News

Friday, October 12, 2007

SecurityFocus Newsletter #422

SecurityFocus Newsletter #422
----------------------------------------

This issue is Sponsored by: SPI Dynamics

ALERT: Ajax Security Dangers- How Hackers are attacking Ajax Web Apps
While Ajax can greatly improve the usability of a Web application, it can also
create several opportunities for possible attack if the application is not
designed with security in mind. Download this SPI Dynamics white paper.

https://download.spidynamics.com/1/ad/AJAX.asp?Campaign_ID=70160000000D4Kl


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.Of Hackers and Ego
2.Passive Network Analysis
II. BUGTRAQ SUMMARY
1. Joomla! Flash Uploader mosConfig_Absolute_Path Multiple Remote File Include Vulnerabilities
2. TikiWiki Tiki-Graph_Formula.PHP Code Injection Vulnerability
3. Joomla! JContentSubscription MosConfig_Absolute_Path Multiple Remote File Include Vulnerabilities
4. Kaspersky Online Scanner KAVWebScan.DLL ActiveX Control Format String Vulnerability
5. X.Org X Font Server Multiple Memory Corruption Vulnerabilities
6. Webmaster-Tips.net Joomla! RSS Feed Reader Remote File Include Vulnerability
7. CMS Made Simple 1.1.3.1 Multiple Remote Vulnerabilities
8. ViArt Shop Ideal_Process.PHP Directory Traversal Vulnerability
9. Microsoft Windows RPC NTLMSSP Remote Denial Of Service Vulnerability
10. Multiple Browser URI Handlers Command Injection Vulnerabilities
11. rPath Linux Initscripts /VAR/LOG/BTMP File Local Information Disclosure Vulnerability
12. Adobe PageMaker MAIPM6.dll Long Font Name Buffer Overflow Vulnerability
13. BT Home Hub and Thomson/Alcatel Speedtouch 7G Multiple Vulnerabilities
14. Cisco IOS Multiple Unspecified Stack Overflow Vulnerabilities
15. Microsoft ASP.NET URI Canonicalization Unauthorized Web Access Vulnerability
16. Retired: MODx mutate_content.dymanic.php Multiple SQL Injection Vulnerabilities
17. LightBlog Privilege Escalation and Arbitrary File Upload Vulnerabilities
18. ISC BIND 8 Remote Cache Poisoning Vulnerability
19. Microsoft Expression Media Plaintext Password Storage Weakness
20. Sun Solaris Trusted Extensions labeld Service Local Denial of Service Vulnerabilities
21. Sun Solaris Virtual File System Local Denial of Service Vulnerability
22. FreeType LWFN Files Buffer Overflow Vulnerability
23. ELinks HTTPS POST Request Information Disclosure Weakness
24. KDE KPDF/KWord/XPDF StreamPredictor Function Stack Buffer Overflow Vulnerability
25. Interstage Application Server Web Root Path Disclosure Vulnerability
26. AOL Instant Messenger Notification Window Remote Script Code Execution Vulnerability
27. boastMachine Index.PHP Local File Include Vulnerability
28. Linkliste Index.PHP Multiple Remote File Include Vulnerabilities
29. OpenH323 Opal SIP Protocol Remote Denial of Service Vulnerability
30. FLAC libFLAC Multiple Unspecified Integer Overflow Vulnerabilities
31. Scott Manktelow Design Stride 1.0 Merchant Shop.PHP SQL Injection Vulnerability
32. Scott Manktelow Design Stride 1.0 Content Management System Main.PHP SQL Injection Vulnerability
33. Site-UP Index.CGI Multiple Cross-Site Scripting Vulnerabilities
34. Google Urchin Report.CGI Authorization Bypass Vulnerability
35. Scott Manktelow Design Stride 1.0 Courses Detail.PHP Multiple SQL Injection Vulnerabilities
36. PicoFlat CMS Index.PHP Remote File Include Vulnerability
37. OpenSSL SSL_Get_Shared_Ciphers Off-by-One Buffer Overflow Vulnerability
38. Nucleus CMS Index.PHP Cross-Site Scripting Vulnerability
39. UMI CMS Index.PHP Cross-Site Scripting Vulnerability
40. OpenSSL Montgomery Exponentiation Side-Channel Local Information Disclosure Vulnerability
41. LibTIFF EstimateStripByteCounts() Denial of Service Vulnerability
42. LibTIFF Next RLE Decoder Remote Heap Buffer Overflow Vulnerability
43. LibTIFF PixarLog Decoder Remote Heap Buffer Overflow Vulnerability
44. LibTIFF TiffScanLineSize Remote Buffer Overflow Vulnerability
45. Mozilla Firefox, SeaMonkey, Camino, and Thunderbird Multiple Remote Vulnerabilities
46. LibTIFF tiff2pdf Remote Buffer Overflow Vulnerability
47. Wesnoth Client UTF-8 Remote Denial of Service Vulnerability
48. CRS Manager Multiple Remote File Include Vulnerabilities
49. Joomla! Search Component SearchWord Cross-Site Scripting Vulnerability
50. HP Linux Imaging and Printing System HSSPD.PY Daemon Arbitrary Command Execution Vulnerability
51. KwsPHP Newsletter Module SQL Injection Vulnerability
52. Computer Associates BrightStor ARCserve Backup Unspecified Remote Code Execution Vulnerability
53. ActiveKB NX Index.PHP Cross-Site Scripting Vulnerability
54. Pindorama Client.php Remote File Include Vulnerability
55. WebDesktop Multiple Remote File Include Vulnerabilities
56. NuSEO Nuseo_Admin_D.PHP Remote File Include Vulnerability
57. Computer Associates BrightStor ARCserve Backup mediasvr caloggerd Denial Of Service Vulnerabilities
58. Computer Associates BrightStor ARCserve Backup Multiple Remote Vulnerabilities
59. CA BrightStor ARCserve Backup Memory Corruption Remote Code Execution Vulnerabilities
60. Tcl/Tk ReadImage Buffer Overflow Vulnerability
61. Libvorbis Denial Of Service And Memory Corruption Vulnerabilities
62. Microsoft Outlook Express And Windows Mail NNTP Protocol Heap Buffer Overflow Vulnerability
63. VMware Virtual Disk Mount Service Reconfig.DLL Denial Of Service Vulnerability
64. Microsoft Windows URI Handler Command Execution Vulnerability
65. Mozilla Firefox 2.0.0.6 Unspecified Protocol Handling Command Injection Vulnerability
66. PHP ionCube Loader Extension Safe_Mode and Disable_Functions Restriction Bypass Vulnerability
67. Microsoft Internet Explorer OnBeforeUnload Javascript Browser Entrapment Vulnerability
68. Microsoft Internet Explorer Script Error Handling Memory Corruption Vulnerability
69. Microsoft Internet Explorer Address Bar Spoofing Vulnerability
70. Microsoft Internet Explorer OnUnload Javascript Browser Entrapment Vulnerability
71. Microsoft Windows Kodak Image Viewer Remote Code Execution Vulnerability
72. Php-Stats Multiple Input Validation Vulnerabilities
73. HP Select Identity Unspecified Remote Unauthorized Access Vulnerability
74. Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
75. Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
76. phpMyAdmin Setup.PHP Cross-Site Scripting Vulnerability
77. cpDynaLinks Category.PHP SQL Injection Vulnerability
78. Sun Solaris 10 Auditing BSM Unspecified Local Denial Of Service Vulnerability
79. OpenBSD DHCPD Server Remote Stack Corruption Vulnerability
80. Cisco IOS LPD Remote Buffer Overflow Vulnerability
81. Cisco Wireless Control System Insecure Password Vulnerability
82. LibTIFF TIFFFindFieldInfo Remote Buffer Overflow Vulnerability
83. util-linux mount umount Local Privilege Escalation Vulnerability
84. MySQL Access Validation and Denial of Service Vulnerabilities
85. MySQL Rename Table Function Access Validation Vulnerability
86. MySQL IF Query Handling Remote Denial Of Service Vulnerability
87. RETIRED: Microsoft Office 2000 and XP Unspecified Word Document Handling DoS Vulnerability
88. Eggdrop Server Module Message Handling Remote Buffer Overflow Vulnerability
89. G DATA Antivirus 2007 ScanObjectBrowser.DLL ActiveX Control Buffer Overflow Weakness
90. Sun Solaris I_PEEK IOCTL Handler Local Information Disclosure Vulnerability
91. Computer Associates eTrust ITM (Threat Manager) Web Console URI Redirection Vulnerability
92. Computer Associates ERwin Process Modeler Data Standards File Remote Denial of Service Vulnerability
93. EMC RepliStor Server Service recv() Buffer Overflow Vulnerability
94. Computer Associates Threat Manager Remote Information Disclosure Vulnerability
95. IBM DB2 Universal Database Buffer Overflow and Multiple Denial of Service Vulnerabilities
96. Firebird Process_Packet Remote Buffer Overflow Vulnerability
97. 3Com OfficeConnect Wireless Cable/DSL Router Unauthorized Remote Administration Vulnerability
98. Asterisk IMAP-Specific Voicemail Multiple Buffer Overflow Vulnerabilities
99. Microsoft Word Workspace Memory Corruption Remote Code Execution Vulnerability
100. Mambo/Joomla! MP3 Allopass MosConfig_Absolute_Path Multiple Remote File Include Vulnerabilities
III. SECURITYFOCUS NEWS
1. Retailers look to exorcise credit-card data
2. DHS, Unisys scrutinized after data breach
3. Customers: TD Ameritrade failed to warn of breach
4. Max Vision charged with hacking -- again
IV. SECURITY JOBS LIST SUMMARY
1. [SJ-JOB] Quality Assurance, Mountain View
2. [SJ-JOB] Security Engineer, Washington
3. [SJ-JOB] Application Security Engineer, Boston
4. [SJ-JOB] Security Engineer, Baltimore
5. [SJ-JOB] Customer Service, Mountain View
6. [SJ-JOB] Database Security Engineer, King of Prussia
7. [SJ-JOB] Application Security Engineer, Denver
8. [SJ-JOB] Security Engineer, Carpinteria
9. [SJ-JOB] Security Engineer, Atlanta
10. [SJ-JOB] Security Consultant, Charlotte
11. [SJ-JOB] Security Consultant, Charlotte
12. [SJ-JOB] Security Architect, Woodbridge
13. [SJ-JOB] Technical Marketing Engineer, Berkshire
14. [SJ-JOB] Sr. Security Engineer, Edison
15. [SJ-JOB] VP, Information Security, Berkshire
16. [SJ-JOB] Application Security Engineer, Houston
17. [SJ-JOB] Director, Information Security, Fairfax (Metro Area)
18. [SJ-JOB] Director, Information Security, Herndon
19. [SJ-JOB] Security Product Marketing Manager, Hopkinton
20. [SJ-JOB] Security Consultant, Singapore
21. [SJ-JOB] Sales Engineer, Boston
22. [SJ-JOB] Sr. Security Engineer, Chicago Area
23. [SJ-JOB] Security Consultant, Atlanta
24. [SJ-JOB] Information Assurance Analyst, New York
25. [SJ-JOB] Software Engineer, Mountain View
26. [SJ-JOB] Certification & Accreditation Engineer, Chantilly
V. INCIDENTS LIST SUMMARY
VI. VULN-DEV RESEARCH LIST SUMMARY
1. IRM Demonstrates Multiple Cisco IOS Exploitation Techniques
2. Black Hat Tokyo + DC and Europe CfPs now open.
VII. MICROSOFT FOCUS LIST SUMMARY
VIII. SUN FOCUS LIST SUMMARY
IX. LINUX FOCUS LIST SUMMARY
1. Linux Hardening
X. UNSUBSCRIBE INSTRUCTIONS
XI. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.Of Hackers and Egos
By Don Parker
The world of computer security can often be a strange and compelling one. Many outsiders, or those with little knowledge of computers, just don't understand the whole uproar over various issues, such as whether Microsoft Vista is more secure then Linux or Mac. It's all moot as far as the general population is concerned. But, for those of use who work in the industry, it is just more grist for the mill.
http://www.securityfocus.com/columnists/454

