WINDOWS CENTER: SecurityFocus Newsletter #469

SecurityFocus Newsletter #469
----------------------------------------

This issue is sponsored by Sponsored by Entrust

Securing What's at Risk: A Common Sense Approach to Protecting Users Online
This white paper outlines issues with managing online identities across a diverse customer base when faced with increasing threats. It proposes a common sense approach that matches security to the assessed risk for users, actions and applications.
http://dinclinx.com/Redirect.aspx?36;3123;50;189;0;6;69afcb3dcbdadc26

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.Get Off My Cloud
2.An Astonishing Collaboration
II. BUGTRAQ SUMMARY
1. QwicsitePro 'pageid' Parameter SQL Injection and Cross-Site Scripting Vulnerabilities
2. ACG-ScriptShop E-Gold Script Shop 'cid' Parameter SQL Injection Vulnerability
3. OpenSC CardOS M4 Smart Cards Insecure Permissions Vulnerability
4. WeBid 'config.php' Arbitrary File Upload Vulnerability
5. WordNet Multiple Buffer Overflow Vulnerabilities
6. Siemens Gigaset WLAN Camera Insecure Default Password Vulnerability
7. HP TCP/IP Services for OpenVMS Finger Client Format String Vulnerability
8. Novell eDirectory Multiple Buffer Overflow And Cross-Site Scripting Vulnerabilities
9. Websens CMSbright 'page.php' SQL Injection Vulnerability
10. myPHPNuke 'print.php' SQL Injection and Cross-Site Scripting Vulnerabilities
11. WeBid Multiple Input Validation Vulnerabilities
12. Brim SQL Injection and HTML Injection Vulnerabilities
13. MyioSoft EasyClassifields 'index.php' SQL Injection Vulnerability
14. SourceWorkshop Web directory script 'index.php' SQL Injection Vulnerability
15. e107 BLOG Engine 'macgurublog.php' SQL Injection Vulnerability
16. Slashcode Slash 'Environment.pm' Multiple Input Validation Vulnerabilities
17. BitlBee Unspecified Security Bypass Vulnerability
18. BrewBlogger 'logincheck.inc.php' SQL Injection Vulnerability
19. Postfix Local Information Disclosure and Local Privilege Escalation Vulnerabilities
20. Ruby REXML Remote Denial Of Service Vulnerability
21. GNU ed File Processing 'strip_escapes()' Heap Overflow Vulnerability
22. Firefly Media Server Webserver.C Multiple Format String Vulnerabilities
23. Red Hat Directory Server LDAP Memory Leak Multiple Remote Denial Of Service Vulnerabilities
24. Red Hat Directory Server Crafted Search Pattern Denial of Service Vulnerability
25. Red Hat Directory Server Multiple Cross Site Scripting Vulnerabilities
26. Red Hat Directory Server Accept Language HTTP Headers Buffer Overflow Vulnerability
27. Google Chrome Arbitrary File Download Vulnerability
28. Microsoft September 2008 Advance Notification Multiple Vulnerabilities
29. NETGEAR WN802T Wireless Access Point EAPoL Key Length Denial of Service Vulnerability
30. NETGEAR WN802T With Marvell 88W8361P-BEM1 Chipset WAP Denial of Service Vulnerability
31. Atheros Communications AR5416-AC1E Information Element Denial of Service Vulnerability
32. Mozilla Client Products Multiple Remote Vulnerabilities
33. IrfanView .IFF Format Handling Remote Buffer Overflow Vulnerability
34. LibTiff Double Free Memory Corruption Vulnerability
35. LibTiff TIFFFetchData Integer Overflow Vulnerability
36. LibTiff Multiple Denial of Service Vulnerabilities
37. Words tag script 'index.php' SQL Injection Vulnerability
38. Celerondude Uploader 'account.php' Cross-Site Scripting Vulnerability
39. XRMS CRM Multiple Input Validation Vulnerabilities
40. RETIRED: Microsoft August 2008 Advance Notification Multiple Vulnerabilities
41. Webservice-DIC shop_v50 And shop_v52 Multiple Cross-Site Scripting Vulnerabilities
42. ACG-PTP 'adid' Parameter SQL Injection Vulnerability
43. Sun Java Web Start Multiple Vulnerabilities
44. Sun Java Runtime Environment Font Processing Buffer Overflow Vulnerability
45. Sun Java Runtime Environment XML Data Processing Multiple Vulnerabilities
46. Sun Java Runtime Environment Multiple Unspecified Same Origin Policy Violation Vulnerabilities
47. Multiple Vendor DNS Protocol Insufficient Transaction ID Randomization DNS Spoofing Vulnerability
48. PHP Multiple Buffer Overflow Vulnerabilities
49. libxml2 Recursive Entity Remote Denial of Service Vulnerability
50. Wireshark 1.0.2 Multiple Vulnerabilities
51. Mozilla Products Multiple Remote Vulnerabilities
52. LibTIFF 'tif_lzw.c' Remote Buffer Underflow Vulnerability
53. FreeBSD/amd64 'swapgs' Local Privilege Escalation Vulnerability
54. FreeBSD 'mount(2)' and 'nmount(2)' Multiple Stack Buffer Overflow Vulnerabilities
55. FreeBSD Malformed ICMPv6 Packet Remote Denial Of Service Vulnerability
56. LEADTOOLS Multimedia 'Ltmm15.dll' ActiveX Control Stack Buffer Overflow Vulnerability
57. eZoneScripts Living Local 'listtest.php' SQL Injection Vulnerability
58. Computer Associates ARCserve Backup for Laptops and Desktops Multiple Remote Vulnerabilities
59. aspWebAlbum Multiple Input Validation Vulnerabilities
60. IBM AIX 'swcons' Insecure File Creation Vulnerability
61. Moodle Multiple Remote File Include Vulnerabilities
62. ClamAV 'chmunpack.c' Invalid Memory Access Denial Of Service Vulnerability
63. Cisco Secure ACS EAP-Response Packet Parsing Denial of Service Vulnerability
64. Cisco PIX and Cisco ASA Multiple Denial of Service and Information Disclosure Vulnerabilities
65. Open-FTPD Multiple Command Remote Denial of Service Vulnerabilities
66. @Mail and @Mail WebMail Multiple Cross-Site Scripting Vulnerabilities
67. Novell iPrint Client 'IppCreateServerRef()' Remote Buffer Overflow Vulnerability
68. Google Chrome Remote Denial of Service Vulnerability
69. eliteCMS 'page' Parameter SQL Injection Vulnerability
70. Open Media Collectors Database Multiple Cross Site Scripting Vulnerabilities
71. 3Com Wireless 8760 Dual-Radio 11a/b/g PoE HTTP POST Request Denial of Service Vulnerability
72. AVTECH PageR Enterprise Directory Traversal Vulnerability
73. Spice Classifieds 'index.php' SQL Injection Vulnerability
74. HP OpenView Network Node Manager Multiple Denial of Service Vulnerabilities
75. IDevSpot BizDirectory 'page' Parameter Cross-Site Scripting Vulnerability
76. CS-Cart 'core/user.php' SQL Injection Vulnerability
77. Postfix 'epoll' Linux Event Handler Local Denial of Service Vulnerability
78. Softalk Mail Server 'APPEND' Command Remote Denial of Service Vulnerability
79. Vacation Rental Script 'index.php' SQL Injection Vulnerability
80. AJ HYIP Acme 'readarticle.php' SQL Injection Vulnerability
81. AJ HYIP Acme 'comment.php' SQL Injection Vulnerability
82. Kyocera Command Center Directory Traversal Vulnerability
83. Debian scratchbox2 Insecure Temporary File Creation Vulnerabilities
84. Debian scilab-bin Insecure Temporary File Creation Vulnerabilities
85. Debian realtimebattle-common Insecure Temporary File Creation Vulnerability
86. SNG Insecure Temporary File Creation Vulnerability
87. Cadsoft Video Disk Recorder Insecure Temporary File Creation Vulnerability
88. Newsbeuter Crafted URI Remote Arbitrary Shell Command Injection Vulnerability
89. AlcoveBook sgml2x Insecure Temporary File Creation Vulnerability
90. Full PHP Emlak Script 'landsee.php' SQL Injection Vulnerability
91. Libpng Library Remote Denial of Service Vulnerability
92. Reciprocal Links Manager 'site' Parameter SQL Injection Vulnerability
93. PHP Coupon Script 'index.php' SQL Injection Vulnerability
94. myPHPNuke 'printfeature.php' SQL Injection Vulnerability
95. GenPortal 'buscarCat.php' Cross-Site Scripting Vulnerability
96. Parallels Plesk Shortnames Open Email Relay Vulnerability
97. Debian rccp Insecure Temporary File Creation Vulnerability
98. Debian rancid-util 'getipacctg' Insecure Temporary File Creation Vulnerability
99. Radiance Insecure Temporary File Creation Vulnerabilities
100. Novell IDM Cross Site Scripting and HTML Injection Vulnerabilities
III. SECURITYFOCUS NEWS
1. Security of Google's browser gets mixed marks
2. Online intruders hit Red Hat, Fedora Project
3. Researchers race to zero in record time
4. Gov't charges alleged TJX credit-card thieves
IV. SECURITY JOBS LIST SUMMARY
1. [SJ-JOB] Sr. Security Analyst, Temple Terrace
2. [SJ-JOB] Application Security Engineer, London
3. [SJ-JOB] Application Security Engineer, London
4. [SJ-JOB] Threat Analyst, Florham Park
5. [SJ-JOB] Developer, Calgary
6. [SJ-JOB] Application Security Engineer, Bangalore
7. [SJ-JOB] Security Engineer, New York
8. [SJ-JOB] Developer, Calgary
9. [SJ-JOB] Forensics Engineer, Pittsburgh
10. [SJ-JOB] Security Consultant, Any City
11. [SJ-JOB] Jr. Security Analyst, Pittsburgh
12. [SJ-JOB] Sr. Security Analyst, Pittsburgh
13. [SJ-JOB] Instructor, Princeton
14. [SJ-JOB] Security Architect, Pittsburgh
15. [SJ-JOB] Application Security Architect, Arlington
16. [SJ-JOB] Application Security Engineer, Washington D.C.
17. [SJ-JOB] Security System Administrator, London
V. INCIDENTS LIST SUMMARY
VI. VULN-DEV RESEARCH LIST SUMMARY
VII. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #409
VIII. SUN FOCUS LIST SUMMARY
IX. LINUX FOCUS LIST SUMMARY
X. UNSUBSCRIBE INSTRUCTIONS
XI. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.Get Off My Cloud
By Mark Rasch
One of the features of Apple's device that appeals to me is the new MobileMe service, where you can "access and manage your email, contacts, calendar, photos, and files at me.com," according to Apple.
More companies, among them Microsoft and Google, already allow people to store information and use common services online -- or "in the cloud" -- leading analysts to refer to the entire trend as "cloud computing."
http://www.securityfocus.com/columnists/478

