Home
Systeembeheer
Consultancy
Connectivity
Training
Development

Klanten

Inloggen

Resources

Sans artikelen
Security artikelen

Software

Linux
Windows









[ terug ]
SecurityFocus Newsletter #441
----------------------------------------

This issue is Sponsored by: HP

HP Application Security Webinar: Achieving PCI 6.6 Compliance - Are Your Web
Applications Secure Enough?
In June 2008, the major credit card vendors will require compliance with
requirement 6 of the PCI DSS, "Ensure that all web facing applications are
protected against known attacks."  Join HP Software and the former SPI Dynamics
for this free webinar to learn how you can easily satisfy this requirement and
build a powerful web application security program at the same time. During this
event, you will receive the tools and knowledge to ensure your web applications
comply with PCI requirements and block hackers.
https://h30406.www3.hp.com/campaigns/2008/events/sw-02-26-08/index.php?mcc=DAYA


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying
topics of interest for our community. We are proud to offer content from
Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I.    FRONT AND CENTER
       1. Tweaking Social Security to Combat Fraud
       2. Skills for the Future

II.   BUGTRAQ SUMMARY
       1. Woltlab Burning Board  'password' SQL Injection Vulnerability
       2. Group Logic ExtremeZ-IP File and Print Servers Multiple
Vulnerabilities
       3. Hitachi SEWB/PLATFORM SEWB3 Unspecified Denial Of Service
Vulnerability
       4. Hitachi EUR Print Manager Remote Denial of Service Vulnerability
       5. Symantec Storage Foundation Veritas Enterprise Administrator Heap
Buffer Overflow Vulnerability
       6. Jooget! 'id' Parameter SQL Injection Vulnerability
       7. Cacti Multiple Input Validation Vulnerabilities
       8. WP Photo Album 'photo' Parameter SQL Injection Vulnerability
       9. PHPizabi 'image.php' Arbitrary File Upload Vulnerability
       10. Multiple Web Browser BMP Partial Palette Information Disclosure and
Denial Of Service Vulnerability
       11. XPWeb 'Download.php' File Disclosure Vulnerability
       12. BanPro DMS 'index.php' Local File Include Vulnerability
       13. 360 Degree Web PlatinumKey Access Control Bypass Application
Execution Vulnerability
       14. 360 Degree Web PlatinumKey Access Control Bypass Information
Disclosure Vulnerability
       15. Sami FTP Server User Command Buffer Overflow Vulnerability
       16. Sami FTP Server Multiple Commands Remote Denial Of Service
Vulnerabilities
       17. e-Vision CMS 'id' Parameter Multiple SQL Injection Vulnerabilities
       18. Joomla! and Mambo com_downloads Component 'cat' Parameter SQL
Injection Vulnerability
       19. Joomla! and Mambo com_profile Component 'oid' Parameter SQL Injection
Vulnerability
       20. Joomla! and Mambo Portfolio Manager Component 'categoryId' Parameter
SQL Injection Vulnerability
       21. Joomla! and Mambo com_ricette Component 'id' Parameter SQL Injection
Vulnerability
       22. Joomla! and Mambo Quran Component SQL Injection Vulnerability
       23. Joomla! and Mambo com_detail Component 'id' Parameter SQL Injection
Vulnerability
       24. Joomla! and Mambo com_scheduling Component 'id' Parameter SQL
Injection Vulnerability
       25. Joomla! and Mambo com_galeria Component 'id' Parameter SQL Injection
Vulnerability
       26. Joomla! and Mambo com_filebase Component 'filecatid' Parameter SQL
Injection Vulnerability
       27. PHP-Nuke Okul Module 'okulid' Parameter SQL Injection Vulnerability
       28. PHP-Nuke EasyContent Module 'page_id' Parameter SQL Injection
Vulnerability
       29. Symantec Storage Foundation for Windows Scheduler Service Denial of
Service Vulnerability
       30. PHP-Nuke Sections Module 'artid' Parameter SQL Injection
Vulnerability
       31. PHP-Nuke Web_Links Module 'cid' Parameter SQL Injection Vulnerability
       32. PHP-Nuke Books Module 'cid' Parameter SQL Injection Vulnerability
       33. Claroline Multiple Remote Vulnerabilities
       34. RETIRED: Microsoft February 2008 Advance Notification Multiple
Vulnerabilities
       35. RETIRED: Microsoft January 2008 Advance Notification Multiple
Vulnerabilities
       36. Multiple Horde Products Security Bypass Vulnerability
       37. AuraCMS Multiple SQL Injection Vulnerabilities
       38. TRUC Tracking Requirements & Use Cases 'download.php' File Disclosure
Vulnerability
       39. Sun Java Plug-in Multiple Applet Vulnerabilities
       40. Adobe Acrobat and Reader Multiple Arbitrary Code Execution and
Security Vulnerabilities
       41. Samba Send_MailSlot Stack-Based Buffer Overflow Vulnerability
       42. Perl Unicode Regular Expression Buffer Overflow Vulnerability
       43. Sun Ray Device Manager Daemon Multiple Vulnerabilities
       44. XOOPS 'classifieds' Module 'cid' Parameter SQL Injection
Vulnerability
       45. XOOPS 'badliege' Module 'id' Parameter SQL Injection Vulnerability
       46. XOOPS 'vacatures' Module 'cid' Parameter SQL Injection Vulnerability
       47. XOOPS 'events' Module 'id' Parameter SQL Injection Vulnerability
       48. XOOPS 'seminars' Module 'id' Parameter SQL Injection Vulnerability
       49. XOOPS myTopics Module 'print.php' SQL Injection Vulnerability
       50. Mozilla Firefox 2.0.0.7 Multiple Remote Vulnerabilities
       51. Multiple Browser URI Handlers Command Injection Vulnerabilities
       52. WordPress wp-people Plugin 'wp-people-popup.php' SQL Injection
Vulnerability
       53. WordPress Recipes Blog Plugin 'id' Parameter SQL Injection
Vulnerability
       54. Mozilla Firefox/Thunderbird/SeaMonkey Chrome-Loaded About:Blank
Script Execution Vulnerability
       55. Mozilla Firefox 2.0.0.4 Multiple Remote Vulnerabilities
       56. iJoomla com_magazine Component 'pageid' Parameter SQL Injection
Vulnerability
       57. Joomla! and Mambo com_genealogy Component 'id' Parameter SQL
Injection Vulnerability
       58. Joomla! and Mambo com_formtool Component 'catid' Parameter SQL
Injection Vulnerability
       59. Joomla! and Mambo com_iigcatalog Component 'cat' Parameter SQL
Injection Vulnerability
       60. Joomla! and Mambo 'com_team' Component SQL Injection Vulnerability
       61. MoinMoin Multiple Cross Site Scripting Vulnerabilities
       62. IPdiva SSL VPN Security Bypass Vulnerability and Multiple Cross Site
Scripting Vulnerabilities
       63. MoinMoin MOIN_ID Cookie Remote Input Validation Vulnerability
       64. BEA Systems Multiple Products BEA08-183.00 to BEA08-200.00 Multiple
Vulnerabilities
       65. Sun Java Runtime Environment Virtual Machine Remote Privilege
Escalation Vulnerability
       66. Sun Java WebStart Multiple File Access And Information Disclosure
Vulnerabilities
       67. Sun Java Runtime Environment Multiple Weaknesses
       68. IBM Lotus QuickPlace 'Main.nsf' Cross-Site Scripting Vulnerability
       69. IBM Lotus Quickr Unspecified Cross-Site Scripting Vulnerability
       70. IBM DB2 Universal Database 9.1 Multiple Vulnerabilities
       71. Apple iPhoto DPAP Remote Denial of Service Vulnerability
       72. ATutor User Profile Multiple HTML Injection Vulnerabilities
       73. RunCMS 'admin.php' Cross-Site Scripting Vulnerability
       74. LightBlog 'view_member.php' Local File Include Vulnerability
       75. Linux Kernel Prior to 2.6.24.1 'vmsplice_to_user()' Local Privilege
Escalation Vulnerability
       76. PCRE Character Class Buffer Overflow Vulnerability
       77. BEA WebLogic Multiple Vulnerabilities
       78. Linux Kernel Prior to 2.6.24.2 'vmsplice_to_pipe()' Local Privilege
Escalation Vulnerability
       79. Multiple BEA WebLogic Applications Multiple Vulnerabilities
       80. Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting
Weakness
       81. Dokeos Multiple SQL Injection, HTML Injection, Cross-Site Scripting,
and File Upload Vulnerabilities
       82. Hosting Controller Multiple Remote Vulnerabilities
       83. WordPress Plugin WP-Forum SQL Injection Vulnerability
       84. Nagios Plugins Location Header Remote Buffer Overflow Vulnerability
       85. Imager 8 Bit BMP Heap Based Buffer Overflow Vulnerability
       86. wyrd Insecure Temporary File Creation Vulnerability
       87. GlobalLink 'HanGamePlugincn18.dll' ActiveX Control Multiple Buffer
Overflow Vulnerabilities
       88. XOOPS WF-Link Module Viewcat.PHP SQL Injection Vulnerability
       89. Foxit WAC Server Denial of Service Vulnerability
       90. Lyris ListManager Multiple Remote Vulnerabilities
       91. EMC RepliStor Multiple Remote Heap Based Buffer Overflow
Vulnerabilities
       92. PHP-Nuke Docum Module 'artid' Parameter SQL Injection Vulnerability
       93. Globsy 'globsy_edit.php' Local File Include Vulnerability
       94. PunBB Password Reset Weak Random Number Security Bypass Vulnerability
       95. Highwood Design hwdVideoShare 'Itemid' Parameter SQL Injection
Vulnerability
       96. CUPS 'process_browse_data()' Remote Double Free Denial of Service
Vulnerability
       97. XOOPS eEmpregos Module 'index.php' SQL Injection Vulnerability
       98. Schoolwires Academic Portal SQL Injection Vulnerability and
Cross-Site Scripting Vulnerability
       99. RunCMS MyAnnonces Module 'cid' Parameter SQL Injection Vulnerability
       100. Opera Web Browser 9.25 Multiple Security Vulnerabilities
III.  SECURITYFOCUS NEWS
       1. Worries over "good worms" rise again
       2. Federal agencies miss deadline on secure configs
       3. Universities fend off phishing attacks
       4. Antivirus firms, test labs to form standards group
IV.   SECURITY JOBS LIST SUMMARY
V.    INCIDENTS LIST SUMMARY
       1. Security log parser
       2. Possible Mail server compromise ?
VI.   VULN-DEV RESEARCH LIST SUMMARY
VII.  MICROSOFT FOCUS LIST SUMMARY
VIII. SUN FOCUS LIST SUMMARY
IX.   LINUX FOCUS LIST SUMMARY
X.    UNSUBSCRIBE INSTRUCTIONS
XI.   SPONSOR INFORMATION

