Home
Systeembeheer
Consultancy
Connectivity
Training
Development

Klanten

Inloggen

Resources

Sans artikelen
Security artikelen

Software

Linux
Windows









[ terug ]
SecurityFocus Newsletter #305
----------------------------------------

This Issue is Sponsored By: Black Hat

Attend the Black Hat Briefings & Training USA, July 23-28, 2005 in Las 
Vegas. World renowned security experts reveal tomorrow.s threats today. Free of
vendor pitches, the Briefings are designed to be pragmatic regardless of your
security environment. Featuring 29 hands-on training courses and 10 conference
tracks, networking opportunities with over 2,000 delegates from 30+ nations. 

http://www.securityfocus.com/sponsor/BlackHat_sf-news_050628

------------------------------------------------------------------
I.    FRONT AND CENTER
       1. Where's the threat?
       2. Software Firewalls: Made of Straw? Part 2 of 2
II.   BUGTRAQ SUMMARY
       1. Heimdal TelnetD Remote Buffer Overflow Vulnerability
       2. Edgewall Software Trac Unauthorized File Upload/Download Vulnerability
       3. Uapplication Ublog Reload Multiple SQL Injection Vulnerabilities
       4. Cisco VPN Concentrator Groupname Enumeration Weakness
       5. Todd Miller Sudo Local Race Condition Vulnerability
       6. Uapplication Ublog Reload Trackback.ASP Cross-Site Scripting
Vulnerability
       7. RealVNC Server Remote Information Disclosure Vulnerability
       8. cPanel User Parameter Cross-Site Scripting Vulnerability
       9. Novell GroupWise GrpWise.EXE Authentication Credentials Persistence
Weakness
       10. PAFaq Database Unauthorized Access Vulnerability
       11. I-Gallery Folder Argument Directory Traversal Vulnerability
       12. PAFaq Question Cross-Site Scripting Vulnerability
       13. I-Gallery Folder Argument Cross-Site Scripting Vulnerability
       14. PAFaq Administrator Username SQL Injection Vulnerability
       15. Fortibus CMS Multiple SQL Injection Vulnerabilities
       16. Novell NetMail Patch Packaging Insecure File Permissions
Vulnerability
       17. NanoBlogger Arbitrary Command Execution Vulnerability
       18. Microsoft Internet Explorer Dialog Box Origin Spoofing Vulnerability
       19. Mozilla/Firefox Browsers Dialog Box Origin Spoofing Vulnerability
       20. Opera Web Browser Dialog Box Origin Spoofing Vulnerability
       21. ICab Web Browser Dialog Box Origin Spoofing Vulnerability
       22. Apple Safari Dialog Box Origin Spoofing Vulnerability
       23. Avant Browser Dialog Box Origin Spoofing Vulnerability
       24. Enterasys Networks Vertical Horizon Default Backdoor Account
Vulnerability
       25. MercuryBoard Index.PHP Remote SQL Injection Vulnerability
       26. Yukihiro Matsumoto Ruby XMLRPC Server Unspecified Command Execution
Vulnerability
       27. Enterasys Networks Vertical Horizon Remote Denial Of Service
Vulnerability
       28. Veritas Backup Exec/NetBackup Request Packet Denial Of Service
Vulnerability
       29. Veritas Backup Exec Server Remote Registry Access Vulnerability
       30. Veritas Backup Exec Remote Agent Null Pointer Dereference Denial Of
Service Vulnerability
       31. Veritas Backup Exec Remote Agent for Windows Servers Authentication
Buffer Overflow Vulnerability
       32. Veritas Backup Exec Admin Plus Pack Option Remote Heap Overflow
Vulnerability
       33. Tor Arbitrary Memory Information Disclosure Vulnerability
       34. Veritas Backup Exec Web Administration Console Remote Buffer Overflow
Vulnerability
       35. Veritas Backup Exec Remote Agent for Windows Servers Privilege
Escalation Vulnerability
       36. RaXnet Cacti Multiple SQL Injection Vulnerabilities
       37. RaXnet Cacti Config_Settings.PHP Remote File Include Vulnerability
       38. DUware DUportal Pro Multiple SQL Injection Vulnerabilities
       39. RaXnet Cacti Top_Graph_Header.PHP Remote File Include Vulnerability
       40. Asterisk Manager Interface Command Processing Remote Buffer Overflow
Vulnerability
       41. HP VCRM Proxy Server Potential Password Disclosure Vulnerability
       42. DUware DUamazon Pro Multiple SQL Injection Vulnerabilities
       43. DUware DUpaypal Pro Multiple SQL Injection Vulnerabilities
       44. DUware DUforum Multiple SQL Injection Vulnerabilities
       45. DUware DUclassmate Multiple SQL Injection Vulnerabilities
       46. NetCaptor Browser Dialog Box Origin Spoofing Vulnerability
       47. Slim Browser Dialog Box Origin Spoofing Vulnerability
       48. Ipswitch WhatsUp Professional LOGIN.ASP SQL Injection Vulnerability
       49. Linux Kernel Unauthorized SCSI Command Vulnerability
       50. RaXnet Cacti Graph_Image.PHP Remote Command Execution Vulnerability
       51. Simple Machines Msg Parameter SQL Injection Vulnerability
       52. Whois.Cart Profile.PHP Cross-Site Scripting Vulnerability
       53. CarLine Forum Russian Board Multiple Input Validation Vulnerabilities
       54. Whois.Cart Index.PHP Directory Traversal Vulnerability
       55. Sendmail Milter Remote Denial Of Service Weakness
       56. Sun Solaris Traceroute Multiple Local Buffer Overflow Vulnerabilities
       57. UBBCentral UBB.Threads Multiple Cross-Site Scripting Vulnerabilities
       58. Linux Kernel 64 Bit AR-RSC Register Access Validation Vulnerability
       59. UBBCentral UBB.Threads Multiple SQL Injection Vulnerabilities
       60. UBBCentral UBB.Threads Multiple HTTP Response Splitting
Vulnerabilities
       61. Linux Kernel Subthread Exec Local Denial Of Service Vulnerability
       62. UBBCentral UBB.Threads Local File Include Vulnerability
       63. PHP-Nuke Avatar HTML Injection Vulnerability
       64. IBM DB2 Universal Database Unspecified Authorization Bypass
Vulnerability
       65. Clam Anti-Virus ClamAV Unspecified Quantum Decompressor Denial Of
Service Vulnerability
       66. K-COLLECT CSV_DB.CGI/i_DB.CGI Remote Command Execution Vulnerability
       67. Legal Case Management Log File Information Disclosure Vulnerability
III.  SECURITYFOCUS NEWS
       1. Open-source projects get free checkup by automated tools
       2. Targeted Trojan-horse attacks hitting U.S., worldwide
       3. MasterCard warns of massive credit-card breach
       4. Phishers look to net small fry
       5. £6.5m phishing duo jailed
       6. NASA hacker jailed
       7. Electronic forgery menaces humanity
       8. Aussies prosecute first 'spammer'
IV.   SECURITY JOBS LIST SUMMARY
       1. [SJ-JOB] Quality Assurance, McLean
       2. [SJ-JOB] Security Consultant, Aiken
       3. [SJ-JOB] VP / Dir / Mgr engineering, Chesterfield
       4. [SJ-JOB] Security Consultant, Chesterfield
       5. [SJ-JOB] Security Auditor, Bridgewater
       6. [SJ-JOB] Manager, Information Security, Herndon
       7. [SJ-JOB] Sr. Security Analyst, Harrisburg
       8. [SJ-JOB] Security Consultant, New York
       9. [SJ-JOB] Manager, Information Security, St. Louis
       10. [SJ-JOB] Security Consultant, Tampa
       11. [SJ-JOB] Management, Tampa
       12. [SJ-JOB] Director, Information Security, Indianapolis
       13. [SJ-JOB] Manager, Information Security, Charlotte
       14. [SJ-JOB] Manager, Information Security, Indianapolis
       15. [SJ-JOB] Sr. Security Engineer, St. Louis
       16. [SJ-JOB] Security Architect, North West England
       17. [SJ-JOB] Account Manager, Chicago
       18. [SJ-JOB] Security Engineer, S. San Francisco
       19. [SJ-JOB] Security Engineer, Atlanta
       20. [SJ-JOB] Sr. Security Engineer, Newark,NJ
       21. [SJ-JOB] Manager, Information Security, London
       22. [SJ-JOB] Security Auditor, Bay Area
       23. [SJ-JOB] Sr. Security Analyst, Northampton
       24. [SJ-JOB] Application Security Architect, Pune / Bangalore
       25. [SJ-JOB] Sales Engineer, Various
       26. [SJ-JOB] Security Engineer, Alexandria
       27. [SJ-JOB] Security Product Manager, San Antonio, TX
       28. [SJ-JOB] Security Engineer, Hampshire
       29. [SJ-JOB] Sales Representative, Ipswich Suffolk
       30. [SJ-JOB] Sr. Security Engineer, London and countrywide
       31. [SJ-JOB] CSO, northern California
       32. [SJ-JOB] Security Auditor, London and countrywide
V.    INCIDENTS LIST SUMMARY
VI.   VULN-DEV RESEARCH LIST SUMMARY
       1. PocketPC exploitation
VII.  MICROSOFT FOCUS LIST SUMMARY
       1. Local admin password
       2. Windows firewall spontaneously changes profiles
       3. disable shell: command on Windows 2000
       4. ISA 2004 FTP SSL
       5. Windows 98 autoupdate
VIII. SUN FOCUS LIST SUMMARY
IX.   LINUX FOCUS LIST SUMMARY
       1. Apache issue
X.    UNSUBSCRIBE INSTRUCTIONS
XI.   SPONSOR INFORMATION

