News

Thursday, January 24, 2008

SecurityFocus Newsletter #437

SecurityFocus Newsletter #437
----------------------------------------

This issue is Sponsored by: Black Hat Europe

Attend Black Hat Europe, March 25-28, Amsterdam, Europe's premier technical event for ICT security experts. Featuring hands-on training courses and Briefings presentations with lots of new content. Network with 400+ delegates from 30 nations and review products by leading vendors in a relaxed setting. Black Hat Europe is supported by most leading European infosec associations.

www.blackhat.com


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1. Mother May I?
2. Finding a Cure for Data Loss
II. BUGTRAQ SUMMARY
1. X.Org X Server 'EVI' Extension Local Privilege Escalation Vulnerability
2. X.Org X Server 'TOG-CUP' Extension Local Privilege Escalation Vulnerability
3. Numara FootPrints 'MRchat.pl' and 'MRABLoad2.pl' Multiple Remote Command Execution Vulnerabilities
4. Drupal Archive Module Cross-Site Scripting Vulnerabilities
5. aconon Mail Template Parameter Directory Traversal Vulnerability
6. SLAED CMS 'index.php' Local File Include Vulnerability
7. Liquid-Silver CMS 'update/index.php' Local File Include Vulnerability
8. Comodo AntiVirus 'ExecuteStr()' ActiveX Control Arbitrary Command Execution Vulnerability
9. HFS HTTP File Server Multiple Security Vulnerabilities
10. Siteman 'articles.php' File Disclosure Vulnerability
11. Cisco Application Velocity System (AVS) Remote Default Account Vulnerabilities
12. Web Wiz Rich Text Editor Arbitrary HTML File Creation Vulnerability
13. Multiple Web Wiz Products Remote Information Disclosure Vulnerability
14. Lama Software 'MY_CONF[classRoot]' Multiple Remote File Include Vulnerabilities
15. Coppermine Photo Gallery 'thumbnails.php' SQL Injection Vulnerability
16. Alice Gate2 Plus Wi-Fi Router Cross-Site Request Forgery Vulnerability
17. IBM WebSphere Application Server serveServletsByClassnameEnabled Unspecified Vulnerability
18. boastMachine 'mail.php' SQL Injection Vulnerability
19. MediaWiki Search Bar Cross-Site Scripting Vulnerability
20. MegaBBS 'upload.asp' Cross-Site Scripting Vulnerability
21. Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
22. Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
23. Apache HTTP Server Mod_Cache Denial of Service Vulnerability
24. Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
25. BalaBit IT Security syslog-ng NULL-Pointer Dereference Denial of Service Vulnerability
26. Cairo PNG Image Processing Remote Integer Overflow Vulnerability
27. X.Org X 'Server X:1 -sp' Command Information Disclosure Vulnerability
28. X.Org X Server 'PassMessage' Request Local Privilege Escalation Vulnerability
29. X.Org X Server 'Xinput' Extension Local Privilege Escalation Vulnerability
30. X.Org X Server 'MIT-SHM' Local Privilege Escalation Vulnerability
31. Tikiwiki CMS 'tiki-listmovies.php' Directory Traversal Vulnerability
32. TikiWiki 'tiki-special_chars.php' Cross-Site Scripting Vulnerability
33. Cisco PIX and ASA Appliance 'TTL Decrement' Denial of Service Vulnerability
34. SDL_image Invalid GIF File LWZ Minimum Code Size Remote Buffer Overflow Vulnerability
35. PHP cURL 'safe mode' Security Bypass Vulnerability
36. LulieBlog 'voircom.php' SQL Injection Vulnerability
37. Foojan WMS 'index.php' SQL Injection Vulnerability
38. Mozilla Firefox chrome:// URI JavaScript File Request Information Disclosure Vulnerability
39. Microsoft Windows TCP/IP ICMP Remote Denial Of Service Vulnerability
40. Microsoft Windows TCP/IP IGMP MLD Remote Buffer Overflow Vulnerability
41. yaSSL Multiple Remote Buffer Overflow Vulnerabilities
42. PHP 5.2.3 and Prior Versions Multiple Vulnerabilities
43. Exiv2 EXIF File Handling Integer Overflow Vulnerability
44. Belong Software Site Builder Administration Pages Authentication Bypass Vulnerability
45. Linux Kernel CIFS Transport.C Remote Buffer Overflow Vulnerability
46. Linux Kernel SysFS_ReadDir NULL Pointer Dereference Vulnerability
47. util-linux mount umount Local Privilege Escalation Vulnerability
48. OpenSSL Montgomery Exponentiation Side-Channel Local Information Disclosure Vulnerability
49. OpenPegasus Management Server PAM Authentication 'cimservera.cpp' Buffer Overflow Vulnerability
50. Perl Unicode Regular Expression Buffer Overflow Vulnerability
51. OpenSSL SSL_Get_Shared_Ciphers Off-by-One Buffer Overflow Vulnerability
52. Samba NMBD Logon Request Remote Buffer Overflow Vulnerability
53. Samba NMBD_Packets.C NetBIOS Replies Stack-Based Buffer Overflow Vulnerability
54. YaBB SE Cookie Security Bypass Vulnerability
55. Lycos File Upload Component 'FileUploader.dll' ActiveX Control Buffer Overflow Vulnerability
56. Apache 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
57. SetCMS 'set' Parameter Local File Include Vulnerability
58. PHP-Nuke Search Module 'sid' Parameter SQL Injection Vulnerability
59. EasySiteNetwork Recipe Website Script 'list.php' SQL Injection Vulnerability
60. ELOG Cross-Site Scripting Vulnerability and Denial of Service Vulnerability
61. Linux Kernel DO_COREDUMP Local Information Disclosure Vulnerability
62. Linux Kernel VFS Unauthorized File Access Vulnerability
63. Xen 'copy_to_user()' Local Security Bypass Vulnerability
64. Microsoft Excel Header Parsing Remote Code Execution Vulnerability
65. aflog Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
66. IBM WebSphere Prior to 6.0.2.25 Multiple Remote Vulnerabilities
67. DeluxeBB 'attachments_header.php' Cross-Site Scripting Vulnerability
68. MoinMoin MOIN_ID Cookie Remote Authentication Bypass Vulnerability
69. SAP MaxDB 'cons.exe' Remote Command Injection Vulnerability
70. HP-UX ARPA Transport Unspecified Remote Denial Of Service Vulnerability
71. LulieBlog 'id' Parameter Multiple SQL Injection Vulnerabilities
72. Multiple Vendors BIND 'inet_network()' Off-by-One Buffer Overflow Vulnerability
73. ClamAV BZ_GET_FAST Bzip2 Decompression Vulnerability
74. Boost Library Regular Expression Remote Denial of Service Vulnerabilities
75. Mantis 'Most Active Bugs' Summary Cross Site Scripting Vulnerability
76. ClamAV 'libclamav/pe.c' MEW Packed PE File Integer Overflow Vulnerability
77. X.Org X Server PCF Font Parser Buffer Overflow Vulnerability
78. ClamAV 'mspack.c' Off-By-One Buffer Overflow Vulnerability
79. xine-lib 'rmff_dump_cont()' Remote Heap Buffer Overflow Vulnerability
80. Citrix Presentation Server IMA Service Buffer Overflow Vulnerability
81. PHP-Nuke News Module Index.PHP SQL Injection Vulnerability
82. Invision Gallery Index.PHP SQL Injection Vulnerability
83. Novemberborn sIFR 'txt' Parameter Cross-Site Scripting Vulnerability
84. GlobalLink 'GLChat.ocx' ActiveX Control 'ChatRoom()' Buffer Overflow Vulnerability
85. F5 BIG-IP 'SearchString' Multiple Cross-Site Scripting Vulnerabilities
86. PacerCMS 'id' Parameter Multiple SQL Injection Vulnerabilities
87. PacerCMS 'submit.php' Multiple HTML Injection Vulnerabilities
88. IBM WebSphere Business Modeler Repository Arbitrary File Deletion Vulnerability
89. Fujitsu Interstage HTTP Server Multiple Unspecified Denial Of Service Vulnerabilities
90. Frimousse 'explorerdir.php' File Disclosure Vulnerability
91. Small Axe Weblog 'ffile' Parameter Remote File Include Vulnerability
92. IBM Tivoli Provisioning Manager for OS Deployment Denial of Service Vulnerability
93. IBM Tivoli Business Service Manager Password Disclosure Vulnerability
94. singapore Modern Template 'gallery' Parameter Cross-Site Scripting Vulnerability
95. Mooseguy Blog System 'blog.php' SQL Injection Vulnerability
96. OZ Journals 'printpreview' Local File Disclosure Vulnerability
97. AlstraSoft Forum Pay Per Post Exchange 'index.php' SQL Injection Vulnerability
98. IDMOS CMS 'download.php' Local File Include Vulnerability
99. MyBB 'private.php' SQL Injection Vulnerability
100. Citadel SMTP RCPT TO Remote Buffer Overflow Vulnerability
III. SECURITYFOCUS NEWS
1. Legitimate sites serving up stealthy attacks
2. Malware hitches a ride on digital devices
3. Senate delays vote on spy bill
4. Researchers reverse Netflix anonymization
IV. SECURITY JOBS LIST SUMMARY
1. [SJ-JOB] Management, Dubai or Abu Dhabi
2. [SJ-JOB] Information Assurance Analyst, Columbia
3. [SJ-JOB] Forensics Engineer, Dubai or Abu Dhabi
4. [SJ-JOB] Account Manager, Columbia
5. [SJ-JOB] Developer, Fredericton
6. [SJ-JOB] Security Engineer, Bangalore
7. [SJ-JOB] Security Architect, Olympia/Tumwater
8. [SJ-JOB] Management, Omaha, Kansas City, Minneapolis
9. [SJ-JOB] Software Engineer, Fredericton
10. [SJ-JOB] Sales Engineer, Omaha, Kansas City, Minneapolis
11. [SJ-JOB] Security System Administrator, Columbia
12. [SJ-JOB] VP / Dir / Mgr engineering, Fredericton
13. [SJ-JOB] Information Assurance Engineer, Washington
14. [SJ-JOB] Developer, Fredericton
15. [SJ-JOB] Sales Engineer, San Francisco
16. [SJ-JOB] Sr. Security Analyst, Omaha, Kansas City, Minneapolis
17. [SJ-JOB] Security Engineer, Washington
18. [SJ-JOB] Security Engineer, Schaumburg
19. [SJ-JOB] Sales Engineer, Atlanta
20. [SJ-JOB] Security Architect, Washington D.C.
21. [SJ-JOB] Security Engineer, Schaumburg
22. [SJ-JOB] Sales Engineer, Philadelphia
23. [SJ-JOB] Auditor, Various Locations - Internationally
24. [SJ-JOB] Technical Support Engineer, St. Louis
25. [SJ-JOB] Application Security Architect, Glendale
26. [SJ-JOB] Management, New York
27. [SJ-JOB] Senior Software Engineer, Austin
28. [SJ-JOB] Sales Engineer, New York
29. [SJ-JOB] Sales Representative, New York
30. [SJ-JOB] Security Engineer, Washington
31. [SJ-JOB] Sales Representative, New York
32. [SJ-JOB] Sales Representative, Atlanta
33. [SJ-JOB] Sr. Security Analyst, Austin
34. [SJ-JOB] Application Security Architect, Delhi
35. [SJ-JOB] Sr. Security Analyst, Austin
36. [SJ-JOB] Sales Engineer, Dallas
37. [SJ-JOB] Sales Engineer, San Francisco
38. [SJ-JOB] Auditor, Phoenix
39. [SJ-JOB] Sr. Security Engineer, Brooklyn (Metrotech)
40. [SJ-JOB] Security Consultant, Palm Beach
41. [SJ-JOB] Sr. Security Engineer, Alexandria
42. [SJ-JOB] Software Engineer, Herndon
43. [SJ-JOB] Principal Software Engineer, Pune
44. [SJ-JOB] Security Engineer, West Des Moines
45. [SJ-JOB] Penetration Engineer, Los Angeles
46. [SJ-JOB] Penetration Engineer, Arlington
47. [SJ-JOB] Technical Support Engineer, Beijing
48. [SJ-JOB] Penetration Engineer, Arlington
49. [SJ-JOB] Sales Engineer, Northern VA, MD, DC
50. [SJ-JOB] Sr. Security Analyst, San Francisco
51. [SJ-JOB] Sales Engineer, Washington D.C.
52. [SJ-JOB] Sr. Product Manager, CUPERTINO
V. INCIDENTS LIST SUMMARY
1. DNS CACHE POISONING? - Our Portal is redirecting to our first competition
VI. VULN-DEV RESEARCH LIST SUMMARY
VII. MICROSOFT FOCUS LIST SUMMARY
1. FTP on IIS
2. SecurityFocus Microsoft Newsletter #377
VIII. SUN FOCUS LIST SUMMARY
IX. LINUX FOCUS LIST SUMMARY
X. UNSUBSCRIBE INSTRUCTIONS
XI. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Mother May I?
By Mark Rasch
"Sure, you can have a cookie, but you may not."We all have had that discussion before -- either with our parents or our kids. A recent case from North Dakota reveals that the difference between those two concepts may lead not only to civil liability, but could land you in jail.
http://www.securityfocus.com/columnists/463

