SecurityFocus News
SecurityFocus Newsletter #400 May 10 2007 12:00AM
plaborge securityfocus com
SecurityFocus Newsletter #400
----------------------------------------

This Issue is Sponsored by: SPI Dynamics

ALERT: Ajax Security Dangers- How Hackers are attacking Ajax Web Apps
While Ajax can greatly improve the usability of a Web application, it can also create several opportunities for possible attack if the application is not designed with security in mind. Download this SPI Dynamics white paper.

https://download.spidynamics.com/1/ad/AJAX.asp?Campaign_ID=70160000000Co
Ne

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1. Time for a new certification
2. 0wning Vista from the boot
II. BUGTRAQ SUMMARY
1. VIM Feedkeys and Writefile Functions Remote Code Execution Vulnerabilities
2. RSA ACE Agent Image Cross-Site Scripting Vulnerability
3. Microsoft Internet Explorer HTML Objects Script Errors Remote Code Execution Vulnerability
4. Microsoft Internet Explorer CHTSKDIC.DLL Arbitrary Code Execution Vulnerability
5. Advanced Guestbook Lang Cookie Parameter Local File Include Vulnerability
6. MySQL Single Row SubSelect Remote Denial Of Service Vulnerability
7. ImageMagick XGetPixel/XInitImage Multiple Integer Overflow Vulnerabilities
8. X.Org LibXFont Multiple Integer Overflow Vulnerabilities
9. X.Org X11 XC-MISC Extension Integer Overflow Vulnerability
10. VMware Workstation Shared Folders Directory Traversal Vulnerability
11. VMware Multiple Denial Of Service Vulnerabilities
12. PostgreSQL SECURITY DEFINER Function Local Privilege Escalation Vulnerability
13. IPv6 Protocol Type 0 Route Header Denial of Service Vulnerability
14. Linux Kernel NETLINK_FIB_LOOKUP Local Denial of Service Vulnerability
15. ManageEngine Password Manager Pro Database Remote Unauthorized Access Vulnerability
16. DynamicPAD HomeDir Parameter Multiple Remote File Include Vulnerabilities
17. Advanced Guestbook Picture.PHP Cross-Site Scripting Vulnerability
18. Tetex Mkind.C Remote Buffer Overflow Vulnerability
19. Taltech Tal Bar TALBarCd.OCX ActiveX Control Remote Buffer Overflow Vulnerability
20. Censura Censura.PHP SQL Injection Vulnerability
21. IrfanView .IFF Format Handling Remote Buffer Overflow Vulnerability
22. Linux Kernel PPPoE Socket Local Denial of Service Vulnerability
23. SmartCode VNC Manager ActiveX Control Scvncctrl.DLL Denial of Service Vulnerability
24. CPIO File Size Stack Buffer Overflow Vulnerability
25. PHP GD Extension WBMP File Integer Overflow Vulnerabilities
26. Novell SecureLogin Security Bypass And Privilege Escalation Vulnerability
27. HP Tru64 DOP Command Local Privilege Escalation Vulnerability
28. RSAuction Suspended Account Security Bypass Vulnerability
29. Symantec Norton Antivirus NAVOPTS.DLL ActiveX Control Remote Code Execution Vulnerability
30. GetMySystem BarCodeWiz BarcodeWiz.dll ActiveX Control Remote Buffer Overflow Vulnerability
31. WikkaWiki Cross-Site Scripting And Information Disclosure Vulnerabilities
32. RETIRED: PHPHoo3 Admin.PHP SQL Injection Vulnerability
33. PHP Array_User_Key_Compare Function Memory Corruption Vulnerability
34. Microsoft Word Array Remote Code Execution Vulnerability
35. RETIRED: Musiclab BearShare NCTAudioFile2 ActiveX Control Buffer Overflow Vulnerability
36. Microsoft Word RTF Parsing Remote Code Execution Vulnerability
37. NCTsoft NCTAudioFile2 ActiveX Control Remote Buffer Overflow Vulnerability
38. Adobe RoboHelp Unspecified Cross-Site Scripting Vulnerability
39. Apache Tomcat Information Disclosure Vulnerability
40. IBM DB2 Universal Database JDBC Applet Server Unspecified Code Execution Vulnerability
41. Cisco IOS FTP Server Multiple Vulnerabilities
42. Microsoft Exchange IMAP Command Processing Remote Denial of Service Vulnerability
43. Sienzo Digital Music Mentor ActiveX Control SetEvalExpiryDate Method Buffer Overflow Vulnerability
44. Microsoft Exchange iCal Request Remote Denial of Service Vulnerability
45. ISC BIND Query_AddSOA Denial Of Service Vulnerability
46. McAfee Security Center McSubMgr.DLL ActiveX Control Remote Buffer Overflow Vulnerability
47. Apple QuickTime RTSP URI Remote Buffer Overflow Vulnerability
48. Microsoft Excel Filter Records Remote Code Execution Vulnerability
