The Week in Photos: Android, Alienware, and Mars

May 30, 2008

View online | Manage newsletters | Unsubscribe | Send us feedback

		This week's top photo galleries 1 Google's Android comes to life Google shows off the ins and outs of its new open-source mobile platform at I/O conference in San Francisco. 2 Cracking open the Alienware Area 51 m15x Have a close encounter with Alienware's m15x as TechRepublic's Mark Kaelin dissects the boutique manufacturer's sleek, shiny notebook. 3 Phoenix armed for Mars testing After some early glitches, NASA expects to use the Lander's robotic arm to start searching for signs of water and life on the Red Planet. 4 Phoenix Lander greeted by Mars spacecraft As the lander parachuted down toward Mars, a NASA orbiter managed to snap a picture. Plus: other pictures as the Phoenix Mars Lander prepares to start collecting and analyzing soil in hopes of finding water. 5 Gadgets for Road Trip 2008 CNET News.com reporter Daniel Terdiman is about to hit the road for a three-week jaunt through the South. Here's the gear he'll bring along. 6 Sony's OLED TVs gain star status New superthin prototype draws a crowd--including decor guru Martha Stewart--at the D6 technology and media conference. 7 Chair, engine, rotors--helicopter! If you want to make a motorized flight without being hemmed in by a fuselage (and a jetpack isn't your style), Gennai Yanagisawa may have just the thing for you. 8 Measuring home energy use in dollars and flowers Digital dashboards and gadgets monitor energy use in the home and come in a variety of forms. 9 Furnishings with a future The International Contemporary Furniture Fair, a showcase for modern design, attracted its fair share of tech-oriented, futuristic, and energy-saving devices. 10 Supersize solar power Utility-scale solar power plants--using everything from giant reflective dishes to plastic balloons--are changing the look of solar power. More from CNET News.com:  Latest image galleries:  Get more news:  Green Tech:  Business Tech:  Cutting Edge:  Wireless:  Security:  Media:  Personal Tech:
	Sign up for more free newsletters from CNET! To manage your account settings or to remove yourself from all CNET communications, please visit our Subscription Center. The e-mail address for your subscription is boy.blogger@gmail.com Unsubscribe from this e-mail | FAQ | Advertise | Privacy Policy
	Copyright 2008 CNET Networks, Inc. All rights reserved. CNET Networks, Inc. 235 Second Street San Francisco, CA 94105 U.S.A.

How To Deliver Reliable and Effective Web-Based Applications

Featured Web Seminar: Delivering Reliable and Effective Web-Based Applications Thursday, June 5, 2008 (12:00 PM EDT) Take a look at common problems that affect the successful delivery of web-based services and ideas for dealing with these potential problem areas. Web-based services have become critical components of the line-of-business applications that organizations are deploying. This means that they need to be highly available to prevent the disruption of business workflow. IT needs to be able to deliver agreed-upon levels of service to both customers and business partners with their Web-based applications. To accomplish this, they need to understand the operation of those applications and be able to monitor the components that make up their web application infrastructure. Failing to meet service levels can have a company-wide business impact, so implementing the tools and techniques that enable IT to deliver on their promises is a key requirement for delivering reliable and effective Web-based services. WHAT: Delivering Reliable and Effective Web-Based Application PRESENTER: David Chernicoff WHEN and WHERE: Thursday, June 5, 2008 (12:00 PM EDT) COST: No Cost REGISTER AT: http://www.windowsitpro.com/go/seminars/CA-Wily/WebServices Register today! For more great online events, check out Windows IT Pro Events Central. Don't keep it all to yourself...Send this valuable info to a friend!

You are subscribed as boy.blogger@gmail.com. You received this email because you have an existing business relationship with Windows IT Pro, a division of Penton Media. Periodically, we will inform you of special Penton-related shows, products and other offers that we believe you will find helpful in your business or career. To STOP receiving promotional e-mails from Windows IT Pro, please click here to opt-out. Windows IT Pro| Penton Media | 249 W. 17th Street | New York, NY 10011 | Privacy Policy

Novell Reports Financial Results for Second Fiscal Quarter 2008

Novell Reports Financial Results for Second Fiscal Quarter 2008

 - Product revenue increased 7% year-over-year

- Improved operating margin year-over-year

WALTHAM, Mass. -- May 29, 2008 -- Novell, Inc. (NASDAQ: NOVL) today announced financial results for its second fiscal quarter ended April 30, 2008. For the quarter, Novell reported net revenue of $236 million. This compares to net revenue of $232 million for the second fiscal quarter 2007. Income from operations for the second fiscal quarter 2008 was $2 million, compared to a loss from operations of $12 million for the second fiscal quarter 2007.  Income from continuing operations in the second fiscal quarter 2008 was $6 million, or $0.02 per share. This compares to a loss from continuing operations of $1 million, or $0.00 loss per share, for the second fiscal quarter 2007. Foreign currency exchange rates favorably impacted revenue by $8 million, unfavorably impacted operating expenses by $9 million and negatively impacted income from operations by $1 million year-over-year.

On a non-GAAP basis, income from operations for the second fiscal quarter 2008 was $16 million. This compares to non-GAAP income from operations of $9 million in the year-ago quarter. Non-GAAP income from continuing operations for the second fiscal quarter 2008 was $21 million, or $0.06 per share. This compares to non-GAAP income from continuing operations of $16 million, or $0.05 per share, for the second fiscal quarter 2007.

For the second fiscal quarter 2008, Novell reported $30 million of product revenue from Open Platform Solutions of which $29 million was from Linux* Platform Products, up 31% year-over-year. Product revenue from Identity and Security Management was $31 million of which Identity and Access Management was $27 million, up 13% year-over-year. Product revenue from Systems and Resource Management was $41 million, up 15% year-over-year. Workgroup product revenue of $92 million was down 1% year-over-year.

"Our business continues to gain momentum, with strong product revenue growth in Linux, Identity and Systems and Resource Management," said Ron Hovsepian, President and CEO of Novell. "We are encouraged by our results and remain confident we will achieve our financial objectives for fiscal 2008."

Cash, cash equivalents and short-term investments were $1.4 billion at April 30, 2008, down from $1.8 billion in the year-ago quarter, primarily due to the acquisition of PlateSpin and the repurchase of a portion of our debentures. Days sales outstanding in accounts receivable was 66 days at the end of the second fiscal quarter 2008, up from 64 days at the end of the year-ago quarter. Total deferred revenue was $702 million at the end of the second fiscal quarter 2008, up from $700 million at the end of the year-ago quarter. Cash flow from operations was a negative $18 million for the second fiscal quarter 2008. This compares to negative cash flow from operations of $29 million in the second fiscal quarter 2007.

During the quarter, Novell repurchased a portion of its outstanding 0.5% senior convertible debentures due 2024. To date, $135 million of cash has been used for these activities. Novell has not repurchased any shares of common stock under the share repurchase program that it announced on May 13, 2008.

Full details on Novell's reported results, including a reconciliation of the non-GAAP results, are included in the financial schedules that are a part of this release.

Financial Outlook

Novell management reiterates the following financial guidance:

For the full fiscal year 2008:

- Net revenue is expected to be between $940 million and $970 million.

- Non-GAAP operating margin is expected to be between 7% and 9%, excluding all acquisition- related intangible asset amortization.

Conference Call Notification and Web Access Detail

A live Webcast of a Novell conference call to discuss the quarter will be broadcast at 5:00 PM ET May 29, 2008, from Novell's Investor Relations Web page: http://www.novell.com/company/ir/qresults . The domestic conference call dial-in number is 866-335-5255, password "Novell", and the international dial-in number is +1-706-679-2263, password "Novell".

The call will be archived on the Novell Web site approximately two hours after its conclusion and will remain on the Web site until June 13, 2008. The call will also be available for telephone playback through midnight ET, June 13, 2008. The domestic toll-free replay number is 800-642-1687, and the international replay number is +1-706-645-9291. Replay listeners must enter conference ID number 45769805.

A copy of this press release is posted on Novell's Web site at: http://www.novell.com/company/ir/qresults/ .

Non-GAAP Financial Measures

We supplement our consolidated unaudited condensed financial statements presented in accordance with GAAP with certain non-GAAP financial measures. These non-GAAP measures include adjusted income from operations, operating margin, income from continuing operations, net income, income per share from continuing operations and net income per share both of which are based on an adjusted number of diluted weighted average shares. We provide non-GAAP financial measures to enhance an overall understanding of our current financial performance and prospects for the future and enable investors to evaluate our performance in the same way that management does. Management uses these same non-GAAP financial measures to evaluate performance, allocate resources, and determine bonuses. The non-GAAP financial measures do not replace the presentation of our GAAP financial results, but they eliminate expenses and gains that are unusual, that are excluded from analysts' consensus estimates, and/or that arise outside of the ordinary course of business, such as, but not limited to, stock-based compensation expenses, acquisition-related intangible asset amortization, restructuring expenses, asset impairments, litigation judgments and settlements, the write-off of acquired in-process research and development, and gains (losses) on the sale of business operations, long-term investments, and property, plant and equipment.

Legal Notice Regarding Forward-Looking Statements

This press release includes statements that are not historical in nature and that may be characterized as "forward-looking statements" within the meaning of the Private Securities Litigation Reform Act, including those related to future financial and operating results, future opportunities, the benefits and synergies of the company's brands, strategies and acquisitions, and the growth of the market for Linux Platform Products, Identity and Access Management, and Systems and Resource Management. You should be aware that Novell's actual results could differ materially from those contained in the forward-looking statements, which are based on current expectations of Novell management and are subject to a number of risks and uncertainties, including, but not limited to, Novell's ability to transform its business through the implementation of its strategic plan, Novell's ability to realize the benefits anticipated from the Microsoft transaction and other transactions, Novell's ability to realize the benefits anticipated from its restructuring plan, and the expected charges to be incurred and payments to be made under the restructuring plan, Novell's ability to achieve its expense targets, Novell's success in executing its Linux Platform Products, Identity and Access Management, and Systems and Resource Management strategies, Novell's ability to take a competitive position in the Linux Platform Products, Identity and Access Management, and Systems and Resource Management industries, business conditions and the general economy, market opportunities, potential new business strategies, competitive factors, sales and marketing execution, shifts in technologies or market demand, Novell's ability to integrate acquired operations and employees, and the other factors described in Novell's Annual Report on Form 10-K filed with the Securities and Exchange Commission on December 21, 2007. Novell disclaims any intention or obligation to update any forward-looking statements as a result of developments occurring after the date of this press release except as required by the securities laws.

About Novell

Novell, Inc. (NASDAQ: NOVL) delivers the best engineered, most interoperable Linux platform and a portfolio of integrated IT management software that helps customers around the world reduce cost, complexity and risk. With our infrastructure software and ecosystem of partnerships, Novell harmoniously integrates mixed IT environments, allowing people and technology to work as one. For more information, visit www.novell.com .

###

* Linux is a registered trademark of Linus Torvalds. All other third-party trademarks are the property of their respective owners.

Press Contact:

Ian Bruce

Novell

781-464-8034

ibruce@novell.com

Investor Relations Contact:

Susan Walker White

Novell

800-317-3195

swhite@novell.com

--- You are currently subscribed to press_releases as: [boy.blogger@gmail.com] To unsubscribe, please visit http://www.novell.com/info/list/index.html or forward this message to leave-5511687-50512639.4476602c1d822b8fcf4342584de82d18@list.novell.com

Could Phlash Attacks Be Your Next Big Concern?

