Java Web Proxy Server Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 24165
Remote: Yes
Last Updated: 2007-09-14
Relevant URL: http://www.securityfocus.com/bid/24165
Summary:
Sun Java System Web Proxy Server is prone to multiple buffer-overflow vulnerabilities because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker can exploit these issues to execute arbitrary code with superuser privileges, leading to the complete compromise of affected computers. Failed exploit attempts will result in a denial of service.

These issues affect Web Proxy Server 4.0.3; prior versions may also be affected.

19. Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
BugTraq ID: 25489
Remote: Yes
Last Updated: 2007-09-14
Relevant URL: http://www.securityfocus.com/bid/25489
Summary:
The Apache mod_proxy module is prone to a denial-of-service vulnerability.

A remote attacker may be able to exploit this issue to crash the child process. This could lead to denial-of-service conditions if the server is using a multithreaded Multi-Processing Module (MPM).

20. JBlog ID Parameter Multiple SQL Injection Vulnerabilities
BugTraq ID: 25669
Remote: Yes
Last Updated: 2007-09-14
Relevant URL: http://www.securityfocus.com/bid/25669
Summary:
JBlog is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

JBlog 1.0 is vulnerable; other versions may also be affected.

21. GForge Topic EditProfile.PHP SQL Injection Vulnerability
BugTraq ID: 25665
Remote: Yes
Last Updated: 2007-09-14
Relevant URL: http://www.securityfocus.com/bid/25665
Summary:
GForge is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Versions prior to GForge 4.6b2 are reported vulnerable.

22. Joomla! Joomla!Radio Component Local File Include Vulnerability
BugTraq ID: 25664
Remote: Yes
Last Updated: 2007-09-14
Relevant URL: http://www.securityfocus.com/bid/25664
Summary:
Joomla! Joomla!Radio component is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

Exploiting this issue may allow an unauthorized user to view files and execute local scripts in the context of the webserver process.

23. LetterGrade Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 25662
Remote: Yes
Last Updated: 2007-09-14
Relevant URL: http://www.securityfocus.com/bid/25662
Summary:
LetterGrade is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

24. LetterGrade Email Address HTML Injection Vulnerability
BugTraq ID: 25663
Remote: Yes
Last Updated: 2007-09-14
Relevant URL: http://www.securityfocus.com/bid/25663
Summary:
LetterGrade is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input data.

Exploiting this issue may allow an attacker to execute HTML and script code in the context of the affected site, to steal cookie-based authentication credentials, or to control how the site is rendered to the user; other attacks are also possible.

25. netInvoicing Unspecified Security Vulnerability
BugTraq ID: 25661
Remote: Yes
Last Updated: 2007-09-14
Relevant URL: http://www.securityfocus.com/bid/25661
Summary:
netInvoicing is prone to an unspecified vulnerability.

Very few details are available regarding this issue. We will update this BID as more information emerges.

This issue affects versions prior to netInvoicing 2.7.3.

26. COWON America jetCast Server Remote Denial Of Service Vulnerability
BugTraq ID: 25660
Remote: Yes
Last Updated: 2007-09-14
Relevant URL: http://www.securityfocus.com/bid/25660
Summary:
jetCast Server is prone to a remote denial-of-service vulnerability.

Attackers can exploit this issue to crash the server, denying access to legitimate users.

jetCast Server 2 is reported vulnerable; other versions may also be affected.

27. Merak Mail Server Email Message HTML Injection Vulnerability
BugTraq ID: 25708
Remote: Yes
Last Updated: 2007-09-18
Relevant URL: http://www.securityfocus.com/bid/25708
Summary:
Merak Mail Server is prone to an HTML-injection vulnerability because the application fails to sufficiently sanitize user-supplied input before using it in dynamically generated content.

Exploiting this issue may allow an attacker to execute HTML and script code in the context of the affected site, to steal cookie-based authentication credentials, or to control how the site is rendered to the user; other attacks are also possible.

This issue affects Merak Mail Server 8.9.2 and 8.9.1; other versions may also be affected.

28. Trolltech QT ToUnicode Function Off By One Buffer Overflow Vulnerability
BugTraq ID: 25657
Remote: Yes
Last Updated: 2007-09-18
Relevant URL: http://www.securityfocus.com/bid/25657
Summary:
Qt is prone to a buffer-overflow vulnerability because the framework fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary code within the context of applications that use the affected framework. Failed exploit attempts will result in a denial-of-service condition.

29. Ghost Security Suite SSDT Hooks Multiple Local Vulnerabilities
BugTraq ID: 25709
Remote: No
Last Updated: 2007-09-18
Relevant URL: http://www.securityfocus.com/bid/25709
Summary:
Ghost Security Suite is prone to multiple local vulnerabilities.

Exploiting these vulnerabilities allows local attackers to crash affected computers, denying service to legitimate users. Attackers might also be able to gain elevated privileges by executing arbitrary machine code in the context of the kernel, but this has not been confirmed.

Ghost Security Suite beta 1.110 and alpha 1.200 are vulnerable; other versions may also be affected.

30. G DATA Internet Security SSDT Hooks Multiple Local Vulnerabilities
BugTraq ID: 25705
Remote: No
Last Updated: 2007-09-18
Relevant URL: http://www.securityfocus.com/bid/25705
Summary:
G DATA Internet Security is prone to multiple local vulnerabilities.

Exploiting these vulnerabilities allows local attackers to crash affected computers, denying service to legitimate users. Attackers might also be able to gain elevated privileges by executing arbitrary machine code in the context of the kernel, but this has not been confirmed.

G DATA Internet Security 2007 is vulnerable; other versions may also be affected.

31. Sunbelt Kerio Personal Firewall Multiple Local Denial of Service Vulnerabilities
BugTraq ID: 20299
Remote: No
Last Updated: 2007-09-18
Relevant URL: http://www.securityfocus.com/bid/20299
Summary:
Sunbelt Kerio Personal Firewall is prone to multiple local denial-of-service vulnerabilities because the application fails to properly sanitize user-supplied input.

Exploiting these vulnerabilities allows local attackers to crash affected systems, facilitating a denial-of-service condition on the local computer. Code execution may also be possible, but this has not been confirmed.