49. Trend Micro ServerProtect SpntSvc.EXE Remote Stack Based Buffer Overflow Vulnerability
50. Novell GroupWise Mobile Server Multiple Vulnerabilities
51. WinZip WZFileView.FileViewCtrl.61 ActiveX Control Multiple Remote Code Execution Vulnerabilities
52. PopTop PPTP Server GRE Packet Denial Of Service Vulnerability
53. Campsite G_DocumentRoot Parameter Multiple Remote File Include Vulnerabilities
54. Python PyLocale_strxfrm Function Remote Information Leak Vulnerability
55. Clam AntiVirus ClamAV PDF Handling Remote Denial Of Service Vulnerability
56. Clam AntiVirus ClamAV Multiple Remote Vulnerabilities
57. PHP Filter_Var FILTER_VALIDATE_EMAIL Newline Injection Vulnerability
58. Microsoft Step-by-Step Interactive Training Buffer Overflow Vulnerability
59. PHP sqlite_udf_decode_binary() Function Buffer Overflow Vulnerability
60. PHP 5 PHP_Stream_Filter_Create() Function Buffer Overflow Vulnerability
61. OpenVMS Exception Handling Local Denial of Service Vulnerability
62. Microsoft Exchange Base64 MIME Message Remote Code Execution Vulnerability
63. HP OpenView Storage Data Protector Backup Agent Remote Arbitrary Command Execution Vulnerability
64. Miplex SmartyFU.Class.PHP Remote File Include Vulnerability
65. PHP Prior to 5.2.2/4.4.7 Multiple Remote Buffer Overflow Vulnerabilities
66. GnuEDU Multiple Remote File Include Vulnerabilities
67. Berylium2 Berylium-Classes.PHP Remote File-Include Vulnerability
68. CGX Multiple Remote File Include Vulnerabilities
69. Crie Seu PHPLojaFacil Path_Local Parameter Multiple Remote File Include Vulnerabilities
70. TutorialCMS Search.PHP SQL Injection Vulnerability
71. Simple News Print.PHP SQL Injection Vulnerability
72. TellTargetCMS Multiple Remote File Include Vulnerabilities
73. AForum Func.PHP Remote File Include Vulnerability
74. Brujula Toolbar NULL Pointer Dereference Denial of Service Vulnerability
75. Audio CD Ripper AudioCDRipperOCX.OCX ActiveX Control Denial of Service Vulnerability
76. Microsoft Windows Terminal Services Remote Security Restriction Bypass Vulnerability
77. PHPMyPortal Articles.Inc.PHP Remote File Include Vulnerability
78. OpenLD Unspecified Cross-Site Scripting Vulnerability
79. PHP Folded Mail Headers Email Header Injection Vulnerability
80. PHP Hash Table Overwrite Arbitrary Code Execution Vulnerability
81. PHP Session_Regenerate_ID Function Double Free Memory Corruption Vulnerability
82. PHP Mb_Parse_Str Function Register_Globals Activation Weakness
83. PHP PHP_Binary Heap Information Leak Vulnerability
84. PHP Shared Memory Functions Resource Verification Arbitrary Code Execution Vulnerability
85. OpenSSH-portable PAM Authentication Remote Information Disclosure Vulnerability
86. IncrediMail IMMenuShellExt ActiveX Control Remote Buffer Overflow Vulnerability
87. PHP 5 Substr_Compare Integer Overflow Vulnerability
88. Research In Motion Blackberry TeamOn Import Object ActiveX Control Buffer Overflow Vulnerability
89. Acer LunchApp.APlunch ActiveX Control Remote Code Execution Vulnerability
90. Trend Micro ServerProtect EarthAgent.EXE Remote Stack Based Buffer Overflow Vulnerability
91. Microsoft Capicom ActiveX Control Remote Code Execution Vulnerability
92. RETIRED: Microsoft May 2007 Advance Notification Multiple Vulnerabilities
93. Microsoft Outlook Web Access Remote Script Injection Vulnerability
94. Microsoft Windows DNS Server Escaped Zone Name Parameter Buffer Overflow Vulnerability
95. Microsoft Internet Explorer Object Handling Remote Code Execution Vulnerability
96. LaVague PrintBar.PHP Remote File Include Vulnerability
97. Microsoft Word 2000/2002 Document Stream Remote Code Execution Vulnerability
98. Microsoft Windows Media Server MDSAuth.DLL ActiveX Control Remote Code Execution Vulnerability
99. Microsoft Office Malformed Drawing Object Remote Code Execution Vulnerability
100. Microsoft Excel Set Font Remote Code Execution Vulnerability
III. SECURITYFOCUS NEWS
1. Experts scramble to quash IPv6 flaw
2. E-Gold charged with money laundering
3. A Mac gets whacked, a second survives
4. MacBooks withstand mild attacks on patch day
IV. SECURITY JOBS LIST SUMMARY
1. [SJ-JOB] Manager, Information Security, Basingstoke