I.   FRONT AND CENTER
---------------------
1. Tweaking Social Security to Combat Fraud
By Tim Mullen
Americans lost over 45 billion dollars in identity-related fraud in 2007.
Reports are so commonplace that we've actually become de-sensitized to them.
"200,000 victims reported..." "500,000 victims reported..." Even figures into
the millions don't seem to faze us anymore. And that is a Bad Thing. 
http://www.securityfocus.com/columnists/465

2.Skills for the Future
By Don Parker
A lot of the emails sent to me ask a basic question: Just how does one break
into computer security or what skills should you learn to get that first
security job. Lately though, I have been receiving many more queries on
specifically how one can leverage an existing skill set to become an
information-technology security analyst. 
http://www.securityfocus.com/columnists/464


II.  BUGTRAQ SUMMARY
--------------------
1. Woltlab Burning Board  'password' SQL Injection Vulnerability
BugTraq ID: 27885
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27885
Summary:
Woltlab Burning Board is prone to an SQL-injection vulnerability because the
application fails to properly sanitize user-supplied input before using it in an
SQL query. 

A successful exploit could allow an attacker to compromise the application,
access or modify data, or exploit vulnerabilities in the underlying database
implementation.

2. Group Logic ExtremeZ-IP File and Print Servers Multiple Vulnerabilities
BugTraq ID: 27718
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27718
Summary:
ExtremeZ-IP File and Print servers are prone to multiple vulnerabilities
including denial-of-service and information-disclosure issues.

Attackers can exploit these issues to cause denial-of-service conditions or gain
access to potentially sensitive information.

These issues affect ExtremeZ-IP File Server and ExtremeZ-IP Print Server
versions prior to 5.1.2x15.

3. Hitachi SEWB/PLATFORM SEWB3 Unspecified Denial Of Service Vulnerability
BugTraq ID: 27900
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27900
Summary:
Hitachi SEWB/PLATFORM SEWB3 is prone to a denial-of-service vulnerability that
affects both server and client messaging services.

Remote attackers can exploit this issue to deny service to legitimate users.

Very few technical details are currently available. We will update this BID as
more information emerges.

The issue affects the following versions of the SEWB3/PLATFORM:
HI-UX/WE2(3050 SISC): 01-00 to 01-06-/A
HI-UX/WE2(3050 RISC): 01-00 to 01-06-/A
HI-UX/WE2(3050RX): 01-01 to 01-16-/F, 01-06 to 01-16-/B(English version)
HP-UX(9.x): 01-00 to 01-10-/A
HP-UX(10.x): 01-11 to 01-16-/B
HP-UX(11.x): 01-16-/C to 01-16-/F, 01-17 to 01-17-/F
Solaris: 01-04 to 02-14-/A
AIX: 01-10 to 02-13

The issue affects the following versions of the SEWB3/MI-PLATFORM:
HI-UX/WE2(3050 SISC): 01-00 to 01-06-/A
HI-UX/WE2(3050 RISC): 01-00 to 01-06-/A
HI-UX/WE2(3050RX): 01-02 to 01-16-/F, 01-07 to 01-16-/B(English version)
HP-UX(9.x): 01-02 to 01-10-/A
HP-UX(10.x): 01-11 to 01-16-/B
HP-UX(11.x): 01-16-/C to 01-16-/F, 01-17 to 01-17-/F
Solaris: 01-04 to 02-14-/A
AIX: 01-10 to 02-13

4. Hitachi EUR Print Manager Remote Denial of Service Vulnerability
BugTraq ID: 27899
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27899
Summary:
Hitachi EUR Print Manager is prone to a remote denial-of-service vulnerability
because it fails to handle exceptional conditions.
 
Successfully exploiting this issue allows remote attackers to crash the affected
application, denying service to legitimate users.

This issue affects EUR Print Manager, EUR Print Manager - Local Server and EUR
Print Manager - Client.

5. Symantec Storage Foundation Veritas Enterprise Administrator Heap Buffer
Overflow Vulnerability
BugTraq ID: 25778
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/25778
Summary:
Symantec Storage Foundation is prone to a remote heap-based buffer-overflow
vulnerability because it fails to perform adequate boundary-checks on
user-supplied data. This issue occurs in the Symantec Veritas Enterprise
Administrator (VEA) component. 

An attacker can exploit this issue to execute arbitrary code in the context of
the SYSTEM. Successfully exploiting this issue will result in the complete
compromise of affected computers. Failed exploit attempts will result in a
denial-of-service condition.

6. Jooget! 'id' Parameter SQL Injection Vulnerability
BugTraq ID: 27836
Remote: Yes
Last Updated: 2008-02-19
Relevant URL: http://www.securityfocus.com/bid/27836
Summary:
The Joomla! and Mambo Jooget! component are prone to an SQL-injection
vulnerability because the software fails to sufficiently sanitize user-supplied
data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application,
access or modify data, or exploit latent vulnerabilities in the underlying
database.

7. Cacti Multiple Input Validation Vulnerabilities
BugTraq ID: 27749
Remote: Yes
Last Updated: 2008-02-19
Relevant URL: http://www.securityfocus.com/bid/27749
Summary:
Cacti is prone to multiple unspecified input-validation vulnerabilities,
including: 

- Multiple cross-site scripting vulnerabilities 
- Multiple SQL-injection vulnerabilities
- An HTTP response-splitting vulnerability. 

Attackers may exploit these vulnerabilities to influence or misrepresent how web
content is served, cached, or interpreted, to compromise the application, to
access or modify data, to exploit vulnerabilities in the underlying database, or
to execute arbitrary script code in the browser of an unsuspecting user.

These issues affect Cacti 0.8.7a and prior versions.