2.Passive Network Analysis
By Stephen Barish
In sports, it's pretty much accepted wisdom that home teams have the advantage; that's why teams with winning records on the road do so well in the playoffs. But for some reason we rarely think about "the home field advantage" when we look at defending our networks.

http://www.securityfocus.com/infocus/1894


II. BUGTRAQ SUMMARY
--------------------
1. Joomla! Flash Uploader mosConfig_Absolute_Path Multiple Remote File Include Vulnerabilities
BugTraq ID: 26044
Remote: Yes
Last Updated: 2007-10-12
Relevant URL: http://www.securityfocus.com/bid/26044
Summary:
The Joomla! Flash Uploader component is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied input.

Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

2. TikiWiki Tiki-Graph_Formula.PHP Code Injection Vulnerability
BugTraq ID: 26006
Remote: Yes
Last Updated: 2007-10-12
Relevant URL: http://www.securityfocus.com/bid/26006
Summary:
TikiWiki is prone to a remote PHP code-injection vulnerability.

An attacker can exploit this issue to inject and execute arbitrary malicious PHP code in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks are also possible.

TikiWiki 1.9.8 is vulnerable; other versions may also be affected.

3. Joomla! JContentSubscription MosConfig_Absolute_Path Multiple Remote File Include Vulnerabilities
BugTraq ID: 26003
Remote: Yes
Last Updated: 2007-10-11
Relevant URL: http://www.securityfocus.com/bid/26003
Summary:
JContentSubscription is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues may allow an attacker to compromise the application and the underlying webserver; other attacks are also possible.

These issues affect JContentSubscription 1.5.8; other versions may also be vulnerable.

4. Kaspersky Online Scanner KAVWebScan.DLL ActiveX Control Format String Vulnerability
BugTraq ID: 26004
Remote: Yes
Last Updated: 2007-10-11
Relevant URL: http://www.securityfocus.com/bid/26004
Summary:
The Kaspersky Online Scanner ActiveX control is prone to a remote format-string vulnerability because it fails to properly sanitize user-supplied data that contains format specifiers.

A successful attack will allow the attacker to execute arbitrary code in the context of an application using the control (typically Internet Explorer).

Kaspersky Online Scanner 5.0.93.1 and prior versions are vulnerable.

5. X.Org X Font Server Multiple Memory Corruption Vulnerabilities
BugTraq ID: 25898
Remote: Yes
Last Updated: 2007-10-11
Relevant URL: http://www.securityfocus.com/bid/25898
Summary:
X.Org X Font Server (XFS) is prone to multiple memory-corruption vulnerabilities, including an integer-overflow issue and a heap-based memory-corruption issue.

An attacker could exploit this issue to execute arbitrary code with the privileges of the X Font Server. Failed exploit attempts will likely result in a denial-of-service condition.

NOTE: These issues are exploitable remotely only on Solaris operating systems; by default the server is listening on TCP port 7100. For other UNIX-like operating systems, an attacker can exploit these issues only locally.

These issues affect X Font Server 1.0.4; prior versions may also be affected.

6. Webmaster-Tips.net Joomla! RSS Feed Reader Remote File Include Vulnerability
BugTraq ID: 25999
Remote: Yes
Last Updated: 2007-10-11
Relevant URL: http://www.securityfocus.com/bid/25999
Summary:
Webmaster-Tips.net Joomla! RSS Feed Reader is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input.

Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

7. CMS Made Simple 1.1.3.1 Multiple Remote Vulnerabilities
BugTraq ID: 25997
Remote: Yes
Last Updated: 2007-10-11
Relevant URL: http://www.securityfocus.com/bid/25997
Summary:
CMS Made Simple is prone to multiple remote vulnerabilities including:

- An arbitrary PHP code-execution vulnerability.
- Multiple unauthorized-access vulnerabilities.
- Two cross-site scripting vulnerabilities
- 13 fullpath-disclosure vulnerabilities.

An attacker can exploit these issues to compromise the affected application, execute arbitrary PHP code with the privileges of the webserver process, steal cookie-based authentication credentials, and obtain sensitive information.

These issues affect CMS Made Simple 1.1.3.1; prior versions may also be affected.

8. ViArt Shop Ideal_Process.PHP Directory Traversal Vulnerability
BugTraq ID: 25998
Remote: Yes
Last Updated: 2007-10-11
Relevant URL: http://www.securityfocus.com/bid/25998
Summary:
ViArt Shop is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data.

Exploiting this issue may allow an attacker to access sensitive information that could aid in further attacks.

Versions prior to ViArt Shop 3.3 are vulnerable; other versions may also be affected.

9. Microsoft Windows RPC NTLMSSP Remote Denial Of Service Vulnerability
BugTraq ID: 25974
Remote: Yes
Last Updated: 2007-10-11
Relevant URL: http://www.securityfocus.com/bid/25974
Summary:
Microsoft Windows is prone to a remote denial-of-service vulnerability because it fails to adequately handle specially crafted RPC packets.

Attackers can exploit this issue to cause an affected computer to stop responding or to restart. Successful attacks will deny service to legitimate users.

10. Multiple Browser URI Handlers Command Injection Vulnerabilities
BugTraq ID: 25053
Remote: Yes
Last Updated: 2007-10-11
Relevant URL: http://www.securityfocus.com/bid/25053
Summary:
Multiple browsers are prone to vulnerabilities that let attackers inject commands through various protocol handlers.

Exploiting these issues allows remote attackers to pass and execute arbitrary commands and arguments through processes such as 'cmd.exe' by employing various URI handlers.

An attacker can exploit these issues to carry out various attacks by executing arbitrary commands on a vulnerable computer.