2. [SJ-JOB] Security Consultant, London
3. [SJ-JOB] Security Product Manager, Blue Bell
4. [SJ-JOB] Security System Administrator, Sydney
5. [SJ-JOB] Security Engineer, Mountain View
6. [SJ-JOB] Security Consultant, Huntley
7. [SJ-JOB] Technical Support Engineer, Calgary
8. [SJ-JOB] Security Architect, San Jose (open)
9. [SJ-JOB] Developer, Calgary
10. [SJ-JOB] Application Security Engineer, Chicago
11. [SJ-JOB] Security Architect, Valley Forge
12. [SJ-JOB] Sr. Security Engineer, Central London
13. [SJ-JOB] Director, Information Security, Wilmington
14. [SJ-JOB] Security Engineer, Zurich
15. [SJ-JOB] Security Engineer, San Jose (open)
16. [SJ-JOB] Management, Cupertino
17. [SJ-JOB] Technical Support Engineer, Mountain View
18. [SJ-JOB] Software Engineer, Mountain View
19. [SJ-JOB] Senior Software Engineer, Cupertino
20. [SJ-JOB] Channel / Business Development, Boston
21. [SJ-JOB] Security Consultant, Berkshire
22. [SJ-JOB] Software Engineer, Mountain View
23. [SJ-JOB] Sr. Security Analyst, Ann Arbor
24. [SJ-JOB] Sales Engineer, New York
25. [SJ-JOB] CSO, Columbus
26. [SJ-JOB] Manager, Information Security, San Antonio
27. [SJ-JOB] Management, Calgary
28. [SJ-JOB] Sr. Security Analyst, New York City
29. [SJ-JOB] Certification & Accreditation Engineer, Alexandria
30. [SJ-JOB] Technical Support Engineer, Palo Alto
31. [SJ-JOB] Senior Software Engineer, Palo Alto
32. [SJ-JOB] Security Product Manager, Palo Alto
33. [SJ-JOB] Security System Administrator, New York
34. [SJ-JOB] Database Security Engineer, Baltimore
35. [SJ-JOB] Security Product Marketing Manager, Palo Alto
36. [SJ-JOB] Security Product Manager, Philadelphia
37. [SJ-JOB] Security Consultant, Various
38. [SJ-JOB] Manager, Information Security, Dulles
39. [SJ-JOB] Security Engineer, Washington DC
40. [SJ-JOB] VP, Information Security, Dubai
41. [SJ-JOB] Security Consultant, London / Berkshire
42. [SJ-JOB] Security Consultant, Riyadh
43. [SJ-JOB] Security Engineer, London
44. [SJ-JOB] Application Security Architect, London
45. [SJ-JOB] Security Architect, South Florida
46. [SJ-JOB] Security Product Manager, Stoneham
47. [SJ-JOB] Jr. Security Analyst, Malibu
48. [SJ-JOB] Security Engineer, Zurich
49. [SJ-JOB] Account Manager, Houston
50. [SJ-JOB] Security Auditor, London
51. [SJ-JOB] Security Engineer, Alexandria
52. [SJ-JOB] Security Engineer, Canberra
53. [SJ-JOB] Technology Risk Consultant, Virtual, Travel to Client Site
54. [SJ-JOB] Director, Information Security, St. Louis
55. [SJ-JOB] Sr. Security Engineer, Canberra
56. [SJ-JOB] Technology Risk Consultant, Virtual, Travel to Client Site
57. [SJ-JOB] Security System Administrator, Dubai
58. [SJ-JOB] Director, Information Security, Elk Grove Village
59. [SJ-JOB] Technology Risk Consultant, St. Louis
60. [SJ-JOB] CISO, Buffalo
61. [SJ-JOB] Sr. Security Analyst, Portland
62. [SJ-JOB] Security Consultant, Virtual, Travel to Client Site
63. [SJ-JOB] Application Security Architect, Washington D.C.
64. [SJ-JOB] Sr. Security Analyst, Bellevue
65. [SJ-JOB] Security System Administrator, Denton
66. [SJ-JOB] Management, Mountain View
67. [SJ-JOB] Security Architect, Bay Area
68. [SJ-JOB] Disaster Recovery Coordinator, Washington
69. [SJ-JOB] Sr. Security Analyst, Nassau County
70. [SJ-JOB] Security Engineer, Denver
71. [SJ-JOB] Director, Information Security, Boulder
72. [SJ-JOB] Manager, Information Security, Denver
V. INCIDENTS LIST SUMMARY
VI. VULN-DEV RESEARCH LIST SUMMARY
1. Training Classes in SyScan'07
2. Weird shellcode behavior
3. TCP segments reordering and covert channels
VII. MICROSOFT FOCUS LIST SUMMARY
VIII. SUN FOCUS LIST SUMMARY
IX. LINUX FOCUS LIST SUMMARY
1. understanding chkrootkit and rkhunter logs
2. Center for Internet Security - Call for Participation
X. UNSUBSCRIBE INSTRUCTIONS
XI. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Time for a new certification
By Don Parker
I wrote a column for Securityfocus some time ago that aired my concerns over GIAC dropping the practical portion of their certification process. That column resulted in a lot of feedback, with most agreeing about how GIAC bungled what was up till then, the best certification around.
http://www.securityfocus.com/columnists/443

