Home
Systeembeheer
Consultancy
Connectivity
Training
Development

Klanten

Inloggen

Resources

Sans artikelen
Security artikelen

Software

Linux
Windows









[ terug ]
SecurityFocus Newsletter #318
----------------------------------------

Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!

http://www.securityfocus.com/sponsor/Symantec_sf-news_041130

------------------------------------------------------------------
I.    FRONT AND CENTER
       1. Can writing software be a crime?
       2. Reducing browser privileges
       3. Security-related innovation in Unix
II.   BUGTRAQ SUMMARY
       1. Interchange Multiple Vulnerabilities
       2. AlstraSoft E-Friends Remote File Include Vulnerability
       3. UNU Networks MailGust User_email.PHP SQL Injection Vulnerability
       4. Wzdftpd SITE Command Arbitrary Command Execution Vulnerability
       5. SEO-Board Admin.PHP SQL Injection Vulnerability
       6. CMS Made Simple Index.PHP Cross-Site Scripting Vulnerability
       7. Sony PSP Photo Viewer TIFF Image Handling Remote Buffer Overflow
Vulnerability
       8. Riverdark RSS Syndicator Module RSS.PHP Multiple Cross-Site Scripting
Vulnerabilities
       9. MultiTheftAuto Multiple Remote Vulnerabilities
       10. RSyslog Syslog Message SQL Injection Vulnerability
       11. Qpopper Local Arbitrary File Modification Vulnerability
       12. RealNetworks RealPlayer And Helix Player Format String Vulnerability 
       13. FL Studio FLP File Processing Heap Overflow Vulnerability 
       14. SecureW2 Insecure Pre-Master Secret Generation Vulnerability
       15. Nokia 3210 And 7610 Remote OBEX Denial Of Service Vulnerability
       16. Sun Solaris Xsun and Xprt Local Privilege Escalation Vulnerability
       17. Astaro Security Linux PPTP Server Unspecified Remote Denial of
Service Vulnerability
       18. LucidCMS Index.PHP Cross-Site Scripting Vulnerability
       19. Novell GroupWise Client Local Integer Overflow Vulnerability
       20. CJ LinkOut Top.PHP Cross-Site Scripting Vulnerability
       21. CJ Tag Board Multiple Cross-Site Scripting Vulnerabilities
       22. Linux Kernel USB Subsystem Local Denial Of Service Vulnerability
       23. CJ Web2Mail Multiple Cross-Site Scripting Vulnerabilities
       24. PHP Open_BaseDir Security Restriction Bypass Vulnerability
       25. PostNuke PN_BBCode Local File Include Vulnerability
       26. IBM AIX Getconf Local Buffer Overflow Vulnerability
       27. TWiki TWikiUsers INCLUDE Function Remote Arbitrary Command Execution
Vulnerability
       28. Polipo Off-By-One Buffer Overflow Vulnerability
       29. CubeCart Multiple Cross-Site Scripting Vulnerabilities
       30. PHP-Fusion Messages.PHP SQL Injection Vulnerability
       31. Zone Labs ZoneAlarm Pro DDE-IPC Advanced Program Control Bypass
Weakness
       32. BitDefender Antivirus Logging Function Format String Vulnerability
       33. Microsoft Internet Explorer XmlHttpRequest Parameter Validation
Weakness
       34. Polipo Web Root Restriction Bypass Vulnerability
       35. AbiWord RTF File Processing Buffer Overflow Vulnerability 
       36. SBLim-SFCB Malformed Header Denial Of Service Vulnerability
       37. SquirrelMail Address Add Plugin Add.PHP Cross-Site Scripting
Vulnerability
       38. NateOn Messenger Arbitrary File Download And Buffer Overflow
Vulnerabilities
       39. Macromedia Breeze Plaintext Password Storage Weakness
       40. lucidCMS Login SQL Injection Vulnerability
       41. BackupNinja Insecure Temporary File Creation Vulnerability
       42. NTLM Authorization Proxy Server Insecure Configuration File
Permissions Vulnerability
       43. IceWarp Multiple Cross-Site Scripting Vulnerabilities
       44. 4D WebStar Remote IMAP Denial of Service Vulnerability
       45. ApacheTop Insecure Temporary File Creation Vulnerability
       46. Blender Command Line Processing Buffer Overflow Vulnerability 
       47. EasyGuppy Printfaq.PHP Directory Traversal Vulnerability
       48. MediaWiki Multiple Cross-Site Scripting Vulnerabilities
       49. Merak Mail Server Arbitrary File Deletion Vulnerability
       50. Citrix MetaFrame Presentation Server Security Policy Bypass
Vulnerability
       51. Virtools Web Player Buffer Overflow Vulnerability
       52. Virtools Web Player Directory Traversal Vulnerability
       53. PHP-Fusion Multiple SQL Injection Vulnerabilities
       54. ProZilla Buffer Overflow Vulnerability
       55. GNU CFEngine Insecure Temporary File Creation Vulnerability
       56. Bugzilla config.cgi Information Disclosure Vulnerability
       57. Bugzilla User-Matching Information Disclosure Vulnerability
       58. Procom Technology NetFORCE 800 Information Disclosure Vulnerability
III.  SECURITYFOCUS NEWS
       1. E-voting experts call for revised security guidelines
       2. Digital plague hits online game World of Warcraft
       3. Mozilla's popularity stressing its security image
       4. Key clicks betray passwords, typed text
       5. Political hackers deface Novell SUSE sites
       6. Backdoor Trojan targets Microsoft Access
       7. NetSky-P tops moribund malware chart
       8. Warning over unattended PC peril
IV.   SECURITY JOBS LIST SUMMARY
       1. [SJ-JOB] Security Engineer, Dulles
       2. [SJ-JOB] Security Engineer, Arlington
       3. [SJ-JOB] Sales Representative, Kansas City or St. Louis
       4. [SJ-JOB] Quality Assurance, Redwood City
       5. [SJ-JOB] Auditor, New York
       6. [SJ-JOB] Sales Representative, Novi
       7. [SJ-JOB] Security Consultant, Riyadh
       8. [SJ-JOB] Auditor, Manchester, Birmingham or Leeds
       9. [SJ-JOB] Management, Toronto
       10. [SJ-JOB] Security Engineer, Stockholm
       11. [SJ-JOB] Information Assurance Analyst, Tyson's Corner
       12. [SJ-JOB] Management, Redmond
       13. [SJ-JOB] Security Consultant, New York City
       14. [SJ-JOB] Security Consultant, Houston
       15. [SJ-JOB] Security Consultant, Houston
       16. [SJ-JOB] Security Consultant, New York City
       17. [SJ-JOB] Security Director, Tuscon
       18. [SJ-JOB] Manager, Information Security, Ottawa
       19. [SJ-JOB] Director, Computer Security, Richland
       20. [SJ-JOB] Forensics Engineer, Washington D.C
       21. [SJ-JOB] Security Consultant, Richmond
       22. [SJ-JOB] Sales Representative, Houston or Dallas
       23. [SJ-JOB] Application Security Engineer, SANTA ANA
       24. [SJ-JOB] Sales Representative, San Diego
       25. [SJ-JOB] Technical Writer, Redwood City
       26. [SJ-JOB] Security Architect, Atlanta
       27. [SJ-JOB] VP / Dir / Mgr engineering, Reston
       28. [SJ-JOB] Security Engineer, Berlin
       29. [SJ-JOB] Incident Handler, Crystal City
       30. [SJ-JOB] Incident Handler, Washington
       31. [SJ-JOB] Sales Representative, Minneapolis / St. Paul
       32. [SJ-JOB] Security System Administrator, Ashburn
       33. [SJ-JOB] Security Engineer, Crystal City
       34. [SJ-JOB] Security System Administrator, Washington
       35. [SJ-JOB] Technology Risk Consultant, London
       36. [SJ-JOB] Management, Kirkland
       37. [SJ-JOB] Technology Risk Consultant, London
       38. [SJ-JOB] Jr. Security Analyst, Washington
       39. [SJ-JOB] Sr. Security Engineer, Vienna
       40. [SJ-JOB] Technical Support Engineer, Redwood Shores
       41. [SJ-JOB] Security Engineer, Lakewood
       42. [SJ-JOB] Customer Support, Redwood Shores
       43. [SJ-JOB] Sales Engineer, Chicago
       44. [SJ-JOB] Security Engineer, Redwood Shores
       45. [SJ-JOB] Sales Representative, Cupertino
       46. [SJ-JOB] Sales Representative, Sunnyvale
       47. [SJ-JOB] Sales Representative, New York City metro
       48. [SJ-JOB] Certification & Accreditation Engineer, Washington
       49. [SJ-JOB] Security Researcher, Reston
       50. [SJ-JOB] Jr. Security Analyst, Fort Lauderdale
       51. [SJ-JOB] Sr. Security Analyst, Dearborn
V.    INCIDENTS LIST SUMMARY
VI.   VULN-DEV RESEARCH LIST SUMMARY
       1. Citrix Metaframe Presentation Server  bypassing policies
       2. Upcoming Black Hat events announcement
VII.  MICROSOFT FOCUS LIST SUMMARY
       1. Remote.exe from "Support tools" on Win 2003 CD
       2. windows secure copy
       3. SecurityFocus Microsoft Newsletter #258
       4. Office 2003 SP2?
VIII. SUN FOCUS LIST SUMMARY
       1. SPARC bootable CDs??
IX.   LINUX FOCUS LIST SUMMARY
       1. routing_based_on_port/services
       2. Group permissions changed
X.    UNSUBSCRIBE INSTRUCTIONS
XI.   SPONSOR INFORMATION

