News

Thursday, July 17, 2008

SecurityFocus Newsletter #462

SecurityFocus Newsletter #462
----------------------------------------

This issue is sponsored by Black Hat USA:

Attend Black Hat USA, August 2-7 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 40 hands-on training courses and 80 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 50 nations. Visit product displays by 30 top sponsors in a relaxed setting.
www.blackhat.com

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.An Astonishing Collaboration
2.Bad-Code Blues
II. BUGTRAQ SUMMARY
1. Retired: OPIE Accessfile.C Remote Denial of Service Vulnerability
2. tplSoccerSite Multiple SQL Injection Vulnerabilities
3. Mod_Security ASCIIZ Byte POST Bypass Vulnerability
4. Pidgin 'msn_slplink_process_msg()' Multiple Integer Overflow Vulnerabilities
5. Lighttpd Multiple Code Execution, Denial of Service and Information Disclosure Vulnerabilities
6. Lighttpd File Descriptor Array Remote Denial of Service Vulnerability
7. X.Org X Server 'MIT-SHM' Local Privilege Escalation Vulnerability
8. X.Org X Server 'Xinput' Extension Local Privilege Escalation Vulnerability
9. X.Org X Server 'EVI' Extension Local Privilege Escalation Vulnerability
10. X.Org X Server 'TOG-CUP' Extension Local Privilege Escalation Vulnerability
11. X.Org X 'Server X:1 -sp' Command Information Disclosure Vulnerability
12. X.Org X Server 'PassMessage' Request Local Privilege Escalation Vulnerability
13. Adobe Flash Player HTTP Response Splitting Vulnerability
14. Adobe ActionScript SecurityErrorEvent Security Bypass Vulnerability
15. Adobe Flash Player ActiveX Control 'navigateToURL' API Cross Domain Scripting Vulnerability
16. Adobe Flash Player DNS Rebinding Vulnerability
17. Adobe Flash Player Unspecified DNS Rebinding Vulnerability
18. Adobe Flash Player 'asfunction' Cross Site Scripting Vulnerability
19. Adobe Flash Player Policy File Cross Domain Security Bypass Vulnerability
20. Adobe Flash Player Unspecified Privilege-Escalation Vulnerability
21. Adobe Flash Player Multimedia File Remote Buffer Overflow Vulnerability
22. Adobe Flash Player Arbitrary Cross Domain HTTP Request Headers Security Vulnerability
23. Adobe Flash Player SWF File 'DeclareFunction2' ActionScript Tag Remote Code Execution Vulnerability
24. Adobe Flash Player On Opera Browser For Mac OSX Unspecified Vulnerability
25. Adobe Flash Player SWFs in Dreamweaver and Acrobat Unspecified Cross-Site Scripting Vulnerabilities
26. Adobe Flash Player JPG Header Remote Heap Based Buffer Overflow Vulnerability
27. AlstraSoft Affiliate Network Pro 'pgm' Parameter SQL Injection Vulnerability
28. F-PROT Antivirus Multiple File Processing Remote Denial Of Service Vulnerabilities
29. PHPizabi 'v_cron_proc.php' Arbitrary Script Injection Vulnerabilities
30. Joomla! and Mambo DT Register Component 'eventId' Parameter SQL Injection Vulnerability
31. Oracle July 2008 Critical Patch Update Multiple Vulnerabilities
32. BitComet URI Handling Remote Denial of Service Vulnerability
33. Netrw Vim Script 's:BrowserMaps()' Command Execution Vulnerability
34. F-PROT Antivirus CHM File Remote Denial Of Service Vulnerability
35. QuickPlayer '.m3u' File Buffer Overflow Vulnerability
36. MediaMonkey URI Handling Multiple Denial of Service Vulnerabilities
37. Dokeos 'user_portal.php' Local File Include Vulnerability
38. Microsoft Outlook Web Access for Exchange Server Email Field Cross-Site Scripting Vulnerability
39. Mozilla Firefox CSSValue Array Data Structure Remote Code Execution Vulnerability
40. Mozilla Firefox URI Splitting Security Bypass Vulnerability
41. Mozilla Firefox Mac OS X GIF Rendering Memory Corruption Vulnerability
42. HP Select Identity Bidrectional LDAP Connector Remote Unauthorized Access Vulnerability
43. Microsoft DirectX WAV and AVI File Parsing Remote Code Execution Vulnerability
44. HockeySTATS Online 'index.php' Multiple SQL Injection Vulnerabilities
45. Poppler PDF Rendering Library Page Class Remote Code Execution Vulnerability
46. Galatolo WebManager Cookie Authentication Bypass Vulnerability
47. AlstraSoft Video Share Enterprise 'album.php' SQL Injection Vulnerability
48. phpHoo3 'phpHoo3.php' SQL Injection Vulnerability
49. IBS 'username' Parameter Cross Site Scripting Vulnerability
50. Vim Vim Script Multiple Command Execution Vulnerabilities
51. Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
52. Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
53. PowerDNS Remote Cache Poisoning Vulnerability
54. PhotoPost vBGallery 'upload.php' Arbitrary File Upload Vulnerability
55. PPMate PPMedia Class ActiveX Control Remote Buffer Overflow Vulnerability
56. Afuse 'afuse.c' Shell Command Injection Vulnerability
57. Black Ice Software Document Imaging SDK/ActiveX Remote Buffer Overflow Vulnerability
58. Redmine Unspecified Cross Site Scripting Vulnerability
59. CMME Cross Site Scripting And Information Disclosure Vulnerabilities
60. WordPress 'press-this.php' Multiple Cross-Site Scripting Vulnerabilities
61. Comdev Web Blogger 'arcmonth' Parameter SQL Injection Vulnerability
62. WinRemotePC Packet Handling Remote Denial of Service Vulnerability
63. Pragyan CMS 'form.lib.php' Remote File Include Vulnerability
64. pSys 0.7.0 Alpha Multiple Remote File Include Vulnerabilities
65. Berkeley Yacc (byacc) 'skeleton.c' Local Denial of Service Vulnerability
66. Galatolo Web Manager SQL Injection and Cross-Site Scripting Vulnerabilities
67. PHP 'rfc822_write_address()' Function Buffer Overflow Vulnerability
68. PHP 5.2.4 and Prior Versions Multiple Vulnerabilities
69. PHP 5.2.5 and Prior Versions Multiple Vulnerabilities
70. PHP 5.2.3 and Prior Versions Multiple Vulnerabilities
71. php Help Agent 'head_chat.inc.php' Local File Include Vulnerability
72. PCRE Regular Expression Library Multiple Security Vulnerabilities
73. PCRE Regular Expression Library Multiple Integer and Buffer Overflow Vulnerabilities
74. Linux Kernel 32-bit/64bit Emulation Local Information Disclosure Vulnerability
75. Newsx 'read_article()' Buffer Overflow Vulnerability
76. Linux Kernel DCCP Subsystem Buffer Overflow Vulnerability
77. Votorola Multiple Unspecified Security Vulnerabilities
78. PCRE Regular Expression Heap Based Buffer Overflow Vulnerability
79. Mercurial 'patch.py' Directory Traversal Vulnerability
80. UltraStats 'players-detail.php' SQL Injection Vulnerability
81. Linux Kernel utrace and ptrace Local Denial of Service Vulnerability
82. Linux Kernel SPARC 'mmap()' Denial Of Service Vulnerability
83. Linux Kernel BER Decoding Remote Buffer Overflow Vulnerability
84. Linux Kernel 'pppol2tp_recvmsg()' Remote Denial of Service Vulnerability
85. Linux kernel 'sctp_getsockopt_local_addrs_old() ' function Local Buffer Overflow Vulnerability
86. Linux Kernel 'ipip6_rcv()' Remote Denial of Service Vulnerability
87. Linux Kernel 'sys_utimensat' Local Denial of Service Vulnerability
88. Linux Kernel Memory Copy Exception Local Information Disclosure Vulnerability
89. Linux Kernel 'hrtimer_forward()' Local Denial of Service Vulnerability
90. Linux Kernel IPSec Fragmented ESP Packet Remote Denial of Service Vulnerability
91. Linux Kernel x86_64 ptrace Denial Of Service Vulnerability
92. Mozilla Firefox 'chrome' Document Unspecified Script Injection Weakness
93. Cacti Multiple Input Validation Vulnerabilities
94. CGI::Session 'CGISESSID' Cookie Value Directory Traversal Vulnerability
95. Citrix XenServer XenAPI HTTP Interfaces Cross-Site Scripting Vulnerability
96. OpenPro 'search_wA.php' Remote File Include Vulnerability
97. Spring Framework Multiple Remote Vulnerabilities
98. Evaria ECMS 'DOCUMENT_ROOT' Parameter Multiple Remote File Include Vulnerabilities
99. Velocity Security Management System HTTP Server Directory Traversal Vulnerability
100. Firebird Multiple Denial of Service and Information Disclosure Vulnerabilities
III. SECURITYFOCUS NEWS
1. Senate amends FISA, allows immunity
2. Alliance forms to fix DNS poisoning flaw
3. Web surfers, it's time to patch
4. Breach-notification laws not working?
IV. SECURITY JOBS LIST SUMMARY
1. [SJ-JOB] Technical Support Engineer, Columbia
2. [SJ-JOB] Sr. Security Engineer, Edison
3. [SJ-JOB] Technical Support Engineer, Columbia
4. [SJ-JOB] Software Engineer, St. Paul
5. [SJ-JOB] Security Engineer, Plano
6. [SJ-JOB] Information Assurance Engineer, Columbia
7. [SJ-JOB] Application Security Architect, Santa Clara
8. [SJ-JOB] Incident Handler, Washington
9. [SJ-JOB] Forensics Engineer, Chantilly
10. [SJ-JOB] Software Engineer, Chantilly
11. [SJ-JOB] Security Engineer, St. Louis
12. [SJ-JOB] Sr. Security Analyst, Brampton
13. [SJ-JOB] Developer, Chantilly
14. [SJ-JOB] Penetration Engineer, Any State/Any City
15. [SJ-JOB] Developer, Chantilly
16. [SJ-JOB] Security Consultant, Edinburgh
17. [SJ-JOB] Sales Engineer, Southern CA
18. [SJ-JOB] Sales Engineer, NEW YORK CITY
19. [SJ-JOB] Sales Engineer, Dallas
20. [SJ-JOB] Security Consultant, Boston
21. [SJ-JOB] Sr. Security Engineer, New York / Manhattan / TriBeCa
22. [SJ-JOB] Security Consultant, London
23. [SJ-JOB] Developer, El Segundo
24. [SJ-JOB] Security Engineer, San Antonio
25. [SJ-JOB] Sales Engineer, DC Metro Area
26. [SJ-JOB] Developer, El Segundo
27. [SJ-JOB] Security Engineer, Durham
28. [SJ-JOB] Sr. Security Analyst, Atlanta
29. [SJ-JOB] Penetration Engineer, Chantilly
30. [SJ-JOB] Security Researcher, Chantilly
31. [SJ-JOB] Application Security Engineer, Chantilly
32. [SJ-JOB] Forensics Engineer, Chantilly
33. [SJ-JOB] Security Consultant, Arlington
34. [SJ-JOB] Developer, Falls Church
35. [SJ-JOB] Security Engineer, Washington
36. [SJ-JOB] Threat Analyst, Arlington
37. [SJ-JOB] Security Engineer, Arlington
38. [SJ-JOB] Sales Representative, Southern CA
39. [SJ-JOB] Sales Representative, New York
40. [SJ-JOB] Sr. Product Manager, St. Paul
41. [SJ-JOB] Security System Administrator, Boston
42. [SJ-JOB] Quality Assurance, El Segundo
43. [SJ-JOB] Sales Representative, Dallas
44. [SJ-JOB] Management, El Segundo
45. [SJ-JOB] Sales Representative, NEW YORK CITY
V. INCIDENTS LIST SUMMARY
VI. VULN-DEV RESEARCH LIST SUMMARY
VII. MICROSOFT FOCUS LIST SUMMARY
VIII. SUN FOCUS LIST SUMMARY
IX. LINUX FOCUS LIST SUMMARY
X. UNSUBSCRIBE INSTRUCTIONS
XI. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.An Astonishing Collaboration
By Dan Kaminsky
Wow. It's out. It's finally, finally out. Sweet!
http://www.securityfocus.com/columnists/477