2. 0wning Vista from the boot
By Federico Biancuzzi
Federico Biancuzzi interviews Nitin and Vipin Kumar, authors of VBootkit, a rootkit that is able to load from Windows Vista boot-sectors. They discuss the "features" of their code, the support of the various versions of Vista, the possibility to place it inside the BIOS (it needs around 1500 bytes), and the chance to use it to bypass Vista's product activation or avoid DRM.
http://www.securityfocus.com/columnists/442

II. BUGTRAQ SUMMARY
--------------------
1. VIM Feedkeys and Writefile Functions Remote Code Execution Vulnerabilities
BugTraq ID: 23725
Remote: Yes
Last Updated: 2007-05-09
Relevant URL: http://www.securityfocus.com/bid/23725
Summary:
VIM is prone to multiple vulnerabilities that permit a remote attacker to execute arbitrary code.

An attacker could exploit these issues by enticing a victim to load a malicious file. A successful exploit could result in the execution of arbitrary code within the context of the affected application.

2. RSA ACE Agent Image Cross-Site Scripting Vulnerability
BugTraq ID: 15206
Remote: Yes
Last Updated: 2007-05-09
Relevant URL: http://www.securityfocus.com/bid/15206
Summary:
RSA ACE Agent is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

3. Microsoft Internet Explorer HTML Objects Script Errors Remote Code Execution Vulnerability
BugTraq ID: 23772
Remote: Yes
Last Updated: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/23772
Summary:
Microsoft Internet Explorer is prone to a remote code-execution vulnerability.

This vulnerability is related to how the browser handles script errors in certain situations. An attacker could exploit this issue to execute arbitrary code in the context of the user running the affected browser.

This issue affects Internet Explorer 7 running on Windows XP SP2, Windows Server 2003 SP1 and SP2, and on Windows Vista.

4. Microsoft Internet Explorer CHTSKDIC.DLL Arbitrary Code Execution Vulnerability
BugTraq ID: 19529
Remote: Yes
Last Updated: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/19529
Summary:
Microsoft Internet Explorer is prone to an arbitrary code-execution vulnerability because the application fails to load a DLL library when instantiated as an ActiveX control.

An attacker may exploit this issue to crash Internet Explorer, effectively denying service to legitimate users and may cause arbitrary code to run within the context of the user running the application.

5. Advanced Guestbook Lang Cookie Parameter Local File Include Vulnerability
BugTraq ID: 23876
Remote: Yes
Last Updated: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/23876
Summary:
Advanced Guestbook is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

Exploiting this issue may allow an unauthorized user to view files and execute local scripts.

Advanced Guestbook 2.4.2 is vulnerable to this issue; other versions may also be affected.

6. MySQL Single Row SubSelect Remote Denial Of Service Vulnerability
BugTraq ID: 22900
Remote: Yes
Last Updated: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/22900
Summary:
MySQL is prone to a remote denial-of-service vulnerability because it fails to handle certain select statements to database metadata.

An attacker can exploit this issue to crash the application, denying access to legitimate users. The attacker may also be able to execute arbitrary code, but this has not yet been confirmed.

NOTE: An attacker must be able to execute arbitrary SELECT statements on the vulnerable computer to exploit this issue. This may be through legitimate means or by exploiting other latent SQL-injection vulnerabilities.

Versions prior to 5.0.36 are vulnerable.

7. ImageMagick XGetPixel/XInitImage Multiple Integer Overflow Vulnerabilities
BugTraq ID: 23300
Remote: Yes
Last Updated: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/23300
Summary:
ImageMagick is prone to multiple integer-overflow vulnerabilities because it fails to properly validate user-supplied data.

An attacker can exploit these issues to execute arbitrary code in the context of the application. Failed exploit attempts will likely cause denial-of-service conditions.

8. X.Org LibXFont Multiple Integer Overflow Vulnerabilities
BugTraq ID: 23283
Remote: No
Last Updated: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/23283
Summary:
The 'libXfont' library is prone to multiple local integer-overflow vulnerabilities because it fails to adequately bounds-check user-supplied data.

An attacker can exploit these vulnerabilities to execute arbitrary code with superuser privileges. Failed exploit attempts will likely cause denial-of-service conditions.

These issues affect libXfont 1.2.2; other versions may also be vulnerable.

9. X.Org X11 XC-MISC Extension Integer Overflow Vulnerability
BugTraq ID: 23284
Remote: No
Last Updated: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/23284
Summary:
X11 is prone to a local integer-overflow vulnerability because it fails to adequately bounds-check user-supplied input.

An attacker can exploit this vulnerability to execute arbitrary code with superuser privileges. Failed exploit attempts will likely cause denial-of-service conditions.

10. VMware Workstation Shared Folders Directory Traversal Vulnerability
BugTraq ID: 23721
Remote: Yes
Last Updated: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/23721
Summary:
VMware Workstation is prone to a directory-traversal vulnerability because it fails to properly sanitize input.

An attacker with access to a virtual guest operating system can exploit this issue by traversing a shared directory to manipulate arbitrary files on the host operating system in the context of the user running the application.

Successful attacks could result in the compromise of the affected host operating system. Other attacks are possible.

VMware Workstation 5.5.3 build 34685 on Windows XP SP2 is vulnerable. Other versions may also be affected.

11. VMware Multiple Denial Of Service Vulnerabilities
BugTraq ID: 23732
Remote: Yes
Last Updated: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/23732
Summary:
VMware is prone to multiple denial-of-service vulnerabilities.

An attacker can exploit these issues to cause denial-of-service conditions.

Versions prior to 5.5.4 Build 44386 are vulnerable to these issues.

12. PostgreSQL SECURITY DEFINER Function Local Privilege Escalation Vulnerability
BugTraq ID: 23618
Remote: No
Last Updated: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/23618
Summary:
PostgreSQL is prone to a local privilege-escalation vulnerability.

Exploiting this issue allows local attackers to escalate privileges in the context of the 'security_definer' function.

PostgreSQL versions prior to 8.2.4, 8.1.9, 8.0.13, 7.4.17, and 7.3.19 are vulnerable to this issue.

13. IPv6 Protocol Type 0 Route Header Denial of Service Vulnerability
BugTraq ID: 23615
Remote: Yes
Last Updated: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/23615
Summary:
IPv6 protocol implementations are prone to a denial-of-service vulnerability due to a design error.