I.   FRONT AND CENTER
---------------------
1. Can writing software be a crime?
By Mark Rasch
Can writing software be a crime? A recent indictment in San Diego, California
indicates that the answer to that question may be yes.
http://www.securityfocus.com/columnists/360

2. Reducing browser privileges
By Mark Squire
Security companies and researchers have made careers out of identifying the
latest bugs in Internet Explorer.
http://www.securityfocus.com/infocus/1848

3. Security-related innovation in Unix
By Jason Miller
Recently, a good friend of mine forwarded me an article from kerneltrap.org,
which talked about a new heap implementation that's being introduced into an
upcoming release of the OpenBSD operating system.
http://www.securityfocus.com/columnists/359


II.  BUGTRAQ SUMMARY
--------------------
1. Interchange Multiple Vulnerabilities
BugTraq ID: 14931
Remote: Yes
Date Published: 2005-09-24
Relevant URL: http://www.securityfocus.com/bid/14931
Summary:
Interchange is reported prone to multiple vulnerabilities.

The following specific issues were identified:

Interchange 5.2.0 is affected by an SQL injection vulnerability.  Successful
exploitation could result in a compromise of the application, disclosure or
modification of data, or may permit an attacker to exploit vulnerabilities in
the underlying database implementation. 

Interchange 5.0.1 is prone to an Interchange Tag Language (ITL) injection
vulnerability.  This issue may facilitate session hijacking or manipulation of
site content.

2. AlstraSoft E-Friends Remote File Include Vulnerability
BugTraq ID: 14932
Remote: Yes
Date Published: 2005-09-24
Relevant URL: http://www.securityfocus.com/bid/14932
Summary:
AlstraSoft E-Friends is affected by a remote file include vulnerability.

An attacker may leverage this issue to execute arbitrary server-side script code
on an affected computer with the privileges of the Web server process. This may
facilitate unauthorized access. 

AlstraSoft E-Friends 4.0 is reported to be affected.  Other versions may be
vulnerable as well.

3. UNU Networks MailGust User_email.PHP SQL Injection Vulnerability
BugTraq ID: 14933
Remote: Yes
Date Published: 2005-09-24
Relevant URL: http://www.securityfocus.com/bid/14933
Summary:
MailGust is prone to an SQL injection vulnerability.

This issue is due to the application failing to properly sanitize user-supplied
input to the '/gorum/user_email.php' script before using it in a SQL query. 

Successful exploitation could result in a compromise of the application,
disclosure or modification of data, or may permit an attacker to exploit
vulnerabilities in the underlying database implementation.

MailGust 1.9 is reported prone to this vulnerability. 

4. Wzdftpd SITE Command Arbitrary Command Execution Vulnerability
BugTraq ID: 14935
Remote: Yes
Date Published: 2005-09-24
Relevant URL: http://www.securityfocus.com/bid/14935
Summary:
wzdftpd is affected by a remote arbitrary command execution vulnerability.

This issue can allow an attacker to execute commands in the context of an
affected server and potentially gain unauthorized access. 

wzdftpd 0.5.4 is reported to be vulnerable.  Other versions may be affected as
well.