32. Kaspersky Internet Security 6 SSDT Hooks Multiple Local Vulnerabilities
BugTraq ID: 24491
Remote: No
Last Updated: 2007-09-18
Relevant URL: http://www.securityfocus.com/bid/24491
Summary:
Kaspersky Internet Security 6 is prone to multiple local vulnerabilities.

Exploiting these vulnerabilities allows local attackers to crash affected computers, denying service to legitimate users. Attackers might also be able to gain elevated privileges by executing arbitrary machine code in the context of the kernel, but this has not been confirmed.

Kaspersky Internet Security 6.0.2.614 and 6.0.2.621 are vulnerable; other versions may also be affected.

NOTE: These issues may be related to BID 23326 (Kaspersky Internet Security Suite Klif.SYS Drive Local Heap Overflow Vulnerability), but this has not been confirmed. If we find that this BID is a duplicate, we will retire it and merge its information into BID 23326.

33. Internet Security Systems BlackICE Local Denial of Service Vulnerability
BugTraq ID: 19800
Remote: No
Last Updated: 2007-09-18
Relevant URL: http://www.securityfocus.com/bid/19800
Summary:
Internet Security Systems (ISS) BlackICE PC Protection is prone to a local denial-of-service vulnerability because the application fails to properly sanitize user-supplied input.

This vulnerability allows local attackers to crash affected systems, facilitating a denial-of-service condition on the local computer. Remote code execution may also be possible if the vulnerability is exploited in privileged kernel mode.

Versions 3.6.cpn, 3.6.cpj, and 3.6.cpiE are vulnerable to this issue; other versions may also be affected.

34. Apple QuickTime Plug-In Arbitrary Script Execution Weakness
BugTraq ID: 20138
Remote: Yes
Last Updated: 2007-09-18
Relevant URL: http://www.securityfocus.com/bid/20138
Summary:
Apple QuickTime plug-in is prone to an arbitrary-script-execution weakness when executing QuickTime Media Link files (.qtl).

An attacker can exploit this issue to execute arbitrary script code in the context of the affected application and load local content in a user's browser. Although this weakness doesn't pose any direct security threat by itself, an attacker may use it to aid in further attacks.

QuickTime 7.1.3 is vulnerable; other versions may also be affected.

35. Symantec Norton Personal Firewall 2006 SPBBCDrv Driver Local Denial of Service Vulnerability
BugTraq ID: 23241
Remote: No
Last Updated: 2007-09-18
Relevant URL: http://www.securityfocus.com/bid/23241
Summary:
Norton Personal Firewall 2006 is prone to a local denial-of-service vulnerability.

This issue occurs when attackers supply invalid argument values to the 'SPBBCDrv.sys' driver.

A local attacker may exploit this issue to crash affected computers, denying service to legitimate users.

Norton Personal Firewall 2006 versions 9.1.1.7 and 9.1.0.33 are prone to this issue; other versions may be affected as well.

36. Outpost Firewall PRO Multiple Local Denial of Service Vulnerabilities
BugTraq ID: 21097
Remote: No
Last Updated: 2007-09-18
Relevant URL: http://www.securityfocus.com/bid/21097
Summary:
Outpost Firewall PRO is prone to multiple local denial-of-service vulnerabilities because the application fails to properly handle unexpected input.

Exploiting these issues allows local attackers to crash affected computers, denying service to legitimate users. Remote code-execution may be possible, but this has not been confirmed.

Outpost Firewall PRO versions 4.0 (964.582.059) and 4.0 (971.584.079) are vulnerable to these issues; other versions may also be affected.

37. Comodo Firewall CMDMon.SYS Multiple Denial of Service Vulnerabilities
BugTraq ID: 22357
Remote: Yes
Last Updated: 2007-09-18
Relevant URL: http://www.securityfocus.com/bid/22357
Summary:
Comodo Firewall is prone to multiple denial-of-service vulnerabilities because it fails to adequately validate user supplied data.

Exploiting these issues may permit attackers to cause system crashes and deny service to legitimate users. Presumaby, attackers may also be able to execute arbitrary code, but this has not been confirmed.

Comodo Firewall Pro 2.4.16.174 and Comodo Personal Firewall 2.3.6.81 are vulnerable; other versions may also be affected.

38. GCALDaemon Content-Length Header Denial of Service Vulnerability
BugTraq ID: 25704
Remote: Yes
Last Updated: 2007-09-18
Relevant URL: http://www.securityfocus.com/bid/25704
Summary:
GCALDaemon is prone to a remote denial-of-service vulnerability because the application fails to handle specially crafted HTTP GET requests

An attacker can exploit this issue to crash the affected application, denying service to legitimate users.

This issue affects GCALDaemon 1.0-beta13; other versions may also be affected.

39. Mozilla Firefox WYCIWYG:// URI Cache Zone Bypass Vulnerability
BugTraq ID: 24831
Remote: Yes
Last Updated: 2007-09-18
Relevant URL: http://www.securityfocus.com/bid/24831
Summary:
Mozilla Firefox is prone to a cache-zone-bypass vulnerability because the application fails to properly block remote access to special internally generated URIs containing cached data.

Exploiting this issue allows remote attackers to access potentially sensitive information and to place markers with similar functionality to cookies onto targeted users' computers, regardless of cookie security settings. Information harvested in successful exploits may aid in further attacks.

Attackers may also potentially exploit this issue to perform cache-poisoning or URL-spoofing attacks.

This issue is being tracked by Mozilla's Bugzilla Bug 387333.

40. Mozilla Firefox URLBar Null Byte File Remote Code Execution Vulnerability
BugTraq ID: 24447
Remote: Yes
Last Updated: 2007-09-18
Relevant URL: http://www.securityfocus.com/bid/24447
Summary:
Mozilla Firefox is prone to a remote code-execution vulnerability because it fails to adequately sanitize user-supplied input.

Attackers may exploit this issue by enticing victims into visiting a malicious site and followings links with improper file extensions.

Successful exploits may allow an attacker to crash the application or execute arbitrary code in the context of the affected application. Other attacks are also possible.

41. Microsoft Internet Explorer and Mozilla Firefox URI Handler Command Injection Vulnerability
BugTraq ID: 24837
Remote: Yes
Last Updated: 2007-09-18
Relevant URL: http://www.securityfocus.com/bid/24837
Summary:
Microsoft Internet Explorer, Mozilla Firefox and Netscape Navigator are prone to a vulnerability that lets attackers inject commands through the 'firefoxurl' and 'navigatorurl' protocol handlers.