Exploiting this issue allows attackers to cause denial-of-service conditions.

This issue is related to the issue discussed in BID 22210 (Cisco IOS IPv6 Source Routing Remote Memory Corruption Vulnerability).

14. Linux Kernel NETLINK_FIB_LOOKUP Local Denial of Service Vulnerability
BugTraq ID: 23677
Remote: No
Last Updated: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/23677
Summary:
The Linux kernel is prone to a denial-of-service vulnerability. This issue presents itself when a NETLINK message is misrouted.

A local attacker may exploit this issue to trigger an infinite-recursion stack-based overflow in the kernel. This results in a denial of service to legitimate users.

Versions prior to 2.6.20.8 are vulnerable.

15. ManageEngine Password Manager Pro Database Remote Unauthorized Access Vulnerability
BugTraq ID: 23693
Remote: Yes
Last Updated: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/23693
Summary:
ManageEngine Password Manager Pro is prone to a remote unauthorized-access vulnerability due to a design error.

An attacker may leverage this issue to gain unauthorized access to the application's database with administrative privileges. Successful exploits will result in a complete compromise of vulnerable applications and may aid in further attacks.

ManageEngine Password Manager Pro Free edition is vulnerable; other versions may also be affected.

16. DynamicPAD HomeDir Parameter Multiple Remote File Include Vulnerabilities
BugTraq ID: 23861
Remote: Yes
Last Updated: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/23861
Summary:
DynamicPAD is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

This issue affects DynamicPAD 1.02.18; other versions may also be affected.

17. Advanced Guestbook Picture.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 23873
Remote: Yes
Last Updated: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/23873
Summary:
Advanced Guestbook is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

This issue affects Advanced Guestbook 2.4.2; other versions may also be affected.

18. Tetex Mkind.C Remote Buffer Overflow Vulnerability
BugTraq ID: 23872
Remote: Yes
Last Updated: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/23872
Summary:
teTeX is prone to a buffer-overflow vulnerability because it fails to sufficiently perform boundary checks on user-supplied input before copying it to an insufficiently sized memory buffer.

Remote attackers may exploit this issue by enticing victims into opening a malicious file using the affected application.

Attackers can exploit this issue to execute arbitrary code with the privileges of an unsuspecting user. A successful attack can facilitate the compromise of vulnerable computers. Failed exploit attempts will likely result in denial-of-service conditions.

This issue affects teTeX 2.0.2 and 3.0.0; other versions may also be vulnerable.

19. Taltech Tal Bar TALBarCd.OCX ActiveX Control Remote Buffer Overflow Vulnerability
BugTraq ID: 23871
Remote: Yes
Last Updated: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/23871
Summary:
Taltech Tal Bar ActiveX control is prone to a buffer-overflow vulnerability because the software fails to sufficiently bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

An attacker may exploit this issue by enticing victims into opening a malicious webpage or HTML email that invokes the affected control.

Taltech Tal Bar 2.0.0.1 is vulnerable to this issue; other versions may be affected as well.

20. Censura Censura.PHP SQL Injection Vulnerability
BugTraq ID: 23796
Remote: Yes
Last Updated: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/23796
Summary:
Censura is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input.

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.

Censura 1.15.04 is reported vulnerable; other versions may also be affected.

21. IrfanView .IFF Format Handling Remote Buffer Overflow Vulnerability
BugTraq ID: 23692
Remote: Yes
Last Updated: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/23692
Summary:
IrfanView is prone to a remote buffer-overflow vulnerability because the software fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

Successful exploits allow remote attackers to execute arbitrary machine code in the context of the vulnerable application. Failed exploit attempts likely result in denial-of-service conditions.

IrfanView 4.00 is vulnerable; other versions may also be affected.

22. Linux Kernel PPPoE Socket Local Denial of Service Vulnerability
BugTraq ID: 23870
Remote: No
Last Updated: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/23870
Summary:
The Linux kernel is prone to a denial-of-service vulnerability.

Exploiting this issue allows local attackers to exhaust memory resources and eventually cause the kernel to crash, effectively denying service to legitimate users.

This issue affects the Linux kernel 2.6 series prior to 2.6.21-git8.

23. SmartCode VNC Manager ActiveX Control Scvncctrl.DLL Denial of Service Vulnerability
BugTraq ID: 23869
Remote: Yes
Last Updated: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/23869
Summary:
The SmartCode VNC Manager ActiveX control is prone to a denial-of-service vulnerability.

An attacker may exploit this issue by enticing victims into opening a malicious webpage or HTML email that invokes the affected control.

An attacker can exploit this issue to cause denial-of-service conditions in Internet Explorer or other applications that use the vulnerable ActiveX control.

SmartCode VNC Manager 3.6 is vulnerable to this issue; other versions may also be affected.

24. CPIO File Size Stack Buffer Overflow Vulnerability
BugTraq ID: 16057
Remote: No
Last Updated: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/16057
Summary:
The cpio utility is prone to a stack buffer-overflow vulnerability.

This issue presents itself when cpio tries to create an archive containing files with extremely large sizes, potentially resulting in a memory buffer being overrun.

Note that this vulnerability presents itself only on 64-bit platforms. Presumably, on 32-bit platforms using 64-bit filesystems, this may be exploited to crash cpio.