2.Finding a Cure for Data Loss
By Jamie Reid
Despite missteps in protecting customer information, companies have largely escaped the wrath of consumers.

http://www.securityfocus.com/columnists/462


II. BUGTRAQ SUMMARY
--------------------
1. X.Org X Server 'EVI' Extension Local Privilege Escalation Vulnerability
BugTraq ID: 27353
Remote: No
Last Updated: 2008-01-24
Relevant URL: http://www.securityfocus.com/bid/27353
Summary:
X.Org X Server is prone to a local privilege-escalation vulnerability.

Attackers can exploit this issue to execute arbitrary code with superuser privileges or to crash the affected computer.

NOTE: This vulnerability was previously covered in BID 27336 (X.Org X Server Multiple Local Privilege Escalation and Information Disclosure Vulnerabilities), but has been given its own record to better document the issue.

2. X.Org X Server 'TOG-CUP' Extension Local Privilege Escalation Vulnerability
BugTraq ID: 27355
Remote: No
Last Updated: 2008-01-24
Relevant URL: http://www.securityfocus.com/bid/27355
Summary:
X.Org X Server is prone to a local privilege-escalation vulnerability.

Attackers can exploit this issue to execute arbitrary code with superuser privileges or to crash the affected computer.

NOTE: This vulnerability was previously covered in BID 27336 (X.Org X Server Multiple Local Privilege Escalation and Information Disclosure Vulnerabilities), but has been given its own record to better document the issue.

3. Numara FootPrints 'MRchat.pl' and 'MRABLoad2.pl' Multiple Remote Command Execution Vulnerabilities
BugTraq ID: 27373
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27373
Summary:
Numara FootPrints is prone to multiple vulnerabilities that attackers can leverage to execute arbitrary commands. These issues occur because the application fails to adequately sanitize user-supplied input.

Successful attacks can compromise the affected application and possibly the underlying computer.

Versions prior to FootPrints 8.1 are vulnerable.

4. Drupal Archive Module Cross-Site Scripting Vulnerabilities
BugTraq ID: 27436
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27436
Summary:
Archive module for Drupal is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

These issues affect versions prior to 5.x-1.8.

5. aconon Mail Template Parameter Directory Traversal Vulnerability
BugTraq ID: 27427
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27427
Summary:
aconon Mail is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data.

Exploiting this issue may allow an attacker to access sensitive information that could aid in further attacks.

The issue affects aconon Mail 2007 Enterprise SQL 11.7.0 and 2004 Enterprise SQL 11.5.1; other versions may also be vulnerable.