Exploiting these issues allows remote attackers to pass and execute arbitrary commands and arguments through the 'firefox.exe' and 'navigator.exe' processes by employing the 'firefoxurl' and 'navigatorurl' handlers.

An attacker can also employ these issues to carry out cross-browser scripting attacks by using the '-chrome' argument. This can allow the attacker to run JavaScript code with the privileges of trusted Chrome context and gain full access to Firefox and Netscape Navigator's resources.

Exploiting these issues would permit remote attackers to influence command options that can be called through the 'firefoxurl' and 'navigatorurl' handlers and therefore execute commands and script code with the privileges of a user running the applications. Successful attacks may result in a variety of consequences, including remote unauthorized access.

42. KwsPHP Multiple SQL Injection Vulnerabilities
BugTraq ID: 25679
Remote: Yes
Last Updated: 2007-09-18
Relevant URL: http://www.securityfocus.com/bid/25679
Summary:
KwsPHP is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. These issues affect the 'login.php' script, the Member_Space module, and the stats module.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

43. Mozilla Firefox About:Blank IFrame Cross Domain Information Disclosure Vulnerability
BugTraq ID: 24286
Remote: Yes
Last Updated: 2007-09-18
Relevant URL: http://www.securityfocus.com/bid/24286
Summary:
Mozilla Firefox is prone to a cross-domain information-disclosure vulnerability because scripts may persist across navigations.

A malicious site may be able to modify the iframe of a site in an arbitrary external domain. Attackers could exploit this to gain access to sensitive information that is associated with the external domain. Other attacks are also possible, such as executing script code in other browser security zones.

This issue is being tracked by Bugzilla Bug 382686 and is reportedly related to Bug 343168.

Firefox 2.0.0.4 and prior versions are vulnerable.

44. Mozilla Firefox 2.0.0.4 Multiple Remote Vulnerabilities
BugTraq ID: 24946
Remote: Yes
Last Updated: 2007-09-18
Relevant URL: http://www.securityfocus.com/bid/24946
Summary:
The Mozilla Foundation has released four security advisories specifying multiple vulnerabilities in Firefox 2.0.0.4.

These vulnerabilities allow attackers to:

- Execute arbitrary code
- Execute code with chrome privileges
- Perform cross-site scripting attacks
- Crash Firefox in a myriad of ways, with evidence of memory corruption.

Other attacks may also be possible.

45. Mozilla Firefox/Thunderbird/SeaMonkey Chrome-Loaded About:Blank Script Execution Vulnerability
BugTraq ID: 25142
Remote: Yes
Last Updated: 2007-09-18
Relevant URL: http://www.securityfocus.com/bid/25142
Summary:
Mozilla Firefox, Thunderbird, and SeaMonkey are prone to a vulnerability that allows JavaScript to execute with unintended privileges.

A malicious site may be able to cause the execution of a script with Chrome privileges. Attackers could exploit this issue to execute hostile script code with privileges that exceed those that were intended. Certain Firefox extensions may not intend 'about:blank' to execute script code with Chrome privileges.

NOTE: This issue was introduced by the fix for MFSA 2007-20.

46. obedit Save Function HTML Injection Vulnerability
BugTraq ID: 25703
Remote: Yes
Last Updated: 2007-09-18
Relevant URL: http://www.securityfocus.com/bid/25703
Summary:
The 'obedit' application is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input data.

Exploiting this issue may allow an attacker to execute HTML and script code in the context of the affected site, to steal cookie-based authentication credentials, or to control how the site is rendered to the user; other attacks are also possible.

This issue affects obedit 3.03; other versions may also be affected.

47. OpenSSH X11 Cookie Local Authentication Bypass Vulnerability
BugTraq ID: 25628
Remote: No
Last Updated: 2007-09-18
Relevant URL: http://www.securityfocus.com/bid/25628
Summary:
OpenSSH is prone to a local authentication-bypass vulnerability because the software fails to properly manage trusted and untrusted X11 cookies.

Successfully exploiting this issue allows local attackers to potentially launch a forwarded X11 session through SSH in an unauthorized manner. Further details are currently unavailable. We will update this BID as more information emerges.

This issue affects OpenSSH 4.6; previous versions may be affected as well.

48. Fastjar Archive Extraction Directory Traversal Vulnerability
BugTraq ID: 15669
Remote: Yes
Last Updated: 2007-09-18
Relevant URL: http://www.securityfocus.com/bid/15669
Summary:
Fastjar is prone to a directory-traversal vulnerability because the utility fails to properly sanitize user-supplied data.

An attacker can exploit this vulnerability to overwrite arbitrary files in the context of the user running the vulnerable application. Depending on the files overwritten, this could cause the system to crash or could facilitate unauthorized access; other attacks are also possible.

49. Sun Solaris Dtsession Local Buffer Overflow Vulnerability
BugTraq ID: 24687
Remote: No
Last Updated: 2007-09-18
Relevant URL: http://www.securityfocus.com/bid/24687
Summary:
Sun Solaris is prone to a local buffer-overflow vulnerability.

Successfully exploiting this issue allows local users to execute arbitrary machine code with root privileges. This may aid them in further attacks.

Sun Solaris 8, 9, and 10 SPARC and x86 are affected by this issue.

50. RSA enVision Platform Cross-Site Scripting Vulnerability
BugTraq ID: 25645
Remote: Yes
Last Updated: 2007-09-18
Relevant URL: http://www.securityfocus.com/bid/25645
Summary:
The RSA enVision platform is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

RSA enVision 3.3.6 Build 0115 is vulnerable; other versions may also be affected.

51. WinImage Image Files Denial of Service and Directory Traversal Vulnerabilities
BugTraq ID: 25687
Remote: Yes
Last Updated: 2007-09-18
Relevant URL: http://www.securityfocus.com/bid/25687
Summary:
WinImage is prone to a denial-of-service vulnerability and a directory-traversal vulnerability because the application fails to adequately sanitize user-supplied input.

Attackers can exploit these issues to cause a denial of service or to write malicious files to arbitrary directories.