25. PHP GD Extension WBMP File Integer Overflow Vulnerabilities
BugTraq ID: 23357
Remote: Yes
Last Updated: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/23357
Summary:
PHP's GD extension is prone to two integer-overflow vulnerabilities because it fails to ensure that integer values aren't overrun.

Successfully exploiting these issues allows attackers to crash the affected application, potentially denying service to legitimate users. Due to the nature of the issues, code execution may also be possible, but this has not been confirmed.

PHP 5.2.1 and prior versions are vulnerable.

26. Novell SecureLogin Security Bypass And Privilege Escalation Vulnerability
BugTraq ID: 23547
Remote: Yes
Last Updated: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/23547
Summary:
Novell SecureLogin is prone to a vulnerability that allows attackers to bypass security restrictions as well as a vulnerability that may allow attackers to gain elevated privileges on the affected computer.

These issues affect Novell Access Management Server 3 IR1.

27. HP Tru64 DOP Command Local Privilege Escalation Vulnerability
BugTraq ID: 23881
Remote: No
Last Updated: 2007-05-09
Relevant URL: http://www.securityfocus.com/bid/23881
Summary:
HP Tru64 for UNIX is prone to a local privilege-escalation vulnerability.

Exploiting this issue allows local attackers to execute arbitrary code with superuser privileges.
Successful exploits will result in a complete compromise of vulnerable computers. Failed exploit attempts will result in a denial of service.

28. RSAuction Suspended Account Security Bypass Vulnerability
BugTraq ID: 23895
Remote: Yes
Last Updated: 2007-05-09
Relevant URL: http://www.securityfocus.com/bid/23895
Summary:
RSAuction is prone to a security-bypass vulnerability due to a design error.

Successful exploits may allow attackers to activate suspended accounts, bypassing certain security restrictions.

RSAuction 2.73.1.3 is reported vulnerable; other versions may also be affected.

29. Symantec Norton Antivirus NAVOPTS.DLL ActiveX Control Remote Code Execution Vulnerability
BugTraq ID: 23822
Remote: Yes
Last Updated: 2007-05-09
Relevant URL: http://www.securityfocus.com/bid/23822
Summary:
Symantec Norton Antivirus ActiveX control is prone to a remote code-execution vulnerability.

An attacker may exploit this issue by enticing victims into opening a maliciously crafted HTML document.

Successful exploits will allow attackers to execute arbitrary code in the context of the user visiting a malicious web page. Failed exploit attempts will likely result in denial-of-service conditions.

30. GetMySystem BarCodeWiz BarcodeWiz.dll ActiveX Control Remote Buffer Overflow Vulnerability
BugTraq ID: 23891
Remote: Yes
Last Updated: 2007-05-09
Relevant URL: http://www.securityfocus.com/bid/23891
Summary:
BarCodeWiz ActiveX control is prone to a buffer-overflow vulnerability because the software fails to sufficiently bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

An attacker may exploit this issue by enticing victims into opening a malicious webpage or HTML email that invokes the affected control.

BarCodeWiz 2.0 is vulnerable to this issue; other versions may be affected as well.

31. WikkaWiki Cross-Site Scripting And Information Disclosure Vulnerabilities
BugTraq ID: 23894
Remote: Yes
Last Updated: 2007-05-09
Relevant URL: http://www.securityfocus.com/bid/23894
Summary:
WikkaWiki is prone to a cross-site scripting vulnerability and an information-disclosure vulnerability.

An attacker may leverage these issues to access sensitive information or execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

These issues affect versions prior to 1.1.6.3.

32. RETIRED: PHPHoo3 Admin.PHP SQL Injection Vulnerability
BugTraq ID: 23854
Remote: Yes
Last Updated: 2007-05-09
Relevant URL: http://www.securityfocus.com/bid/23854
Summary:
phpHoo3 is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.

NOTE: This BID has been retired because further research shows that an attacker cannot manipulate the parameters in question.

33. PHP Array_User_Key_Compare Function Memory Corruption Vulnerability
BugTraq ID: 22990
Remote: No
Last Updated: 2007-05-09
Relevant URL: http://www.securityfocus.com/bid/22990
Summary:
PHP is prone to a memory-corruption vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of the webserver process or to cause denial-of-service conditions.

This issue is proven to be locally exploitable.

The vulnerability affects these versions:

PHP 4.x but prior to 4.4.6
PHP 5.x but prior to 5.2.1

34. Microsoft Word Array Remote Code Execution Vulnerability
BugTraq ID: 23804
Remote: Yes
Last Updated: 2007-05-09
Relevant URL: http://www.securityfocus.com/bid/23804
Summary:
Microsoft Word is prone to a remote code-execution vulnerability.

An attacker could exploit this issue by enticing a victim to open a malicious Word file. Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user.

35. RETIRED: Musiclab BearShare NCTAudioFile2 ActiveX Control Buffer Overflow Vulnerability
BugTraq ID: 23892
Remote: Yes
Last Updated: 2007-05-09
Relevant URL: http://www.securityfocus.com/bid/23892
Summary:
BearShare NCTAudioFile2 ActiveX control is prone to a buffer-overflow vulnerability because it fails to sufficiently bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

Successful attacks corrupt process memory, allowing arbitrary code to run in the context of the client application using the affected ActiveX control.

BearShare 6.0.2.26789 is reported vulnerable to this issue; other versions may be affected as well.

