Home
Systeembeheer
Consultancy
Connectivity
Training
Development

Klanten

Inloggen

Resources

Sans artikelen
Security artikelen

Software

Linux
Windows









[ terug ]
SecurityFocus Newsletter #317
----------------------------------------

This Issue is Sponsored By: Norwich U

Earn your Master of Science in Information Security online from Norwich
University. Designated a "Center of Excellence", the program offers a solid
education in the management of information assurance, and the unique case study
method melds theory into practice.  Using today's e-Learning technology, you can
earn this esteemed degree, without disrupting your career or home life.  Visit
URL below for more information:

http://www.msia.norwich.edu/secfocus_en

------------------------------------------------------------------
I.    FRONT AND CENTER
       1. Anonymity made easy
       2. Skype security and privacy concerns
       3. Windows rootkits come of age
II.   BUGTRAQ SUMMARY
       1. Veritas Storage Exec Multiple Remote DCOM Buffer Overflow
Vulnerabilities
       2. Py2Play Object Unpickling Remote Python Code Execution Vulnerability
       3. Tofu Object Unpickling Remote Python Code Execution Vulnerability
       4. Apple Safari Data URI Memory Corruption Vulnerability
       5. CutePHP CuteNews Flood Protection Client-IP PHP Code Injection
Vulnerability
       6. Multi-Computer Control System Remote Denial of Service Vulnerability
       7. EPay Pro Index.PHP Directory Traversal Vulnerability
       8. VBulletin Multiple Moderator And Administrator SQL Injection
Vulnerabilities
       9. NooToplist Index.PHP Multiple SQL Injection Vulnerabilities
       10. VBulletin Multiple Cross-Site Scripting Vulnerabilities
       11. Sybari Antigen for Exchange/SMTP Attachment Rule Bypass Vulnerability
       12. MX Shop Index.PHP Multiple SQL Injection Vulnerabilities
       13. Cisco IOS Multiple Unspecified EIGRP Vulnerabilities
       14. Sun Solaris 10 Tl Driver Local Denial Of Service Vulnerability
       15. Hesk Session ID Authentication Bypass Vulnerability
       16. Opera Web Browser Mail Client Multiple Vulnerabilities
       17. Bacula Insecure Temporary File Creation Vulnerabilities
       18. Digger Solutions Intranet Open Source Project-Edit.ASP SQL Injection
Vulnerability
       19. PHP Advanced Transfer Manager Multiple Directory Traversal
Vulnerabilities
       20. Opera Web Browser Unspecified Drag And Drop File Upload Vulnerability
       21. IBM Rational ClearQuest Unspecified Multiple Cross-Site Scripting
Vulnerabilities
       22. HP Tru64 FTP Server Remote Denial Of Service Vulnerability
       23. PHP Advanced Transfer Manager Multiple Cross-Site Scripting
Vulnerabilities
       24. Mozilla Browser/Firefox Arbitrary Command Execution Vulnerability
       25. Webmin / Usermin Remote PAM Authentication Bypass Vulnerability
       26. MasqMail Local Privilege Escalation Vulnerabilities
       27. Copernicus Jupiter Multiple Unspecified SQL Injection Vulnerabilities
       28. Zengaia Unspecified SQL Injection Vulnerability
       29. Alkalay.Net Multiple Scripts Arbitrary Remote Command Execution
Vulnerabilities
       30. PerlDiver Perldiver.CGI Cross-Site Scripting Vulnerability
       31. Copernicus Europa Multiple Unspecified SQL Injection Vulnerabilities
       32. Land Down Under Multiple Remote SQL Injection Vulnerabilities
       33. Simplog Multiple SQL Injection Vulnerabilities
       34. Mall23 AddItem.ASP SQL Injection Vulnerability
       35. Microsoft Internet Explorer for Mac OS Denial of Service
Vulnerability
       36. PunBB Forgotten Email Cross-Site Scripting Vulnerability
       37. Lotus Domino Unspecified Cross-Site Scripting Vulnerability
       38. Linux Kernel 64-Bit SMP Routing_ioctl() Local Denial of Service
Vulnerability
       39. GeSHI Example.PHP Directory Traversal Vulnerability
       40. PunBB Language Selection File Include Vulnerability
       41. Eric3 Unspecified Security Vulnerability
       42. Kerio ServerFirewall Unspecified Denial of Service Vulnerability
       43. HylaFAX Insecure Temporary File Creation Vulnerability
       44. My Little Forum Search.PHP SQL Injection Vulnerability
       45. Yukihiro Matsumoto Ruby SAFE Level Restriction Bypass Vulnerability
       46. Movable Type Remote File Include Vulnerability
       47. Movable Type Username Information Disclosure Vulnerability
       48. Movable Type  Multiple Unspecified HTML Injection Vulnerabilities
       49. Apple Mac OS X Security Update 2005-008 Multiple Vulnerabilities
       50. Sun Solaris UFS Local Denial of Service Vulnerability
       51. Mozilla Browser/Firefox XBM Image Processing Heap Overflow
Vulnerability
       52. Mozilla Browser/Firefox JavaScript Engine Integer Overflow
Vulnerability
       53. Mozilla Browser/Firefox Zero-Width Non-Joiner Stack Corruption
Vulnerability
       54. Mozilla Browser/Firefox Chrome Window Spoofing Vulnerability
       55. Mozilla Browser/Firefox Chrome Page Loading Restriction Bypass
Privilege Escalation Weakness
       56. Mozilla Browser/Firefox DOM Objects Spoofing Vulnerability
       57. PowerArchiver Long Filename Buffer Overflow Vulnerability
       58. Mozilla Browser/Firefox Arbitrary HTTP Request Injection
Vulnerability
       59. Multiple Browser Proxy Auto-Config Script Handling Remote Denial of
Service Vulnerability
       60. 7-Zip ARJ File Buffer Overflow Vulnerability
       61. PHPMyFAQ Password.PHP SQL Injection Vulnerabililty
       62. PHPMyFAQ Multiple Cross-Site Scripting Vulnerabilities
       63. PHPMyFAQ Local File Include Vulnerability
       64. PHPMyFAQ Logs Unauthorized Access Vulnerability
       65. Interchange Multiple Vulnerabilities
       66. AlstraSoft E-Friends Remote File Include Vulnerability
       67. UNU Networks MailGust User_email.PHP SQL Injection Vulnerability
III.  SECURITYFOCUS NEWS
       1. Digital plague hits online game World of Warcraft
       2. Mozilla's popularity stressing its security image
       3. Key clicks betray passwords, typed text
       4. Microsoft's delay to patch fuels concerns
       5. Password overload plagues US.biz
       6. Tiscali in UK consumer data security breach
       7. PC-hopping mobile malware sighted
       8. Airport PCs stuffed with meaty goodness
IV.   SECURITY JOBS LIST SUMMARY
       1. [SJ-JOB] Security Engineer, Washington
       2. [SJ-JOB] Information Assurance Analyst, Washington
       3. [SJ-JOB] Sr. Security Engineer, Washington, D.C.
       4. [SJ-JOB] Information Assurance Analyst, Washington
       5. [SJ-JOB] Security Auditor, Northern NJ
       6. [SJ-JOB] Application Security Architect, Chicago
       7. [SJ-JOB] Sales Representative, San Diego
       8. [SJ-JOB] Information Assurance Engineer, Washington
       9. [SJ-JOB] Information Assurance Analyst, Washington, DC Metro
       10. [SJ-JOB] Sales Representative, Cleveland or Columbus
       11. [SJ-JOB] Certification & Accreditation Engineer, Washington
       12. [SJ-JOB] Certification & Accreditation Engineer, Crystal City
       13. [SJ-JOB] Security Consultant, Columbia
       14. [SJ-JOB] CHECK Team Leader, Scotland
       15. [SJ-JOB] Security Architect, AnyCity
       16. [SJ-JOB] Security Engineer, Washington DC
       17. [SJ-JOB] Sr. Security Engineer, San Diego
       18. [SJ-JOB] Security Engineer, Manchester
       19. [SJ-JOB] Technical Support Engineer, Seattle
       20. [SJ-JOB] Security System Administrator, Philadelphia
       21. [SJ-JOB] Sr. Security Engineer, San Mateo
       22. [SJ-JOB] Security System Administrator, Hershey
       23. [SJ-JOB] Security Engineer, Buckinghamshire
       24. [SJ-JOB] Sales Engineer, Little Rock
       25. [SJ-JOB] Sr. Security Analyst, Washington DC (Downtown)
       26. [SJ-JOB] Security Consultant, Bethesda + DC Metro
       27. [SJ-JOB] Sales Representative, Boston
       28. [SJ-JOB] Director, Information Security, Irving
       29. [SJ-JOB] Security Engineer, Oklahoma City
       30. [SJ-JOB] Security Engineer, European Assignment
       31. [SJ-JOB] Developer, Oklahoma City
       32. [SJ-JOB] Security Engineer, Westboro
       33. [SJ-JOB] Manager, Information Security, Lehigh Valley
       34. [SJ-JOB] Security Engineer, Oklahoma City
       35. [SJ-JOB] Account Manager, Atlanta
       36. [SJ-JOB] Sales Representative, Detroit
       37. [SJ-JOB] Sr. Security Engineer, San Carlos
       38. [SJ-JOB] Evangelist, San Francisco Bay Area
       39. [SJ-JOB] Security Engineer, St. Louis
       40. [SJ-JOB] Security Consultant, Calgary
       41. [SJ-JOB] Security Consultant, Stockholm
       42. [SJ-JOB] Application Security Architect, Chicago
       43. [SJ-JOB] Sr. Security Engineer, Phoenix
       44. [SJ-JOB] Security Engineer, London
       45. [SJ-JOB] Security Engineer, Allentown
V.    INCIDENTS LIST SUMMARY
VI.   VULN-DEV RESEARCH LIST SUMMARY
       1. PacSec05
       2. Canonicalization and apache/PHP-attacks
       3. looking for vuln researchers who worked on routers
       4. PocketPC exploitation
VII.  MICROSOFT FOCUS LIST SUMMARY
       1. Active Directory and IIS on production servers, and clustering
       2. ElseNot Project
       3. Group Policy Question on firewalls
VIII. SUN FOCUS LIST SUMMARY
IX.   LINUX FOCUS LIST SUMMARY
       1. Securing Fedora Core 4
X.    NEW MAILING LISTS
       1. BS 7799/ISO 17799
XI.    UNSUBSCRIBE INSTRUCTIONS
XII.   SPONSOR INFORMATION