6. SLAED CMS 'index.php' Local File Include Vulnerability
BugTraq ID: 27426
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27426
Summary:
SLAED CMS is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability using directory-traversal strings to execute local script code in the context of the application. This may allow the attacker to access sensitive information that may aid in further attacks.

SLAED CMS 2.5 Lite is vulnerable to this issue; other versions may also be affected.

7. Liquid-Silver CMS 'update/index.php' Local File Include Vulnerability
BugTraq ID: 27425
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27425
Summary:
Liquid-Silver CMS is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability using directory-traversal strings to access potentially sensitive information that may aid in further attacks.

8. Comodo AntiVirus 'ExecuteStr()' ActiveX Control Arbitrary Command Execution Vulnerability
BugTraq ID: 27424
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27424
Summary:
A Comodo AntiVirus ActiveX control is prone to a vulnerability that lets attackers execute arbitrary commands.

Successfully exploiting this issue allows remote attackers to execute arbitrary commands in the context of the application using the ActiveX control (typically Internet Explorer).

Comodo AntiVirus 2.0 is vulnerable to this issue; other versions may also be affected.

9. HFS HTTP File Server Multiple Security Vulnerabilities
BugTraq ID: 27423
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27423
Summary:
HFS HTTP File Server is prone to multiple security vulnerabilities.

These vulnerabilities include cross-site scripting issues, an information-disclosure issue, an arbitrary file-creation issue, a denial-of-service issue, a username spoofing issue and a log file forging issue.

A successful exploit could allow an attacker to deny service to legitimate users, create and execute arbitrary files in the context of the webserver process, falsify log information, or execute arbitrary script code in the browser of an unsuspecting user. Other attacks are also possible.

10. Siteman 'articles.php' File Disclosure Vulnerability
BugTraq ID: 27422
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27422
Summary:
Siteman is prone to a vulnerability that lets attackers obtain potentially sensitive information because it fails to prevent access to arbitrary files.

An attacker can exploit this issue to download arbitrary files with the privileges of the webserver process. Information obtained may aid in further attacks.

This issue affects Siteman 1.1.9; other versions may be vulnerable as well.

11. Cisco Application Velocity System (AVS) Remote Default Account Vulnerabilities
BugTraq ID: 27421
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27421
Summary:
Cisco Application Velocity System (AVS) is prone to multiple default-account vulnerabilities. These issues stem from a design flaw that makes several accounts available to remote attackers.

Successful exploits allow remote attackers to gain administrative access to vulnerable appliances.

Versions of Cisco AVS prior to 5.1.0 are vulnerable.

Cisco is tracking these issues as Cisco Bug ID CSCsd94732.

12. Web Wiz Rich Text Editor Arbitrary HTML File Creation Vulnerability
BugTraq ID: 27420
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27420
Summary:
Web Wiz Rich Text Editor is prone to a vulnerability that permits the creation of an arbitrary HTML file.

An attacker can exploit this issue to place arbitrary HTML code on the vulnerable computer. This may aid in retrieving potentially sensitive information from an unsuspecting victim; other attacks are also possible.

This issue affects Rich Text Editor 4.0; other versions may also be vulnerable.

13. Multiple Web Wiz Products Remote Information Disclosure Vulnerability
BugTraq ID: 27419
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27419
Summary:
Web Wiz Forums, NewsPad, and Rich Text Editor are prone to a remote information-disclosure vulnerability because they fail to properly sanitize user-supplied input.

An attacker can exploit this issue to retrieve arbitrary files in the context of the webserver process. Information obtained may aid in further attacks; other attacks are also possible.

This issue affects Forums 9.07, NewsPad 1.02, and Rich Text Editor 4.0; other versions may also be vulnerable.

14. Lama Software 'MY_CONF[classRoot]' Multiple Remote File Include Vulnerabilities
BugTraq ID: 27380
Remote: Yes
Last Updated: 2008-01-22
Relevant URL: http://www.securityfocus.com/bid/27380
Summary:
Lama Software is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

15. Coppermine Photo Gallery 'thumbnails.php' SQL Injection Vulnerability
BugTraq ID: 27372
Remote: Yes
Last Updated: 2008-01-22
Relevant URL: http://www.securityfocus.com/bid/27372
Summary:
Coppermine Photo Gallery is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

This issue may be related to the vulnerability documented in BID 24710 (Coppermine Photo Gallery Album Password Cookie SQL Injection Vulnerability). We will update this BID as more information emerges.

This issue affects Coppermine Photo Gallery 1.4.10; other versions may also be vulnerable.

16. Alice Gate2 Plus Wi-Fi Router Cross-Site Request Forgery Vulnerability
BugTraq ID: 27374
Remote: Yes
Last Updated: 2008-01-22
Relevant URL: http://www.securityfocus.com/bid/27374
Summary:
Alice Gate2 Plus Wi-Fi routers are prone to a cross-site request-forgery vulnerability.

An attacker can exploit this issue to alter administrative configuration on affected devices. Specifically, altering the wireless encryption settings on devices has been demonstrated. Other attacks may also be possible.

17. IBM WebSphere Application Server serveServletsByClassnameEnabled Unspecified Vulnerability
BugTraq ID: 27371
Remote: Yes
Last Updated: 2008-01-22
Relevant URL: http://www.securityfocus.com/bid/27371
Summary:
IBM WebSphere Application Server is prone to an unspecified vulnerability.

Currently, very little is known about this issue. We will update this BID as more information emerges.

WebSphere Application Server 6.0 through 6.0.2.25 and 6.1 through 6.1.0.14 are vulnerable.

18. boastMachine 'mail.php' SQL Injection Vulnerability
BugTraq ID: 27369
Remote: Yes
Last Updated: 2008-01-22
Relevant URL: http://www.securityfocus.com/bid/27369
Summary:
boastMachine is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

boastMachine 3.1 is vulnerable to this issue; other versions may also be affected.

19. MediaWiki Search Bar Cross-Site Scripting Vulnerability
BugTraq ID: 27370
Remote: Yes
Last Updated: 2008-01-22
Relevant URL: http://www.securityfocus.com/bid/27370
Summary:
MediaWiki is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

20. MegaBBS 'upload.asp' Cross-Site Scripting Vulnerability
BugTraq ID: 27368
Remote: Yes
Last Updated: 2008-01-22
Relevant URL: http://www.securityfocus.com/bid/27368
Summary:
MegaBBS is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

MegaBBS 1.5.14b is vulnerable; other versions may also be affected.

21. Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
BugTraq ID: 24215
Remote: Yes
Last Updated: 2008-01-22
Relevant URL: http://www.securityfocus.com/bid/24215
Summary:
Apache is prone to multiple denial-of-service vulnerabilities.

An attacker with the ability to execute arbitrary server-side script-code can exploit these issues to stop arbitrary services on the affected computer in the context of the master webserver process; other attacks may also be possible.

22. Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
BugTraq ID: 25489
Remote: Yes
Last Updated: 2008-01-22
Relevant URL: http://www.securityfocus.com/bid/25489
Summary:
The Apache mod_proxy module is prone to a denial-of-service vulnerability.

A remote attacker may be able to exploit this issue to crash the child process. This could lead to denial-of-service conditions if the server is using a multithreaded Multi-Processing Module (MPM).

23. Apache HTTP Server Mod_Cache Denial of Service Vulnerability
BugTraq ID: 24649
Remote: Yes
Last Updated: 2008-01-22
Relevant URL: http://www.securityfocus.com/bid/24649
Summary:
The Apache mod_cache module is prone to a denial-of-service vulnerability.

A remote attacker may be able to exploit this issue to crash the child process. This could lead to denial-of-service conditions if the server is using a multithreaded Multi-Processing Module (MPM).

24. Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
BugTraq ID: 24645
Remote: Yes
Last Updated: 2008-01-22
Relevant URL: http://www.securityfocus.com/bid/24645
Summary:
The Apache HTTP Server mod_status module is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

25. BalaBit IT Security syslog-ng NULL-Pointer Dereference Denial of Service Vulnerability
BugTraq ID: 26897
Remote: Yes
Last Updated: 2008-01-22
Relevant URL: http://www.securityfocus.com/bid/26897
Summary:
BalaBit IT Security 'syslog-ng' is prone to a denial-of-service vulnerability because it fails to adequately sanitize user-supplied input.

Attackers can leverage this issue to cause denial-of-service conditions. Given the nature of this issue, attackers may also be able to execute arbitrary code, but this has not been confirmed.

This issue affects versions prior to syslog-ng and syslog-ng-premium-edition 2.0.6 and 2.1.8.

26. Cairo PNG Image Processing Remote Integer Overflow Vulnerability
BugTraq ID: 26650
Remote: Yes
Last Updated: 2008-01-22
Relevant URL: http://www.securityfocus.com/bid/26650
Summary:
Cairo is prone to an integer-overflow vulnerability because it fails to ensure that integer values aren't overrun. Attackers may exploit this issue to overflow a buffer and to corrupt process memory.

Attackers may be able to execute arbitrary machine code in the context of an affected application. Failed exploit attempts will likely result in a denial-of-service condition.

This issue affects versions prior to Cairo 1.4.12.

27. X.Org X 'Server X:1 -sp' Command Information Disclosure Vulnerability
BugTraq ID: 27356
Remote: No
Last Updated: 2008-01-24
Relevant URL: http://www.securityfocus.com/bid/27356
Summary:
X.Org X Server is prone to a local information-disclosure vulnerability.

Attackers can exploit this issue to gain access to sensitive information that may lead to further attacks.

NOTE: This vulnerability was previously covered in BID 27336 (X.Org X Server Multiple Local Privilege Escalation and Information Disclosure Vulnerabilities), but has been given its own record to better document the issue.

28. X.Org X Server 'PassMessage' Request Local Privilege Escalation Vulnerability
BugTraq ID: 27354
Remote: No
Last Updated: 2008-01-24
Relevant URL: http://www.securityfocus.com/bid/27354
Summary:
X.Org X Server is prone to a local privilege-escalation vulnerability.

Attackers can exploit this issue to execute arbitrary code with superuser privileges. Successfully exploiting this issue will result in the complete compromise of an affected computer. Failed exploit attempts will likely crash the computer.

NOTE: This vulnerability was previously covered in BID 27336 (X.Org X Server Multiple Local Privilege Escalation and Information Disclosure Vulnerabilities), but has been given its own record to better document the issue.

29. X.Org X Server 'Xinput' Extension Local Privilege Escalation Vulnerability
BugTraq ID: 27351
Remote: No
Last Updated: 2008-01-24
Relevant URL: http://www.securityfocus.com/bid/27351
Summary:
X.Org X Server is prone to a local privilege-escalation vulnerability.

Attackers can exploit this issue to execute arbitrary code with superuser privileges or to crash the affected computer.

NOTE: This vulnerability was previously covered in BID 27336 (X.Org X Server Multiple Local Privilege Escalation and Information Disclosure Vulnerabilities), but has been given its own record to better document the issue.

30. X.Org X Server 'MIT-SHM' Local Privilege Escalation Vulnerability
BugTraq ID: 27350
Remote: No
Last Updated: 2008-01-24
Relevant URL: http://www.securityfocus.com/bid/27350
Summary:
X.Org X Server is prone to a local privilege-escalation vulnerability.

Attackers can exploit this issue to execute arbitrary code with superuser privileges or to crash the affected computer.

NOTE: This vulnerability was previously covered in BID 27336 (X.Org X Server Multiple Local Privilege Escalation and Information Disclosure Vulnerabilities), but has been given its own record to better document the issue.

31. Tikiwiki CMS 'tiki-listmovies.php' Directory Traversal Vulnerability
BugTraq ID: 27008
Remote: Yes
Last Updated: 2008-01-24
Relevant URL: http://www.securityfocus.com/bid/27008
Summary:
Tikiwiki CMS is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data.

Exploiting this issue may allow an attacker to access sensitive information that could aid in further attacks.

Versions prior to Tikiwiki CMS 1.9.9 are vulnerable.

32. TikiWiki 'tiki-special_chars.php' Cross-Site Scripting Vulnerability
BugTraq ID: 27004
Remote: Yes
Last Updated: 2008-01-24
Relevant URL: http://www.securityfocus.com/bid/27004
Summary:
TikiWiki is prone a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

TikiWiki 1.9.8.3 is vulnerable; prior versions may also be affected.

33. Cisco PIX and ASA Appliance 'TTL Decrement' Denial of Service Vulnerability
BugTraq ID: 27418
Remote: Yes
Last Updated: 2008-01-24
Relevant URL: http://www.securityfocus.com/bid/27418
Summary:
Multiple Cisco security appliances are prone to a denial-of-service vulnerability when the Time-To-Live (TTL) decrement feature is enabled for handling IP packets.

An attacker can exploit this issue to cause the affected devices to reload, denying service to legitimate users. Repeat attacks will result in a prolonged denial-of-service condition.

The following devices are affected:

Cisco PIX 500 Series Security Appliance
Cisco 5500 Series Adaptive Security Appliance (ASA)

Devices running software versions from 7.2(2) and up to 7.2(3)006 or 8.0(3) that have the TTL decrement feature enabled are vulnerable to this issue.

NOTE: The TTL decrement feature is not configured by default on the devices listed above. Devices that do not support the TTL decrement feature are not vulnerable.

34. SDL_image Invalid GIF File LWZ Minimum Code Size Remote Buffer Overflow Vulnerability
BugTraq ID: 27417
Remote: Yes
Last Updated: 2008-01-24
Relevant URL: http://www.securityfocus.com/bid/27417
Summary:
The SDL_image library is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input. The issue occurs when handling malformed GIF images.

Attackers can leverage this issue to execute arbitrary code in the context of an application using the library. Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will cause denial-of-service conditions.

Versions prior to SDL_image 1.2.7 are vulnerable.

35. PHP cURL 'safe mode' Security Bypass Vulnerability
BugTraq ID: 27413
Remote: Yes
Last Updated: 2008-01-24
Relevant URL: http://www.securityfocus.com/bid/27413
Summary:
PHP cURL is prone to a 'safe mode' security-bypass vulnerability.

Attackers can use this issue to gain access to restricted files, potentially obtaining sensitive information that may aid in further attacks.

The issue affects PHP 5.2.5 and 5.2.4.

36. LulieBlog 'voircom.php' SQL Injection Vulnerability
BugTraq ID: 27416
Remote: Yes
Last Updated: 2008-01-24
Relevant URL: http://www.securityfocus.com/bid/27416
Summary:
LulieBlog is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

LulieBlog 1.0.2 is vulnerable to this issue; other versions may also be affected.

37. Foojan WMS 'index.php' SQL Injection Vulnerability
BugTraq ID: 27415
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27415
Summary:
Foojan WMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

The issue affects Foojan WMS 1.0; other versions may also be vulnerable.

38. Mozilla Firefox chrome:// URI JavaScript File Request Information Disclosure Vulnerability
BugTraq ID: 27406
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27406
Summary:
Mozilla Firefox is prone to an information-disclosure vulnerability because it fails to restrict access to local JavaScript files.

Attackers can exploit this issue to gain access to potentially sensitive information that could aid in further attacks.

Firefox 2.0.0.11 is vulnerable; other versions may also be affected.

NOTE: For an exploit to succeed, a user must have an addon installed that does not store its contents in a '.jar' file.

39. Microsoft Windows TCP/IP ICMP Remote Denial Of Service Vulnerability
BugTraq ID: 27139
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27139
Summary:
Microsoft Windows is prone to a remote denial-of-service vulnerability because it fails to adequately handle specially crafted TCP/IP traffic.

Attackers can exploit this issue to cause affected computers to stop responding and to automatically restart. Successful attacks will deny service to legitimate users. The discoverer of this issue reports that code execution may also be possible, but this has not been confirmed.