2.Bad-Code Blues
By Don Parker
The current state of secure software development by corporations both large and small is a mess. We are still cursed with half-baked software, and as a result, a never ending stream of vulnerabilities. Secure coding practices and active quality assurance (QA) efforts are now more mainstream, but that still hasn.t made much of a dent.
http://www.securityfocus.com/columnists/476


II. BUGTRAQ SUMMARY
--------------------
1. Retired: OPIE Accessfile.C Remote Denial of Service Vulnerability
BugTraq ID: 23669
Remote: Yes
Last Updated: 2008-07-17
Relevant URL: http://www.securityfocus.com/bid/23669
Summary:
OPIE is prone to a remote denial-of-service vulnerability due to an off-by-one error.

Remote attackers may exploit this issue to crash the application using the affected library, resulting in a denial of service. Given the nature of this vulnerability, attackers may be able to exploit it to execute arbitrary code, but this has not been confirmed.

OpenSSH using OPIE is reported vulnerable; other applications may also be affected.

NOTE: Further reports indicate that this issue is not exploitable, so this BID is being retired.

2. tplSoccerSite Multiple SQL Injection Vulnerabilities
BugTraq ID: 30260
Remote: Yes
Last Updated: 2008-07-17
Relevant URL: http://www.securityfocus.com/bid/30260
Summary:
tplSoccerSite is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Versions prior to tplSoccerSite 1.01 are vulnerable; other versions may also be affected.

3. Mod_Security ASCIIZ Byte POST Bypass Vulnerability
BugTraq ID: 22831
Remote: Yes
Last Updated: 2008-07-15
Relevant URL: http://www.securityfocus.com/bid/22831
Summary:
Mod_Security is prone to a POST-parsing-bypass vulnerability. Successful attacks could allow an attacker to bypass mod_security restrictions and successfully submit malicious input to mod_security-protected sites.

The issue derives from a difference in the way the mod_security HTTP request parser and protected backend web-scripting languages process incoming data following ASCIIZ bytes.

This issue is reported to affect all iterations of mod_security below 2.1.0.

4. Pidgin 'msn_slplink_process_msg()' Multiple Integer Overflow Vulnerabilities
BugTraq ID: 29956
Remote: Yes
Last Updated: 2008-07-15
Relevant URL: http://www.securityfocus.com/bid/29956
Summary:
Pidgin is prone to multiple integer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data.

Successful exploits may allow attackers to execute arbitrary code with the privileges of a user running the software. Failed exploit attempts likely cause denial-of-service conditions.

Versions prior to Pidgin 2.4.3 are vulnerable.

5. Lighttpd Multiple Code Execution, Denial of Service and Information Disclosure Vulnerabilities
BugTraq ID: 24967
Remote: Yes
Last Updated: 2008-07-15
Relevant URL: http://www.securityfocus.com/bid/24967
Summary:
Lighttpd is prone to multiple remote denial-of-service vulnerabilities, a code-execution vulnerability, and an information-disclosure vulnerability.

An attacker can exploit these issues to execute arbitrary code, access sensitive information, or crash the affected application, denying service to legitimate users.

These issues affect versions prior to lighttpd 1.4.16.

6. Lighttpd File Descriptor Array Remote Denial of Service Vulnerability
BugTraq ID: 27943
Remote: Yes
Last Updated: 2008-07-15
Relevant URL: http://www.securityfocus.com/bid/27943
Summary:
The 'lighttpd' program is prone to a remote denial-of-service vulnerability because it fails to handle exceptional conditions.

Successfully exploiting this issue allows remote attackers to crash the affected application, denying service to legitimate users.

The issue affects lighttpd 1.4.18; other versions may also be vulnerable.

7. X.Org X Server 'MIT-SHM' Local Privilege Escalation Vulnerability
BugTraq ID: 27350
Remote: No
Last Updated: 2008-07-15
Relevant URL: http://www.securityfocus.com/bid/27350
Summary:
X.Org X Server is prone to a local privilege-escalation vulnerability.

Attackers can exploit this issue to execute arbitrary code with superuser privileges or to crash the affected computer.

NOTE: This vulnerability was previously covered in BID 27336 (X.Org X Server Multiple Local Privilege Escalation and Information Disclosure Vulnerabilities), but has been given its own record to better document the issue.

8. X.Org X Server 'Xinput' Extension Local Privilege Escalation Vulnerability
BugTraq ID: 27351
Remote: No
Last Updated: 2008-07-15
Relevant URL: http://www.securityfocus.com/bid/27351
Summary:
X.Org X Server is prone to a local privilege-escalation vulnerability.

Attackers can exploit this issue to execute arbitrary code with superuser privileges or to crash the affected computer.

NOTE: This vulnerability was previously covered in BID 27336 (X.Org X Server Multiple Local Privilege Escalation and Information Disclosure Vulnerabilities), but has been given its own record to better document the issue.