8. WP Photo Album 'photo' Parameter SQL Injection Vulnerability
BugTraq ID: 27832
Remote: Yes
Last Updated: 2008-02-19
Relevant URL: http://www.securityfocus.com/bid/27832
Summary:
WP Photo Album is prone to an SQL-injection vulnerability because it fails to
sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application,
access or modify data, or exploit latent vulnerabilities in the underlying
database.

The issue affects WP Photo Album 1.1; other versions may also be vulnerable.

9. PHPizabi 'image.php' Arbitrary File Upload Vulnerability
BugTraq ID: 27847
Remote: Yes
Last Updated: 2008-02-19
Relevant URL: http://www.securityfocus.com/bid/27847
Summary:
PHPizabi is prone to a vulnerability that lets an attacker upload and execute
arbitrary script code in the context of the affected webserver process. The
issue occurs because the application fails to sufficiently sanitize
user-supplied input.

This issue affects PHPizabi 0.848b; other versions may also be vulnerable.

10. Multiple Web Browser BMP Partial Palette Information Disclosure and Denial
Of Service Vulnerability
BugTraq ID: 27826
Remote: Yes
Last Updated: 2008-02-19
Relevant URL: http://www.securityfocus.com/bid/27826
Summary:
Firefox and Opera browsers are prone to a vulnerability that can result in
information disclosure or a denial of service.

An attacker can exploit this issue to harvest sensitive information that may be
used to launch further attacks or to crash the affected application, denying
service to legitimate users. 

Mozilla Firefox 2.0.0.11 and Opera 9.50 Beta are affected.

11. XPWeb 'Download.php' File Disclosure Vulnerability
BugTraq ID: 27838
Remote: Yes
Last Updated: 2008-02-19
Relevant URL: http://www.securityfocus.com/bid/27838
Summary:
XPWeb is prone to a vulnerability  that lets attackers obtain potentially
sensitive information because it fails to properly sanitize user-supplied input.

An attacker can exploit this issue to download arbitrary files with the
privileges of the webserver process. Information obtained may aid in further
attacks.

This issue affects XPWeb 3.3.2; other versions may be vulnerable as well.

12. BanPro DMS 'index.php' Local File Include Vulnerability
BugTraq ID: 27831
Remote: Yes
Last Updated: 2008-02-19
Relevant URL: http://www.securityfocus.com/bid/27831
Summary:
BanPro DMS is prone to a local file-include vulnerability because it fails to
properly sanitize user-supplied input.

An attacker can exploit this vulnerability using directory-traversal strings to
include local files in the context of the webserver process. This may allow the
attacker to obtain potentially sensitive information; other attacks are also
possible.

This issue affects BanPro DMS 1.0; other versions may also be vulnerable.

13. 360 Degree Web PlatinumKey Access Control Bypass Application Execution
Vulnerability
BugTraq ID: 7392
Remote: No
Last Updated: 2008-02-19
Relevant URL: http://www.securityfocus.com/bid/7392
Summary:
PlatinumKey fails not properly restrict access to the desktop when SmartCard
access control is enabled. Because of this, an attacker may be able to gain
access to the task bar and potentially execute applications. 

 Update: Acer Travelmate C300 and 8100 running Platinum Secure are also reported
affected by this issue. Furthermore, by using the extra 'Web' button on
keyboards, attackers may also gain access to the underlying operating system
even if the Control-Escape sequence does not work.

UPDATE (February 15, 2008): Reports indicate that PlatinumKey 1.1.3a is not
vulnerable to this issue.

14. 360 Degree Web PlatinumKey Access Control Bypass Information Disclosure
Vulnerability
BugTraq ID: 7391
Remote: No
Last Updated: 2008-02-19
Relevant URL: http://www.securityfocus.com/bid/7391
Summary:
PlatinumKey fails not properly restrict access to the desktop when SmartCard
access control is enabled.  Because of this, an attacker may be able to obtain
potentially sensitive information. 
 
Update: Acer Travelmate C300 and 8100 running Platinum Secure are also reported
affected by this issue. Furthermore, by using the extra 'Web' button on
keyboards, attackers may also gain access to the underlying operating system
even if the Control-Escape sequence does not work.

UPDATE (February 15, 2008): Reports indicate that PlatinumKey 1.1.3a is not
vulnerable to this issue.

15. Sami FTP Server User Command Buffer Overflow Vulnerability
BugTraq ID: 16370
Remote: Yes
Last Updated: 2008-02-19
Relevant URL: http://www.securityfocus.com/bid/16370
Summary:
Sami FTP Server is prone to a buffer-overflow vulnerability because the
application fails to properly bounds-check user-supplied data before storing it
in a finite-sized buffer. 

An attacker can exploit this issue to execute arbitrary machine code in the
context of the affected server application. This likely occurs with SYSTEM-level
privileges.

Sami FTP Server 2.0.1 is affected by this issue; other versions may also be
affected.

UPDATE (February 15, 2008): This issue was reported again in a message to
Bugtraq. The message states that 2.0.* is vulnerable, implying that the fixed
version may still be affected. However, this has not been confirmed.

16. Sami FTP Server Multiple Commands Remote Denial Of Service Vulnerabilities
BugTraq ID: 27817
Remote: Yes
Last Updated: 2008-02-19
Relevant URL: http://www.securityfocus.com/bid/27817
Summary:
Sami FTP Server is prone to multiple remote denial-of-service vulnerabilities
because the application fails to handle exceptional conditions. 

An attacker can exploit these issues to crash the affected application, denying
service to legitimate users. 

Versions in the Sami FTP Server 2.0 series are vulnerable; other versions may
also be affected.

17. e-Vision CMS 'id' Parameter Multiple SQL Injection Vulnerabilities
BugTraq ID: 27816
Remote: Yes
Last Updated: 2008-02-19
Relevant URL: http://www.securityfocus.com/bid/27816
Summary:
e-Vision CMS is prone to multiple SQL-injection vulnerabilities because it fails
to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application,
access or modify data, or exploit latent vulnerabilities in the underlying
database.

e-Vision CMS 2.02 is vulnerable; other versions may also be affected.

18. Joomla! and Mambo com_downloads Component 'cat' Parameter SQL Injection
Vulnerability
BugTraq ID: 27860
Remote: Yes
Last Updated: 2008-02-19
Relevant URL: http://www.securityfocus.com/bid/27860
Summary:
The Joomla! and Mambo 'com_downloads' component is prone to an SQL-injection
vulnerability because it fails to sufficiently sanitize user-supplied data
before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application,
access or modify data, or exploit latent vulnerabilities in the underlying
database.

19. Joomla! and Mambo com_profile Component 'oid' Parameter SQL Injection
Vulnerability
BugTraq ID: 27851
Remote: Yes
Last Updated: 2008-02-19
Relevant URL: http://www.securityfocus.com/bid/27851
Summary:
The Joomla! and Mambo 'com_profile' component is prone to an SQL-injection
vulnerability because it fails to sufficiently sanitize user-supplied data
before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application,
access or modify data, or exploit latent vulnerabilities in the underlying
database.

20. Joomla! and Mambo Portfolio Manager Component 'categoryId' Parameter SQL
Injection Vulnerability
BugTraq ID: 27849
Remote: Yes
Last Updated: 2008-02-19
Relevant URL: http://www.securityfocus.com/bid/27849
Summary:
Joomla! and Mambo Portfolio Manager component is prone to an SQL-injection
vulnerability because the application fails to properly sanitize user-supplied
input before using it in an SQL query. 

A successful exploit could allow an attacker to compromise the application,
access or modify data, or exploit vulnerabilities in the underlying database.

Portfolio Manager 1.0 is vulnerable; other versions may also be affected.

21. Joomla! and Mambo com_ricette Component 'id' Parameter SQL Injection
Vulnerability
BugTraq ID: 27834
Remote: Yes
Last Updated: 2008-02-19
Relevant URL: http://www.securityfocus.com/bid/27834
Summary:
The Joomla! and Mambo 'com_ricette' component is prone to an SQL-injection
vulnerability because it fails to sufficiently sanitize user-supplied data
before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application,
access or modify data, or exploit latent vulnerabilities in the underlying
database.

22. Joomla! and Mambo Quran Component SQL Injection Vulnerability
BugTraq ID: 27842
Remote: Yes
Last Updated: 2008-02-19
Relevant URL: http://www.securityfocus.com/bid/27842
Summary:
Joomla! and Mambo 'Quran' component is prone to an SQL-injection vulnerability
because the application fails to properly sanitize user-supplied input before
using it in an SQL query. 