2.An Astonishing Collaboration
By Dan Kaminsky
Wow. It's out. It's finally, finally out. Sweet!
http://www.securityfocus.com/columnists/477

II. BUGTRAQ SUMMARY
--------------------
1. QwicsitePro 'pageid' Parameter SQL Injection and Cross-Site Scripting Vulnerabilities
BugTraq ID: 31016
Remote: Yes
Last Updated: 2008-09-04
Relevant URL: http://www.securityfocus.com/bid/31016
Summary:
QwicsitePro is prone to an SQL-injection vulnerability and a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage the cross-site scripting issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

The attacker may exploit the SQL-injection issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

2. ACG-ScriptShop E-Gold Script Shop 'cid' Parameter SQL Injection Vulnerability
BugTraq ID: 31015
Remote: Yes
Last Updated: 2008-09-04
Relevant URL: http://www.securityfocus.com/bid/31015
Summary:
ACG-ScriptShop E-Gold Script Shop is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

3. OpenSC CardOS M4 Smart Cards Insecure Permissions Vulnerability
BugTraq ID: 30473
Remote: No
Last Updated: 2008-09-02
Relevant URL: http://www.securityfocus.com/bid/30473
Summary:
OpenSC insecurely initializes smart cards and USB crypto tokens based on Seimens CardOS M4.

Attackers can leverage this issue to change the PIN number on a card without having knowledge of the existing PIN or PUK number. Successfully exploiting this issue allows attackers to use the card in further attacks.

NOTE: This issue cannot be leveraged to access an existing PIN number.

This issue occurs in versions prior to OpenSC 0.11.6.

4. WeBid 'config.php' Arbitrary File Upload Vulnerability
BugTraq ID: 30950
Remote: Yes
Last Updated: 2008-09-02
Relevant URL: http://www.securityfocus.com/bid/30950
Summary:
WeBid is prone to a vulnerability that lets remote attackers upload and execute arbitrary script code on an affected computer with the privileges of the webserver process. The issue occurs because the application fails to sanitize user-supplied input.

WeBid 0.5.4 is vulnerable; other versions may also be affected.

5. WordNet Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 29208
Remote: Yes
Last Updated: 2008-09-02
Relevant URL: http://www.securityfocus.com/bid/29208
Summary:
WordNet is prone to multiple buffer-overflow vulnerabilities because the application fails to properly bounds-check user-supplied input.

Successful exploits may allow attackers to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely result in a denial of service.

Note that these vulnerabilities occur when WordNet is used as a backend in web applications. The issues can be exploited through a web application that supplies input to WordNet.

The issues affect WordNet 2.0, 2.1, and 3.0; other versions may also be vulnerable.

6. Siemens Gigaset WLAN Camera Insecure Default Password Vulnerability
BugTraq ID: 30973
Remote: Yes
Last Updated: 2008-09-02
Relevant URL: http://www.securityfocus.com/bid/30973
Summary:
Siemens Gigaset WLAN Camera is reported prone to an insecure-default-password vulnerability.

A remote attacker with knowledge of the default credentials may exploit this vulnerability to gain unauthorized access to the application.

Siemens Gigaset WLAN Camera firmware 1.27 is vulnerable; other versions may also be affected.

7. HP TCP/IP Services for OpenVMS Finger Client Format String Vulnerability
BugTraq ID: 30948
Remote: Yes
Last Updated: 2008-09-02
Relevant URL: http://www.securityfocus.com/bid/30948
Summary:
The HP OpenVMS finger client is prone to a format-string vulnerability because it fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function.

An attacker may exploit this issue to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will likely result in a denial-of-service condition.

This issue affects HP TCP/IP Services for OpenVMS 5.x.

8. Novell eDirectory Multiple Buffer Overflow And Cross-Site Scripting Vulnerabilities
BugTraq ID: 30947
Remote: Yes
Last Updated: 2008-09-02
Relevant URL: http://www.securityfocus.com/bid/30947
Summary:
Novell eDirectory is prone to multiple buffer-overflow and multiple cross-site scripting vulnerabilities.

Successful exploitation of buffer-overflow vulnerabilities may allow attackers to execute arbitrary code in the context of the application. This may result in a compromise of the underlying system. Failed attempts may lead to a denial-of-service condition.

Exploiting cross-site scripting vulnerabilities may allow an attacker to steal cookie-based information or execute script code in the context of the browser of an unsuspecting user.

Versions prior to Novell eDirectory 8.8 SP3 are vulnerable.

9. Websens CMSbright 'page.php' SQL Injection Vulnerability
BugTraq ID: 30946
Remote: Yes
Last Updated: 2008-09-02
Relevant URL: http://www.securityfocus.com/bid/30946
Summary:
CMSbright is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

10. myPHPNuke 'print.php' SQL Injection and Cross-Site Scripting Vulnerabilities
BugTraq ID: 30942
Remote: Yes
Last Updated: 2008-09-02
Relevant URL: http://www.securityfocus.com/bid/30942
Summary:
myPHPNuke is prone to an SQL-injection vulnerability and a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

Attackers may exploit the SQL-injection issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Versions prior to myPHPNuke 1.8.8_8rc2 are vulnerable.

NOTE: myPHPNuke 1.8.8_8rc2 has been reported still vulnerable to certain limited SQL-injection attacks.

11. WeBid Multiple Input Validation Vulnerabilities
BugTraq ID: 30945
Remote: Yes
Last Updated: 2008-09-02
Relevant URL: http://www.securityfocus.com/bid/30945
Summary:
WeBid is prone to multiple input-validation vulnerabilities:

- SQL-injection issues
- an information-disclosure issue
- a security-bypass issue

Exploiting these issues could allow an attacker to obtain sensitive information, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

WeBid 0.5.4 is vulnerable to the issues; other versions may also be affected.