NOTE: ICMP RDP (Router Discovery Protocol) must be enabled for this issue to occur. Router Discovery Processing is disabled by default on Microsoft Windows Server 2000. The option is also disabled by default on Microsoft Windows XP and Windows Server 2003, unless the host receives the 'perform router discovery' option from a DHCP server.

40. Microsoft Windows TCP/IP IGMP MLD Remote Buffer Overflow Vulnerability
BugTraq ID: 27100
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27100
Summary:
Microsoft Windows is prone to a remote buffer-overflow vulnerability because it fails to adequately handle specially crafted TCP/IP traffic.

Attackers can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful exploits will completely compromise affected computers.

NOTE: A server is vulnerable if an application or a service on the server uses IP multicast. By default, no services use multicast on Microsoft Windows Server 2003.

41. yaSSL Multiple Remote Buffer Overflow Vulnerabilities
BugTraq ID: 27140
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27140
Summary:
yaSSL is prone to multiple remote buffer-overflow vulnerabilities.

Successfully exploiting these issues allows remote attackers to execute arbitrary code in the context of applications using the library. Failed attacks will cause denial-of-service conditions.

yaSSL 1.7.5 is vulnerable to these issues; other versions are also likely to be affected.

42. PHP 5.2.3 and Prior Versions Multiple Vulnerabilities
BugTraq ID: 25498
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/25498
Summary:
PHP 5.2.3 and prior versions are prone to multiple security vulnerabilities. Successful exploits could allow an attacker to bypass security restrictions, cause a denial-of-service condition, and potentially execute code.

43. Exiv2 EXIF File Handling Integer Overflow Vulnerability
BugTraq ID: 26918
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/26918
Summary:
Exiv2 is prone to an integer-overflow vulnerability because it fails to properly verify user-supplied data when handling EXIF files.

Successful exploits of this vulnerability allow remote attackers to execute arbitrary machine code in the context of the affected application. Failed exploits may crash the application.

Exiv2 0.15 is reported vulnerable to this issue; other versions may also be affected.

44. Belong Software Site Builder Administration Pages Authentication Bypass Vulnerability
BugTraq ID: 27402
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27402
Summary:
Belong Software Site Builder is prone to a vulnerability that results in unauthorized administrative access. The application fails to authenticate users when certain pages are accessed.

Attackers can leverage this issue to compromise the application, which could aid in other attacks.

Site Builder 0.1 beta is vulnerable; other versions may also be affected.

45. Linux Kernel CIFS Transport.C Remote Buffer Overflow Vulnerability
BugTraq ID: 26438
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/26438
Summary:
The Linux kernel is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it into an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code with kernel-level privileges or cause the affected kernel to crash, denying service to legitimate users.

This issue affects version 2.6.23.1; previous versions may also be affected.

46. Linux Kernel SysFS_ReadDir NULL Pointer Dereference Vulnerability
BugTraq ID: 24631
Remote: No
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/24631
Summary:
The Linux kernel is prone to a NULL-pointer dereference vulnerability.

A local attacker can exploit this issue to crash the affected kernel, denying service to legitimate users.

UPDATE (June 26, 2007): Given the nature of this issue, remote code execution may also be possible but has not been confirmed.

47. util-linux mount umount Local Privilege Escalation Vulnerability
BugTraq ID: 25973
Remote: No
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/25973
Summary:
The 'util-linux' package is prone to a local privilege-escalation vulnerability that stems from a design error.

Exploiting this issue could allow attackers to execute arbitrary code with elevated privileges by using mount helpers such as the 'mount.nfs' application.

This vulnerability affects util-linux 2.12r; other versions may also be affected.

48. OpenSSL Montgomery Exponentiation Side-Channel Local Information Disclosure Vulnerability
BugTraq ID: 25163
Remote: No
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/25163
Summary:
OpenSSL is prone to a local information-disclosure vulnerability because of an implementation flaw in the RSA algorithm.

Successfully exploiting this issue allows local attackers to gain access to private key information of other processes that use the affected library. Information harvested may aid in further attacks.

OpenSSL 0.9.8 is vulnerable to this issue; other versions may also be affected.

49. OpenPegasus Management Server PAM Authentication 'cimservera.cpp' Buffer Overflow Vulnerability
BugTraq ID: 27188
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27188
Summary:
OpenPegasus is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

This issue occurs in the PAM (Pluggable Authentication Module) authentication code.

Attackers can leverage this issue to execute arbitrary code with superuser privileges. Successful exploits will completely compromise affected computers. Failed attacks will likely cause denial-of-service conditions.

Versions in the OpenPegasus 2.6 series are vulnerable.

50. Perl Unicode Regular Expression Buffer Overflow Vulnerability
BugTraq ID: 26350
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/26350
Summary:
Perl is prone to a buffer-overflow vulnerability because it fails to sufficiently bounds-check user-supplied input.

Successfully exploiting this issue allows attackers to execute arbitrary machine code in the context of Perl applications using regular expressions in a vulnerable manner. This facilitates the remote compromise of affected computers.

Perl 5.8 is vulnerable to this issue; other versions may also be affected.

51. OpenSSL SSL_Get_Shared_Ciphers Off-by-One Buffer Overflow Vulnerability
BugTraq ID: 25831
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/25831
Summary:
OpenSSL is prone to an off-by-one buffer-overflow vulnerability because the library fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

Successfully exploiting this issue may allow attackers to execute arbitrary machine code in the context of applications that use the affected library, but this has not been confirmed. Failed exploit attempts may crash applications, denying service to legitimate users.

NOTE: This issue was introduced in the fix for the vulnerability described in BID 20249 (OpenSSL SSL_Get_Shared_Ciphers Buffer Overflow Vulnerability).

52. Samba NMBD Logon Request Remote Buffer Overflow Vulnerability
BugTraq ID: 26454
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/26454
Summary:
Samba is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

This issue occurs only when Samba is configured as a Primary or Backup Domain Controller.

Attackers can exploit this issue to cause denial-of-service conditions. Given the nature of this issue, attackers may also be able to execute remote code, but the vendor doesn't think that this is possible.

Samba 3.0.0 through 3.0.26a are vulnerable.

53. Samba NMBD_Packets.C NetBIOS Replies Stack-Based Buffer Overflow Vulnerability
BugTraq ID: 26455
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/26455
Summary:
Samba is prone to a remote stack-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.

NOTE: This issue occurs only when Samba is configured with the 'wins support' option enabled in the host's 'smb.conf' file.

An attacker can exploit this issue to execute arbitrary code in the context of the affected application. Successful attacks will completely compromise affected computers. Failed exploit attempts will result in a denial of service.

Samba 3.0.0 through 3.0.26a are vulnerable.

54. YaBB SE Cookie Security Bypass Vulnerability
BugTraq ID: 27414
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27414
Summary:
YaBB SE is prone to a security-bypass vulnerability because it fails to properly validate user credentials before performing certain actions.

Exploiting this issue may allow an attacker to obtain sensitive information, compromise the application, and execute arbitrary script code in the context of webserver process; other attacks are also possible.

This issue affects YaBB SE 1.5.5 and prior versions.

55. Lycos File Upload Component 'FileUploader.dll' ActiveX Control Buffer Overflow Vulnerability
BugTraq ID: 27411
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27411
Summary:
Lycos File Upload Component ActiveX control is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.

This issue affects 'FileUploader.dll' 2.0.0.2; other versions may also be vulnerable.

56. Apache 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
BugTraq ID: 27409
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27409
Summary:
Apache 'mod_negotiation' is prone to an HTML-injection and an HTTP response-splitting vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.

Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing an attacker to steal cookie-based authentication credentials, control how the site is rendered to the user, and influence or misrepresent how web content is served, cached, or interpreted; other attacks are also possible.

57. SetCMS 'set' Parameter Local File Include Vulnerability
BugTraq ID: 27407
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27407
Summary:
SetCMS is prone to a local file-include vulnerability because the application fails to properly initialize the 'set' parameter.

Exploiting this issue allows attackers to execute arbitrary commands in the context of the user running the application.