WinImage 8.0 and 8.10 are vulnerable; other versions may also be affected.

52. Coppermine Photo Gallery Multiple Input Validation Vulnerabilities
BugTraq ID: 25698
Remote: Yes
Last Updated: 2007-09-18
Relevant URL: http://www.securityfocus.com/bid/25698
Summary:
Coppermine Photo Gallery is prone to a cross-site scripting issue and a local file-include issue.

Attackers can exploit these issues to steal cookie-based authentication credentials, execute arbitrary code, and retrieve arbitrary content within the context of the webserver process.

Coppermine Photo Gallery 1.4.12 is vulnerable; other versions may also be affected.

53. b1gMail hilfe.php Cross Site Scripting Vulnerability
BugTraq ID: 25699
Remote: Yes
Last Updated: 2007-09-18
Relevant URL: http://www.securityfocus.com/bid/25699
Summary:
b1gMail is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

Exploiting this vulnerability may allow an attacker to perform cross-site scripting attacks on unsuspecting users in the context of the affected website. As a result, the attacker may be able to steal cookie-based authentication credentials and to launch other attacks.

b1gMail 6.3.1 is vulnerable; other versions may also be affected.

54. Avahi Empty TXT Data Denial Of Service Vulnerability
BugTraq ID: 24614
Remote: No
Last Updated: 2007-09-18
Relevant URL: http://www.securityfocus.com/bid/24614
Summary:
Avahi is prone to a denial-of-service vulnerability.

A local attacker may exploit this issue to cause the application to crash, denying further service to legitimate users.

Versions prior to 0.6.20 are vulnerable to this issue.

55. Microsoft MFC Library CFileFind::FindFile Buffer Overflow Vulnerability
BugTraq ID: 25697
Remote: Yes
Last Updated: 2007-09-18
Relevant URL: http://www.securityfocus.com/bid/25697
Summary:
The CFileFind::FindFile method in the MFC library for Microsoft Windows is prone to a buffer-overflow vulnerability because the method fails to perform adequate boundary checks of user-supplied input.

Successfully exploiting this issue may allow attackers to execute arbitrary code in the context of applications that use the vulnerable method.

The MFC library included with Microsoft Windows XP SP2 is affected; other versions may also be affected.

56. PHP Chunk_Split() Function Integer Overflow Vulnerability
BugTraq ID: 24261
Remote: Yes
Last Updated: 2007-09-18
Relevant URL: http://www.securityfocus.com/bid/24261
Summary:
PHP is prone to an integer-overflow vulnerability because it fails to ensure that integer values aren't overrun. Attackers may exploit this issue to cause a buffer overflow and to corrupt process memory.

Attackers may be able to execute arbitrary machine code in the context of the affected application. Failed exploit attempts will likely result in a denial-of-service condition.

This issue affects versions prior to PHP 5.2.3.

57. PHP 5.2.3 and Prior Versions Multiple Vulnerabilities
BugTraq ID: 25498
Remote: Yes
Last Updated: 2007-09-18
Relevant URL: http://www.securityfocus.com/bid/25498
Summary:
PHP 5.2.3 and prior versions are prone to multiple security vulnerabilities. Successful exploits could allow an attacker to bypass security restrictions, cause a denial-of-service condition, and potentially execute code.

58. TCPDump IEEE802.11 printer Remote Buffer Overflow Vulnerability
BugTraq ID: 22772
Remote: Yes
Last Updated: 2007-09-18
Relevant URL: http://www.securityfocus.com/bid/22772
Summary:
The 'tcpdump' utility is prone to a heap-based buffer-overflow vulnerability because it fails to bounds-check user-supplied input before copying it into an insufficiently sized memory buffer.

An attacker can exploit this issue to execute arbitrary malicious code in the context of the user running the affected application. Failed exploit attempts will likely crash the affected application.

This issue affects tcpdump 3.9.5 and prior versions.

59. tcpdump Print-bgp.C Remote Integer Underflow Vulnerability
BugTraq ID: 24965
Remote: Yes
Last Updated: 2007-09-18
Relevant URL: http://www.securityfocus.com/bid/24965
Summary:
The 'tcpdump' utility is prone to an integer-underflow vulnerability because it fails to bounds-check user-supplied input before copying it into an insufficiently sized memory buffer.

An attacker can exploit this issue to execute arbitrary malicious code in the context of the user running the affected application. Failed exploit attempts will likely crash the affected application.

This issue affects tcpdump 3.9.6 and prior versions.

60. SWsoft Plesk PLESKSESSID Parameter Multiple SQL Injection Vulnerabilities
BugTraq ID: 25646
Remote: Yes
Last Updated: 2007-09-18
Relevant URL: http://www.securityfocus.com/bid/25646
Summary:
Plesk is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in SQL queries.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Plesk 7.6.1, 8.1.0, 8.1.1, and 8.2.0 for Microsoft Windows are vulnerable; other versions running on different platforms may also be affected.

61. Shop-Script FREE Multiple Remote Vulnerabilities
BugTraq ID: 25695
Remote: Yes
Last Updated: 2007-09-18
Relevant URL: http://www.securityfocus.com/bid/25695
Summary:
Shop-Script FREE is prone to multiple remote vulnerabilities, including an authentication-bypass issue and multiple arbitrary-code-execution vulnerability.

An attacker can exploit these issues to gain administrative access to the application and execute arbitrary PHP code within the context of the webserver process.

This issue affects Shop-Script FREE 2.0; other versions may also be affected.

62. KwsPHP Sondages Module ID Parameter SQL Injection Vulnerability
BugTraq ID: 25700
Remote: Yes
Last Updated: 2007-09-18
Relevant URL: http://www.securityfocus.com/bid/25700
Summary:
KwsPHP is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

KwsPHP 1.0 is vulnerable; other versions may also be affected.

63. OpenOffice TIFF File Parser Multiple Integer Overflow Vulnerabilities
BugTraq ID: 25690
Remote: Yes
Last Updated: 2007-09-18
Relevant URL: http://www.securityfocus.com/bid/25690
Summary:
OpenOffice is prone to multiple remote integer-overflow vulnerabilities because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

Remote attackers may exploit these issues by enticing victims into opening maliciously crafted TIFF files.