5. SEO-Board Admin.PHP SQL Injection Vulnerability
BugTraq ID: 14936
Remote: Yes
Date Published: 2005-09-26
Relevant URL: http://www.securityfocus.com/bid/14936
Summary:
SEO-Board is prone to an SQL injection vulnerability.  This issue is due to a
failure in the application to properly sanitize user-supplied input before using
it in an SQL query.

Successful exploitation could result in a compromise of the application,
disclosure or modification of data, or may permit an attacker to exploit
vulnerabilities in the underlying database implementation.

6. CMS Made Simple Index.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 14937
Remote: Yes
Date Published: 2005-09-26
Relevant URL: http://www.securityfocus.com/bid/14937
Summary:
CMS Made Simple is prone to a cross-site scripting vulnerability.  This issue is
due to a failure in the application to properly sanitize user-supplied input.

An attacker may leverage this issue to have arbitrary script code executed in
the browser of an unsuspecting user in the context of the affected site.  This
may facilitate the theft of cookie-based authentication credentials as well as
other attacks.

This issue is reported to affect CMS Made Simple version 0.10; other versions
may also be vulnerable.

7. Sony PSP Photo Viewer TIFF Image Handling Remote Buffer Overflow
Vulnerability
BugTraq ID: 14938
Remote: Yes
Date Published: 2005-09-26
Relevant URL: http://www.securityfocus.com/bid/14938
Summary:
Sony PSP is prone to a buffer overflow when handling malformed TIFF files.

Successful exploitation of this vulnerability results in a denial of service
condition.  Currently we are not aware of the possibility of arbitrary code
execution.

Sony PSP running firmware 2.0 is reported to be vulnerable.

8. Riverdark RSS Syndicator Module RSS.PHP Multiple Cross-Site Scripting
Vulnerabilities
BugTraq ID: 14940
Remote: Yes
Date Published: 2005-09-26
Relevant URL: http://www.securityfocus.com/bid/14940
Summary:
Riverdark RSS Syndicator Module is prone to multiple cross-site scripting
vulnerabilities.  These issues are due to a failure in the application to
properly sanitize user-supplied input.

An attacker may leverage these issues to have arbitrary script code executed in
the browser of an unsuspecting user in the context of the affected site.  These
may facilitate the theft of cookie-based authentication credentials as well as
other attacks.


9. MultiTheftAuto Multiple Remote Vulnerabilities
BugTraq ID: 14941
Remote: Yes
Date Published: 2005-09-26
Relevant URL: http://www.securityfocus.com/bid/14941
Summary:
MultiTheftAuto is prone to multiple vulnerabilities.

The following issues were identified:

The first issue can allow an attacker to gain unauthorized access to an
administrative file.

The second issue can allow an attacker to trigger a crash in the application.

MultiTheftAuto 0.5 patch 1 and prior versions are vulnerable to these issues.

10. RSyslog Syslog Message SQL Injection Vulnerability
BugTraq ID: 14942
Remote: Yes
Date Published: 2005-09-26
Relevant URL: http://www.securityfocus.com/bid/14942
Summary:
RSyslog is prone to an SQL injection vulnerability.  This issue is due to a
failure in the application to properly sanitize user-supplied input before using
it in an SQL query.

Successful exploitation could result in a compromise of the application,
disclosure or modification of data, or may permit an attacker to exploit
vulnerabilities in the underlying database implementation.

11. Qpopper Local Arbitrary File Modification Vulnerability
BugTraq ID: 14944
Remote: No
Date Published: 2005-09-26
Relevant URL: http://www.securityfocus.com/bid/14944
Summary:
Qpopper is a POP3 mail server available for Linux and Unix based systems.

Qpopper is susceptible to a local arbitrary file modification vulnerability.
This issue is due to insecure file handling in the 'poppassd' setuid-superuser
application.

A local attacker could exploit this vulnerability to alter the permissions on,
overwrite and alter arbitrary files with superuser privileges. Depending on the
purpose of the modified files, this may cause system crashes, or allow attackers
to gain elevated privileges.

12. RealNetworks RealPlayer And Helix Player Format String Vulnerability 
BugTraq ID: 14945
Remote: Yes
Date Published: 2005-09-26
Relevant URL: http://www.securityfocus.com/bid/14945
Summary:
RealPlayer and Helix player are susceptible to a format string vulnerability.
This issue is due to a failure of the application to properly sanitize
user-supplied input, allowing a remote attacker to supply format specifiers
directly to a formatted printing function.

Successful exploitation of this vulnerability allows remote attackers to execute
arbitrary machine code in the context of the affected application.

RealPlayer 10.0 through 10.0.5 for Linux and Helix Player 1.0 through 1.0.5 are
prone to this issue.


13. FL Studio FLP File Processing Heap Overflow Vulnerability 
BugTraq ID: 14946
Remote: Yes
Date Published: 2005-09-26
Relevant URL: http://www.securityfocus.com/bid/14946
Summary:
FL Studio is susceptible to a remote heap overflow vulnerability. This issue is
due to a failure of the application to properly bounds check user-supplied data
prior to copying it to an insufficiently sized memory buffer.

The application fails to bounds check user-supplied data contained in FLP files,
resulting in the possibility of overflowing a destination heap buffer. This
allows attackers to control the contents of critical memory control structures
and write arbitrary data to arbitrary memory locations.

This issue likely allows attackers to execute arbitrary machine code in the
context of the user running the affected application.

This issue is reported in version 5.0.1 of FL Studio. Other versions may also be
affected.

14. SecureW2 Insecure Pre-Master Secret Generation Vulnerability
BugTraq ID: 14947
Remote: Yes
Date Published: 2005-09-26
Relevant URL: http://www.securityfocus.com/bid/14947
Summary:
SecureW2 is susceptible to an insecure pre-master secret generation
vulnerability. This issue is due to a design flaw in the application that causes
weak random numbers to be used in a cryptographic operation.

Due to the insecure use of random number generator functions, the secret used in
further client-server communications may be predicted by attackers. This may
lead to the loss of security properties associated with the EAP-TTLS protocol,
leading to a false sense of security.

By exploiting this vulnerability, attackers may gain access to the cleartext
contents of encrypted communication, aiding them in further attacks.
Man-in-the-middle, and other attacks may also be possible.