I.   FRONT AND CENTER
---------------------
1. Anonymity made easy
By Matthew Tanase
The opening passage to True Names, a novella written by noted science fiction
author Vernor Vinge nearly 25 years ago, delivers an eerily prescient summary of
modern Internet usage.
http://www.securityfocus.com/columnists/356

2. Skype security and privacy concerns
By Scott Granneman
One of my stranger hobbies is collecting interesting and weird anecdotes I find
in the news.
http://www.securityfocus.com/columnists/357

3.Windows rootkits come of age
By Federico Biancuzzi
SecurityFocus interviews Greg Hoglund and Jamie Butler on the state of Windows
rootkits and how quickly they have evolved.
http://www.securityfocus.com/columnists/358


II.  BUGTRAQ SUMMARY
--------------------
1. Veritas Storage Exec Multiple Remote DCOM Buffer Overflow Vulnerabilities
BugTraq ID: 14801
Remote: Yes
Date Published: 2005-09-19
Relevant URL: http://www.securityfocus.com/bid/14801
Summary:
Veritas Storage Exec is susceptible to multiple remote buffer overflow
vulnerabilities. These issues are due to the lack of proper bounds checking of
user-supplied data prior to copying it to fixed size memory buffers.

These issues are located in multiple DCOM servers in the affected product. Both
stack-based, and heap-based overflows are identified. By calling associated
ActiveX controls, attackers may exploit these overflows to execute arbitrary
machine code.

These vulnerabilities may be exploited by visiting malicious Web sites, or
viewing HTML email containing malicious script code.

2. Py2Play Object Unpickling Remote Python Code Execution Vulnerability
BugTraq ID: 14864
Remote: Yes
Date Published: 2005-09-17
Relevant URL: http://www.securityfocus.com/bid/14864
Summary:
Py2Play is prone to a vulnerability that may let remote attackers execute
arbitrary Python code in the context of the program.  

This issue could be exploited by remote peers.

3. Tofu Object Unpickling Remote Python Code Execution Vulnerability
BugTraq ID: 14865
Remote: Yes
Date Published: 2005-09-17
Relevant URL: http://www.securityfocus.com/bid/14865
Summary:
Tofu is prone to a vulnerability that may let remote attackers execute arbitrary
Python code in the context of the program.  

This issue could be exploited by remote peers.

4. Apple Safari Data URI Memory Corruption Vulnerability
BugTraq ID: 14868
Remote: Yes
Date Published: 2005-09-17
Relevant URL: http://www.securityfocus.com/bid/14868
Summary:
Apple Safari is prone to a memory corruption vulnerability.  This issue is
exposed when the browser opens specific 'data:' URIs, causing the browser to
crash.

Though unconfirmed, this vulnerability could be exploitable to execute arbitrary
code.

5. CutePHP CuteNews Flood Protection Client-IP PHP Code Injection Vulnerability
BugTraq ID: 14869
Remote: Yes
Date Published: 2005-09-17
Relevant URL: http://www.securityfocus.com/bid/14869
Summary:
CutePHP CuteNews is prone to a vulnerability that may let remote attackers
inject PHP and execute PHP code.  This is due to an input validation error that
lets remote users inject PHP code into a temporary file used by the flood
protection feature of the application.

Exploitation could allow for remote execution of PHP code in the context of the
server hosting the application.

This issue is reported to affected CuteNews 1.4.0.  Other versions may also be
affected.