12. Brim SQL Injection and HTML Injection Vulnerabilities
BugTraq ID: 30944
Remote: Yes
Last Updated: 2008-09-02
Relevant URL: http://www.securityfocus.com/bid/30944
Summary:
Brim is prone to multiple input-validation vulnerabilities, including multiple SQL-injection issues and an HTML-injection issue.

Attackers can exploit these issues to steal cookie-based authentication credentials from legitimate users of the site, modify the way the site is rendered, access or modify data, or exploit latent vulnerabilities in the underlying database.

Brim 2.0.0 is vulnerable; other versions may also be affected.

13. MyioSoft EasyClassifields 'index.php' SQL Injection Vulnerability
BugTraq ID: 30943
Remote: Yes
Last Updated: 2008-09-02
Relevant URL: http://www.securityfocus.com/bid/30943
Summary:
EasyClassifields is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

EasyClassifields 3.0 is vulnerable; other versions may also be affected.

14. SourceWorkshop Web directory script 'index.php' SQL Injection Vulnerability
BugTraq ID: 30941
Remote: Yes
Last Updated: 2008-09-02
Relevant URL: http://www.securityfocus.com/bid/30941
Summary:
Web directory script is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Web directory script 1.5.3 is vulnerable to this issue; other versions may be affected as well.

15. e107 BLOG Engine 'macgurublog.php' SQL Injection Vulnerability
BugTraq ID: 29344
Remote: Yes
Last Updated: 2008-09-02
Relevant URL: http://www.securityfocus.com/bid/29344
Summary:
e107 BLOG Engine is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

e107 BLOG Engine 2.2 is vulnerable; other versions may also be affected.

16. Slashcode Slash 'Environment.pm' Multiple Input Validation Vulnerabilities
BugTraq ID: 29548
Remote: Yes
Last Updated: 2008-09-02
Relevant URL: http://www.securityfocus.com/bid/29548
Summary:
Slash is prone to multiple input-validation vulnerabilities, including an SQL-injection issue and a cross-site scripting issue, because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Slash 2.2.6 and prior versions are vulnerable.

17. BitlBee Unspecified Security Bypass Vulnerability
BugTraq ID: 30858
Remote: Yes
Last Updated: 2008-09-02
Relevant URL: http://www.securityfocus.com/bid/30858
Summary:
BitlBee is prone to an unspecified security-bypass vulnerability.

Successfully exploiting this issue may allow attackers to recreate or hijack user accounts on the system. Gaining access to these accounts may aid in further attacks.

Versions prior to BitlBee 1.2.2 are vulnerable.

18. BrewBlogger 'logincheck.inc.php' SQL Injection Vulnerability
BugTraq ID: 30133
Remote: Yes
Last Updated: 2008-09-02
Relevant URL: http://www.securityfocus.com/bid/30133
Summary:
BrewBlogger is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

BrewBlogger 2.1.0.1 is vulnerable; other versions may also be affected.

19. Postfix Local Information Disclosure and Local Privilege Escalation Vulnerabilities
BugTraq ID: 30691
Remote: No
Last Updated: 2008-09-02
Relevant URL: http://www.securityfocus.com/bid/30691
Summary:
Postfix is prone to a local privilege-escalation vulnerability and a local information-disclosure vulnerability.

Local attackers can exploit this issue to read other users' mail or execute arbitrary commands with superuser privileges.

Versions prior to Postfix 2.5.4 Patchlevel 4 are vulnerable.

20. Ruby REXML Remote Denial Of Service Vulnerability
BugTraq ID: 30802
Remote: Yes
Last Updated: 2008-09-02
Relevant URL: http://www.securityfocus.com/bid/30802
Summary:
Ruby is prone to a remote denial-of-service vulnerability in its REXML module.

Successful exploits may allow remote attackers to cause denial-of-service conditions in applications that use the vulnerable module.

Versions up to and including Ruby 1.9.0-3 are vulnerable.

21. GNU ed File Processing 'strip_escapes()' Heap Overflow Vulnerability
BugTraq ID: 30815
Remote: Yes
Last Updated: 2008-09-02
Relevant URL: http://www.securityfocus.com/bid/30815
Summary:
GNU ed is prone to a heap-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input.

Successfully exploiting this issue allows attackers to execute arbitrary code with the privileges of a user running the application. Failed exploit attempts will result in a denial-of-service condition.

Versions prior to GNU ed 1.0 are vulnerable.

22. Firefly Media Server Webserver.C Multiple Format String Vulnerabilities
BugTraq ID: 26310
Remote: Yes
Last Updated: 2008-09-02
Relevant URL: http://www.securityfocus.com/bid/26310
Summary:
Firefly Media Server (formerly known as mt-daapd) is affected by multiple format-string vulnerabilities because the application fails to adequately sanitize user-supplied input before passing it as the format-specifier to a formatted-printing function.

Exploiting these issues can allow remote attackers to execute arbitrary code in the context of the application.

Versions prior to Firefly Media Server 0.2.4.1 are affected.

23. Red Hat Directory Server LDAP Memory Leak Multiple Remote Denial Of Service Vulnerabilities
BugTraq ID: 30872
Remote: Yes
Last Updated: 2008-09-02
Relevant URL: http://www.securityfocus.com/bid/30872
Summary:
Red Hat Directory Server is prone to multiple remote denial-of-service vulnerabilities.

An attacker can exploit these issues to crash the server, denying access to legitimate users.

Directory Server 7.1, 8 EL4, and 8 EL5 are vulnerable.

24. Red Hat Directory Server Crafted Search Pattern Denial of Service Vulnerability
BugTraq ID: 30871
Remote: Yes
Last Updated: 2008-09-02
Relevant URL: http://www.securityfocus.com/bid/30871
Summary:
Red Hat Directory Server is prone to a denial-of-service vulnerability because the server fails to handle specially crafted search patterns.

An attacker can exploit this issue to consume CPU resources with one search request, effectively blocking additional search requests from executing. Legitimate users may be prevented from authenticating to network resources that use the affected server for authentication.

Red Hat Directory Server 7.1 and 8 are affected.

25. Red Hat Directory Server Multiple Cross Site Scripting Vulnerabilities
BugTraq ID: 30870
Remote: Yes
Last Updated: 2008-09-02
Relevant URL: http://www.securityfocus.com/bid/30870
Summary:
Red Hat Directory Server is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

26. Red Hat Directory Server Accept Language HTTP Headers Buffer Overflow Vulnerability
BugTraq ID: 30869
Remote: Yes
Last Updated: 2008-09-02
Relevant URL: http://www.securityfocus.com/bid/30869
Summary:
Red Hat Directory Server is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

Attackers could exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely cause denial-of-service conditions.

NOTE: The Administration Server of Directory Server usually runs with superuser privileges.

The following are affected:

- Red Hat Directory Server 7.1
- Versions prior to 'adminutil' 1.1.7

27. Google Chrome Arbitrary File Download Vulnerability
BugTraq ID: 31000
Remote: Yes
Last Updated: 2008-09-04
Relevant URL: http://www.securityfocus.com/bid/31000
Summary:
Google Chrome is prone to a security vulnerability because the application allows users to download arbitrary files without confirmation.

This issue may allow attackers to perform social-engineering or other attacks to trick users into downloading a malicious file.

28. Microsoft September 2008 Advance Notification Multiple Vulnerabilities
BugTraq ID: 31014
Remote: Yes
Last Updated: 2008-09-04
Relevant URL: http://www.securityfocus.com/bid/31014
Summary:
Microsoft has released advance notification that the vendor will be releasing four security bulletins on September 9, 2008. The highest severity rating for these issues is 'Critical'.

Successfully exploiting these issues may allow remote or local attackers to compromise affected computers.

Individual records will be created to document the issues when the bulletins are released.

29. NETGEAR WN802T Wireless Access Point EAPoL Key Length Denial of Service Vulnerability
BugTraq ID: 31013
Remote: Yes
Last Updated: 2008-09-04
Relevant URL: http://www.securityfocus.com/bid/31013
Summary:
The NETGEAR WN802T wireless access point is prone to a denial-of-service vulnerability because it fails to adequately handle long key lengths in EAPoL packets.