15. Nokia 3210 And 7610 Remote OBEX Denial Of Service Vulnerability
BugTraq ID: 14948
Remote: Yes
Date Published: 2005-09-26
Relevant URL: http://www.securityfocus.com/bid/14948
Summary:
A remote denial of service vulnerability affects Nokia 3210 and 7610 phones.
This issue is due to a failure of the operating system to handle certain
filename characters in Bluetooth OBEX transfers.

An attacker may leverage this issue to cause affected Nokia devices to fail to
respond to further Bluetooth OBEX communications. Further communication likely
fails until the affected phone is restarted.

Due to code reuse among devices, other phones may also be affected.

16. Sun Solaris Xsun and Xprt Local Privilege Escalation Vulnerability
BugTraq ID: 14949
Remote: No
Date Published: 2005-09-26
Relevant URL: http://www.securityfocus.com/bid/14949
Summary:
Sun Solaris is prone to a vulnerability that may let attackers gain elevated
privileges through execution of arbitrary code.  This vulnerability is exposed
through the Xsun and Xprt commands.

17. Astaro Security Linux PPTP Server Unspecified Remote Denial of Service
Vulnerability
BugTraq ID: 14950
Remote: Yes
Date Published: 2005-09-26
Relevant URL: http://www.securityfocus.com/bid/14950
Summary:
Astaro Security Linux Point-to-Point Tunneling Protocol (PPTP) server is
affected by an unspecified remote denial of service vulnerability.

It is conjectured that a remote attacker may exploit this issue by sending
specially crafted data to the PPTP server and causing the application to crash.

Due to a lack of details, further information cannot be provided at the moment. 
This BID will be updated when more details are available.

18. LucidCMS Index.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 14951
Remote: Yes
Date Published: 2005-09-27
Relevant URL: http://www.securityfocus.com/bid/14951
Summary:
lucidCMS is prone to a cross-site scripting vulnerability.  This issue is due to
a failure in the application to properly sanitize user-supplied input.

An attacker may leverage this issue to have arbitrary script code executed in
the browser of an unsuspecting user in the context of the affected site.  This
may facilitate the theft of cookie-based authentication credentials as well as
other attacks.

19. Novell GroupWise Client Local Integer Overflow Vulnerability
BugTraq ID: 14952
Remote: No
Date Published: 2005-09-27
Relevant URL: http://www.securityfocus.com/bid/14952
Summary:
Novell GroupWise Client is prone to a local integer overflow vulnerability.

The attacker may leverage this issue to corrupt process memory, which may lead
to a crash or arbitrary code execution.  A complete compromise of the affected
system may be possible.

GroupWise 6.5.3 is reported to be vulnerable.  It is possible that other
versions are affected as well.

20. CJ LinkOut Top.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 14953
Remote: Yes
Date Published: 2005-09-27
Relevant URL: http://www.securityfocus.com/bid/14953
Summary:
CJ LinkOut is prone to a cross-site scripting vulnerability. This issue is due
to a failure in the application to properly sanitize user-supplied input.

An attacker may leverage this issue to have arbitrary script code executed in
the browser of an unsuspecting user in the context of the affected site.  This
may facilitate the theft of cookie-based authentication credentials as well as
other attacks.

21. CJ Tag Board Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 14954
Remote: Yes
Date Published: 2005-09-27
Relevant URL: http://www.securityfocus.com/bid/14954
Summary:
CJ Tag Board is prone to multiple cross-site scripting vulnerabilities.
These issues are due to a failure in the application to properly sanitize
user-supplied input.

An attacker may leverage these issues to have arbitrary script code executed in
the browser of an unsuspecting user in the context of the affected site.  These
may facilitate the theft of cookie-based authentication credentials as well as
other attacks.

22. Linux Kernel USB Subsystem Local Denial Of Service Vulnerability
BugTraq ID: 14955
Remote: No
Date Published: 2005-09-27
Relevant URL: http://www.securityfocus.com/bid/14955
Summary:
A local denial of service vulnerability affects the USB subsystem of the Linux
kernel. This issue is due to a failure of the kernel to properly handle
unexpected conditions when attempting to handle URBs (USB Request Blocks).

This vulnerability may be exploited by local users to trigger a kernel 'Oops' on
computers where the vulnerable USB subsystem is enabled. This may be used to
deny service to legitimate users.

23. CJ Web2Mail Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 14956
Remote: Yes
Date Published: 2005-09-27
Relevant URL: http://www.securityfocus.com/bid/14956
Summary:
CJ Web2Mail is prone to multiple cross-site scripting vulnerabilities. This
issue is due to a failure in the application to properly sanitize user-supplied
input.

An attacker may leverage this issue to have arbitrary script code executed in
the browser of an unsuspecting user in the context of the affected site.  This
may facilitate the theft of cookie-based authentication credentials as well as
other attacks.


24. PHP Open_BaseDir Security Restriction Bypass Vulnerability
BugTraq ID: 14957
Remote: Yes
Date Published: 2005-09-27
Relevant URL: http://www.securityfocus.com/bid/14957
Summary:
PHP is prone to a vulnerability regarding the unauthorized access to directories
outside the base directory.

The problem presents itself in the way PHP handles the 'open_basedir' directive.

Successful exploitation will grant an attacker access to directories outside the
designated base directory.  This will result in information disclosure, and
access to possibly privileged information.

This issue is reported to affect PHP versions 4.4.0 and 5.0.5; other versions
may also be vulnerable.

25. PostNuke PN_BBCode Local File Include Vulnerability
BugTraq ID: 14958
Remote: Yes
Date Published: 2005-09-28
Relevant URL: http://www.securityfocus.com/bid/14958
Summary:
PostNuke is prone to a local file include vulnerability.  This issue is due to a
failure of the application to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary server-side script code
that resides on an affected computer with the privileges of the Web server
process. This may potentially facilitate unauthorized access.

It should be noted that this issue may also be leveraged to read arbitrary files
on an affected computer with the privileges of the Web server.

26. IBM AIX Getconf Local Buffer Overflow Vulnerability
BugTraq ID: 14959
Remote: No
Date Published: 2005-09-28
Relevant URL: http://www.securityfocus.com/bid/14959
Summary:
IBM AIX getconf is prone to a local buffer overflow vulnerability. This issue
arises because the application fails to perform boundary checks prior to copying
user-supplied data into insufficiently-sized memory buffers.

A successful attack allows arbitrary machine code execution with superuser
privileges, due to the affected application being installed with
setuid-superuser privileges.