A successful exploit could allow an attacker to compromise the application,
access or modify data, or exploit vulnerabilities in the underlying database.

This issue affects Quran 1.1 and prior versions.

23. Joomla! and Mambo com_detail Component 'id' Parameter SQL Injection
Vulnerability
BugTraq ID: 27853
Remote: Yes
Last Updated: 2008-02-19
Relevant URL: http://www.securityfocus.com/bid/27853
Summary:
The Joomla! and Mambo 'com_detail' component is prone to an SQL-injection
vulnerability because it fails to sufficiently sanitize user-supplied data
before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application,
access or modify data, or exploit latent vulnerabilities in the underlying
database.

24. Joomla! and Mambo com_scheduling Component 'id' Parameter SQL Injection
Vulnerability
BugTraq ID: 27830
Remote: Yes
Last Updated: 2008-02-19
Relevant URL: http://www.securityfocus.com/bid/27830
Summary:
The Joomla! and Mambo 'com_scheduling' component is prone to an SQL-injection
vulnerability because it fails to sufficiently sanitize user-supplied data
before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application,
access or modify data, or exploit latent vulnerabilities in the underlying
database.

25. Joomla! and Mambo com_galeria Component 'id' Parameter SQL Injection
Vulnerability
BugTraq ID: 27833
Remote: Yes
Last Updated: 2008-02-19
Relevant URL: http://www.securityfocus.com/bid/27833
Summary:
The Joomla! and Mambo 'com_galeria' component is prone to an SQL-injection
vulnerability because it fails to sufficiently sanitize user-supplied data
before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application,
access or modify data, or exploit latent vulnerabilities in the underlying
database.

26. Joomla! and Mambo com_filebase Component 'filecatid' Parameter SQL Injection
Vulnerability
BugTraq ID: 27829
Remote: Yes
Last Updated: 2008-02-19
Relevant URL: http://www.securityfocus.com/bid/27829
Summary:
The Joomla! and Mambo 'com_filebase' component is prone to an SQL-injection
vulnerability because it fails to sufficiently sanitize user-supplied data
before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application,
access or modify data, or exploit latent vulnerabilities in the underlying
database.

27. PHP-Nuke Okul Module 'okulid' Parameter SQL Injection Vulnerability
BugTraq ID: 27909
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27909
Summary:
The PHP-Nuke Okul module is prone to an SQL-injection vulnerability because it
fails to sufficiently sanitize user-supplied data before using it in an SQL
query.

Exploiting this issue could allow an attacker to compromise the application,
access or modify data, or exploit latent vulnerabilities in the underlying
database.

Okul 1.0 is vulnerable; other versions may also be affected.

28. PHP-Nuke EasyContent Module 'page_id' Parameter SQL Injection Vulnerability
BugTraq ID: 27897
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27897
Summary:
The PHP-Nuke EasyContent module is prone to an SQL-injection vulnerability
because it fails to sufficiently sanitize user-supplied data before using it in
an SQL query.

Exploiting this issue could allow an attacker to compromise the application,
access or modify data, or exploit latent vulnerabilities in the underlying
database.

29. Symantec Storage Foundation for Windows Scheduler Service Denial of Service
Vulnerability
BugTraq ID: 27440
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27440
Summary:
Symantec Storage Foundation for Windows scheduler service is prone to a
denial-of-service vulnerability because it fails to validate user-supplied
input.

Attackers can exploit this issue by transmitting specially-crafted packets to
the scheduler service to crash the application, denying service to legitimate
users.

This issue affects Storage Foundation for Windows version 5.0.

30. PHP-Nuke Sections Module 'artid' Parameter SQL Injection Vulnerability
BugTraq ID: 27879
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27879
Summary:
The PHP-Nuke Sections module is prone to an SQL-injection vulnerability because
it fails to sufficiently sanitize user-supplied data before using it in an SQL
query.

Exploiting this issue could allow an attacker to compromise the application,
access or modify data, or exploit latent vulnerabilities in the underlying
database.

31. PHP-Nuke Web_Links Module 'cid' Parameter SQL Injection Vulnerability
BugTraq ID: 27894
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27894
Summary:
The PHP-Nuke Web_Links module is prone to an SQL-injection vulnerability because
it fails to sufficiently sanitize user-supplied data before using it in an SQL
query.

Exploiting this issue could allow an attacker to compromise the application,
access or modify data, or exploit latent vulnerabilities in the underlying
database.

32. PHP-Nuke Books Module 'cid' Parameter SQL Injection Vulnerability
BugTraq ID: 27863
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27863
Summary:
PHP-Nuke Books module is prone to an SQL-injection vulnerability because it
fails to properly sanitize user-supplied input before using it in an SQL query. 
 
Successful exploits could allow an attacker to compromise the application,
access or modify data, or exploit vulnerabilities in the underlying database.

33. Claroline Multiple Remote Vulnerabilities
BugTraq ID: 27846
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27846
Summary:
Claroline is prone to multiple remote vulnerabilities, including: 

- Multiple unspecified cross-site scripting vulnerabilities. 
- Multiple unspecified SQL-injection vulnerabilities.
- An unspecified vulnerability.

Attackers may exploit these vulnerabilities to compromise the application, to
access or modify data, to exploit vulnerabilities in the underlying database, to
execute arbitrary script code in the browser of an unsuspecting user, or to
steal cookie-based authentication credentials.

These issues affect Claroline 1.8.8 and prior versions.

34. RETIRED: Microsoft February 2008 Advance Notification Multiple
Vulnerabilities
BugTraq ID: 27674
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27674
Summary:
Microsoft has released advance notification that the vendor will be releasing
twelve security bulletins on February 12, 2008. The highest severity rating for
these issues is 'Critical'.

Successfully exploiting these issues may allow remote or local attackers to
compromise affected computers.

The following individual records have been created to document these
vulnerabilities:

27670 Microsoft Windows WebDAV Mini-Redirector Heap Overflow Vulnerability
27676 Microsoft Internet Information Services ASP Remote Code Execution
Vulnerability
27101 Microsoft IIS File Change Notification Local Privilege Escalation
Vulnerability
27668 Microsoft Internet Explorer HTML Rendering Remote Memory Corruption
Vulnerability
27666 Microsoft Internet Explorer Property Method Remote Memory Corruption
Vulnerability
27689 Microsoft Internet Explorer Argument Handling Memory Corruption
Vulnerability
25571 Microsoft Visual FoxPro FPOLE.OCX ActiveX Control Buffer Overflow
Vulnerability
27634 Microsoft Windows Vista DHCP Remote Denial Of Service Vulnerability
27638 Microsoft Windows Active Directory LDAP Request Validation Remote Denial
Of Service Vulnerability
27656 Microsoft Word Unspecified Memory Corruption Remote Code Execution
Vulnerability
27657 Microsoft Works File Converter Section Length Header Remote Heap Overflow
Vulnerability
27658 Microsoft Works File Converter Section Header Index Table Remote Code
Execution Vulnerability
27659 Microsoft Works File Converter Field Length Remote Code Execution
Vulnerability
27661 Microsoft Object Linking and Embedding (OLE) Automation Heap Based Buffer
Overflow Vulnerability
27738 Microsoft Office Execution Jump Memory Corruption Vulnerability
27739 Microsoft Publisher Invalid Memory Reference Remote Code Execution
Vulnerability
27740 Microsoft Publisher Memory Index Code Execution Vulnerability

35. RETIRED: Microsoft January 2008 Advance Notification Multiple
Vulnerabilities
BugTraq ID: 27119
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27119
Summary:
Microsoft has released advance notification that the vendor will be releasing
two security bulletins on January 8, 2008. The highest severity rating for these
issues is 'Critical'.

Successfully exploiting these issues may allow remote or local attackers to
compromise affected computers.

The following individual records have been created to document these
vulnerabilities:

27100 Microsoft Windows TCP/IP IGMP MLD Remote Buffer Overflow Vulnerability
27139 Microsoft Windows TCP/IP ICMP Remote Denial Of Service Vulnerability
27099 Microsoft Windows LSASS LPC Request Local Privilege Escalation
Vulnerability

36. Multiple Horde Products Security Bypass Vulnerability
BugTraq ID: 27844
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27844
Summary:
Horde products are prone to a security-bypass vulnerability.