Successful exploits will deny service to legitimate users. Given the nature of this issue, remote code execution may be possible, but this has not been confirmed.

NETGEAR WN802T firmware 1.3.16 with the MARVELL 88W8361P-BEM1 chipset is vulnerable. Other devices running this Marvell chipset may also be affected.

30. NETGEAR WN802T With Marvell 88W8361P-BEM1 Chipset WAP Denial of Service Vulnerability
BugTraq ID: 30976
Remote: Yes
Last Updated: 2008-09-04
Relevant URL: http://www.securityfocus.com/bid/30976
Summary:
The NETGEAR WN802T wireless access point is prone to a denial-of-service vulnerability because it fails to adequately verify user-supplied input.

Attackers can exploit this issue to hang or reboot the device, denying service to legitimate users.

The NETGEAR WN802T wireless access point running firmware 1.3.16 on the Marvell 88W8361P-BEM1 chipset is vulnerable. Other devices running this Marvell chipset may also be affected.

31. Atheros Communications AR5416-AC1E Information Element Denial of Service Vulnerability
BugTraq ID: 31012
Remote: Yes
Last Updated: 2008-09-04
Relevant URL: http://www.securityfocus.com/bid/31012
Summary:
Atheros Communications AR5416-AC1E is prone to a denial-of-service vulnerability because it fails to perform adequate boundary checks on user-supplied data.

Attackers can exploit this issue to crash the affected device that uses the chipset, denying service to legitimate users. Given the nature of this issue, attackers may also be able to run arbitrary code, but this has not been confirmed.

Atheros AR5416-AC1E included in Linksys WRT35ON wireless router running firmware 2.00.17 is vulnerable; other devices running different firmware may also be affected.

32. Mozilla Client Products Multiple Remote Vulnerabilities
BugTraq ID: 20957
Remote: Yes
Last Updated: 2008-09-04
Relevant URL: http://www.securityfocus.com/bid/20957
Summary:
The Mozilla Foundation has released two security advisories specifying vulnerabilities in Mozilla Firefox, SeaMonkey, and Thunderbird.

These vulnerabilities allow attackers to:

- Crash the applications and potentially execute arbitrary machine code in the context of the vulnerable applications.
- Run arbitrary JavaScript bytecode.

Other attacks may also be possible.

The issues described here will be split into individual BIDs as more information becomes available.

These issues are fixed in:

Mozilla Firefox 1.5.0.8
Mozilla Thunderbird 1.5.0.8
Mozilla SeaMonkey 1.0.6

33. IrfanView .IFF Format Handling Remote Buffer Overflow Vulnerability
BugTraq ID: 23692
Remote: Yes
Last Updated: 2008-09-04
Relevant URL: http://www.securityfocus.com/bid/23692
Summary:
IrfanView is prone to a remote buffer-overflow vulnerability because the software fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

Successful exploits allow remote attackers to execute arbitrary machine code in the context of the vulnerable application. Failed exploit attempts likely result in denial-of-service conditions.

IrfanView 4.00 is vulnerable; other versions may also be affected.

34. LibTiff Double Free Memory Corruption Vulnerability
BugTraq ID: 17733
Remote: Yes
Last Updated: 2008-09-04
Relevant URL: http://www.securityfocus.com/bid/17733
Summary:
Applications using the LibTIFF library are prone to a double-free vulnerability; a fix is available.

Attackers may be able to exploit this issue to cause denial-of-service conditions in affected applications using a vulnerable version of the library; arbitrary code execution may also be possible.

35. LibTiff TIFFFetchData Integer Overflow Vulnerability
BugTraq ID: 17732
Remote: Yes
Last Updated: 2008-09-04
Relevant URL: http://www.securityfocus.com/bid/17732
Summary:
Applications using the LibTIFF library are prone to an integer-overflow vulnerability.

An attacker could exploit this vulnerability to execute arbitrary code in the context of the vulnerable application that uses the affected library. Failed exploit attempts will likely cause denial-of-service conditions.

36. LibTiff Multiple Denial of Service Vulnerabilities
BugTraq ID: 17730
Remote: Yes
Last Updated: 2008-09-04
Relevant URL: http://www.securityfocus.com/bid/17730
Summary:
LibTIFF is affected by multiple denial-of-service vulnerabilities.

An attacker can exploit these vulnerabilities to cause a denial of service in applications using the affected library.

37. Words tag script 'index.php' SQL Injection Vulnerability
BugTraq ID: 31011
Remote: Yes
Last Updated: 2008-09-04
Relevant URL: http://www.securityfocus.com/bid/31011
Summary:
Words tag script is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Words tag script 1.2 is vulnerable; other versions may also be affected.

38. Celerondude Uploader 'account.php' Cross-Site Scripting Vulnerability
BugTraq ID: 31010
Remote: Yes
Last Updated: 2008-09-04
Relevant URL: http://www.securityfocus.com/bid/31010
Summary:
Celerondude Uploader is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Celerondude Uploader 6.1 is vulnerable; other versions may also be affected.

39. XRMS CRM Multiple Input Validation Vulnerabilities
BugTraq ID: 31008
Remote: Yes
Last Updated: 2008-09-04
Relevant URL: http://www.securityfocus.com/bid/31008
Summary:
XRMS CRM is prone to multiple input-validation vulnerabilities, including an unspecified SQL-injection issue, an HTML-injection issue, and multiple cross-site scripting issues. The vulnerabilities occur because the application fails to sufficiently sanitize user-supplied data.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, control how the site is rendered to the user, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

40. RETIRED: Microsoft August 2008 Advance Notification Multiple Vulnerabilities
BugTraq ID: 30593
Remote: Yes
Last Updated: 2008-09-04
Relevant URL: http://www.securityfocus.com/bid/30593
Summary:
Microsoft has released advance notification that the vendor will be releasing 12 security bulletins on August 12, 2008. The highest severity rating for these issues is 'Critical'.

Successfully exploiting these issues may allow remote or local attackers to compromise affected computers.

These issues are documented in the following individual records:

30114 Snapshot Viewer for Microsoft Access ActiveX Control Arbitrary File Download Vulnerability
30124 Microsoft Word Unspecified Remote Code Execution Vulnerability
30638 Microsoft Excel Indexing Validation Remote Code Execution Vulnerability
30639 Microsoft Excel Index Array Remote Code Execution Vulnerability
30640 Microsoft Excel Record Parsing Remote Code Execution Vulnerability
30641 Microsoft Excel Credential Caching Vulnerability
30595 Microsoft Office Malformed EPS Filter Remote Code Execution Vulnerability
30597 Microsoft Office Malformed Malformed PICT Filter Remote Code Execution Vulnerability
30598 Microsoft Office PICT Filter Parsing Remote Code Execution Vulnerability
30599 Microsoft Office Malformed BMP Filter Remote Code Execution Vulnerability
30600 Microsoft Office WPG Image File Remote Code Execution Vulnerability
30614 Microsoft Internet Explorer HTML Object Memory Corruption Vulnerability
28295 Microsoft Internet Explorer CreateTextRange.text Denial of Service Vulnerability
30611 Microsoft Internet Explorer Uninitialized Memory Corruption Vulnerability
30613 Microsoft Internet Explorer HTML Objects Variant Memory Corruption Vulnerability
30610 Microsoft Internet Explorer HTML Objects Variant 2 Memory Corruption Vulnerability
30612 Microsoft Internet Explorer Argument Handling Memory Corruption Vulnerability
30594 Microsoft Windows Image Color Management Remote Code Execution Vulnerability
30634 Microsoft Windows IPsec Information Disclosure Vulnerability
30585 Microsoft Outlook Express And Windows Mail MHTML Handler Information Disclosure Vulnerability
30584 Microsoft Windows Event System User Subscription Request Remote Code Execution Vulnerability
30586 Microsoft Windows Event System Array Index Verification Remote Code Execution Vulnerability
30551 Microsoft Messaging Applications ActiveX Control Information Disclosure Vulnerability
30552 Microsoft PowerPoint Picture Index Remote Code Execution Vulnerability
30554 Microsoft PowerPoint Picture Index Variant Remote Code Execution Vulnerability
30579 Microsoft PowerPoint List Value Parsing Remote Code Execution Vulnerability

41. Webservice-DIC shop_v50 And shop_v52 Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 31006
Remote: Yes
Last Updated: 2008-09-04
Relevant URL: http://www.securityfocus.com/bid/31006
Summary:
Webservice-DIC shop_v50 and shop_v52 are prone to multiple cross-site scripting vulnerabilities because the applications fail to properly sanitize user-supplied input.