I.   FRONT AND CENTER
---------------------
1. Where's the threat?
By Matthew Tanase
I'm sure everyone remembers the story of Goldilocks and the three bears
http://www.securityfocus.com/columnists/335

2. Software Firewalls: Made of Straw? Part 2 of 2
By Israel G. Lugo, Don Parker
In part two we look at how easily the firewall's operation can be circumvented
by inserting a malicious Trojan into the network stack itself.
http://www.securityfocus.com/infocus/1840


II.  BUGTRAQ SUMMARY
--------------------
1. Heimdal TelnetD Remote Buffer Overflow Vulnerability
BugTraq ID: 13989
Remote: Yes
Date Published: 2005-06-20
Relevant URL: http://www.securityfocus.com/bid/13989
Summary:
Heimdal telnetd is susceptible to a remote buffer overflow vulnerability. This
issue is due to a failure of the application to properly bounds check
user-supplied data prior to copying it to an insufficiently sized memory buffer.

This vulnerability may be exploited by remote attackers to influence the proper
flow of execution of the application, resulting in attacker-supplied machine
code being executed in the context of the affected network service.

2. Edgewall Software Trac Unauthorized File Upload/Download Vulnerability
BugTraq ID: 13990
Remote: Yes
Date Published: 2005-06-20
Relevant URL: http://www.securityfocus.com/bid/13990
Summary:
Trac is affected by an unauthorized file upload/download vulnerability.

This issue can lead to information disclosure and unauthorized remote access as
an attacker can place and execute malicious PHP scripts on an affected computer.

Trac 0.8.3 and prior versions are affected by this issue.

3. Uapplication Ublog Reload Multiple SQL Injection Vulnerabilities
BugTraq ID: 13991
Remote: Yes
Date Published: 2005-06-20
Relevant URL: http://www.securityfocus.com/bid/13991
Summary:
Ublog Reload is prone to multiple SQL injection vulnerabilities.  These issues
are due to a failure in the application to properly sanitize user-supplied input
before using it in SQL queries.

Successful exploitation could result in a compromise of the application,
disclosure or modification of data, or may permit an attacker to exploit
vulnerabilities in the underlying database implementation.

4. Cisco VPN Concentrator Groupname Enumeration Weakness
BugTraq ID: 13992
Remote: Yes
Date Published: 2005-06-20
Relevant URL: http://www.securityfocus.com/bid/13992
Summary:
Cisco VPN Concentrator is affected by a remote groupname enumeration weakness. 
This issue is due to a design error that could assist a remote attacker in
enumerating groupnames.

Reportedly, once the attacker has verified a groupname they can obtain a
password hash from an affected device and carry out bruteforce attacks against
the password hash.

A valid groupname and password pair can allow the attacker to complete IKE
Phase-1 authentication and carry out man-in-the-middle attacks against other
users.  This may ultimately allow the attacker to gain unauthorized access to
the network.

All Cisco VPN Concentrator 3000 series products running groupname authentication
are considered vulnerable to this issue.

5. Todd Miller Sudo Local Race Condition Vulnerability
BugTraq ID: 13993
Remote: No
Date Published: 2005-06-20
Relevant URL: http://www.securityfocus.com/bid/13993
Summary:
Sudo is prone to a local race condition vulnerability. The issue only manifests
under certain conditions, specifically, when the sudoers configuration file
contains a pseudo-command 'ALL' that directly follows a users sudoers entry.