27. TWiki TWikiUsers INCLUDE Function Remote Arbitrary Command Execution
Vulnerability
BugTraq ID: 14960
Remote: Yes
Date Published: 2005-09-28
Relevant URL: http://www.securityfocus.com/bid/14960
Summary:
A remote command execution vulnerability affects the application.

The revision control function of the TWikiUsers script uses the backtick shell
metacharacter to construct a command line.  An attacker may use a specially
crafted URI to execute arbitrary commands through the shell. 

This attack would occur in the context of the vulnerable application and can
facilitate unauthorized remote access.


28. Polipo Off-By-One Buffer Overflow Vulnerability
BugTraq ID: 14961
Remote: Yes
Date Published: 2005-09-28
Relevant URL: http://www.securityfocus.com/bid/14961
Summary:
Polipo is prone to an off-by-one buffer overflow vulnerability.  

An attacker may be able to exploit this issue to trigger a denial of service
condition.  It is conjectured that arbitrary code execution may be possible as
well.

29. CubeCart Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 14962
Remote: Yes
Date Published: 2005-09-28
Relevant URL: http://www.securityfocus.com/bid/14962
Summary:
CubeCart is prone to multiple cross-site scripting vulnerabilities.  These
issues are due to a failure in the application to properly sanitize
user-supplied input.

An attacker may leverage any of these issues to have arbitrary script code
executed in the browser of an unsuspecting user in the context of the affected
site.  This may facilitate the theft of cookie-based authentication credentials
as well as other attacks.



30. PHP-Fusion Messages.PHP SQL Injection Vulnerability
BugTraq ID: 14964
Remote: Yes
Date Published: 2005-09-28
Relevant URL: http://www.securityfocus.com/bid/14964
Summary:
PHP-Fusion is prone to an SQL injection vulnerability.  This issue is due to a
failure in the application to properly sanitize user-supplied input before using
it in an SQL query.

Successful exploitation could result in a compromise of the application,
disclosure or modification of data, or may permit an attacker to exploit
vulnerabilities in the underlying database implementation.


31. Zone Labs ZoneAlarm Pro DDE-IPC Advanced Program Control Bypass Weakness
BugTraq ID: 14966
Remote: No
Date Published: 2005-09-28
Relevant URL: http://www.securityfocus.com/bid/14966
Summary:
ZoneAlarm Pro is prone to a weakness that permits the bypassing of the Advanced
Program Control feature settings.

An attacker can exploit this weakness to bypass restrictive settings and
transmit data to external sources through the use of permitted applications.

UPDATE: The vendor has investigated the vulnerability and has stated that the
attack does not bypass Advanced Program Control.  Therefore, this is no longer
considered a security vulnerability and this BID has been retired.

32. BitDefender Antivirus Logging Function Format String Vulnerability
BugTraq ID: 14968
Remote: Yes
Date Published: 2005-09-28
Relevant URL: http://www.securityfocus.com/bid/14968
Summary:
BitDefender Antivirus is a proprietary antivirus product for multiple platforms.

A format string vulnerability affects the logging functionality of BitDefender
Antivirus. This issue is due to a failure of the application to properly
sanitize user-supplied input prior to passing it as the format specifier to a
formatted printing function.

A remote attacker may leverage this issue to write to arbitrary process memory,
facilitating code execution, and privilege escalation.

This issue was reported in BitDefender versions 7.2, 8, and 9 for Windows. Other
versions and platforms may also be affected.

33. Microsoft Internet Explorer XmlHttpRequest Parameter Validation Weakness
BugTraq ID: 14969
Remote: Yes
Date Published: 2005-09-24
Relevant URL: http://www.securityfocus.com/bid/14969
Summary:
Microsoft Internet Explorer is prone to a weakness that permits the injection of
arbitrary HTTP requests due to improper verification of parameters passed to
XmlHttpRequest. 

An attacker may craft a Web site that instantiates the affected control and
force the browser to request a site on the same host or another host in case a
forwarding proxy is employed.  The attacker would then intercept the response
and steal sensitive data to aid in attacks.

A successful attack may have various consequences facilitating HTTP request
smuggling attacks, man in the middle attacks, and information disclosure.

34. Polipo Web Root Restriction Bypass Vulnerability
BugTraq ID: 14970
Remote: Yes
Date Published: 2005-09-28
Relevant URL: http://www.securityfocus.com/bid/14970
Summary:
Polipo is prone to a vulnerability that permits access to files outside the Web
root.  Very little information is available regarding this vulnerability other
than the application may cause the Web server to expose files outside the local
root.  This BID will be updated as further information becomes available.

Successful exploitation of this vulnerability will result in information
disclosure.  Information obtained may aid in further attacks; other attacks are
also possible.

35. AbiWord RTF File Processing Buffer Overflow Vulnerability 
BugTraq ID: 14971
Remote: Yes
Date Published: 2005-09-29
Relevant URL: http://www.securityfocus.com/bid/14971
Summary:
AbiWord is susceptible to a buffer overflow vulnerability. This issue is due to
a failure of the application to properly bounds check user-supplied data prior
to copying it to an insufficiently sized memory buffer while importing RTF
files.

This issue likely allows attackers to execute arbitrary machine code in the
context of the user running the affected application.

36. SBLim-SFCB Malformed Header Denial Of Service Vulnerability
BugTraq ID: 14972
Remote: Yes
Date Published: 2005-09-29
Relevant URL: http://www.securityfocus.com/bid/14972
Summary:
sblim-sfcb is prone to a denial of service vulnerability.  This issue is due to
a failure in the application to handle malformed headers.

An attacker can exploit this vulnerability to deny service to legitimate users.


37. SquirrelMail Address Add Plugin Add.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 14973
Remote: Yes
Date Published: 2005-09-29
Relevant URL: http://www.securityfocus.com/bid/14973
Summary:
SquirrelMail Address Add Plugin is prone to a cross-site scripting
vulnerability. This issue is due to a failure in the application to properly
sanitize user-supplied input.

An attacker may leverage this issue to have arbitrary script code executed in
the browser of an unsuspecting user in the context of the affected site.  This
may facilitate the theft of cookie-based authentication credentials as well as
other attacks.


38. NateOn Messenger Arbitrary File Download And Buffer Overflow Vulnerabilities
BugTraq ID: 14974
Remote: Yes
Date Published: 2005-09-29
Relevant URL: http://www.securityfocus.com/bid/14974
Summary:
NateOn Messenger is susceptible to an arbitrary file download vulnerability, and
a buffer overflow vulnerability. These issues are present in the
'NateonDownloadManager.ocx' ActiveX control that is installed with the
application.