9. X.Org X Server 'EVI' Extension Local Privilege Escalation Vulnerability
BugTraq ID: 27353
Remote: No
Last Updated: 2008-07-15
Relevant URL: http://www.securityfocus.com/bid/27353
Summary:
X.Org X Server is prone to a local privilege-escalation vulnerability.

Attackers can exploit this issue to execute arbitrary code with superuser privileges or to crash the affected computer.

NOTE: This vulnerability was previously covered in BID 27336 (X.Org X Server Multiple Local Privilege Escalation and Information Disclosure Vulnerabilities), but has been given its own record to better document the issue.

10. X.Org X Server 'TOG-CUP' Extension Local Privilege Escalation Vulnerability
BugTraq ID: 27355
Remote: No
Last Updated: 2008-07-15
Relevant URL: http://www.securityfocus.com/bid/27355
Summary:
X.Org X Server is prone to a local privilege-escalation vulnerability.

Attackers can exploit this issue to execute arbitrary code with superuser privileges or to crash the affected computer.

NOTE: This vulnerability was previously covered in BID 27336 (X.Org X Server Multiple Local Privilege Escalation and Information Disclosure Vulnerabilities), but has been given its own record to better document the issue.

11. X.Org X 'Server X:1 -sp' Command Information Disclosure Vulnerability
BugTraq ID: 27356
Remote: No
Last Updated: 2008-07-15
Relevant URL: http://www.securityfocus.com/bid/27356
Summary:
X.Org X Server is prone to a local information-disclosure vulnerability.

Attackers can exploit this issue to gain access to sensitive information that may lead to further attacks.

NOTE: This vulnerability was previously covered in BID 27336 (X.Org X Server Multiple Local Privilege Escalation and Information Disclosure Vulnerabilities), but has been given its own record to better document the issue.

12. X.Org X Server 'PassMessage' Request Local Privilege Escalation Vulnerability
BugTraq ID: 27354
Remote: No
Last Updated: 2008-07-15
Relevant URL: http://www.securityfocus.com/bid/27354
Summary:
X.Org X Server is prone to a local privilege-escalation vulnerability.

Attackers can exploit this issue to execute arbitrary code with superuser privileges. Successfully exploiting this issue will result in the complete compromise of an affected computer. Failed exploit attempts will likely crash the computer.

NOTE: This vulnerability was previously covered in BID 27336 (X.Org X Server Multiple Local Privilege Escalation and Information Disclosure Vulnerabilities), but has been given its own record to better document the issue.

13. Adobe Flash Player HTTP Response Splitting Vulnerability
BugTraq ID: 26969
Remote: Yes
Last Updated: 2008-07-15
Relevant URL: http://www.securityfocus.com/bid/26969
Summary:
Adobe Flash Player is prone to an HTTP response-splitting vulnerability because it fails to adequately sanitize user-supplied input.

A remote attacker can exploit this vulnerability to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that try to entice client users into a false sense of trust.

This issue affects Adobe Flash Player 9.0.48.0, 8.0.35.0, and 7.0.70.0 and prior versions.

NOTE: This issue was previously disclosed in BID 26929 (Adobe Flash Player Multiple Security Vulnerabilities).

14. Adobe ActionScript SecurityErrorEvent Security Bypass Vulnerability
BugTraq ID: 25260
Remote: Yes
Last Updated: 2008-07-15
Relevant URL: http://www.securityfocus.com/bid/25260
Summary:
Adobe ActionScript is prone to a security-bypass vulnerability because the application allows Flash movies compiled by ActionScript to connect to arbitrary TCP ports on a host running a vulnerable version of Flash.

Successfully exploiting this issue allows an attacker to bypass the application's sandbox security model and scan other hosts that are connected to the computer running the vulnerable application.

15. Adobe Flash Player ActiveX Control 'navigateToURL' API Cross Domain Scripting Vulnerability
BugTraq ID: 26960
Remote: Yes
Last Updated: 2008-07-15
Relevant URL: http://www.securityfocus.com/bid/26960
Summary:
The Adobe Flash Player ActiveX control is prone to a cross-domain scripting vulnerability.

An attacker may leverage this issue to execute arbitrary JavaScript in the context of another domain.

This issue affects Adobe Flash Player 9.0.48.0, 8.0.35.0, and prior versions.

NOTE: This issue was previously disclosed in BID 26929 (Adobe Flash Player Multiple Security Vulnerabilities) but has been assigned its own BID because new technical details are available.

16. Adobe Flash Player DNS Rebinding Vulnerability
BugTraq ID: 26930
Remote: Yes
Last Updated: 2008-07-15
Relevant URL: http://www.securityfocus.com/bid/26930
Summary:
Adobe Flash Player is prone to a DNS rebinding vulnerability that allows remote attackers to establish arbitrary TCP sessions.

An attacker can exploit this issue by enticing an unsuspecting victim to view a malicious SWF file.

Successfully exploiting this issue allows the attacker to bypass the application's same-origin policy and set up connections to services on arbitrary computers. This may lead to other attacks.

17. Adobe Flash Player Unspecified DNS Rebinding Vulnerability
BugTraq ID: 28697
Remote: Yes
Last Updated: 2008-07-15
Relevant URL: http://www.securityfocus.com/bid/28697
Summary:
Adobe Flash Player is prone to a vulnerability with an unspecified impact. The issue can be exploited by DNS rebinding.

Successfully exploiting this issue could allow the attacker to bypass the application's same-origin policy; other attacks are also possible.

NOTE: This issue may be a variant of the issue described in BID 26930, but currently not enough details are available to verify this. We will update this BID as more information emerges.

Adobe Flash Player 9.0.115.0 and earlier versions are affected.

18. Adobe Flash Player 'asfunction' Cross Site Scripting Vulnerability
BugTraq ID: 26949
Remote: Yes
Last Updated: 2008-07-15
Relevant URL: http://www.securityfocus.com/bid/26949
Summary:
Adobe Flash Player is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

19. Adobe Flash Player Policy File Cross Domain Security Bypass Vulnerability
BugTraq ID: 26966
Remote: Yes
Last Updated: 2008-07-15
Relevant URL: http://www.securityfocus.com/bid/26966
Summary:
The Adobe Flash Player is prone to a cross-domain security-bypass vulnerability.

An attacker can exploit this issue to connect to arbitrary hosts on affected computers. This may allow the application to perform generic TCP requests to determine what services are running on the affected computer.

This issue affects Adobe Flash Player 9.0.48.0, 8.0.35.0. 7.0.70.0, and prior versions.

NOTE: This issue was previously disclosed in BID 26929 (Adobe Flash Player Multiple Security Vulnerabilities), but has been assigned its own record because of new technical details.

20. Adobe Flash Player Unspecified Privilege-Escalation Vulnerability
BugTraq ID: 26965
Remote: Yes
Last Updated: 2008-07-15
Relevant URL: http://www.securityfocus.com/bid/26965
Summary:
Adobe Flash Player is prone to a vulnerability that allows attackers to gain elevated privileges on affected computers.

Very few technical details are currently available. We will update this BID as more information emerges.

NOTE: This issue occurs only when the application is running on a Linux operating system.

Versions prior to Adobe Flash Player 9.0.115.0 are vulnerable.

This issue was previously covered by BID 26929 (Adobe Flash Player Multiple Security Vulnerabilities).

21. Adobe Flash Player Multimedia File Remote Buffer Overflow Vulnerability
BugTraq ID: 28695
Remote: Yes
Last Updated: 2008-07-15
Relevant URL: http://www.securityfocus.com/bid/28695
Summary:
Adobe Flash Player is prone to a remote buffer-overflow vulnerability when handling multimedia files with certain tags.

An attacker may exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

Adobe Flash Player 9.0.115.0 and earlier versions are affected.

NOTE: This issue has been fixed in all versions of Adobe Flash Player 9.0.124.0.

Initial investigations suggested that the vulnerability had not been patched in the standalone Adobe Flash Player version 9.0.124.0 for Linux and the standalone Adobe Flash Player version 9.0.124.0 with debug capabilities for Microsoft Windows. The observed behavior that led to this initial conclusion has since been confirmed by Adobe as intended by design.

22. Adobe Flash Player Arbitrary Cross Domain HTTP Request Headers Security Vulnerability
BugTraq ID: 28696
Remote: Yes
Last Updated: 2008-07-15
Relevant URL: http://www.securityfocus.com/bid/28696
Summary:
Adobe Flash Player is prone to a vulnerability that allows remote attackers to send arbitrary request headers from Flash Player to remote domains.

An attacker may exploit this issue to violate the Same Origin Policy (SOP) and perform cross-site request-forgery attacks; other attacks are also possible.

Adobe Flash Player 9.0.115.0 and earlier versions are affected.