These issues affect the following versions:

shop_v50 3.0 and prior versions
shop_v52 2.0 and prior versions

42. ACG-PTP 'adid' Parameter SQL Injection Vulnerability
BugTraq ID: 31005
Remote: Yes
Last Updated: 2008-09-04
Relevant URL: http://www.securityfocus.com/bid/31005
Summary:
ACG-PTP is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

ACG-PTP 1.0.6 is vulnerable; other versions may also be affected.

43. Sun Java Web Start Multiple Vulnerabilities
BugTraq ID: 30148
Remote: Yes
Last Updated: 2008-09-04
Relevant URL: http://www.securityfocus.com/bid/30148
Summary:
Sun Java Web Start is prone to multiple vulnerabilities, including buffer-overflow, privilege-escalation, and information-disclosure issues.

Successful exploits may allow attackers to execute arbitrary code, obtain information, or read, write, and execute arbitrary local files in the context of the user running a malicious Web Start application. This may result in a compromise of the underlying system.

This issue affects the following versions:

JDK and JRE 6 Update 6 and earlier
JDK and JRE 5.0 Update 15 and earlier
SDK and JRE 1.4.2_17 and earlier

44. Sun Java Runtime Environment Font Processing Buffer Overflow Vulnerability
BugTraq ID: 30147
Remote: Yes
Last Updated: 2008-09-04
Relevant URL: http://www.securityfocus.com/bid/30147
Summary:
Sun Java Runtime Environment is prone to a buffer-overflow vulnerability when running untrusted applications or applets.

Successful exploits may allow attackers to read, write, or execute arbitrary local files in the context of the user running an untrusted application. This may result in a compromise of the underlying system.

This issue affects the following versions on Solaris, Windows, and Linux:

JDK and JRE 5.0 Update 9 and earlier
SDK and JRE 1.4.2_17 and earlier
SDK and JRE 1.3.1_22 and earlier

45. Sun Java Runtime Environment XML Data Processing Multiple Vulnerabilities
BugTraq ID: 30143
Remote: Yes
Last Updated: 2008-09-04
Relevant URL: http://www.securityfocus.com/bid/30143
Summary:
Sun Java Runtime Environment is prone to multiple remote vulnerabilities.

An attacker can exploit these issues to obtain sensitive information or crash the affected application, denying service to legitimate users.

These issues affect the following versions on Solaris, Linux, and Windows platforms:

JDK and JRE 6 Update 6 and earlier
JDK and JRE 5.0 Update 15 and earlier

46. Sun Java Runtime Environment Multiple Unspecified Same Origin Policy Violation Vulnerabilities
BugTraq ID: 30140
Remote: Yes
Last Updated: 2008-09-04
Relevant URL: http://www.securityfocus.com/bid/30140
Summary:
Sun Java Runtime Environment is prone to multiple unspecified vulnerabilities that allow attackers to bypass the same-origin policy. This issue occurs because the application fails to properly enforce the same-origin policy for Java applets.

An attacker may create a malicious applet that is loaded from a remote system to circumvent network access restrictions.

The following are affected:

JDK and JRE 6 Update 6 and earlier
JDK and JRE 5.0 Update 15 and earlier
SDK and JRE 1.4.2_17 and earlier
SDK and JRE 1.3.x_22 and earlier

47. Multiple Vendor DNS Protocol Insufficient Transaction ID Randomization DNS Spoofing Vulnerability
BugTraq ID: 30131
Remote: Yes
Last Updated: 2008-09-04
Relevant URL: http://www.securityfocus.com/bid/30131
Summary:
Multiple vendors' implementations of the DNS protocol are prone to a DNS-spoofing vulnerability because the software fails to securely implement random values when performing DNS queries.

Successfully exploiting this issue allows remote attackers to spoof DNS replies, allowing them to redirect network traffic and to launch man-in-the-middle attacks.

This issue affects Microsoft Windows DNS Clients and Servers, ISC BIND 8 and 9, and multiple Cisco IOS releases; other DNS implementations may also be vulnerable.

48. PHP Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 30649
Remote: Yes
Last Updated: 2008-09-04
Relevant URL: http://www.securityfocus.com/bid/30649
Summary:
PHP is prone to multiple buffer-overflow vulnerabilities.

Successful exploits may allow attackers to execute arbitrary code in the context of applications using the vulnerable PHP functions. This may result in a compromise of the underlying system. Failed attempts may lead to a denial-of-service condition.

Versions prior to PHP 4.4.9 are vulnerable.

49. libxml2 Recursive Entity Remote Denial of Service Vulnerability
BugTraq ID: 30783
Remote: Yes
Last Updated: 2008-09-04
Relevant URL: http://www.securityfocus.com/bid/30783
Summary:
The libxml2 library is prone to a denial-of-service vulnerability.

An attacker can exploit this issue to cause the library to consume an excessive amount of memory, denying service to legitimate users.

50. Wireshark 1.0.2 Multiple Vulnerabilities
BugTraq ID: 31009
Remote: Yes
Last Updated: 2008-09-04
Relevant URL: http://www.securityfocus.com/bid/31009
Summary:
Wireshark is prone to multiple vulnerabilities, including buffer-overflow and denial-of-service issues.

Exploiting these issues may allow attackers to crash the application and deny service to legitimate users. Attackers may be able to leverage some of these vulnerabilities to execute arbitrary code, but this has not been confirmed.

These issues affect Wireshark 0.9.7 up to and including 1.0.2.

51. Mozilla Products Multiple Remote Vulnerabilities
BugTraq ID: 24242
Remote: Yes
Last Updated: 2008-09-04
Relevant URL: http://www.securityfocus.com/bid/24242
Summary:
The Mozilla Foundation has released six security advisories specifying vulnerabilities in Firefox, SeaMonkey, and Thunderbird.

These vulnerabilities allow attackers to:

- Execute arbitrary code
- Cause denial-of-service conditions
- Perform cross-site scripting attacks
- Obtain potentially sensitive information
- Spoof legitimate content

Other attacks may also be possible.

52. LibTIFF 'tif_lzw.c' Remote Buffer Underflow Vulnerability
BugTraq ID: 30832
Remote: Yes
Last Updated: 2008-09-03
Relevant URL: http://www.securityfocus.com/bid/30832
Summary:
LibTIFF is prone to a remote buffer-underflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary malicious code in the context of the user running an application that uses the affected library. Failed exploit attempts will likely crash applications using the affected library.

LibTIFF 3.7.2 and 3.8.2 are vulnerable.

53. FreeBSD/amd64 'swapgs' Local Privilege Escalation Vulnerability
BugTraq ID: 31003
Remote: No
Last Updated: 2008-09-03
Relevant URL: http://www.securityfocus.com/bid/31003
Summary:
FreeBSD/amd64 is prone to a local privilege-escalation vulnerability.

An attacker can exploit this vulnerability to run arbitrary code with elevated privileges.

FreeBSD/amd64 6.3 and 7.0 are vulnerable to this issue; fixes are available.

54. FreeBSD 'mount(2)' and 'nmount(2)' Multiple Stack Buffer Overflow Vulnerabilities
BugTraq ID: 31002
Remote: No
Last Updated: 2008-09-03
Relevant URL: http://www.securityfocus.com/bid/31002
Summary:
FreeBSD is prone to multiple stack-based buffer-overflow vulnerabilities because the kernel fails to perform adequate boundary checks on user-supplied data.

A local attacker can exploit these issues to execute arbitrary code with kernel-level privileges. Successfully exploiting these issues will result in the complete compromise of affected computers. Failed exploit attempts will cause a denial-of-service condition.

FreeBSD 7.0-RELEASE and 7.0-STABLE are vulnerable.

55. FreeBSD Malformed ICMPv6 Packet Remote Denial Of Service Vulnerability
BugTraq ID: 31004
Remote: Yes
Last Updated: 2008-09-03
Relevant URL: http://www.securityfocus.com/bid/31004
Summary:
FreeBSD is prone to a remote denial-of-service vulnerability.