6. Multi-Computer Control System Remote Denial of Service Vulnerability
BugTraq ID: 14870
Remote: Yes
Date Published: 2005-09-19
Relevant URL: http://www.securityfocus.com/bid/14870
Summary:
Multi-Computer Control System is prone to a remote denial of service
vulnerability.

Successful exploitation will permit remote attackers to deny service to
legitimate users or cause the client to crash.

MCCS 1.1 is affected by this issue. Other versions may be vulnerable as well.

7. EPay Pro Index.PHP Directory Traversal Vulnerability
BugTraq ID: 14871
Remote: Yes
Date Published: 2005-09-19
Relevant URL: http://www.securityfocus.com/bid/14871
Summary:
EPay Pro is prone to a directory traversal vulnerability. This is due to a lack
of proper validation of user-supplied input.

An unauthorized user can retrieve arbitrary files by supplying directory
traversal strings '../' to the vulnerable parameter.  Exploitation of this
vulnerability could lead to a loss of confidentiality.  Information obtained may
aid in further attacks against the underlying system; other attacks are also
possible.


8. VBulletin Multiple Moderator And Administrator SQL Injection Vulnerabilities
BugTraq ID: 14872
Remote: Yes
Date Published: 2005-09-19
Relevant URL: http://www.securityfocus.com/bid/14872
Summary:
vBulletin is prone to multiple SQL injection vulnerabilities.  These issues are
due to a failure in the application to properly sanitize user-supplied input
before using it in SQL queries.

Successful exploitation could result in a compromise of the application,
disclosure or modification of data, or may permit an attacker to exploit
vulnerabilities in the underlying database implementation.

9. NooToplist Index.PHP Multiple SQL Injection Vulnerabilities
BugTraq ID: 14873
Remote: Yes
Date Published: 2005-09-19
Relevant URL: http://www.securityfocus.com/bid/14873
Summary:
NooToplist is prone to multiple SQL injection vulnerabilities.  These issues are
due to a failure in the application to properly sanitize user-supplied input.

Successful exploitation could result in a compromise of the application,
disclosure or modification of data, or may permit an attacker to exploit
vulnerabilities in the underlying database implementation.


10. VBulletin Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 14874
Remote: Yes
Date Published: 2005-09-19
Relevant URL: http://www.securityfocus.com/bid/14874
Summary:
vBulletin is prone to multiple cross-site scripting vulnerabilities.  These
issues are due to a failure in the application to properly sanitize
user-supplied input.

An attacker may leverage any of these issues to have arbitrary script code
executed in the browser of an unsuspecting user in the context of the affected
site.  This may facilitate the theft of cookie-based authentication credentials
as well as other attacks.

11. Sybari Antigen for Exchange/SMTP Attachment Rule Bypass Vulnerability
BugTraq ID: 14875
Remote: Yes
Date Published: 2005-09-19
Relevant URL: http://www.securityfocus.com/bid/14875
Summary:
Sybari Antigen for Exchange/SMTP products are vulnerable to an attachment rule
bypass vulnerability.

A successful attack may result in arbitrary attachments and unwanted content
being delivered to users.  It should be noted that this issue does not disable
or bypass antivirus scanning of attachments.

Sybari Antigen v8.0 SR2 for Exchange and Sybari Antigen v8.0 SR2 for SMTP
Gateways are reportedly vulnerable.  Other versions may be affected as well.

12. MX Shop Index.PHP Multiple SQL Injection Vulnerabilities
BugTraq ID: 14876
Remote: Yes
Date Published: 2005-09-19
Relevant URL: http://www.securityfocus.com/bid/14876
Summary:
MX Shop is prone to multiple SQL injection vulnerabilities. These are due to a
lack of proper sanitization of user-supplied input before using it in an SQL
query.

Successful exploitation could result in a compromise of the application,
disclosure or modification of data, or may permit an attacker to exploit
vulnerabilities in the underlying database implementation.


13. Cisco IOS Multiple Unspecified EIGRP Vulnerabilities
BugTraq ID: 14877
Remote: Yes
Date Published: 2005-09-19
Relevant URL: http://www.securityfocus.com/bid/14877
Summary:
Cisco IOS is susceptible to multiple unspecified EIGRP vulnerabilities.

Further details are currently unavailable. This BID will be updated as more
information is disclosed.

Due to the nature of the protocol, attackers likely require access to hosts in
networks operating with the vulnerable protocol.

14. Sun Solaris 10 Tl Driver Local Denial Of Service Vulnerability
BugTraq ID: 14878
Remote: No
Date Published: 2005-09-20
Relevant URL: http://www.securityfocus.com/bid/14878
Summary:
Sun Solaris 10 tl driver is prone to a local denial of service vulnerability.

A local attacker can exploit this issue to cause a kernel panic and deny service
to legitimate users.

It should be noted that this issue only affects Sun Solaris 10.  Prior versions
of Solaris are not affected by this vulnerability.

15. Hesk Session ID Authentication Bypass Vulnerability
BugTraq ID: 14879
Remote: Yes
Date Published: 2005-09-20
Relevant URL: http://www.securityfocus.com/bid/14879
Summary:
Hesk is prone to an authentication bypass vulnerability.

Successful exploitation will grant an attacker administrative access to the
application.  This can lead to unauthorized access of sensitive data,
modification of helpdesk data and program code, and other types of attacks.

16. Opera Web Browser Mail Client Multiple Vulnerabilities
BugTraq ID: 14880
Remote: Yes
Date Published: 2005-09-20
Relevant URL: http://www.securityfocus.com/bid/14880
Summary:
Opera Web Browser Mail client is affected by multiple vulnerabilities.  These
issues could allow remote attackers to spoof attachment names and carry out
script injection attacks.

These vulnerabilities may also be combined to carry out various attacks.

Opera Web Browser 8.02 is reportedly vulnerable, however, it is likely that
other versions are affected as well.

17. Bacula Insecure Temporary File Creation Vulnerabilities
BugTraq ID: 14881
Remote: No
Date Published: 2005-09-20
Relevant URL: http://www.securityfocus.com/bid/14881
Summary:
Bacula creates temporary files in an insecure manner.

An attacker with local access could potentially exploit this issue to view files
and obtain privileged information.  The attacker may also perform symlink
attacks, overwriting arbitrary files in the context of the affected application.

Exploitation would most likely result in loss of confidentiality and theft of
privileged information. Successful exploitation of a symlink attack may result
in sensitive configuration files being overwritten.  This may result in a denial
of service; other attacks may also be possible.


18. Digger Solutions Intranet Open Source Project-Edit.ASP SQL Injection
Vulnerability
BugTraq ID: 14882
Remote: Yes
Date Published: 2005-09-20
Relevant URL: http://www.securityfocus.com/bid/14882
Summary:
Intranet Open Source is prone to an SQL injection vulnerability.  This issue is
due to a failure in the application to properly sanitize user-supplied input
before using it in an SQL query.