When the aforementioned configuration exists, this issue may be leveraged by
local attackers to execute arbitrary executables with escalated privileges. This
may be accomplished by creating symbolic links to target files.



6. Uapplication Ublog Reload Trackback.ASP Cross-Site Scripting Vulnerability
BugTraq ID: 13994
Remote: Yes
Date Published: 2005-06-20
Relevant URL: http://www.securityfocus.com/bid/13994
Summary:
Ublog Reload is prone to a cross-site scripting vulnerability.  This issue is
due to a failure in the application to properly sanitize user-supplied input.

An attacker may leverage this issue to have arbitrary script code executed in
the browser of an unsuspecting user in the context of the affected site.  This
may facilitate the theft of cookie-based authentication credentials as well as
other attacks.

7. RealVNC Server Remote Information Disclosure Vulnerability
BugTraq ID: 13995
Remote: Yes
Date Published: 2005-06-20
Relevant URL: http://www.securityfocus.com/bid/13995
Summary:
RealVNC is affected by a remote information disclosure vulnerability.

An attacker may obtain the RealVNC version and the underlying operating system.

This information may aid in other attacks against an affected computer.


8. cPanel User Parameter Cross-Site Scripting Vulnerability
BugTraq ID: 13996
Remote: Yes
Date Published: 2005-06-20
Relevant URL: http://www.securityfocus.com/bid/13996
Summary:
It is reported that cPanel is prone to a cross-site scripting vulnerability that
may allow a remote attacker to execute HTML or script code in a user's browser. 
The issue presents itself due to insufficient sanitization of user-supplied data
via the 'user' parameter of the 'login' page.

Due to the possibility of attacker-specified HTML and script code being rendered
in a victim's browser, it is possible to steal cookie-based authentication
credentials from that user. Other attacks are possible as well.

9. Novell GroupWise GrpWise.EXE Authentication Credentials Persistence Weakness
BugTraq ID: 13997
Remote: No
Date Published: 2005-06-20
Relevant URL: http://www.securityfocus.com/bid/13997
Summary:
A problem with Novell GroupWise may allow the recovery of sensitive information.

Novell GroupWise 'grpWise.exe' does not safely handle authentication credential
information. As a result, a local user may be able to recover authentication
passwords.

10. PAFaq Database Unauthorized Access Vulnerability
BugTraq ID: 13999
Remote: Yes
Date Published: 2005-06-20
Relevant URL: http://www.securityfocus.com/bid/13999
Summary:
paFaq is prone to an unauthorized access vulnerability regarding the database. 
This issue is a result of the application failing to perform access validation
on  the 'backup.php' script.  A remote unauthenticated user can invoke the
script and retrieve a complete backup of the application database.

A remote attacker could exploit this vulnerability to authenticate to the
application using a retrieved administrator username and password hash.

11. I-Gallery Folder Argument Directory Traversal Vulnerability
BugTraq ID: 14000
Remote: Yes
Date Published: 2005-06-20
Relevant URL: http://www.securityfocus.com/bid/14000
Summary:
i-Gallery is prone to a directory traversal vulnerability.  

This could let remote attackers access files on the computer in the context of
the Web server process.

12. PAFaq Question Cross-Site Scripting Vulnerability
BugTraq ID: 14001
Remote: Yes
Date Published: 2005-06-20
Relevant URL: http://www.securityfocus.com/bid/14001
Summary:
paFaq is prone to a cross-site scripting vulnerability.  This issue is due to a
failure in the application to properly sanitize user-supplied input.

An attacker may leverage this issue to have arbitrary script code executed in
the browser of an unsuspecting user in the context of the affected site.  This
may facilitate the theft of cookie-based authentication credentials as well as
other attacks.

13. I-Gallery Folder Argument Cross-Site Scripting Vulnerability
BugTraq ID: 14002
Remote: Yes
Date Published: 2005-06-20
Relevant URL: http://www.securityfocus.com/bid/14002
Summary:
i-Gallery is prone to a cross-site scripting vulnerability.  This issue is due
to a failure in the application to properly sanitize user-supplied input to the
'folder' parameter of 'folderview.asp'.

An attacker may leverage this issue to have arbitrary script code executed in
the browser of an unsuspecting user in the context of the affected site.

14. PAFaq Administrator Username SQL Injection Vulnerability
BugTraq ID: 14003
Remote: Yes
Date Published: 2005-06-20
Relevant URL: http://www.securityfocus.com/bid/14003
Summary:
paFaq is prone to an SQL injection vulnerability.  This issue is due to a
failure in the application to properly sanitize user-supplied input before using
it in an SQL query.

Successful exploitation could result in a compromise of the application,
disclosure or modification of data, or may permit an attacker to exploit
vulnerabilities in the underlying database implementation.

15. Fortibus CMS Multiple SQL Injection Vulnerabilities
BugTraq ID: 14004
Remote: Yes
Date Published: 2005-06-20
Relevant URL: http://www.securityfocus.com/bid/14004
Summary:
Fortibus CMS is prone to multiple SQL injection vulnerabilities.

These issues could permit remote attackers to pass malicious input to database
queries, resulting in modification of query logic or other attacks. 

Successful exploitation could result in a compromise of the application,
disclosure or modification of data, or may permit an attacker to exploit
vulnerabilities in the underlying database implementation.

Fortibus CMS 4.0 is vulnerable to these issues.

16. Novell NetMail Patch Packaging Insecure File Permissions Vulnerability
BugTraq ID: 14005
Remote: No
Date Published: 2005-06-21
Relevant URL: http://www.securityfocus.com/bid/14005
Summary:
Novell NetMail is susceptible to an insecure file permissions vulnerability.
This issue is due to a flaw in the patch packaging system used to update
NetMail. This vulnerability only presents itself on Linux installations of
NetMail.

This vulnerability allows local attackers to modify or replace NetMail binaries.
This will result in the compromise of the NetMail account.

Computers running versions 3.52A, 3.52B, or 3.52C on Linux are affected by this
issue.

17. NanoBlogger Arbitrary Command Execution Vulnerability
BugTraq ID: 14006
Remote: Yes
Date Published: 2005-06-21
Relevant URL: http://www.securityfocus.com/bid/14006
Summary:
NanoBlogger is affected by a vulnerability regarding the execution of arbitrary
commands.

Successful exploitation of this issue results in command execution with the
privileges of the affected application.  This may lead to various attacks
including unauthorized access to an affected computer.

The vendor has addressed this issue in NanoBlogger version 3.2.2 and later;
earlier versions are reported vulnerable.

