News

Thursday, October 23, 2008

SecurityFocus Newsletter #476

SecurityFocus Newsletter #476
----------------------------------------

This issue is sponsored by HP:

Very few applications are bulletproof from hackers. During this 12 minute unscripted video, you.ll sit in a virtual conference room with two of the world's most well-known white hat hackers, Caleb Sima and Billy Hoffman.
During this whiteboard session, they demonstrate just how easy it is to break-into a private corporate network through the web application and own the back-end database. During this video, you will learn just how easy it is to hack into web applications and hear how hackers execute some of their favorite attacks: client side pricing attack, session hijacking, fuzzing and SQL Injection.
https://h30406.www3.hp.com/campaigns/2008/wwcampaign/1-4W4AD/index.php?mcc=DZRV&jumpid=edm_r11374_us/en/large/tsg/w1_Hackers_vid_securityfocus/mcc_DZRV/20081020/


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1. Clicking to the Past
2. The Vice of Vice Presidential E-Mail
II. BUGTRAQ SUMMARY
1. Microsoft Windows Server Service RPC Handling Remote Code Execution Vulnerability
2. freeSSHd SFTP 'rename' Remote Buffer Overflow Vulnerability
3. GNU ed File Processing 'strip_escapes()' Heap Overflow Vulnerability
4. Amarok 'MagnatuneBrowser::listDownloadComplete()' Insecure Temporary File Creation Vulnerability
5. F-Secure Multiple Products RPM File Integer Overflow Vulnerability
6. Ruby REXML Remote Denial Of Service Vulnerability
7. Ruby Multiple Security Bypass and Denial of Service Vulnerabilities
8. Movable Type Prior to Version 4.22 Unspecified Cross-Site Scripting Vulnerability
9. cpCommerce Multiple Cross Site Scripting Vulnerabilities
10. Ruby 'regex.c' Remote Denial Of Service Vulnerability
11. Ruby 'resolv.rb' Predictable Transaction ID and Source Port DNS Spoofing Vulnerability
12. IBM WebSphere Application Server Denial of Service And Security Bypass Vulnerabilities
13. Linux Kernel SCTP INIT-ACK AUTH Extension Remote Denial of Service Vulnerability
14. Linux Kernel 'snd_seq_oss_synth_make_info()' Information Disclosure Vulnerability
15. Linux Kernel 'dccp_setsockopt_change()' Remote Denial of Service Vulnerability
16. Linux Kernel TTY Operations NULL Pointer Dereference Denial of Service Vulnerabilities
17. Linux kernel 'sctp_getsockopt_local_addrs_old() ' function Local Buffer Overflow Vulnerability
18. Linux Kernel SCTP Protocol Violation Remote Denial of Service Vulnerability
19. Linux Kernel BER Decoding Remote Buffer Overflow Vulnerability
20. Linux kernel 'fs/direct-io.c' Local Denial of Service Vulnerability
21. Symantec Veritas File System 'qiomkfile' Local Information Disclosure Vulnerability
22. Symantec Altiris Deployment Solution Clear Text Password Local Information Disclosure Vulnerability
23. TYPO3 M1 Intern Extension Unspecified SQL Injection Vulnerability
24. TYPO3 Mannschaftsliste Extension Unspecified SQL Injection Vulnerability
25. TYPO3 Frontend Users View Extension Unspecified SQL Injection Vulnerability
26. TYPO3 JobControl Extension Unspecified SQL Injection Vulnerability
27. MJGUEST 'guestbook.js.php' Cross Site Scripting Vulnerability
28. GoodTech SSH Server SFTP Multiple Buffer Overflow Vulnerabilities
29. 'libspf2' DNS TXT Record Handling Remote Buffer Overflow Vulnerability
30. 'imlib2' Library Multiple Unspecified Vulnerabilities
31. phpcrs 'frame.php' Local File Include Vulnerability
32. LoudBlog 'ajax.php' SQL Injection Vulnerability
33. Joomla! ionFiles Component 'download.php' Directory Traversal Vulnerability
34. Opera Web Browser History Search Input Validation Vulnerability
35. Dorsa CMS 'ShowPage.aspx' SQL Injection Vulnerability
36. Iamma Nuke Simple Gallery 'upload.php ' Arbitrary File Upload Vulnerability
37. Netpbm 'pamperspective' Utility Buffer Overflow Vulnerability
38. Jetbox CMS 'liste' Parameter Cross Site Scripting Vulnerability
39. UC Gateway Investment SiteEngine 'announcements.php' SQL Injection Vulnerability
40. UC Gateway Investment SiteEngine 'api.php' URI Redirection Vulnerability
41. Snoopy '_httpsrequest()' Arbitrary Command Execution Vulnerability
42. CS-Partner 'gestion.php' Multiple SQL Injection Vulnerabilities
43. TXTshop 'header.php' Local File Include Vulnerability
44. SilverSHielD 'opendir()' Remote Denial of Service Vulnerability
45. Osprey 'ListRecords.php' Multiple Remote File Include Vulnerabilities
46. D-Bus 'dbus_signature_validate()' Type Signature Denial of Service Vulnerability
47. Simple Customer 'contact.php' SQL Injection Vulnerability
48. Opera Web Browser Multiple Cross Site Scripting Vulnerabilities
49. Joomla! and Mambo Daily Message Component 'id' Parameter SQL Injection Vulnerability
50. Mantis 'string_api.php' Issue Number Information Disclosure Vulnerability
51. Multiple EMC NetWorker Products 'nsrexecd.exe' RPC Request Denial of Service Vulnerability
52. VLC Media Player Multiple Remote Integer Overflow Vulnerabilities
53. Cisco ASA Appliance Crypto Accelerator Memory Leak Denial of Service Vulnerability
54. Cisco PIX and ASA Windows NT Domain VPN Authentication Bypass Vulnerability
55. Cisco PIX and ASA Appliance IPv6 Denial of Service Vulnerability
56. Mantis 'manage_proj_page.php' PHP Code Injection Vulnerability
57. Symantec Veritas File System 'qioadmin' Local Information Disclosure Vulnerability
58. Mozilla Firefox/SeaMonkey UTF-8 Stack-Based Buffer Overflow Vulnerability
59. Mozilla Firefox/SeaMonkey/Thunderbird Multiple Remote Vulnerabilities
60. Microsoft Windows Internet Printing Service Integer Overflow Vulnerability
61. Oracle October 2008 Oracle Critical Patch Update Multiple Vulnerabilities
62. HP OpenView Products Shared Trace Service RPC Request Handling Denial of Service Vulnerability
63. GNU Enscript 'src/psgen.c' Stack Based Buffer Overflow Vulnerability
64. Smarty Template Engine 'Smarty_Compiler.class.php' Security Bypass Vulnerability
65. Apache Tomcat UTF-8 Directory Traversal Vulnerability
66. ICONICS Dialog Wrapper Module ActiveX Control Remote Stack Buffer Overflow Vulnerability
67. Trend Micro OfficeScan CGI Parsing Buffer Overflow Vulnerability
68. Microsoft Windows SMB Buffer Underflow Code Execution Vulnerability
69. Sun Integrated Lights-Out Manager (ILOM) Authentication Bypass Vulnerability
70. TikiWiki Multiple Unspecified Vulnerabilities
71. ShopMaker 'product.php' SQL Injection Vulnerability
72. NXP Semiconductors MIFARE Classic Smartcard Multiple Security Weaknesses
73. Bahar Download Script 'aspkat.asp' SQL Injection Vulnerability
74. Dizi Portali 'diziler.asp' SQL Injection Vulnerability
75. IBM DB2 Universal Database Prior to 9.1 Fixpak 6 Multiple Vulnerabilities
76. Multiple Vendor Web Browser FTP Client Cross Site Scripting Vulnerability
77. Drupal Book Page Title HTML Injection Vulnerability
78. phPhotoGallery 'index.php' SQL Injection Vulnerability
79. VLC Media Player TY File Stack Based Buffer Overflow Vulnerability
80. Limbo CMS 'open.php' SQL Injection Vulnerability
81. Symantec Altiris Deployment Solution Client User Interface Local Privilege Escalation Vulnerability
82. Symantec Altiris Notification Server Agents Shatter Attack Privilege Escalation Vulnerability
83. Symantec Altiris Deployment Server Agents 'AClient.exe' Privilege Escalation Vulnerability
84. Symantec Altiris Notification Server Agent Local Privilege Escalation Vulnerability
85. MyNETS Unspecified Cross Site Scripting Vulnerability
86. LightBlog 'view_member.php' Local File Include Vulnerability
87. Makale XOOPS Module 'makale.php' SQL Injection Vulnerability
88. Wysi Wiki Wyg 'index.php' Cross Site Scripting Vulnerability
89. Wireshark 1.0.3 Multiple Denial Of Service Vulnerabilities
90. Midgard Components Framework Multiple Unspecified Vulnerabilities
91. FireGPG Insecure Temporary File Creation Vulnerability
92. yappa-ng 'album' Parameter Local File Include Vulnerability
93. jhead Versions Prior to 2.84 Multiple Vulnerabilities
94. Microsoft Internet Explorer Cross Domain Information Disclosure Vulnerability
95. Microsoft Internet Explorer HTML Objects Uninitialized Memory Corruption Vulnerability
96. Microsoft Internet Explorer Uninitialized Object Remote Memory Corruption Vulnerability
97. Microsoft Internet Explorer Event Handling Cross Domain Security Bypass Vulnerability
98. Microsoft Internet Explorer HTML Element Cross Domain Security Bypass Vulnerability
99. Microsoft GDI+ WMF Image File Buffer Overflow Vulnerability
100. Microsoft Internet Explorer 'location' & 'location.href' Cross Domain Security Bypass Vulnerability
III. SECURITYFOCUS NEWS
1. You don't know (click)jack
2. Researchers weigh "clickjacking" threat
3. Security of Google's browser gets mixed marks
4. Online intruders hit Red Hat, Fedora Project
IV. SECURITY JOBS LIST SUMMARY
1. [SJ-JOB] Software Engineer, Columbia
2. [SJ-JOB] Sr. Security Analyst, Charlotte
3. [SJ-JOB] Security Engineer, Huntington Beach
4. [SJ-JOB] Application Security Architect, Bangalore
5. [SJ-JOB] Application Security Architect, Porto Alegre
6. [SJ-JOB] Sales Engineer, Chicago
7. [SJ-JOB] Sr. Security Analyst, West Des Moines
8. [SJ-JOB] Application Security Engineer, Herndon
9. [SJ-JOB] Security Researcher, Montpellier
10. [SJ-JOB] Software Engineer, Alexandria
11. [SJ-JOB] Information Assurance Analyst, Germantown
12. [SJ-JOB] Senior Software Engineer, San Diego
13. [SJ-JOB] Principal Software Engineer, Cupertino
14. [SJ-JOB] Security System Administrator, MIDDLETOWN NJ
15. [SJ-JOB] Senior Software Engineer, Cupertino
16. [SJ-JOB] Security Architect, Springfield
17. [SJ-JOB] Auditor, London
18. [SJ-JOB] Security Engineer, Herndon
19. [SJ-JOB] Information Assurance Analyst, Arlington
20. [SJ-JOB] Security Researcher, San Diego
21. [SJ-JOB] Application Security Engineer, New York
22. [SJ-JOB] Security Engineer, Chicago
23. [SJ-JOB] Certification & Accreditation Engineer, Arlington
24. [SJ-JOB] Security Consultant, New York
25. [SJ-JOB] MOD CLAS Consultant, London
26. [SJ-JOB] Principal Software Engineer, London
27. [SJ-JOB] Sr. Security Analyst, London
28. [SJ-JOB] MOD CLAS Consultant, South Wales
29. [SJ-JOB] Sr. Security Analyst, Pretoria
30. [SJ-JOB] Application Security Engineer, Raleigh/Durham
31. [SJ-JOB] Security Auditor, Bedford Heights
32. [SJ-JOB] Sales Representative, Bedford Heights
33. [SJ-JOB] Application Security Architect, London
34. [SJ-JOB] Auditor, New York
35. [SJ-JOB] Senior Software Engineer, Alexandria
36. [SJ-JOB] Sales Engineer, Irvine - Southern California - Virtual Office
37. [SJ-JOB] Developer, Bedford Heights
V. INCIDENTS LIST SUMMARY
VI. VULN-DEV RESEARCH LIST SUMMARY
VII. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #416
VIII. SUN FOCUS LIST SUMMARY
IX. LINUX FOCUS LIST SUMMARY
1. ANNOUNCE: New iptables(8) firewall script release, many new features
X. UNSUBSCRIBE INSTRUCTIONS
XI. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Clicking to the Past
By Chris Wysopal
When the first details trickled out about a new attack, dubbed .clickjacking. by the researchers who found it, the descriptions made me think of the tricks I used to pull during penetration tests ten years ago to get administrator privileges: Tricking the user into issuing a command on an attacker.s behalf is one of the oldest attack vectors in the book.
http://www.securityfocus.com/columnists/483