Successful exploitation could result in a compromise of the application,
disclosure or modification of data, or may permit an attacker to exploit
vulnerabilities in the underlying database implementation.

19. PHP Advanced Transfer Manager Multiple Directory Traversal Vulnerabilities
BugTraq ID: 14883
Remote: Yes
Date Published: 2005-09-20
Relevant URL: http://www.securityfocus.com/bid/14883
Summary:
PHP Advanced Transfer Manager is prone to multiple directory traversal
vulnerabilities.  These issues are due to a failure in the application to
properly sanitize user-supplied input.

Exploitation of any of these vulnerabilities could lead to a loss of
confidentiality. Information obtained may aid in further attacks against the
underlying system; other attacks are also possible.

20. Opera Web Browser Unspecified Drag And Drop File Upload Vulnerability
BugTraq ID: 14884
Remote: Yes
Date Published: 2005-09-20
Relevant URL: http://www.securityfocus.com/bid/14884
Summary:
Opera Web Browser is affected by an unspecified drag and drop file upload
vulnerability.

The cause of this issue was not specified, however, it may allow remote
attackers to upload arbitrary files to a computer.  This can lead to various
attacks including arbitrary code execution in the context of the user running
the browser.

Due to lack of information, further details cannot be provided at the moment. 
This BID will be update when more information becomes available.


21. IBM Rational ClearQuest Unspecified Multiple Cross-Site Scripting
Vulnerabilities
BugTraq ID: 14885
Remote: Yes
Date Published: 2005-09-20
Relevant URL: http://www.securityfocus.com/bid/14885
Summary:
IBM Rational ClearQuest is prone to multiple unspecified cross-site scripting
vulnerabilities. This is due to a lack of proper sanitization of user-supplied
input.

An attacker may leverage these issues to have arbitrary script code executed in
the browser of an unsuspecting user in the context of the affected site.  This
may facilitate the theft of cookie-based authentication credentials as well as
other attacks.


22. HP Tru64 FTP Server Remote Denial Of Service Vulnerability
BugTraq ID: 14886
Remote: Yes
Date Published: 2005-09-20
Relevant URL: http://www.securityfocus.com/bid/14886
Summary:
A remote denial of service vulnerability has been reported in the HP Tru64 FTP
server implementation. A remote authenticated FTP user may cause the FTP server
process to become unresponsive. This may likely also be exploited over anonymous
FTP, if enabled.

The precise technical details of this vulnerability are currently unknown. This
BID will be updated as further information becomes available.

23. PHP Advanced Transfer Manager Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 14887
Remote: Yes
Date Published: 2005-09-20
Relevant URL: http://www.securityfocus.com/bid/14887
Summary:
PHP Advanced Transfer Manager is prone to multiple cross-site scripting
vulnerabilities.  These issues are due to a failure in the application to
properly sanitize user-supplied input.

An attacker may leverage any of these issues to have arbitrary script code
executed in the browser of an unsuspecting user in the context of the affected
site.  This may facilitate the theft of cookie-based authentication credentials
as well as other attacks.

24. Mozilla Browser/Firefox Arbitrary Command Execution Vulnerability
BugTraq ID: 14888
Remote: Yes
Date Published: 2005-09-20
Relevant URL: http://www.securityfocus.com/bid/14888
Summary:
Mozilla Browser/Firefox are affected by an arbitrary command execution
vulnerability. 

This attack would occur in the context of the user running the vulnerable
application and may facilitate unauthorized remote access. 

Mozilla Firefox 1.0.6 running on UNIX based platforms is reportedly vulnerable. 
Other versions and applications employing Firefox functionality may be
vulnerable as well.

Mozilla Browser 1.7.x versions and Thunderbird 1.x versions are also vulnerable
to this issue.

25. Webmin / Usermin Remote PAM Authentication Bypass Vulnerability
BugTraq ID: 14889
Remote: Yes
Date Published: 2005-09-20
Relevant URL: http://www.securityfocus.com/bid/14889
Summary:
Webmin and Usermin are susceptible to a remote PAM authentication bypass
vulnerability. This issue is present in the 'miniserv.pl' Web server that is
bundled with these applications.

Due to insufficient input validation, shell metacharacters may be employed to
bypass the authentication mechanism.

Due to the nature of these applications, full system compromise is very likely
after gaining access.

26. MasqMail Local Privilege Escalation Vulnerabilities
BugTraq ID: 14890
Remote: No
Date Published: 2005-09-21
Relevant URL: http://www.securityfocus.com/bid/14890
Summary:
MasqMail is prone to two local privilege escalation vulnerabilities.

The application is affected by a command execution vulnerability that arises due
to insufficient sanitization of user-supplied data.

The application is also affected by symbolic link attacks due to a design error.

MasqMail 0.2.18 is known to be vulnerable to these issues.  Other versions may
be affected as well.

27. Copernicus Jupiter Multiple Unspecified SQL Injection Vulnerabilities
BugTraq ID: 14891
Remote: Yes
Date Published: 2005-09-21
Relevant URL: http://www.securityfocus.com/bid/14891
Summary:
Copernicus Jupiter is prone to multiple unspecified SQL injection
vulnerabilities.  These issues are due to a failure in the application to
properly sanitize user-supplied input before using it in an SQL query.

Successful exploitation could result in a compromise of the application,
disclosure or modification of data, or may permit an attacker to exploit
vulnerabilities in the underlying database implementation. Reports indicate
authentication bypass is also possible.


28. Zengaia Unspecified SQL Injection Vulnerability
BugTraq ID: 14892
Remote: Yes
Date Published: 2005-09-21
Relevant URL: http://www.securityfocus.com/bid/14892
Summary:
Zengaia is reportedly affected by an unspecified SQL injection vulnerability.  

Successful exploitation could result in a compromise of the application,
disclosure or modification of data or may permit an attacker to exploit
vulnerabilities in the underlying database implementation. 

Zengaia versions prior to 0.2 are reported to be affected.

29. Alkalay.Net Multiple Scripts Arbitrary Remote Command Execution
Vulnerabilities
BugTraq ID: 14893
Remote: Yes
Date Published: 2005-09-21
Relevant URL: http://www.securityfocus.com/bid/14893
Summary:
Multiple Alkalay.net scripts are prone to arbitrary remote command execution
vulnerabilities.  These issues are due to a failure in the applications to
properly sanitize user-supplied input.

An attacker can prefix arbitrary commands with the pipe '|' character and have
them executed in the context of the Web server process.

30. PerlDiver Perldiver.CGI Cross-Site Scripting Vulnerability
BugTraq ID: 14894
Remote: Yes
Date Published: 2005-09-21
Relevant URL: http://www.securityfocus.com/bid/14894
Summary:
PerlDiver is prone to a cross-site scripting vulnerability.  This issue is due
to a failure in the application to properly sanitize user-supplied input.

An attacker may leverage this issue to have arbitrary script code executed in
the browser of an unsuspecting user in the context of the affected site.  This
may facilitate the theft of cookie-based authentication credentials as well as
other attacks.