18. Microsoft Internet Explorer Dialog Box Origin Spoofing Vulnerability
BugTraq ID: 14007
Remote: Yes
Date Published: 2005-06-21
Relevant URL: http://www.securityfocus.com/bid/14007
Summary:
Microsoft Internet Explorer is prone to a dialog box origin spoofing
vulnerability.

An attacker may exploit this vulnerability to spoof an interface of a trusted
web site. This issue may allow a remote attacker to carry out phishing style
attacks. 


19. Mozilla/Firefox Browsers Dialog Box Origin Spoofing Vulnerability
BugTraq ID: 14008
Remote: Yes
Date Published: 2005-06-21
Relevant URL: http://www.securityfocus.com/bid/14008
Summary:
Mozilla/Firefox browsers are prone to a dialog box origin spoofing
vulnerability.

An attacker may exploit this vulnerability to spoof an interface of a trusted
web site. This issue may allow a remote attacker to carry out phishing style
attacks. 


20. Opera Web Browser Dialog Box Origin Spoofing Vulnerability
BugTraq ID: 14009
Remote: Yes
Date Published: 2005-06-21
Relevant URL: http://www.securityfocus.com/bid/14009
Summary:
Opera Web Browser is prone to a dialog box origin spoofing vulnerability.

An attacker may exploit this vulnerability to spoof an interface of a trusted
web site. This issue may allow a remote attacker to carry out phishing style
attacks. 


21. ICab Web Browser Dialog Box Origin Spoofing Vulnerability
BugTraq ID: 14010
Remote: Yes
Date Published: 2005-06-21
Relevant URL: http://www.securityfocus.com/bid/14010
Summary:
ICab Web Browser is prone to a dialog box origin spoofing vulnerability.

An attacker may exploit this vulnerability to spoof an interface of a trusted
web site. This issue may allow a remote attacker to carry out phishing style
attacks. 


22. Apple Safari Dialog Box Origin Spoofing Vulnerability
BugTraq ID: 14011
Remote: Yes
Date Published: 2005-06-21
Relevant URL: http://www.securityfocus.com/bid/14011
Summary:
Apple Safari is prone to a dialog box origin spoofing vulnerability.

An attacker may exploit this vulnerability to spoof an interface of a trusted
web site. This issue may allow a remote attacker to carry out phishing style
attacks. 


23. Avant Browser Dialog Box Origin Spoofing Vulnerability
BugTraq ID: 14012
Remote: Yes
Date Published: 2005-06-21
Relevant URL: http://www.securityfocus.com/bid/14012
Summary:
Avant Browser is prone to a dialog box origin spoofing vulnerability.

An attacker may exploit this vulnerability to spoof an interface of a trusted
web site. This issue may allow a remote attacker to carry out phishing style
attacks. 


24. Enterasys Networks Vertical Horizon Default Backdoor Account Vulnerability
BugTraq ID: 14014
Remote: Yes
Date Published: 2005-06-21
Relevant URL: http://www.securityfocus.com/bid/14014
Summary:
Enterasys Networks Vertical Horizon switch firmware has a built-in
administrative account that cannot be disabled.

This vulnerability reportedly allows remote attackers to gain unauthorized
administrative access to a target switch.


25. MercuryBoard Index.PHP Remote SQL Injection Vulnerability
BugTraq ID: 14015
Remote: Yes
Date Published: 2005-06-21
Relevant URL: http://www.securityfocus.com/bid/14015
Summary:
MercuryBoard is prone to an SQL injection vulnerability.  This issue is due to a
failure in the application to properly sanitize user-supplied input before using
it in an SQL query.

Successful exploitation could result in a compromise of the application,
disclosure or modification of data, or may permit an attacker to exploit
vulnerabilities in the underlying database implementation.

26. Yukihiro Matsumoto Ruby XMLRPC Server Unspecified Command Execution
Vulnerability
BugTraq ID: 14016
Remote: Yes
Date Published: 2005-06-21
Relevant URL: http://www.securityfocus.com/bid/14016
Summary:
Ruby is affected by an unspecified command execution vulnerability.  Reportedly,
this issue affects the XMLRPC server.

It may be possible for an attacker to gain unauthorized access to an affected
computer by exploiting this issue.

Ruby 1.8.2 is known to be vulnerable to this vulnerability, however, other
versions may be affected as well.


27. Enterasys Networks Vertical Horizon Remote Denial Of Service Vulnerability
BugTraq ID: 14017
Remote: Yes
Date Published: 2005-06-21
Relevant URL: http://www.securityfocus.com/bid/14017
Summary:
The Enterasys Vertical Horizon switch has administrative access that cannot be
disabled. Upon connecting to the Telnet administration interface as a guest
user, an attacker may invoke debugging commands.

Exploitation of this issue will allow a remote attacker to deny service for
other legitimate users that are connected to the switch.

28. Veritas Backup Exec/NetBackup Request Packet Denial Of Service Vulnerability
BugTraq ID: 14019
Remote: Yes
Date Published: 2005-06-22
Relevant URL: http://www.securityfocus.com/bid/14019
Summary:
VERITAS Backup Exec and NetBackup for NetWare Media Servers are prone to a
denial of service vulnerability. A malformed request packet may cause a denial
of service on the computer hosting the application.



29. Veritas Backup Exec Server Remote Registry Access Vulnerability
BugTraq ID: 14020
Remote: Yes
Date Published: 2005-06-22
Relevant URL: http://www.securityfocus.com/bid/14020
Summary:
VERITAS Backup Exec for Windows Servers is prone to an access validation
vulnerability.

The issue may be leveraged by a remote attacker to gain 'Administrator' access
to the vulnerable computer's registry. This access may be further leveraged to
gain unfettered access to the target computer.

30. Veritas Backup Exec Remote Agent Null Pointer Dereference Denial Of Service
Vulnerability
BugTraq ID: 14021
Remote: Yes
Date Published: 2005-06-22
Relevant URL: http://www.securityfocus.com/bid/14021
Summary:
VERITAS Backup Exec Remote Agent is prone to a remotely exploitable denial of
service vulnerability. This could cause a denial of service on the computer
hosting the application.

This issue only affects the application on Microsoft Windows platforms.

31. Veritas Backup Exec Remote Agent for Windows Servers Authentication Buffer
Overflow Vulnerability
BugTraq ID: 14022
Remote: Yes
Date Published: 2005-06-22
Relevant URL: http://www.securityfocus.com/bid/14022
Summary:
VERITAS Backup Exec Remote Agent for Windows Servers is prone to a remotely
exploitable buffer overflow vulnerability. This issue occurs when handling
authentication requests.

Successful exploitation could result in arbitrary code execution.