2a .The Vice of Vice Presidential E-Mail
By Mark Rasch
Is it a crime to read someone else's e-mail without their consent? Seems like a simple question, but the law is not so clear. In mid-September 2008, a hacker using the handle "Rubico" claim credit for breaking into the Yahoo! e-mail account of Governor Sarah Palin, the Republican Vice Presidential candidate. In a post online, Rubico wrote that he had been following news reports that claimed Palin had been using her personal Yahoo e-mail account for official government business.
In the early 90's, I attended an academic conference in Hawaii. At one presentation, a colleague from the University of California at Berkeley whom I'll refer to as "the supervisor," told a story of young hackers, who he referred to as the Urchins
http://www.securityfocus.com/columnists/482


II. BUGTRAQ SUMMARY
--------------------
1. Microsoft Windows Server Service RPC Handling Remote Code Execution Vulnerability
BugTraq ID: 31874
Remote: Yes
Last Updated: 2008-10-23
Relevant URL: http://www.securityfocus.com/bid/31874
Summary:
Microsoft Windows is prone to a remote-code execution vulnerability that affects RPC (Remote Procedure Call) handling in the Server service.

An attacker could exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful exploits will result in the complete compromise of vulnerable computers. This issue may be prone to widespread automated exploits. Attackers require authenticated access on Windows Vista and Server 2008 platforms to exploit this issue.

This vulnerability affects Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.

2. freeSSHd SFTP 'rename' Remote Buffer Overflow Vulnerability
BugTraq ID: 31872
Remote: Yes
Last Updated: 2008-10-23
Relevant URL: http://www.securityfocus.com/bid/31872
Summary:
freeSSHd is prone to a remote buffer-overflow vulnerability because the application fails to perform adequate boundary-checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition.

This issue affects freeSSHd 1.2.1; other versions may also be affected.

3. GNU ed File Processing 'strip_escapes()' Heap Overflow Vulnerability
BugTraq ID: 30815
Remote: Yes
Last Updated: 2008-10-21
Relevant URL: http://www.securityfocus.com/bid/30815
Summary:
GNU ed is prone to a heap-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input.

Successfully exploiting this issue allows attackers to execute arbitrary code with the privileges of a user running the application. Failed exploit attempts will result in a denial-of-service condition.

Versions prior to GNU ed 1.0 are vulnerable.

4. Amarok 'MagnatuneBrowser::listDownloadComplete()' Insecure Temporary File Creation Vulnerability
BugTraq ID: 30662
Remote: No
Last Updated: 2008-10-21
Relevant URL: http://www.securityfocus.com/bid/30662
Summary:
Amarok reportedly creates temporary files in an insecure manner. Note that this has not yet been corroborated.

An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.

Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.

Amarok 1.4.9.1 is affected; other versions may also be vulnerable.

5. F-Secure Multiple Products RPM File Integer Overflow Vulnerability
BugTraq ID: 31846
Remote: Yes
Last Updated: 2008-10-21
Relevant URL: http://www.securityfocus.com/bid/31846
Summary:
Multiple F-Secure products are prone to an integer-overflow vulnerability because the applications fail to properly handle malformed RPM files.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the vulnerable applications. Failed exploit attempts will likely cause denial-of-service conditions.

6. Ruby REXML Remote Denial Of Service Vulnerability
BugTraq ID: 30802
Remote: Yes
Last Updated: 2008-10-21
Relevant URL: http://www.securityfocus.com/bid/30802
Summary:
Ruby is prone to a remote denial-of-service vulnerability in its REXML module.

Successful exploits may allow remote attackers to cause denial-of-service conditions in applications that use the vulnerable module.

Versions up to and including Ruby 1.9.0-3 are vulnerable.

7. Ruby Multiple Security Bypass and Denial of Service Vulnerabilities
BugTraq ID: 30644
Remote: Yes
Last Updated: 2008-10-21
Relevant URL: http://www.securityfocus.com/bid/30644
Summary:
Ruby is prone to multiple vulnerabilities that can be leveraged to bypass security restrictions or cause a denial of service:

- Multiple security-bypass vulnerabilities occur because of errors in the 'safe level' restriction implementation. Attackers can leverage these issues to make insecure function calls and perform 'Syslog' operations.