WIN_SECURITY UPDATE_
A Penton Media Property
May 28, 2008

If you want to view this on the web go to:
http://ct.email.windowsitpro.com/rd/cts?d=33-8280-803-202-62923-831315-0-0-0-1-2-207

----------------------------------------
ADVERTISEMENT
Symantec

Messaging Management

Fundamentals eBook - Best Practices & Service Comparison
Email and messaging infrastructures are the backbone of today's business
operations, they are so essential that if they go down, an
organization's business stops. With this level of importance put on
these systems, protecting your email and messaging infrastructures is
the primary goal of email and messaging management solutions. Email and
management solutions can mitigate the risks related to information loss,
leakage, or unauthorized data access. Read this eBook to learn about the
best practices of designing an email and messaging management
infrastructure in Exchange-centric environments.

http://ct.email.windowsitpro.com/rd/cts?d=33-8280-803-202-62923-831316-0-0-0-1-2-207
----------------------------------------

IN FOCUS

--Could Phlash Attacks Be Your Next Big Concern?
by Mark Joseph Edwards, News Editor
Flash memory is great technology. It's used in many diverse ways and is
especially useful because it allows for mission-critical code to be
changed on the fly when necessary. For example, you can flash a computer
BIOS with core system-level updates, load new driver code into your
printers, and load new mini-OS code or OS-helper code into a variety of
devices such as disk drives, media players, mobile phones, PDAs, and
other embedded systems.

Unfortunately, although flash-based devices are incredibly flexible, not
everyone is aware of exactly which devices in their networks have such
memory. What's even more of a problem is that some devices can have
their flash memory updated without the need for any type of
authentication. That poses a rather obvious problem, and Rich Smith of
HP Systems Security Lab thinks it's destined to become a big security
concern.

Last week at the EUSecWest conference in London (see the URL below),
Smith revealed some of his research into a potential nightmare that he
calls called Permanent Denial of Service (PDoS), which would be induced
by a "Phlash" attack. That is to say, a Phlash attack is a condition in
which an intruder flashes a device with faulty code that renders a
device permanently disabled. You might have experienced this at your own
hand if you've ever tried--and failed--to flash a WiFi router with new
code only to discover that the update didn't complete properly and as a
result your router completely stopped working.

eusecwest.com/speakers.html#PhlashDance
(http://ct.email.windowsitpro.com/rd/cts?d=33-8280-803-202-62923-831317-0-0-0-1-2-207)

Smith thinks that because vendors are working feverishly to harden OSs
and applications, intruders will eventually turn to new targets, namely
flash-based devices. He points out that because Phlash attacks are a
one-off type of attack, they might become more appealing because a
botnet isn't necessary, as in distributed denial of service (DDoS)
attacks. So, any sort of network-enabled device that has a flash update
mechanism could potentially become a target of a Phlash attack.

Granted, many devices have authentication mechanisms that must be
surpassed before a flash update can take place. However, there are a lot
of devices in use today that either have no authentication mechanism or
are shipped with default passwords that are never changed by device
operators. The potential for a Phlash attack points out the need to
examine and possibly augment your audit procedures. In short you need to
know if you have any flash-enabled devices on your network, and if you
do, which ones are vulnerable.

I don't know of any tool that can automate such an audit process;
however, Smith has developed a generic fuzzing framework called
PhlashDance that can help identify devices that are potentially
vulnerable to Phlash attacks. Unfortunately he has no immediate plans to
release that framework, so maybe we'll see someone else come up with a
solution and make it generally available before the bad guys come up
with one and start using it to identify potential targets.

The good news is that there are no known Phlash attacks happening at
this point. In addition, some people think these attacks aren't likely
to occur. These people base their opinion on the idea that simply
destroying a device isn't attractive to bad guys because destruction
doesn't necessarily bring the kind of financial rewards that extortion
can bring. However, these attacks could start at any time--I wouldn't
underestimate the willingness of a sociopath to do harm out of sheer
spite, even if it means no financial reward. For many sick minds
destruction in and of itself is more than enough of a reward. Therefore
auditing your systems now, as best you can, is a good idea.

----------------------------------------
ADVERTISEMENT
Oracle Corporation

Oracle Database 11g Application Development

Oracle Database 11g has the same features and functionality on Windows
as on Linux and UNIX. However, significant work has been done to take
advantage of Windows-specific operating system features to improve
scalability.This paper will also discuss the support of a cluster file
system, 64-bit file I/O, and raw files increasing performance and
manageability.
http://ct.email.windowsitpro.com/rd/cts?d=33-8280-803-202-62923-831318-0-0-0-1-2-207
----------------------------------------

SECURITY NEWS AND FEATURES

--Companies Placing More Focus on Security
CompTIA reports that on average, companies are placing more focus on
security as the years roll on. Security-related budgets are up, as is
proactive prevention, including security-related training.
To view the full article go to:
http://ct.email.windowsitpro.com/rd/cts?d=33-8280-803-202-62923-831319-0-0-0-1-2-207

--Inactive Accounts Indicate Insufficient Audits
A recent survey shows that 42 percent of businesses have no idea how
many logon accounts are no longer needed. The results indicate that
internal security audits are either lacking or severely insufficient.
To view the full article go to:
http://ct.email.windowsitpro.com/rd/cts?d=33-8280-803-202-62923-831320-0-0-0-1-2-207

--Microsoft Offers to Share Security Info
Microsoft announced that it has opened up its Security Cooperation
Program (SCP) to Computer Emergency Response Teams (CERTs) around the
world. Previously the company announced that it would share information
with law enforcement agencies.
To view the full article go to:
http://ct.email.windowsitpro.com/rd/cts?d=33-8280-803-202-62923-831321-0-0-0-1-2-207

--Beware of Malware Filters Bearing False Positives
Earlier this week, the Haute Secure content-monitoring service blocked
Donn Edwards, a longtime reader of Paul Thurrott's WinInfo--one of
Windowsitpro.com's most popular sites--from accessing the site. Donn's
initial thought was that the blacklisting was a mistake, and he emailed
Haute Secure. Read the article to find out what happened next.
To view the full article go to:
http://ct.email.windowsitpro.com/rd/cts?d=33-8280-803-202-62923-831322-0-0-0-1-2-207

--Microsoft's Free Antivirus and Antispyware Scanner Offers a Trusty
Second Opinion
Tucked into Microsoft Windows Live OneCare's product group is a free
scanning service called Safety Scanner. Internet-based and easy to use,
it provides a great second opinion when you're troubleshooting infected
computers. You can run a full scan or focus on protection, cleaning
registry files, or defragging the hard drive.
To view the full article go to:
http://ct.email.windowsitpro.com/rd/cts?d=33-8280-803-202-62923-831323-0-0-0-1-2-207

--Recent Security Vulnerabilities
If you subscribe to this newsletter, you also receive Security Alerts,
which inform you about recently discovered security vulnerabilities. You
can also find information about these discoveries at

www.windowsitpro.com/departments/departmentid/752/752.html
(http://ct.email.windowsitpro.com/rd/cts?d=33-8280-803-202-62923-831324-0-0-0-1-2-207)

GIVE AND TAKE

--SECURITY MATTERS BLOG: Heads Up: Mobile Phone Forensics
by Mark Joseph Edwards
Ever needed to get at the data in a mobile phone to collect forensic
evidence? Learn about a tool that can help in this blog entry.

windowsitpro.com/blog/index.cfm?action=BlogIndex&DepartmentID=949
(http://ct.email.windowsitpro.com/rd/cts?d=33-8280-803-202-62923-831325-0-0-0-1-2-207)

--FAQ: Consolidating Active Directory Forests
by John Savill
Q. What are some of the advantages of consolidating forests to a single
Active Directory (AD) domain?

Find the answer at

windowsitpro.com/article/articleid/99234
(http://ct.email.windowsitpro.com/rd/cts?d=33-8280-803-202-62923-831326-0-0-0-1-2-207)

--FROM THE FORUM: Web Mail Security Risks?
A forum reader writes that his company is reviewing their IT policies,
and in particular they are looking at user access to non-business Web
mail services such as Hotmail, Yahoo, Gmail, etc. He wonders what
security risks are created by allowing such access. Offer your
perspective at the URL below:

forums.windowsitpro.com/web/forum/messageview.aspx?catid=42&threadid=90196&enterthread=y
(http://ct.email.windowsitpro.com/rd/cts?d=33-8280-803-202-62923-831327-0-0-0-1-2-207)

--SHARE YOUR SECURITY TIPS AND GET $100
Share your security-related tips, comments, or problems and solutions in
Security Pro VIP's Reader to Reader column. Email your contributions to
r2r@securityprovip.com (mailto:r2r@securityprovip.com). If we print your
submission, you'll get $100. We edit submissions for style, grammar, and
length.

RESOURCES AND EVENTS

Making Web Applicatons Perform Better: What to Watch, How to Watch It,
and How to Fix It

David Chernicoff discusses the common problems of Web applications and
how to prevent them. Web applications are often the first thing your
customers see and how they develop their impression of your business.
Even internal Web-based applications have a direct effect on your
business processes. Poorly performing applications can have a serious
impact on your workflow, and diagnosing problems with your Web
applications can be very complex and cumbersome. Join David Chernicoff
for this Web seminar as he discusses how to identify and prevent common
Web application problems.

http://ct.email.windowsitpro.com/rd/cts?d=33-8280-803-202-62923-831328-0-0-0-1-2-207
(http://ct.email.windowsitpro.com/rd/cts?d=33-8280-803-202-62923-831329-0-0-0-1-2-207)

Virtualization Essential Online Conference, June 24, 2008

Learn virtualization basics at this free online event. Discover how to
reduce IT costs while increasing the efficiency, utilization, and
flexibility of your existing hardware. You'll have a better
understanding of how virtualization delivers energy-saving economies
while promoting agility. Join Windows IT Pro for this interactive
real-life simulation and experience networking and interactive tools,
staffed sponsor booths, and educational chats to complement each
conference session.

http://ct.email.windowsitpro.com/rd/cts?d=33-8280-803-202-62923-831330-0-0-0-1-2-207
(http://ct.email.windowsitpro.com/rd/cts?d=33-8280-803-202-62923-831331-0-0-0-1-2-207)

Are You Storing Too Much Electronic Information?

It's absolutely essential to implement and automate effective email
retention policies in balance with managing the costs and risks
associated with electronically stored information. However, it's tough
to know whether your retention policies and approach dovetail
effectively with today's complex regulations, standards, and guidelines
for business records. Get expert legal advice and better understanding
of what you're required to do as an IT professional in this on-demand
Web seminar.

http://ct.email.windowsitpro.com/rd/cts?d=33-8280-803-202-62923-831332-0-0-0-1-2-207
(http://ct.email.windowsitpro.com/rd/cts?d=33-8280-803-202-62923-831333-0-0-0-1-2-207)

FEATURED WHITE PAPER

Are Your Data Protection and Recovery Methods Stale?

What happens when your Exchange server's hard drive array fails, and the
president of your company calls looking for his email about a major
purchase that he and several other executives have been working on all
day? Learn about continuous data protection (CDP) by downloading this
white paper today and avoid having to ask your boss "How much data loss
is acceptable?"

http://ct.email.windowsitpro.com/rd/cts?d=33-8280-803-202-62923-831334-0-0-0-1-2-207
(http://ct.email.windowsitpro.com/rd/cts?d=33-8280-803-202-62923-831335-0-0-0-1-2-207)

ANNOUNCEMENTS

Don't miss your LAST CHANCE to register for "Mastering Exchange 2007,
Server Management"!

Save time and manage your servers more easily with Mark Arnold's insider
tips and expert how-tos, and get started with basic PowerShell commands.
The three info-packed sessions at the May 29th event will include
real-world transport rule examples, high-availability options, PLUS a
live Q&A session, all for only $99. It's like getting three seminars for
the price of one! Register today at

www.windowsitpro.com/elearning/index.cfm?fuseaction=dynamic&v=5119&p=5161&code=&eventid=29&code=update
(www.windowsitpro.com/elearning/index.cfm?fuseaction=dynamic&v=5119&p=5161&code=&eventid=29&code=update)

Rev Up Your IT Know-How with Our Recharged Magazine!

The improved Windows IT Pro is packed with trusted content and enhanced
with a fresh new look! Subscribe today to

--Stay ahead of industry trends with comprehensive coverage of topics
such as
Vista and virtualization

--Solve tough technical problems with advice from veteran IT experts
such as Guido Grillenmeier and Mark Minasi

--Find real-world solutions easily with fast facts and quick tips

store.pentontech.com/index.cfm?s=1&promocode=EU2085R1&
(http://ct.email.windowsitpro.com/rd/cts?d=33-8280-803-202-62923-831336-0-0-0-1-2-207)

Windows IT Pro Is Your Definitive Source for BI Tools

--Learn from the top BI experts such as Derek Comingore, Dan Holme,
Michelle A. Poolet, and Rodney Landrum.