23. Adobe Flash Player SWF File 'DeclareFunction2' ActionScript Tag Remote Code Execution Vulnerability
BugTraq ID: 28694
Remote: Yes
Last Updated: 2008-07-15
Relevant URL: http://www.securityfocus.com/bid/28694
Summary:
Adobe Flash Player is prone to a remote code-execution vulnerability when handling certain embedded ActionScript objects.

An attacker may exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

Adobe Flash Player 9.0.115.0 and earlier versions are affected.

24. Adobe Flash Player On Opera Browser For Mac OSX Unspecified Vulnerability
BugTraq ID: 26274
Remote: Yes
Last Updated: 2008-07-15
Relevant URL: http://www.securityfocus.com/bid/26274
Summary:
Adobe Flash Player is prone to an unspecified vulnerability.

This issue occurs when Flash Player is running on Opera Browser for the Mac OS X operating system.

Very few technical details are currently available. We will update this BID as more information emerges.

Flash Player 9.0.47.0 and prior versions are vulnerable when running on Mac OS X.

25. Adobe Flash Player SWFs in Dreamweaver and Acrobat Unspecified Cross-Site Scripting Vulnerabilities
BugTraq ID: 27034
Remote: Yes
Last Updated: 2008-07-15
Relevant URL: http://www.securityfocus.com/bid/27034
Summary:
Adobe Dreamweaver and Acrobat Connect include pre-generated SWF files that are prone to cross-site scripting vulnerabilities.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

The affected SWF files are included with Dreamweaver CS3 and Acrobat Connect. However, the applications themselves are not affected.

26. Adobe Flash Player JPG Header Remote Heap Based Buffer Overflow Vulnerability
BugTraq ID: 26951
Remote: Yes
Last Updated: 2008-07-15
Relevant URL: http://www.securityfocus.com/bid/26951
Summary:
Adobe Flash Player is prone to a remote heap-based buffer-overflow vulnerability because the application fails to use consistent signedness when handling user-supplied input.

An attacker can exploit this issue to execute arbitrary code with the privileges of a user running the application. Failed exploit attempts will likely cause denial-of-service conditions.

This issue affects Adobe Flash Player 9.0.48.0, 8.0.35.0, 7.0.70.0, and prior versions.

NOTE: This issue was originally covered by BID 26929 (Adobe Flash Player Multiple Security Vulnerabilities).

27. AlstraSoft Affiliate Network Pro 'pgm' Parameter SQL Injection Vulnerability
BugTraq ID: 30259
Remote: Yes
Last Updated: 2008-07-17
Relevant URL: http://www.securityfocus.com/bid/30259
Summary:
AlstraSoft Affiliate Network Pro is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

28. F-PROT Antivirus Multiple File Processing Remote Denial Of Service Vulnerabilities
BugTraq ID: 30258
Remote: Yes
Last Updated: 2008-07-17
Relevant URL: http://www.securityfocus.com/bid/30258
Summary:
F-PROT Antivirus is prone to multiple remote denial-of-service vulnerabilities because the application fails to properly handle malformed files.

An attacker may exploit these issues to crash the affected application or to trigger infinite loops, denying service to legitimate users.

Versions prior to F-PROT Antivirus engine 4.4.4 are vulnerable. This version of the engine is included in F-PROT Antivirus 6.0.9.0.

29. PHPizabi 'v_cron_proc.php' Arbitrary Script Injection Vulnerabilities
BugTraq ID: 30257
Remote: Yes
Last Updated: 2008-07-17
Relevant URL: http://www.securityfocus.com/bid/30257
Summary:
PHPizabi is prone to two vulnerabilities that allow attackers to execute arbitrary script code because it fails to properly sanitize user-supplied input.

An attacker can exploit these issues to execute arbitrary script code in the context of the webserver. Successful exploits can compromise the application.

PHPizabi 0.848b C1 HFP1 is vulnerable; other versions may also be affected.

30. Joomla! and Mambo DT Register Component 'eventId' Parameter SQL Injection Vulnerability
BugTraq ID: 30256
Remote: Yes
Last Updated: 2008-07-17
Relevant URL: http://www.securityfocus.com/bid/30256
Summary:
The DT Register component for Joomla! and Mambo is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

This issue affects unspecified versions of the DT Register component. We will update this BID when more details become available.

31. Oracle July 2008 Critical Patch Update Multiple Vulnerabilities
BugTraq ID: 30177
Remote: Yes
Last Updated: 2008-07-17
Relevant URL: http://www.securityfocus.com/bid/30177
Summary:
Oracle has released the July 2008 Critical Patch Update that addresses 44 new vulnerabilities affecting the following products:

Oracle Database
Oracle TimesTen In-Memory Database
Oracle Application Server
Oracle E-Business Suite and Application
Oracle Enterprise Manager
Oracle PeopleSoft Enterprise
Oracle BEA Products

32. BitComet URI Handling Remote Denial of Service Vulnerability
BugTraq ID: 30255
Remote: Yes
Last Updated: 2008-07-17
Relevant URL: http://www.securityfocus.com/bid/30255
Summary:
BitComet is prone to a denial-of-service vulnerability.

An attacker can exploit this issue to crash the application. Given the nature of this vulnerability, the attacker may also be able to execute arbitrary code, but this has not been confirmed.

BitComet 1.02 is vulnerable; other versions may also be affected.

33. Netrw Vim Script 's:BrowserMaps()' Command Execution Vulnerability
BugTraq ID: 30254
Remote: No
Last Updated: 2008-07-17
Relevant URL: http://www.securityfocus.com/bid/30254
Summary:
Netrw is prone to a command-execution vulnerability because the application fails to sufficiently sanitize user-supplied data.

Successfully exploiting this issue can allow an attacker to execute arbitrary commands with the privileges of the user running the affected application.

Netrw 127 is vulnerable; other versions may also be affected.

34. F-PROT Antivirus CHM File Remote Denial Of Service Vulnerability
BugTraq ID: 30253
Remote: Yes
Last Updated: 2008-07-17
Relevant URL: http://www.securityfocus.com/bid/30253
Summary:
F-PROT Antivirus is prone to a remote denial-of-service vulnerability because the application fails to properly handle malformed CHM files.

An attacker may exploit this issue to crash the affected application, denying further service to legitimate users.

Versions prior to F-PROT Antivirus engine 4.4.4 are vulnerable. This version of the engine is included in F-PROT Antivirus 6.0.9.0.

35. QuickPlayer '.m3u' File Buffer Overflow Vulnerability
BugTraq ID: 30252
Remote: Yes
Last Updated: 2008-07-17
Relevant URL: http://www.securityfocus.com/bid/30252
Summary:
QuickPlayer is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

Successfully exploiting this issue may allow remote attackers to execute arbitrary code in the context of the application. Failed exploit attempts will cause denial-of-service conditions.

QuickPlayer 1.3 is vulnerable; other versions may also be affected.

36. MediaMonkey URI Handling Multiple Denial of Service Vulnerabilities
BugTraq ID: 30251
Remote: Yes
Last Updated: 2008-07-17
Relevant URL: http://www.securityfocus.com/bid/30251
Summary:
MediaMonkey is prone to two denial-of-service vulnerabilities because it fails to handle user-supplied input.

An attacker can exploit these issues to crash the application. Given the nature of these vulnerabilities, the attacker may also be able to execute arbitrary code, but this has not been confirmed.

MediaMonkey 3.0.3 is vulnerable; other versions may also be affected.

37. Dokeos 'user_portal.php' Local File Include Vulnerability
BugTraq ID: 30150
Remote: Yes
Last Updated: 2008-07-17
Relevant URL: http://www.securityfocus.com/bid/30150
Summary:
Dokeos is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability to view local files or execute arbitrary local scripts on the vulnerable computer in the context of the webserver process.

Please note that this issue affects only Dokeos running on Windows.

Dokeos 1.8.5 is vulnerable; other versions may also be affected.

38. Microsoft Outlook Web Access for Exchange Server Email Field Cross-Site Scripting Vulnerability
BugTraq ID: 30130
Remote: Yes
Last Updated: 2008-07-17
Relevant URL: http://www.securityfocus.com/bid/30130
Summary:
Microsoft Outlook Web Access (OWA) for Exchange Server is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal potentially sensitive information and launch other attacks.

39. Mozilla Firefox CSSValue Array Data Structure Remote Code Execution Vulnerability
BugTraq ID: 29802
Remote: Yes
Last Updated: 2008-07-17
Relevant URL: http://www.securityfocus.com/bid/29802
Summary:
Mozilla Firefox is prone to a remote code-execution vulnerability.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application.