31. Copernicus Europa Multiple Unspecified SQL Injection Vulnerabilities
BugTraq ID: 14895
Remote: Yes
Date Published: 2005-09-21
Relevant URL: http://www.securityfocus.com/bid/14895
Summary:
Copernicus Europa is prone to multiple unspecified SQL injection
vulnerabilities.  These issues are due to a failure in the application to
properly sanitize user-supplied input before using it in an SQL query.

Successful exploitation could result in a compromise of the application,
disclosure or modification of data, or may permit an attacker to exploit
vulnerabilities in the underlying database implementation. Reports indicate
authentication bypass is also possible.


32. Land Down Under Multiple Remote SQL Injection Vulnerabilities
BugTraq ID: 14896
Remote: Yes
Date Published: 2005-09-21
Relevant URL: http://www.securityfocus.com/bid/14896
Summary:
Land Down Under is affected by multiple SQL injection vulnerabilities.  These
issues are due to a failure of the application to properly validate
user-supplied input prior to including it in SQL queries.

An attacker may leverage these issues to reveal or corrupt arbitrary database
data.  These may facilitate unauthorized access or denial of service.

33. Simplog Multiple SQL Injection Vulnerabilities
BugTraq ID: 14897
Remote: Yes
Date Published: 2005-09-21
Relevant URL: http://www.securityfocus.com/bid/14897
Summary:
Simplog is prone to multiple SQL injection vulnerabilities.  These issues are
due to a failure in the application to properly sanitize user-supplied input 
before using it in an SQL query.

Successful exploitation could result in a compromise of the application,
disclosure or modification of data, or may permit an attacker to exploit
vulnerabilities in the underlying database implementation.


34. Mall23 AddItem.ASP SQL Injection Vulnerability
BugTraq ID: 14898
Remote: Yes
Date Published: 2005-09-21
Relevant URL: http://www.securityfocus.com/bid/14898
Summary:
Mall23 is prone to an SQL injection vulnerability. This is due to a lack of
proper sanitization of user-supplied input before using it in an SQL query.

Successful exploitation could result in a compromise of the application,
disclosure or modification of data, or may permit an attacker to exploit
vulnerabilities in the underlying database implementation.


35. Microsoft Internet Explorer for Mac OS Denial of Service Vulnerability
BugTraq ID: 14899
Remote: Yes
Date Published: 2005-09-22
Relevant URL: http://www.securityfocus.com/bid/14899
Summary:
Microsoft Internet Explorer for Mac OS is prone to a denial of service
vulnerability.  This issue occurs when Internet Explorer attempts to render a
Web page with malformed content.

This vulnerability exists in Internet Explorer 5.2.3 for Mac OS.


36. PunBB Forgotten Email Cross-Site Scripting Vulnerability
BugTraq ID: 14900
Remote: Yes
Date Published: 2005-09-22
Relevant URL: http://www.securityfocus.com/bid/14900
Summary:
PunBB is prone to a cross-site scripting vulnerability.  This issue is due to a
failure in the application to properly sanitize user-supplied input.

An attacker may leverage this issue to have arbitrary script code executed in
the browser of an unsuspecting user in the context of the affected site.  This
may facilitate the theft of cookie-based authentication credentials as well as
other attacks.


37. Lotus Domino Unspecified Cross-Site Scripting Vulnerability
BugTraq ID: 14901
Remote: Yes
Date Published: 2005-09-22
Relevant URL: http://www.securityfocus.com/bid/14901
Summary:
IBM Lotus Domino is prone to a cross-site scripting vulnerability.  This is due
to insufficient input validation of data supplied through URI parameters.

An attacker may exploit this by enticing a victim user into visiting a malicious
link that contains HTML and script code.  If the link is followed, the embedded
hostile HTML and script code may be interpreted by the victim's browser.  The
hostile code would be able to access properties of the site hosting the
vulnerable  software.

Exploitation may permit theft of cookie-based authentication credentials. Other
attacks are also possible.


38. Linux Kernel 64-Bit SMP Routing_ioctl() Local Denial of Service
Vulnerability
BugTraq ID: 14902
Remote: No
Date Published: 2005-09-22
Relevant URL: http://www.securityfocus.com/bid/14902
Summary:
A local denial of service vulnerability affects the Linux on 64 bit Symmetric
Multi-Processor (SMP) platforms.

Specifically, the vulnerability presents itself due to an omitted call to the
'sockfd_put()' function in the 32-bit compatible 'routing_ioctl()' function.

The 32-bit compatible 'tiocgdev ioctl()' function on x86-64 platforms is
affected by this issue as well. 

39. GeSHI Example.PHP Directory Traversal Vulnerability
BugTraq ID: 14903
Remote: Yes
Date Published: 2005-09-22
Relevant URL: http://www.securityfocus.com/bid/14903
Summary:
GeSHI is prone to a directory traversal vulnerability. This is due to a lack of
proper validation of user-supplied input.

Exploitation of this vulnerability could lead to a loss of confidentiality. 
Information obtained may aid in further attacks against the underlying system;
other attacks are also possible.


40. PunBB Language Selection File Include Vulnerability
BugTraq ID: 14904
Remote: Yes
Date Published: 2005-09-22
Relevant URL: http://www.securityfocus.com/bid/14904
Summary:
PunBB is affected by a file include vulnerability.  This issue is due to a
failure in the application to properly sanitize user-supplied input.

Specific details regarding this vulnerability are unavailable.  However, it is
conjectured an attacker may leverage this issue to execute arbitrary server-side
script code on an affected computer with the privileges of the Web server
process. This may facilitate unauthorized access; other attacks may also be
possible.


41. Eric3 Unspecified Security Vulnerability
BugTraq ID: 14905
Remote: No
Date Published: 2005-09-22
Relevant URL: http://www.securityfocus.com/bid/14905
Summary:
eric3 is affected by an unspecified security vulnerability.

Very little information is available on this issue.  This BID will be updated as
further information becomes available.

42. Kerio ServerFirewall Unspecified Denial of Service Vulnerability
BugTraq ID: 14906
Remote: Unknown
Date Published: 2005-09-22
Relevant URL: http://www.securityfocus.com/bid/14906
Summary:
Kerio ServerFirewall is prone to an unspecified vulnerability which may result
in a denial of service.


43. HylaFAX Insecure Temporary File Creation Vulnerability
BugTraq ID: 14907
Remote: No
Date Published: 2005-09-22
Relevant URL: http://www.securityfocus.com/bid/14907
Summary:
HylaFAX creates temporary files in an insecure manner. This may allow a local
attacker to perform symbolic link attacks.

Successful exploitation may result in sensitive data or configuration files
being overwritten.  This may result in a denial of service; other attacks may
also be possible.


44. My Little Forum Search.PHP SQL Injection Vulnerability
BugTraq ID: 14908
Remote: Yes
Date Published: 2005-09-22
Relevant URL: http://www.securityfocus.com/bid/14908
Summary:
my little forum is prone to an SQL injection vulnerability.  This issue is due
to a failure in the application to properly sanitize user-supplied input before
using it in an SQL query.