- An error affecting 'WEBrick::HHTP::DefaultFileHandler' can exhaust system resources and deny service to legitimate users.

- A flaw in 'dl' can allow attackers to call unauthorized functions.

Attackers can exploit these issues to perform unauthorized actions on affected applications. This may aid in compromising the application and possibly the underlying computers. Attackers can also cause denial-of-service conditions.

These issues affect Ruby 1.8.5, 1.8.6-p286, 1.8.7-p71, and 1.9 r18423. Prior versions are also vulnerable.

8. Movable Type Prior to Version 4.22 Unspecified Cross-Site Scripting Vulnerability
BugTraq ID: 31826
Remote: Yes
Last Updated: 2008-10-21
Relevant URL: http://www.securityfocus.com/bid/31826
Summary:
Movable Type is prone to an unspecified cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied data.

An attacker can leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.

Versions prior to Movable Type 4.22 are affected by this issue.

9. cpCommerce Multiple Cross Site Scripting Vulnerabilities
BugTraq ID: 31825
Remote: Yes
Last Updated: 2008-10-21
Relevant URL: http://www.securityfocus.com/bid/31825
Summary:
cpCommerce is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input.

Attacker-supplied HTML and script code would execute in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials.

Versions prior to cpCommerce 1.2.4 are vulnerable.

10. Ruby 'regex.c' Remote Denial Of Service Vulnerability
BugTraq ID: 30682
Remote: Yes
Last Updated: 2008-10-21
Relevant URL: http://www.securityfocus.com/bid/30682
Summary:
Ruby is prone to a remote denial-of-service vulnerability.

Successful exploits may allow remote attackers to cause denial-of-service conditions in applications that use the vulnerable library or functions.

Versions up to and including Ruby 1.9.0-3 are vulnerable.

11. Ruby 'resolv.rb' Predictable Transaction ID and Source Port DNS Spoofing Vulnerability
BugTraq ID: 31699
Remote: Yes
Last Updated: 2008-10-21
Relevant URL: http://www.securityfocus.com/bid/31699
Summary:
Ruby is prone to a DNS-spoofing vulnerability because the software fails to securely implement random values when performing DNS queries.

Successfully exploiting this issue allows remote attackers to spoof DNS replies, allowing them to redirect network traffic and to launch man-in-the-middle attacks.

The following versions of Ruby are affected:

1.8.5 and prior
1.8.6-p286 and prior
1.8.7-p71 and prior
1.9 r18423 and prior

12. IBM WebSphere Application Server Denial of Service And Security Bypass Vulnerabilities
BugTraq ID: 31839
Remote: Yes
Last Updated: 2008-10-21
Relevant URL: http://www.securityfocus.com/bid/31839
Summary:
IBM WebSphere Application Server (WAS) is prone to multiple vulnerabilities, including a denial-of-service issue and a security-bypass issue.

Successful exploits may allow attackers to bypass certain security restrictions or to hang the server, causing a denial-of-service condition.

These issues affect versions prior to WAS 6.0.2.31.

13. Linux Kernel SCTP INIT-ACK AUTH Extension Remote Denial of Service Vulnerability
BugTraq ID: 31634
Remote: Yes
Last Updated: 2008-10-21
Relevant URL: http://www.securityfocus.com/bid/31634
Summary:
The Linux kernel is prone to a remote denial-of-service vulnerability because it fails to handle mismatched SCTP AUTH extension settings between peers.

Attackers can exploit this issue to cause a kernel panic, denying service to legitimate users.

Versions prior to Linux kernel 2.6.27-rc6-git6 are vulnerable.

14. Linux Kernel 'snd_seq_oss_synth_make_info()' Information Disclosure Vulnerability
BugTraq ID: 30559
Remote: No
Last Updated: 2008-10-21
Relevant URL: http://www.securityfocus.com/bid/30559
Summary:
The Linux kernel is prone to an information-disclosure vulnerability.

Successful exploits will allow attackers to obtain sensitive information that may aid in further attacks.

Versions prior to Linux kernel 2.6.27-rc2 are vulnerable.

15. Linux Kernel 'dccp_setsockopt_change()' Remote Denial of Service Vulnerability
BugTraq ID: 30704
Remote: Yes
Last Updated: 2008-10-21
Relevant URL: http://www.securityfocus.com/bid/30704
Summary:
The Linux kernel is prone to a remote denial-of-service vulnerability because it fails to properly handle user-supplied input.

Attackers can exploit this issue to cause a kernel panic, denying service to legitimate users.

This issue affects Linux kernel 2.6.17-rc1 and later.

16. Linux Kernel TTY Operations NULL Pointer Dereference Denial of Service Vulnerabilities
BugTraq ID: 30076
Remote: No
Last Updated: 2008-10-21
Relevant URL: http://www.securityfocus.com/bid/30076
Summary:
The Linux kernel is prone to multiple local denial-of-service vulnerabilities.

Attackers can exploit these issues to crash the affected kernel, denying service to legitimate users. Given the nature of these issues, attackers may also be able to execute arbitrary code, but this has not been confirmed.

These issues affect versions prior to Linux kernel 2.6.25.10.

17. Linux kernel 'sctp_getsockopt_local_addrs_old() ' function Local Buffer Overflow Vulnerability
BugTraq ID: 29990
Remote: No
Last Updated: 2008-10-21
Relevant URL: http://www.securityfocus.com/bid/29990
Summary:
Linux kernel is prone to a local buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to crash the affected kernel, denying service to legitimate users. Given the nature of the issue, arbitrary code execution may also be possible, but this has not been confirmed.

18. Linux Kernel SCTP Protocol Violation Remote Denial of Service Vulnerability
BugTraq ID: 31848
Remote: Yes
Last Updated: 2008-10-21
Relevant URL: http://www.securityfocus.com/bid/31848
Summary:
The Linux kernel is prone to a remote denial-of-service vulnerability because it fails to handle SCTP protocol violations.

Attackers can exploit this issue to cause a kernel panic, denying service to legitimate users.

Versions prior to Linux kernel 2.6.27 are vulnerable.

19. Linux Kernel BER Decoding Remote Buffer Overflow Vulnerability
BugTraq ID: 29589
Remote: Yes
Last Updated: 2008-10-21
Relevant URL: http://www.securityfocus.com/bid/29589
Summary:
The Linux Kernel is prone to a remote buffer-overflow vulnerability because the software fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.

20. Linux kernel 'fs/direct-io.c' Local Denial of Service Vulnerability
BugTraq ID: 31515
Remote: No
Last Updated: 2008-10-21
Relevant URL: http://www.securityfocus.com/bid/31515
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability.

Local attackers can exploit this issue to crash the affected computer, denying service to legitimate users.

Versions prior to Linux kernel 2.6.23 are vulnerable.

21. Symantec Veritas File System 'qiomkfile' Local Information Disclosure Vulnerability
BugTraq ID: 31678
Remote: No
Last Updated: 2008-10-21
Relevant URL: http://www.securityfocus.com/bid/31678
Summary:
Symantec Veritas File System (VxFS) is prone to an information-disclosure vulnerability.

Successful exploits will allow attackers to obtain sensitive information that may aid in further attacks.

Versions prior to Veritas File System 5.0 MP3 are affected.

22. Symantec Altiris Deployment Solution Clear Text Password Local Information Disclosure Vulnerability
BugTraq ID: 31767
Remote: No
Last Updated: 2008-10-21
Relevant URL: http://www.securityfocus.com/bid/31767
Summary:
Symantec Altiris Deployment Solution is prone to a local information-disclosure vulnerability.

Local attackers can exploit this issue to obtain sensitive information that may allow attackers to perform unauthorized modification to computers on the affected network.

Versions prior to Symantec Altiris Deployment Solution 6.9.355 are vulnerable.

23. TYPO3 M1 Intern Extension Unspecified SQL Injection Vulnerability
BugTraq ID: 31845
Remote: Yes
Last Updated: 2008-10-21
Relevant URL: http://www.securityfocus.com/bid/31845
Summary:
TYPO3 M1 Intern ('m1_intern') extension is prone to an unspecified SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

The issue affects 'm1_intern' 1.0.0.

24. TYPO3 Mannschaftsliste Extension Unspecified SQL Injection Vulnerability
BugTraq ID: 31844
Remote: Yes
Last Updated: 2008-10-21
Relevant URL: http://www.securityfocus.com/bid/31844
Summary:
TYPO3 Mannschaftsliste extension ('kiddog_playerlist') is prone to an unspecified SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Versions up to and including 'kiddog_playerlist' 1.0.3 are vulnerable.