The issue affects Firefox 3.0 and versions prior to Firefox 2.0.0.16. Versions prior to Thunderbird 2.0.0.16 and prior to SeaMonkey 1.1.11 are also affected.

NOTE: Mozilla Thunderbird is affected by this issue only if JavaScript has been enabled in the application. This setting is disabled by default.

40. Mozilla Firefox URI Splitting Security Bypass Vulnerability
BugTraq ID: 30242
Remote: Yes
Last Updated: 2008-07-17
Relevant URL: http://www.securityfocus.com/bid/30242
Summary:
Mozilla Firefox is prone to a security-bypass vulnerability because of a design error.

Exploiting this issue could allow an attacker to bypass certain security restrictions and launch restricted URIs. Specifically, the attacker could use external applications to launch 'chrome:' URIs or to pass certain URIs to Firefox that would normally be handled by a vector application.

The issue affects Firefox 3.0 and versions prior to 2.0.0.16.

41. Mozilla Firefox Mac OS X GIF Rendering Memory Corruption Vulnerability
BugTraq ID: 30266
Remote: Yes
Last Updated: 2008-07-17
Relevant URL: http://www.securityfocus.com/bid/30266
Summary:
Mozilla Firefox for Mac OS X is prone to a memory-corruption vulnerability.

An attacker may exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely crash the application.

This issue affects Firefox 3.0.

42. HP Select Identity Bidrectional LDAP Connector Remote Unauthorized Access Vulnerability
BugTraq ID: 30250
Remote: Yes
Last Updated: 2008-07-17
Relevant URL: http://www.securityfocus.com/bid/30250
Summary:
HP Select Identity (HPSI) Active Directory Bidirectional LDAP Connector is prone to an unauthorized-access vulnerability.

Attackers can exploit this issue to gain unauthorized access to the affected computer.

HP Select Identity Bidirectional LDAP Connector 2.20, 2.20.001, 2.20.002, and 2.30 are vulnerable.

43. Microsoft DirectX WAV and AVI File Parsing Remote Code Execution Vulnerability
BugTraq ID: 26804
Remote: Yes
Last Updated: 2008-07-17
Relevant URL: http://www.securityfocus.com/bid/26804
Summary:
Microsoft DirectX is prone to a remote code-execution vulnerability.

An attacker could exploit this issue to execute arbitrary code with the privileges of the currently logged-in user. Failed exploit attempts may crash the application.

44. HockeySTATS Online 'index.php' Multiple SQL Injection Vulnerabilities
BugTraq ID: 30248
Remote: Yes
Last Updated: 2008-07-17
Relevant URL: http://www.securityfocus.com/bid/30248
Summary:
HockeySTATS Online is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

HockeySTATS Online Basic and Advanced 2.0 are vulnerable; other versions may also be affected.

45. Poppler PDF Rendering Library Page Class Remote Code Execution Vulnerability
BugTraq ID: 30107
Remote: Yes
Last Updated: 2008-07-17
Relevant URL: http://www.securityfocus.com/bid/30107
Summary:
The Poppler PDF rendering library is prone to a remote code-execution vulnerability because the software fails to properly initialize a memory pointer.

Successfully exploiting this issue allows attackers to execute arbitrary machine code in the context of applications that use the library. Failed exploit attempts likely result in denial-of-service conditions.

Poppler 0.8.4 is vulnerable to this issue; other versions may also be affected.

46. Galatolo WebManager Cookie Authentication Bypass Vulnerability
BugTraq ID: 30247
Remote: Yes
Last Updated: 2008-07-17
Relevant URL: http://www.securityfocus.com/bid/30247
Summary:
Galatolo WebManager is prone to an authentication-bypass vulnerability because it fails to adequately verify user-supplied input used for cookie-based authentication.

An attacker can exploit this vulnerability to gain administrative access to the affected application; other attacks are also possible.

Galatolo WebManager 1.3a is vulnerable; other versions may also be affected.

47. AlstraSoft Video Share Enterprise 'album.php' SQL Injection Vulnerability
BugTraq ID: 30272
Remote: Yes
Last Updated: 2008-07-17
Relevant URL: http://www.securityfocus.com/bid/30272
Summary:
AlstraSoft Video Share Enterprise is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

48. phpHoo3 'phpHoo3.php' SQL Injection Vulnerability
BugTraq ID: 30271
Remote: Yes
Last Updated: 2008-07-17
Relevant URL: http://www.securityfocus.com/bid/30271
Summary:
phpHoo3 is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.

49. IBS 'username' Parameter Cross Site Scripting Vulnerability
BugTraq ID: 30270
Remote: Yes
Last Updated: 2008-07-17
Relevant URL: http://www.securityfocus.com/bid/30270
Summary:
IBS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.

IBS 0.15 is vulnerable; other versions may also be affected. The IBSng branch of the application is not vulnerable.

50. Vim Vim Script Multiple Command Execution Vulnerabilities
BugTraq ID: 29715
Remote: Yes
Last Updated: 2008-07-16
Relevant URL: http://www.securityfocus.com/bid/29715
Summary:
Vim is prone to multiple command-execution vulnerabilities because the application fails to sufficiently sanitize user-supplied data.

Successfully exploiting these issues can allow an attacker to execute arbitrary commands with the privileges of the user running the affected application.

Vim 7.1.298 is vulnerable; other versions may also be affected.

51. Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
BugTraq ID: 27237
Remote: Yes
Last Updated: 2008-07-16
Relevant URL: http://www.securityfocus.com/bid/27237
Summary:
The Apache HTTP Server 'mod_status' module is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Reportedly, attackers can also use this issue to redirect users' browsers to arbitrary locations, which may aid in phishing attacks.

The issue affects versions prior to Apache 2.2.7-dev, 2.0.62-dev, and 1.3.40-dev.

52. Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
BugTraq ID: 26838
Remote: Yes
Last Updated: 2008-07-16
Relevant URL: http://www.securityfocus.com/bid/26838
Summary:
Apache is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

This issue affects the following:

- The 'mod_imagemap' module in Apache 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, and 2.2.0

- The 'mod_imap' module in Apache 1.3.39, 1.3.37, 1.3.36, 1.3.35, 1.3.34, 1.3.33, 1.3.32, 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, and 1.3.0.

53. PowerDNS Remote Cache Poisoning Vulnerability
BugTraq ID: 28517
Remote: Yes
Last Updated: 2008-07-16
Relevant URL: http://www.securityfocus.com/bid/28517
Summary:
PowerDNS is prone to a remote cache-poisoning vulnerability because of a weakness in the use of random number generators.

An attacker may leverage this issue to manipulate cache data, potentially facilitating man-in-the-middle, site-impersonation, or denial-of-service attacks.

Versions prior to PowerDNS 3.1.5 are vulnerable to this issue.

54. PhotoPost vBGallery 'upload.php' Arbitrary File Upload Vulnerability
BugTraq ID: 30249
Remote: Yes
Last Updated: 2008-07-16
Relevant URL: http://www.securityfocus.com/bid/30249
Summary:
PhotoPost vBGallery is prone to a vulnerability that lets remote attackers upload and execute arbitrary script code because the application fails to sanitize user-supplied input.

An attacker can leverage this issue to execute arbitrary code on an affected computer with the privileges of the webserver process.

PhotoPost vBGallery v2.4.2 is vulnerable; other versions may also be affected.

55. PPMate PPMedia Class ActiveX Control Remote Buffer Overflow Vulnerability
BugTraq ID: 30246
Remote: Yes
Last Updated: 2008-07-16
Relevant URL: http://www.securityfocus.com/bid/30246
Summary:
PPMate PPMedia Class ActiveX control is prone to a heap-based buffer-overflow vulnerability.

An attacker can exploit this issue to execute arbitrary code in the context of an application using the ActiveX control (typically Internet Explorer). Failed attacks will likely cause denial-of-service conditions.

PPMate 2.3.1.93 is vulnerable to this issue; other versions may also be affected.

56. Afuse 'afuse.c' Shell Command Injection Vulnerability
BugTraq ID: 30245
Remote: No
Last Updated: 2008-07-16
Relevant URL: http://www.securityfocus.com/bid/30245
Summary:
Afuse is prone to a command-injection vulnerability.

Attackers can exploit this issue to execute arbitrary shell commands with the privileges of the user running the affected application.

Afuse 2.0-2 is vulnerable; prior versions may also be affected.

57. Black Ice Software Document Imaging SDK/ActiveX Remote Buffer Overflow Vulnerability
BugTraq ID: 30243
Remote: Yes
Last Updated: 2008-07-16
Relevant URL: http://www.securityfocus.com/bid/30243
Summary:
Black Ice Software Document Imaging SDK/ActiveX is prone to a heap-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

An attacker can exploit this issue to execute arbitrary code in the context of an application using the ActiveX control (typically Internet Explorer). Failed attacks will likely cause denial-of-service conditions.