An attacker can exploit these issues to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service.

64. Privatefirewall SSDT Hooks Multiple Local Vulnerabilities
BugTraq ID: 25712
Remote: No
Last Updated: 2007-09-18
Relevant URL: http://www.securityfocus.com/bid/25712
Summary:
Privatefirewall is prone to multiple local vulnerabilities.

Exploiting these vulnerabilities allows local attackers to crash affected computers, denying service to legitimate users. Attackers might also be able to gain elevated privileges by executing arbitrary machine code in the context of the kernel, but this has not been confirmed.

Privatefirewall 5.0.14.2 is vulnerable; other versions may also be affected.

65. Online Armor Personal Firewall SSDT Hooks Multiple Local Vulnerabilities
BugTraq ID: 25711
Remote: No
Last Updated: 2007-09-18
Relevant URL: http://www.securityfocus.com/bid/25711
Summary:
Online Armor Personal Firewall is prone to multiple local vulnerabilities.

Exploiting these vulnerabilities allows local attackers to crash affected computers, denying service to legitimate users. Attackers might also be able to gain elevated privileges by executing arbitrary machine code in the context of the kernel, but this has not been confirmed.

Online Armor Personal Firewall 2.0.1.125 is vulnerable; other versions may also be affected.

66. ktauber.com Styles Demo MOD for phpBB Multiple Input Validation Vulnerabilities
BugTraq ID: 25710
Remote: Yes
Last Updated: 2007-09-18
Relevant URL: http://www.securityfocus.com/bid/25710
Summary:
ktauber.com Styles Demo MOD for phpBB is prone to multiple input-validation vulnerabilities, including an SQL-injection issue and a cross-site scripting issue, because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.

Styles Demo MOD version 0.9.9 is vulnerable; other versions may also be affected.

67. MW6 Technologies QRCode ActiveX Control Multiple Arbitrary File Overwrite Vulnerabilities
BugTraq ID: 25702
Remote: Yes
Last Updated: 2007-09-18
Relevant URL: http://www.securityfocus.com/bid/25702
Summary:
MW6 Technologies QRCode ActiveX control is prone to multiple arbitrary-file-overwrite vulnerabilities.

Attackers can exploit these issues to overwrite arbitrary files on the victim's computer in the context of the vulnerable application using the ActiveX control (typically Internet Explorer).

QRCode ActiveX 3.0 is vulnerable; other versions may also be affected.

68. phpSyncML Base_Dir Parameter Multiple Remote File Include Vulnerabilities
BugTraq ID: 25701
Remote: Yes
Last Updated: 2007-09-18
Relevant URL: http://www.securityfocus.com/bid/25701
Summary:
phpSyncML is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

phpSyncML 0.1.2 is vulnerable; other versions may also be affected.

69. Python ImageOP Module Multiple Integer Overflow Vulnerabilities
BugTraq ID: 25696
Remote: Yes
Last Updated: 2007-09-17
Relevant URL: http://www.securityfocus.com/bid/25696
Summary:
Python's imageop module is prone to multiple integer-overflow vulnerabilities because it fails to properly bounds-check user-supplied input to ensure that integer operations do not overflow.

To successfully exploit these issues, an attacker must be able to control the arguments to imageop functions. Remote attackers may be able to do this, depending on the nature of applications that use the vulnerable functions.

Attackers would likely submit invalid or specially crafted images to applications that perform imageop operations on the data.

A successful exploit may allow attacker-supplied machine code to run in the context of affected applications, facilitating the remote compromise of computers.

70. Alcatel-Lucent OmniPCX Enterprise Remote Command Execution Vulnerability
BugTraq ID: 25694
Remote: Yes
Last Updated: 2007-09-17
Relevant URL: http://www.securityfocus.com/bid/25694
Summary:
Alcatel-Lucent OmniPCX Enterprise is prone to a remote command-execution vulnerability because it fails to adequately sanitize user-supplied data.

Attackers can exploit this issue to execute arbitrary commands with the privileges of the 'httpd' user. Successful attacks may facilitate a compromise of the application and underlying webserver; other attacks are also possible.

Alcatel-Lucent OmniPCX Enterprise R7.1 and prior versions are vulnerable to this issue.

71. Fcron Convert-FCronTab Directory Traversal Vulnerability
BugTraq ID: 25693
Remote: No
Last Updated: 2007-09-17
Relevant URL: http://www.securityfocus.com/bid/25693
Summary:
Fcron is prone to a directory-traversal vulnerability because it fails to adequately sanitize user-supplied data to 'convert-fcrontab'.

Attackers can exploit this issue via symbolic-link attacks to create or overwrite arbitrary files with superuser privileges.

Fcron 2.9.5 is vulnerable; other versions may also be affected.

72. Lighttpd Mod_FastCGI Request Headers Remote Buffer Overflow Vulnerability
BugTraq ID: 25622
Remote: Yes
Last Updated: 2007-09-17
Relevant URL: http://www.securityfocus.com/bid/25622
Summary:
Lighttpd is prone to a remote buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker may exploit this issue to execute arbitrary code within the context of the affected application or crash the application, denying service to legitimate users.

Lighttpd 1.4.17 is vulnerable; prior versions may also be affected.

73. Gelato CMS Index.PHP SQL Injection Vulnerability
BugTraq ID: 25677
Remote: Yes
Last Updated: 2007-09-17
Relevant URL: http://www.securityfocus.com/bid/25677
Summary:
Gelato CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

74. Omnistar Article Manager Article.PHP SQL Injection Vulnerability
BugTraq ID: 25692
Remote: Yes
Last Updated: 2007-09-17
Relevant URL: http://www.securityfocus.com/bid/25692
Summary:
Omnistar Article Manager is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.

75. Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
BugTraq ID: 24645
Remote: Yes
Last Updated: 2007-09-17
Relevant URL: http://www.securityfocus.com/bid/24645
Summary:
The Apache HTTP Server mod_status module is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

76. Rsync F_Name Off-By-One Buffer Overflow Vulnerability
BugTraq ID: 25336
Remote: Yes
Last Updated: 2007-09-17
Relevant URL: http://www.securityfocus.com/bid/25336
Summary:
The rsync utility is prone to an off-by-one buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input.

Successfully exploiting this issue may allow attackers to execute arbitrary code in the context of the affected utility.