25. TYPO3 Frontend Users View Extension Unspecified SQL Injection Vulnerability
BugTraq ID: 31843
Remote: Yes
Last Updated: 2008-10-21
Relevant URL: http://www.securityfocus.com/bid/31843
Summary:
TYPO3 Frontend Users View ('feusersview') extension is prone to an unspecified SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Versions up to and including 'feusersview' 0.1.6 are vulnerable.

26. TYPO3 JobControl Extension Unspecified SQL Injection Vulnerability
BugTraq ID: 31840
Remote: Yes
Last Updated: 2008-10-21
Relevant URL: http://www.securityfocus.com/bid/31840
Summary:
TYPO3 JobControl ('dmmjobcontrol') extension is prone to an unspecified SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Versions up to and including 'dmmjobcontrol' 1.15.4 are vulnerable.

27. MJGUEST 'guestbook.js.php' Cross Site Scripting Vulnerability
BugTraq ID: 30438
Remote: Yes
Last Updated: 2008-10-23
Relevant URL: http://www.securityfocus.com/bid/30438
Summary:
MJGUEST is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.

MJGUEST 6.8 GT is vulnerable; other versions may also be affected.

28. GoodTech SSH Server SFTP Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 31879
Remote: Yes
Last Updated: 2008-10-23
Relevant URL: http://www.securityfocus.com/bid/31879
Summary:
GoodTech SSH Server is prone to multiple buffer-overflow vulnerabilities because the application fails to properly bounds-check user-supplied data before storing it in a finite-sized buffer.

An attacker may exploit these issues to execute arbitrary code within the context of the application. Failed exploit attempts will result in a denial of service.

These issues affect GoodTech SSH Server 6.4; other versions may also be affected.

29. 'libspf2' DNS TXT Record Handling Remote Buffer Overflow Vulnerability
BugTraq ID: 31881
Remote: Yes
Last Updated: 2008-10-23
Relevant URL: http://www.securityfocus.com/bid/31881
Summary:
The 'libspf2' library is prone to a remote buffer-overflow vulnerability that stems from a lack of bounds checking when handling specially crafted DNS TXT records.

Remote attackers may exploit this issue to execute arbitrary code in the context of an application using a vulnerable version of the library.

Versions prior to 'libspf2' 1.2.8 are affected.

30. 'imlib2' Library Multiple Unspecified Vulnerabilities
BugTraq ID: 31880
Remote: Yes
Last Updated: 2008-10-23
Relevant URL: http://www.securityfocus.com/bid/31880
Summary:
The 'imlib2' Library is prone to multiple unspecified vulnerabilities.

Very few details are available. We will update this BID as more information emerges.

Theses issues affect versions prior to 'imlib2' 1.4.2.

31. phpcrs 'frame.php' Local File Include Vulnerability
BugTraq ID: 31876
Remote: Yes
Last Updated: 2008-10-23
Relevant URL: http://www.securityfocus.com/bid/31876
Summary:
The 'phpcrs' script is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability to access potentially sensitive information and execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the underlying computer; other attacks are also possible.

Versions up to and including phpcrs 2.06 are vulnerable.

32. LoudBlog 'ajax.php' SQL Injection Vulnerability
BugTraq ID: 31878
Remote: Yes
Last Updated: 2008-10-23
Relevant URL: http://www.securityfocus.com/bid/31878
Summary:
LoudBlog is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

LoudBlog 0.8.0a and prior versions are affected.

33. Joomla! ionFiles Component 'download.php' Directory Traversal Vulnerability
BugTraq ID: 31877
Remote: Yes
Last Updated: 2008-10-23
Relevant URL: http://www.securityfocus.com/bid/31877
Summary:
The Joomla! ionFiles component is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data.

Exploiting the issue may allow the attacker to obtain sensitive information that could aid in further attacks.

Joomla! ionFiles 4.4.2 is vulnerable; other versions may also be affected.

34. Opera Web Browser History Search Input Validation Vulnerability
BugTraq ID: 31869
Remote: Yes
Last Updated: 2008-10-23
Relevant URL: http://www.securityfocus.com/bid/31869
Summary:
Opera Web Browser is prone to an input-validation vulnerability because of the way it stores data used for the History Search feature.

Attacker-supplied HTML and script code would run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials, control how the site is rendered to the user, obtain sensitive information, or execute local programs in the context of the browser; other attacks are also possible.

Versions prior to Opera Web Browser 9.61 are vulnerable.

NOTE: This issue was previously documented in BID 31842 (Opera Web Browser HTML Injection and Cross Site Scripting Vulnerabilities) but has been given its own record to better document the details.

35. Dorsa CMS 'ShowPage.aspx' SQL Injection Vulnerability
BugTraq ID: 31875
Remote: Yes
Last Updated: 2008-10-23
Relevant URL: http://www.securityfocus.com/bid/31875
Summary:
Dorsa CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

36. Iamma Nuke Simple Gallery 'upload.php ' Arbitrary File Upload Vulnerability
BugTraq ID: 31873
Remote: Yes
Last Updated: 2008-10-23
Relevant URL: http://www.securityfocus.com/bid/31873
Summary:
Iamma Nuke Simple Gallery is prone to a vulnerability that lets remote attackers upload and execute arbitrary script code on an affected computer with the privileges of the webserver process. The issue occurs because the application fails to sanitize user-supplied input.

Iamma Nuke Simple Gallery 1.0 and 2.0 are vulnerable; other versions may also be affected.

37. Netpbm 'pamperspective' Utility Buffer Overflow Vulnerability
BugTraq ID: 31871
Remote: Yes
Last Updated: 2008-10-23
Relevant URL: http://www.securityfocus.com/bid/31871
Summary:
Netpbm is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

The precise implications of this issue are currently unavailable, but given the nature of the issue, a successfully exploit may allow remote attackers to execute arbitrary code in the context of the application. Failed exploit attempts will likely cause denial-of-service conditions.

Versions prior to Netpbm 10.35.48 stable are vulnerable.

38. Jetbox CMS 'liste' Parameter Cross Site Scripting Vulnerability
BugTraq ID: 31890
Remote: Yes
Last Updated: 2008-10-23
Relevant URL: http://www.securityfocus.com/bid/31890
Summary:
Jetbox CMS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.

Jetbox CMS 2.1 is vulnerable; other versions may also be affected.

39. UC Gateway Investment SiteEngine 'announcements.php' SQL Injection Vulnerability
BugTraq ID: 31889
Remote: Yes
Last Updated: 2008-10-23
Relevant URL: http://www.securityfocus.com/bid/31889
Summary:
SiteEngine is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

SiteEngine 5.0 is vulnerable to this issue; other versions may also be affected.

40. UC Gateway Investment SiteEngine 'api.php' URI Redirection Vulnerability
BugTraq ID: 31888
Remote: Yes
Last Updated: 2008-10-23
Relevant URL: http://www.securityfocus.com/bid/31888
Summary:
SiteEngine is prone to a remote URI-redirection vulnerability because the application fails to properly sanitize user-supplied input.

A successful exploit may aid in phishing-style attacks.

SiteEngine 5.0 is vulnerable; other versions may also be affected.

41. Snoopy '_httpsrequest()' Arbitrary Command Execution Vulnerability
BugTraq ID: 31887
Remote: Yes
Last Updated: 2008-10-23
Relevant URL: http://www.securityfocus.com/bid/31887
Summary:
Snoopy is prone to a vulnerability that lets attackers execute arbitrary commands because the application fails to properly sanitize user-supplied input.

An attacker may exploit this issue to execute arbitrary commands in the context of the vulnerable webserver.

This issue may be related to BID 15213 (Snoopy Arbitrary Command Execution Vulnerability); this has not been confirmed.

This issue exists in versions prior to Snoopy 1.2.4. Additional applications which use the Snoopy library may also be vulnerable.

42. CS-Partner 'gestion.php' Multiple SQL Injection Vulnerabilities
BugTraq ID: 31886
Remote: Yes
Last Updated: 2008-10-23
Relevant URL: http://www.securityfocus.com/bid/31886
Summary:
CS-Partner is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

CS-Partner 1.0 is vulnerable; other versions may also be affected.

43. TXTshop 'header.php' Local File Include Vulnerability
BugTraq ID: 31885
Remote: Yes
Last Updated: 2008-10-23
Relevant URL: http://www.securityfocus.com/bid/31885
Summary:
TXTshop is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability to access potentially sensitive information and execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the underlying computer; other attacks are also possible.

TXTshop 1.0b is vulnerable; other versions may also be affected.