Successful exploitation could result in a compromise of the application,
disclosure or modification of data, or may permit an attacker to exploit
vulnerabilities in the underlying database implementation.

45. Yukihiro Matsumoto Ruby SAFE Level Restriction Bypass Vulnerability
BugTraq ID: 14909
Remote: Yes
Date Published: 2005-09-22
Relevant URL: http://www.securityfocus.com/bid/14909
Summary:
Ruby is susceptible to a SAFE level restriction bypass vulnerability. This issue
is due to a flaw in the logic that implements the SAFE level checks.

This issue allows attackers to bypass the expected SAFE level restrictions,
possibly allowing them to execute unauthorized script code in the context of
affected applications.

The specific impact of this issue depends on the implementation of scripts that
utilize SAFE level security checks.

Ruby versions prior to 1.8.3 are vulnerable to this issue.

46. Movable Type Remote File Include Vulnerability
BugTraq ID: 14910
Remote: Yes
Date Published: 2005-09-22
Relevant URL: http://www.securityfocus.com/bid/14910
Summary:
Movable Type is prone to a remote file include vulnerability. This is due to a
lack of proper sanitization of user-supplied input.

An attacker may leverage this issue to execute arbitrary server-side script code
on an affected computer with the privileges of the Web server process. This may
facilitate unauthorized access.


47. Movable Type Username Information Disclosure Vulnerability
BugTraq ID: 14911
Remote: Yes
Date Published: 2005-09-22
Relevant URL: http://www.securityfocus.com/bid/14911
Summary:
Movable Type is prone to an information disclosure vulnerability. The
application will respond with different messages with regards to the validity of
an entered username.

This allows for attackers to obtain a list of valid application users, which
could aid in brute force attacks.

48. Movable Type  Multiple Unspecified HTML Injection Vulnerabilities
BugTraq ID: 14912
Remote: Yes
Date Published: 2005-09-22
Relevant URL: http://www.securityfocus.com/bid/14912
Summary:
Movable Type is prone to multiple unspecified HTML injection vulnerabilities.
These are due to a lack of proper sanitization of user-supplied input.

Attacker-supplied HTML and script code would be executed in the context of the
affected Web site, potentially allowing for theft of cookie-based authentication
credentials. An attacker could also exploit this issue to control how the site
is rendered to the user; other attacks are also possible.


49. Apple Mac OS X Security Update 2005-008 Multiple Vulnerabilities
BugTraq ID: 14914
Remote: Yes
Date Published: 2005-09-22
Relevant URL: http://www.securityfocus.com/bid/14914
Summary:
Apple has released Security Update 2005-008 to address multiple Mac OS X local
and remote vulnerabilities.

The following vulnerabilities were addressed by the security update:

An arbitrary code execution vulnerability in ImageIO.

Two vulnerabilities in Mail resulting in information disclosure.

A local privilege escalation vulnerability in malloc. This issue has been split
into BID 14939.

An arbitrary code execution vulnerability in QuickDraw Manager.

A privilege escalation vulnerability in QuickTime for Java.

An arbitrary code execution vulnerability in Ruby.

A cross-site scripting vulnerability in Safari.

An unauthorized access vulnerability in SecurityAgent.

A privilege escalation vulnerability in securityd.


50. Sun Solaris UFS Local Denial of Service Vulnerability
BugTraq ID: 14915
Remote: No
Date Published: 2005-09-23
Relevant URL: http://www.securityfocus.com/bid/14915
Summary:
Sun Solaris UFS is prone to a local denial of service vulnerability.  This
occurs when UFS logging is enabled.

Solaris 8 and 9 are vulnerable to this issue.


51. Mozilla Browser/Firefox XBM Image Processing Heap Overflow Vulnerability
BugTraq ID: 14916
Remote: Yes
Date Published: 2005-09-23
Relevant URL: http://www.securityfocus.com/bid/14916
Summary:
Mozilla and Firefox browsers are prone to a heap overflow when processing
malformed XBM images.  Successful exploitation can result in arbitrary code
execution.


52. Mozilla Browser/Firefox JavaScript Engine Integer Overflow Vulnerability
BugTraq ID: 14917
Remote: Yes
Date Published: 2005-09-23
Relevant URL: http://www.securityfocus.com/bid/14917
Summary:
Mozilla Browser/Firefox are affected by an integer overflow vulnerability in
their JavaScript engine.

This issue may be exploited by a remote attacker who entices a user to visit a
malicious site.

A successful attack may facilitate unauthorized remote access to a vulnerable
computer.

Netscape Browser 8.0.3.3, Netscape 7.2, and K-Meleon 0.9 are vulnerable to this
issue as well.


53. Mozilla Browser/Firefox Zero-Width Non-Joiner Stack Corruption Vulnerability
BugTraq ID: 14918
Remote: Yes
Date Published: 2005-09-23
Relevant URL: http://www.securityfocus.com/bid/14918
Summary:
Mozilla and Firefox are prone to a stack corruption vulnerability.  Successful
exploitation could potentially result in arbitrary code execution.


54. Mozilla Browser/Firefox Chrome Window Spoofing Vulnerability
BugTraq ID: 14919
Remote: Yes
Date Published: 2005-09-23
Relevant URL: http://www.securityfocus.com/bid/14919
Summary:
Mozilla and Firefox browsers are prone to a window spoofing vulnerability.

An attacker can exploit this vulnerability to enhance phishing-style attacks.

55. Mozilla Browser/Firefox Chrome Page Loading Restriction Bypass Privilege
Escalation Weakness
BugTraq ID: 14920
Remote: Yes
Date Published: 2005-09-23
Relevant URL: http://www.securityfocus.com/bid/14920
Summary:
Mozilla Browser/Firefox are prone to a potential arbitrary code execution
weakness. 

Specifically, an attacker can load privileged 'chrome' pages from an
unprivileged 'about:' page.  This issue does not pose a threat unless it is
combined with a same-origin violation issue.

If successfully exploited, this issue may allow a remote attacker to execute
arbitrary code and gain unauthorized remote access to a computer.  This would
occur in the context of the user running the browser. 

56. Mozilla Browser/Firefox DOM Objects Spoofing Vulnerability
BugTraq ID: 14921
Remote: Yes
Date Published: 2005-09-23
Relevant URL: http://www.securityfocus.com/bid/14921
Summary:
Mozilla and Firefox are prone to a DOM object spoofing vulnerability. 
Successful exploitation could allow a remote attacker to execute arbitrary
script code with elevated privileges.

57. PowerArchiver Long Filename Buffer Overflow Vulnerability
BugTraq ID: 14922
Remote: Yes
Date Published: 2005-09-23
Relevant URL: http://www.securityfocus.com/bid/14922
Summary:
A remote buffer overflow vulnerability exists in the PowerArchiver application
that could result in arbitrary code execution. This issue arises because the
application fails to perform boundary checks prior to copying user-supplied data
into sensitive process buffers.