Exploiting these issues would permit remote attackers to influence command options that can be called through protocol handlers and to execute commands with the privileges of a user running the application. Successful attacks may result in a variety of consequences, including remote unauthorized access.

Mozilla Firefox 2.0.0.5, 3.0a6 and Netscape Navigator 9 are reported vulnerable to these issues. Other versions of these browsers and other vendors' browsers may also be affected.

11. rPath Linux Initscripts /VAR/LOG/BTMP File Local Information Disclosure Vulnerability
BugTraq ID: 26048
Remote: No
Last Updated: 2007-10-11
Relevant URL: http://www.securityfocus.com/bid/26048
Summary:
rPath Linux is prone to a local information-disclosure vulnerability.
The issue is due to incorrect file permissions being set on the '/var/log/btmp' file by scripts from the initscripts package.

Attackers can leverage this issue to gain valuable information to construct valid login credentials.

This issue affects rPath Linux 1; other versions may also be affected.

12. Adobe PageMaker MAIPM6.dll Long Font Name Buffer Overflow Vulnerability
BugTraq ID: 25989
Remote: Yes
Last Updated: 2007-10-10
Relevant URL: http://www.securityfocus.com/bid/25989
Summary:
Adobe PageMaker is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker could exploit this issue to crash affected applications, deny service to legitimate users, or take over the system. A vendor-supplied fix is available.

This issue affects PageMaker 7.0.1 and 7.0.2; other versions may also be affected.

13. BT Home Hub and Thomson/Alcatel Speedtouch 7G Multiple Vulnerabilities
BugTraq ID: 25972
Remote: Yes
Last Updated: 2007-10-10
Relevant URL: http://www.securityfocus.com/bid/25972
Summary:
BT Home Hub and Thomson/Alcatel Speedtouch 7G routers are prone to multiple web-interface vulnerabilities.

Successful exploits will allow attackers to:

- Access administrative functionality
- Completely compromise vulnerable devices
- Gain direct access to the private network
- Steal WEP/WPA encryption keys
- Perform denial-of-service attacks
- Perform cross-site scripting attacks
- Perform cross-site request-forgery attacks
- Change DNS configurations
- Eavesdrop on and manipulate VOIP traffic
- Escalate privileges

Other attacks are possible.


NOTE: Thomson/Alcatel Speedtouch 7G routers have been reported vulnerable only to cross-site scripting and similar attacks. The Thomson/Alcatel Speedtouch is reportedly not affected by the primary authentication-bypass issue affecting the BT Home Hub.

These issues affect the BT Home Hub and Thomson/Alcatel Speedtouch 7G routers. Specific models or firmware versions have not been disclosed.

14. Cisco IOS Multiple Unspecified Stack Overflow Vulnerabilities
BugTraq ID: 25994
Remote: No
Last Updated: 2007-10-10
Relevant URL: http://www.securityfocus.com/bid/25994
Summary:
Cisco IOS is prone to multiple unspecified stack-overflow vulnerabilities.

A successful attack may allow the attacker to execute arbitrary code and gain unauthorized access to the device. The attacker can also leverage this issue to cause an affected device to reload, denying service to legitimate users.

The researchers responsible for these discoveries have stated that there are numerous other IOS security issues that will be released in the near future.

NOTE: Judging by the limited information in the security advisory that induced this alert, we assume that all of Cisco IOS 12.x and IOS XR versions are affected by these issues. We cannot verify this at this time. We will update this information when more details emerge.

15. Microsoft ASP.NET URI Canonicalization Unauthorized Web Access Vulnerability
BugTraq ID: 11342
Remote: Yes
Last Updated: 2007-10-10
Relevant URL: http://www.securityfocus.com/bid/11342
Summary:
Microsoft ASP.NET is reported prone to a remote information-disclosure vulnerability because the application fails to properly secure documents when handling malformed URI requests.

An attacker may leverage this issue to bypass authentication required to access files in secured directories.

16. Retired: MODx mutate_content.dymanic.php Multiple SQL Injection Vulnerabilities
BugTraq ID: 25983
Remote: Yes
Last Updated: 2007-10-10
Relevant URL: http://www.securityfocus.com/bid/25983
Summary:
MODx is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

These issues affect MODx 0.9.6; other versions may also be affected.

NOTE: Further analysis indicates that this issue requires administrative privileges. Therefore, this BID is being retired.

17. LightBlog Privilege Escalation and Arbitrary File Upload Vulnerabilities
BugTraq ID: 25990
Remote: Yes
Last Updated: 2007-10-10
Relevant URL: http://www.securityfocus.com/bid/25990
Summary:
LightBlog is prone to multiple vulnerabilities including a privilege-escalation issue and an arbitrary-file-upload issue.

Remote attackers can exploit these issues to gain administrative access to the affected application and to execute arbitrary commands with the privileges of the webserver process.

These issues affect LightBlog 8.4.1.1; other versions may also be affected.

18. ISC BIND 8 Remote Cache Poisoning Vulnerability
BugTraq ID: 25459
Remote: Yes
Last Updated: 2007-10-10
Relevant URL: http://www.securityfocus.com/bid/25459
Summary:
BIND 8 is prone to a remote cache-poisoning vulnerability because of weaknesses in its random-number generator.

An attacker may leverage this issue to manipulate cache data, potentially facilitating man-in-the-middle, site-impersonation, or denial-of-service attacks.

Versions of BIND from 8.2.0 through to 8.4.7 are vulnerable to this issue.

19. Microsoft Expression Media Plaintext Password Storage Weakness
BugTraq ID: 25996
Remote: No
Last Updated: 2007-10-10
Relevant URL: http://www.securityfocus.com/bid/25996
Summary:
Microsoft Expression Media is prone to a weakness because passwords are stored in plain-text format. This issue stems from a design error in the catalog password-protection feature.

Attackers could use this issue in conjunction with other vulnerabilities in a host to gain access to user authentication credentials. This poses an additional risk since users may recycle credentials across multiple services.

20. Sun Solaris Trusted Extensions labeld Service Local Denial of Service Vulnerabilities
BugTraq ID: 25993
Remote: No
Last Updated: 2007-10-10
Relevant URL: http://www.securityfocus.com/bid/25993
Summary:
Sun Solaris is prone to multiple local denial-of-service vulnerabilities that stem from unspecified errors in Solaris Trusted Extensions 'labeld' label daemon. Local attackers may exploit these issues to deny service to legitimate users.

These versions are affected:

Solaris 10 x86
Solaris 10 SPARC

21. Sun Solaris Virtual File System Local Denial of Service Vulnerability
BugTraq ID: 25992
Remote: No
Last Updated: 2007-10-10
Relevant URL: http://www.securityfocus.com/bid/25992
Summary:
Sun Solaris is prone to a local denial-of-service vulnerability that stems from an unspecified error in the Virtual File System. Local attackers may exploit this issue to deny service to legitimate users.

The following versions are affected:

Solaris 10 x86
Solaris 10 SPARC

22. FreeType LWFN Files Buffer Overflow Vulnerability
BugTraq ID: 18034
Remote: Yes
Last Updated: 2007-10-10
Relevant URL: http://www.securityfocus.com/bid/18034
Summary:
FreeType is prone to a buffer-overflow vulnerability because of an integer overflow that causes a buffer to be overrun with attacker-supplied data.

Exploiting this issue allows remote attackers to execute arbitrary machine code in the context of applications that use the affected library. Failed exploit attempts will likely crash applications, denying service to legitimate users.

Versions prior to FreeType 2.2.1 are vulnerable.

23. ELinks HTTPS POST Request Information Disclosure Weakness
BugTraq ID: 25799
Remote: Yes
Last Updated: 2007-10-10
Relevant URL: http://www.securityfocus.com/bid/25799
Summary:
ELinks is prone to an information disclosure weakness.

In certain circumstances, the application may not encrypt HTTP POST data sent to servers using SSL.

This issue creates a false sense of security for a user because they may assume that sensitive data is being encrypted before it is sent to the remote server.

Versions prior to ELinks 0.11.3 are vulnerable to this issue.

24. KDE KPDF/KWord/XPDF StreamPredictor Function Stack Buffer Overflow Vulnerability
BugTraq ID: 25124
Remote: Yes
Last Updated: 2007-10-10
Relevant URL: http://www.securityfocus.com/bid/25124
Summary:
KDE kpdf, kword, and xpdf are prone to a stack-based buffer-overflow vulnerability because the applications fail to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application or cause the affected application to crash, denying service to legitimate users.

25. Interstage Application Server Web Root Path Disclosure Vulnerability
BugTraq ID: 25988
Remote: Yes
Last Updated: 2007-10-10
Relevant URL: http://www.securityfocus.com/bid/25988
Summary:
Interstage Application Server is prone to a path-disclosure vulnerability.

Exploiting this issue can allow an attacker to access sensitive data that may be used to launch further attacks against a vulnerable computer.