44. SilverSHielD 'opendir()' Remote Denial of Service Vulnerability
BugTraq ID: 31884
Remote: Yes
Last Updated: 2008-10-23
Relevant URL: http://www.securityfocus.com/bid/31884
Summary:
SilverSHielD is prone to a denial-of-service vulnerability because the application fails to handle excessive user input.

An attacker may exploit this issue to crash the vulnerable application, resulting in a denial-of-service condition.

SilverSHielD 1.0.2.34 is vulnerable; other versions may also be affected.

45. Osprey 'ListRecords.php' Multiple Remote File Include Vulnerabilities
BugTraq ID: 31883
Remote: Yes
Last Updated: 2008-10-23
Relevant URL: http://www.securityfocus.com/bid/31883
Summary:
Osprey is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues could allow an attacker to compromise the application and the underlying computer; other attacks are also possible.

Osprey 1.0a4.1 is vulnerable; other versions may also be affected.

46. D-Bus 'dbus_signature_validate()' Type Signature Denial of Service Vulnerability
BugTraq ID: 31602
Remote: No
Last Updated: 2008-10-22
Relevant URL: http://www.securityfocus.com/bid/31602
Summary:
D-Bus is prone to a local denial-of-service vulnerability because it fails to handle malformed signatures contained in messages.

Local attackers can exploit this issue to crash an application that uses the affected library, denying service to legitimate users.

This issue affects D-BUS 1.2.1; other versions may also be affected.

47. Simple Customer 'contact.php' SQL Injection Vulnerability
BugTraq ID: 28852
Remote: Yes
Last Updated: 2008-10-22
Relevant URL: http://www.securityfocus.com/bid/28852
Summary:
Simple Customer is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Simple Customer 1.2 is vulnerable; other versions may also be affected.

48. Opera Web Browser Multiple Cross Site Scripting Vulnerabilities
BugTraq ID: 31842
Remote: Yes
Last Updated: 2008-10-22
Relevant URL: http://www.securityfocus.com/bid/31842
Summary:
Opera Web Browser is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

Versions prior to Opera Web Browser 9.61 are vulnerable.

NOTE: This BID was previously titled 'Opera Web Browser HTML Injection and Cross Site Scripting Vulnerabilities'. The HTML-injection issue has been given its own record (BID 31869) to better document the issue.

49. Joomla! and Mambo Daily Message Component 'id' Parameter SQL Injection Vulnerability
BugTraq ID: 31870
Remote: Yes
Last Updated: 2008-10-22
Relevant URL: http://www.securityfocus.com/bid/31870
Summary:
The Daily Message component for Joomla! and Mambo is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Daily Message 1.0.3 is vulnerable; other versions may also be affected.

50. Mantis 'string_api.php' Issue Number Information Disclosure Vulnerability
BugTraq ID: 31868
Remote: Yes
Last Updated: 2008-10-22
Relevant URL: http://www.securityfocus.com/bid/31868
Summary:
Mantis is prone to an information-disclosure vulnerability because the application fails to protect private information.

Attackers may exploit this issue to retrieve sensitive information that may aid in further attacks.

Versions prior to Mantis 1.1.3 are vulnerable.

51. Multiple EMC NetWorker Products 'nsrexecd.exe' RPC Request Denial of Service Vulnerability
BugTraq ID: 31866
Remote: Yes
Last Updated: 2008-10-22
Relevant URL: http://www.securityfocus.com/bid/31866
Summary:
Multiple EMC NetWorker products are prone to a denial-of-service vulnerability.

Attackers can exploit this issue by sending malicious RPC requests, causing affected applications to consume resources until they become unresponsive. Repeated requests can lead to a denial-of-service condition.

52. VLC Media Player Multiple Remote Integer Overflow Vulnerabilities
BugTraq ID: 31867
Remote: Yes
Last Updated: 2008-10-22
Relevant URL: http://www.securityfocus.com/bid/31867
Summary:
VLC media player is prone to multiple integer-overflow vulnerabilities.

Attackers can exploit these issues to execute arbitrary code in the context of the affected application or crash the application, denying service to legitimate users.

VLC media player 0.9.4 is vulnerable; prior versions may also be affected.

53. Cisco ASA Appliance Crypto Accelerator Memory Leak Denial of Service Vulnerability
BugTraq ID: 31865
Remote: Yes
Last Updated: 2008-10-22
Relevant URL: http://www.securityfocus.com/bid/31865
Summary:
Cisco ASA security appliances are prone to a remote denial-of-service vulnerability.

The hardware Crypto Accelerator included with these appliances is prone to a denial-of-service vulnerability. Specifically, the initialization code for the vulnerable hardware will leak memory when processing a specific sequence of packets.

An attacker can exploit this issue by sending specially crafted packets to cause the affected devices to reload, denying service to legitimate users. Repeat attacks will result in a prolonged denial-of-service condition. This issue is documented in Cisco Bug ID CSCsj25896.

54. Cisco PIX and ASA Windows NT Domain VPN Authentication Bypass Vulnerability
BugTraq ID: 31864
Remote: Yes
Last Updated: 2008-10-22
Relevant URL: http://www.securityfocus.com/bid/31864
Summary:
Cisco PIX and ASA is prone to an authentication-bypass vulnerability.

Remote attackers can exploit this issue to gain unauthorized access to the affected devices. Successfully exploiting this issue will lead to other attacks.

This issue is being monitored by Cisco Bug ID CSCsj25896.

55. Cisco PIX and ASA Appliance IPv6 Denial of Service Vulnerability
BugTraq ID: 31863
Remote: Yes
Last Updated: 2008-10-22
Relevant URL: http://www.securityfocus.com/bid/31863
Summary:
Multiple Cisco security appliances are prone to a denial-of-service vulnerability when configured for IPv6.

An attacker can exploit this issue to cause the affected devices to reload, denying service to legitimate users. This issue is documented in Cisco Bug ID CSCsu11575.

The following devices are affected:

Cisco PIX Security Appliance
Cisco 5500 Series Adaptive Security Appliance (ASA)

Devices running software versions from 7.2(4)9 or 7.2(4)10 that have IPv6 enabled are vulnerable to this issue.

NOTE: IPv6 is not configured by default on the devices listed above. Devices that do not support the TTL decrement feature are not vulnerable.

56. Mantis 'manage_proj_page.php' PHP Code Injection Vulnerability
BugTraq ID: 31789
Remote: Yes
Last Updated: 2008-10-22
Relevant URL: http://www.securityfocus.com/bid/31789
Summary:
Mantis is prone to a remote PHP code-injection vulnerability.

An attacker can exploit this issue to inject and execute arbitrary malicious PHP code in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks are also possible.

Mantis 1.1.3 and prior versions are vulnerable.

57. Symantec Veritas File System 'qioadmin' Local Information Disclosure Vulnerability
BugTraq ID: 31679
Remote: No
Last Updated: 2008-10-22
Relevant URL: http://www.securityfocus.com/bid/31679
Summary:
Symantec Veritas File System (VxFS) is prone to a local information-disclosure vulnerability.

Successfully exploiting this issue allows privileged local attackers to gain access to arbitrary file contents with superuser privileges. Information harvested may aid in further attacks.

58. Mozilla Firefox/SeaMonkey UTF-8 Stack-Based Buffer Overflow Vulnerability
BugTraq ID: 31397
Remote: Yes
Last Updated: 2008-10-22
Relevant URL: http://www.securityfocus.com/bid/31397
Summary:
Mozilla Firefox and SeaMonkey are prone to a stack-based buffer-overflow vulnerability.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

Versions prior to Firefox 2.0.0.17 and prior to SeaMonkey 1.1.12 are vulnerable.

NOTE: This issue was originally documented in BID 31346 (Mozilla Firefox/SeaMonkey/Thunderbird Multiple Remote Vulnerabilities). It has been given its own record to better document the details.

59. Mozilla Firefox/SeaMonkey/Thunderbird Multiple Remote Vulnerabilities
BugTraq ID: 31346
Remote: Yes
Last Updated: 2008-10-22
Relevant URL: http://www.securityfocus.com/bid/31346
Summary:
The Mozilla Foundation has released multiple security advisories specifying various vulnerabilities in Firefox 2.0.0.16 and prior versions, Firefox 3.0.1 and prior versions, Thunderbird 2.0.0.16 and prior versions, and SeaMonkey 1.1.11 and prior versions.

Exploiting these issues can allow attackers to:

- traverse directories
- obtain potentially sensitive information
- execute scripts with elevated privileges
- execute arbitrary code
- cause denial-of-service conditions
- carry out cross-site scripting attacks
- steal authentication credentials
- force users to download files
- violate the same-origin policy

Other attacks are also possible.