Remote attackers can exploit this issue to cause the kernel's TCP stack to panic, denying service to legitimate users.

56. LEADTOOLS Multimedia 'Ltmm15.dll' ActiveX Control Stack Buffer Overflow Vulnerability
BugTraq ID: 24035
Remote: Yes
Last Updated: 2008-09-03
Relevant URL: http://www.securityfocus.com/bid/24035
Summary:
LEADTOOLS Multimedia is prone to a stack-based buffer-overflow vulnerability because the software fails to adequately check boundaries on data supplied to an ActiveX control method.

An attacker can exploit this issue to execute arbitrary code in the context of a user running the application. Failed attempts will likely result in denial-of-service conditions.

LEADTOOLS Multimedia 15 is vulnerable; other versions may also be affected.

NOTE: The 'Ltmm15.dll' ActiveX control is included in Digital Music Mentor 2.6.0.4. Other applications may also include the ActiveX control.

57. eZoneScripts Living Local 'listtest.php' SQL Injection Vulnerability
BugTraq ID: 31001
Remote: Yes
Last Updated: 2008-09-03
Relevant URL: http://www.securityfocus.com/bid/31001
Summary:
eZoneScripts Living Local is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

58. Computer Associates ARCserve Backup for Laptops and Desktops Multiple Remote Vulnerabilities
BugTraq ID: 28616
Remote: Yes
Last Updated: 2008-09-03
Relevant URL: http://www.securityfocus.com/bid/28616
Summary:
Computer Associates ARCserve Backup for Laptops and Desktops is prone to multiple remote issues, including a buffer-overflow vulnerability and a denial-of-service vulnerability.

Successfully exploiting these issues allows remote attackers to execute arbitrary machine code with SYSTEM-level privileges. This will result in a complete compromise of affected computers. Attackers may also trigger application crashes, denying service to legitimate users.

These issues are related to the ones documented in BID 24348 (Computer Associates ARCserve Backup Multiple Remote Buffer Overflow Vulnerabilities). The fixes for CVE-2007-3216 and CVE-2007-5005 did not completely resolve the previous issues.

59. aspWebAlbum Multiple Input Validation Vulnerabilities
BugTraq ID: 30996
Remote: Yes
Last Updated: 2008-09-03
Relevant URL: http://www.securityfocus.com/bid/30996
Summary:
aspWebAlbum is prone to multiple input-validation vulnerabilities because it fails to adequately sanitize user-supplied input. These vulnerabilities include a cross-site scripting issue, an SQL-injection issue, and an arbitrary-file-upload issue.

Exploiting these issues can allow an attacker to steal cookie-based authentication credentials, upload arbitrary files, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Other attacks may also be possible.

aspWebAlbum 3.2 is vulnerable; other versions may also be affected.

60. IBM AIX 'swcons' Insecure File Creation Vulnerability
BugTraq ID: 30999
Remote: No
Last Updated: 2008-09-03
Relevant URL: http://www.securityfocus.com/bid/30999
Summary:
AIX 'swcons' is prone to a vulnerability that lets attackers create arbitrary files as the root user.

A local attacker can exploit this issue to execute arbitrary code with superuser privileges. Note that to run the 'swcons' utility, local users must belong to the 'system' group.

This issue affects AIX 5.2, 5.3, and 6.1; fixes are available.

61. Moodle Multiple Remote File Include Vulnerabilities
BugTraq ID: 30995
Remote: Yes
Last Updated: 2008-09-03
Relevant URL: http://www.securityfocus.com/bid/30995
Summary:
Moodle is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues can allow an attacker to compromise the application and the underlying computer; other attacks are also possible.

These issues affect Moodle 1.8.4; other versions may also be affected.

62. ClamAV 'chmunpack.c' Invalid Memory Access Denial Of Service Vulnerability
BugTraq ID: 30994
Remote: Yes
Last Updated: 2008-09-03
Relevant URL: http://www.securityfocus.com/bid/30994
Summary:
ClamAV is prone to a denial-of-service vulnerability because of invalid memory access errors when processing malformed CHM files.

Attackers can exploit this issue to cause denial-of-service conditions. Given the nature of this issue, attackers may also be able to run arbitrary code, but this has not been confirmed.

Versions prior to ClamAV 0.94 are vulnerable.

63. Cisco Secure ACS EAP-Response Packet Parsing Denial of Service Vulnerability
BugTraq ID: 30997
Remote: Yes
Last Updated: 2008-09-03
Relevant URL: http://www.securityfocus.com/bid/30997
Summary:
Cisco Secure ACS is prone to a denial-of-service vulnerability because it fails to properly validate user-supplied input.

An attacker can exploit this issue to crash the CSRadius and CSAuth processes, denying service to legitimate users. Given the nature of this issue, the attacker may also be able to run arbitrary code, but this has not been confirmed.

This vulnerability is documented in Cisco bug ID CSCsq10103.

64. Cisco PIX and Cisco ASA Multiple Denial of Service and Information Disclosure Vulnerabilities
BugTraq ID: 30998
Remote: Yes
Last Updated: 2008-09-03
Relevant URL: http://www.securityfocus.com/bid/30998
Summary:
Cisco PIX and ASA are prone to multiple denial-of-service vulnerabilities and an information-disclosure vulnerability.

An attacker can exploit these issues to obtain sensitive information or cause the affected devices to reload.

65. Open-FTPD Multiple Command Remote Denial of Service Vulnerabilities
BugTraq ID: 30993
Remote: Yes
Last Updated: 2008-09-03
Relevant URL: http://www.securityfocus.com/bid/30993
Summary:
Open-FTPD is prone to multiple remote denial-of-service vulnerabilities because the application fails to perform adequate boundary checks on user-supplied data.

Attackers can exploit these issues to crash the affected application, denying service to legitimate users. Given the nature of these issues, attackers may also be able to run arbitrary code, but this has not been confirmed.

Open-FTPD 1.2 is vulnerable; other versions may also be affected.

66. @Mail and @Mail WebMail Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 30992
Remote: Yes
Last Updated: 2008-09-03
Relevant URL: http://www.securityfocus.com/bid/30992
Summary:
@Mail and @Mail WebMail are prone to multiple cross-site scripting vulnerabilities because the applications fail to properly sanitize user-supplied input.

These issues affect the following versions:

@Mail WebMail 5.05 running on Microsoft Windows
@Mail 5.42 running on CentOS

Other versions running on different platforms may also be affected.

67. Novell iPrint Client 'IppCreateServerRef()' Remote Buffer Overflow Vulnerability
BugTraq ID: 30986
Remote: Yes
Last Updated: 2008-09-03
Relevant URL: http://www.securityfocus.com/bid/30986
Summary:
Novell iPrint Client is prone to a remote buffer-overflow vulnerability.

An attacker can exploit this issue by tricking a victim into viewing a malicious page. A successful memory-corruption attack will allow attacker-supplied code to run in the context of the currently logged-in user. Failed attempts may result in a crash.

This issue affects iPrint Client 4.36, 5.04, and 5.06.

68. Google Chrome Remote Denial of Service Vulnerability
BugTraq ID: 30983
Remote: Yes
Last Updated: 2008-09-03
Relevant URL: http://www.securityfocus.com/bid/30983
Summary:
Google Chrome is prone to a remote denial-of-service vulnerability because the application fails to gracefully handle certain user-supplied data.

Attackers can exploit this issue to crash the affected application, denying service to legitimate users.

Google Chrome 0.2.149.27 is vulnerable; other versions may also be affected.

69. eliteCMS 'page' Parameter SQL Injection Vulnerability
BugTraq ID: 30990
Remote: Yes
Last Updated: 2008-09-03
Relevant URL: http://www.securityfocus.com/bid/30990
Summary:
eliteCMS is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input.

Attackers may exploit this issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

eliteCMS 1.0 is vulnerable; other versions may also be affected.

70. Open Media Collectors Database Multiple Cross Site Scripting Vulnerabilities
BugTraq ID: 30989
Remote: Yes
Last Updated: 2008-09-03
Relevant URL: http://www.securityfocus.com/bid/30989
Summary:
Open Media Collectors Database (OpenDb) is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

OpenDb 1.0.6 is vulnerable; other versions may also be affected.