--Build the best platforms and reports with help from SQL Server
Magazine.

--Master data-delivery with front-end solutions in Windows IT Pro.

--Get how-to information, industry trends, and commentary by experts:
Subscribe to the Essential BI UPDATE e-newsletter.

Choose the resource that's right for you at

http://ct.email.windowsitpro.com/rd/cts?d=33-8280-803-202-62923-831337-0-0-0-1-2-207
(http://ct.email.windowsitpro.com/rd/cts?d=33-8280-803-202-62923-831338-0-0-0-1-2-207)

CONTACT US
Security UDPATE is brought to you by the Windows IT Pro Web site's
Security page (first URL below) and Security Pro VIP (second URL
below).

http://ct.email.windowsitpro.com/rd/cts?d=33-8280-803-202-62923-831339-0-0-0-1-2-207

http://ct.email.windowsitpro.com/rd/cts?d=33-8280-803-202-62923-831340-0-0-0-1-2-207

You are subscribed to this newsletter as boy.blogger@gmail.com

Manage your Security UPDATE subscription at
http://ct.email.windowsitpro.com/rd/cts?d=33-8280-803-202-62923-831341-0-0-0-1-2-207.

To unsubscribe:
http://ct.email.windowsitpro.com/rd/cts?d=33-8280-803-202-62923-831342-0-0-0-1-2-207&list_id=803&email=boy.blogger@gmail.com&message_id=8280

Be sure to add Security_UPDATE@email.windowsitpro.com
to your spam filter's list of allowed senders.

To contact us:
About Security UPDATE content -- mailto:letters@windowsitpro.com
About technical questions -- http://ct.email.windowsitpro.com/rd/cts?d=33-8280-803-202-62923-831343-0-0-0-1-2-207

About your product news -- mailto:products@windowsitpro.com
About your subscription -- mailto:windowsitproupdate@windowsitpro.com
About sponsoring Security UPDATE -- mailto:salesopps@windowsitpro.com

View the Windows IT Pro privacy policy at

http://ct.email.windowsitpro.com/rd/cts?d=33-8280-803-202-62923-831344-0-0-0-1-2-207

Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department

Copyright 2008, Penton Media, Inc. All rights reserved.

SecurityFocus Linux Newsletter #391

SecurityFocus Linux Newsletter #391
----------------------------------------

This issue is sponsored by Black Hat USA:

Attend Black Hat USA, August 2-7 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 40 hands-on training courses and 80 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 50 nations. Visit product displays by 30 top sponsors in a relaxed setting.

www.blackhat.com

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1. Anti-Social Networking
2. Thinking Beyond the Ivory Towers
II. LINUX VULNERABILITY SUMMARY
1. mtr 'split.c' Remote Stack Buffer Overflow Vulnerability
2. GnuTLS Prior to 2.2.5 Multiple Remote Vulnerabilities
3. Linux Kernel 'hrtimer_forward()' Local Denial of Service Vulnerability
4. libxslt XSL File Processing Buffer Overflow Vulnerability
5. SETroubleShoot sealert Insecure Temporary File Creation Vulnerability
6. vsftpd FTP Server 'deny_file' Option Remote Denial of Service Vulnerability
7. SETroubleShoot sealert Arbitrary Script Injection Vulnerability
8. Snort Time To Live Fragment Reassembly Security Bypass Weakness
9. Sun Java System Web Server Advanced Search Mechanism Cross-Site Scripting Vulnerability
III. LINUX FOCUS LIST SUMMARY
1. CfP hack.lu 2008
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Anti-Social Networking
By Mark Rasch
On May 15, 2008, a federal grand jury Los Angeles indicted 49-year-old Lori Drew of O.Fallon, Missouri, on charges of unauthorized access to a computer, typically used in hacking cases. Yet, Drew's alleged actions had little to do with computer intrusions.

http://www.securityfocus.com/columnists/473

2. Thinking Beyond the Ivory Towers
By Dave Aitel
In the information-security industry, there are clear and vast gaps in the way academia interacts with professional researchers. While these gaps will be filled in due time, their existence means that security professionals outside the hallowed halls of colleges and universities need to be aware of the differences in how researchers and professionals think.

http://www.securityfocus.com/columnists/472

II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. mtr 'split.c' Remote Stack Buffer Overflow Vulnerability
BugTraq ID: 29290
Remote: Yes
Date Published: 2008-05-20
Relevant URL: http://www.securityfocus.com/bid/29290
Summary:
The 'mtr' utility is prone to a remote stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary code with superuser privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.

2. GnuTLS Prior to 2.2.5 Multiple Remote Vulnerabilities
BugTraq ID: 29292
Remote: Yes
Date Published: 2008-05-20
Relevant URL: http://www.securityfocus.com/bid/29292
Summary:
GnuTLS is prone to multiple remote vulnerabilities, including:

- A buffer-overflow vulnerability
- Multiple denial-of-service vulnerabilities

An attacker can exploit these issues to execute arbitrary code within the context of the affected application or crash the application, denying service to legitimate users.

Versions prior to GnuTLS 2.2.5 are vulnerable.

3. Linux Kernel 'hrtimer_forward()' Local Denial of Service Vulnerability
BugTraq ID: 29294
Remote: No
Date Published: 2008-05-20
Relevant URL: http://www.securityfocus.com/bid/29294
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability because it fails to properly handle certain large timer expiry values.

Attackers can exploit this issue to cause the application to enter an infinite loop, denying service to legitimate users.

This issue affects the Linux kernel 2.6.21-rc4 and prior version srunning on 64-bit architectures.

4. libxslt XSL File Processing Buffer Overflow Vulnerability
BugTraq ID: 29312
Remote: Yes
Date Published: 2008-05-21
Relevant URL: http://www.securityfocus.com/bid/29312
Summary:
The 'libxslt' library is prone to a buffer-overflow vulnerability because the software fails to perform adequate boundary checks on user-supplied data.

An attacker may exploit this issue to execute arbitrary code with the privileges of the user running an application that relies on the affected library. Failed exploit attempts will likely result in denial-of-service conditions.

This issue affects libxslt 1.1.23 and prior versions.

5. SETroubleShoot sealert Insecure Temporary File Creation Vulnerability
BugTraq ID: 29320
Remote: No
Date Published: 2008-05-21
Relevant URL: http://www.securityfocus.com/bid/29320
Summary:
SETroubleShoot sealert creates temporary files in an insecure way.

An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application. This may result in denial-of-service conditions; other attacks are also possible.

6. vsftpd FTP Server 'deny_file' Option Remote Denial of Service Vulnerability
BugTraq ID: 29322
Remote: Yes
Date Published: 2008-05-21
Relevant URL: http://www.securityfocus.com/bid/29322
Summary:
The 'vsftpd' FTP server is prone to a remote denial-of-service vulnerability because it fails to free allocated memory.

Successfully exploiting this issue allows remote attackers to crash the affected application, denying service to legitimate users.

7. SETroubleShoot sealert Arbitrary Script Injection Vulnerability
BugTraq ID: 29324
Remote: No
Date Published: 2008-05-21
Relevant URL: http://www.securityfocus.com/bid/29324
Summary:
SETroubleShoot sealert is prone to a script-injection vulnerability when handling certain log records.

Attackers can exploit the issue to execute arbitrary script code in the browser of an unsuspecting user.

8. Snort Time To Live Fragment Reassembly Security Bypass Weakness
BugTraq ID: 29327
Remote: Yes
Date Published: 2008-05-21
Relevant URL: http://www.securityfocus.com/bid/29327
Summary:
Snort is prone to a security-bypass weakness because of a design error affected by the Time To Live values of disassembled network packets.

Attackers can exploit this issue to bypass all Snort rules. This may facilitate further attacks.

This issue affects Snort 2.8 and 2.6 on multiple platforms.

9. Sun Java System Web Server Advanced Search Mechanism Cross-Site Scripting Vulnerability
BugTraq ID: 29355
Remote: Yes
Date Published: 2008-05-23
Relevant URL: http://www.securityfocus.com/bid/29355
Summary:
Sun Java System Web Server is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of a site that uses the affected functionality. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

This issue affects Sun Java System Web Server 6.1 and 7.0 for SPARC, x86, Linux, Windows, HP-UX, and AIX platforms.

III. LINUX FOCUS LIST SUMMARY
---------------------------------
1. CfP hack.lu 2008
http://www.securityfocus.com/archive/91/492320

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is sponsored by Black Hat USA:

Attend Black Hat USA, August 2-7 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 40 hands-on training courses and 80 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 50 nations. Visit product displays by 30 top sponsors in a relaxed setting.

www.blackhat.com

SecurityFocus Newsletter #455

SecurityFocus Newsletter #455
----------------------------------------

This issue is sponsored by Black Hat USA:

Attend Black Hat USA, August 2-7 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 40 hands-on training courses and 80 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 50 nations. Visit product displays by 30 top sponsors in a relaxed setting.