Black Ice Software Document Imaging SDK/ActiveX 10.95 is vulnerable; other versions may also be affected.

58. Redmine Unspecified Cross Site Scripting Vulnerability
BugTraq ID: 30241
Remote: Yes
Last Updated: 2008-07-16
Relevant URL: http://www.securityfocus.com/bid/30241
Summary:
Redmine is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.

Redmine 0.7.2 and prior versions are vulnerable.

59. CMME Cross Site Scripting And Information Disclosure Vulnerabilities
BugTraq ID: 30239
Remote: Yes
Last Updated: 2008-07-16
Relevant URL: http://www.securityfocus.com/bid/30239
Summary:
CMME (Content Management Made Easy) is prone to multiple cross-site scripting vulnerabilities and information-disclosure vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker may leverage these issues to obtain potentially sensitive information and to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

60. WordPress 'press-this.php' Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 30238
Remote: Yes
Last Updated: 2008-07-16
Relevant URL: http://www.securityfocus.com/bid/30238
Summary:
WordPress is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

Versions prior to WordPress 2.6 are vulnerable.

61. Comdev Web Blogger 'arcmonth' Parameter SQL Injection Vulnerability
BugTraq ID: 30237
Remote: Yes
Last Updated: 2008-07-16
Relevant URL: http://www.securityfocus.com/bid/30237
Summary:
Comdev Web Blogger is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Comdev Web Blogger 4.1.3 is vulnerable; other versions may also be affected.

62. WinRemotePC Packet Handling Remote Denial of Service Vulnerability
BugTraq ID: 30236
Remote: Yes
Last Updated: 2008-07-16
Relevant URL: http://www.securityfocus.com/bid/30236
Summary:
WinRemotePC is prone to a remote denial-of-service vulnerability because it fails to handle user-supplied input.

Attackers can exploit this issue to crash the application, denying service to legitimate users.

WinRemotePC Full 2008 r.2 and Lite 2008 r.2 are vulnerable; other versions may also be affected.

63. Pragyan CMS 'form.lib.php' Remote File Include Vulnerability
BugTraq ID: 30235
Remote: Yes
Last Updated: 2008-07-16
Relevant URL: http://www.securityfocus.com/bid/30235
Summary:
Pragyan CMS is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

An attacker can exploit this issue to execute malicious PHP code in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.

Pragyan CMS 2.6.2 is vulnerable; other versions may also be affected.

64. pSys 0.7.0 Alpha Multiple Remote File Include Vulnerabilities
BugTraq ID: 30234
Remote: Yes
Last Updated: 2008-07-16
Relevant URL: http://www.securityfocus.com/bid/30234
Summary:
pSys is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues can allow an attacker to compromise the application and the underlying system; other attacks are also possible.

pSys 0.7.0 alpha is vulnerable; other versions may also be affected.

65. Berkeley Yacc (byacc) 'skeleton.c' Local Denial of Service Vulnerability
BugTraq ID: 30233
Remote: No
Last Updated: 2008-07-16
Relevant URL: http://www.securityfocus.com/bid/30233
Summary:
Berkeley Yacc (byacc) is prone to a local denial-of-service vulnerability because out-of-bounds stack memory may be accessed.

Attackers can exploit this issue to deny service to legitimate users. Given the nature of this issue, attackers may also be able to execute arbitrary code, but this has not been confirmed.

This issue affects all versions of byacc; it was discovered in OpenBSD 4.3.

66. Galatolo Web Manager SQL Injection and Cross-Site Scripting Vulnerabilities
BugTraq ID: 30232
Remote: Yes
Last Updated: 2008-07-16
Relevant URL: http://www.securityfocus.com/bid/30232
Summary:
Galatolo Web Manager is prone to an SQL-injection vulnerability and a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-suplied input.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Galatolo Web Manager 1.3a is vulnerable; other versions may also be affected.

67. PHP 'rfc822_write_address()' Function Buffer Overflow Vulnerability
BugTraq ID: 29829
Remote: Yes
Last Updated: 2008-07-16
Relevant URL: http://www.securityfocus.com/bid/29829
Summary:
PHP is prone to a buffer-overflow vulnerability because it fails to perform boundary checks before copying user-supplied data to insufficiently sized memory buffers.

An attacker can exploit this issue to execute arbitrary machine code in the context of the affected webserver. Failed exploit attempts will likely crash the webserver, denying service to legitimate users.

PHP 5.2.6 and prior versions are vulnerable.

68. PHP 5.2.4 and Prior Versions Multiple Vulnerabilities
BugTraq ID: 26403
Remote: Yes
Last Updated: 2008-07-16
Relevant URL: http://www.securityfocus.com/bid/26403
Summary:
PHP 5.2.4 and prior versions are prone to multiple security vulnerabilities. Successful exploits could allow an attacker to bypass security restrictions, cause a denial-of-service condition, and potentially execute code.

69. PHP 5.2.5 and Prior Versions Multiple Vulnerabilities
BugTraq ID: 29009
Remote: Yes
Last Updated: 2008-07-16
Relevant URL: http://www.securityfocus.com/bid/29009
Summary:
PHP 5.2.5 and prior versions are prone to multiple security vulnerabilities.

Successful exploits could allow an attacker to bypass security restrictions, cause a denial-of-service condition, and potentially execute code.

These issues are reported to affect PHP 5.2.5 and prior versions.

70. PHP 5.2.3 and Prior Versions Multiple Vulnerabilities
BugTraq ID: 25498
Remote: Yes
Last Updated: 2008-07-16
Relevant URL: http://www.securityfocus.com/bid/25498
Summary:
PHP 5.2.3 and prior versions are prone to multiple security vulnerabilities. Successful exploits could allow an attacker to bypass security restrictions, cause a denial-of-service condition, and potentially execute code.

71. php Help Agent 'head_chat.inc.php' Local File Include Vulnerability
BugTraq ID: 30240
Remote: Yes
Last Updated: 2008-07-16
Relevant URL: http://www.securityfocus.com/bid/30240
Summary:
'php Help Agent' is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability using directory-traversal strings to view local files within the context of the webserver process. Information harvested may aid in further attacks.

72. PCRE Regular Expression Library Multiple Security Vulnerabilities
BugTraq ID: 26346
Remote: Yes
Last Updated: 2008-07-16
Relevant URL: http://www.securityfocus.com/bid/26346
Summary:
PCRE regular-expression library is prone to multiple security vulnerabilities.

Attackers can exploit these issues to execute arbitrary code, cause denial-of-service conditions, or launch other attacks in the context of the application using the affected library.

73. PCRE Regular Expression Library Multiple Integer and Buffer Overflow Vulnerabilities
BugTraq ID: 26462
Remote: Yes
Last Updated: 2008-07-16
Relevant URL: http://www.securityfocus.com/bid/26462
Summary:
PCRE regular-expression library is prone to multiple integer- and buffer-overflow vulnerabilities.

Attackers can exploit these issues to execute arbitrary code, cause denial-of-service conditions, or launch other attacks in the context of the application using the affected library.

74. Linux Kernel 32-bit/64bit Emulation Local Information Disclosure Vulnerability
BugTraq ID: 29942
Remote: No
Last Updated: 2008-07-16
Relevant URL: http://www.securityfocus.com/bid/29942
Summary:
The Linux kernel is prone to an information-disclosure vulnerability.

Successfully exploiting this issue may allow attackers to gain access to uninitialized and potentially sensitive data. Information obtained may lead to other attacks.

75. Newsx 'read_article()' Buffer Overflow Vulnerability
BugTraq ID: 30231
Remote: Yes
Last Updated: 2008-07-16
Relevant URL: http://www.securityfocus.com/bid/30231
Summary:
The 'newsx' program is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

This issue affects newsx 1.6; other versions may also be affected.

76. Linux Kernel DCCP Subsystem Buffer Overflow Vulnerability
BugTraq ID: 29603
Remote: Yes
Last Updated: 2008-07-16
Relevant URL: http://www.securityfocus.com/bid/29603
Summary:
The Linux kernel is prone to a buffer-overflow vulnerability caused by insufficient boundary checking.

Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

Linux kernel 2.6.18 is known to be vulnerable, but other versions are likely affected as well.

77. Votorola Multiple Unspecified Security Vulnerabilities
BugTraq ID: 30230
Remote: Yes
Last Updated: 2008-07-16
Relevant URL: http://www.securityfocus.com/bid/30230
Summary:
Votorola is prone to multiple unspecified vulnerabilities.

Very few details are available regarding these issues. We will update this BID as more information emerges.

These issues affect versions prior to Votorola 0.1.10.