71. 3Com Wireless 8760 Dual-Radio 11a/b/g PoE HTTP POST Request Denial of Service Vulnerability
BugTraq ID: 30988
Remote: Yes
Last Updated: 2008-09-03
Relevant URL: http://www.securityfocus.com/bid/30988
Summary:
3Com Wireless 8760 Dual-Radio 11a/b/g PoE Access Point is prone to a denial-of-service vulnerability.

Successfully exploiting this issue will allow attackers to crash the affected application, denying service to legitimate users.

72. AVTECH PageR Enterprise Directory Traversal Vulnerability
BugTraq ID: 30987
Remote: Yes
Last Updated: 2008-09-03
Relevant URL: http://www.securityfocus.com/bid/30987
Summary:
AVTECH PageR Enterprise is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input. This issue occurs in the application's web interface.

Exploiting this issue will allow an attacker to view arbitrary local files outside of the PageR Enterprise web root. Information harvested may aid in launching further attacks.

PageR Enterprise 4.3.7 is vulnerable; other versions may also be affected.

73. Spice Classifieds 'index.php' SQL Injection Vulnerability
BugTraq ID: 30985
Remote: Yes
Last Updated: 2008-09-03
Relevant URL: http://www.securityfocus.com/bid/30985
Summary:
Spice Classifieds is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input.

Attackers may exploit this issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

74. HP OpenView Network Node Manager Multiple Denial of Service Vulnerabilities
BugTraq ID: 30984
Remote: Yes
Last Updated: 2008-09-03
Relevant URL: http://www.securityfocus.com/bid/30984
Summary:
HP OpenView Network Node Manager is prone to multiple denial-of-service vulnerabilities.

Attackers can leverage these issues to cause the application to crash. Successful exploits will deny service to legitimate users.

The following versions are affected:

HP OpenView Network Node Manager 7.01
HP OpenView Network Node Manager 7.51
HP OpenView Network Node Manager 7.53

75. IDevSpot BizDirectory 'page' Parameter Cross-Site Scripting Vulnerability
BugTraq ID: 30980
Remote: Yes
Last Updated: 2008-09-03
Relevant URL: http://www.securityfocus.com/bid/30980
Summary:
IDevSpot BizDirectory is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

BizDirectory 2.04 is vulnerable; other verisons may also be affected.

76. CS-Cart 'core/user.php' SQL Injection Vulnerability
BugTraq ID: 30979
Remote: Yes
Last Updated: 2008-09-03
Relevant URL: http://www.securityfocus.com/bid/30979
Summary:
CS-Cart is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

CS-Cart 1.3.5 is vulnerable; prior versions may also be affected.

77. Postfix 'epoll' Linux Event Handler Local Denial of Service Vulnerability
BugTraq ID: 30977
Remote: No
Last Updated: 2008-09-03
Relevant URL: http://www.securityfocus.com/bid/30977
Summary:
Postfix is prone to a local denial-of-service vulnerability because of a file-descriptor leak that occurs when it executes non-Postfix commands.

Local attackers can exploit this issue to trigger automatic Postfix shutdowns, denying service to legitimate users.

Postfix 2.4 and later for Linux kernel 2.6 platforms are vulnerable.

78. Softalk Mail Server 'APPEND' Command Remote Denial of Service Vulnerability
BugTraq ID: 30970
Remote: Yes
Last Updated: 2008-09-03
Relevant URL: http://www.securityfocus.com/bid/30970
Summary:
Softalk Mail Server is prone to a remote denial-of-service vulnerability because the application fails to perform adequate boundary checks on user-supplied data.

Attackers can exploit this issue to crash the affected application, denying service to legitimate users.
Given the nature of this issue, attackers may also be able to run arbitrary code, but this has not been confirmed.

Softalk Mail Server 8.5.1 is vulnerable; other versions may also be affected.

79. Vacation Rental Script 'index.php' SQL Injection Vulnerability
BugTraq ID: 30626
Remote: Yes
Last Updated: 2008-09-03
Relevant URL: http://www.securityfocus.com/bid/30626
Summary:
Vacation Rental Script is prone to an SQL-injection vulnerability because the application fails to sufficiently sanitize user-supplied input before using it an SQL-query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Vacation Rental Script 3.0 is vulnerable; other versions may also be affected.

80. AJ HYIP Acme 'readarticle.php' SQL Injection Vulnerability
BugTraq ID: 30978
Remote: Yes
Last Updated: 2008-09-03
Relevant URL: http://www.securityfocus.com/bid/30978
Summary:
AJ HYIP Acme is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

81. AJ HYIP Acme 'comment.php' SQL Injection Vulnerability
BugTraq ID: 30974
Remote: Yes
Last Updated: 2008-09-03
Relevant URL: http://www.securityfocus.com/bid/30974
Summary:
AJ HYIP Acme is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

82. Kyocera Command Center Directory Traversal Vulnerability
BugTraq ID: 30971
Remote: Yes
Last Updated: 2008-09-03
Relevant URL: http://www.securityfocus.com/bid/30971
Summary:
Kyocera Command Center is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input. This issue occurs in the application's HTTP server.

Exploiting this issue will allow an attacker to view arbitrary local files within the context of the webserver. Information harvested may aid in launching further attacks.

Kyocera Command Center included with the FS-1118MFP printer is vulnerable; other versions may also be affected.

83. Debian scratchbox2 Insecure Temporary File Creation Vulnerabilities
BugTraq ID: 30969
Remote: No
Last Updated: 2008-09-03
Relevant URL: http://www.securityfocus.com/bid/30969
Summary:
Debian scratchbox2 creates temporary files in an insecure manner.

An attacker with local access could potentially exploit these issues to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.

Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.

Debian scratchbox2 1.99.0.24-1 is vulnerable; other versions may also be affected.

84. Debian scilab-bin Insecure Temporary File Creation Vulnerabilities
BugTraq ID: 30968
Remote: No
Last Updated: 2008-09-03
Relevant URL: http://www.securityfocus.com/bid/30968
Summary:
Debian scilab-bin creates temporary files in an insecure manner.

An attacker with local access could potentially exploit these issues to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.

Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.

Debian scilab-bin 4.1.2-5 is vulnerable; other versions may also be affected.

85. Debian realtimebattle-common Insecure Temporary File Creation Vulnerability
BugTraq ID: 30967
Remote: No
Last Updated: 2008-09-03
Relevant URL: http://www.securityfocus.com/bid/30967
Summary:
Debian realtimebattle-common creates temporary files in an insecure manner.

An attacker with local access could potentially exploit these issues to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.

Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.

Debian realtimebattle-common 1.0.8-7 is vulnerable; other versions may also be affected.

86. SNG Insecure Temporary File Creation Vulnerability
BugTraq ID: 30965
Remote: No
Last Updated: 2008-09-03
Relevant URL: http://www.securityfocus.com/bid/30965
Summary:
SNG creates temporary files in an insecure manner.

An attacker with local access could potentially exploit these issues to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.

Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.

SNG 1.0.2 is vulnerable; other versions may also be affected.

87. Cadsoft Video Disk Recorder Insecure Temporary File Creation Vulnerability
BugTraq ID: 30966
Remote: No
Last Updated: 2008-09-03
Relevant URL: http://www.securityfocus.com/bid/30966
Summary:
Cadsoft Video Disk Recorder creates temporary files in an insecure manner.

An attacker with local access could potentially exploit these issues to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.

Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.

Cadsoft Video Disk Recorder 1.6.0 is vulnerable; other versions may also be affected.

88. Newsbeuter Crafted URI Remote Arbitrary Shell Command Injection Vulnerability
BugTraq ID: 30964
Remote: Yes
Last Updated: 2008-09-03
Relevant URL: http://www.securityfocus.com/bid/30964
Summary:
Newsbeuter is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input data.

Attackers can exploit this issue to execute arbitrary shell commands in the context of the vulnerable application. This may facilitate the remote compromise of affected computers.

This issue affects Newsbeuter 1.0; previous versions may also be vulnerable.

89. AlcoveBook sgml2x Insecure Temporary File Creation Vulnerability
BugTraq ID: 30963
Remote: No
Last Updated: 2008-09-03
Relevant URL: http://www.securityfocus.com/bid/30963
Summary:
AlcoveBook sgml2x creates temporary files in an insecure manner.