26. AOL Instant Messenger Notification Window Remote Script Code Execution Vulnerability
BugTraq ID: 25659
Remote: Yes
Last Updated: 2007-10-10
Relevant URL: http://www.securityfocus.com/bid/25659
Summary:
AOL Instant Messenger is prone to a remote script-code-execution vulnerability.

An attacker may leverage this issue to execute arbitrary script code in the notification window of an unsuspecting user. This may help the attacker launch other attacks.

27. boastMachine Index.PHP Local File Include Vulnerability
BugTraq ID: 26032
Remote: Yes
Last Updated: 2007-10-12
Relevant URL: http://www.securityfocus.com/bid/26032
Summary:
boastMachine is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

Exploiting this issue may allow an unauthorized user to view files and execute local scripts.

boastMachine 2.8 is vulnerable to this issue; other versions may also be affected.

28. Linkliste Index.PHP Multiple Remote File Include Vulnerabilities
BugTraq ID: 26045
Remote: Yes
Last Updated: 2007-10-12
Relevant URL: http://www.securityfocus.com/bid/26045
Summary:
Linkliste is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

Linkliste 1.2 is reportedly vulnerable to these issues; other versions may also be affected.

29. OpenH323 Opal SIP Protocol Remote Denial of Service Vulnerability
BugTraq ID: 25955
Remote: Yes
Last Updated: 2007-10-12
Relevant URL: http://www.securityfocus.com/bid/25955
Summary:
OpenH323 is prone to a remote denial-of-service vulnerability because of memory mismanagement when handling user-supplied data.

Successfully exploiting this issue allows remote attackers to deny service to legitimate users.

This issue affects OpenH323 2.2.4; earlier versions may also be vulnerable. Applications using the affected library may also be vulnerable.

30. FLAC libFLAC Multiple Unspecified Integer Overflow Vulnerabilities
BugTraq ID: 26042
Remote: Yes
Last Updated: 2007-10-12
Relevant URL: http://www.securityfocus.com/bid/26042
Summary:
FLAC (Free Lossless Audio Codec) is prone to multiple remote integer-overflow vulnerabilities because the application fails to bounds-check user-supplied data before allocating memory.

Remote attackers may exploit these issues by enticing victims into opening maliciously crafted FLAC files.

An attacker can exploit these issues to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service.

FLAC 1.2.0 is vulnerable; other versions may also be affected.

NOTE: Applications that include the affected libFLAC library are also affected.

31. Scott Manktelow Design Stride 1.0 Merchant Shop.PHP SQL Injection Vulnerability
BugTraq ID: 26046
Remote: Yes
Last Updated: 2007-10-12
Relevant URL: http://www.securityfocus.com/bid/26046
Summary:
Scott Manktelow Design Stride 1.0 Merchant is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

32. Scott Manktelow Design Stride 1.0 Content Management System Main.PHP SQL Injection Vulnerability
BugTraq ID: 26041
Remote: Yes
Last Updated: 2007-10-12
Relevant URL: http://www.securityfocus.com/bid/26041
Summary:
Scott Manktelow Design Stride 1.0 Content Management System is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

33. Site-UP Index.CGI Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 26040
Remote: Yes
Last Updated: 2007-10-12
Relevant URL: http://www.securityfocus.com/bid/26040
Summary:
Site-UP is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

These issues affect Site-UP 2.64; other versions may also be vulnerable.

34. Google Urchin Report.CGI Authorization Bypass Vulnerability
BugTraq ID: 26037
Remote: Yes
Last Updated: 2007-10-12
Relevant URL: http://www.securityfocus.com/bid/26037
Summary:
Google Urchin is prone to an authentication-bypass vulnerability.

An attacker can exploit this issue to gain administrative access to the vulnerable application. This may lead to other attacks.

Urchin 5.7.03 is vulnerable to this issue; other versions may also be affected.

35. Scott Manktelow Design Stride 1.0 Courses Detail.PHP Multiple SQL Injection Vulnerabilities
BugTraq ID: 26036
Remote: Yes
Last Updated: 2007-10-12
Relevant URL: http://www.securityfocus.com/bid/26036
Summary:
Stride 1.0 Courses is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

36. PicoFlat CMS Index.PHP Remote File Include Vulnerability
BugTraq ID: 26043
Remote: Yes
Last Updated: 2007-10-12
Relevant URL: http://www.securityfocus.com/bid/26043
Summary:
PicoFlat CMS is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input.

Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

This issue affects PicoFlat CMS 0.4.14; other versions may also be vulnerable.

37. OpenSSL SSL_Get_Shared_Ciphers Off-by-One Buffer Overflow Vulnerability
BugTraq ID: 25831
Remote: Yes
Last Updated: 2007-10-12
Relevant URL: http://www.securityfocus.com/bid/25831
Summary:
OpenSSL is prone to an off-by-one buffer-overflow vulnerability because the library fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

Successfully exploiting this issue may allow attackers to execute arbitrary machine code in the context of applications that use the affected library, but this has not been confirmed. Failed exploit attempts may crash applications, denying service to legitimate users.

NOTE: This issue was introduced in the fix for the vulnerability described in BID 20249 (OpenSSL SSL_Get_Shared_Ciphers Buffer Overflow Vulnerability).

38. Nucleus CMS Index.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 26035
Remote: Yes
Last Updated: 2007-10-12
Relevant URL: http://www.securityfocus.com/bid/26035
Summary:
Nucleus CMS is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

The issue affects Nucleus CMS 3.0.1; other versions may also be vulnerable.

39. UMI CMS Index.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 26033
Remote: Yes
Last Updated: 2007-10-12
Relevant URL: http://www.securityfocus.com/bid/26033
Summary:
UMI CMS is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

40. OpenSSL Montgomery Exponentiation Side-Channel Local Information Disclosure Vulnerability
BugTraq ID: 25163
Remote: No
Last Updated: 2007-10-12
Relevant URL: http://www.securityfocus.com/bid/25163
Summary:
OpenSSL is prone to a local information-disclosure vulnerability because of an implementation flaw in the RSA algorithm.

Successfully exploiting this issue allows local attackers to gain access to private key information of other processes that use the affected library. Information harvested may aid in further attacks.

OpenSSL 0.9.8 is vulnerable to this issue; other versions may also be affected.

41. LibTIFF EstimateStripByteCounts() Denial of Service Vulnerability
BugTraq ID: 19284
Remote: Yes
Last Updated: 2007-10-12
Relevant URL: http://www.securityfocus.com/bid/19284
Summary:
LibTIFF is affected by a denial-of-service vulnerability.

An attacker can exploit this vulnerability to cause a denial of service in applications using the affected library.

42. LibTIFF Next RLE Decoder Remote Heap Buffer Overflow Vulnerability
BugTraq ID: 19282
Remote: Yes
Last Updated: 2007-10-12
Relevant URL: http://www.securityfocus.com/bid/19282
Summary:
The Next RLE Decoder for libTIFF is prone to a remote heap buffer-overflow vulnerability.

This issue occurs because the application fails to check boundary conditions on certain RLE decoding operations.

This issue may allow attackers to execute arbitrary machine code within the context of the vulnerable application or to cause a denial of service.

43. LibTIFF PixarLog Decoder Remote Heap Buffer Overflow Vulnerability
BugTraq ID: 19290
Remote: Yes
Last Updated: 2007-10-12
Relevant URL: http://www.securityfocus.com/bid/19290
Summary:
The PixarLog Decoder for libTIFF is prone to a remote heap buffer-overflow vulnerability.

This issue may allow attackers to execute arbitrary machine code within the context of the vulnerable application or to cause a denial-of-service.

44. LibTIFF TiffScanLineSize Remote Buffer Overflow Vulnerability
BugTraq ID: 19288
Remote: Yes
Last Updated: 2007-10-12
Relevant URL: http://www.securityfocus.com/bid/19288
Summary:
LibTIFF is prone to a buffer-overflow vulnerability because the library fails to do proper boundary checks before copying user-supplied data into a finite-sized buffer.

This issue allows remote attackers to execute arbitrary machine code in the context of applications using the affected library. Failed exploit attempts will likely crash the application, denying service to legitimate users.

45. Mozilla Firefox, SeaMonkey, Camino, and Thunderbird Multiple Remote Vulnerabilities
BugTraq ID: 18228
Remote: Yes
Last Updated: 2007-10-12
Relevant URL: http://www.securityfocus.com/bid/18228
Summary:
The Mozilla Foundation has released thirteen security advisories specifying security vulnerabilities in Mozilla Firefox, SeaMonkey, Camino, and Thunderbird.

These vulnerabilities allow attackers to:

- execute arbitrary machine code in the context of the vulnerable application
- crash affected applications
- run JavaScript code with elevated privileges, potentially allowing the remote execution of machine code
- gain access to potentially sensitive information.

Other attacks may also be possible.

The issues described here will be split into individual BIDs as further information becomes available.