78. PCRE Regular Expression Heap Based Buffer Overflow Vulnerability
BugTraq ID: 30087
Remote: Yes
Last Updated: 2008-07-16
Relevant URL: http://www.securityfocus.com/bid/30087
Summary:
PCRE is prone to a heap-based buffer-overflow vulnerability because the library fails to properly handle user-supplied input before copying data to an internal memory buffer.

The impact of successful exploits of this vulnerability depends on the application and the privileges of the user running the vulnerable library. A successful attack may ultimately permit an attacker to control the contents of critical memory control structures and write arbitrary data to arbitrary memory locations. This may allow the attacker to execute arbitrary code in the context of the application using the vulnerable library.

Versions up to and including PCRE 7.7 are vulnerable.

79. Mercurial 'patch.py' Directory Traversal Vulnerability
BugTraq ID: 30072
Remote: Yes
Last Updated: 2008-07-16
Relevant URL: http://www.securityfocus.com/bid/30072
Summary:
Mercurial is prone to a directory-traversal vulnerability because it fails to adequately sanitize user-supplied input.

Attackers can exploit this issue to create or overwrite arbitrary files on a computer hosting the affected application.

Mercurial 1.0.1 is vulnerable; other versions may also be affected.

80. UltraStats 'players-detail.php' SQL Injection Vulnerability
BugTraq ID: 30212
Remote: Yes
Last Updated: 2008-07-16
Relevant URL: http://www.securityfocus.com/bid/30212
Summary:
UltraStats is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

The issue affects UltraStats 0.2.142 and prior versions.

81. Linux Kernel utrace and ptrace Local Denial of Service Vulnerability
BugTraq ID: 29945
Remote: No
Last Updated: 2008-07-16
Relevant URL: http://www.securityfocus.com/bid/29945
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability caused by a race condition.

Attackers can exploit this issue to cause the kernel to become unresponsive, denying service to legitimate users.

82. Linux Kernel SPARC 'mmap()' Denial Of Service Vulnerability
BugTraq ID: 29397
Remote: No
Last Updated: 2008-07-16
Relevant URL: http://www.securityfocus.com/bid/29397
Summary:
The Linux kernel is prone to a denial-of-service vulnerability when mapping memory addresses on SPARC-based computers.

Local attackers can leverage the issue to crash the kernel and deny service to legitimate users.

Linux kernels prior to 2.6.25.3 are vulnerable.

83. Linux Kernel BER Decoding Remote Buffer Overflow Vulnerability
BugTraq ID: 29589
Remote: Yes
Last Updated: 2008-07-16
Relevant URL: http://www.securityfocus.com/bid/29589
Summary:
The Linux Kernel is prone to a remote buffer-overflow vulnerability because the software fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.

84. Linux Kernel 'pppol2tp_recvmsg()' Remote Denial of Service Vulnerability
BugTraq ID: 29747
Remote: Yes
Last Updated: 2008-07-16
Relevant URL: http://www.securityfocus.com/bid/29747
Summary:
The Linux Kernel is prone to a remote denial-of-service vulnerability.

An attacker can exploit this issue to crash the affected computer on the local network, denying service to legitimate users. Given the nature of this issue, code execution may be possible, but this has not been confirmed.

Versions prior to Linux Kernel 2.6.26-rc6 are vulnerable.

85. Linux kernel 'sctp_getsockopt_local_addrs_old() ' function Local Buffer Overflow Vulnerability
BugTraq ID: 29990
Remote: No
Last Updated: 2008-07-16
Relevant URL: http://www.securityfocus.com/bid/29990
Summary:
Linux kernel is prone to a local buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to crash the affected kernel, denying service to legitimate users. Given the nature of the issue, arbitrary code execution may also be possible, but this has not been confirmed.

86. Linux Kernel 'ipip6_rcv()' Remote Denial of Service Vulnerability
BugTraq ID: 29235
Remote: Yes
Last Updated: 2008-07-16
Relevant URL: http://www.securityfocus.com/bid/29235
Summary:
The Linux Kernel is prone to a remote denial-of-service vulnerability.

An attacker can exploit this issue to crash the affected computer, denying service to legitimate users.

This issue affects the Linux Kernel 2.6.25.2; other versions may also be affected.

87. Linux Kernel 'sys_utimensat' Local Denial of Service Vulnerability
BugTraq ID: 29134
Remote: No
Last Updated: 2008-07-16
Relevant URL: http://www.securityfocus.com/bid/29134
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability.

Attackers can exploit this issue to cause the kernel to crash, denying service to legitimate users.

This issue affects kernel versions 2.6.22 through to 2.6.25.2.

88. Linux Kernel Memory Copy Exception Local Information Disclosure Vulnerability
BugTraq ID: 29943
Remote: No
Last Updated: 2008-07-16
Relevant URL: http://www.securityfocus.com/bid/29943
Summary:
The Linux kernel is prone to an information-disclosure vulnerability.

Successful exploits will allow attackers to obtain sensitive information that may aid in further attacks.

Versions prior to Linux kernel 2.6.19 are vulnerable.

89. Linux Kernel 'hrtimer_forward()' Local Denial of Service Vulnerability
BugTraq ID: 29294
Remote: No
Last Updated: 2008-07-16
Relevant URL: http://www.securityfocus.com/bid/29294
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability because it fails to properly handle certain large timer expiry values.

Attackers can exploit this issue to cause the application to enter an infinite loop, denying service to legitimate users.

This issue affects the Linux kernel 2.6.21-rc4 and prior versions running on 64-bit architectures.

90. Linux Kernel IPSec Fragmented ESP Packet Remote Denial of Service Vulnerability
BugTraq ID: 29081
Remote: Yes
Last Updated: 2008-07-16
Relevant URL: http://www.securityfocus.com/bid/29081
Summary:
The Linux Kernel is prone to a remote denial-of-service vulnerability.

An attacker can exploit this issue to crash the affected computer, denying service to legitimate users.

NOTE: This issue occurs on computers that have NetScreen firewalls or Cisco PIX installed.

91. Linux Kernel x86_64 ptrace Denial Of Service Vulnerability
BugTraq ID: 29086
Remote: No
Last Updated: 2008-07-16
Relevant URL: http://www.securityfocus.com/bid/29086
Summary:
The Linux kernel is prone to a denial-of-service vulnerability when process traces are performed on 64-bit computers.

Local attackers can leverage the issue to crash the kernel and deny service to legitimate users.

92. Mozilla Firefox 'chrome' Document Unspecified Script Injection Weakness
BugTraq ID: 30244
Remote: Yes
Last Updated: 2008-07-16
Relevant URL: http://www.securityfocus.com/bid/30244
Summary:
Mozilla Firefox is prone to an unspecified script-injection weakness.

An attacker can exploit this issue to inject arbitrary script code into an unspecified XUL-based error page. This may allow for spoofing attacks.

Exploiting this issue, when combined with another vulnerability such as the one described in BID 30242, may also allow arbitrary code to run within the context of the affected application.

This issue affects Firefox 3.0.

93. Cacti Multiple Input Validation Vulnerabilities
BugTraq ID: 27749
Remote: Yes
Last Updated: 2008-07-16
Relevant URL: http://www.securityfocus.com/bid/27749
Summary:
Cacti is prone to multiple unspecified input-validation vulnerabilities, including:

- Multiple cross-site scripting vulnerabilities
- Multiple SQL-injection vulnerabilities
- An HTTP response-splitting vulnerability.

Attackers may exploit these vulnerabilities to influence or misrepresent how web content is served, cached, or interpreted, to compromise the application, to access or modify data, to exploit vulnerabilities in the underlying database, or to execute arbitrary script code in the browser of an unsuspecting user.

These issues affect Cacti 0.8.7a and prior versions.

94. CGI::Session 'CGISESSID' Cookie Value Directory Traversal Vulnerability
BugTraq ID: 30267
Remote: Yes
Last Updated: 2008-07-16
Relevant URL: http://www.securityfocus.com/bid/30267
Summary:
CGI::Session is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data.

Exploiting the issue may allow an attacker to access sensitive information that could aid in further attacks.

CGI::Session versions 3.94, 3.95 and 4.33 are vulnerable; other versions may also be affected.

95. Citrix XenServer XenAPI HTTP Interfaces Cross-Site Scripting Vulnerability
BugTraq ID: 30265
Remote: Yes
Last Updated: 2008-07-16
Relevant URL: http://www.securityfocus.com/bid/30265
Summary:
Citrix XenServer is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

Citrix XenServer version 4.1.0 is vulnerable.