This issue is a duplicate of BID 22196 (NCTsoft NCTAudioFile2 ActiveX Control Remote Buffer Overflow Vulnerability) and is therefore being retired.

36. Microsoft Word RTF Parsing Remote Code Execution Vulnerability
BugTraq ID: 23836
Remote: Yes
Last Updated: 2007-05-09
Relevant URL: http://www.securityfocus.com/bid/23836
Summary:
Microsoft Word is prone to a remote code-execution vulnerability.

An attacker could exploit this issue by enticing a victim to open a malicious Word file. Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user.

37. NCTsoft NCTAudioFile2 ActiveX Control Remote Buffer Overflow Vulnerability
BugTraq ID: 22196
Remote: Yes
Last Updated: 2007-05-09
Relevant URL: http://www.securityfocus.com/bid/22196
Summary:
NCTsoft NCTAudioFile2 ActiveX control is prone to a buffer-overflow vulnerability. The software fails to perform sufficient bounds-checking of user-supplied input before copying it to an insufficiently sized memory buffer.

NCTAudioEditor is a collection of ActiveX controls for manipulating audio data. Numerous audio software products use the vulnerable 'NCTAudioFile2.AudioFile' ActiveX component.

NCTAudioStudio 2.7.1, NCTAudioEditor 2.7.1, and NCTDialogicVoice 2.7.1 are affected by this vulnerability; other versions may be affected as well.

Please see the list of associated technologies for a table of third-party products that are vulnerable because they depend on this ActiveX control.

38. Adobe RoboHelp Unspecified Cross-Site Scripting Vulnerability
BugTraq ID: 23878
Remote: Yes
Last Updated: 2007-05-09
Relevant URL: http://www.securityfocus.com/bid/23878
Summary:
RoboHelp is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

39. Apache Tomcat Information Disclosure Vulnerability
BugTraq ID: 19106
Remote: Yes
Last Updated: 2007-05-09
Relevant URL: http://www.securityfocus.com/bid/19106
Summary:
Apache Tomcat is prone to an information-disclosure vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this issue to reveal a complete directory listing from any directory. Information obtained may aid in further attacks. Reports indicate that this issue may also allow attackers to obtain the source code of script files.

Apache Tomcat 5.028, 5.5.23, 5.5.9, and 5.5.7 are vulnerable to this issue; other versions may also be affected.

Novell GroupWise Mobile Server 1.0 or other versions bundled with Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2 ship with an affected version of Tomcat and are vulnerable as well.

40. IBM DB2 Universal Database JDBC Applet Server Unspecified Code Execution Vulnerability
BugTraq ID: 23890
Remote: Yes
Last Updated: 2007-05-09
Relevant URL: http://www.securityfocus.com/bid/23890
Summary:
IBM DB2 Universal Database is prone to an unspecified remote code-execution vulnerability.

An attacker can exploit this issue to execute arbitrary code in the context of the user running the application. Successful attacks can result in the compromise of the application or can cause denial-of-service conditions.

Few technical details are currently available. We will update this BID as more information emerges.

41. Cisco IOS FTP Server Multiple Vulnerabilities
BugTraq ID: 23885
Remote: Yes
Last Updated: 2007-05-09
Relevant URL: http://www.securityfocus.com/bid/23885
Summary:
Cisco IOS FTP Server is prone to multiple vulnerabilities including a denial-of-service issue and an authentication-bypass issue.

Attackers can exploit these issues to deny service to legitimate users, gain unauthorized access to an affected device, or execute arbitrary code.

Only IOS devices that have the FTP Server feature enabled are vulnerable; this feature is disabled by default.

42. Microsoft Exchange IMAP Command Processing Remote Denial of Service Vulnerability
BugTraq ID: 23810
Remote: Yes
Last Updated: 2007-05-09
Relevant URL: http://www.securityfocus.com/bid/23810
Summary:
Microsoft Exchange is prone to a remote denial-of-service vulnerability because it fails to properly handle specially crafted IMAP commands.

Successfully exploiting this issue allows remote attackers to cause targeted Exchange servers' mail service to stop responding, thus denying further email service for legitimate users. To recover from the denial-of-service condition, administrators must restart the IIS Admin Service service.

43. Sienzo Digital Music Mentor ActiveX Control SetEvalExpiryDate Method Buffer Overflow Vulnerability
BugTraq ID: 23849
Remote: Yes
Last Updated: 2007-05-09
Relevant URL: http://www.securityfocus.com/bid/23849
Summary:
Sienzo Digital Music Mentor is prone to a stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user data supplied to multiple ActiveX control methods.

An attacker can exploit this issue to execute arbitrary code in the context of a user running the application. Failed attempts will likely result in denial-of-service conditions.

Digital Music Mentor 2.6.0.4 is vulnerable; other versions may also be affected.

44. Microsoft Exchange iCal Request Remote Denial of Service Vulnerability
BugTraq ID: 23808
Remote: Yes
Last Updated: 2007-05-09
Relevant URL: http://www.securityfocus.com/bid/23808
Summary:
Microsoft Exchange is prone to a remote denial-of-service vulnerability because it fails to properly handle unexpected iCal message content.

Successfully exploiting this issue allows remote attackers to cause targeted Exchange servers to stop responding to further requests for sending, receiving, or accessing email. As a result, denial-of-service conditions occur for legitimate users of affected servers. A denial-of-service condition will persist until an administrator restarts the Microsoft Exchange Information Store service.