www.blackhat.com

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1. Anti-Social Networking
2. Thinking Beyond the Ivory Towers
II. BUGTRAQ SUMMARY
1. Mambo Prior to 4.6.4 Multiple Input Validation Vulnerabilities
2. ClassSystem Multiple SQL Injection Vulnerabilities and Arbitrary File Upload Vulnerability
3. SETroubleShoot sealert Insecure Temporary File Creation Vulnerability
4. SAP Web Application Server '/sap/bc/gui/sap/its/webgui/' Cross-Site Scripting Vulnerability
5. Mozilla Firefox JSframe Heap Corruption Denial of Service Vulnerability
6. Cisco Service Control Engine SSH Server Multiple Denial of Service Vulnerabilities
7. Cisco Unified Customer Voice Portal Unspecified Privilege Escalation Vulnerability
8. Cisco IOS SSH Multiple Denial of Service Vulnerabilities
9. IBM Lotus Domino Web Server Unspecified Cross Site Scripting Vulnerability
10. libxslt XSL File Processing Buffer Overflow Vulnerability
11. IBM Lotus Domino Web Server 'Accept Language' HTTP Header Buffer Overflow Vulnerability
12. Stunnel OCSP Certificate Validation Security Bypass Vulnerability
13. Php-Jokesite 'jokes_category.php' SQL Injection Vulnerability
14. MX-System 'index.php' SQL Injection Vulnerability
15. OpenSSH ForceCommand Command Execution Weakness
16. EntertainmentScript 'page.php' Local File Include Vulnerability
17. eCMS Multiple Security Vulnerabilities
18. Borland InterBase Malformed Packet Remote Stack Based Buffer Overflow Vulnerability
19. Mozilla Firefox/Thunderbird/SeaMonkey Character Encoding Cross-Site Scripting Vulnerabilities
20. ComicShout 'index.php' SQL Injection Vulnerability
21. DizaynPlus Nobetci Eczane Takip 'ayrinti.asp' Parameter SQL Injection Vulnerability
22. Site Tanitimlari Scripti Multiple SQL Injection Vulnerabilities
23. Mantis Multiple Input Validation Vulnerabilities
24. FireFTP 'MLSD' And 'LIST' Commands Directory Traversal Vulnerability
25. Apple iCal 'TRIGGER' Parameter Denial of Service Vulnerability
26. IBM AIX 'pioout' Local Buffer Overflow Vulnerability
27. OpenSSH X Connections Session Hijacking Vulnerability
28. phpFix Multiple SQL Injection Vulnerabilities
29. Excuse Online 'pwd.asp' SQL Injection Vulnerability
30. miniCWB 'connector.php' Multiple Cross-Site Scripting Vulnerabilities
31. Zina 'index.php' Multiple Input Validation Vulnerabilities
32. WordPress Upload File Plugin 'wp-uploadfile.php' SQL Injection Vulnerability
33. Joomla! and Mambo Alberghi Component 'id' Parameter SQL Injection Vulnerability
34. Sun Solaris 10 Unspecified SCTP Protocol Processing Remote Denial of Service Vulnerability
35. Debian OpenSSL Package Random Number Generator Weakness
36. AbleSpace 'adv_cat.php' SQL Injection Vulnerability
37. Lenovo System Update SSL Certificate Validation Security Bypass Vulnerability
38. PCPIN Chat 'inc/url_redirection.inc.php' Cross-Site Scripting Vulnerability
39. Horde Kronolith Multiple Cross-Site Scripting Vulnerabilities
40. SaraB DAR Encryption Ciphers Local Information Disclosure Vulnerability
41. Core FTP 'LIST' Command Directory Traversal Vulnerability
42. eMule Plus Unspecified Security Vulnerability
43. libpam-pgsql 'pam_pgsql.c' Authentication Bypass Vulnerability
44. Xomol CMS 'index.php' Local File Include Vulnerability
45. Xomol CMS 'index.php' SQL Injection Vulnerability
46. plusPHP Short URL Multi-User Script Remote File Include Vulnerability
47. phpRaider phpbb3 Bridge 'phpbb3.functions.php' Remote File Include Vulnerability
48. Sun Java System Web Server Advanced Search Mechanism Cross-Site Scripting Vulnerability
49. RoomPHPlanning 'resaopen.php' SQL Injection Vulnerability
50. mtr 'split.c' Remote Stack Buffer Overflow Vulnerability
51. DZOIC Handshakes 'fname' Parameter SQL Injection Vulnerability
52. GnuTLS Prior to 2.2.5 Multiple Remote Vulnerabilities
53. RoomPHPlanning 'userform.php' Unauthorized Access Vulnerability
54. Campus Bulletin Board SQL Injection and Cross-Site Scripting Vulnerabilities
55. OneCMS 'load' Parameter Local File Include Vulnerability
56. RETIRED: BosDev BosNews '/admin/index.php' Authentication Bypass Vulnerability
57. SAFARI Montage 'forgotPW.php' Multiple Cross-Site Scripting Vulnerabilities
58. PHP 5.2.5 and Prior Versions Multiple Vulnerabilities
59. PCRE Character Class Buffer Overflow Vulnerability
60. PHP 5 'php_sprintf_appendstring()' Remote Integer Overflow Vulnerability
61. Quate CMS Multiple Input Validation Vulnerabilities
62. Info-ZIP UnZip 'inflate_dynamic()' Remote Code Execution Vulnerability
63. Cerberus Helpdesk Controller Authentication Information Disclosure Vulnerability
64. Adobe Flash Player Multimedia File Remote Buffer Overflow Vulnerability
65. F5 Networks FirePass 4100 SSL VPN My.Logon.PHP3 Cross-Site Scripting Vulnerability
66. VideoLAN VLC Multiple Remote Code Execution Vulnerabilities
67. Sava CMS SQL Injection and Cross-Site Scripting Vulnerabilities
68. Xerox WorkCentre Unspecified HTML Injection Vulnerability
69. e107 BLOG Engine 'macgurublog.php' SQL Injection Vulnerability
70. vsftpd FTP Server 'deny_file' Option Remote Denial of Service Vulnerability
71. Microsoft Jet DataBase Engine MDB File Parsing Remote Buffer Overflow Vulnerability
72. Foxit Reader 'util.printf()' Remote Buffer Overflow Vulnerability
73. AbleDating 'search_results.php' Multiple Input Validation Vulnerabilities
74. WWW File Share Pro Unspecified Arbitrary File Upload Vulnerability
75. Barracuda Spam Firewall 'ldap_test.cgi' Cross-Site Scripting Vulnerability
76. BMForum Multiple Cross Site Scripting Vulnerabilities
77. phpSQLiteCMS Multiple Cross-Site Scripting Vulnerabilities
78. phpFreeForum Multiple Cross Site Scripting Vulnerabilities
79. FishSound Library Remote Speex Decoding Code Execution Vulnerability
80. xine-lib NES Sound Format Demuxer 'demux_nsf.c' Buffer Overflow Vulnerability
81. xine-lib Multiple Heap Based Remote Buffer Overflow Vulnerabilities
82. Cerulean Studios Trillian Multiple Remote Buffer Overflow Vulnerabilities
83. CA BrightStor 'AddColumn()' ListCtrl.ocx ActiveX Control Buffer Overflow Vulnerability
84. Cerberus Helpdesk Unspecified Security Vulnerability
85. Interchange Unspecified HTTP POST Request Denial Of Service Vulnerability
86. Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
87. Simpel Side Netbutikker Multiple SQL Injection Vulnerabilities
88. Simpel Side Weblosninger SQL Injection and Cross-Site Scripting Vulnerabilities
89. 6rbScript 'news.php' SQL Injection Vulnerability
90. Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
91. Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
92. Gnome-Screensaver With Compiz Lock Bypass Vulnerability
93. IBM Lotus Sametime Multiplexer Buffer Overflow Vulnerability
94. Snort Time To Live Fragment Reassembly Security Bypass Weakness
95. Sun Solaris 10 STREAM Administrative Driver Denial of Service Vulnerability
96. IBM AIX Kernel Local Buffer Overflow Vulnerability
97. IBM AIX 'iostat' Command Local Privilege Escalation Vulnerability
98. IBM AIX 'errpt' Local Buffer Overflow Vulnerability
99. Netious CMS 'index.php' SQL Injection Vulnerability
100. SETroubleShoot sealert Arbitrary Script Injection Vulnerability
III. SECURITYFOCUS NEWS
1. Legal experts wary of MySpace hacking charges
2. Admins warned of brute-force SSH attacks
3. Groups warn travelers to limit laptop data
4. Patches pose significant risk, researchers say
IV. SECURITY JOBS LIST SUMMARY
1. [SJ-JOB] Sr. Security Analyst, Fort Worth
2. [SJ-JOB] Forensics Engineer, Cambridgeshire
3. [SJ-JOB] Security Engineer, New Castle
4. [SJ-JOB] Security Consultant, New Castle
5. [SJ-JOB] Technology Risk Consultant, Boston
6. [SJ-JOB] Security Consultant, San Francisco
7. [SJ-JOB] Forensics Engineer, London
8. [SJ-JOB] Manager, Information Security, London
9. [SJ-JOB] Security Consultant, San Francisco
10. [SJ-JOB] Account Manager, San Jose
11. [SJ-JOB] Incident Handler, Wilmington
12. [SJ-JOB] Application Security Architect, New York
13. [SJ-JOB] Security Consultant, Open Location
14. [SJ-JOB] Director, Information Security, South Florida
15. [SJ-JOB] Sales Engineer, New York
16. [SJ-JOB] Application Security Engineer, Ottawa
17. [SJ-JOB] Senior Software Engineer, Alpharetta
18. [SJ-JOB] Security Engineer, Torrance
19. [SJ-JOB] Security Engineer, Reston
20. [SJ-JOB] Security Auditor, New York
21. [SJ-JOB] Security Auditor, Washington
22. [SJ-JOB] Security Auditor, chicago
23. [SJ-JOB] Sales Engineer, Philadelphia
24. [SJ-JOB] Security Auditor, San Francisco
25. [SJ-JOB] Application Security Engineer, Dallas
26. [SJ-JOB] Security Consultant, Long Island
27. [SJ-JOB] Application Security Engineer, Washington
28. [SJ-JOB] Security Consultant, New York
29. [SJ-JOB] Application Security Engineer, Los Angeles
30. [SJ-JOB] Security Consultant, chicago
31. [SJ-JOB] Security System Administrator, San Jose
32. [SJ-JOB] Application Security Engineer, San Jose
V. INCIDENTS LIST SUMMARY
VI. VULN-DEV RESEARCH LIST SUMMARY
VII. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #395
2. Binding Windows Services to Specific Addresses Only
VIII. SUN FOCUS LIST SUMMARY
IX. LINUX FOCUS LIST SUMMARY
1. CfP hack.lu 2008
X. UNSUBSCRIBE INSTRUCTIONS
XI. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Anti-Social Networking
By Mark Rasch
On May 15, 2008, a federal grand jury Los Angeles indicted 49-year-old Lori Drew of O.Fallon, Missouri, on charges of unauthorized access to a computer, typically used in hacking cases. Yet, Drew's alleged actions had little to do with computer intrusions.

http://www.securityfocus.com/columnists/473

2. Thinking Beyond the Ivory Towers
By Dave Aitel
In the information-security industry, there are clear and vast gaps in the way academia interacts with professional researchers. While these gaps will be filled in due time, their existence means that security professionals outside the hallowed halls of colleges and universities need to be aware of the differences in how researchers and professionals think.

http://www.securityfocus.com/columnists/472

II. BUGTRAQ SUMMARY
--------------------
1. Mambo Prior to 4.6.4 Multiple Input Validation Vulnerabilities
BugTraq ID: 29373
Remote: Yes
Last Updated: 2008-05-26
Relevant URL: http://www.securityfocus.com/bid/29373
Summary:
Mambo is prone to an SQL-injection vulnerability and an HTTP-response-splitting issue because the application fails to properly sanitize user-supplied input.

An attacker could exploit these vulnerabilities to access or modify data, exploit latent vulnerabilities in the underlying database, or coax victims into a false sense of security so they may divulge sensitive information.

Versions prior to Mambo 4.6.4 are vulnerable.

2. ClassSystem Multiple SQL Injection Vulnerabilities and Arbitrary File Upload Vulnerability
BugTraq ID: 29372
Remote: Yes
Last Updated: 2008-05-26
Relevant URL: http://www.securityfocus.com/bid/29372
Summary:
ClassSystem is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied data. These issues include multiple SQL-injection vulnerabilities and an arbitrary-file-upload vulnerability.

Exploiting these issues could allow an attacker to compromise the application, execute arbitrary code, access or modify data, or exploit latent vulnerabilities in the underlying database.

ClassSystem 2 and 2.3 are affected; other versions may also be vulnerable.

3. SETroubleShoot sealert Insecure Temporary File Creation Vulnerability
BugTraq ID: 29320
Remote: No
Last Updated: 2008-05-22
Relevant URL: http://www.securityfocus.com/bid/29320
Summary:
SETroubleShoot sealert creates temporary files in an insecure way.

An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application. This may result in denial-of-service conditions; other attacks are also possible.

4. SAP Web Application Server '/sap/bc/gui/sap/its/webgui/' Cross-Site Scripting Vulnerability
BugTraq ID: 29317
Remote: Yes
Last Updated: 2008-05-22
Relevant URL: http://www.securityfocus.com/bid/29317
Summary:
SAP Web Application Server is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.

SAP Web Application Server 7.0 is vulnerable; other versions may also be affected.

5. Mozilla Firefox JSframe Heap Corruption Denial of Service Vulnerability
BugTraq ID: 29318
Remote: Yes
Last Updated: 2008-05-22
Relevant URL: http://www.securityfocus.com/bid/29318
Summary:
Mozilla Firefox is prone to a remote denial-of-service vulnerability when running certain JavaScript commands on empty applets in an iframe.

Successful exploits can allow attackers to crash the affected browser, resulting in denial-of-service conditions. Given the nature of this issue, attackers may also be able to run arbitrary code, but this has not been confirmed.

This issue affects Firefox 2.0.0.14; other versions may also be vulnerable.

6. Cisco Service Control Engine SSH Server Multiple Denial of Service Vulnerabilities
BugTraq ID: 29316
Remote: Yes
Last Updated: 2008-05-22
Relevant URL: http://www.securityfocus.com/bid/29316
Summary:
Cisco SCE (Service Control Engine) devices are prone to multiple denial-of-service vulnerabilities.

Attackers can leverage these issues to disrupt system stability or cause devices to reload. Successful exploits will deny service to legitimate users.

SCE devices running versions prior to SCOS (Service Control Operating System) 3.1.6 may be affected.