An attacker would exploit these issues by creating malicious HTML containing
script code that accesses the vulnerable ActiveX controls. This issue allows
remote attackers to fetch arbitrary remote files and save them on the local
machine.

The buffer overflow vulnerability allows remote attackers to execute arbitrary
machine code in the context of the user running the affected software,
facilitating remote system compromise.

Attackers may utilize these vulnerabilities in conjunction with each other in
order to transfer malicious code to targeted users, and then execute it.

39. Macromedia Breeze Plaintext Password Storage Weakness
BugTraq ID: 14975
Remote: No
Date Published: 2005-09-29
Relevant URL: http://www.securityfocus.com/bid/14975
Summary:
Macromedia Breeze is a commercial online training and communications system.

Macromedia Breeze is susceptible to a plaintext password storage weakness. This
issue is due to a design error in the password reset feature.

This issue could be used in conjunction with other possible vulnerabilities in a
host to gain access to user authentication credentials. This poses an additional
risk since users may recycle credentials across multiple services.

40. lucidCMS Login SQL Injection Vulnerability
BugTraq ID: 14976
Remote: Yes
Date Published: 2005-09-29
Relevant URL: http://www.securityfocus.com/bid/14976
Summary:
lucidCMS is prone to to an SQL injection vulnerability.

Successful exploitation could result in a compromise of the application,
disclosure or modification of data, or may permit an attacker to exploit
vulnerabilities in the underlying database implementation.

Ultimately an attacker could exploit this vulnerability to gain administrative
privileges.  This could facilitate a compromise of the underlying system; other
attacks are also possible.

41. BackupNinja Insecure Temporary File Creation Vulnerability
BugTraq ID: 14978
Remote: No
Date Published: 2005-09-30
Relevant URL: http://www.securityfocus.com/bid/14978
Summary:
backupninja creates temporary files in an insecure manner.  This may allow a
local attacker to perform symbolic link attacks.

Successful exploitation may result in sensitive data or configuration files
being overwritten.  This may result in a denial of service; other attacks may
also be possible.


42. NTLM Authorization Proxy Server Insecure Configuration File Permissions
Vulnerability
BugTraq ID: 14979
Remote: No
Date Published: 2005-09-30
Relevant URL: http://www.securityfocus.com/bid/14979
Summary:
NTLM Authorization Proxy Server (ntlmaps) is prone to a vulnerability regarding
insecure permissions on the configuration file.  This issue is due to a
configuration error in the post-installation script.

A local attacker can exploit this vulnerability to retrieve the username and
password to the Microsoft Windows NT system that ntlmaps connects to.

43. IceWarp Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 14980
Remote: Yes
Date Published: 2005-09-30
Relevant URL: http://www.securityfocus.com/bid/14980
Summary:
IceWarp is prone to multiple cross-site scripting vulnerabilities.  These issues
are due to a failure in the application to properly sanitize user-supplied
input.

An attacker may leverage these issues to have arbitrary script code executed in
the browser of an unsuspecting user in the context of the affected site.  These
may facilitate the theft of cookie-based authentication credentials as well as
other attacks.



44. 4D WebStar Remote IMAP Denial of Service Vulnerability
BugTraq ID: 14981
Remote: Yes
Date Published: 2005-09-30
Relevant URL: http://www.securityfocus.com/bid/14981
Summary:
4D WebStar is affected by a remote denial of service vulnerability. This issue
arises because the application fails to handle exceptional conditions in a
proper manner.

Specific details regarding the cause of this issue are not currently available.
This BID will be updated as further information is disclosed.

45. ApacheTop Insecure Temporary File Creation Vulnerability
BugTraq ID: 14982
Remote: No
Date Published: 2005-09-30
Relevant URL: http://www.securityfocus.com/bid/14982
Summary:
ApacheTop creates temporary files in an insecure manner. This may allow a local
attacker to perform symbolic link attacks.

Successful exploitation may result in sensitive data or configuration files
being overwritten.  This may result in a denial of service; other attacks may
also be possible.


46. Blender Command Line Processing Buffer Overflow Vulnerability 
BugTraq ID: 14983
Remote: Yes
Date Published: 2005-09-30
Relevant URL: http://www.securityfocus.com/bid/14983
Summary:
Blender is susceptible to a buffer overflow vulnerability. This issue is due to
a failure of the application to properly bounds check user-supplied data prior
to copying it to an insufficiently sized memory buffer while handling command
line arguments.

This issue likely allows attackers to execute arbitrary machine code in the
context of the user running the affected application.

This issue is reported in version 2.37a of Blender; other versions may also be
affected.

47. EasyGuppy Printfaq.PHP Directory Traversal Vulnerability
BugTraq ID: 14984
Remote: Yes
Date Published: 2005-09-30
Relevant URL: http://www.securityfocus.com/bid/14984
Summary:
EasyGuppy is prone to a directory traversal vulnerability.

The application fails to properly sanitize input supplied through HTTP POST
requests or cookies.

Exploitation of this vulnerability could lead to a loss of confidentiality as
arbitrary files are disclosed to an attacker.

48. MediaWiki Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 14987
Remote: Yes
Date Published: 2005-09-29
Relevant URL: http://www.securityfocus.com/bid/14987
Summary:
MediaWiki is prone to multiple cross-site scripting vulnerabilities.  These
issues are due to a failure in the application to properly sanitize
user-supplied input.

An attacker may leverage these issues to have arbitrary script code executed in
the browser of an unsuspecting user in the context of the affected site.  This
may facilitate the theft of cookie-based authentication credentials as well as
other attacks.

49. Merak Mail Server Arbitrary File Deletion Vulnerability
BugTraq ID: 14988
Remote: Yes
Date Published: 2005-09-30
Relevant URL: http://www.securityfocus.com/bid/14988
Summary:
Merak Mail Server is affected by an arbitrary file deletion vulnerability. This
issue arises due to an input validation error allowing an attacker to delete
files in the context of the Web server running the application.

An attacker can exploit this issue to cause a denial of service condition due to
data corruption.

Merak Mail Server version 8.2.4r is affected by this vulnerability.