60. Microsoft Windows Internet Printing Service Integer Overflow Vulnerability
BugTraq ID: 31682
Remote: Yes
Last Updated: 2008-10-22
Relevant URL: http://www.securityfocus.com/bid/31682
Summary:
Microsoft Internet Printing Service is prone to an integer-overflow vulnerability.

Exploiting this vulnerability allows attackers to execute arbitrary code with system-level privileges.

61. Oracle October 2008 Oracle Critical Patch Update Multiple Vulnerabilities
BugTraq ID: 31683
Remote: Yes
Last Updated: 2008-10-22
Relevant URL: http://www.securityfocus.com/bid/31683
Summary:
Oracle has released the October 2008 critical patch update addressing 36 vulnerabilities affecting the following software:

Oracle Database
Oracle Application Server
Oracle E-Business Suite
Oracle PeopleSoft Enterprise PeopleTools
Oracle PeopleSoft Enterprise
Oracle JD Edwards EnterpriseOne Tools
Oracle WebLogic Server (formerly BEA WebLogic Server)
Oracle Workshop for WebLogic (formerly BEA WebLogic Workshop)

62. HP OpenView Products Shared Trace Service RPC Request Handling Denial of Service Vulnerability
BugTraq ID: 31860
Remote: Yes
Last Updated: 2008-10-22
Relevant URL: http://www.securityfocus.com/bid/31860
Summary:
Multiple HP OpenView products are prone to a denial-of-service vulnerability.

An attacker may leverage this issue to crash the affected applications, denying service to affected users.

The issue affects HP OpenView Reporter 3.70 and HP Performance Agent 4.70; other versions may be vulnerable as well.

63. GNU Enscript 'src/psgen.c' Stack Based Buffer Overflow Vulnerability
BugTraq ID: 31858
Remote: Yes
Last Updated: 2008-10-22
Relevant URL: http://www.securityfocus.com/bid/31858
Summary:
GNU Enscript is prone to a stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

GNU Enscript 1.6.1 and 1.6.4 (beta) are vulnerable; other versions may also be affected.

64. Smarty Template Engine 'Smarty_Compiler.class.php' Security Bypass Vulnerability
BugTraq ID: 31862
Remote: Yes
Last Updated: 2008-10-22
Relevant URL: http://www.securityfocus.com/bid/31862
Summary:
Smarty Template Engine is prone to a security-bypass vulnerability that occurs when embedded variables are processed.

Attackers may exploit the issue to bypass certain security restrictions and execute arbitrary PHP code in the context of the application.

Smarty Template Engine 2.6.19 is vulnerable to the issue; other versions may also be affected.

65. Apache Tomcat UTF-8 Directory Traversal Vulnerability
BugTraq ID: 30633
Remote: Yes
Last Updated: 2008-10-22
Relevant URL: http://www.securityfocus.com/bid/30633
Summary:
Apache Tomcat is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input.

Exploiting this issue will allow an attacker to view arbitrary local files within the context of the webserver. Information harvested may aid in launching further attacks.

The following versions are affected:

Tomcat 4.1.0 to 4.1.37
Tomcat 5.5.0 to 5.5.26
Tomcat 6.0.0 to 6.0.17

66. ICONICS Dialog Wrapper Module ActiveX Control Remote Stack Buffer Overflow Vulnerability
BugTraq ID: 21849
Remote: Yes
Last Updated: 2008-10-22
Relevant URL: http://www.securityfocus.com/bid/21849
Summary:
The ICONICS Dialog Wrapper Module ActiveX control is prone to a remote buffer-overflow vulnerability.

An attacker can exploit this issue to execute arbitrary code with the privileges of the victim user. Failed attempts can crash the host application.

Versions prior to DlgWrapper.dll 8.4.166.0 are affected.

67. Trend Micro OfficeScan CGI Parsing Buffer Overflow Vulnerability
BugTraq ID: 31859
Remote: Yes
Last Updated: 2008-10-22
Relevant URL: http://www.securityfocus.com/bid/31859
Summary:
Trend Micro OfficeScan is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.

Successful exploits may allow an attacker to execute arbitrary code within the context of the affected application. This may facilitate a complete compromise of vulnerable computers. Failed exploit attempts will likely result in denial-of-service conditions.

This issue affects OfficeScan 7.3 with Patch 4 build 1362 and OfficeScan 8.0 SP1 Patch 1; other versions may also be affected.

68. Microsoft Windows SMB Buffer Underflow Code Execution Vulnerability
BugTraq ID: 31647
Remote: Yes
Last Updated: 2008-10-22
Relevant URL: http://www.securityfocus.com/bid/31647
Summary:
Microsoft Windows is prone to a remote code execution vulnerability caused by a buffer-underflow condition in the SMB (Server Message Block) protocol implementation.

To exploit the issue, an attacker must first successfully authenticate as a legitimate user or a Guest user on the affected computer. A successful exploit will completely compromise the affected computer.

69. Sun Integrated Lights-Out Manager (ILOM) Authentication Bypass Vulnerability
BugTraq ID: 31861
Remote: Yes
Last Updated: 2008-10-22
Relevant URL: http://www.securityfocus.com/bid/31861
Summary:
Sun Integrated Lights-Out Manager (ILOM) is prone to an authentication-bypass vulnerability caused by an unspecified error.

Attackers can exploit this vulnerability to gain access to the service processor (SP) through the web interface. This may allow attackers to perform actions that will result in denial-of-service conditions.

Note that to successfully exploit this issue, an attacker must have access to the ILOM web interface.

70. TikiWiki Multiple Unspecified Vulnerabilities
BugTraq ID: 31857
Remote: Yes
Last Updated: 2008-10-22
Relevant URL: http://www.securityfocus.com/bid/31857
Summary:
TikiWiki is prone to multiple unspecified vulnerabilities.

Very few details are available. We will update this BID as more information emerges.

Theses issues affect TikiWiki 2.x prior to 2.2.

71. ShopMaker 'product.php' SQL Injection Vulnerability
BugTraq ID: 31854
Remote: Yes
Last Updated: 2008-10-22
Relevant URL: http://www.securityfocus.com/bid/31854
Summary:
ShopMaker is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

ShopMaker 1.0 is affected; other versions may also be vulnerable.

72. NXP Semiconductors MIFARE Classic Smartcard Multiple Security Weaknesses
BugTraq ID: 31853
Remote: No
Last Updated: 2008-10-22
Relevant URL: http://www.securityfocus.com/bid/31853
Summary:
MIFARE Classic is prone to multiple security weaknesses:

1. A security weakness may allow attackers to recover the internal state of the linear feedback shift register.

2. A security weakness may allow attackers to recover the previous state of the linear feedback shift register.

3. A security weakness may allow attackers to invert the filter function and potentially gain access to the private key.

4. A security weakness may allow attackers to reduce the search space for tag nonces.

Exploiting these issues in combination may allow attackers to gain access to the smartcard's secret key. Successful exploits will allow attackers with physical access to an RFID reader to bypass certain physical security restrictions.

73. Bahar Download Script 'aspkat.asp' SQL Injection Vulnerability
BugTraq ID: 31852
Remote: Yes
Last Updated: 2008-10-22
Relevant URL: http://www.securityfocus.com/bid/31852
Summary:
Bahar Download Script is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data.

A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Bahar Download Script 2.0 is vulnerable; other versions may also be affected.

74. Dizi Portali 'diziler.asp' SQL Injection Vulnerability
BugTraq ID: 31849
Remote: Yes
Last Updated: 2008-10-22
Relevant URL: http://www.securityfocus.com/bid/31849
Summary:
Dizi Portali is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

75. IBM DB2 Universal Database Prior to 9.1 Fixpak 6 Multiple Vulnerabilities
BugTraq ID: 31856
Remote: Yes
Last Updated: 2008-10-22
Relevant URL: http://www.securityfocus.com/bid/31856
Summary:
IBM DB2 Universal Database is prone to multiple vulnerabilities.

Successful exploits may allow attackers to obtain sensitive information or cause a denial-of-service condition.

Versions prior to DB2 9.1 Fixpak 6 are affected.

76. Multiple Vendor Web Browser FTP Client Cross Site Scripting Vulnerability
BugTraq ID: 31855
Remote: Yes
Last Updated: 2008-10-22
Relevant URL: http://www.securityfocus.com/bid/31855
Summary:
Multiple vendors' web browsers are prone a cross-site scripting vulnerability that arises because the software fails to handle specially crafted files served using the FTP protocol.