These issues are fixed in:
- Mozilla Firefox version 1.5.0.4
- Mozilla Thunderbird version 1.5.0.4
- Mozilla SeaMonkey version 1.0.2
- Mozilla Camino 1.0.2

46. LibTIFF tiff2pdf Remote Buffer Overflow Vulnerability
BugTraq ID: 18331
Remote: Yes
Last Updated: 2007-10-12
Relevant URL: http://www.securityfocus.com/bid/18331
Summary:
The tiff2pdf utility is prone to a buffer-overflow vulnerability. This issue is due to a failure in the application to do proper boundary checks before copying user-supplied data into a finite-sized buffer.

This issue allows remote attackers to execute arbitrary machine code in the context of the affected application. Failed exploit attempts will likely crash the application, denying service to legitimate users.

47. Wesnoth Client UTF-8 Remote Denial of Service Vulnerability
BugTraq ID: 25995
Remote: Yes
Last Updated: 2007-10-12
Relevant URL: http://www.securityfocus.com/bid/25995
Summary:
Wesnoth is prone to a remote denial-of-service vulnerability because it fails to handle unexpected input.

Attackers can exploit this issue to cause the Wesnoth client to crash.

Wesnoth 1.2.6 is affected by this issue.

48. CRS Manager Multiple Remote File Include Vulnerabilities
BugTraq ID: 26034
Remote: Yes
Last Updated: 2007-10-12
Relevant URL: http://www.securityfocus.com/bid/26034
Summary:
CRS Manager is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

49. Joomla! Search Component SearchWord Cross-Site Scripting Vulnerability
BugTraq ID: 26031
Remote: Yes
Last Updated: 2007-10-12
Relevant URL: http://www.securityfocus.com/bid/26031
Summary:
The Joomla! Search component is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

The issue affects Joomla! 1.0.13; other versions may also be vulnerable.

50. HP Linux Imaging and Printing System HSSPD.PY Daemon Arbitrary Command Execution Vulnerability
BugTraq ID: 26054
Remote: Yes
Last Updated: 2007-10-12
Relevant URL: http://www.securityfocus.com/bid/26054
Summary:
HP Linux Imaging and Printing System (HPLIP) is prone to a an arbitrary command-execution vulnerability because it fails to adequately sanitize user-supplied input.

Attackers can exploit this issue to execute arbitrary commands with superuser privileges. Successful attacks will completely compromise affected computers.

NOTE: By default the application's hpssd daemon only listens on localhost, however it can be configured to listen to remote requests as well.

HPLIP versions in the 1.0 and 2.0 series are vulnerable.

51. KwsPHP Newsletter Module SQL Injection Vulnerability
BugTraq ID: 26051
Remote: Yes
Last Updated: 2007-10-12
Relevant URL: http://www.securityfocus.com/bid/26051
Summary:
KwsPHP is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

KwsPHP 1.0 is vulnerable; other versions may also be affected.

52. Computer Associates BrightStor ARCserve Backup Unspecified Remote Code Execution Vulnerability
BugTraq ID: 26050
Remote: Yes
Last Updated: 2007-10-12
Relevant URL: http://www.securityfocus.com/bid/26050
Summary:
Computer Associates BrightStor ARCserve Backup is prone to an unspecified remote code-execution vulnerability.

Very little information is known about this issue. We will update this BID as soon as more information becomes available.

An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers.

This issue affects Computer Associates BrightStor ARCserve Backup 11.5 SP3; other versions may also be affected.

53. ActiveKB NX Index.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 26027
Remote: Yes
Last Updated: 2007-10-11
Relevant URL: http://www.securityfocus.com/bid/26027
Summary:
ActiveKB NX is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal potentially sensitive information and launch other attacks.

This issue affects ActiveKB NX 2.6; other versions may also be vulnerable.

54. Pindorama Client.php Remote File Include Vulnerability
BugTraq ID: 26026
Remote: Yes
Last Updated: 2007-10-11
Relevant URL: http://www.securityfocus.com/bid/26026
Summary:
Pindorama is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

Pindorama 0.1 is vulnerable; other versions may also be affected.

55. WebDesktop Multiple Remote File Include Vulnerabilities
BugTraq ID: 26030
Remote: Yes
Last Updated: 2007-10-11
Relevant URL: http://www.securityfocus.com/bid/26030
Summary:
WebDesktop is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

WebDesktop 0.1 is vulnerable; other versions may also be affected.

56. NuSEO Nuseo_Admin_D.PHP Remote File Include Vulnerability
BugTraq ID: 26021
Remote: Yes
Last Updated: 2007-10-11
Relevant URL: http://www.securityfocus.com/bid/26021
Summary:
NuSEO is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

NuSEO Enterprise 1.6 is vulnerable; other versions may also be affected.

57. Computer Associates BrightStor ARCserve Backup mediasvr caloggerd Denial Of Service Vulnerabilities
BugTraq ID: 24017
Remote: Yes
Last Updated: 2007-10-11
Relevant URL: http://www.securityfocus.com/bid/24017
Summary:
Computer Associates BrightStor ARCserve Backup is prone to multiple denial-of-service vulnerabilities due to memory-corruption issues caused by errors in processing arguments passed to RPC procedures.

A remote attacker may exploit these issues to crash the affected services, resulting in denial-of-service conditions.

The following applications are affected:

BrightStor ARCserve Backup v9.01, r11.1, r11.5, r11 for Windows
BrightStor Enterprise Backup r10.5
CA Server Protection Suite r2,
CA Business Protection Suite r2
CA Business Protection Suite for Microsoft Small Business Server Standard Edition r2
CA Business Protection Suite for Microsoft Small Business Server Premium Edition r2

58. Computer Associates BrightStor ARCserve Backup Multiple Remote Vulnerabilities
BugTraq ID: 26015
Remote: Yes
Last Updated: 2007-10-11
Relevant URL: http://www.securityfocus.com/bid/26015
Summary:
Computer Associates BrightStor ARCserve is prone to multiple remote vulnerabilities, including buffer-overflow issues, memory-corruption issues, and privilege-escalation issues.

Successful exploits allow remote attackers to cause denial-of-service conditions, execute arbitrary machine code in the context of the affected application, or perform actions with elevated privileges. This may result in a complete compromise of affected computers.

The following applications are affected:

BrightStor ARCserve Backup v9.01, r11.1, r11.5, r11 for Windows
BrightStor Enterprise Backup r10.5
CA Server Protection Suite r2,
CA Business Protection Suite r2
CA Business Protection Suite for Microsoft Small Business Server Standard Edition r2
CA Business Protection Suite for Microsoft Small Business Server Premium Edition r2

59. CA BrightStor ARCserve Backup Memory Corruption Remote Code Execution Vulnerabilities
BugTraq ID: 24680
Remote: Yes
Last Updated: 2007-10-11
Relevant URL: http://www.securityfocus.com/bid/24680
Summary:
Computer Associates BrightStor ARCserve Backup is prone to remote code-execution vulnerabilities due to memory-corruption issues.

Successfully exploiting these issues would allow an attacker to corrupt memory and execute arbitrary code in the context of the affected application. This in turn may result in a complete compromise of affected computers.

The following applications are affected:

BrightStor ARCserve Backup v9.01, r11.1, r11.5, r11 for Windows
BrightStor Enterprise Backup r10.5
CA Server Protection Suite r2,
CA Business Protection Suite r2
CA Business Protection Suite for Microsoft Small Business Server Standard Edition r2
CA Business Protection Suite for Microsoft Small Business Server Premium Edition r2

60. Tcl/Tk ReadImage Buffer Overflow Vulnerability
BugTraq ID: 25826
Remote: Yes
Last Updated: 2007-10-11
Relevant URL: http://www.securityfocus.com/bid/25826
Summary:
Tcl/Tk is prone to a buffer-overflow vulnerability that resides in the Tk library shipped with Tcl.

An attacker can exploit this issue to execute arbitrary code or cause denial-of-service conditions in applications implementing the affected library.

Versions prior to Tcl/Tk 8.4.16 are vulnerable to this issue.

61. Libvorbis Denial Of Service And Memory Corruption Vulnerabilities
BugTraq ID: 25082
Remote: Yes
Last Updated: 2007-10-11
Relevant URL: http://www.securityfocus.com/bid/25082
Summary:
Applications that use the libvorbis library are prone to multiple remote vulnerabilities, including multiple denial-of-service issues and memory-corruption issues.

An attacker can exploit these issues to execute arbitrary code within the context of the affected application or cause the application to crash.

These issues affect libvorbis 1.1.2; other versions of the library may also be affected.

62. Microsoft Outlook Express And Windows Mail NNTP Protocol Heap Buffer Overflow Vulnerability
BugTraq ID: 25908
Remote: Yes
Last Updated: 2007-10-11
Relevant URL: http://www.securityfocus.com/bid/25908
Summary:
Microsoft Outlook Express and Windows Mail are prone to a remote heap-based buffer-overflow vulnerability. This issue occurs because the applications fail to perform adequate boundary-checks on user-supplied data.