Attackers can use this issue to bypass certain security restrictions and edit
arbitrary contacts in shared and personal address books. This may aid in further
attacks.

This issue affects Horde Groupware 1.0.3, Horde Groupware Webmail Edition 1.0.4,
and Turba Contact Manager 2.1.6; other versions may also be vulnerable.

37. AuraCMS Multiple SQL Injection Vulnerabilities
BugTraq ID: 27841
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27841
Summary:
AuraCMS is prone to multiple SQL-injection vulnerabilities because it fails to
sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application,
access or modify data, or exploit latent vulnerabilities in the underlying
database.

AuraCMS 1.62 is vulnerable; other versions may also be affected.

38. TRUC Tracking Requirements & Use Cases 'download.php' File Disclosure
Vulnerability
BugTraq ID: 27839
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27839
Summary:
TRUC is prone to a vulnerability  that lets attackers obtain potentially
sensitive information because it fails to properly sanitize user-supplied input.

An attacker can exploit this issue to download arbitrary files with the
privileges of the webserver process. Information obtained may aid in further
attacks.

This issue affects TRUC 0.11.0; other versions may be vulnerable as well.

39. Sun Java Plug-in Multiple Applet Vulnerabilities
BugTraq ID: 12317
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/12317
Summary:
The Sun Java Plug-in is prone to multiple vulnerabilities. 
 
The first issue can allow an untrusted applet to escalate its privileges to
access resources with the privilege level of the user running the applet. 
 
This issue occurs only in Internet Explorer running on Windows. 
 
The second issue allows an untrusted applet to interfere with another applet
embedded in the same web page. 
 
This issue occurs in Java running on Windows, Solaris, and Linux.

40. Adobe Acrobat and Reader Multiple Arbitrary Code Execution and Security
Vulnerabilities
BugTraq ID: 27641
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27641
Summary:
Adobe Acrobat and Reader are prone to multiple arbitrary remote code-execution
and security vulnerabilities.

Attackers can exploit these issues to execute arbitrary code in the context of
the user running the affected application. Other attacks are also possible.

Versions  prior to Adobe Acrobat and Adobe Reader 8.1.2 are vulnerable to these
issues.

41. Samba Send_MailSlot Stack-Based Buffer Overflow Vulnerability
BugTraq ID: 26791
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/26791
Summary:
Samba is prone to a remote stack-based buffer-overflow vulnerability because it
fails to properly bounds-check user-supplied data before copying it to an
insufficiently sized memory buffer.

NOTE: This issue occurs only when the 'domain logons' option is enabled.

An attacker can exploit this issue to execute arbitrary code with superuser
privileges. Successful attacks will completely compromise affected computers.
Failed exploit attempts will result in a denial of service.

42. Perl Unicode Regular Expression Buffer Overflow Vulnerability
BugTraq ID: 26350
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/26350
Summary:
Perl is prone to a buffer-overflow vulnerability because it fails to
sufficiently bounds-check user-supplied input.

Successfully exploiting this issue allows attackers to execute arbitrary machine
code in the context of Perl applications using regular expressions in a
vulnerable manner. This facilitates the remote compromise of affected computers.

Perl 5.8 is vulnerable to this issue; other versions may also be affected.

43. Sun Ray Device Manager Daemon Multiple Vulnerabilities
BugTraq ID: 26944
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/26944
Summary:
Sun Ray Device Manager daemon is prone to multiple vulnerabilities.

Attackers can leverage these issues to create or delete arbitrary directories on
the affected server or to crash the daemon and deny service to legitimate users.

44. XOOPS 'classifieds' Module 'cid' Parameter SQL Injection Vulnerability
BugTraq ID: 27895
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27895
Summary:
XOOPS 'classifieds' module is prone to an SQL-injection vulnerability because it
fails to sufficiently sanitize user-supplied data before using it in an SQL
query.

Exploiting this issue could allow an attacker to compromise the application,
access or modify data, or exploit latent vulnerabilities in the underlying
database.

45. XOOPS 'badliege' Module 'id' Parameter SQL Injection Vulnerability
BugTraq ID: 27892
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27892
Summary:
The XOOPS 'badliege' module is prone to an SQL-injection vulnerability because
it fails to sufficiently sanitize user-supplied data before using it in an SQL
query.

Exploiting this issue could allow an attacker to compromise the application,
access or modify data, or exploit latent vulnerabilities in the underlying
database.

46. XOOPS 'vacatures' Module 'cid' Parameter SQL Injection Vulnerability
BugTraq ID: 27889
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27889
Summary:
XOOPS 'vacatures' module is prone to an SQL-injection vulnerability because it
fails to sufficiently sanitize user-supplied data before using it in an SQL
query.

Exploiting this issue could allow an attacker to compromise the application,
access or modify data, or exploit latent vulnerabilities in the underlying
database.

47. XOOPS 'events' Module 'id' Parameter SQL Injection Vulnerability
BugTraq ID: 27890
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27890
Summary:
The XOOPS 'events' module is prone to an SQL-injection vulnerability because it
fails to sufficiently sanitize user-supplied data before using it in an SQL
query.

Exploiting this issue could allow an attacker to compromise the application,
access or modify data, or exploit latent vulnerabilities in the underlying
database.

48. XOOPS 'seminars' Module 'id' Parameter SQL Injection Vulnerability
BugTraq ID: 27891
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27891
Summary:
The XOOPS 'seminars' module is prone to an SQL-injection vulnerability because
it fails to sufficiently sanitize user-supplied data before using it in an SQL
query.

Exploiting this issue could allow an attacker to compromise the application,
access or modify data, or exploit latent vulnerabilities in the underlying
database.

49. XOOPS myTopics Module 'print.php' SQL Injection Vulnerability
BugTraq ID: 27861
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27861
Summary:
The XOOPS myTopics module is prone to an SQL-injection vulnerability because it
fails to sufficiently sanitize user-supplied data before using it in an SQL
query.

Exploiting this issue could allow an attacker to compromise the application,
access or modify data, or exploit latent vulnerabilities in the underlying
database.

50. Mozilla Firefox 2.0.0.7 Multiple Remote Vulnerabilities
BugTraq ID: 26132
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/26132
Summary:
The Mozilla Foundation has released multiple security advisories specifying
various vulnerabilities in Firefox 2.0.0.7 and prior versions.

These vulnerabilities allow attackers to:

- Execute arbitrary code due to memory corruption.
- Carry out content spoofing and phishing attacks.
- Gain unauthorized access to files on a user's computer running the Linux
operating system.
- Execute script code with elevated privileges.

Other attacks may also be possible.

These issues are present in Firefox 2.0.0.7 and prior versions. Mozilla
Thunderbird 2.0.0.7 and prior versions as well as SeaMonkey 1.1.4 and prior
versions are also affected by many of these vulnerabilities.

51. Multiple Browser URI Handlers Command Injection Vulnerabilities
BugTraq ID: 25053
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/25053
Summary:
Multiple browsers are prone to vulnerabilities that let attackers inject
commands through various protocol handlers.

Exploiting these issues allows remote attackers to pass and execute arbitrary
commands and arguments through processes such as 'cmd.exe' by employing various
URI handlers.

An attacker can exploit these issues to carry out various attacks by executing
arbitrary commands on a vulnerable computer.

Exploiting these issues would permit remote attackers to influence command
options that can be called through protocol handlers and to execute commands
with the privileges of a user running the application. Successful attacks may
result in a variety of consequences, including remote unauthorized access.

Mozilla Firefox 2.0.0.5, 3.0a6 and Netscape Navigator 9 are reported vulnerable
to these issues.  Other versions of these browsers and other vendors' browsers
may also be affected.

52. WordPress wp-people Plugin 'wp-people-popup.php' SQL Injection Vulnerability
BugTraq ID: 27858
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27858
Summary:
The WordPress 'wp-people' plugin is prone to an SQL-injection vulnerability
because it fails to sufficiently sanitize user-supplied data before using it in
an SQL query.

Exploiting this issue could allow an attacker to compromise the application,
access or modify data, or exploit latent vulnerabilities in the underlying
database.

53. WordPress Recipes Blog Plugin 'id' Parameter SQL Injection Vulnerability
BugTraq ID: 27856
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27856
Summary:
The WordPress Recipes Blog plugin is prone to an SQL-injection vulnerability
because it fails to sufficiently sanitize user-supplied data before using it in
an SQL query.