An attacker may exploit this vulnerability to gain unauthorized remote access in
the context of SYSTEM. Further attacks are also possible.

58. Mozilla Browser/Firefox Arbitrary HTTP Request Injection Vulnerability
BugTraq ID: 14923
Remote: Yes
Date Published: 2005-09-23
Relevant URL: http://www.securityfocus.com/bid/14923
Summary:
Mozilla and Firefox browsers are prone to a vulnerability that permits the
injection of arbitrary HTTP requests.  This issue is due to a failure in the
application to properly sanitize user-supplied input.

This issue can be used to exploit server or proxy flaws from the user's machine,
or to fool a server or proxy into thinking a single request is a stream of
separate requests.

59. Multiple Browser Proxy Auto-Config Script Handling Remote Denial of Service
Vulnerability
BugTraq ID: 14924
Remote: Yes
Date Published: 2005-09-23
Relevant URL: http://www.securityfocus.com/bid/14924
Summary:
Multiple browsers are affected by a remote denial of service vulnerability when
handling proxy auto-config scripts.

This can cause a crash in the instance of the browser.

Firefox 1.0.6 and prior versions, Netscape Browser 8.0.3.3, and Mozilla 1.7.11
and prior versions are affected by this issue.

60. 7-Zip ARJ File Buffer Overflow Vulnerability
BugTraq ID: 14925
Remote: Yes
Date Published: 2005-09-23
Relevant URL: http://www.securityfocus.com/bid/14925
Summary:
7-Zip is prone to a stack-based buffer overflow vulnerability.

Successful exploitation of this vulnerability will allow arbitrary code
execution.
Other attacks are also possible.

The vulnerability has been confirmed in version 3.13, 4.23, and 4.26 BETA. Other
versions may also be affected.

61. PHPMyFAQ Password.PHP SQL Injection Vulnerabililty
BugTraq ID: 14927
Remote: Yes
Date Published: 2005-09-23
Relevant URL: http://www.securityfocus.com/bid/14927
Summary:
phpMyFAQ is affected by an SQL injection vulnerability. This issue is due to the
application failing to properly sanitize user-supplied input before using it in
a SQL query.

This vulnerability could permit remote attackers to pass malicious input to
database queries, resulting in modification of query logic or other attacks.



phpMyFAQ version 1.5.1 is reported prone to this vulnerability.


62. PHPMyFAQ Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 14928
Remote: Yes
Date Published: 2005-09-23
Relevant URL: http://www.securityfocus.com/bid/14928
Summary:
PHPMyFAQ is prone to multiple cross-site scripting vulnerabilities. 

These issues are due to a failure in the application to properly sanitize
user-supplied input.

An attacker may leverage these issues to have arbitrary script code executed in
the browser of an unsuspecting user in the context of the affected site. 
Exploitation of these vulnerabilities may facilitate the theft of cookie-based
authentication credentials as well as other attacks.


63. PHPMyFAQ Local File Include Vulnerability
BugTraq ID: 14929
Remote: Yes
Date Published: 2005-09-23
Relevant URL: http://www.securityfocus.com/bid/14929
Summary:
PHPMyFAQ is prone to a local file include vulnerability.  This issue is due to a
failure in the application to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary server-side script code
that resides on an affected computer with the privileges of the Web server
process. This may potentially facilitate unauthorized access.

It should be noted that this issue may also be leveraged to read arbitrary files
on an affected computer with the privileges of the Web server.


64. PHPMyFAQ Logs Unauthorized Access Vulnerability
BugTraq ID: 14930
Remote: Yes
Date Published: 2005-09-23
Relevant URL: http://www.securityfocus.com/bid/14930
Summary:
PHPMyFAQ is prone to an unauthorized access vulnerability. A remote attacker can
exploit this vulnerability to view the application log file.  

This vulnerability could lead to the disclosure of various valid usernames,
which could aid in brute force attacks; information obtained may aid an attacker
in further attacks.


65. Interchange Multiple Vulnerabilities
BugTraq ID: 14931
Remote: Yes
Date Published: 2005-09-24
Relevant URL: http://www.securityfocus.com/bid/14931
Summary:
Interchange is reported prone to multiple vulnerabilities.

The following specific issues were identified:

Interchange 5.2.0 is affected by an SQL injection vulnerability.  Successful
exploitation could result in a compromise of the application, disclosure or
modification of data, or may permit an attacker to exploit vulnerabilities in
the underlying database implementation. 

Interchange 5.0.1 is prone to an Interchange Tag Language (ITL) injection
vulnerability.  This issue may facilitate session hijacking or manipulation of
site content.

66. AlstraSoft E-Friends Remote File Include Vulnerability
BugTraq ID: 14932
Remote: Yes
Date Published: 2005-09-24
Relevant URL: http://www.securityfocus.com/bid/14932
Summary:
AlstraSoft E-Friends is affected by a remote file include vulnerability.

An attacker may leverage this issue to execute arbitrary server-side script code
on an affected computer with the privileges of the Web server process. This may
facilitate unauthorized access. 

AlstraSoft E-Friends 4.0 is reported to be affected.  Other versions may be
vulnerable as well.

67. UNU Networks MailGust User_email.PHP SQL Injection Vulnerability
BugTraq ID: 14933
Remote: Yes
Date Published: 2005-09-24
Relevant URL: http://www.securityfocus.com/bid/14933
Summary:
MailGust is prone to an SQL injection vulnerability.

This issue is due to the application failing to properly sanitize user-supplied
input to the '/gorum/user_email.php' script before using it in a SQL query. 

Successful exploitation could result in a compromise of the application,
disclosure or modification of data, or may permit an attacker to exploit
vulnerabilities in the underlying database implementation.

MailGust 1.9 is reported prone to this vulnerability. 

III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Digital plague hits online game World of Warcraft
By: Robert Lemos
A game effect with limited self-propagation gets spread further by malicious
gamers and underscores the danger of giving programs the ability to infect.
http://www.securityfocus.com/news/11330

2. Mozilla's popularity stressing its security image
By: Robert Lemos
Recent vulnerability disclosures and a biannual report noting increased flaw
reports raise questions about the open-source Firefox browser's security.
http://www.securityfocus.com/news/11327

3. Key clicks betray passwords, typed text
By: Robert Lemos
University researchers find that a ten-minute recording of a person's typing  is
enough to recover more than 90 percent of the words entered on a computer
keyboard.
http://www.securityfocus.com/news/11318

4. Microsoft's delay to patch fuels concerns
By: Robert Lemos
The software giant decides to cancel a security fix after problems are found,
causing a row in the security community over the value of regularly scheduled
patches.
http://www.securityfocus.com/news/11313

5. Password overload plagues US.biz
By: John Leyden
Managing multiple passwords is driving end-users up the wall and leading to
rising help desk costs due to frequent password reset calls.
http://www.securityfocus.com/news/11331