Successfully exploiting this issue will allow an attacker to execute arbitrary code with the privileges of the currently logged-in user.

63. VMware Virtual Disk Mount Service Reconfig.DLL Denial Of Service Vulnerability
BugTraq ID: 26025
Remote: Yes
Last Updated: 2007-10-11
Relevant URL: http://www.securityfocus.com/bid/26025
Summary:
VMware Virtual Disk Mount Service ('vmount2.exe') is prone to a denial-of-service vulnerability.

Attackers exploit this issue by enticing an unsuspecting victim to open a malicious VMware disk image with the affected application.

An attacker may be able to exploit this issue to cause denial-of-service conditions in the affected application.

64. Microsoft Windows URI Handler Command Execution Vulnerability
BugTraq ID: 25945
Remote: Yes
Last Updated: 2007-10-11
Relevant URL: http://www.securityfocus.com/bid/25945
Summary:
Microsoft Windows XP and Server 2003 with Internet Explorer 7 is prone to a command-execution vulnerability because it fails to properly sanitize input.

Successfully exploiting this issue allows remote attackers to execute arbitrary commands in the context of users that follow malicious URIs.

Known attack vectors include following URIs in these applications:

- Mozilla Firefox in versions prior to 2.0.0.6
- Skype in versions prior to 3.5.0.239
- Adobe Acrobat Reader 8.1
- Miranda 0.7
- Netscape 7.1
- mIRC.

NOTE: BID 25543 (Mozilla Firefox 2.0.0.6 Unspecified Protocol Handling Command Injection Vulnerability) is an attack vector for this issue.

65. Mozilla Firefox 2.0.0.6 Unspecified Protocol Handling Command Injection Vulnerability
BugTraq ID: 25543
Remote: Yes
Last Updated: 2007-10-11
Relevant URL: http://www.securityfocus.com/bid/25543
Summary:
Mozilla Firefox is prone to an unspecified vulnerability that lets remote attackers inject commands through the 'mailto', 'nntp', 'news', and 'snews' protocol handlers.

Remote attackers may influence command options that can be called through the various handlers and therefore execute commands and script code with the privileges of a user running the applications. Successful attacks may result in various consequences, including remote unauthorized access.

NOTE: This BID is an attack vector for the issue described in BID 25945 (Microsoft Windows URI Handler Command Execution Vulnerability).

66. PHP ionCube Loader Extension Safe_Mode and Disable_Functions Restriction Bypass Vulnerability
BugTraq ID: 26024
Remote: No
Last Updated: 2007-10-11
Relevant URL: http://www.securityfocus.com/bid/26024
Summary:
ionCube Loader is prone to a 'safe_mode' and 'disable_functions' restriction-bypass vulnerability. Successful exploits could allow an attacker to bypass the restrictions imposed by both PHP directives and to access arbitrary file contents.

This vulnerability would be an issue in shared-hosting configurations where multiple users can create and execute arbitrary PHP script code; in such cases, the 'safe_mode' restrictions are expected to isolate users from each other.

ionCube 6.5 running on PHP 5.2.4 is affected; other versions may also be vulnerable.

67. Microsoft Internet Explorer OnBeforeUnload Javascript Browser Entrapment Vulnerability
BugTraq ID: 24911
Remote: Yes
Last Updated: 2007-10-11
Relevant URL: http://www.securityfocus.com/bid/24911
Summary:
Microsoft Internet Explorer is prone to a vulnerability that allows attackers to trap users at a particular webpage and spoof page transitions.

Attackers may exploit this via a malicious page to spoof the contents and origin of a page that the victim may trust. This vulnerability may be useful in phishing or other attacks that rely on content spoofing.

Internet Explorer 7 is vulnerable to this issue; other versions may also be affected.

68. Microsoft Internet Explorer Script Error Handling Memory Corruption Vulnerability
BugTraq ID: 25916
Remote: Yes
Last Updated: 2007-10-11
Relevant URL: http://www.securityfocus.com/bid/25916
Summary:
Microsoft Internet Explorer is prone to a remote code-execution vulnerability.

An attacker may exploit this issue by enticing victims into viewing maliciously crafted HTML content.

Successfully exploiting this issue allows arbitrary machine code to execute in the context of the affected application. This facilitates the remote compromise of affected computers.

69. Microsoft Internet Explorer Address Bar Spoofing Vulnerability
BugTraq ID: 25915
Remote: Yes
Last Updated: 2007-10-11
Relevant URL: http://www.securityfocus.com/bid/25915
Summary:
Microsoft Internet Explorer is prone to a vulnerability that lets attackers spoof the address bar of a trusted site.

Attackers may exploit this vulnerability via a malicious webpage to spoof the contents and origin of a page that the victim may trust. Attackers may find this issue useful in phishing or other attacks that rely on content spoofing.

70. Microsoft Internet Explorer OnUnload Javascript Browser Entrapment Vulnerability
BugTraq ID: 22680
Remote: Yes
Last Updated: 2007-10-11
Relevant URL: http://www.securityfocus.com/bid/22680
Summary:
Microsoft Internet Explorer is prone to a vulnerability that allows attackers to trap users at a particular webpage and spoof page transitions.

Attackers may exploit this via a malicious page to spoof the contents and origin of a page that the victim may trust. This vulnerability may be useful in phishing or other attacks that rely on content spoofing.

NOTE: Mozilla Firefox is likely prone to a variation of this vulnerability. We will update this BID as more information emerges.

Internet Explorer 6 and 7 are confirmed vulnerable to this issue.

71. Microsoft Windows Kodak Image Viewer Remote Code Execution Vulnerability
BugTraq ID: 25909
Remote: Yes
Last Updated: 2007-10-11
Relevant URL: http://www.securityfocus.com/bid/25909
Summary:
Microsoft Windows Kodak Image Viewer is prone to a remote code-execution vulnerability because it fails to properly bounds-check user-supplied data.

Remote attackers can exploit this issue to execute arbitrary machine code in the context of a user running the application. Successful exploits will compromise the user's account and possibly the underlying computer. Failed attacks will likely cause denial-of-service conditions.

NOTE: Affected versions of Windows XP are vulnerable only if they have been upgraded from Windows 2000.

72. Php-Stats Multiple Input Validation Vulnerabilities
BugTraq ID: 26022
Remote: Yes
Last Updated: 2007-10-11
Relevant URL: http://www.securityfocus.com/bid/26022
Summary:
Php-Stats is prone to multiple input-validation vulnerabilities, including multiple remote code-execution issues and multiple SQL-injection issues.

An attacker can exploit these issues to compromise the application, execute arbitrary code within the context of the webserver process, access or modify data, or exploit latent vulnerabilities in the underlying database.

These issues affect Php-Stats 0.1.9.2; other versions may also be vulnerable.

73. HP Select Identity Unspecified Remote Unauthorized Access Vulnerability
BugTraq ID: 26023
Remote: Yes
Last Updated: 2007-10-11
Relevant URL: http://www.securityfocus.com/bid/26023
Summary:
HP Select Identity is prone to an unauthorized-access vulnerability.

An attacker can exploit this issue to gain remote unauthorized access to affected computers.

Select Identity 4.01 to 4.01.010 and 4.10 to 4.13.001 are vulnerable.

74. Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
BugTraq ID: 25489
Remote: Yes
Last Updated: 2007-10-11
Relevant URL: http://www.securityfocus.com/bid/25489
Summary:
The Apache mod_proxy module is prone to a denial-of-service vulnerability.

A remote attacker may be able to exploit this issue to crash the child process. This could lead to denial-of-service conditions if the server is using a multithreaded Multi-Processing Module (MPM).

75. Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
BugTraq ID: 24215
Remote: Yes
Last Updated: 2007-10-11
Relevant URL: http://www.securityfocus.com/bid/24215
Summary:
Apache is prone to multiple denial-of-service vulnerabilities.

An attacker with the ability to execute arbitrary server-side script-code can exploit these issues to stop arbitrary services on the affected computer in the context of the master webserver process; other attacks may also be possible.

76. phpMyAdmin Setup.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 26020
Remote: Yes
Last Updated: 2007-10-11
Relevant URL: http://www.securityfocus.com/bid/26020
Summary:
phpMyAdmin is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal potentially sensitive information and launch other attacks.

This issue affects phpMyAdmin 2.11.1; other versions may also be vulnerable.

77. cpDynaLinks Category.PHP SQL Injection Vulnerability
BugTraq ID: 26018
Remote: Yes
Last Updated: 2007-10-11
Relevant URL: http://www.securityfocus.com/bid/26018
Summary:
cpDynaLinks is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

This issue affects cpDynaLinks 1.02; other versions may also be vulnerable.

78. Sun Solaris 10 Auditing BSM Unspecified Local Denial Of Service Vulnerability
BugTraq ID: 26017
Remote: No
Last Updated: 2007-10-11
Relevant URL: http://www.securityfocus.com/bid/26017
Summary:
Sun Solaris 10 with auditing enabled is prone to an unspecified local denial-of-service vulnerability.