An attacker with local access could potentially exploit these issues to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.

Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.

AlcoveBook sgml2x 1.0.0 is vulnerable; other versions may also be affected.

90. Full PHP Emlak Script 'landsee.php' SQL Injection Vulnerability
BugTraq ID: 30962
Remote: Yes
Last Updated: 2008-09-03
Relevant URL: http://www.securityfocus.com/bid/30962
Summary:
Full PHP Emlak Script is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input.

Attackers may exploit this issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

91. Libpng Library Remote Denial of Service Vulnerability
BugTraq ID: 24000
Remote: Yes
Last Updated: 2008-09-03
Relevant URL: http://www.securityfocus.com/bid/24000
Summary:
The 'libpng' library is prone to a remote denial-of-service vulnerability because the library fails to handle malicious PNG files.

Successful exploits may allow remote attackers to cause denial-of-service conditions on computers running the affected library.

This issue affects 'libpng' 1.2.16 and prior versions.

92. Reciprocal Links Manager 'site' Parameter SQL Injection Vulnerability
BugTraq ID: 30960
Remote: Yes
Last Updated: 2008-09-03
Relevant URL: http://www.securityfocus.com/bid/30960
Summary:
Reciprocal Links Manager is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Reciprocal Links Manager 1.1 is vulnerable; other versions may also be affected.

93. PHP Coupon Script 'index.php' SQL Injection Vulnerability
BugTraq ID: 30961
Remote: Yes
Last Updated: 2008-09-02
Relevant URL: http://www.securityfocus.com/bid/30961
Summary:
PHP Coupon Script is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input.

Attackers may exploit this issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

PHP Coupon Script 4.0 is vulnerable; other versions may also be affected.

94. myPHPNuke 'printfeature.php' SQL Injection Vulnerability
BugTraq ID: 30959
Remote: Yes
Last Updated: 2008-09-02
Relevant URL: http://www.securityfocus.com/bid/30959
Summary:
myPHPNuke is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input.

Attackers may exploit this issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Versions prior to myPHPNuke 1.8.8_8rc2 are vulnerable.

NOTE: myPHPNuke 1.8.8_8rc2 has been reported still vulnerable to certain limited SQL-injection attacks.

95. GenPortal 'buscarCat.php' Cross-Site Scripting Vulnerability
BugTraq ID: 30957
Remote: Yes
Last Updated: 2008-09-02
Relevant URL: http://www.securityfocus.com/bid/30957
Summary:
GenPortal is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

96. Parallels Plesk Shortnames Open Email Relay Vulnerability
BugTraq ID: 30956
Remote: Yes
Last Updated: 2008-09-02
Relevant URL: http://www.securityfocus.com/bid/30956
Summary:
Parallels Plesk is prone to an open-email-relay vulnerability because it fails to properly restrict login authentication in certain circumstances.

An attacker could exploit this issue by constructing a script that would send unsolicited spam to an unrestricted amount of email addresses from a forged email address.

Parallels Plesk 8.6.0 is vulnerable; other versions may also be affected.

97. Debian rccp Insecure Temporary File Creation Vulnerability
BugTraq ID: 30955
Remote: No
Last Updated: 2008-09-02
Relevant URL: http://www.securityfocus.com/bid/30955
Summary:
Debian rccp creates temporary files in an insecure manner.

An attacker with local access could potentially exploit these issues to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.

Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.

Debian rccp 0.9-2 is vulnerable; other versions may also be affected.

98. Debian rancid-util 'getipacctg' Insecure Temporary File Creation Vulnerability
BugTraq ID: 30954
Remote: No
Last Updated: 2008-09-02
Relevant URL: http://www.securityfocus.com/bid/30954
Summary:
Debian rancid-util creates temporary files in an insecure manner.

An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.

Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.

Debian rancid-util 2.3.2~a8-1 is vulnerable; other versions may also be affected.

99. Radiance Insecure Temporary File Creation Vulnerabilities
BugTraq ID: 30953
Remote: No
Last Updated: 2008-09-02
Relevant URL: http://www.securityfocus.com/bid/30953
Summary:
Radiance creates temporary files in an insecure manner.

An attacker with local access could potentially exploit these issues to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.

Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.

Radiance 3R9 is vulnerable; other versions may also be affected.

100. Novell IDM Cross Site Scripting and HTML Injection Vulnerabilities
BugTraq ID: 30952
Remote: Yes
Last Updated: 2008-09-02
Relevant URL: http://www.securityfocus.com/bid/30952
Summary:
Novell User Application and Identity Manager Roles Based Provisioning Module are prone to multiple security vulnerabilities, including multiple HTML-injection issues and a cross-site scripting issue.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, or control how the site is rendered to the user. Other attacks are also possible.

The following versions of Novell User Application are vulnerable:

3.0.1
3.5.0
3.5.1

The following versions of Novell Identity Manager Roles Based Provisioning Module are vulnerable:

3.6.0
3.6.1

III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Security of Google's browser gets mixed marks
By: Robert Lemos
The search giant uses process isolation, least privilege rules, and sandboxing as the security foundation for its Chrome browser, but security experts say more is needed.
http://www.securityfocus.com/news/11533

2. Online intruders hit Red Hat, Fedora Project
By: Robert Lemos
A leading Linux company and its open-source distribution acknowledge that attackers breached several systems, including one that manages the Fedora signing process.
http://www.securityfocus.com/news/11532

3. Researchers race to zero in record time
By: Robert Lemos
On the first day, three teams of security professional finished the Race to Zero contest, successfully modifying nine well-known viruses and exploits to escape detection by major antivirus engines.
http://www.securityfocus.com/news/11531

4. Gov't charges alleged TJX credit-card thieves
By: Robert Lemos
U.S. prosecutors charge eleven people with taking part in an identity-theft ring that stole millions of credit-card accounts from major retailers, among them TJX Companies.
http://www.securityfocus.com/news/11530

IV. SECURITY JOBS LIST SUMMARY
-------------------------------
1. [SJ-JOB] Sr. Security Analyst, Temple Terrace
http://www.securityfocus.com/archive/77/495965

2. [SJ-JOB] Application Security Engineer, London
http://www.securityfocus.com/archive/77/495964

3. [SJ-JOB] Application Security Engineer, London
http://www.securityfocus.com/archive/77/495966

4. [SJ-JOB] Threat Analyst, Florham Park
http://www.securityfocus.com/archive/77/495858

5. [SJ-JOB] Developer, Calgary
http://www.securityfocus.com/archive/77/495864

6. [SJ-JOB] Application Security Engineer, Bangalore
http://www.securityfocus.com/archive/77/495866

7. [SJ-JOB] Security Engineer, New York
http://www.securityfocus.com/archive/77/495850

8. [SJ-JOB] Developer, Calgary
http://www.securityfocus.com/archive/77/495859

9. [SJ-JOB] Forensics Engineer, Pittsburgh
http://www.securityfocus.com/archive/77/495862

10. [SJ-JOB] Security Consultant, Any City
http://www.securityfocus.com/archive/77/495865

11. [SJ-JOB] Jr. Security Analyst, Pittsburgh
http://www.securityfocus.com/archive/77/495867

12. [SJ-JOB] Sr. Security Analyst, Pittsburgh
http://www.securityfocus.com/archive/77/495847

13. [SJ-JOB] Instructor, Princeton
http://www.securityfocus.com/archive/77/495849

14. [SJ-JOB] Security Architect, Pittsburgh
http://www.securityfocus.com/archive/77/495861

15. [SJ-JOB] Application Security Architect, Arlington
http://www.securityfocus.com/archive/77/495863

16. [SJ-JOB] Application Security Engineer, Washington D.C.
http://www.securityfocus.com/archive/77/495846

17. [SJ-JOB] Security System Administrator, London
http://www.securityfocus.com/archive/77/495848

V. INCIDENTS LIST SUMMARY
---------------------------
VI. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #409
http://www.securityfocus.com/archive/88/495853

VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
X. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

XI. SPONSOR INFORMATION
------------------------
This issue is sponsored by Sponsored by Entrust

News

Thursday, September 04, 2008

SecurityFocus Newsletter #469

No comments:

WINDOWS CENTER

Blog Archive