6. Tiscali in UK consumer data security breach
By: John Leyden
Tiscali has apologised after a data security breach left the name, address,
contact information and product order of random customers displayed to other
subscribers of the ISP onFriday.
http://www.securityfocus.com/news/11329

7. PC-hopping mobile malware sighted
By: John Leyden
Virus writers have created a Symbian Trojan which also attempts to infect a
user's Windows PC if he tries to read a phone memory card on his computer.
http://www.securityfocus.com/news/11328

8. Airport PCs stuffed with meaty goodness
By: John Leyden
Businesspeople are treating public access terminals in airport departure lounges
as their home PCs and in the process exposing confidential data and email
messages to all and sundry.
http://www.securityfocus.com/news/11324

IV.  SECURITY JOBS LIST SUMMARY
-------------------------------
1. [SJ-JOB] Security Engineer, Washington
http://www.securityfocus.com/archive/77/411832

2. [SJ-JOB] Information Assurance Analyst, Washington
http://www.securityfocus.com/archive/77/411833

3. [SJ-JOB] Sr. Security Engineer, Washington, D.C.
http://www.securityfocus.com/archive/77/411831

4. [SJ-JOB] Information Assurance Analyst, Washington
http://www.securityfocus.com/archive/77/411835

5. [SJ-JOB] Security Auditor, Northern NJ
http://www.securityfocus.com/archive/77/411836

6. [SJ-JOB] Application Security Architect, Chicago
http://www.securityfocus.com/archive/77/411802

7. [SJ-JOB] Sales Representative, San Diego
http://www.securityfocus.com/archive/77/411806

8. [SJ-JOB] Information Assurance Engineer, Washington
http://www.securityfocus.com/archive/77/411798

9. [SJ-JOB] Information Assurance Analyst, Washington, DC Metro
http://www.securityfocus.com/archive/77/411804

10. [SJ-JOB] Sales Representative, Cleveland or Columbus
http://www.securityfocus.com/archive/77/411797

11. [SJ-JOB] Certification & Accreditation Engineer, Washington
http://www.securityfocus.com/archive/77/411799

12. [SJ-JOB] Certification & Accreditation Engineer, Crystal City
http://www.securityfocus.com/archive/77/411820

13. [SJ-JOB] Security Consultant, Columbia
http://www.securityfocus.com/archive/77/411732

14. [SJ-JOB] CHECK Team Leader, Scotland
http://www.securityfocus.com/archive/77/411734

15. [SJ-JOB] Security Architect, AnyCity
http://www.securityfocus.com/archive/77/411731

16. [SJ-JOB] Security Engineer, Washington DC
http://www.securityfocus.com/archive/77/411735

17. [SJ-JOB] Sr. Security Engineer, San Diego
http://www.securityfocus.com/archive/77/411733

18. [SJ-JOB] Security Engineer, Manchester
http://www.securityfocus.com/archive/77/411710

19. [SJ-JOB] Technical Support Engineer, Seattle
http://www.securityfocus.com/archive/77/411707

20. [SJ-JOB] Security System Administrator, Philadelphia
http://www.securityfocus.com/archive/77/411708

21. [SJ-JOB] Sr. Security Engineer, San Mateo
http://www.securityfocus.com/archive/77/411709

22. [SJ-JOB] Security System Administrator, Hershey
http://www.securityfocus.com/archive/77/411705

23. [SJ-JOB] Security Engineer, Buckinghamshire
http://www.securityfocus.com/archive/77/411677

24. [SJ-JOB] Sales Engineer, Little Rock
http://www.securityfocus.com/archive/77/411679

25. [SJ-JOB] Sr. Security Analyst, Washington DC (Downtown)
http://www.securityfocus.com/archive/77/411670

26. [SJ-JOB] Security Consultant, Bethesda + DC Metro
http://www.securityfocus.com/archive/77/411671

27. [SJ-JOB] Sales Representative, Boston
http://www.securityfocus.com/archive/77/411676

28. [SJ-JOB] Director, Information Security, Irving
http://www.securityfocus.com/archive/77/411451

29. [SJ-JOB] Security Engineer, Oklahoma City
http://www.securityfocus.com/archive/77/411450

30. [SJ-JOB] Security Engineer, European Assignment
http://www.securityfocus.com/archive/77/411453

31. [SJ-JOB] Developer, Oklahoma City
http://www.securityfocus.com/archive/77/411454

32. [SJ-JOB] Security Engineer, Westboro
http://www.securityfocus.com/archive/77/411447

33. [SJ-JOB] Manager, Information Security, Lehigh Valley
http://www.securityfocus.com/archive/77/411448

34. [SJ-JOB] Security Engineer, Oklahoma City
http://www.securityfocus.com/archive/77/411449

35. [SJ-JOB] Account Manager, Atlanta
http://www.securityfocus.com/archive/77/411434

36. [SJ-JOB] Sales Representative, Detroit
http://www.securityfocus.com/archive/77/411431

37. [SJ-JOB] Sr. Security Engineer, San Carlos
http://www.securityfocus.com/archive/77/411433

38. [SJ-JOB] Evangelist, San Francisco Bay Area
http://www.securityfocus.com/archive/77/411436

39. [SJ-JOB] Security Engineer, St. Louis
http://www.securityfocus.com/archive/77/411430

40. [SJ-JOB] Security Consultant, Calgary
http://www.securityfocus.com/archive/77/411432

41. [SJ-JOB] Security Consultant, Stockholm
http://www.securityfocus.com/archive/77/411435

42. [SJ-JOB] Application Security Architect, Chicago
http://www.securityfocus.com/archive/77/411288

43. [SJ-JOB] Sr. Security Engineer, Phoenix
http://www.securityfocus.com/archive/77/411290

44. [SJ-JOB] Security Engineer, London
http://www.securityfocus.com/archive/77/411287

45. [SJ-JOB] Security Engineer, Allentown
http://www.securityfocus.com/archive/77/411289

V.   INCIDENTS LIST SUMMARY
---------------------------
VI.  VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
1. PacSec05
http://www.securityfocus.com/archive/82/411770

2. Canonicalization and apache/PHP-attacks
http://www.securityfocus.com/archive/82/411691

3. looking for vuln researchers who worked on routers
http://www.securityfocus.com/archive/82/411643

4. PocketPC exploitation
http://www.securityfocus.com/archive/82/411322

VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Active Directory and IIS on production servers, and clustering
http://www.securityfocus.com/archive/88/411805

2. ElseNot Project
http://www.securityfocus.com/archive/88/411721

3. Group Policy Question on firewalls
http://www.securityfocus.com/archive/88/411323

VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
1. Securing Fedora Core 4
http://www.securityfocus.com/archive/91/411346

X.  NEW MAILING LISTS
---------------------
1. BS 7799/ISO 17799
The BS 7799 Mailing List is an open information forum for discussing topics
relevant to this security standard. Topics include discussion around the roadmap
for certification, controls related by the standard, interpretation of controls,
compliance requirements and maintenance of certification.
http://www.securityfocus.com/archive/134
[ terug ]