7. Cisco Unified Customer Voice Portal Unspecified Privilege Escalation Vulnerability
BugTraq ID: 29315
Remote: Yes
Last Updated: 2008-05-22
Relevant URL: http://www.securityfocus.com/bid/29315
Summary:
Cisco Unified Customer Voice Portal is prone to an unspecified privilege-escalation vulnerability. Note that this issue is exploitable only by users with administrative access to the affected software.

Successfully exploiting this issue allows attackers to gain superuser access, facilitating the complete compromise of affected computers.

This issue is documented as Cisco Bug ID CSCsj93874.

8. Cisco IOS SSH Multiple Denial of Service Vulnerabilities
BugTraq ID: 29314
Remote: Yes
Last Updated: 2008-05-22
Relevant URL: http://www.securityfocus.com/bid/29314
Summary:
Cisco IOS is prone to multiple remote denial-of-service vulnerabilities affecting the SSH (Secure Shell) implementation.

Successfully exploiting these issues allows remote attackers to generate spurious memory-access errors or cause the targeted device to reload. Repeated attacks will lead to denial-of-service conditions.

These issues are tracked by Cisco Bug IDs CSCsk42419, CSCsk60020, and CSCsh51293.

These issues affect devices running 12.4-based IOS releases that have SSH configured. Note that SSH is not configured by default.

9. IBM Lotus Domino Web Server Unspecified Cross Site Scripting Vulnerability
BugTraq ID: 29311
Remote: Yes
Last Updated: 2008-05-22
Relevant URL: http://www.securityfocus.com/bid/29311
Summary:
IBM Lotus Domino Web server is prone to an unspecified cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.

The issue affects IBM Lotus Domino 6.0, 6.5, 7.0, and 8.0.

10. libxslt XSL File Processing Buffer Overflow Vulnerability
BugTraq ID: 29312
Remote: Yes
Last Updated: 2008-05-22
Relevant URL: http://www.securityfocus.com/bid/29312
Summary:
The 'libxslt' library is prone to a buffer-overflow vulnerability because the software fails to perform adequate boundary checks on user-supplied data.

An attacker may exploit this issue to execute arbitrary code with the privileges of the user running an application that relies on the affected library. Failed exploit attempts will likely result in denial-of-service conditions.

This issue affects libxslt 1.1.23 and prior versions.

11. IBM Lotus Domino Web Server 'Accept Language' HTTP Header Buffer Overflow Vulnerability
BugTraq ID: 29310
Remote: Yes
Last Updated: 2008-05-22
Relevant URL: http://www.securityfocus.com/bid/29310
Summary:
IBM Lotus Domino Server Web server is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application, which usually runs with LocalSystem privileges. Failed exploit attempts will result in a denial of service.

The issue affects IBM Lotus Domino 6.0, 6.5, 7.0, and 8.0.

12. Stunnel OCSP Certificate Validation Security Bypass Vulnerability
BugTraq ID: 29309
Remote: Yes
Last Updated: 2008-05-22
Relevant URL: http://www.securityfocus.com/bid/29309
Summary:
Stunnel is prone to a security-bypass vulnerability because the OCSP functionality fails to properly check revoked certificates.

Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks by impersonating trusted servers and authenticating with a revoked certificate. This will aid in further attacks.

This issue affects versions prior to Stunnel 4.24.

13. Php-Jokesite 'jokes_category.php' SQL Injection Vulnerability
BugTraq ID: 29308
Remote: Yes
Last Updated: 2008-05-22
Relevant URL: http://www.securityfocus.com/bid/29308
Summary:
Php-Jokesite is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Php-Jokesite 2.0 is vulnerable; other versions may also be affected.

14. MX-System 'index.php' SQL Injection Vulnerability
BugTraq ID: 29307
Remote: Yes
Last Updated: 2008-05-22
Relevant URL: http://www.securityfocus.com/bid/29307
Summary:
MX-System is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

MX-System 2.7.3 is vulnerable; other versions may also be affected.

15. OpenSSH ForceCommand Command Execution Weakness
BugTraq ID: 28531
Remote: No
Last Updated: 2008-05-22
Relevant URL: http://www.securityfocus.com/bid/28531
Summary:
OpenSSH is prone to a weakness that may allow attackers to execute arbitrary commands.

Successful exploits may allow attackers to execute arbitrary commands, contrary to the wishes of administrators and bypassing the intent of the 'ForceCommand' option.

Versions prior to OpenSSH 4.9 are vulnerable.

16. EntertainmentScript 'page.php' Local File Include Vulnerability
BugTraq ID: 29306
Remote: Yes
Last Updated: 2008-05-22
Relevant URL: http://www.securityfocus.com/bid/29306
Summary:
EntertainmentScript is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability using directory-traversal strings to view files and execute local scripts in the context of the webserver process. This may aid in further attacks.

The issue affects EntertainmentScript 1.4.0; other versions may also be vulnerable.

17. eCMS Multiple Security Vulnerabilities
BugTraq ID: 29304
Remote: Yes
Last Updated: 2008-05-22
Relevant URL: http://www.securityfocus.com/bid/29304
Summary:
eCMS is prone to multiple security vulnerabilities, including a security-bypass issue and an SQL-injection issue.

Exploiting these issues may allow an attacker to bypass certain security restrictions and gain unauthorized access to the application. The attacker can also exploit the SQL-injection issue by manipulating the SQL query logic to carry out unauthorized actions on the underlying database. This will compromise the application and may aid in further attacks.

These issues affect eCMS 0.4.2; other versions may also be affected.

18. Borland InterBase Malformed Packet Remote Stack Based Buffer Overflow Vulnerability
BugTraq ID: 29302
Remote: Yes
Last Updated: 2008-05-22
Relevant URL: http://www.securityfocus.com/bid/29302
Summary:
Borland InterBase is prone to a remote stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

Attackers can exploit this issue to execute arbitrary code in the context of the application. Failed attacks will likely cause denial-of-service conditions.

Please note that if the application runs as a Windows service, successful attacks will allow arbitrary code to run with SYSTEM-level privileges. This will lead to a complete compromise of an affected computer.

The issue affects Borland InterBase 2007 SP2; other versions may also be vulnerable.

19. Mozilla Firefox/Thunderbird/SeaMonkey Character Encoding Cross-Site Scripting Vulnerabilities
BugTraq ID: 29303
Remote: Yes
Last Updated: 2008-05-22
Relevant URL: http://www.securityfocus.com/bid/29303
Summary:
Mozilla Firefox, Thunderbird, and SeaMonkey are prone to multiple cross-site scripting vulnerabilities because of a design error. The HTML parser used by these applications fails to properly handle certain character encodings.

An attacker can exploit these issues to execute arbitrary script code in the context of the user running the application and to steal cookie-based authentication credentials and other sensitive data that may aid in further attacks.

20. ComicShout 'index.php' SQL Injection Vulnerability
BugTraq ID: 29301
Remote: Yes
Last Updated: 2008-05-21
Relevant URL: http://www.securityfocus.com/bid/29301
Summary:
ComicShout is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

ComicShout 2.5 is vulnerable; other versions may also be affected.

21. DizaynPlus Nobetci Eczane Takip 'ayrinti.asp' Parameter SQL Injection Vulnerability
BugTraq ID: 29300
Remote: Yes
Last Updated: 2008-05-21
Relevant URL: http://www.securityfocus.com/bid/29300
Summary:
DizaynPlus Nobetci Eczane Takip is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

DizaynPlus Nobetci Eczane Takip 1.0 is vulnerable; other versions may also be affected.

22. Site Tanitimlari Scripti Multiple SQL Injection Vulnerabilities
BugTraq ID: 29299
Remote: Yes
Last Updated: 2008-05-21
Relevant URL: http://www.securityfocus.com/bid/29299
Summary:
Site Tanitimlari Scripti is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

23. Mantis Multiple Input Validation Vulnerabilities
BugTraq ID: 29297
Remote: Yes
Last Updated: 2008-05-21
Relevant URL: http://www.securityfocus.com/bid/29297
Summary:
Mantis is prone to a cross-site scripting vulnerability and an arbitrary-script-execution vulnerability because it fails to adequately sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Attackers with a valid administrator account may be able to execute PHP code.

Mantis 1.1.1 is vulnerable; other versions may also be affected.

24. FireFTP 'MLSD' And 'LIST' Commands Directory Traversal Vulnerability
BugTraq ID: 29289
Remote: Yes
Last Updated: 2008-05-21
Relevant URL: http://www.securityfocus.com/bid/29289
Summary:
FireFTP is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data.

Exploiting this issue allows an attacker to write arbitrary files to locations outside of the FTP client's current directory. This could help the attacker launch further attacks.

FireFTP 0.97.1 is vulnerable; other versions may also be affected.

25. Apple iCal 'TRIGGER' Parameter Denial of Service Vulnerability
BugTraq ID: 28632
Remote: Yes
Last Updated: 2008-05-21
Relevant URL: http://www.securityfocus.com/bid/28632
Summary:
Apple iCal is prone to a denial-of-service vulnerability because it fails to handle specially crafted files.

An attacker can exploit this issue to crash the affected application, denying service to legitimate users.

This issue affects iCal 3.0.1 running on Mac OS X 10.5.1; previous versions may also be affected.

26. IBM AIX 'pioout' Local Buffer Overflow Vulnerability
BugTraq ID: 27428
Remote: No
Last Updated: 2008-05-21
Relevant URL: http://www.securityfocus.com/bid/27428
Summary:
IBM AIX is prone to a local buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

Attackers can exploit this issue to execute arbitrary code with superuser privileges. Successful exploits will completely compromise affected computers. Failed exploit attempts will result in a denial of service.

27. OpenSSH X Connections Session Hijacking Vulnerability
BugTraq ID: 28444
Remote: No
Last Updated: 2008-05-26
Relevant URL: http://www.securityfocus.com/bid/28444
Summary:
OpenSSH is prone to a vulnerability that allows attackers to hijack forwarded X connections.

Successfully exploiting this issue may allow an attacker run arbitrary shell commands with the privileges of the user running the affected application.

This issue affects OpenSSH 4.3p2; other versions may also be affected.

NOTE: This issue affects the portable version of OpenSSH and may not affect OpenSSH running on OpenBSD.

28. phpFix Multiple SQL Injection Vulnerabilities
BugTraq ID: 29371
Remote: Yes
Last Updated: 2008-05-26
Relevant URL: http://www.securityfocus.com/bid/29371
Summary:
phpFix is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

phpFix 2.0 is vulnerable; other versions may also be affected.

29. Excuse Online 'pwd.asp' SQL Injection Vulnerability
BugTraq ID: 29370
Remote: Yes
Last Updated: 2008-05-26
Relevant URL: http://www.securityfocus.com/bid/29370
Summary:
Excuse Online is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

30. miniCWB 'connector.php' Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 29368
Remote: Yes
Last Updated: 2008-05-26
Relevant URL: http://www.securityfocus.com/bid/29368
Summary:
miniCWB is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

miniCWB 2.1.1 is vulnerable; other versions may also be affected.

31. Zina 'index.php' Multiple Input Validation Vulnerabilities
BugTraq ID: 29367
Remote: Yes
Last Updated: 2008-05-26
Relevant URL: http://www.securityfocus.com/bid/29367
Summary:
Zina is prone to multiple input-validation vulnerabilities, including a cross-site scripting issue and a file-disclosure issue, because the application fails to properly sanitize user-supplied input.

An attacker can exploit these issues to execute arbitrary script code in the browser of a victim in the context of the affected application, steal cookie-based authentication credentials, or obtain information that could aid in further attacks.

Zina 1.0rc3 vulnerable; other versions may also be affected.

32. WordPress Upload File Plugin 'wp-uploadfile.php' SQL Injection Vulnerability
BugTraq ID: 29352
Remote: Yes
Last Updated: 2008-05-26
Relevant URL: http://www.securityfocus.com/bid/29352
Summary:
The Upload File plugin for WordPress is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

33. Joomla! and Mambo Alberghi Component 'id' Parameter SQL Injection Vulnerability
BugTraq ID: 28331
Remote: Yes
Last Updated: 2008-05-26
Relevant URL: http://www.securityfocus.com/bid/28331
Summary:
The Alberghi component for Joomla! and Mambo is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

This issue affects Alberghi 2.1.3; other versions may also be affected.