50. Citrix MetaFrame Presentation Server Security Policy Bypass Vulnerability
BugTraq ID: 14989
Remote: Yes
Date Published: 2005-09-30
Relevant URL: http://www.securityfocus.com/bid/14989
Summary:
Citrix MetaFrame Presentation Server is susceptible to a server policy bypass
vulnerability. This issue is due to the application utilizing and trusting
client-supplied data in policy decisions.

Attackers may bypass security policies by changing the contents of 'launch.ica'
files.

This allows attackers to bypass administratively defined security policies,
potentially aiding them in further attacks.

51. Virtools Web Player Buffer Overflow Vulnerability
BugTraq ID: 14990
Remote: Yes
Date Published: 2005-09-30
Relevant URL: http://www.securityfocus.com/bid/14990
Summary:
Virtools Web Player is prone to a buffer overflow vulnerability.  This issue is
due to a failure in the application to perform proper bounds checking on
user-supplied data.

A remote attacker can exploit this issue to execute arbitrary code and gain
unauthorized access.

52. Virtools Web Player Directory Traversal Vulnerability
BugTraq ID: 14991
Remote: Yes
Date Published: 2005-09-30
Relevant URL: http://www.securityfocus.com/bid/14991
Summary:
Virtools Web Player is prone to a directory traversal vulnerability.  This issue
is due to a failure in the application to properly sanitize user-supplied input.

Exploitation of this vulnerability could permit an attacker to overwrite
arbitrary files in the security context of the vulnerable application.


53. PHP-Fusion Multiple SQL Injection Vulnerabilities
BugTraq ID: 14992
Remote: Yes
Date Published: 2005-09-29
Relevant URL: http://www.securityfocus.com/bid/14992
Summary:
PHP-Fusion is prone to multiple SQL injection vulnerabilities.  These issues are
due to a failure in the application to properly sanitize user-supplied input
before using it in an SQL query.

Successful exploitation could result in a compromise of the application,
disclosure or modification of data, or may permit an attacker to exploit
vulnerabilities in the underlying database implementation.

54. ProZilla Buffer Overflow Vulnerability
BugTraq ID: 14993
Remote: Yes
Date Published: 2005-10-01
Relevant URL: http://www.securityfocus.com/bid/14993
Summary:
ProZilla is prone to a buffer overflow vulnerability. This issue is due to the
failure of the application to properly bounds check user-supplied input prior to
copying it to an insufficiently sized memory buffer.

Arbitrary code execution in the context of the user running the application is
possible.

55. GNU CFEngine Insecure Temporary File Creation Vulnerability
BugTraq ID: 14994
Remote: No
Date Published: 2005-10-01
Relevant URL: http://www.securityfocus.com/bid/14994
Summary:
GNU cfengine is prone to an insecure temporary file creation vulnerability. 
Exploitation may allow arbitrary files to be overwritten.


56. Bugzilla config.cgi Information Disclosure Vulnerability
BugTraq ID: 14995
Remote: Yes
Date Published: 2005-10-01
Relevant URL: http://www.securityfocus.com/bid/14995
Summary:
Bugzilla is prone to an information disclosure issue exposed through config.cgi.
 This may allow an unauthorized user to access product names that are supposed
to be confidential.

Bugzilla versions 2.18rc1 to 2.18.3, 2.19 to 2.20rc2, and 2.21 are affected.

57. Bugzilla User-Matching Information Disclosure Vulnerability
BugTraq ID: 14996
Remote: Yes
Date Published: 2005-10-01
Relevant URL: http://www.securityfocus.com/bid/14996
Summary:
Bugzilla is prone to an information disclosure vulnerability when user-matching
is turned on.  This could allow an attacker to enumerate usernames on the
system.

Bugzilla 2.19.1 to 2.20rc2 and 2.21 are prone to this vulnerability.


58. Procom Technology NetFORCE 800 Information Disclosure Vulnerability
BugTraq ID: 14997
Remote: Yes
Date Published: 2005-10-01
Relevant URL: http://www.securityfocus.com/bid/14997
Summary:
Procom Technology NetFORCE 800 is prone to an information disclosure issue.  The
operating system sends password hashes in plaintext diagnostic email messages.

This issue was reported to exist in NetFORCE 800 v4.02 M10 (Build 20).  Other
versions may also be affected.


III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. E-voting experts call for revised security guidelines
By: Robert Lemos
A federally funded group of voting technology experts call on the United States'
Election Assistance Commission to revamp its process for evaluating the security
of election systems.
http://www.securityfocus.com/news/11336

2. Digital plague hits online game World of Warcraft
By: Robert Lemos
A game effect with limited self-propagation gets spread further by malicious
gamers and underscores the danger of giving programs the ability to infect.
http://www.securityfocus.com/news/11330

3. Mozilla's popularity stressing its security image
By: Robert Lemos
Recent vulnerability disclosures and a biannual report noting increased flaw
reports raise questions about the open-source Firefox browser's security.
http://www.securityfocus.com/news/11327

4. Key clicks betray passwords, typed text
By: Robert Lemos
University researchers find that a ten-minute recording of a person's typing  is
enough to recover more than 90 percent of the words entered on a computer
keyboard.
http://www.securityfocus.com/news/11318

5. Political hackers deface Novell SUSE sites
By: John Leyden
Three Novell OpenSUSE community web site were defaced on Sunday by politically
motivated hackers.
http://www.securityfocus.com/news/11334

6. Backdoor Trojan targets Microsoft Access
By: John Leyden
Virus writers have created a Trojan which uses an unpatched vulnerability in
Microsoft Office to take over Windows PCs.
http://www.securityfocus.com/news/11335

7. NetSky-P tops moribund malware chart
By: John Leyden
September marked a quiet month on the malware front with virus levels at a
yearly low and the long-running NetSky-P worm stuck at the top of virus nuisance
charts.
http://www.securityfocus.com/news/11333

8. Warning over unattended PC peril
By: John Leyden
Unattended PCs are becoming the focus of insider attacks, according to Gartner.
It reckons "someone else must have used my PC" has become a typical defence to
accusations of improper online behaviour.
http://www.securityfocus.com/news/11332

IV.  SECURITY JOBS LIST SUMMARY
-------------------------------
1. [SJ-JOB] Security Engineer, Dulles
http://www.securityfocus.com/archive/77/412426

2. [SJ-JOB] Security Engineer, Arlington
http://www.securityfocus.com/archive/77/412424

3. [SJ-JOB] Sales Representative, Kansas City or St. Louis
http://www.securityfocus.com/archive/77/412425