96. OpenPro 'search_wA.php' Remote File Include Vulnerability
BugTraq ID: 30264
Remote: Yes
Last Updated: 2008-07-16
Relevant URL: http://www.securityfocus.com/bid/30264
Summary:
OpenPro is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

An attacker can exploit this issue to execute malicious PHP code in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.

OpenPro 1.3.1 is vulnerable; other versions may also be affected.

97. Spring Framework Multiple Remote Vulnerabilities
BugTraq ID: 30263
Remote: Yes
Last Updated: 2008-07-16
Relevant URL: http://www.securityfocus.com/bid/30263
Summary:
Spring Framework is prone to two remote vulnerabilities, including

1. A security vulnerability that may allow unauthorized attackers to add or modify data contained in forms.

2. A security vulnerability that may allow unauthorized attackers to access arbitrary files on the webserver.

Attackers can exploit these issues to gain unauthorized access to files on the webserver or compromise the affected application.

98. Evaria ECMS 'DOCUMENT_ROOT' Parameter Multiple Remote File Include Vulnerabilities
BugTraq ID: 30262
Remote: Yes
Last Updated: 2008-07-16
Relevant URL: http://www.securityfocus.com/bid/30262
Summary:
ECMS is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues can allow an attacker to compromise the application and the underlying system; other attacks are also possible.

ECMS 1.1 is vulnerable; other versions may also be affected.

99. Velocity Security Management System HTTP Server Directory Traversal Vulnerability
BugTraq ID: 30261
Remote: Yes
Last Updated: 2008-07-16
Relevant URL: http://www.securityfocus.com/bid/30261
Summary:
Velocity Security Management System is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input. This issue occurs in the application's HTTP server.

Exploiting this issue will allow an attacker to view arbitrary local files within the context of the webserver. Information harvested may aid in launching further attacks.

Velocity Security Management System 1.0 is vulnerable; other versions may also be affected.

100. Firebird Multiple Denial of Service and Information Disclosure Vulnerabilities
BugTraq ID: 30229
Remote: Yes
Last Updated: 2008-07-15
Relevant URL: http://www.securityfocus.com/bid/30229
Summary:
Firebird is prone to multiple vulnerabilities, including multiple denial-of-service issues and multiple information-disclosure issues.

Attackers can exploit these issues to crash the application, corrupt memory, or obtain potentially sensitive information.

Firebird 2.0.4 and 2.1.0 are vulnerable; other versions may also be affected.

III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Senate amends FISA, allows immunity
By: Robert Lemos
Questions about the Bush Administration's use of wiretapping for much of the past decade will likely remain unanswered, as legislators grant greater international spying powers to U.S. intelligence agencies.
http://www.securityfocus.com/news/11527

2. Alliance forms to fix DNS poisoning flaw
By: Robert Lemos
A group of software and network-hardware makers announce they have banded together to fix a fundamental flaw in the design of the Internet's address system.
http://www.securityfocus.com/news/11526

3. Web surfers, it's time to patch
By: Robert Lemos
Nearly 640 million Internet users visit sites with a behind-the-times Web browser, and that's only the tip of the iceberg, researchers say.
http://www.securityfocus.com/news/11525

4. Breach-notification laws not working?
By: Robert Lemos
Research fails to find a correlation between states with disclosure laws and reduced identity theft, suggesting the best defense for concerned citizens is to take action themselves.
http://www.securityfocus.com/news/11524

IV. SECURITY JOBS LIST SUMMARY
-------------------------------
1. [SJ-JOB] Technical Support Engineer, Columbia
http://www.securityfocus.com/archive/77/494483

2. [SJ-JOB] Sr. Security Engineer, Edison
http://www.securityfocus.com/archive/77/494485

3. [SJ-JOB] Technical Support Engineer, Columbia
http://www.securityfocus.com/archive/77/494486

4. [SJ-JOB] Software Engineer, St. Paul
http://www.securityfocus.com/archive/77/494482

5. [SJ-JOB] Security Engineer, Plano
http://www.securityfocus.com/archive/77/494484

6. [SJ-JOB] Information Assurance Engineer, Columbia
http://www.securityfocus.com/archive/77/494479

7. [SJ-JOB] Application Security Architect, Santa Clara
http://www.securityfocus.com/archive/77/494475

8. [SJ-JOB] Incident Handler, Washington
http://www.securityfocus.com/archive/77/494477

9. [SJ-JOB] Forensics Engineer, Chantilly
http://www.securityfocus.com/archive/77/494478

10. [SJ-JOB] Software Engineer, Chantilly
http://www.securityfocus.com/archive/77/494472

11. [SJ-JOB] Security Engineer, St. Louis
http://www.securityfocus.com/archive/77/494474

12. [SJ-JOB] Sr. Security Analyst, Brampton
http://www.securityfocus.com/archive/77/494476

13. [SJ-JOB] Developer, Chantilly
http://www.securityfocus.com/archive/77/494470

14. [SJ-JOB] Penetration Engineer, Any State/Any City
http://www.securityfocus.com/archive/77/494471

15. [SJ-JOB] Developer, Chantilly
http://www.securityfocus.com/archive/77/494473

16. [SJ-JOB] Security Consultant, Edinburgh
http://www.securityfocus.com/archive/77/494458

17. [SJ-JOB] Sales Engineer, Southern CA
http://www.securityfocus.com/archive/77/494461

18. [SJ-JOB] Sales Engineer, NEW YORK CITY
http://www.securityfocus.com/archive/77/494464

19. [SJ-JOB] Sales Engineer, Dallas
http://www.securityfocus.com/archive/77/494465

20. [SJ-JOB] Security Consultant, Boston
http://www.securityfocus.com/archive/77/494468

21. [SJ-JOB] Sr. Security Engineer, New York / Manhattan / TriBeCa
http://www.securityfocus.com/archive/77/494449

22. [SJ-JOB] Security Consultant, London
http://www.securityfocus.com/archive/77/494452

23. [SJ-JOB] Developer, El Segundo
http://www.securityfocus.com/archive/77/494456

24. [SJ-JOB] Security Engineer, San Antonio
http://www.securityfocus.com/archive/77/494457

25. [SJ-JOB] Sales Engineer, DC Metro Area
http://www.securityfocus.com/archive/77/494459

26. [SJ-JOB] Developer, El Segundo
http://www.securityfocus.com/archive/77/494467

27. [SJ-JOB] Security Engineer, Durham
http://www.securityfocus.com/archive/77/494448

28. [SJ-JOB] Sr. Security Analyst, Atlanta
http://www.securityfocus.com/archive/77/494450

29. [SJ-JOB] Penetration Engineer, Chantilly
http://www.securityfocus.com/archive/77/494460

30. [SJ-JOB] Security Researcher, Chantilly
http://www.securityfocus.com/archive/77/494466

31. [SJ-JOB] Application Security Engineer, Chantilly
http://www.securityfocus.com/archive/77/494447

32. [SJ-JOB] Forensics Engineer, Chantilly
http://www.securityfocus.com/archive/77/494462

33. [SJ-JOB] Security Consultant, Arlington
http://www.securityfocus.com/archive/77/494442

34. [SJ-JOB] Developer, Falls Church
http://www.securityfocus.com/archive/77/494443

35. [SJ-JOB] Security Engineer, Washington
http://www.securityfocus.com/archive/77/494444

36. [SJ-JOB] Threat Analyst, Arlington
http://www.securityfocus.com/archive/77/494454

37. [SJ-JOB] Security Engineer, Arlington
http://www.securityfocus.com/archive/77/494455

38. [SJ-JOB] Sales Representative, Southern CA
http://www.securityfocus.com/archive/77/494439

39. [SJ-JOB] Sales Representative, New York
http://www.securityfocus.com/archive/77/494441

40. [SJ-JOB] Sr. Product Manager, St. Paul
http://www.securityfocus.com/archive/77/494445

41. [SJ-JOB] Security System Administrator, Boston
http://www.securityfocus.com/archive/77/494463

42. [SJ-JOB] Quality Assurance, El Segundo
http://www.securityfocus.com/archive/77/494436

43. [SJ-JOB] Sales Representative, Dallas
http://www.securityfocus.com/archive/77/494437

44. [SJ-JOB] Management, El Segundo
http://www.securityfocus.com/archive/77/494438

45. [SJ-JOB] Sales Representative, NEW YORK CITY
http://www.securityfocus.com/archive/77/494440

V. INCIDENTS LIST SUMMARY
---------------------------
VI. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
X. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

XI. SPONSOR INFORMATION
------------------------
This issue is sponsored by Black Hat USA:

Attend Black Hat USA, August 2-7 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 40 hands-on training courses and 80 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 50 nations. Visit product displays by 30 top sponsors in a relaxed setting.
www.blackhat.com

No comments:

Blog Archive