34. Sun Solaris 10 Unspecified SCTP Protocol Processing Remote Denial of Service Vulnerability
BugTraq ID: 29023
Remote: Yes
Last Updated: 2008-05-26
Relevant URL: http://www.securityfocus.com/bid/29023
Summary:
Sun Solaris is prone to an unspecified denial-of-service vulnerability because of SCTP (Stream Control Transmission Protocol) protocol processing.

An attacker can exploit this issue to cause the affected kernel to panic, resulting in a denial-of-service condition.

This issue affects the Solaris 10 operating system.

35. Debian OpenSSL Package Random Number Generator Weakness
BugTraq ID: 29179
Remote: Yes
Last Updated: 2008-05-26
Relevant URL: http://www.securityfocus.com/bid/29179
Summary:
The Debian OpenSSL package is prone to a random-number-generator weakness.

Attackers can exploit this issue to predict random data used to generate encryption keys by certain applications. This may help attackers compromise encryption keys and gain access to sensitive data.

This issue affects only a modified OpenSSL package for Debian prior to version 0.9.8c-4etch3.

36. AbleSpace 'adv_cat.php' SQL Injection Vulnerability
BugTraq ID: 29369
Remote: Yes
Last Updated: 2008-05-26
Relevant URL: http://www.securityfocus.com/bid/29369
Summary:
AbleSpace is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

AbleSpace 1.0 is vulnerable; other versions may also be affected.

37. Lenovo System Update SSL Certificate Validation Security Bypass Vulnerability
BugTraq ID: 29366
Remote: Yes
Last Updated: 2008-05-26
Relevant URL: http://www.securityfocus.com/bid/29366
Summary:
Lenovo System Update is prone to a security-bypass vulnerability because the application fails to properly check SSL certificates.

Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks by impersonating trusted servers, which can lead to the installation of arbitrary software on an affected computer. This may result in a complete compromise of the computer.

This issue affects Lenovo System Update 3 (Version 3.13.0005, Build date 2008-1-3); other versions may also be vulnerable.

38. PCPIN Chat 'inc/url_redirection.inc.php' Cross-Site Scripting Vulnerability
BugTraq ID: 29363
Remote: Yes
Last Updated: 2008-05-26
Relevant URL: http://www.securityfocus.com/bid/29363
Summary:
PCPIN Chat is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

This issue affects versions prior to PCPIN Chat 6.11.

39. Horde Kronolith Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 29365
Remote: Yes
Last Updated: 2008-05-26
Relevant URL: http://www.securityfocus.com/bid/29365
Summary:
Horde Kronolith is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

Specific vulnerable versions have not been provided. We will update this BID as more information emerges.

40. SaraB DAR Encryption Ciphers Local Information Disclosure Vulnerability
BugTraq ID: 29364
Remote: No
Last Updated: 2008-05-26
Relevant URL: http://www.securityfocus.com/bid/29364
Summary:
SaraB is prone to an information-disclosure vulnerability.

Successful exploits will allow attackers to obtain sensitive information that may aid in further attacks.

The issue affects versions prior to SaraB 0.2.4.

41. Core FTP 'LIST' Command Directory Traversal Vulnerability
BugTraq ID: 29362
Remote: Yes
Last Updated: 2008-05-26
Relevant URL: http://www.securityfocus.com/bid/29362
Summary:
Core FTP is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data.

Exploiting this issue allows an attacker to write arbitrary files to locations outside of the FTP client's current directory. This could help the attacker launch further attacks.

Core FTP LE/PRO 2.1 Build 1565 is vulnerable; other versions may also be affected.

42. eMule Plus Unspecified Security Vulnerability
BugTraq ID: 29361
Remote: Yes
Last Updated: 2008-05-26
Relevant URL: http://www.securityfocus.com/bid/29361
Summary:
eMule Plus is prone an unspecified vulnerability.

Very few details are available regarding this issue. We will update this BID as more information emerges.

This issue affects versions prior to eMule Plus 1.2d.

43. libpam-pgsql 'pam_pgsql.c' Authentication Bypass Vulnerability
BugTraq ID: 29360
Remote: No
Last Updated: 2008-05-26
Relevant URL: http://www.securityfocus.com/bid/29360
Summary:
The 'libpam-pgsql' module is prone to an authentication-bypass vulnerability that could let an attacker bypass authentication in applications that use this module for authenticating users.

The issue affects libpam-pgsql 0.6.3 and prior versions.

44. Xomol CMS 'index.php' Local File Include Vulnerability
BugTraq ID: 29359
Remote: Yes
Last Updated: 2008-05-26
Relevant URL: http://www.securityfocus.com/bid/29359
Summary:
Xomol CMS is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability using directory-traversal strings to view files and execute local scripts in the context of the webserver process. This may aid in further attacks.

Xomol CMS 1 is vulnerable; other versions may also be affected.

45. Xomol CMS 'index.php' SQL Injection Vulnerability
BugTraq ID: 29358
Remote: Yes
Last Updated: 2008-05-26
Relevant URL: http://www.securityfocus.com/bid/29358
Summary:
Xomol CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Xomol CMS 1 is vulnerable; other versions may also be affected.

46. plusPHP Short URL Multi-User Script Remote File Include Vulnerability
BugTraq ID: 29357
Remote: Yes
Last Updated: 2008-05-26
Relevant URL: http://www.securityfocus.com/bid/29357
Summary:
plusPHP Short URL Multi-User Script is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

plusPHP Short URL Multi-User Script 1.6 is vulnerable; other versions may also be affected.

47. phpRaider phpbb3 Bridge 'phpbb3.functions.php' Remote File Include Vulnerability
BugTraq ID: 29356
Remote: Yes
Last Updated: 2008-05-26
Relevant URL: http://www.securityfocus.com/bid/29356
Summary:
phpRaider is prone to a remote file-include vulnerability that affects the phpbb3 bridge functionality because it fails to sufficiently sanitize user-supplied data.

Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

phpRaider 1.0.7 is vulnerable; other versions may also be affected.

48. Sun Java System Web Server Advanced Search Mechanism Cross-Site Scripting Vulnerability
BugTraq ID: 29355
Remote: Yes
Last Updated: 2008-05-26
Relevant URL: http://www.securityfocus.com/bid/29355
Summary:
Sun Java System Web Server is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of a site that uses the affected functionality. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

This issue affects Sun Java System Web Server 6.1 and 7.0 for SPARC, x86, Linux, Windows, HP-UX, and AIX platforms.

49. RoomPHPlanning 'resaopen.php' SQL Injection Vulnerability
BugTraq ID: 29354
Remote: Yes
Last Updated: 2008-05-26
Relevant URL: http://www.securityfocus.com/bid/29354
Summary:
RoomPHPlanning is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

RoomPHPlanning 1.5 is vulnerable; other versions may also be affected.

50. mtr 'split.c' Remote Stack Buffer Overflow Vulnerability
BugTraq ID: 29290
Remote: Yes
Last Updated: 2008-05-26
Relevant URL: http://www.securityfocus.com/bid/29290
Summary:
The 'mtr' utility is prone to a remote stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary code with superuser privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.

51. DZOIC Handshakes 'fname' Parameter SQL Injection Vulnerability
BugTraq ID: 29353
Remote: Yes
Last Updated: 2008-05-26
Relevant URL: http://www.securityfocus.com/bid/29353
Summary:
DZOIC Handshakes is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

DZOIC Handshakes 3.5 is vulnerable; other versions may also be affected.

52. GnuTLS Prior to 2.2.5 Multiple Remote Vulnerabilities
BugTraq ID: 29292
Remote: Yes
Last Updated: 2008-05-26
Relevant URL: http://www.securityfocus.com/bid/29292
Summary:
GnuTLS is prone to multiple remote vulnerabilities, including:

- A buffer-overflow vulnerability
- Multiple denial-of-service vulnerabilities

An attacker can exploit these issues to execute arbitrary code within the context of the affected application or crash the application, denying service to legitimate users.

Versions prior to GnuTLS 2.2.5 are vulnerable.

53. RoomPHPlanning 'userform.php' Unauthorized Access Vulnerability
BugTraq ID: 29377
Remote: Yes
Last Updated: 2008-05-26
Relevant URL: http://www.securityfocus.com/bid/29377
Summary:
RoomPHPlanning is prone to an unauthorized-access vulnerability because it fails to adequately limit access to administrative scripts used for created accounts.

An attacker can exploit this vulnerability to gain unauthorized administrative access to the application; other attacks are also possible.

RoomPHPlanning 1.5 is vulnerable; other versions may also be vulnerable.

54. Campus Bulletin Board SQL Injection and Cross-Site Scripting Vulnerabilities
BugTraq ID: 29375
Remote: Yes
Last Updated: 2008-05-26
Relevant URL: http://www.securityfocus.com/bid/29375
Summary:
Campus Bulletin Board is prone to multiple input-validation vulnerabilities, including multiple SQL-injection issues and a cross-site scripting issue, because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Campus Bulletin Board 3.4 is vulnerable; other versions may also be affected.

55. OneCMS 'load' Parameter Local File Include Vulnerability
BugTraq ID: 29374
Remote: Yes
Last Updated: 2008-05-26
Relevant URL: http://www.securityfocus.com/bid/29374
Summary:
OneCMS is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

Exploiting this issue allows remote attackers to view local files within the context of the webserver process.

56. RETIRED: BosDev BosNews '/admin/index.php' Authentication Bypass Vulnerability
BugTraq ID: 28792
Remote: Yes
Last Updated: 2008-05-24
Relevant URL: http://www.securityfocus.com/bid/28792
Summary:
BosDev BosNews is prone to an authentication-bypass vulnerability because it fails to restrict access to certain scripts.

Attackers can leverage this issue to create arbitrary administrative user accounts and gain unauthorized access to the application. Successful attacks will compromise the application and possibly the underlying webserver.

BosNews 4.0 and 2002 through 2006 are vulnerable; other versions may also be affected.

RETIRED: This BID is being retired because the vendor states that only guest user accounts can be created in the described manner.

57. SAFARI Montage 'forgotPW.php' Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 29343
Remote: Yes
Last Updated: 2008-05-23
Relevant URL: http://www.securityfocus.com/bid/29343
Summary:
SAFARI Montage is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

SAFARI Montage 3.1.3 is vulnerable; other versions may also be affected.

58. PHP 5.2.5 and Prior Versions Multiple Vulnerabilities
BugTraq ID: 29009
Remote: Yes
Last Updated: 2008-05-23
Relevant URL: http://www.securityfocus.com/bid/29009
Summary:
PHP 5.2.5 and prior versions are prone to multiple security vulnerabilities.

Successful exploits could allow an attacker to bypass security restrictions, cause a denial-of-service condition, and potentially execute code.

These issues are reported to affect PHP 5.2.5 and prior versions.

59. PCRE Character Class Buffer Overflow Vulnerability
BugTraq ID: 27786
Remote: Yes
Last Updated: 2008-05-23
Relevant URL: http://www.securityfocus.com/bid/27786
Summary:
PCRE regular-expression library is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of an application using the library. Failed exploit attempts will likely cause denial-of-service conditions.

The issue affects versions prior to PCRE 7.6.

60. PHP 5 'php_sprintf_appendstring()' Remote Integer Overflow Vulnerability
BugTraq ID: 28392
Remote: Yes
Last Updated: 2008-05-23
Relevant URL: http://www.securityfocus.com/bid/28392
Summary:
PHP 5 is prone to an integer-overflow vulnerability because the software fails to ensure that integer values are not overrun.

Successful exploits of this vulnerability allow remote attackers to execute arbitrary machine code in the context of a webserver affected by the issue. Failed attempts will likely result in denial-of-service conditions.

PHP 5.2.5 and prior versions are vulnerable.

61. Quate CMS Multiple Input Validation Vulnerabilities
BugTraq ID: 29348
Remote: Yes
Last Updated: 2008-05-23
Relevant URL: http://www.securityfocus.com/bid/29348
Summary:
Quate CMS is prone to multiple input-validation vulnerabilities because it fails to adequately sanitize user-supplied input. These issues include remote and local file-include vulnerabilities, cross-site scripting vulnerabilities, and a directory-traversal vulnerability.