This issue affects rsync 2.6.9; other versions may also be vulnerable.

77. PHP .Htaccess Safe_Mode and Open_Basedir Restriction-Bypass Vulnerability
BugTraq ID: 24661
Remote: Yes
Last Updated: 2007-09-17
Relevant URL: http://www.securityfocus.com/bid/24661
Summary:
PHP is prone to a 'safe_mode' and 'open_basedir' restriction-bypass vulnerability. Successful exploits could allow an attacker to write files in unauthorized locations.

These vulnerabilities would be an issue in shared-hosting configurations where multiple users can create and execute arbitrary PHP script code, with the 'safe_mode' and 'open_basedir' restrictions assumed to isolate the users from each other.

This issue is reported to affect PHP 5.2.3 and 4.4.7; previous versions may also be vulnerable.

78. ClamAV Popen Function Remote Code Execution Vulnerability
BugTraq ID: 25439
Remote: Yes
Last Updated: 2007-09-17
Relevant URL: http://www.securityfocus.com/bid/25439
Summary:
ClamAV is prone to a remote code-execution vulnerability because the application fails to properly sanitize user-supplied data.

An attacker can exploit this issue to execute arbitrary code with superuser privileges. Successfully exploiting this issue will result in the complete compromise of affected computers.

Versions prior to ClamAV 0.91.2 are vulnerable.

79. MIT Kerberos 5 KAdminD Server SVCAuth_GSS_Validate Stack Buffer Overflow Vulnerability
BugTraq ID: 25534
Remote: Yes
Last Updated: 2007-09-17
Relevant URL: http://www.securityfocus.com/bid/25534
Summary:
Kerberos 5 'kadmind' (Kerberos Administration Daemon) server is prone to a stack-based buffer-overflow vulnerability because the software fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code with superuser privileges. A successful attack can result in the complete compromise of the application. Failed attempts will likely result in denial-of-service conditions.

All 'kadmind' servers run on the master Kerberos server. Since the master server holds the KDC principal and policy database, an attack may not only compromise the affected computer, but could also compromise multiple hosts that use the server for authentication.

Kerberos 5 'kadmind' 1.4 through 1.6.2 are vulnerable; third-party applications using the affected RPC library are also affected.

80. ClamAV Multiple Remote Denial of Service Vulnerabilities
BugTraq ID: 25398
Remote: Yes
Last Updated: 2007-09-17
Relevant URL: http://www.securityfocus.com/bid/25398
Summary:
ClamAV is prone to multiple denial-of-service vulnerabilities.

A successful attack may allow an attacker to crash the application and deny service to users.

Versions prior to ClamAV 0.91.2 are vulnerable to these issues.

81. Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
BugTraq ID: 24215
Remote: Yes
Last Updated: 2007-09-17
Relevant URL: http://www.securityfocus.com/bid/24215
Summary:
Apache is prone to multiple denial-of-service vulnerabilities.

An attacker with the ability to execute arbitrary server-side script-code can exploit these issues to stop arbitrary services on the affected computer in the context of the master webserver process; other attacks may also be possible.

82. Joomla!12Pictures Component MosConfig_Live_Site Remote File Include Vulnerability
BugTraq ID: 25691
Remote: Yes
Last Updated: 2007-09-17
Relevant URL: http://www.securityfocus.com/bid/25691
Summary:
The Joomla!12Pictures component is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input.

Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

83. Vim HelpTags Command Remote Format String Vulnerability
BugTraq ID: 25095
Remote: Yes
Last Updated: 2007-09-17
Relevant URL: http://www.securityfocus.com/bid/25095
Summary:
Vim is prone to a remote format-string vulnerability because the application fails to properly sanitize user-supplied input before including it in the format-specifier argument of a formatted-printing function.

A remote attacker may execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts may cause denial-of-service conditions.

Vim 6.4 and 7.1 are vulnerable; other versions may also be affected.

84. Apache HTTP Server Mod_Cache Denial of Service Vulnerability
BugTraq ID: 24649
Remote: Yes
Last Updated: 2007-09-17
Relevant URL: http://www.securityfocus.com/bid/24649
Summary:
The Apache mod_cache module is prone to a denial-of-service vulnerability.

A remote attacker may be able to exploit this issue to crash the child process. This could lead to denial-of-service conditions if the server is using a multithreaded Multi-Processing Module (MPM).

85. TinyWebGallery Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 25689
Remote: Yes
Last Updated: 2007-09-17
Relevant URL: http://www.securityfocus.com/bid/25689
Summary:
TinyWebGallery is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

TinyWebGallery 1.6.3.4 is vulnerable to this issue; other versions may also be affected.

86. RemoteDocs R-Viewer Remote Code Execution and Information Disclosure Vulnerabilities
BugTraq ID: 25591
Remote: Yes
Last Updated: 2007-09-17
Relevant URL: http://www.securityfocus.com/bid/25591
Summary:
RemoteDocs R-Viewer is prone to an information-disclosure vulnerability and a remote code-execution vulnerability.

An attacker can exploit these issues to execute arbitrary code with the privileges of the user running the affected application and to gain access to sensitive information.

These issues affect R-Viewer 1.6.2836; prior versions may also be affected.

87. SimpCMS Index.PHP SQL Injection Vulnerability
BugTraq ID: 25688
Remote: Yes
Last Updated: 2007-09-17
Relevant URL: http://www.securityfocus.com/bid/25688
Summary:
SimpCMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

88. Linux Kernel Perfmon.c Local Denial of Service Vulnerability
BugTraq ID: 17482
Remote: No
Last Updated: 2007-09-17
Relevant URL: http://www.securityfocus.com/bid/17482
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability. This issue arises in 'perfmon.c' on ia64 platforms.

This vulnerability allows local users to crash the kernel, denying further service to legitimate users.

89. Linux Kernel CapiUtil.c Buffer Overflow Vulnerability
BugTraq ID: 23333
Remote: No
Last Updated: 2007-09-17
Relevant URL: http://www.securityfocus.com/bid/23333
Summary:
The Linux kernel is prone to a local buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before using into an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code with kernel-level privileges or cause the affected kernel to crash, denying service to legitimate users.

This issue affects versions 2.6.9 to 2.6.20 and the 'isdn4k-utils' utilities.