An unprivileged user can exploit this issue on an affected computer to cause a system panic, resulting in a denial-of-service condition.

The following versions of Solaris 10 are vulnerable:

Solaris 10 SPARC without patch 127111-01
Solaris 10 x86 without patch 127112-01

79. OpenBSD DHCPD Server Remote Stack Corruption Vulnerability
BugTraq ID: 25984
Remote: Yes
Last Updated: 2007-10-11
Relevant URL: http://www.securityfocus.com/bid/25984
Summary:
OpenBSD's 'dhcpd' is prone to a remote stack-corruption vulnerability because the software fails to properly bounds-check user-supplied input.

Successfully exploiting this issue allows attackers in the same LAN segment of the vulnerable DHCP server to corrupt the application's stack. This may allow attackers to run arbitrary machine code and to compromise affected computers.

80. Cisco IOS LPD Remote Buffer Overflow Vulnerability
BugTraq ID: 26001
Remote: Yes
Last Updated: 2007-10-11
Relevant URL: http://www.securityfocus.com/bid/26001
Summary:
Cisco IOS is prone to a remote buffer-overflow vulnerability in its LPD service because it fails to perform adequate boundary checks on user-supplied data.

Attackers can exploit this issue to execute arbitrary code in the context of the affected component. Attackers could also restart the device, resulting in denial-of-service conditions.

To exploit this issue, an attacker must be able to change the hostname of affected routers. SNMP write access may allow attackers to change the router's hostname.

Versions prior to Cisco IOS 12.2(18)SXF11, 12.4(16a), and 12.4(2)T6 are vulnerable.

This issue is being tracked by Cisco bug ID CSCsj86725.

NOTE: This issue is related to the vulnerabilities described in BID 25994 (Cisco IOS Multiple Unspecified Stack Overflow Vulnerabilities).

81. Cisco Wireless Control System Insecure Password Vulnerability
BugTraq ID: 26000
Remote: Yes
Last Updated: 2007-10-11
Relevant URL: http://www.securityfocus.com/bid/26000
Summary:
Cisco Wireless Control System is prone to a vulnerability that permits an attacker to gain unauthorized administrative access to the affected device. This issue occurs when the Cisco Wireless LAN Solution Engine (WLSE) uses a conversion utility to convert to the Cisco Wireless Control System (WCS). This issue is being tracked by Cisco Bug ID CSCsj71081

An attacker could exploit this issue to gain unauthorized administrative access to the affected device. Successfully exploiting this issue will result in the complete compromise of the affected device.

This issue affects Cisco Wireless Control System 4.1.91.0 and prior versions.

82. LibTIFF TIFFFindFieldInfo Remote Buffer Overflow Vulnerability
BugTraq ID: 19793
Remote: Yes
Last Updated: 2007-10-11
Relevant URL: http://www.securityfocus.com/bid/19793
Summary:
LibTIFF is prone to a buffer-overflow vulnerability because the library fails to do proper boundary checks before copying user-supplied data into a finite-sized buffer.

This issue allows remote attackers to execute arbitrary machine code in the context of appications using the affected library. Failed exploit attempts will likely crash the application, denying service to legitimate users.

This issue is known to affect versions of LibTIFF included with Sony PSP devices running firmware versions 2.0 through 2.8.

Specific information regarding affected versions of LibTIFF is currently unavailable. We will update this BID as more information emerges.

83. util-linux mount umount Local Privilege Escalation Vulnerability
BugTraq ID: 25973
Remote: No
Last Updated: 2007-10-11
Relevant URL: http://www.securityfocus.com/bid/25973
Summary:
The 'util-linux' package is prone to a local privilege-escalation vulnerability that stems from a design error.

Exploiting this issue could allow attackers to execute arbitrary code with elevated privileges by using mount helpers such as the 'mount.nfs' application.

This vulnerability affects util-linux 2.12r; other versions may also be affected.

84. MySQL Access Validation and Denial of Service Vulnerabilities
BugTraq ID: 25017
Remote: Yes
Last Updated: 2007-10-11
Relevant URL: http://www.securityfocus.com/bid/25017
Summary:
MySQL is prone to a access-validation vulnerability and a denial-of-service vulnerability.

An attacker can exploit these issues to create arbitrary MySQL tables or to crash the affected application, denying service to legitimate users.

This issue affects versions prior to MySQL 5.0.45.

85. MySQL Rename Table Function Access Validation Vulnerability
BugTraq ID: 24016
Remote: Yes
Last Updated: 2007-10-11
Relevant URL: http://www.securityfocus.com/bid/24016
Summary:
MySQL is prone to an access-validation vulnerability because it fails to perform adequate access control.

Attackers can exploit this issue to rename arbitrary tables. This could result in denial-of-service conditions and may aid in other attacks.

Versions prior to MySQL 4.1.23, 5.0.42, and 5.1.18 are vulnerable.

86. MySQL IF Query Handling Remote Denial Of Service Vulnerability
BugTraq ID: 23911
Remote: Yes
Last Updated: 2007-10-11
Relevant URL: http://www.securityfocus.com/bid/23911
Summary:
MySQL is prone to a remote denial-of-service vulnerability because it fails to handle certain specially crafted queries.

An attacker can exploit this issue to crash the application, denying access to legitimate users.

NOTE: An attacker must be able to execute arbitrary SELECT statements against the database to exploit this issue. This may be through legitimate means or by exploiting other latent SQL-injection vulnerabilities.

Versions prior to MySQL 5.0.40 are vulnerable.

87. RETIRED: Microsoft Office 2000 and XP Unspecified Word Document Handling DoS Vulnerability
BugTraq ID: 25991
Remote: Yes
Last Updated: 2007-10-11
Relevant URL: http://www.securityfocus.com/bid/25991
Summary:
Microsoft Office 2000 and Office XP are prone to an unspecified denial-of-service vulnerability.

Microsoft Word is confirmed vulnerable to an unspecified denial-of-service issue. Other versions of Microsoft Word/Office may be affected by the vulnerability, but this has not been confirmed.

The following versions of Microsoft Office are confirmed vulnerable to this issue:

Microsoft Office 2000 English
Microsoft Office 2000 Japanese
Microsoft Office 2000 Chinese
Microsoft Office XP English
Microsoft Office XP Japanese
Microsoft Office XP Chinese

88. Eggdrop Server Module Message Handling Remote Buffer Overflow Vulnerability
BugTraq ID: 24070
Remote: Yes
Last Updated: 2007-10-11
Relevant URL: http://www.securityfocus.com/bid/24070
Summary:
Eggdrop Server Module is prone to a remote buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

Eggdrop 1.6.18 is known to be vulnerable; other versions may be affected as well.

89. G DATA Antivirus 2007 ScanObjectBrowser.DLL ActiveX Control Buffer Overflow Weakness
BugTraq ID: 26008
Remote: Yes
Last Updated: 2007-10-11
Relevant URL: http://www.securityfocus.com/bid/26008
Summary:
G DATA Antivirus 2007 is prone to a buffer-overflow weakness because it fails to perform adequate boundary checks.

Successful exploits will allow attackers to execute arbitrary code in the context of an application using the control (typically Internet Explorer). Since the affected control is not marked 'safe for scripting', attackers must exploit this issue in conjunction with zone-escalation or cross-zone scripting attacks.

G DATA Antivirus 2007 is vulnerable to this issue; other versions may also be affected.

90. Sun Solaris I_PEEK IOCTL Handler Local Information Disclosure Vulnerability
BugTraq ID: 25905
Remote: No
Last Updated: 2007-10-11
Relevant URL: http://www.securityfocus.com/bid/25905
Summary:
Sun Solaris is prone to a local information-disclosure vulnerability because it fails to adequately sanitize users-supplied input used for reading potentially sensitive memory data.

Information gained will help attackers launch further attacks against the affected computer.

91. Computer Associates eTrust ITM (Threat Manager) Web Console URI Redirection Vulnerability
BugTraq ID: 26013
Remote: Yes
Last Updated: 2007-10-11
Relevant URL: http://www.securityfocus.com/bid/26013
Summary:
Computer Associates eTrust ITM (Threat Manager) is prone to a remote URI-redirection vulnerability because the web-based console fails to adequately sanitize user-supplied input.

A successful attack may aid an attacker in phishing-style attacks.

This issue affects eTrust ITM (Threat Manager) r8; other versions may also be affected.

92. Computer Associates ERwin Process Modeler Data Standards File Remote Denial of Service Vulnerability
BugTraq ID: 26007
Remote: Yes
Last Updated: 2007-10-11
Relevant URL: http://www.securityfocus.com/bid/26007
Summary:
Computer Associates ERwin Process Modeler is prone to a remote denial-of-service vulnerability.

An attacker could exploit this issue to crash the affected application, denying service to legitimate users.

This issue affects Computer Associates ERwin Process Modeler 7.2; other versions may also be affected.