An attacker can exploit these vulnerabilities to execute arbitrary local or remote script code in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials, obtain potentially sensitive information, or compromise the affected application and possibly the underlying system.

Quate CMS 0.3.4 is vulnerable; other versions may also be affected.

62. Info-ZIP UnZip 'inflate_dynamic()' Remote Code Execution Vulnerability
BugTraq ID: 28288
Remote: Yes
Last Updated: 2008-05-23
Relevant URL: http://www.securityfocus.com/bid/28288
Summary:
UnZip is prone to a remote code-execution vulnerability.

Attackers may exploit this issue by enticing victims into opening a maliciously crafted ZIP file ('.zip').

Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the application. This may facilitate a compromise of vulnerable computers.

UnZip 5.52 is vulnerable; other versions may be affected as well.

63. Cerberus Helpdesk Controller Authentication Information Disclosure Vulnerability
BugTraq ID: 29347
Remote: Yes
Last Updated: 2008-05-23
Relevant URL: http://www.securityfocus.com/bid/29347
Summary:
Cerberus Helpdesk is prone to an information-disclosure vulnerability because of an authentication error on certain webpages.

An attacker can exploit this issue to obtain sensitive information that may lead to further attacks.

64. Adobe Flash Player Multimedia File Remote Buffer Overflow Vulnerability
BugTraq ID: 28695
Remote: Yes
Last Updated: 2008-05-23
Relevant URL: http://www.securityfocus.com/bid/28695
Summary:
Adobe Flash Player is prone to a remote buffer-overflow vulnerability when handling multimedia files with certain tags.

An attacker may exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

Adobe Flash Player 9.0.115.0 and earlier versions are affected.

65. F5 Networks FirePass 4100 SSL VPN My.Logon.PHP3 Cross-Site Scripting Vulnerability
BugTraq ID: 26659
Remote: Yes
Last Updated: 2008-05-23
Relevant URL: http://www.securityfocus.com/bid/26659
Summary:
F5 Networks FirePass 4100 SSL VPN devices are prone to a cross-site scripting vulnerability because they fail to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker to steal cookie-based authentication credentials and to launch other attacks.

F5 Networks FirePass 4100 SSL VPNs running these firmware versions are vulnerable:

5.4.1 through 5.5.2
6.0
6.0.1

66. VideoLAN VLC Multiple Remote Code Execution Vulnerabilities
BugTraq ID: 27015
Remote: Yes
Last Updated: 2008-05-23
Relevant URL: http://www.securityfocus.com/bid/27015
Summary:
VideoLAN VLC media player is prone to multiple remote code-execution vulnerabilities, including multiple buffer-overflow issues and a format-string issue.

Exploiting these issues allows remote attackers to execute arbitrary machine code in the context of the affected application.

VLC 0.8.6d is vulnerable to these issues; other versions may also be affected.

67. Sava CMS SQL Injection and Cross-Site Scripting Vulnerabilities
BugTraq ID: 29346
Remote: Yes
Last Updated: 2008-05-23
Relevant URL: http://www.securityfocus.com/bid/29346
Summary:
Sava CMS is prone to multiple input-validation vulnerabilities, including an SQL-injection issue and a cross-site scripting issue, because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Versions prior to Sava CMS 5.0.122 are vulnerable.

68. Xerox WorkCentre Unspecified HTML Injection Vulnerability
BugTraq ID: 29345
Remote: Yes
Last Updated: 2008-05-23
Relevant URL: http://www.securityfocus.com/bid/29345
Summary:
Xerox WorkCentre Web Server is prone to an unspecified HTML-injection vulnerability because it fails to properly sanitize user-supplied input.

Attacker-supplied HTML and script code would execute in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible.

The following Xerox WorkCentre versions are affected:

WorkCentre 7132
WorkCentre 7228
WorkCentre 7235
WorkCentre 7245

69. e107 BLOG Engine 'macgurublog.php' SQL Injection Vulnerability
BugTraq ID: 29344
Remote: Yes
Last Updated: 2008-05-23
Relevant URL: http://www.securityfocus.com/bid/29344
Summary:
e107 BLOG Engine is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

e107 BLOG Engine 2.2 is vulnerable; other versions may also be affected.

70. vsftpd FTP Server 'deny_file' Option Remote Denial of Service Vulnerability
BugTraq ID: 29322
Remote: Yes
Last Updated: 2008-05-23
Relevant URL: http://www.securityfocus.com/bid/29322
Summary:
The 'vsftpd' FTP server is prone to a remote denial-of-service vulnerability because it fails to free allocated memory.

Successfully exploiting this issue allows remote attackers to crash the affected application, denying service to legitimate users.

71. Microsoft Jet DataBase Engine MDB File Parsing Remote Buffer Overflow Vulnerability
BugTraq ID: 26468
Remote: Yes
Last Updated: 2008-05-23
Relevant URL: http://www.securityfocus.com/bid/26468
Summary:
Microsoft Jet DataBase Engine is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data.

Remote attackers can exploit this issue to execute arbitrary machine code in the context of a user running the application. Successful exploits will compromise the affected application and possibly the underlying computer. Failed attacks will likely cause denial-of-service conditions.

NOTE: Further details report that attackers are using malicious Word files to load specially crafted MDB files. Microsoft has released a knowledge base article (950627) documenting this attack vector.

This issue does not affect Windows Server 2003 Service Pack 2, Windows XP Service Pack 3, Windows XP x64 edition Server Pack 2, Windows Vista, Windows Vista Service Pack 1 and Windows Server 2008 because they run a version of the Jet Database Engine that isn't vulnerable.

This issue does affect the Jet Database Engine, Microsoft Word 2000 Service Pack 3, Microsoft Word 2002 Service Pack 3, Microsoft Word 2003 Service Pack 2, Microsoft Word 2003 Service Pack 3, Microsoft Word 2007, and Microsoft Word 2007 Service Pack 1 on Microsoft Windows 2000, Windows XP, or Windows Server 2003 Service Pack 1.

72. Foxit Reader 'util.printf()' Remote Buffer Overflow Vulnerability
BugTraq ID: 29288
Remote: Yes
Last Updated: 2008-05-23
Relevant URL: http://www.securityfocus.com/bid/29288
Summary:
Foxit Reader is prone to a remote buffer-overflow vulnerability when handling PDF files with specially crafted JavaScript code.

Exploiting this issue may allow attackers to corrupt memory and execute arbitrary machine code in the context of users running the affected application. Failed exploits will likely cause denial-of-service conditions.

This issue affects Foxit Reader 2.3 build 2825; other versions may also be affected.

73. AbleDating 'search_results.php' Multiple Input Validation Vulnerabilities
BugTraq ID: 29342
Remote: Yes
Last Updated: 2008-05-22
Relevant URL: http://www.securityfocus.com/bid/29342
Summary:
AbleDating is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied data. The issues include an SQL-injection vulnerability and a cross-site scripting vulnerability.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, execute arbitrary local scripts, retrieve potentially sensitive information, or exploit latent vulnerabilities in the underlying database.

These issues affect AbleDating 2.4; other versions may also be vulnerable.

74. WWW File Share Pro Unspecified Arbitrary File Upload Vulnerability
BugTraq ID: 29341
Remote: Yes
Last Updated: 2008-05-22
Relevant URL: http://www.securityfocus.com/bid/29341
Summary:
WWW File Share Pro is prone to a vulnerability that lets attackers upload arbitrary files.

An attacker can exploit this vulnerability to upload files and execute arbitrary script code in the context of the webserver process. This may aid in further attacks.

Few details are available about this issue; we will update this BID as more information is disclosed.

This issue is reported to affect WWW File Share Pro 5.30.

75. Barracuda Spam Firewall 'ldap_test.cgi' Cross-Site Scripting Vulnerability
BugTraq ID: 29340
Remote: Yes
Last Updated: 2008-05-22
Relevant URL: http://www.securityfocus.com/bid/29340
Summary:
Barracuda Spam Firewall is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Firmware prior to Barracuda Spam Firewall 3.5.11.025 is vulnerable.

76. BMForum Multiple Cross Site Scripting Vulnerabilities
BugTraq ID: 29339
Remote: Yes
Last Updated: 2008-05-22
Relevant URL: http://www.securityfocus.com/bid/29339
Summary:
BMForum is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

BMForum 5.6 is vulnerable; other versions may also be affected.

77. phpSQLiteCMS Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 29338
Remote: Yes
Last Updated: 2008-05-22
Relevant URL: http://www.securityfocus.com/bid/29338
Summary:
phpSQLiteCMS is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

phpSQLiteCMS 1 RC2 is vulnerable; other versions may also be affected.

78. phpFreeForum Multiple Cross Site Scripting Vulnerabilities
BugTraq ID: 29337
Remote: Yes
Last Updated: 2008-05-22
Relevant URL: http://www.securityfocus.com/bid/29337
Summary:
phpFreeForum is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

79. FishSound Library Remote Speex Decoding Code Execution Vulnerability
BugTraq ID: 28665
Remote: Yes
Last Updated: 2008-05-22
Relevant URL: http://www.securityfocus.com/bid/28665
Summary:
The FishSound 'libfishsound' library is prone to a remote code-execution vulnerability because the software fails to properly bounds-check user-supplied data.

Successfully exploiting this issue allows attackers to execute arbitrary machine code in the context of applications that use the library. Failed exploit attempts likely result in denial-of-service conditions.

Versions prior to FishSound 0.9.1 are vulnerable.

The following applications use the library and are also vulnerable:

- Speex
- Annodex plugin for Firefox
- Illiminable DirectShow Filters
- gstreamer-plugins-good
- SDL_sound
- Sweep
- vorbis-tools
- VLC Media Player
- xine-lib
- XMMS speex plugin

Other applications may also be affected.

80. xine-lib NES Sound Format Demuxer 'demux_nsf.c' Buffer Overflow Vulnerability
BugTraq ID: 28816
Remote: Yes
Last Updated: 2008-05-22
Relevant URL: http://www.securityfocus.com/bid/28816
Summary:
The 'xine-lib' library is prone to a buffer-overflow vulnerability because the software fails to perform adequate boundary checks on user-supplied data.

An attacker may exploit this issue to execute arbitrary code with the privileges of the user running an application that relies on the affected library. Failed exploit attempts will likely result in denial-of-service conditions.

This issue affects xine-lib 1.1.12 and prior versions.

81. xine-lib Multiple Heap Based Remote Buffer Overflow Vulnerabilities
BugTraq ID: 28370
Remote: Yes
Last Updated: 2008-05-22
Relevant URL: http://www.securityfocus.com/bid/28370
Summary:
The 'xine-lib' library is prone to multiple heap-based buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied input.

Attackers can exploit these issues to execute arbitrary code in the context of applications that use the library. Failed attacks will cause denial-of-service conditions.

These issues affect xine-lib 1.1.11; other versions may also be affected.

82. Cerulean Studios Trillian Multiple Remote Buffer Overflow Vulnerabilities
BugTraq ID: 29330
Remote: Yes
Last Updated: 2008-05-22
Relevant URL: http://www.securityfocus.com/bid/29330
Summary:
Trillian is prone to multiple buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied input.

Remote attackers can exploit these issues to execute arbitrary code with the privileges of the user running the application.

Versions prior to Trillian 3.1.10.0 are vulnerable.

83. CA BrightStor 'AddColumn()' ListCtrl.ocx ActiveX Control Buffer Overflow Vulnerability
BugTraq ID: 28268
Remote: Yes
Last Updated: 2008-05-22
Relevant URL: http://www.securityfocus.com/bid/28268
Summary:
The Unicenter DSM r11 List Control ATX ActiveX control, included with CA BrightStor ARCserve Backup, is prone to a buffer-overflow vulnerability because it fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code in the context of an application running the control (typically Internet Explorer). Failed attacks will cause denial-of-service conditions.