32. Veritas Backup Exec Admin Plus Pack Option Remote Heap Overflow
Vulnerability
BugTraq ID: 14023
Remote: Yes
Date Published: 2005-06-22
Relevant URL: http://www.securityfocus.com/bid/14023
Summary:
Veritas Backup Exec is affected by a remote heap overflow vulnerability.

This issue affects servers using the Admin Plus Pack Option.   A remote attacker
can exploit this issue by crafting and sending malicious data to the service and
executing arbitrary code.

It is conjectured that successful exploitation may result in a superuser
compromise. 

This issue affects Backup Exec running on Microsoft Windows platforms.

33. Tor Arbitrary Memory Information Disclosure Vulnerability
BugTraq ID: 14024
Remote: Yes
Date Published: 2005-06-21
Relevant URL: http://www.securityfocus.com/bid/14024
Summary:
Tor is prone to an arbitrary memory information disclosure vulnerability.

A remote attacker could exploit this vulnerability to gain sensitive
information,  possibly private keys.

This issue is reported to affect Tor versions prior to 0.1.0.10.

34. Veritas Backup Exec Web Administration Console Remote Buffer Overflow
Vulnerability
BugTraq ID: 14025
Remote: Yes
Date Published: 2005-06-22
Relevant URL: http://www.securityfocus.com/bid/14025
Summary:
VERITAS Backup Exec  Web Administration Console is prone to a remote buffer
overflow vulnerability.

An attacker can exploit this issue by crafting a malicious request.  This
request must contain excessive string data that triggers this issue, replacement
memory addresses, and executable instructions.  When the Web Administration
Console processes this request, the attacker-supplied instructions may be
executed on the vulnerable computer.

35. Veritas Backup Exec Remote Agent for Windows Servers Privilege Escalation
Vulnerability
BugTraq ID: 14026
Remote: Yes
Date Published: 2005-06-22
Relevant URL: http://www.securityfocus.com/bid/14026
Summary:
Veritas Backup Exec Remote Agent for Windows Servers is affected by a privilege
escalation vulnerability.  This issue can allow remote users to gain elevated
privileges and completely compromise an affected computer.

A successful attack allows non-privileged users to gain SYSTEM level privileges.

36. RaXnet Cacti Multiple SQL Injection Vulnerabilities
BugTraq ID: 14027
Remote: Yes
Date Published: 2005-06-22
Relevant URL: http://www.securityfocus.com/bid/14027
Summary:
Cacti is prone to multiple SQL injection vulnerabilities.

These issues could permit remote attackers to pass malicious input to database
queries, resulting in modification of query logic or other attacks.

Successful exploitation could result in a compromise of the application,
disclosure or modification of data, or may permit an attacker to exploit
vulnerabilities in the underlying database implementation.  An attacker can
obtain the administrative password by exploiting these issues.

Cacti versions prior to 0.8.6e are affected by these vulnerabilities.


37. RaXnet Cacti Config_Settings.PHP Remote File Include Vulnerability
BugTraq ID: 14028
Remote: Yes
Date Published: 2005-06-22
Relevant URL: http://www.securityfocus.com/bid/14028
Summary:
RaXnet Cacti is prone to a remote file include vulnerability. 

The problem presents itself specifically when an attacker passes the location of
a remote attacker-specified script through the 'config_settings.php' script.

An attacker may leverage this issue to execute arbitrary server-side script code
on an affected computer with the privileges of the Web server process. This may
facilitate unauthorized access. 


38. DUware DUportal Pro Multiple SQL Injection Vulnerabilities
BugTraq ID: 14029
Remote: Yes
Date Published: 2005-06-22
Relevant URL: http://www.securityfocus.com/bid/14029
Summary:
DUportal Pro is prone to multiple SQL injection vulnerabilities.  These issues
are due to a failure in the application to properly sanitize user-supplied input
before using it in SQL queries.

Successful exploitation could result in a compromise of the application,
disclosure or modification of data, or may permit an attacker to exploit
vulnerabilities in the underlying database implementation.

Some of these issues may have previously been discussed in BID 13285 and BID
13288.

39. RaXnet Cacti Top_Graph_Header.PHP Remote File Include Vulnerability
BugTraq ID: 14030
Remote: Yes
Date Published: 2005-06-22
Relevant URL: http://www.securityfocus.com/bid/14030
Summary:
RaXnet Cacti is prone to a remote file include vulnerability. 

The problem presents itself specifically when an attacker passes the location of
a remote attacker-specified script through the 'top_graph_header.php' script.

An attacker may leverage this issue to execute arbitrary server-side script code
on an affected computer with the privileges of the Web server process. This may
facilitate unauthorized access. 


40. Asterisk Manager Interface Command Processing Remote Buffer Overflow
Vulnerability
BugTraq ID: 14031
Remote: Yes
Date Published: 2005-06-22
Relevant URL: http://www.securityfocus.com/bid/14031
Summary:
Asterisk manager interface is prone to a remote buffer overflow vulnerability.
The issue manifests due to a lack of sufficient boundary checks performed by
command line interface processing routines. Reports indicate that the issue may
only be exploited if the manager interface is accessible and an attacker is able
to write commands to the interface.

Under certain circumstances a remote attacker may exploit this issue to execute
arbitrary code in the context of the affected software.

41. HP VCRM Proxy Server Potential Password Disclosure Vulnerability
BugTraq ID: 14032
Remote: No
Date Published: 2005-06-22
Relevant URL: http://www.securityfocus.com/bid/14032
Summary:
HP Version Control Repository Manager (VCRM) Proxy Server is affected by a
vulnerability that may disclose user passwords to an adversary in close physical
proximity to the victim.

This vulnerability could disclose a partial or complete password to an attacker,
which may aid in other attacks or allow for unauthorized access to an affected
computer.

VCRM versions prior to 2.1.1.730 are affected.

42. DUware DUamazon Pro Multiple SQL Injection Vulnerabilities
BugTraq ID: 14033
Remote: Yes
Date Published: 2005-06-22
Relevant URL: http://www.securityfocus.com/bid/14033
Summary:
DUamazon Pro is prone to multiple SQL injection vulnerabilities.  These issues
are due to a failure in the application to properly sanitize user-supplied input
before using it in SQL queries.

Successful exploitation could result in a compromise of the application,
disclosure or modification of data, or may permit an attacker to exploit
vulnerabilities in the underlying database implementation.


43. DUware DUpaypal Pro Multiple SQL Injection Vulnerabilities
BugTraq ID: 14034
Remote: Yes
Date Published: 2005-06-22
Relevant URL: http://www.securityfocus.com/bid/14034
Summary:
DUpaypal Pro is prone to multiple SQL injection vulnerabilities.  These issues
are due to a failure in the application to properly sanitize user-supplied input
before using it in SQL queries.