Successfully exploiting this issue may allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of an FTP session. This may allow the attacker to perform malicious actions in a user's browser or redirect the user to a malicious site; other attacks are also possible.

77. Drupal Book Page Title HTML Injection Vulnerability
BugTraq ID: 31882
Remote: Yes
Last Updated: 2008-10-22
Relevant URL: http://www.securityfocus.com/bid/31882
Summary:
Drupal is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.

Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.

This issue affects Drupal 5.x versions prior to 5.12 and Drupal 6.x versions prior to 6.6.
http://drupal.org/node/207891

78. phPhotoGallery 'index.php' SQL Injection Vulnerability
BugTraq ID: 31850
Remote: Yes
Last Updated: 2008-10-21
Relevant URL: http://www.securityfocus.com/bid/31850
Summary:
phPhotoGallery is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

phPhotoGallery 0.92 is affected; other versions may also be vulnerable.

79. VLC Media Player TY File Stack Based Buffer Overflow Vulnerability
BugTraq ID: 31813
Remote: Yes
Last Updated: 2008-10-21
Relevant URL: http://www.securityfocus.com/bid/31813
Summary:
VLC media player is prone to a stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

VLC media player 0.9.0 up to and including 0.9.4 are vulnerable.

80. Limbo CMS 'open.php' SQL Injection Vulnerability
BugTraq ID: 31837
Remote: Yes
Last Updated: 2008-10-21
Relevant URL: http://www.securityfocus.com/bid/31837
Summary:
Limbo CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

81. Symantec Altiris Deployment Solution Client User Interface Local Privilege Escalation Vulnerability
BugTraq ID: 31766
Remote: No
Last Updated: 2008-10-21
Relevant URL: http://www.securityfocus.com/bid/31766
Summary:
Symantec Altiris Deployment Solution is prone to a local privilege-escalation vulnerability.

An attacker can exploit this issue to bypass security settings and gain privileged access. Successfully exploiting this issue will result in the complete compromise of affected computers.

82. Symantec Altiris Notification Server Agents Shatter Attack Privilege Escalation Vulnerability
BugTraq ID: 27645
Remote: No
Last Updated: 2008-10-21
Relevant URL: http://www.securityfocus.com/bid/27645
Summary:
Symantec Altiris Notification Server Agents are prone to shatter attacks that can result in an escalation of privileges.

Successful exploits will completely compromise affected computers.

83. Symantec Altiris Deployment Server Agents 'AClient.exe' Privilege Escalation Vulnerability
BugTraq ID: 28110
Remote: No
Last Updated: 2008-10-21
Relevant URL: http://www.securityfocus.com/bid/28110
Summary:
Symantec Altiris Deployment Server Agents are prone to shatter attacks that can result in an escalation of privileges.

Successful exploits will completely compromise affected computers.

84. Symantec Altiris Notification Server Agent Local Privilege Escalation Vulnerability
BugTraq ID: 29708
Remote: No
Last Updated: 2008-10-21
Relevant URL: http://www.securityfocus.com/bid/29708
Summary:
Symantec Altiris Notification Server Agent is prone to a local privilege-escalation vulnerability that occurs in the graphical user interface (GUI).

An attacker can exploit this issue to gain elevated privileges on the affected computer. Successfully exploiting this issue will result in the complete compromise of affected computers.

85. MyNETS Unspecified Cross Site Scripting Vulnerability
BugTraq ID: 31835
Remote: Yes
Last Updated: 2008-10-21
Relevant URL: http://www.securityfocus.com/bid/31835
Summary:
MyNETS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.

86. LightBlog 'view_member.php' Local File Include Vulnerability
BugTraq ID: 27837
Remote: Yes
Last Updated: 2008-10-21
Relevant URL: http://www.securityfocus.com/bid/27837
Summary:
LightBlog is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

Exploiting this issue may allow an attacker to access potentially sensitive information and execute arbitrary local scripts in the context of the affected application.

This issue affects LightBlog 9.6 and 9.8; other versions may also be vulnerable.

87. Makale XOOPS Module 'makale.php' SQL Injection Vulnerability
BugTraq ID: 31834
Remote: Yes
Last Updated: 2008-10-21
Relevant URL: http://www.securityfocus.com/bid/31834
Summary:
The Makale module for XOOPS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

This issue affects 'makale' update025; other versions may also be affected.

88. Wysi Wiki Wyg 'index.php' Cross Site Scripting Vulnerability
BugTraq ID: 31836
Remote: Yes
Last Updated: 2008-10-21
Relevant URL: http://www.securityfocus.com/bid/31836
Summary:
Wysi Wiki Wyg is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

89. Wireshark 1.0.3 Multiple Denial Of Service Vulnerabilities
BugTraq ID: 31838
Remote: Yes
Last Updated: 2008-10-21
Relevant URL: http://www.securityfocus.com/bid/31838
Summary:
Wireshark is prone to multiple denial-of-service vulnerabilities.

Exploiting these issue may allow attackers to crash the application or cause the application to crash, denying service to legitimate users. Attackers may be able to leverage some of these vulnerabilities to execute arbitrary code, but this has not been confirmed.

These issues affect Wireshark 0.10.3 up to and including 1.0.3.

90. Midgard Components Framework Multiple Unspecified Vulnerabilities
BugTraq ID: 31829
Remote: Yes
Last Updated: 2008-10-21
Relevant URL: http://www.securityfocus.com/bid/31829
Summary:
Midgard Components Framework is prone to multiple unspecified vulnerabilities.

Few technical details are currently available. We will update this BID as more information emerges.

Versions prior to Midgard Components Framework 8.09.1 are vulnerable.

91. FireGPG Insecure Temporary File Creation Vulnerability
BugTraq ID: 31827
Remote: No
Last Updated: 2008-10-21
Relevant URL: http://www.securityfocus.com/bid/31827
Summary:
FireGPG creates temporary files in an insecure manner.

An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.

Successfully mounting a symlink attack may allow the attacker to obtain sensitive information, including passphrases and decrypted data. The attacker may also exploit this issue to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.

Versions prior to FireGPG 6.0 are affected.

92. yappa-ng 'album' Parameter Local File Include Vulnerability
BugTraq ID: 31828
Remote: Yes
Last Updated: 2008-10-21
Relevant URL: http://www.securityfocus.com/bid/31828
Summary:
'yappa-ng' is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability using directory-traversal strings to view local files within the context of the webserver process. Information harvested may aid in further attacks.

This issue affects yappa-ng 2.3.2; other versions may also be affected.

93. jhead Versions Prior to 2.84 Multiple Vulnerabilities
BugTraq ID: 31770
Remote: Yes
Last Updated: 2008-10-21
Relevant URL: http://www.securityfocus.com/bid/31770
Summary:
The 'jhead' tool is prone to multiple remote vulnerabilities, including:

- Multiple buffer-overflow vulnerabilities
- An insecure-temporary-file-creation vulnerability
- Multiple unspecified vulnerabilities

Attackers can exploit these issues to execute arbitrary code within the context of the affected application, crash the affected application, perform symbolic-link attacks, and overwrite arbitrary files on the affected computer. Other attacks are also possible.

Versions prior to jhead 2.84 are vulnerable.

94. Microsoft Internet Explorer Cross Domain Information Disclosure Vulnerability
BugTraq ID: 31654
Remote: Yes
Last Updated: 2008-10-21
Relevant URL: http://www.securityfocus.com/bid/31654
Summary:
Microsoft Internet Explorer is prone to a cross-domain information-disclosure vulnerability because the application fails to properly enforce the same-origin policy.

An attacker can exploit this issue to execute arbitrary script code in another browser window's security zone. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.

95. Microsoft Internet Explorer HTML Objects Uninitialized Memory Corruption Vulnerability
BugTraq ID: 31618
Remote: Yes
Last Updated: 2008-10-21
Relevant URL: http://www.securityfocus.com/bid/31618
Summary:
Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will cause denial-of-service conditions.

96. Microsoft Internet Explorer Uninitialized Object Remote Memory Corruption Vulnerability
BugTraq ID: 31617
Remote: Yes
Last Updated: 2008-10-21
Relevant URL: http://www.securityfocus.com/bid/31617
Summary:
Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will cause denial-of-service conditions.

97. Microsoft Internet Explorer Event Handling Cross Domain Security Bypass Vulnerability
BugTraq ID: 31616
Remote: Yes
Last Updated: 2008-10-21
Relevant URL: http://www.securityfocus.com/bid/31616
Summary:
Microsoft Internet Explorer is prone to a cross-domain security-bypass vulnerability because the application fails to properly enforce the same-origin policy.