84. Cerberus Helpdesk Unspecified Security Vulnerability
BugTraq ID: 29335
Remote: Yes
Last Updated: 2008-05-22
Relevant URL: http://www.securityfocus.com/bid/29335
Summary:
Cerberus Helpdesk is prone an unspecified vulnerability.

Very few details are available regarding this issue. We will update this BID as more information emerges.

This issue affects versions prior to Cerberus Helpdesk 4.0 (Build 603).

85. Interchange Unspecified HTTP POST Request Denial Of Service Vulnerability
BugTraq ID: 29334
Remote: Yes
Last Updated: 2008-05-22
Relevant URL: http://www.securityfocus.com/bid/29334
Summary:
Interchange is prone to an unspecified denial-of-service vulnerability.

An attacker can exploit this issue to cause the application to stop responding, denying further service to legitimate users.

This issue affects versions prior to Interchange 5.6.0.

86. Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
BugTraq ID: 27237
Remote: Yes
Last Updated: 2008-05-22
Relevant URL: http://www.securityfocus.com/bid/27237
Summary:
The Apache HTTP Server 'mod_status' module is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Reportedly, attackers can also use this issue to redirect users' browsers to arbitrary locations, which may aid in phishing attacks.

The issue affects versions prior to Apache 2.2.7-dev, 2.0.62-dev, and 1.3.40-dev.

87. Simpel Side Netbutikker Multiple SQL Injection Vulnerabilities
BugTraq ID: 29333
Remote: Yes
Last Updated: 2008-05-22
Relevant URL: http://www.securityfocus.com/bid/29333
Summary:
Netbutikker is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Netbutikker 4 and prior versions are vulnerable.

88. Simpel Side Weblosninger SQL Injection and Cross-Site Scripting Vulnerabilities
BugTraq ID: 29332
Remote: Yes
Last Updated: 2008-05-22
Relevant URL: http://www.securityfocus.com/bid/29332
Summary:
Weblosninger is prone to multiple input-validation vulnerabilities, including an SQL-injection issue and a cross-site scripting issue, because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Weblosninger 4 and prior versions are vulnerable.

89. 6rbScript 'news.php' SQL Injection Vulnerability
BugTraq ID: 29331
Remote: Yes
Last Updated: 2008-05-22
Relevant URL: http://www.securityfocus.com/bid/29331
Summary:
6rbScript is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

90. Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
BugTraq ID: 26663
Remote: Yes
Last Updated: 2008-05-22
Relevant URL: http://www.securityfocus.com/bid/26663
Summary:
Apache is prone to a cross-site scripting weakness when handling HTTP request methods that result in 413 HTTP errors.

An attacker may exploit this issue to steal cookie-based authentication credentials and launch other attacks.

Apache 2.0.46 through 2.2.4 are vulnerable; other versions may also be affected.

91. Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
BugTraq ID: 26838
Remote: Yes
Last Updated: 2008-05-22
Relevant URL: http://www.securityfocus.com/bid/26838
Summary:
Apache is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

This issue affects the following:

- The 'mod_imagemap' module in Apache 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, and 2.2.0

- The 'mod_imap' module in Apache 1.3.39, 1.3.37, 1.3.36, 1.3.35, 1.3.34, 1.3.33, 1.3.32, 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, and 1.3.0.

92. Gnome-Screensaver With Compiz Lock Bypass Vulnerability
BugTraq ID: 26188
Remote: No
Last Updated: 2008-05-22
Relevant URL: http://www.securityfocus.com/bid/26188
Summary:
Gnome-screensaver is prone to a vulnerability that allows an attacker who has physical console access to bypass the user's locked screen.

This issue affects gnome-screensaver released with Ubuntu 7.10; fixes from Ubuntu are available; other versions may also be affected.

93. IBM Lotus Sametime Multiplexer Buffer Overflow Vulnerability
BugTraq ID: 29328
Remote: Yes
Last Updated: 2008-05-22
Relevant URL: http://www.securityfocus.com/bid/29328
Summary:
IBM Lotus Sametime is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely result in a denial of service.

94. Snort Time To Live Fragment Reassembly Security Bypass Weakness
BugTraq ID: 29327
Remote: Yes
Last Updated: 2008-05-22
Relevant URL: http://www.securityfocus.com/bid/29327
Summary:
Snort is prone to a security-bypass weakness because of a design error affected by the Time To Live values of disassembled network packets.

Attackers can exploit this issue to bypass all Snort rules. This may facilitate further attacks.

This issue affects Snort 2.8 and 2.6 on multiple platforms.

95. Sun Solaris 10 STREAM Administrative Driver Denial of Service Vulnerability
BugTraq ID: 29326
Remote: No
Last Updated: 2008-05-22
Relevant URL: http://www.securityfocus.com/bid/29326
Summary:
Sun Solaris is prone to a denial-of-service vulnerability due to a race-condition error.

An attacker can exploit this issue to cause the affected kernel to panic, resulting in a denial-of-service condition.

This issue affects the Solaris 10 operating system.

96. IBM AIX Kernel Local Buffer Overflow Vulnerability
BugTraq ID: 29329
Remote: No
Last Updated: 2008-05-22
Relevant URL: http://www.securityfocus.com/bid/29329
Summary:
IBM AIX is prone to a local buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

Attackers can exploit this issue to execute arbitrary code with superuser privileges. Successful exploits will completely compromise affected computers. Failed exploit attempts will result in a denial of service.

97. IBM AIX 'iostat' Command Local Privilege Escalation Vulnerability
BugTraq ID: 29325
Remote: No
Last Updated: 2008-05-22
Relevant URL: http://www.securityfocus.com/bid/29325
Summary:
IBM AIX is prone to a local privilege-escalation vulnerability caused by an environment variable error.

An attacker can exploit this issue to execute arbitrary code with superuser privileges. Successfully exploiting this issue may result in the complete compromise of affected computers.

The following versions are vulnerable:

AIX 5.2
AIX 5.3
AIX 6.1

98. IBM AIX 'errpt' Local Buffer Overflow Vulnerability
BugTraq ID: 29323
Remote: No
Last Updated: 2008-05-22
Relevant URL: http://www.securityfocus.com/bid/29323
Summary:
IBM AIX is prone to a local buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

Attackers can exploit this issue to execute arbitrary code with superuser privileges. Successful exploits will completely compromise affected computers. Failed exploit attempts will result in a denial of service.

99. Netious CMS 'index.php' SQL Injection Vulnerability
BugTraq ID: 29319
Remote: Yes
Last Updated: 2008-05-22
Relevant URL: http://www.securityfocus.com/bid/29319
Summary:
Netious CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Netious CMS 0.4 is vulnerable; other versions may also be affected.

100. SETroubleShoot sealert Arbitrary Script Injection Vulnerability
BugTraq ID: 29324
Remote: No
Last Updated: 2008-05-22
Relevant URL: http://www.securityfocus.com/bid/29324
Summary:
SETroubleShoot sealert is prone to a script-injection vulnerability when handling certain log records.

Attackers can exploit the issue to execute arbitrary script code in the browser of an unsuspecting user.

III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Legal experts wary of MySpace hacking charges
By: Robert Lemos
Federal prosecutors charge the parent who allegedly badgered a girl to suicide with three counts of computer crime, but law experts worry about a dangerous precedent.
http://www.securityfocus.com/news/11519

2. Admins warned of brute-force SSH attacks
By: Robert Lemos
Normally considered a low-level threat on the Internet, scans for default-configured secure shell servers spiked this week.
http://www.securityfocus.com/news/11518

3. Groups warn travelers to limit laptop data
By: Robert Lemos
In a letter to Congress, nearly three dozen organizations protest the seizures of electronic devices by U.S. customs officials, an act upheld by a federal appeals court in a recent ruling.
http://www.securityfocus.com/news/11516

4. Patches pose significant risk, researchers say
By: Robert Lemos
A group of four computer scientists say Windows Update -- and other patch services -- should be redesigned, after they create a technique to quickly produce attack code from a distributed patch.
http://www.securityfocus.com/news/11514

IV. SECURITY JOBS LIST SUMMARY
-------------------------------
1. [SJ-JOB] Sr. Security Analyst, Fort Worth
http://www.securityfocus.com/archive/77/492490

2. [SJ-JOB] Forensics Engineer, Cambridgeshire
http://www.securityfocus.com/archive/77/492480

3. [SJ-JOB] Security Engineer, New Castle
http://www.securityfocus.com/archive/77/492488

4. [SJ-JOB] Security Consultant, New Castle
http://www.securityfocus.com/archive/77/492483

5. [SJ-JOB] Technology Risk Consultant, Boston
http://www.securityfocus.com/archive/77/492487

6. [SJ-JOB] Security Consultant, San Francisco
http://www.securityfocus.com/archive/77/492489

7. [SJ-JOB] Forensics Engineer, London
http://www.securityfocus.com/archive/77/492481

8. [SJ-JOB] Manager, Information Security, London
http://www.securityfocus.com/archive/77/492482

9. [SJ-JOB] Security Consultant, San Francisco
http://www.securityfocus.com/archive/77/492484

10. [SJ-JOB] Account Manager, San Jose
http://www.securityfocus.com/archive/77/492485

11. [SJ-JOB] Incident Handler, Wilmington
http://www.securityfocus.com/archive/77/492351

12. [SJ-JOB] Application Security Architect, New York
http://www.securityfocus.com/archive/77/492352

13. [SJ-JOB] Security Consultant, Open Location
http://www.securityfocus.com/archive/77/492353

14. [SJ-JOB] Director, Information Security, South Florida
http://www.securityfocus.com/archive/77/492354

15. [SJ-JOB] Sales Engineer, New York
http://www.securityfocus.com/archive/77/492355

16. [SJ-JOB] Application Security Engineer, Ottawa
http://www.securityfocus.com/archive/77/492345

17. [SJ-JOB] Senior Software Engineer, Alpharetta
http://www.securityfocus.com/archive/77/492348

18. [SJ-JOB] Security Engineer, Torrance
http://www.securityfocus.com/archive/77/492349

19. [SJ-JOB] Security Engineer, Reston
http://www.securityfocus.com/archive/77/492350

20. [SJ-JOB] Security Auditor, New York
http://www.securityfocus.com/archive/77/492342

21. [SJ-JOB] Security Auditor, Washington
http://www.securityfocus.com/archive/77/492347

22. [SJ-JOB] Security Auditor, chicago
http://www.securityfocus.com/archive/77/492356

23. [SJ-JOB] Sales Engineer, Philadelphia
http://www.securityfocus.com/archive/77/492357

24. [SJ-JOB] Security Auditor, San Francisco
http://www.securityfocus.com/archive/77/492358

25. [SJ-JOB] Application Security Engineer, Dallas
http://www.securityfocus.com/archive/77/492336

26. [SJ-JOB] Security Consultant, Long Island
http://www.securityfocus.com/archive/77/492340

27. [SJ-JOB] Application Security Engineer, Washington
http://www.securityfocus.com/archive/77/492343

28. [SJ-JOB] Security Consultant, New York
http://www.securityfocus.com/archive/77/492344

29. [SJ-JOB] Application Security Engineer, Los Angeles
http://www.securityfocus.com/archive/77/492339

30. [SJ-JOB] Security Consultant, chicago
http://www.securityfocus.com/archive/77/492341

31. [SJ-JOB] Security System Administrator, San Jose
http://www.securityfocus.com/archive/77/492337

32. [SJ-JOB] Application Security Engineer, San Jose
http://www.securityfocus.com/archive/77/492338

V. INCIDENTS LIST SUMMARY
---------------------------
VI. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #395
http://www.securityfocus.com/archive/88/492421

2. Binding Windows Services to Specific Addresses Only
http://www.securityfocus.com/archive/88/491595

VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
1. CfP hack.lu 2008
http://www.securityfocus.com/archive/91/492320

X. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

XI. SPONSOR INFORMATION
------------------------
This issue is sponsored by Black Hat USA:

Attend Black Hat USA, August 2-7 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 40 hands-on training courses and 80 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 50 nations. Visit product displays by 30 top sponsors in a relaxed setting.

www.blackhat.com