Exploiting this issue could allow an attacker to compromise the application,
access or modify data, or exploit latent vulnerabilities in the underlying
database.

54. Mozilla Firefox/Thunderbird/SeaMonkey Chrome-Loaded About:Blank Script
Execution Vulnerability
BugTraq ID: 25142
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/25142
Summary:
Mozilla Firefox, Thunderbird, and SeaMonkey are prone to a vulnerability that
allows JavaScript to execute with unintended privileges. 

A malicious site may be able to cause the execution of a script with Chrome
privileges. Attackers could exploit this issue to execute hostile script code
with privileges that exceed those that were intended. Certain Firefox extensions
may not intend 'about:blank' to execute script code with Chrome privileges.

NOTE: This issue was introduced by the fix for MFSA 2007-20.

55. Mozilla Firefox 2.0.0.4 Multiple Remote Vulnerabilities
BugTraq ID: 24946
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/24946
Summary:
The Mozilla Foundation has released four security advisories specifying multiple
vulnerabilities in Firefox 2.0.0.4.

These vulnerabilities allow attackers to:

- Execute arbitrary code
- Execute code with chrome privileges
- Perform cross-site scripting attacks
- Crash Firefox in a myriad of ways, with evidence of memory corruption.

Other attacks may also be possible.

56. iJoomla com_magazine Component 'pageid' Parameter SQL Injection
Vulnerability
BugTraq ID: 27888
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27888
Summary:
iJoomla 'com_magazine' component is prone to an SQL-injection vulnerability
because it fails to sufficiently sanitize user-supplied data before using it in
an SQL query.

Exploiting this issue could allow an attacker to compromise the application,
access or modify data, or exploit latent vulnerabilities in the underlying
database.

57. Joomla! and Mambo com_genealogy Component 'id' Parameter SQL Injection
Vulnerability
BugTraq ID: 27887
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27887
Summary:
The Joomla! and Mambo 'com_genealogy' component is prone to an SQL-injection
vulnerability because it fails to sufficiently sanitize user-supplied data
before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application,
access or modify data, or exploit latent vulnerabilities in the underlying
database.

58. Joomla! and Mambo com_formtool Component 'catid' Parameter SQL Injection
Vulnerability
BugTraq ID: 27884
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27884
Summary:
The Joomla! and Mambo 'com_formtool' component is prone to an SQL-injection
vulnerability because it fails to sufficiently sanitize user-supplied data
before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application,
access or modify data, or exploit latent vulnerabilities in the underlying
database.

59. Joomla! and Mambo com_iigcatalog Component 'cat' Parameter SQL Injection
Vulnerability
BugTraq ID: 27883
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27883
Summary:
The Joomla! and Mambo 'com_iigcatalog' component is prone to an SQL-injection
vulnerability because it fails to sufficiently sanitize user-supplied data
before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application,
access or modify data, or exploit latent vulnerabilities in the underlying
database.

60. Joomla! and Mambo 'com_team' Component SQL Injection Vulnerability
BugTraq ID: 27881
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27881
Summary:
The 'com_team' component for Joomla! and Mambo is prone to an SQL-injection
vulnerability because it fails to sufficiently sanitize user-supplied data
before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application,
access or modify data, or exploit latent vulnerabilities in the underlying
database.

61. MoinMoin Multiple Cross Site Scripting Vulnerabilities
BugTraq ID: 27904
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27904
Summary:
MoinMoin is prone to multiple cross-site scripting vulnerabilities because it
fails to sufficiently sanitize user-supplied data.

Exploiting these issues could allow an attacker to steal cookie-based
authentication credentials and to launch other attacks.
 
These issues affect the following versions:

MoinMoin 1.5.8 and prior versions
MoinMoin 1.6.x prior to 1.6.1.

62. IPdiva SSL VPN Security Bypass Vulnerability and Multiple Cross Site
Scripting Vulnerabilities
BugTraq ID: 27800
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27800
Summary:
IPdiva SSL VPN is prone to a security-mechanism bypass vulnerability and
multiple unspecified cross-site scripting vulnerabilities.

An attacker can exploit these issues to gain unauthorized access to resources
protected by the VPN, or to execute arbitrary script code in the browser of an
unsuspecting user in the context of the affected site.

These issues affect IPdiva SSL VPN 2.2 branch prior to 2.2.8.84 and 2.3 branch
prior to 2.3.2.14.

63. MoinMoin MOIN_ID Cookie Remote Input Validation Vulnerability
BugTraq ID: 27404
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27404
Summary:
MoinMoin is prone to an input-validation vulnerability because it fails to
properly sanitize user-supplied cookie data.

An attacker can exploit this issue to gain unauthorized access to the affected
application, which may lead to further attacks.

Versions in the MoinMoin 1.5 series are vulnerable.

UPDATE: The 'quicklinks' parameter may be used to insert PHP code into writable
files in conjunction with this issue. Attackers could potentially inject
executable script code into writable PHP files located outside of the MoinMoin
installation.

64. BEA Systems Multiple Products BEA08-183.00 to BEA08-200.00 Multiple
Vulnerabilities
BugTraq ID: 27893
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27893
Summary:
BEA has released 17 advisories identifying various vulnerabilities affecting
WebLogic Server, WebLogic Portal, WebLogic Workshop, AquaLogic Interaction, BEA
Plumtree Foundation, AquaLogic Collaboration, and BEA Plumtree Collaboration.
These issues present remote and local threats and may facilitate attacks
affecting the integrity, confidentiality, and availability of vulnerable
computers.

65. Sun Java Runtime Environment Virtual Machine Remote Privilege Escalation
Vulnerability
BugTraq ID: 26185
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/26185
Summary:
The Sun Java Runtime Environment is prone to a remote privilege-escalation
vulnerability. 

An attacker can exploit this issue to execute arbitrary code within the context
of the user who invoked the Java applet. Successfully exploiting this issue may
result in the remote compromise of affected computers.

66. Sun Java WebStart Multiple File Access And Information Disclosure
Vulnerabilities
BugTraq ID: 25920
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/25920
Summary:
Sun Java Web Start is prone to multiple local file-access vulnerabilities and an
information-disclosure vulnerability. 

An attacker could exploit these issues to obtain sensitive information and to
read and write arbitrary files on the affected computer with the privileges of
the user running the untrusted Java application.

67. Sun Java Runtime Environment Multiple Weaknesses
BugTraq ID: 25918
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/25918
Summary:
Sun Java Runtime Environment is prone to multiple weaknesses that may allow
JavaScript code or applets to connect to resources other than the one the
scripts or applets were downloaded from. One of the weaknesses may allow an
attacker to obscure a Java warning about an untrusted applet from the user.

These issues affect the following packages for Windows, Solaris, and Linux:

JDK and JRE 6 Update 2 and earlier
JDK and JRE 5.0 Update 12 and earlier
SDK and JRE 1.4.2_15 and earlier
SDK and JRE 1.3.1_20 and earlier

68. IBM Lotus QuickPlace 'Main.nsf' Cross-Site Scripting Vulnerability
BugTraq ID: 27871
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27871
Summary:
IBM Lotus QuickPlace is prone to a cross-site scripting vulnerability because it
fails to sufficiently sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the
browser of an unsuspecting user in the context of the affected site. This may
help the attacker steal cookie-based authentication credentials and launch other
attacks.

The issue affects QuickPlace 7.0; other versions may be affected as well.

NOTE: This issue may be related to BID 27840 (IBM Lotus Quickr Unspecified
Cross-Site Scripting Vulnerability), but this has not been confirmed.

69. IBM Lotus Quickr Unspecified Cross-Site Scripting Vulnerability
BugTraq ID: 27840
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27840
Summary:
IBM Lotus Quickr is prone to an unspecified cross-site scripting vulnerability
because it fails to sufficiently sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the
browser of an unsuspecting user in the context of the affected site. This may
help the attacker steal cookie-based authentication credentials and launch other
attacks.

Few details are available regarding this issue. We will update this BID as more
information emerges.

The issue affects versions prior to Lotus Quickr 8.0.0.2 Hotfix 11.

70. IBM DB2 Universal Database 9.1 Multiple Vulnerabilities
BugTraq ID: 27870
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27870
Summary:
IBM DB2 Universal Database is prone to multiple vulnerabilities, including
denial-of-service issues and multiple issues with unspecified impact.