A successful exploit could facilitate the compromise of an affected computer; other attacks are also possible.

This issue affects SetCMS 3.6.5; other versions may also be affected.

58. PHP-Nuke Search Module 'sid' Parameter SQL Injection Vulnerability
BugTraq ID: 27408
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27408
Summary:
PHP-Nuke is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query.

Successful exploits could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.

59. EasySiteNetwork Recipe Website Script 'list.php' SQL Injection Vulnerability
BugTraq ID: 27405
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27405
Summary:
EasySiteNetwork Recipe Website Script is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

60. ELOG Cross-Site Scripting Vulnerability and Denial of Service Vulnerability
BugTraq ID: 27399
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27399
Summary:
ELOG is prone to a cross-site scripting vulnerability and a denial-of-service vulnerability because the application fails to properly handle user-supplied input.

An attacker may leverage these issues to cause denial-of-service conditions or to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

Versions prior to ELOG 2.7.1 are vulnerable.

61. Linux Kernel DO_COREDUMP Local Information Disclosure Vulnerability
BugTraq ID: 26701
Remote: No
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/26701
Summary:
The Linux kernel is prone to an information-disclosure vulnerability.

Successful exploits will allow attackers to obtain sensitive information that may aid in further attacks.

Versions of the Linux kernel prior to 2.6.24-rc4 are vulnerable.

62. Linux Kernel VFS Unauthorized File Access Vulnerability
BugTraq ID: 27280
Remote: No
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27280
Summary:
The Linux kernel is prone to an unauthorized file-access vulnerability affecting the VFS (Virtual Filesystem) module.

A local attacker can exploit this issue to access arbitrary files on the affected computer. Successfully exploiting this issue may grant the attacker elevated privileges on affected computers. Other attacks are also possible.

This issue affects kernel versions prior to 2.6.23.14.

63. Xen 'copy_to_user()' Local Security Bypass Vulnerability
BugTraq ID: 26954
Remote: No
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/26954
Summary:
Xen is prone to a local security-bypass vulnerability that affects PAL emulation.

Local attackers can leverage this issue to access arbitrary memory regions from HVM guest systems. This could allow attackers to obtain potentially sensitive information that could aid in further attacks.

This issue affects Xen 3.1.2 on IA64 platforms; other versions may also be vulnerable.

64. Microsoft Excel Header Parsing Remote Code Execution Vulnerability
BugTraq ID: 27305
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27305
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.

An attacker may exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

Reportedly, the issue affects the following versions:

Microsoft Office Excel 2003 Service Pack 2
Microsoft Office Excel Viewer 2003
Microsoft Office Excel 2002
Microsoft Office Excel 2000
Microsoft Excel 2004 for Mac.

The following versions are not affected:

Microsoft Office Excel 2007
Microsoft Office Excel 2007 Service Pack 1
Microsoft Excel 2008 for Mac
Microsoft Office Excel 2003 Service Pack 3.

Few details regarding this vulnerability are available. The vendor is investigating the issue and will be releasing updates. We will update this BID when more information emerges.

65. aflog Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
BugTraq ID: 27398
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27398
Summary:
The 'aflog' program is prone to multiple input-validation vulnerabilities, including SQL-injection issues and a cross-site scripting issue, because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

These issues affect aflog 1.01; other versions may also be affected.

66. IBM WebSphere Prior to 6.0.2.25 Multiple Remote Vulnerabilities
BugTraq ID: 27400
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27400
Summary:
IBM WebSphere Application Server is prone to multiple remote vulnerabilities, including a buffer-handling vulnerability, multiple information-disclosure vulnerabilities, and several vulnerabilities with unknown impact.

Very little information is known about these issues. We will update this BID as more information emerges.

Versions prior to IBM WebSphere Application Server 6.0.2.25 are vulnerable.

67. DeluxeBB 'attachments_header.php' Cross-Site Scripting Vulnerability
BugTraq ID: 27401
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27401
Summary:
DeluxeBB is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

This issue affects DeluxeBB 1.1; other versions may also be vulnerable.

68. MoinMoin MOIN_ID Cookie Remote Authentication Bypass Vulnerability
BugTraq ID: 27404
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27404
Summary:
MoinMoin is prone to an authentication-bypass vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this issue to gain unauthorized access to the affected application, which may lead to further attacks.

Versions in the MoinMoin 1.5 series are vulnerable.

69. SAP MaxDB 'cons.exe' Remote Command Injection Vulnerability
BugTraq ID: 27206
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27206
Summary:
SAP MaxDB is prone to a remote command-injection vulnerability because the application fails to properly sanitize user-supplied input.

Successfully exploiting this issue allows remote attackers to execute arbitrary shell commands with the privileges of the database server. Multiple database commands expose this issue, including one that is available prior to authentication.

MaxDB 7.6.03 build 007 is vulnerable to this issue; other versions may also be affected.

70. HP-UX ARPA Transport Unspecified Remote Denial Of Service Vulnerability
BugTraq ID: 25147
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/25147
Summary:
HP-UX running ARPA Transport software is prone to a remote denial-of-service vulnerability.

Exploiting this issue allows attackers to cause denial-of-service conditions.

71. LulieBlog 'id' Parameter Multiple SQL Injection Vulnerabilities
BugTraq ID: 27290
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27290
Summary:
LulieBlog is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query.

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.

These issues affect LulieBlog 1.0.1; other versions may also be affected.

NOTE: To exploit these issues, the attacker may require administrative access.

72. Multiple Vendors BIND 'inet_network()' Off-by-One Buffer Overflow Vulnerability
BugTraq ID: 27283
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27283
Summary:
Multiple applications that use the 'libbind' BIND library are prone to an off-by-one buffer-overflow vulnerability because the 'inet_network()' function fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

Successfully exploiting this issue may allow attackers to execute arbitrary machine code in the context of applications that use the affected library. Failed exploit attempts may crash applications, denying service to legitimate users.

73. ClamAV BZ_GET_FAST Bzip2 Decompression Vulnerability
BugTraq ID: 27063
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27063
Summary:
ClamAV is prone to a vulnerability due to a flaw in its Bzip2 decompression support.

Successful exploits of this vulnerability may potentially allow remote attackers to execute arbitrary code in the context of the vulnerable application or to trigger denial-of-service conditions. These effects have not been confirmed.

No further technical details are currently available. We will update this BID as more information emerges.

ClamAV 0.91.2 is vulnerable to this issue; other versions may also be affected.

74. Boost Library Regular Expression Remote Denial of Service Vulnerabilities
BugTraq ID: 27325
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27325
Summary:
The Boost library is prone to a remote denial-of-service vulnerability because it fails to adequately verify user-supplied input on regular expressions.

Successful exploits may allow remote attackers to cause denial-of-service conditions on applications that use the affected library.

This issue affects Boost 1.33.1 and 1.34.1; other versions may also be affected.

75. Mantis 'Most Active Bugs' Summary Cross Site Scripting Vulnerability
BugTraq ID: 27367
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27367
Summary:
Mantis is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker can leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Versions prior to Mantis 1.1.1 are vulnerable.

76. ClamAV 'libclamav/pe.c' MEW Packed PE File Integer Overflow Vulnerability
BugTraq ID: 26927
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/26927
Summary:
ClamAV is prone to an integer-overflow vulnerability because it fails to properly verify user-supplied data.

Successful exploits of this vulnerability can allow remote attackers to execute arbitrary machine code in the context of applications using the 'libclamav' library. Failed exploits may crash the application.

ClamAV 0.91.2 is vulnerable to this issue; other versions may also be affected.

77. X.Org X Server PCF Font Parser Buffer Overflow Vulnerability
BugTraq ID: 27352
Remote: No
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27352
Summary:
X.Org X Server is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

Attackers can exploit this issue to execute arbitrary code with the privileges of the server. Failed attacks will cause denial-of-service conditions.

NOTE: This vulnerability was previously covered in BID 27336 (X.Org X Server Multiple Local Privilege Escalation and Information Disclosure Vulnerabilities), but has been given its own record to better document the issue.