93. EMC RepliStor Server Service recv() Buffer Overflow Vulnerability
BugTraq ID: 26014
Remote: Yes
Last Updated: 2007-10-11
Relevant URL: http://www.securityfocus.com/bid/26014
Summary:
EMC RepliStor is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

A remote attacker may be able to exploit this issue to execute arbitrary code with SYSTEM-level privileges.

This issue affects RepliStor 6.1.3; earlier versions may also be vulnerable.

94. Computer Associates Threat Manager Remote Information Disclosure Vulnerability
BugTraq ID: 26012
Remote: Yes
Last Updated: 2007-10-11
Relevant URL: http://www.securityfocus.com/bid/26012
Summary:
Computer Associates Threat Manager is prone to a remote information-disclosure vulnerability because it fails to restrict access to certain files.

Attackers can exploit this issue to obtain potentially sensitive data that could aid in further attacks.

Threat Manager r8.1 is vulnerable; other versions may also be affected.

95. IBM DB2 Universal Database Buffer Overflow and Multiple Denial of Service Vulnerabilities
BugTraq ID: 26010
Remote: Yes
Last Updated: 2007-10-11
Relevant URL: http://www.securityfocus.com/bid/26010
Summary:
IBM DB2 Universal Database is prone to a buffer-overflow vulnerability and two denial-of-service vulnerabilities.

Successfully exploiting these issues allows attackers to execute arbitrary machine code in the context of the database server, compromising the computer. Exploits may also result in server crashes, denying service to legitimate users.

IBM DB2 Universal Database 8.1 and 8.2 are vulnerable to these issues.

96. Firebird Process_Packet Remote Buffer Overflow Vulnerability
BugTraq ID: 26011
Remote: Yes
Last Updated: 2007-10-11
Relevant URL: http://www.securityfocus.com/bid/26011
Summary:
Firebird is prone to a remote stack-based buffer-overflow vulnerability.

An attacker can exploit this issue to execute arbitrary machine code in the context of the affected database server. Failed exploit attempts will likely crash the server, denying service to legitimate users.

Firebird 2.0.2 is vulnerable; previous versions may also be affected.

97. 3Com OfficeConnect Wireless Cable/DSL Router Unauthorized Remote Administration Vulnerability
BugTraq ID: 26009
Remote: Yes
Last Updated: 2007-10-11
Relevant URL: http://www.securityfocus.com/bid/26009
Summary:
The 3Com OfficeConnect Wireless Cable/DSL Router is prone to a vulnerability that can result in unauthorized remote administration.

This issue occurs because the device fails to enforce certain security restrictions selected by the user.

This issue can result in a false sense of security because it exposes the device to remote access even though administrative settings state otherwise. Attackers can exploit this issue to potentially gain administrative access to the device.

98. Asterisk IMAP-Specific Voicemail Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 26005
Remote: Yes
Last Updated: 2007-10-11
Relevant URL: http://www.securityfocus.com/bid/26005
Summary:
Asterisk is prone to multiple buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data before copying it to insufficiently sized buffers.

Successful exploits may allow an attacker to execute arbitrary machine code to compromise an affected computer or to cause denial-of-service conditions.

Versions prior to Asterisk Open Source 1.4.13 are vulnerable.

99. Microsoft Word Workspace Memory Corruption Remote Code Execution Vulnerability
BugTraq ID: 25906
Remote: Yes
Last Updated: 2007-10-11
Relevant URL: http://www.securityfocus.com/bid/25906
Summary:
Microsoft Word is prone to a remote code-execution vulnerability.

An attacker could exploit this issue by enticing a victim to open a malicious Word file.

Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user.

NOTE: Successful exploits of this issue may be hampered because Microsoft Office 2007 and Office 2003 SP3 will not open some older Office file formats, including Office for Macintosh documents. Exploits of this issue involve the Macintosh file format.

100. Mambo/Joomla! MP3 Allopass MosConfig_Absolute_Path Multiple Remote File Include Vulnerabilities
BugTraq ID: 26002
Remote: Yes
Last Updated: 2007-10-11
Relevant URL: http://www.securityfocus.com/bid/26002
Summary:
The MP3 Allopass component is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Retailers look to exorcise credit-card data
By: Robert Lemos
The National Retail Federation sends a letter asking that its members be allowed to decide what credit-card data to keep.
http://www.securityfocus.com/news/11491

2. DHS, Unisys scrutinized after data breach
By: Robert Lemos
A Congressional committee claims that Unisys allowed malicious code to infect federal systems.
http://www.securityfocus.com/news/11489

3. Customers: TD Ameritrade failed to warn of breach
By: Robert Lemos
Numerous account holders complained over the past year that the consumer brokerage had sold or leaked e-mail addresses to pump-and-dump spammers.
http://www.securityfocus.com/news/11488

4. Max Vision charged with hacking -- again
By: Robert Lemos
Federal prosecutors charge former security consultant Max Butler, better known amongst security researchers as "Max Vision," alleging that he supplied and managed a ring of identity thieves.
http://www.securityfocus.com/news/11487

IV. SECURITY JOBS LIST SUMMARY
-------------------------------
1. [SJ-JOB] Quality Assurance, Mountain View
http://www.securityfocus.com/archive/77/482177

2. [SJ-JOB] Security Engineer, Washington
http://www.securityfocus.com/archive/77/482174

3. [SJ-JOB] Application Security Engineer, Boston
http://www.securityfocus.com/archive/77/482175

4. [SJ-JOB] Security Engineer, Baltimore
http://www.securityfocus.com/archive/77/482176

5. [SJ-JOB] Customer Service, Mountain View
http://www.securityfocus.com/archive/77/482173

6. [SJ-JOB] Database Security Engineer, King of Prussia
http://www.securityfocus.com/archive/77/482030

7. [SJ-JOB] Application Security Engineer, Denver
http://www.securityfocus.com/archive/77/482035

8. [SJ-JOB] Security Engineer, Carpinteria
http://www.securityfocus.com/archive/77/482036

9. [SJ-JOB] Security Engineer, Atlanta
http://www.securityfocus.com/archive/77/482029

10. [SJ-JOB] Security Consultant, Charlotte
http://www.securityfocus.com/archive/77/482032

11. [SJ-JOB] Security Consultant, Charlotte
http://www.securityfocus.com/archive/77/482034

12. [SJ-JOB] Security Architect, Woodbridge
http://www.securityfocus.com/archive/77/482037

13. [SJ-JOB] Technical Marketing Engineer, Berkshire
http://www.securityfocus.com/archive/77/481928

14. [SJ-JOB] Sr. Security Engineer, Edison
http://www.securityfocus.com/archive/77/481929

15. [SJ-JOB] VP, Information Security, Berkshire
http://www.securityfocus.com/archive/77/481930

16. [SJ-JOB] Application Security Engineer, Houston
http://www.securityfocus.com/archive/77/481931

17. [SJ-JOB] Director, Information Security, Fairfax (Metro Area)
http://www.securityfocus.com/archive/77/481923

18. [SJ-JOB] Director, Information Security, Herndon
http://www.securityfocus.com/archive/77/481925

19. [SJ-JOB] Security Product Marketing Manager, Hopkinton
http://www.securityfocus.com/archive/77/481926

20. [SJ-JOB] Security Consultant, Singapore
http://www.securityfocus.com/archive/77/481919

21. [SJ-JOB] Sales Engineer, Boston
http://www.securityfocus.com/archive/77/481920

22. [SJ-JOB] Sr. Security Engineer, Chicago Area
http://www.securityfocus.com/archive/77/481922

23. [SJ-JOB] Security Consultant, Atlanta
http://www.securityfocus.com/archive/77/481924

24. [SJ-JOB] Information Assurance Analyst, New York
http://www.securityfocus.com/archive/77/481916

25. [SJ-JOB] Software Engineer, Mountain View
http://www.securityfocus.com/archive/77/481917

26. [SJ-JOB] Certification & Accreditation Engineer, Chantilly
http://www.securityfocus.com/archive/77/481918

V. INCIDENTS LIST SUMMARY
---------------------------
VI. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
1. IRM Demonstrates Multiple Cisco IOS Exploitation Techniques
http://www.securityfocus.com/archive/82/481987

2. Black Hat Tokyo + DC and Europe CfPs now open.
http://www.securityfocus.com/archive/82/481833

VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
1. Linux Hardening
http://www.securityfocus.com/archive/91/482082

X. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

XI. SPONSOR INFORMATION
------------------------
This issue is Sponsored by: SPI Dynamics

ALERT: Ajax Security Dangers- How Hackers are attacking Ajax Web Apps
While Ajax can greatly improve the usability of a Web application, it can also
create several opportunities for possible attack if the application is not
designed with security in mind. Download this SPI Dynamics white paper.

https://download.spidynamics.com/1/ad/AJAX.asp?Campaign_ID=70160000000D4Kl

No comments:

Blog Archive