Successfully exploiting these issues may allow attackers to cause
denial-of-service conditions and carry out other attacks.

Very few details are currently available regarding these issues. We will update
this BID as more information emerges.

These issues affect IBM DB2 Universal Database 9.1 versions prior to  Fixpak 4a.

71. Apple iPhoto DPAP Remote Denial of Service Vulnerability
BugTraq ID: 27867
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27867
Summary:
Apple iPhoto is prone to a remote denial-of-service vulnerability. 

Attackers can exploit this issue to crash the affected application, denying
service to legitimate users. 

Exploiting this issue will allow attackers to execute arbitrary code with the
permissions of a user running the application. Failed attacks will likely cause
denial-of-service conditions. 

This issue affects Apple iPhoto 4.0.3 and prior versions.

72. ATutor User Profile Multiple HTML Injection Vulnerabilities
BugTraq ID: 27855
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27855
Summary:
ATutor is prone to multiple HTML-injection vulnerabilities because it fails to
sufficiently sanitize user-supplied input data.

Exploiting these issues may allow an attacker to execute HTML and script code in
the context of the affected site, to steal cookie-based authentication
credentials, or to control how the site is rendered to the user; other attacks
are also possible.

ATutor 1.5.5 and prior versions are vulnerable.

73. RunCMS 'admin.php' Cross-Site Scripting Vulnerability
BugTraq ID: 27852
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27852
Summary:
RunCMS is prone to a cross-site scripting vulnerability because it fails to
sufficiently sanitize user-supplied input data.

An attacker may leverage this issue to execute arbitrary script code in the
browser of an unsuspecting user in the context of the affected site. This may
help the attacker steal cookie-based authentication credentials and launch other
attacks.
 
RunCMS 1.6.1 is vulnerable; other versions may also be affected.

74. LightBlog 'view_member.php' Local File Include Vulnerability
BugTraq ID: 27837
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27837
Summary:
LightBlog is prone to a local file-include vulnerability because it fails to
properly sanitize user-supplied input.

Exploiting this issue may allow an attacker to access potentially sensitive
information and execute arbitrary local scripts in the context of the affected
application.

This issue affects LightBlog 9.6; other versions may also be vulnerable.

75. Linux Kernel Prior to 2.6.24.1 'vmsplice_to_user()' Local Privilege
Escalation Vulnerability
BugTraq ID: 27799
Remote: No
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27799
Summary:
The Linux kernel is prone to a privilege-escalation vulnerability because it
fails to adequately validate a user-supplied pointer value. 

A local attacker can exploit this issue to write to arbitrary memory locations
on the affected computer and gain elevated privileges.

This issue affects Linux Kernel 2.6.23 through 2.6.24.

76. PCRE Character Class Buffer Overflow Vulnerability
BugTraq ID: 27786
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27786
Summary:
PCRE regular-expression library is prone to a buffer-overflow vulnerability
because it fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of an
application using the library. Failed exploit attempts will likely cause
denial-of-service conditions.

The issue affects versions prior to PCRE 7.6.

77. BEA WebLogic Multiple Vulnerabilities
BugTraq ID: 16358
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/16358
Summary:
BEA has released 10 advisories identifying various vulnerabilities affecting BEA
WebLogic Server, WebLogic Portal, and WebLogic Express. These issues present
remote and local threats and may facilitate attacks affecting the integrity,
confidentiality, and availability of vulnerable computers.

78. Linux Kernel Prior to 2.6.24.2 'vmsplice_to_pipe()' Local Privilege
Escalation Vulnerability
BugTraq ID: 27801
Remote: No
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27801
Summary:
Linux Kernel is prone to a local privilege-escalation vulnerability because it
fails to adequately validate a user-supplied length value.

Attackers can leverage this issue to gain superuser privileges on affected
computers.

This issue affects Linux Kernel 2.6.17 through 2.6.24.1.

79. Multiple BEA WebLogic Applications Multiple Vulnerabilities
BugTraq ID: 23979
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/23979
Summary:
Multiple BEA WebLogic applications are affected by multiple vulnerabilities,
including cross-site scripting, HTML-injection, information-disclosure,
directory-traversal, security-bypass, brute-force, and denial-of-service issues.

An attacker can exploit these issues to gain privileged access to affected
applications, to access potentially sensitive information that could aid in
further attacks, or to deny service to legitimate users. Successful attacks can
result in the compromise of the applications. Other attacks are also possible.

80. Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting
Weakness
BugTraq ID: 26663
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/26663
Summary:
Apache is prone to a cross-site scripting weakness when handling HTTP request
methods that result in 413 HTTP errors.

An attacker may exploit this issue to  steal cookie-based authentication
credentials and launch other attacks.

Apache 2.0.46 through 2.2.4 are vulnerable; other versions may also be affected.

81. Dokeos Multiple SQL Injection, HTML Injection, Cross-Site Scripting, and
File Upload Vulnerabilities
BugTraq ID: 27792
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27792
Summary:
Dokeos is prone to multiple input-validation vulnerabilities including five
SQL-injection issues, one HTML-injection issue, three cross-site scripting
issues, and one arbitrary-file-upload issue.

Attackers can exploit these issues to execute arbitrary script code in the
context of the webserver, compromise the application, steal cookie-based
authentication credentials from legitimate users of the site, modify the way the
site is rendered, access or modify data, or exploit latent vulnerabilities in
the underlying database.

Versions prior to Dokeos 1.8.4 SP2 are affected.

82. Hosting Controller Multiple Remote Vulnerabilities
BugTraq ID: 26862
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/26862
Summary:
Hosting Controller is prone to 14 remote vulnerabilities, including seven
unauthorized-access issues, four SQL-injection issues, two
information-disclosure issues, and one HTML-injection issue.

An attacker can exploit these issues to compromise the affected application,
execute arbitrary code within the context of the webserver process, steal
cookie-based authentication credentials, access or modify data, exploit latent
vulnerabilities in the underlying database, obtain sensitive information, and
gain unauthorized access to the affected application.

83. WordPress Plugin WP-Forum SQL Injection Vulnerability
BugTraq ID: 27362
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27362
Summary:
WordPress plugin WP-Forum is prone to an SQL-injection vulnerability because it
fails to sufficiently sanitize user-supplied data before using it in an SQL
query.

Exploiting this issue could allow an attacker to compromise the application,
access or modify data, or exploit latent vulnerabilities in the underlying
database.

The issue affects WP-Forum 1.7.4; other versions may also be vulnerable.

84. Nagios Plugins Location Header Remote Buffer Overflow Vulnerability
BugTraq ID: 25952
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/25952
Summary:
Nagios Plugins are prone to a remote buffer-overflow vulnerability because the
software fails to properly bounds-check user-supplied data before copying it to
an insufficiently sized buffer.

Exploiting this issue allows attackers to execute arbitrary machine code in the
context of users running the affected software.

This issue affects Nagios Plugins 1.4.9; other versions may also be vulnerable.

85. Imager 8 Bit BMP Heap Based Buffer Overflow Vulnerability
BugTraq ID: 23711
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/23711
Summary:
Imager is prone to a heap-based buffer-overflow vulnerability because it fails
to properly bounds-check user-supplied input data before copying it to an
insufficiently sized memory buffer.

Successful exploits of this vulnerability allow remote attackers to execute
arbitrary machine code in the context of an application using the vulnerable
library. Failed attempts will likely result in denial-of-service conditions.
 
 NOTE: The effects of successful attacks depend on how system memory is
allocated. The implementation of the 'glibc' memory allocator will likely allow
an attacker to trigger only denial-of-service conditions. Other allocators may
allow arbitrary code execution.
 
 Versions prior to Imager 0.57 are vulnerable.

86. wyrd Insecure Temporary File Creation Vulnerability
BugTraq ID: 27848
Remote: No
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27848
Summary:
The 'wyrd' program is prone to a security vulnerability that allows attackers to
create temporary files in an insecure manner.

An attacker with local access could potentially exploit this issue to perform
symbolic-link attacks, overwriting arbitrary files in the context of the
affected application. 

Successfully mounting a symlink attack may allow the attacker to delete or
corrupt sensitive files, which may result in a denial of service. Other attacks
may also be possible.

This issue affects wyrd 1.4.3-b3; other versions may also be vulnerable.