Successful exploitation could result in a compromise of the application,
disclosure or modification of data, or may permit an attacker to exploit
vulnerabilities in the underlying database implementation.


44. DUware DUforum Multiple SQL Injection Vulnerabilities
BugTraq ID: 14035
Remote: Yes
Date Published: 2005-06-22
Relevant URL: http://www.securityfocus.com/bid/14035
Summary:
DUforum is prone to multiple SQL injection vulnerabilities.  These issues are
due to a failure in the application to properly sanitize user-supplied input
before using it in SQL queries.

Successful exploitation could result in a compromise of the application,
disclosure or modification of data, or may permit an attacker to exploit
vulnerabilities in the underlying database implementation.


45. DUware DUclassmate Multiple SQL Injection Vulnerabilities
BugTraq ID: 14036
Remote: Yes
Date Published: 2005-06-22
Relevant URL: http://www.securityfocus.com/bid/14036
Summary:
DUclassmate is prone to multiple SQL injection vulnerabilities.  These issues
are due to a failure in the application to properly sanitize user-supplied input
before using it in SQL queries.

Successful exploitation could result in a compromise of the application,
disclosure or modification of data, or may permit an attacker to exploit
vulnerabilities in the underlying database implementation.


46. NetCaptor Browser Dialog Box Origin Spoofing Vulnerability
BugTraq ID: 14037
Remote: Yes
Date Published: 2005-06-22
Relevant URL: http://www.securityfocus.com/bid/14037
Summary:
NetCaptor Browser is prone to a dialog box origin spoofing vulnerability.

An attacker may exploit this vulnerability to spoof an interface of a trusted
web site. This issue may allow a remote attacker to carry out phishing style
attacks. 


47. Slim Browser Dialog Box Origin Spoofing Vulnerability
BugTraq ID: 14038
Remote: Yes
Date Published: 2005-06-22
Relevant URL: http://www.securityfocus.com/bid/14038
Summary:
Slim Browser is prone to a dialog box origin spoofing vulnerability.

An attacker may exploit this vulnerability to spoof an interface of a trusted
web site. This issue may allow a remote attacker to carry out phishing style
attacks. 


48. Ipswitch WhatsUp Professional LOGIN.ASP SQL Injection Vulnerability
BugTraq ID: 14039
Remote: Yes
Date Published: 2005-06-22
Relevant URL: http://www.securityfocus.com/bid/14039
Summary:
WhatsUp Professional is prone to an SQL injection vulnerability affecting its
Web-based front end.  This issue is due to a failure in the application to
properly sanitize user-supplied input to the 'login.asp' script before using it
in an SQL query.

Successful exploitation could result in a compromise of the application,
disclosure or modification of data, or may permit an attacker to exploit
vulnerabilities in the underlying database implementation. It should be noted
that by supplying a 'or' value through the 'password' parameter, an attacker can
gain unauthorized access to an affected site.



49. Linux Kernel Unauthorized SCSI Command Vulnerability
BugTraq ID: 14040
Remote: No
Date Published: 2005-06-23
Relevant URL: http://www.securityfocus.com/bid/14040
Summary:
Linux kernel is reported susceptible to an unauthorized SCSI command
vulnerability. 

Commands sent to a SCSI device may render the device's state inconsistent or
change the drive parameters so that other users find the drive to be unusable.

It is possible that this issue is related to BID 11784 (SuSE Linux Kernel
Unauthorized SCSI Command Vulnerability).  This is not confirmed at the moment,
however, this BID will be updated or the two BIDs will be combined into one when
further analysis is completed.


50. RaXnet Cacti Graph_Image.PHP Remote Command Execution Vulnerability
BugTraq ID: 14042
Remote: Yes
Date Published: 2005-06-23
Relevant URL: http://www.securityfocus.com/bid/14042
Summary:
Cacti is prone to a remote command execution vulnerability.

User-supplied input to the 'graph_image.php' script is not properly sanitized
and allows attackers to execute arbitrary commands in the context of the server.

This can facilitate various attacks including unauthorized access to an affected
computer.

Cacti 0.8.6d and prior versions are reportedly affected.

51. Simple Machines Msg Parameter SQL Injection Vulnerability
BugTraq ID: 14043
Remote: Yes
Date Published: 2005-06-23
Relevant URL: http://www.securityfocus.com/bid/14043
Summary:
Simple Machines is prone to an SQL injection vulnerability.  This issue is due
to a failure in the application to properly sanitize user-supplied input before
using it in an SQL query.

Successful exploitation could result in a compromise of the application,
disclosure or modification of data, or may permit an attacker to exploit
vulnerabilities in the underlying database implementation.

This issue is reported to affect Simple Machines version 1.0.4; earlier versions
may also be vulnerable.



52. Whois.Cart Profile.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 14044
Remote: Yes
Date Published: 2005-06-23
Relevant URL: http://www.securityfocus.com/bid/14044
Summary:
Whois.Cart is prone to a cross-site scripting vulnerability.  This issue is due
to a failure in the application to properly sanitize user-supplied input.

An attacker may leverage this issue to have arbitrary script code executed in
the browser of an unsuspecting user in the context of the affected site.  This
may facilitate the theft of cookie-based authentication credentials as well as
other attacks.

53. CarLine Forum Russian Board Multiple Input Validation Vulnerabilities
BugTraq ID: 14045
Remote: Yes
Date Published: 2005-06-23
Relevant URL: http://www.securityfocus.com/bid/14045
Summary:
Forum Russian Board is prone to multiple input validation vulnerabilities. 
These issues can allow attackers to carry out SQL Injection, cross-site
scripting, and HTML injection attacks.

Forum Russian Board 4.2 is reported to be affected.

54. Whois.Cart Index.PHP Directory Traversal Vulnerability
BugTraq ID: 14046
Remote: Yes
Date Published: 2005-06-23
Relevant URL: http://www.securityfocus.com/bid/14046
Summary:
Whois.Cart is prone to a directory traversal vulnerability.  This issue is due
to a failure in the application to properly sanitize user-supplied input.

A remote unauthorized user can disclose the contents of arbitrary local files
through the use of directory traversal strings '../'.  Exploitation of this
vulnerability could lead to a loss of confidentiality.


55. Sendmail Milter Remote Denial Of Service Weakness
BugTraq ID: 14047
Remote: Yes
Date Published: 2005-06-23
Relevant URL: http://www.securityfocus.com/bid/14047
Summary:
Sendmail is susceptible to a remote denial of service weakness in its milter
interface. This issue is due to overly long default timeouts configured for
milters.