90. Media Player Classic Remote Malformed Video File Remote Denial of Service Vulnerability
BugTraq ID: 25686
Remote: Yes
Last Updated: 2007-09-17
Relevant URL: http://www.securityfocus.com/bid/25686
Summary:
Media Player Classic is prone to a remote denial-of-service vulnerability because the application fails to handle malformed video files.

Remote attackers can exploit this issue to crash the application. Reports indicate that attackers may also be able to execute code, but this has not been confirmed.

Media Player Classic 6.4.9.1 and prior versions are vulnerable.

91. PhotoChannel Networks Photo Upload Plugin ActiveX Control Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 25685
Remote: Yes
Last Updated: 2007-09-17
Relevant URL: http://www.securityfocus.com/bid/25685
Summary:
PhotoChannel Networks Photo Upload Plugin ActiveX control is prone to multiple buffer-overflow vulnerabilities because the software fails to perform adequate boundary-checks on user-supplied data.

Successfully exploiting these issues will allow an attacker to execute arbitrary code within the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts will result in a denial-of-service condition.

Versions prior to Photo Upload Plugin 2.0.0.10 are vulnerable.

92. Module jeuxflash for Kwsphp ID Parameter SQL Injection Vulnerability
BugTraq ID: 25658
Remote: Yes
Last Updated: 2007-09-17
Relevant URL: http://www.securityfocus.com/bid/25658
Summary:
Module jeuxflash for Kwsphp is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Module jeuxflash V1_0 is vulnerable; other versions may also be affected.

93. osCMax URL Cross-Site Scripting Vulnerability
BugTraq ID: 25684
Remote: Yes
Last Updated: 2007-09-17
Relevant URL: http://www.securityfocus.com/bid/25684
Summary:
osCMax is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

This issue affects osCMax 2.0.0-RC3-0-1; other versions may also be affected.

94. ewire Payment Client Command Execution Vulnerability
BugTraq ID: 25683
Remote: Yes
Last Updated: 2007-09-17
Relevant URL: http://www.securityfocus.com/bid/25683
Summary:
ewire Payment Client is prone to a vulnerability that allows attackers to execute arbitrary shell commands because the software fails to sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary shell commands on an affected computer with the privileges of the application using the affected class utility.

ewire Payment Client 1.60 and 1.70 are vulnerable to this issue.

95. Trolltech Qt QTextEdit Multiple Format String Vulnerabilities
BugTraq ID: 25154
Remote: Yes
Last Updated: 2007-09-17
Relevant URL: http://www.securityfocus.com/bid/25154
Summary:
Trolltech Qt is prone to multiple format-string vulnerabilities because it fails to securely display error messages.

Exploiting these issues can allow remote attackers to execute arbitrary code in the context of the application using the framework or to cause denial-of-service conditions.

These issues affect only Qt 3; other versions of Qt are not affected. Note that KDE and other applications that use the affected framework are inherently affected.

96. ISC BIND 9 Remote Cache Poisoning Vulnerability
BugTraq ID: 25037
Remote: Yes
Last Updated: 2007-09-17
Relevant URL: http://www.securityfocus.com/bid/25037
Summary:
BIND 9 is prone to a remote cache-poisoning vulnerability because of a weakness in its random number generator.

An attacker may leverage this issue to manipulate cache data, potentially facilitating man-in-the-middle, site-impersonation, or denial-of-service attacks.

Versions up to BIND 9.4.1 are vulnerable to this issue.

97. NetBSD Vga_allocattr Local Denial of Service Vulnerability
BugTraq ID: 25682
Remote: No
Last Updated: 2007-09-17
Relevant URL: http://www.securityfocus.com/bid/25682
Summary:
NetBSD is prone to a denial-of-service vulnerability.

A local attacker can exploit this issue to cause the kernel to crash, effectively denying service to legitimate users.

98. Chupix CMS download.php Arbitrary File Download Vulnerability
BugTraq ID: 25681
Remote: Yes
Last Updated: 2007-09-17
Relevant URL: http://www.securityfocus.com/bid/25681
Summary:
Chupix CMS is prone to an arbitrary-file-download vulnerability because the application fails to sufficiently sanitize user-supplied input.

An attacker can exploit this issue to download arbitrary files within the context of the webserver process. Information obtained may aid in further attacks.

This issue affects Chupix CMS 0.2.3; other versions may also be vulnerable.

99. Joomla! FlashFun Component mosConfig_live_site Remote File Include Vulnerability
BugTraq ID: 25680
Remote: Yes
Last Updated: 2007-09-17
Relevant URL: http://www.securityfocus.com/bid/25680
Summary:
The Joomla! FlashFun component is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input.

Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

100. GNU Tar Dot_Dot Function Remote Directory Traversal Vulnerability
BugTraq ID: 25417
Remote: Yes
Last Updated: 2007-09-17
Relevant URL: http://www.securityfocus.com/bid/25417
Summary:
GNU Tar is prone to a directory-traversal vulnerability because the application fails to validate user-supplied data.

A successful attack can allow the attacker to overwrite files on a computer in the context of the user running the affected application. Successful exploits may aid in further attacks.

III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Customers: TD Ameritrade failed to warn of breach
By: Robert Lemos
Numerous account holders complained over the past year that the consumer brokerage had sold or leaked e-mail addresses to pump-and-dump spammers.
http://www.securityfocus.com/news/11488

2. Max Vision charged with hacking -- again
By: Robert Lemos
Federal prosecutors charge former security consultant Max Butler, better known amongst security researchers as "Max Vision," alleging that he supplied and managed a ring of identity thieves.
http://www.securityfocus.com/news/11487

3. Embassy leaks highlight pitfalls of Tor
By: Robert Lemos
The security researcher that posted the e-mail addresses and passwords for 100 accounts at embassies and political groups reveals that he exploited the victims' incorrect usage of the Tor Project's anonymous Web surfing software.
http://www.securityfocus.com/news/11486

4. China on hot seat over alleged hacks
By: Robert Lemos
Twice in two weeks, the nation has been taken to task for breaching other nations' systems, but officials continue to deny the accusations.
http://www.securityfocus.com/news/11485