4. [SJ-JOB] Quality Assurance, Redwood City
http://www.securityfocus.com/archive/77/412423

5. [SJ-JOB] Auditor, New York
http://www.securityfocus.com/archive/77/412408

6. [SJ-JOB] Sales Representative, Novi
http://www.securityfocus.com/archive/77/412406

7. [SJ-JOB] Security Consultant, Riyadh
http://www.securityfocus.com/archive/77/412407

8. [SJ-JOB] Auditor, Manchester, Birmingham or Leeds
http://www.securityfocus.com/archive/77/412409

9. [SJ-JOB] Management, Toronto
http://www.securityfocus.com/archive/77/412404

10. [SJ-JOB] Security Engineer, Stockholm
http://www.securityfocus.com/archive/77/412405

11. [SJ-JOB] Information Assurance Analyst, Tyson's Corner
http://www.securityfocus.com/archive/77/412389

12. [SJ-JOB] Management, Redmond
http://www.securityfocus.com/archive/77/412390

13. [SJ-JOB] Security Consultant, New York City
http://www.securityfocus.com/archive/77/412384

14. [SJ-JOB] Security Consultant, Houston
http://www.securityfocus.com/archive/77/412388

15. [SJ-JOB] Security Consultant, Houston
http://www.securityfocus.com/archive/77/412385

16. [SJ-JOB] Security Consultant, New York City
http://www.securityfocus.com/archive/77/412386

17. [SJ-JOB] Security Director, Tuscon
http://www.securityfocus.com/archive/77/412387

18. [SJ-JOB] Manager, Information Security, Ottawa
http://www.securityfocus.com/archive/77/412376

19. [SJ-JOB] Director, Computer Security, Richland
http://www.securityfocus.com/archive/77/412373

20. [SJ-JOB] Forensics Engineer, Washington D.C
http://www.securityfocus.com/archive/77/412374

21. [SJ-JOB] Security Consultant, Richmond
http://www.securityfocus.com/archive/77/412375

22. [SJ-JOB] Sales Representative, Houston or Dallas
http://www.securityfocus.com/archive/77/412372

23. [SJ-JOB] Application Security Engineer, SANTA ANA
http://www.securityfocus.com/archive/77/412281

24. [SJ-JOB] Sales Representative, San Diego
http://www.securityfocus.com/archive/77/412278

25. [SJ-JOB] Technical Writer, Redwood City
http://www.securityfocus.com/archive/77/412280

26. [SJ-JOB] Security Architect, Atlanta
http://www.securityfocus.com/archive/77/412282

27. [SJ-JOB] VP / Dir / Mgr engineering, Reston
http://www.securityfocus.com/archive/77/412279

28. [SJ-JOB] Security Engineer, Berlin
http://www.securityfocus.com/archive/77/412263

29. [SJ-JOB] Incident Handler, Crystal City
http://www.securityfocus.com/archive/77/412267

30. [SJ-JOB] Incident Handler, Washington
http://www.securityfocus.com/archive/77/412262

31. [SJ-JOB] Sales Representative, Minneapolis / St. Paul
http://www.securityfocus.com/archive/77/412266

32. [SJ-JOB] Security System Administrator, Ashburn
http://www.securityfocus.com/archive/77/412268

33. [SJ-JOB] Security Engineer, Crystal City
http://www.securityfocus.com/archive/77/412264

34. [SJ-JOB] Security System Administrator, Washington
http://www.securityfocus.com/archive/77/412265

35. [SJ-JOB] Technology Risk Consultant, London
http://www.securityfocus.com/archive/77/412100

36. [SJ-JOB] Management, Kirkland
http://www.securityfocus.com/archive/77/412102

37. [SJ-JOB] Technology Risk Consultant, London
http://www.securityfocus.com/archive/77/412104

38. [SJ-JOB] Jr. Security Analyst, Washington
http://www.securityfocus.com/archive/77/412101

39. [SJ-JOB] Sr. Security Engineer, Vienna
http://www.securityfocus.com/archive/77/412099

40. [SJ-JOB] Technical Support Engineer, Redwood Shores
http://www.securityfocus.com/archive/77/412035

41. [SJ-JOB] Security Engineer, Lakewood
http://www.securityfocus.com/archive/77/412038

42. [SJ-JOB] Customer Support, Redwood Shores
http://www.securityfocus.com/archive/77/412039

43. [SJ-JOB] Sales Engineer, Chicago
http://www.securityfocus.com/archive/77/412029

44. [SJ-JOB] Security Engineer, Redwood Shores
http://www.securityfocus.com/archive/77/412031

45. [SJ-JOB] Sales Representative, Cupertino
http://www.securityfocus.com/archive/77/412025

46. [SJ-JOB] Sales Representative, Sunnyvale
http://www.securityfocus.com/archive/77/412026

47. [SJ-JOB] Sales Representative, New York City metro
http://www.securityfocus.com/archive/77/412027

48. [SJ-JOB] Certification & Accreditation Engineer, Washington
http://www.securityfocus.com/archive/77/411854

49. [SJ-JOB] Security Researcher, Reston
http://www.securityfocus.com/archive/77/411855

50. [SJ-JOB] Jr. Security Analyst, Fort Lauderdale
http://www.securityfocus.com/archive/77/411850

51. [SJ-JOB] Sr. Security Analyst, Dearborn
http://www.securityfocus.com/archive/77/411853

V.   INCIDENTS LIST SUMMARY
---------------------------
VI.  VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
1. Citrix Metaframe Presentation Server  bypassing policies
http://www.securityfocus.com/archive/82/412283

2. Upcoming Black Hat events announcement
http://www.securityfocus.com/archive/82/412007

VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Remote.exe from "Support tools" on Win 2003 CD
http://www.securityfocus.com/archive/88/412369

2. windows secure copy
http://www.securityfocus.com/archive/88/412368

3. SecurityFocus Microsoft Newsletter #258
http://www.securityfocus.com/archive/88/412002

4. Office 2003 SP2?
http://www.securityfocus.com/archive/88/412003

VIII. SUN FOCUS LIST SUMMARY
----------------------------
1. SPARC bootable CDs??
http://www.securityfocus.com/archive/92/412413

IX. LINUX FOCUS LIST SUMMARY
----------------------------
1. routing_based_on_port/services
http://www.securityfocus.com/archive/91/412365

2. Group permissions changed
http://www.securityfocus.com/archive/91/412015
[ terug ]