This issue is demonstrated with ClamAV versions prior to 0.86. Any other milter
that utilizes similar operating methods as the older ClamAV milter will also
expose this vulnerability in Sendmail.

Depending on the configuration of the milter interface, attackers may either
exploit this issue to bypass milters, or to deny further email delivery on
affected sites.

56. Sun Solaris Traceroute Multiple Local Buffer Overflow Vulnerabilities
BugTraq ID: 14049
Remote: No
Date Published: 2005-06-24
Relevant URL: http://www.securityfocus.com/bid/14049
Summary:
Sun Solaris traceroute is affected by multiple local buffer overflow
vulnerabilities.

These vulnerabilities present themselves when the application handles excessive
data supplied through command line arguments.

These issue are reported to affect /usr/sbin/traceroute running on Sun Solaris
10.

Some reports indicate that this issue cannot be reproduced. It is also reported
that this issue is only exploitable on the Solaris x86 platform.

57. UBBCentral UBB.Threads Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 14050
Remote: Yes
Date Published: 2005-06-24
Relevant URL: http://www.securityfocus.com/bid/14050
Summary:
UBB.Threads is prone to multiple cross-site scripting vulnerabilities.  These
issues are due to a failure in the application to properly sanitize
user-supplied input.

An attacker may leverage any of these issues to have arbitrary script code
executed in the browser of an unsuspecting user in the context of the affected
site.  This may facilitate the theft of cookie-based authentication credentials
as well as other attacks.




58. Linux Kernel 64 Bit AR-RSC Register Access Validation Vulnerability
BugTraq ID: 14051
Remote: No
Date Published: 2005-06-24
Relevant URL: http://www.securityfocus.com/bid/14051
Summary:
The Linux Kernel for 64 Bit architectures is prone to an access validation
vulnerability. The issue manifests due to a failure to restrict access to the
'ar.rsc' register (register stack engine control register) by the
'restore_sigcontext' function.

Immediate consequences of exploitation would likely be a denial of service,
other attacks are also possible.



59. UBBCentral UBB.Threads Multiple SQL Injection Vulnerabilities
BugTraq ID: 14052
Remote: Yes
Date Published: 2005-06-24
Relevant URL: http://www.securityfocus.com/bid/14052
Summary:
UBB.Threads is prone to multiple SQL injection vulnerabilities.  These issues
are due to a failure in the application to properly sanitize user-supplied input
before using it in SQL queries.

Successful exploitation could result in a compromise of the application,
disclosure or modification of data, or may permit an attacker to exploit
vulnerabilities in the underlying database implementation.



60. UBBCentral UBB.Threads Multiple HTTP Response Splitting Vulnerabilities
BugTraq ID: 14053
Remote: Yes
Date Published: 2005-06-24
Relevant URL: http://www.securityfocus.com/bid/14053
Summary:
UBB.Threads is prone to multiple HTTP response splitting vulnerabilities.  These
issues are due to a failure in the application to properly sanitize
user-supplied input.

A remote attacker may exploit any of these vulnerabilities to influence or
misrepresent how Web content is served, cached or interpreted. This could aid in
various attacks that attempt to entice client users into a false sense of trust.


61. Linux Kernel Subthread Exec Local Denial Of Service Vulnerability
BugTraq ID: 14054
Remote: No
Date Published: 2005-06-24
Relevant URL: http://www.securityfocus.com/bid/14054
Summary:
The Linux kernel is prone to a local denial of service vulnerability. The issue
manifests when a call to exec is made for a subthread that has a timer pending. 

A local attacker may exploit this issue to crash the kernel effectively denying
service for legitimate users.


62. UBBCentral UBB.Threads Local File Include Vulnerability
BugTraq ID: 14055
Remote: Yes
Date Published: 2005-06-24
Relevant URL: http://www.securityfocus.com/bid/14055
Summary:
UBB.Threads is prone to a local file include vulnerability.

The problem presents itself when an attacker passes the location of a
potentially malicious local script through a parameter of the cookie.

An attacker may leverage this issue to execute arbitrary server-side script code
that resides on an affected computer with the privileges of the Web server
process. This may potentially facilitate unauthorized access.

It should be noted that this issue may also be leveraged to read arbitrary files
on an affected computer with the privileges of the Web server.

63. PHP-Nuke Avatar HTML Injection Vulnerability
BugTraq ID: 14056
Remote: Yes
Date Published: 2005-06-24
Relevant URL: http://www.securityfocus.com/bid/14056
Summary:
PHP-Nuke is prone to an HTML injection vulnerability.  This issue is due to a
failure in the application to properly sanitize user-supplied input before using
it in dynamically generated content.

Attacker-supplied HTML and script code would be executed in the context of the
affected Web site, potentially allowing for theft of cookie-based authentication
credentials. An attacker could also exploit this issue to control how the site
is rendered to the user; other attacks are also possible.

This issue is reported to affect all versions of PHP-Nuke up to version 7.7,
this has not been confirmed.



64. IBM DB2 Universal Database Unspecified Authorization Bypass Vulnerability
BugTraq ID: 14057
Remote: Yes
Date Published: 2005-06-24
Relevant URL: http://www.securityfocus.com/bid/14057
Summary:
IBM DB2 Universal Database is susceptible to an authorization bypass
vulnerability. This issue is due to a failure of the application to properly
enforce authorization restrictions for database users.

Users with SELECT privileges on in a database may bypass authorization checks to
execute INSERT, UPDATE, or DELETE statements. Further details are not available
at this time. This BID will be updated as more information is disclosed.

This vulnerability allows attackers to modify or destroy data without having
proper authorization to do so.

65. Clam Anti-Virus ClamAV Unspecified Quantum Decompressor Denial Of Service
Vulnerability
BugTraq ID: 14058
Remote: Yes
Date Published: 2005-06-24
Relevant URL: http://www.securityfocus.com/bid/14058
Summary:
ClamAV is prone to a denial of service vulnerability. The issue manifests in the
Quantum decompressor, the exact cause of this issue is not known.

It is conjectured that a remote attacker may exploit this condition using a
malicious file to crash a target ClamAV server.

66. K-COLLECT CSV_DB.CGI/i_DB.CGI Remote Command Execution Vulnerability
BugTraq ID: 14059
Remote: Yes
Date Published: 2005-06-24
Relevant URL: http://www.securityfocus.com/bid/14059
Summary:
CSV_DB.CGI/i_DB.CGI are affected by a remote command execution vulnerability.

Specifically, an attacker can supply arbitrary commands prefixed with the '|'
character through the 'csv_db.cgi' script that will be executed in the context
of the Web server running the application.

CSV-DB 1.00 is affected by this issue.