87. GlobalLink 'HanGamePlugincn18.dll' ActiveX Control Multiple Buffer Overflow
Vulnerabilities
BugTraq ID: 27626
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27626
Summary:
GlobalLink is prone to multiple buffer-overflow vulnerabilities because it fails
to properly bounds-check user-supplied data before copying it into an
insufficiently sized memory buffer.

An attacker can exploit these issues to execute arbitrary code within the
context of application that invoked the ActiveX control (typically Internet
Explorer). Failed exploit attempts will result in a denial-of-service condition.

These issues affect GlobalLink 2.8.1.2 beta and 2.6.1.29; other versions may
also be affected.

88. XOOPS WF-Link Module Viewcat.PHP SQL Injection Vulnerability
BugTraq ID: 23340
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/23340
Summary:
The XOOPS WF-Link module is prone to an SQL-injection vulnerability because it
fails to sufficiently sanitize user-supplied data before using it in an SQL
query.

Exploiting this issue could allow an attacker to compromise the application,
access or modify data, or exploit latent vulnerabilities in the underlying
database implementation.

This issue affects WF-Link 1.03; prior versions may also be affected.

89. Foxit WAC Server Denial of Service Vulnerability
BugTraq ID: 27142
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27142
Summary:
Foxit WAC Server is prone to a denial-of-service vulnerability because the
application fails to perform adequate boundary checks on user-supplied data. 

An attacker can exploit this issue to crash the affected application, denying
service to legitimate users. 

 This issue affects Foxit WAC Server 2.0 Build 3503 and prior versions.

90. Lyris ListManager Multiple Remote Vulnerabilities
BugTraq ID: 26792
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/26792
Summary:
Lyris ListManager is prone to multiple remote vulnerabilities, including:

- Two privilege-escalation vulnerabilities
- A vulnerability that allows attackers to overwrite existing accounts.

An attacker can exploit these issues to compromise the affected application,
modify client-side information, overwrite arbitrary user accounts, and gain
administrative access to the affected application. Other attacks are also
possible.

91. EMC RepliStor Multiple Remote Heap Based Buffer Overflow Vulnerabilities
BugTraq ID: 27915
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27915
Summary:
EMC RepliStor is prone to multiple remote heap-based buffer-overflow
vulnerabilities because it fails to perform adequate boundary checks on
user-supplied input.

A remote attacker may be able to exploit these issues to execute arbitrary code
with SYSTEM-level privileges. Successfully exploiting this issue will result in
the complete compromise of affected computers. Failed exploit attempts will
result in a denial-of-service condition.

These issues affect EMC RepliStor 6.2 SP2; other versions may also be affected.

92. PHP-Nuke Docum Module 'artid' Parameter SQL Injection Vulnerability
BugTraq ID: 27912
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27912
Summary:
The PHP-Nuke Docum module is prone to an SQL-injection vulnerability because it
fails to sufficiently sanitize user-supplied data before using it in an SQL
query.

Exploiting this issue could allow an attacker to compromise the application,
access or modify data, or exploit latent vulnerabilities in the underlying
database implementation.

93. Globsy 'globsy_edit.php' Local File Include Vulnerability
BugTraq ID: 27910
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27910
Summary:
Globsy is prone to a local file-include vulnerability because it fails to
properly sanitize user-supplied input.

Exploiting this issue may allow an attacker to access potentially sensitive
information. Information obtained may lead to further attacks.

This issue affects Globsy 1.0; other versions may also be vulnerable.

94. PunBB Password Reset Weak Random Number Security Bypass Vulnerability
BugTraq ID: 27908
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27908
Summary:
PunBB is prone to a vulnerability that can allow an attacker to determine the
password of an arbitrary user due to a design error in its 'Reset Password'
functionality.

Attackers can exploit this issue to guess the random password generated by the
'Reset Password' feature for arbitrary users and then compromise vulnerable
applications.  This may aid in further attacks.

This issue affects PunBB prior to 1.2.17.

95. Highwood Design hwdVideoShare 'Itemid' Parameter SQL Injection Vulnerability
BugTraq ID: 27907
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27907
Summary:
hwdVideoShare is prone to an SQL-injection vulnerability because it fails to
sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application,
access or modify data, or exploit latent vulnerabilities in the underlying
database.

96. CUPS 'process_browse_data()' Remote Double Free Denial of Service
Vulnerability
BugTraq ID: 27906
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27906
Summary:
CUPS is prone to a remote denial-of-service vulnerability because it fails to
protect against a double-free condition.

Attackers may exploit this issue to trigger crashes in the application, denying
service to legitimate users. Remote code execution may also be possible, but
this has not been confirmed.

CUPS version 1.3.5 is vulnerable to this issue; other versions may also be
affected.

97. XOOPS eEmpregos Module 'index.php' SQL Injection Vulnerability
BugTraq ID: 27905
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27905
Summary:
The XOOPS eEmpregos module is prone to an SQL-injection vulnerability because it
fails to sufficiently sanitize user-supplied data before using it in an SQL
query.

Exploiting this issue could allow an attacker to compromise the application,
access or modify data, or exploit latent vulnerabilities in the underlying
database implementation.

98. Schoolwires Academic Portal SQL Injection Vulnerability and Cross-Site
Scripting Vulnerability
BugTraq ID: 27903
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27903
Summary:
Schoolwires Academic Portal is prone to a cross-site scripting vulnerability and
an SQL-injection vulnerability because the application fails to sufficiently
sanitize user-supplied input.

Exploiting these issues could allow an attacker to steal cookie-based
authentication credentials, compromise the application, access or modify data,
or exploit latent vulnerabilities in the underlying database.

99. RunCMS MyAnnonces Module 'cid' Parameter SQL Injection Vulnerability
BugTraq ID: 27902
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27902
Summary:
The RunCMS MyAnnonces module  is prone to an SQL-injection vulnerability because
it fails to sufficiently sanitize user-supplied data before using it in an SQL
query. 

Exploiting this issue could allow an attacker to compromise the application,
access or modify data, or exploit latent vulnerabilities in the underlying
database.

100. Opera Web Browser 9.25 Multiple Security Vulnerabilities
BugTraq ID: 27901
Remote: Yes
Last Updated: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27901
Summary:
Opera Web Browser is prone to multiple security vulnerabilities, including
script code-execution and a file upload issue.

Attackers can exploit these issues to execute remote script code and obtain
sensitive data.

These issues affect versions prior to Opera 9.26.

III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Worries over "good worms" rise again
By: Robert Lemos
A Microsoft researcher studies the use of self-propagation for patching, but for
most of the security industry, any worm is a bad worm.
http://www.securityfocus.com/news/11506

2. Federal agencies miss deadline on secure configs
By: Robert Lemos
The U.S. government has made progress on moving to a standard configuration for
Windows XP and Windows Vista systems, but work remains.
http://www.securityfocus.com/news/11505

3. Universities fend off phishing attacks
By: Robert Lemos
Online fraudsters send e-mail messages that masquerade as help-desk requests for
usernames and passwords.
http://www.securityfocus.com/news/11504

4. Antivirus firms, test labs to form standards group
By: Robert Lemos
The makers of antivirus software as well as independent and media-sponsored
testing labs have agreed to create an industry group to standardize on methods
of evaluating anti-malware programs.
http://www.securityfocus.com/news/11502

IV.  SECURITY JOBS LIST SUMMARY
-------------------------------
V.   INCIDENTS LIST SUMMARY
---------------------------
1. Security log parser
http://www.securityfocus.com/archive/75/488116

2. Possible Mail server compromise ?
http://www.securityfocus.com/archive/75/487488

VI.  VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
XI.   SPONSOR INFORMATION
------------------------
This issue is Sponsored by: HP

HP Application Security Webinar: Achieving PCI 6.6 Compliance - Are Your Web
Applications Secure Enough?
In June 2008, the major credit card vendors will require compliance with
requirement 6 of the PCI DSS, "Ensure that all web facing applications are
protected against known attacks."  Join HP Software and the former SPI Dynamics
for this free webinar to learn how you can easily satisfy this requirement and
build a powerful web application security program at the same time. During this
event, you will receive the tools and knowledge to ensure your web applications
comply with PCI requirements and block hackers.
https://h30406.www3.hp.com/campaigns/2008/events/sw-02-26-08/index.php?mcc=DAYA
[ terug ]