IV. SECURITY JOBS LIST SUMMARY
-------------------------------
1. [SJ-JOB] Security Engineer, Herndon
http://www.securityfocus.com/archive/77/479870

2. [SJ-JOB] Jr. Security Analyst, Arlington
http://www.securityfocus.com/archive/77/479866

3. [SJ-JOB] Security Engineer, Arlington
http://www.securityfocus.com/archive/77/479867

4. [SJ-JOB] Threat Analyst, Arlington
http://www.securityfocus.com/archive/77/479868

5. [SJ-JOB] Security Consultant, Montgomery
http://www.securityfocus.com/archive/77/479869

6. [SJ-JOB] Security Engineer, Chantilly
http://www.securityfocus.com/archive/77/479857

7. [SJ-JOB] Security Auditor, Arlington
http://www.securityfocus.com/archive/77/479858

8. [SJ-JOB] Senior Software Engineer, New York
http://www.securityfocus.com/archive/77/479859

9. [SJ-JOB] Quality Assurance, Atlanta
http://www.securityfocus.com/archive/77/479860

10. [SJ-JOB] Sr. Security Engineer, Scottsdale
http://www.securityfocus.com/archive/77/479862

11. [SJ-JOB] Security Engineer, Tucson
http://www.securityfocus.com/archive/77/479551

12. [SJ-JOB] Software Engineer, Mountain View
http://www.securityfocus.com/archive/77/479553

13. [SJ-JOB] Security Architect, Scottsdale
http://www.securityfocus.com/archive/77/479555

14. [SJ-JOB] Customer Support, Mountain View
http://www.securityfocus.com/archive/77/479543

15. [SJ-JOB] Principal Software Engineer, Mountain View
http://www.securityfocus.com/archive/77/479545

16. [SJ-JOB] Security Architect, Mountain View
http://www.securityfocus.com/archive/77/479546

17. [SJ-JOB] Sr. Security Engineer, Dallas
http://www.securityfocus.com/archive/77/479552

18. [SJ-JOB] Sales Engineer, Dallas
http://www.securityfocus.com/archive/77/479542

19. [SJ-JOB] Manager, Information Security, boca raton
http://www.securityfocus.com/archive/77/479541

20. [SJ-JOB] Director, Information Security, Denver
http://www.securityfocus.com/archive/77/479531

21. [SJ-JOB] VP of Marketing, Los Angeles
http://www.securityfocus.com/archive/77/479533

22. [SJ-JOB] Security Architect, Denver
http://www.securityfocus.com/archive/77/479534

23. [SJ-JOB] Sales Representative, Chicago
http://www.securityfocus.com/archive/77/479535

24. [SJ-JOB] VP of Regional Sales, San Mateo
http://www.securityfocus.com/archive/77/479536

25. [SJ-JOB] Sales Engineer, Los Angeles
http://www.securityfocus.com/archive/77/479529

26. [SJ-JOB] Software Engineer, Austin
http://www.securityfocus.com/archive/77/479530

27. [SJ-JOB] Software Engineer, Austin
http://www.securityfocus.com/archive/77/479537

28. [SJ-JOB] Technology Risk Consultant, Seattle
http://www.securityfocus.com/archive/77/479527

29. [SJ-JOB] Sales Engineer, San Mateo
http://www.securityfocus.com/archive/77/479528

30. [SJ-JOB] Sr. Security Analyst, Tempe
http://www.securityfocus.com/archive/77/479509

31. [SJ-JOB] Security System Administrator, New York
http://www.securityfocus.com/archive/77/479517

32. [SJ-JOB] Sr. Security Analyst, London
http://www.securityfocus.com/archive/77/479510

33. [SJ-JOB] Sr. Security Analyst, Manama
http://www.securityfocus.com/archive/77/479511

34. [SJ-JOB] Developer, ATLANTA
http://www.securityfocus.com/archive/77/479518

35. [SJ-JOB] Security System Administrator, London
http://www.securityfocus.com/archive/77/479519

36. [SJ-JOB] Security Engineer, Lexington Park
http://www.securityfocus.com/archive/77/479508

37. [SJ-JOB] Security Architect, Valley Forge
http://www.securityfocus.com/archive/77/479512

38. [SJ-JOB] Technology Risk Consultant, San Francisco
http://www.securityfocus.com/archive/77/479516

39. [SJ-JOB] Manager, Information Security, London
http://www.securityfocus.com/archive/77/479520

40. [SJ-JOB] Security Consultant, New York
http://www.securityfocus.com/archive/77/479482

41. [SJ-JOB] Sales Engineer, New York
http://www.securityfocus.com/archive/77/479501

42. [SJ-JOB] Security Engineer, Washington D.C.
http://www.securityfocus.com/archive/77/479480

43. [SJ-JOB] Security Consultant, Dubai
http://www.securityfocus.com/archive/77/479481

44. [SJ-JOB] Manager, Information Security, New York
http://www.securityfocus.com/archive/77/479505

45. [SJ-JOB] Quality Assurance, Seattle
http://www.securityfocus.com/archive/77/479483

46. [SJ-JOB] Security Engineer, Carpinteria
http://www.securityfocus.com/archive/77/479502

47. [SJ-JOB] Security System Administrator, Boulder
http://www.securityfocus.com/archive/77/479479

48. [SJ-JOB] Security Researcher, Cupertino
http://www.securityfocus.com/archive/77/479503

49. [SJ-JOB] Security Consultant, New York
http://www.securityfocus.com/archive/77/479504

V. INCIDENTS LIST SUMMARY
---------------------------
VI. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
1. Uninformed Journal Release Announcement: Volume 8
http://www.securityfocus.com/archive/82/479865

VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #359
http://www.securityfocus.com/archive/88/479220

VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
X. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

XI. SPONSOR INFORMATION
------------------------
This Issue is Sponsored by: Symantec Endpoint Protection

_______________________

Prepare Your Environment for the Next Generation AntiVirus

For a limited time, Symantec Endpoint Protection 11.0 is ready for testing in your own environment. This revolutionary solution includes new, updated versions of Symantec's industry leading solutions-Antivirus, Antispyware, Client Firewall, Intrusion Prevention, and Device Control-now in a single deployable agent.
http://www4.symantec.com/Vrt/offer?_requestid=481493&a_id=42133&

No comments:

Blog Archive