78. ClamAV 'mspack.c' Off-By-One Buffer Overflow Vulnerability
BugTraq ID: 26946
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/26946
Summary:
ClamAV is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it to insufficiently sized memory buffers.

Successful exploits of this vulnerability can allow remote attackers to execute arbitrary machine code in the context of applications using the 'libclamav' library. Failed exploits may crash the application.

ClamAV 0.91.2 is vulnerable to this issue; other versions may also be affected.

79. xine-lib 'rmff_dump_cont()' Remote Heap Buffer Overflow Vulnerability
BugTraq ID: 27198
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27198
Summary:
The xine-lib library is prone to a remote heap-based buffer-overflow vulnerability. This issue occurs because the software fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition.

This issue affects xine-lib 1.1.9 and prior versions.

80. Citrix Presentation Server IMA Service Buffer Overflow Vulnerability
BugTraq ID: 27329
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27329
Summary:
Citrix Presentation Server is prone to a buffer-overflow vulnerability because the IMA service fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

Successfully exploiting this issue may allow attackers to execute arbitrary machine code in the context of the IMA server process. Failed exploit attempts will likely result in denial-of-service conditions.

The issue affects the following versions:

Citrix MetaFrame and Presentation Server 4.5 (and earlier)
Citrix Access Essentials 2.0 (and earlier)
Citrix Desktop Server 1.0 (and earlier)

81. PHP-Nuke News Module Index.PHP SQL Injection Vulnerability
BugTraq ID: 21277
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/21277
Summary:
The PHP-Nuke News module is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.

PHP-Nuke 7.9 and prior versions are vulnerable.

82. Invision Gallery Index.PHP SQL Injection Vulnerability
BugTraq ID: 20327
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/20327
Summary:
Invision Gallery is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.

83. Novemberborn sIFR 'txt' Parameter Cross-Site Scripting Vulnerability
BugTraq ID: 27394
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27394
Summary:
Novemberborn sIFR is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Versions prior to sIFR 2.0.3 and 3r278 are vulnerable.

84. GlobalLink 'GLChat.ocx' ActiveX Control 'ChatRoom()' Buffer Overflow Vulnerability
BugTraq ID: 27393
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27393
Summary:
GlobalLink 'GLChat.ocx' ActiveX control is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.

GlobalLink 'GLChat.ocx' ActiveX control 2.5.1.33 is reported affected by this issue; other versions may also be vulnerable.

85. F5 BIG-IP 'SearchString' Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 27272
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27272
Summary:
F5 BIG-IP is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

BIG-IP firmware version 9.4.3 is vulnerable; other versions may also be affected.

86. PacerCMS 'id' Parameter Multiple SQL Injection Vulnerabilities
BugTraq ID: 27397
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27397
Summary:
PacerCMS is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries.

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.

These issues affect versions prior to PacerCMS 0.6.1.

NOTE: To exploit these issues, the attacker may require 'staff member' access.

87. PacerCMS 'submit.php' Multiple HTML Injection Vulnerabilities
BugTraq ID: 27386
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27386
Summary:
PacerCMS is prone to multiple HTML-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.

Exploiting these issues may allow an attacker to execute HTML and script code in the context of the affected site, to steal cookie-based authentication credentials, or to control how the site is rendered to the user; other attacks are also possible.

Versions prior to PacerCMS 0.6.1 are vulnerable.

NOTE: This BID was originally published under the title 'PacerCMS 'submit.php' Cross-Site Scripting Vulnerability'. Further analysis reveals that these issues are HTML-injection vulnerabilities.

88. IBM WebSphere Business Modeler Repository Arbitrary File Deletion Vulnerability
BugTraq ID: 27389
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27389
Summary:
IBM WebSphere Business Modeler is prone to a vulnerability that allows users to delete arbitrary files from repositories.

Attackers can use this issue to delete arbitrary files from repositories, making the resources unavailable for legitimate users.

This issue affects IBM WebSphere Business Modeler Basic 6.0.2.1 and Advanced 6.0.2.1.

89. Fujitsu Interstage HTTP Server Multiple Unspecified Denial Of Service Vulnerabilities
BugTraq ID: 27391
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27391
Summary:
Fujitsu Interstage HTTP Server is prone to multiple unspecified denial-of-service vulnerabilities.

Remote attackers can exploit these issues to deny service to legitimate users.

Currently, very little is known about these issues. We will update this BID as more information emerges.

90. Frimousse 'explorerdir.php' File Disclosure Vulnerability
BugTraq ID: 27385
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27385
Summary:
Frimousse is prone to a vulnerability that lets attackers obtain potentially sensitive information because it fails to prevent access to arbitrary files.

An attacker can exploit this issue to download arbitrary files with the privileges of the webserver process. Information obtained may aid in further attacks.

This issue affects Frimousse 0.0.2; other versions may be vulnerable as well.

91. Small Axe Weblog 'ffile' Parameter Remote File Include Vulnerability
BugTraq ID: 27383
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27383
Summary:
Small Axe Weblog is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks are also possible.

This issue affects Small Axe Weblog 0.3.1; other versions may also be vulnerable.

92. IBM Tivoli Provisioning Manager for OS Deployment Denial of Service Vulnerability
BugTraq ID: 27387
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27387
Summary:
IBM Tivoli Provisioning Manager for OS Deployment is prone to a denial-of-service vulnerability.

A remote attacker may be able to exploit this issue to crash the server process, which could lead to denial-of-service conditions.

Versions prior to IBM Tivoli Provisioning Manager for OS Deployment 5.1.0.3 are vulnerable.

93. IBM Tivoli Business Service Manager Password Disclosure Vulnerability
BugTraq ID: 27388
Remote: No
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27388
Summary:
IBM Tivoli Business Service Manager is prone to a local password-disclosure vulnerability due to a design error.

Exploiting this issue may allow a local attacker to access certain unencrypted passwords, potentially allowing them to access the application in an unauthorized manner. This may aid in further attacks.

This issue affects IBM Tivoli Business Service Manager 4.1.1.

94. singapore Modern Template 'gallery' Parameter Cross-Site Scripting Vulnerability
BugTraq ID: 27382
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27382
Summary:
singapore Modern template is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Modern 1.3.2 and prior versions are reported vulnerable. Reports indicate that Modern 1.3.2 ships with singapore 0.10.1 by default.

95. Mooseguy Blog System 'blog.php' SQL Injection Vulnerability
BugTraq ID: 27377
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27377
Summary:
Mooseguy Blog System (MGBS) is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Mooseguy Blog System 1.0 is vulnerable to this issue; other versions may also be affected.

96. OZ Journals 'printpreview' Local File Disclosure Vulnerability
BugTraq ID: 27375
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27375
Summary:
OZ Journals is prone to a local file-disclosure vulnerability because it fails to properly sanitize user-supplied input.

Exploiting this issue may allow an unauthorized user to retrieve potentially sensitive information that may aid in further attacks.

This issue affects OZ Journals 2.1.1; other versions may also be affected.

97. AlstraSoft Forum Pay Per Post Exchange 'index.php' SQL Injection Vulnerability
BugTraq ID: 27381
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27381
Summary:
Forum Pay Per Post Exchange is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

98. IDMOS CMS 'download.php' Local File Include Vulnerability
BugTraq ID: 27379
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27379
Summary:
IDMOS is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability using directory-traversal strings to access potentially sensitive information that may aid in further attacks.

IDMOS 1.0 is vulnerable to this issue; other versions may also be affected.

99. MyBB 'private.php' SQL Injection Vulnerability
BugTraq ID: 27378
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27378
Summary:
MyBB is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

This issue affects MyBB 1.2.11; earlier versions may also be vulnerable.

100. Citadel SMTP RCPT TO Remote Buffer Overflow Vulnerability
BugTraq ID: 27376
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27376
Summary:
Citadel is prone to a buffer-overflow vulnerability because the software fails to properly bounds-check user-supplied input before copying it into an insufficiently sized memory buffer.