An attacker can exploit this issue to execute arbitrary script code in another browser window's security zone. This may allow attackers to steal cookie-based authentication credentials and launch other attacks.

NOTE: Attackers exploiting this issue on Internet Explorer 6 SP1 running on Microsoft Windows 2000 SP4 may leverage the issue to execute remote code. Other vulnerable versions of the browser are prone only to information disclosure.

98. Microsoft Internet Explorer HTML Element Cross Domain Security Bypass Vulnerability
BugTraq ID: 31615
Remote: Yes
Last Updated: 2008-10-21
Relevant URL: http://www.securityfocus.com/bid/31615
Summary:
Microsoft Internet Explorer is prone to a cross-domain security-bypass vulnerability because the application fails to properly enforce the same-origin policy.

An attacker can exploit this issue to execute arbitrary script code in another browser window's security zone. This may allow attackers to steal cookie-based authentication credentials and launch other attacks.

NOTE: Attackers exploiting this issue on Internet Explorer 6 SP1 running on Microsoft Windows 2000 SP4 may leverage the issue to execute remote code. Other vulnerable versions of the browser are prone only to information disclosure.

99. Microsoft GDI+ WMF Image File Buffer Overflow Vulnerability
BugTraq ID: 31021
Remote: Yes
Last Updated: 2008-10-21
Relevant URL: http://www.securityfocus.com/bid/31021
Summary:
Microsoft GDI+ is prone to a buffer-overflow vulnerability because the vector graphics linked library improperly allocates memory when parsing WMF image files.

Successfully exploiting this issue would allow an attacker to corrupt memory and execute arbitrary code in the context of the currently logged-in user.

100. Microsoft Internet Explorer 'location' & 'location.href' Cross Domain Security Bypass Vulnerability
BugTraq ID: 29960
Remote: Yes
Last Updated: 2008-10-21
Relevant URL: http://www.securityfocus.com/bid/29960
Summary:
Microsoft Internet Explorer is prone to a cross-domain scripting security-bypass vulnerability because the application fails to properly enforce the same-origin policy.

An attacker can exploit this issue to execute arbitrary script code in another browser window's security zone. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.

NOTE: Attackers exploiting this issue on Internet Explorer 5.01 SP4 and Internet Explorer 6 SP1 running on Microsoft Windows 2000 SP4 may leverage the issue to execute remote code. Other vulnerable versions of the browser are prone only to information disclosure.

III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. You don't know (click)jack
By: Robert Lemos
Security professionals Robert "RSnake" Hansen and Jeremiah Grossman discuss a class of attacks, known as clickjacking, on user interfaces of Web browsers.
http://www.securityfocus.com/news/11535

2. Researchers weigh "clickjacking" threat
By: Robert Lemos
A canceled presentation at a Web security summit attracts attention to the danger of overlaying Web pages with graphics to persuade a victim to click where an attacker wants.
http://www.securityfocus.com/news/11534

3. Security of Google's browser gets mixed marks
By: Robert Lemos
The search giant uses process isolation, least privilege rules, and sandboxing as the security foundation for its Chrome browser, but security experts say more is needed.
http://www.securityfocus.com/news/11533

4. Online intruders hit Red Hat, Fedora Project
By: Robert Lemos
A leading Linux company and its open-source distribution acknowledge that attackers breached several systems, including one that manages the Fedora signing process.
http://www.securityfocus.com/news/11532

IV. SECURITY JOBS LIST SUMMARY
-------------------------------
1. [SJ-JOB] Software Engineer, Columbia
http://www.securityfocus.com/archive/77/497739

2. [SJ-JOB] Sr. Security Analyst, Charlotte
http://www.securityfocus.com/archive/77/497732

3. [SJ-JOB] Security Engineer, Huntington Beach
http://www.securityfocus.com/archive/77/497734

4. [SJ-JOB] Application Security Architect, Bangalore
http://www.securityfocus.com/archive/77/497736

5. [SJ-JOB] Application Security Architect, Porto Alegre
http://www.securityfocus.com/archive/77/497737

6. [SJ-JOB] Sales Engineer, Chicago
http://www.securityfocus.com/archive/77/497738

7. [SJ-JOB] Sr. Security Analyst, West Des Moines
http://www.securityfocus.com/archive/77/497740

8. [SJ-JOB] Application Security Engineer, Herndon
http://www.securityfocus.com/archive/77/497741

9. [SJ-JOB] Security Researcher, Montpellier
http://www.securityfocus.com/archive/77/497729

10. [SJ-JOB] Software Engineer, Alexandria
http://www.securityfocus.com/archive/77/497735

11. [SJ-JOB] Information Assurance Analyst, Germantown
http://www.securityfocus.com/archive/77/497724

12. [SJ-JOB] Senior Software Engineer, San Diego
http://www.securityfocus.com/archive/77/497728

13. [SJ-JOB] Principal Software Engineer, Cupertino
http://www.securityfocus.com/archive/77/497731

14. [SJ-JOB] Security System Administrator, MIDDLETOWN NJ
http://www.securityfocus.com/archive/77/497718

15. [SJ-JOB] Senior Software Engineer, Cupertino
http://www.securityfocus.com/archive/77/497725

16. [SJ-JOB] Security Architect, Springfield
http://www.securityfocus.com/archive/77/497730

17. [SJ-JOB] Auditor, London
http://www.securityfocus.com/archive/77/497719

18. [SJ-JOB] Security Engineer, Herndon
http://www.securityfocus.com/archive/77/497720

19. [SJ-JOB] Information Assurance Analyst, Arlington
http://www.securityfocus.com/archive/77/497727

20. [SJ-JOB] Security Researcher, San Diego
http://www.securityfocus.com/archive/77/497733

21. [SJ-JOB] Application Security Engineer, New York
http://www.securityfocus.com/archive/77/497712

22. [SJ-JOB] Security Engineer, Chicago
http://www.securityfocus.com/archive/77/497715

23. [SJ-JOB] Certification & Accreditation Engineer, Arlington
http://www.securityfocus.com/archive/77/497716

24. [SJ-JOB] Security Consultant, New York
http://www.securityfocus.com/archive/77/497722

25. [SJ-JOB] MOD CLAS Consultant, London
http://www.securityfocus.com/archive/77/497726

26. [SJ-JOB] Principal Software Engineer, London
http://www.securityfocus.com/archive/77/497709

27. [SJ-JOB] Sr. Security Analyst, London
http://www.securityfocus.com/archive/77/497710

28. [SJ-JOB] MOD CLAS Consultant, South Wales
http://www.securityfocus.com/archive/77/497711

29. [SJ-JOB] Sr. Security Analyst, Pretoria
http://www.securityfocus.com/archive/77/497717

30. [SJ-JOB] Application Security Engineer, Raleigh/Durham
http://www.securityfocus.com/archive/77/497721

31. [SJ-JOB] Security Auditor, Bedford Heights
http://www.securityfocus.com/archive/77/497723

32. [SJ-JOB] Sales Representative, Bedford Heights
http://www.securityfocus.com/archive/77/497704

33. [SJ-JOB] Application Security Architect, London
http://www.securityfocus.com/archive/77/497705

34. [SJ-JOB] Auditor, New York
http://www.securityfocus.com/archive/77/497706

35. [SJ-JOB] Senior Software Engineer, Alexandria
http://www.securityfocus.com/archive/77/497708

36. [SJ-JOB] Sales Engineer, Irvine - Southern California - Virtual Office
http://www.securityfocus.com/archive/77/497702

37. [SJ-JOB] Developer, Bedford Heights
http://www.securityfocus.com/archive/77/497703

V. INCIDENTS LIST SUMMARY
---------------------------
VI. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #416
http://www.securityfocus.com/archive/88/497456

VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
1. ANNOUNCE: New iptables(8) firewall script release, many new features
http://www.securityfocus.com/archive/91/497568

X. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

XI. SPONSOR INFORMATION
------------------------
This issue is sponsored by HP:

Very few applications are bulletproof from hackers. During this 12 minute unscripted video, you.ll sit in a virtual conference room with two of the world's most well-known white hat hackers, Caleb Sima and Billy Hoffman.
During this whiteboard session, they demonstrate just how easy it is to break-into a private corporate network through the web application and own the back-end database. During this video, you will learn just how easy it is to hack into web applications and hear how hackers execute some of their favorite attacks: client side pricing attack, session hijacking, fuzzing and SQL Injection.
https://h30406.www3.hp.com/campaigns/2008/wwcampaign/1-4W4AD/index.php?mcc=DZRV&jumpid=edm_r11374_us/en/large/tsg/w1_Hackers_vid_securityfocus/mcc_DZRV/20081020/

No comments:

Blog Archive