67. Legal Case Management Log File Information Disclosure Vulnerability
BugTraq ID: 14060
Remote: Yes
Date Published: 2005-06-24
Relevant URL: http://www.securityfocus.com/bid/14060
Summary:
Legal Case Management is prone to an information disclosure vulnerability.  This
issue is a result of the application not requiring authentication before
granting access to the log files generated by LCM.

Information acquired from the log files may be used to aid in further attacks
against the underlying system. 

III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Open-source projects get free checkup by automated tools
By: Robert Lemos
The source code for the Unix-like operating systems FreeBSD is the latest
community software to have coding problems flagged by an automated analysis
tool.
http://www.securityfocus.com/news/11230

2. Targeted Trojan-horse attacks hitting U.S., worldwide
By: Robert Lemos
The U.K.'s incident response team warned of stealthy attacks aimed at that
nation's businesses and government agencies, but security firms say the attacks
have targeted companies and organizations across the globe, including the U.S. 
http://www.securityfocus.com/news/11222

3. MasterCard warns of massive credit-card breach
By: Robert Lemos
Data thieves breached the systems of Atlanta, Georgia-based CardSystems
Solutions, stealing data on as many as 40 million accounts affecting various
credit-card brands, MasterCard says.
http://www.securityfocus.com/news/11219

4. Phishers look to net small fry
By: Robert Lemos
Online fraudsters are targeting the customers of small financial institutions,
hoping to take advantage of less knowledgeable and more trusting consumers.
http://www.securityfocus.com/news/11214

5. £6.5m phishing duo jailed
By: John Leyden
An American who masterminded the UK part of a multi-million pound ID theft scam
was yesterday jailed for six years.
http://www.securityfocus.com/news/11231

6. NASA hacker jailed
By: John Leyden
A US man was jailed for four months last week after he was convicted of hacking
into US government computers and defacing web sites.
http://www.securityfocus.com/news/11232

7. Electronic forgery menaces humanity
By: John Leyden
Electronic forgery is becoming a greater risk as more company information is
stored electronically. But many organisations are ignoring the issue.
http://www.securityfocus.com/news/11228

8. Aussies prosecute first 'spammer'
By: Drew Cullen
Australia is prosecuting the first alleged spammer under its new-ish Spam Act. 
http://www.securityfocus.com/news/11229

IV.  SECURITY JOBS LIST SUMMARY
-------------------------------
1. [SJ-JOB] Quality Assurance, McLean
http://www.securityfocus.com/archive/77/403587

2. [SJ-JOB] Security Consultant, Aiken
http://www.securityfocus.com/archive/77/403585

3. [SJ-JOB] VP / Dir / Mgr engineering, Chesterfield
http://www.securityfocus.com/archive/77/403584

4. [SJ-JOB] Security Consultant, Chesterfield
http://www.securityfocus.com/archive/77/403586

5. [SJ-JOB] Security Auditor, Bridgewater
http://www.securityfocus.com/archive/77/403588

6. [SJ-JOB] Manager, Information Security, Herndon
http://www.securityfocus.com/archive/77/403325

7. [SJ-JOB] Sr. Security Analyst, Harrisburg
http://www.securityfocus.com/archive/77/403328

8. [SJ-JOB] Security Consultant, New York
http://www.securityfocus.com/archive/77/403329

9. [SJ-JOB] Manager, Information Security, St. Louis
http://www.securityfocus.com/archive/77/403322

10. [SJ-JOB] Security Consultant, Tampa
http://www.securityfocus.com/archive/77/403327

11. [SJ-JOB] Management, Tampa
http://www.securityfocus.com/archive/77/403324

12. [SJ-JOB] Director, Information Security, Indianapolis
http://www.securityfocus.com/archive/77/403326

13. [SJ-JOB] Manager, Information Security, Charlotte
http://www.securityfocus.com/archive/77/403321

14. [SJ-JOB] Manager, Information Security, Indianapolis
http://www.securityfocus.com/archive/77/403320

15. [SJ-JOB] Sr. Security Engineer, St. Louis
http://www.securityfocus.com/archive/77/403323

16. [SJ-JOB] Security Architect, North West England
http://www.securityfocus.com/archive/77/403220

17. [SJ-JOB] Account Manager, Chicago
http://www.securityfocus.com/archive/77/403221

18. [SJ-JOB] Security Engineer, S. San Francisco
http://www.securityfocus.com/archive/77/403222

19. [SJ-JOB] Security Engineer, Atlanta
http://www.securityfocus.com/archive/77/403218

20. [SJ-JOB] Sr. Security Engineer, Newark,NJ
http://www.securityfocus.com/archive/77/403219

21. [SJ-JOB] Manager, Information Security, London
http://www.securityfocus.com/archive/77/403216

22. [SJ-JOB] Security Auditor, Bay Area
http://www.securityfocus.com/archive/77/403217

23. [SJ-JOB] Sr. Security Analyst, Northampton
http://www.securityfocus.com/archive/77/403212

24. [SJ-JOB] Application Security Architect, Pune / Bangalore
http://www.securityfocus.com/archive/77/403214

25. [SJ-JOB] Sales Engineer, Various
http://www.securityfocus.com/archive/77/403215

26. [SJ-JOB] Security Engineer, Alexandria
http://www.securityfocus.com/archive/77/403210

27. [SJ-JOB] Security Product Manager, San Antonio, TX
http://www.securityfocus.com/archive/77/403211

28. [SJ-JOB] Security Engineer, Hampshire
http://www.securityfocus.com/archive/77/403209

29. [SJ-JOB] Sales Representative, Ipswich Suffolk
http://www.securityfocus.com/archive/77/403213

30. [SJ-JOB] Sr. Security Engineer, London and countrywide
http://www.securityfocus.com/archive/77/403208

31. [SJ-JOB] CSO, northern California
http://www.securityfocus.com/archive/77/403207

32. [SJ-JOB] Security Auditor, London and countrywide
http://www.securityfocus.com/archive/77/403206

V.   INCIDENTS LIST SUMMARY
---------------------------
VI.  VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
1. PocketPC exploitation
http://www.securityfocus.com/archive/82/403422

VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Local admin password
http://www.securityfocus.com/archive/88/403594

2. Windows firewall spontaneously changes profiles
http://www.securityfocus.com/archive/88/403542

3. disable shell: command on Windows 2000
http://www.securityfocus.com/archive/88/403498

4. ISA 2004 FTP SSL
http://www.securityfocus.com/archive/88/403301

5. Windows 98 autoupdate
http://www.securityfocus.com/archive/88/403192

VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
1. Apache issue
http://www.securityfocus.com/archive/91/403019
[ terug ]