Attackers may exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

Versions prior to Citadel 7.11 are vulnerable to this issue.

III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Legitimate sites serving up stealthy attacks
By: Robert Lemos
The Random JS infection kit serves up malicious code that hides itself by attempting to compromise each visitor only once and using a different file name each time.
http://www.securityfocus.com/news/11501

2. Malware hitches a ride on digital devices
By: Robert Lemos
Some consumers reported that their holiday gifts came with an unwelcome passenger, a Trojan horse. Infections at the factory and in retail stores will likely become more common.
http://www.securityfocus.com/news/11499

3. Senate delays vote on spy bill
By: Robert Lemos
A bill that would modernize the United States' legal framework for eavesdropping and grant telecommunications companies retroactive immunity for wiretapping customers will have to wait until January.
http://www.securityfocus.com/news/11498

4. Researchers reverse Netflix anonymization
By: Robert Lemos
Two computer scientists show that a large set of transactional data poses privacy risks by finding a way to link movie ratings from the Netflix Prize dataset to publicly available information.
http://www.securityfocus.com/news/11497

IV. SECURITY JOBS LIST SUMMARY
-------------------------------
1. [SJ-JOB] Management, Dubai or Abu Dhabi
http://www.securityfocus.com/archive/77/486577

2. [SJ-JOB] Information Assurance Analyst, Columbia
http://www.securityfocus.com/archive/77/486578

3. [SJ-JOB] Forensics Engineer, Dubai or Abu Dhabi
http://www.securityfocus.com/archive/77/486584

4. [SJ-JOB] Account Manager, Columbia
http://www.securityfocus.com/archive/77/486576

5. [SJ-JOB] Developer, Fredericton
http://www.securityfocus.com/archive/77/486580

6. [SJ-JOB] Security Engineer, Bangalore
http://www.securityfocus.com/archive/77/486583

7. [SJ-JOB] Security Architect, Olympia/Tumwater
http://www.securityfocus.com/archive/77/486562

8. [SJ-JOB] Management, Omaha, Kansas City, Minneapolis
http://www.securityfocus.com/archive/77/486566

9. [SJ-JOB] Software Engineer, Fredericton
http://www.securityfocus.com/archive/77/486581

10. [SJ-JOB] Sales Engineer, Omaha, Kansas City, Minneapolis
http://www.securityfocus.com/archive/77/486563

11. [SJ-JOB] Security System Administrator, Columbia
http://www.securityfocus.com/archive/77/486565

12. [SJ-JOB] VP / Dir / Mgr engineering, Fredericton
http://www.securityfocus.com/archive/77/486568

13. [SJ-JOB] Information Assurance Engineer, Washington
http://www.securityfocus.com/archive/77/486571

14. [SJ-JOB] Developer, Fredericton
http://www.securityfocus.com/archive/77/486575

15. [SJ-JOB] Sales Engineer, San Francisco
http://www.securityfocus.com/archive/77/486564

16. [SJ-JOB] Sr. Security Analyst, Omaha, Kansas City, Minneapolis
http://www.securityfocus.com/archive/77/486567

17. [SJ-JOB] Security Engineer, Washington
http://www.securityfocus.com/archive/77/486569

18. [SJ-JOB] Security Engineer, Schaumburg
http://www.securityfocus.com/archive/77/486572

19. [SJ-JOB] Sales Engineer, Atlanta
http://www.securityfocus.com/archive/77/486573

20. [SJ-JOB] Security Architect, Washington D.C.
http://www.securityfocus.com/archive/77/486582

21. [SJ-JOB] Security Engineer, Schaumburg
http://www.securityfocus.com/archive/77/486550

22. [SJ-JOB] Sales Engineer, Philadelphia
http://www.securityfocus.com/archive/77/486555

23. [SJ-JOB] Auditor, Various Locations - Internationally
http://www.securityfocus.com/archive/77/486553

24. [SJ-JOB] Technical Support Engineer, St. Louis
http://www.securityfocus.com/archive/77/486554

25. [SJ-JOB] Application Security Architect, Glendale
http://www.securityfocus.com/archive/77/486556

26. [SJ-JOB] Management, New York
http://www.securityfocus.com/archive/77/486559

27. [SJ-JOB] Senior Software Engineer, Austin
http://www.securityfocus.com/archive/77/486579

28. [SJ-JOB] Sales Engineer, New York
http://www.securityfocus.com/archive/77/486552

29. [SJ-JOB] Sales Representative, New York
http://www.securityfocus.com/archive/77/486560

30. [SJ-JOB] Security Engineer, Washington
http://www.securityfocus.com/archive/77/486561

31. [SJ-JOB] Sales Representative, New York
http://www.securityfocus.com/archive/77/486570

32. [SJ-JOB] Sales Representative, Atlanta
http://www.securityfocus.com/archive/77/486574

33. [SJ-JOB] Sr. Security Analyst, Austin
http://www.securityfocus.com/archive/77/486545

34. [SJ-JOB] Application Security Architect, Delhi
http://www.securityfocus.com/archive/77/486547

35. [SJ-JOB] Sr. Security Analyst, Austin
http://www.securityfocus.com/archive/77/486548

36. [SJ-JOB] Sales Engineer, Dallas
http://www.securityfocus.com/archive/77/486549

37. [SJ-JOB] Sales Engineer, San Francisco
http://www.securityfocus.com/archive/77/486551

38. [SJ-JOB] Auditor, Phoenix
http://www.securityfocus.com/archive/77/486544

39. [SJ-JOB] Sr. Security Engineer, Brooklyn (Metrotech)
http://www.securityfocus.com/archive/77/486546

40. [SJ-JOB] Security Consultant, Palm Beach
http://www.securityfocus.com/archive/77/486557

41. [SJ-JOB] Sr. Security Engineer, Alexandria
http://www.securityfocus.com/archive/77/486558

42. [SJ-JOB] Software Engineer, Herndon
http://www.securityfocus.com/archive/77/486540

43. [SJ-JOB] Principal Software Engineer, Pune
http://www.securityfocus.com/archive/77/486541

44. [SJ-JOB] Security Engineer, West Des Moines
http://www.securityfocus.com/archive/77/486542

45. [SJ-JOB] Penetration Engineer, Los Angeles
http://www.securityfocus.com/archive/77/486543

46. [SJ-JOB] Penetration Engineer, Arlington
http://www.securityfocus.com/archive/77/486538

47. [SJ-JOB] Technical Support Engineer, Beijing
http://www.securityfocus.com/archive/77/486539

48. [SJ-JOB] Penetration Engineer, Arlington
http://www.securityfocus.com/archive/77/486527

49. [SJ-JOB] Sales Engineer, Northern VA, MD, DC
http://www.securityfocus.com/archive/77/486531

50. [SJ-JOB] Sr. Security Analyst, San Francisco
http://www.securityfocus.com/archive/77/486525

51. [SJ-JOB] Sales Engineer, Washington D.C.
http://www.securityfocus.com/archive/77/486526

52. [SJ-JOB] Sr. Product Manager, CUPERTINO
http://www.securityfocus.com/archive/77/486530

V. INCIDENTS LIST SUMMARY
---------------------------
1. DNS CACHE POISONING? - Our Portal is redirecting to our first competition
http://www.securityfocus.com/archive/75/486799

VI. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. FTP on IIS
http://www.securityfocus.com/archive/88/486644

2. SecurityFocus Microsoft Newsletter #377
http://www.securityfocus.com/archive/88/486480

VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
X. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

XI. SPONSOR INFORMATION
------------------------
This issue is Sponsored by: Black Hat Europe

Attend Black Hat Europe, March 25-28, Amsterdam, Europe's premier technical event for ICT security experts. Featuring hands-on training courses and Briefings presentations with lots of new content. Network with 400+ delegates from 30 nations and review products by leading vendors in a relaxed setting. Black Hat Europe is supported by most leading European infosec associations.

www.blackhat.com

No comments:

Blog Archive