45. ISC BIND Query_AddSOA Denial Of Service Vulnerability
BugTraq ID: 23738
Remote: Yes
Last Updated: 2007-05-09
Relevant URL: http://www.securityfocus.com/bid/23738
Summary:
ISC BIND is prone to a denial-of-service vulnerability because it fails to handle certain sequences of malicious queries.

NOTE: Only applications configured with the 'recursion' directive/attribute enabled are vulnerable to this issue.

An attacker can exploit this issue to cause the application to exit, denying service to legitimate users.

ISC BIND 9.40, 9.5.0a1, 9.5.0a2, and 9.5.0a3 are vulnerable.

46. McAfee Security Center McSubMgr.DLL ActiveX Control Remote Buffer Overflow Vulnerability
BugTraq ID: 23888
Remote: Yes
Last Updated: 2007-05-09
Relevant URL: http://www.securityfocus.com/bid/23888
Summary:
The 'McSubMgr.DLL' ActiveX control shipped with McAfee Security Center is prone to a buffer-overflow vulnerability. The software fails to perform sufficient boundary checks of user-supplied input before copying it to an insufficiently sized memory buffer.

McAfee Virus Scan 10.0.27 for Windows XP with Service Pack 2 uses this vulnerable ActiveX control. McAfee Subscription Manager versions prior to 6.0.0.25 and prior to 7.2.147 are vulnerable to this issue; other products may be vulnerable as well.

47. Apple QuickTime RTSP URI Remote Buffer Overflow Vulnerability
BugTraq ID: 21829
Remote: Yes
Last Updated: 2007-05-09
Relevant URL: http://www.securityfocus.com/bid/21829
Summary:
Apple QuickTime is prone to a remote buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input prior to copying it to an insufficiently sized stack-based memory buffer.

Exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the affected application, facilitating the remote compromise of affected computers.

Attackers exploit this issue by coercing targeted users to access malicious HTML or QTL files or by executing malicious JavaScript code.

QuickTime version 7.1.3 is vulnerable to this issue; other versions may also be affected.

48. Microsoft Excel Filter Records Remote Code Execution Vulnerability
BugTraq ID: 23780
Remote: Yes
Last Updated: 2007-05-09
Relevant URL: http://www.securityfocus.com/bid/23780
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.

An attacker can exploit this issue to execute arbitrary code in the context of a victim user running the application. A successful exploit will result in the compromise of the application and may aid in further attacks.

49. Trend Micro ServerProtect SpntSvc.EXE Remote Stack Based Buffer Overflow Vulnerability
BugTraq ID: 23868
Remote: Yes
Last Updated: 2007-05-09
Relevant URL: http://www.securityfocus.com/bid/23868
Summary:
Trend Micro ServerProtect is prone to a stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

Exploiting this issue allows attackers to execute arbitrary machine code with SYSTEM-level privileges and to completely compromise affected computers. Failed exploit attempts will result in a denial of service.

50. Novell GroupWise Mobile Server Multiple Vulnerabilities
BugTraq ID: 23889
Remote: Yes
Last Updated: 2007-05-09
Relevant URL: http://www.securityfocus.com/bid/23889
Summary:
Novell GroupWise Mobile Server powered by Nokia Intellisync Mobile Suite is reported prone to multiple vulnerabilities. Reports indicate that these issues reside only in the bundled package; Nokia Intellisync Mobile Suite may not be affected on its own.

Successful attacks may allow an attacker to obtain sensitive information and carry out denial-of-service and cross-site scripting attacks.

Novell GroupWise Mobile Server 1.0 or other versions bundled with Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2 are vulnerable.

51. WinZip WZFileView.FileViewCtrl.61 ActiveX Control Multiple Remote Code Execution Vulnerabilities
BugTraq ID: 21060
Remote: Yes
Last Updated: 2007-05-09
Relevant URL: http://www.securityfocus.com/bid/21060
Summary:
WinZip is prone to multiple remote code-execution vulnerabilities in an ActiveX control that is installed with the package.

Exploiting these issues allows remote attackers to execute arbitrary machine code in the context of applications using the affected ActiveX control and possibly to compromise affected computers.

WinZip versions in the 10.0 series prior to build 7245 are vulnerable to these issues.

52. PopTop PPTP Server GRE Packet Denial Of Service Vulnerability
BugTraq ID: 23886
Remote: Yes
Last Updated: 2007-05-09
Relevant URL: http://www.securityfocus.com/bid/23886
Summary:
PoPToP PPTP Server is prone to a denial-of-service vulnerability because it fails to adequately handle certain malformed packet data.

Attackers can exploit this issue to disconnect arbitrary PPTP connections.

PoPToP PPTP Server 1.3.4 is vulnerable; other versions may also be affected.

53. Campsite G_DocumentRoot Parameter Multiple Remote File Include Vulnerabilities
BugTraq ID: 23874
Remote: Yes
Last Updated: 2007-05-09
Relevant URL: http://www.securityfocus.com/bid/23874
Summary:
Campsite is prone to multiple remote file-include vulnerabilities.

Exploiting this issue allows remote attackers to execute code in the context of the webserver.

This issue affects Campsite 2.6.1. Earlier versions may also be affected.

54. Python PyLocale_strxfrm Function Remote Information Leak Vulnerability
BugTraq ID: 23887
Remote: Yes
Last Updated: 2007-05-09
Relevant URL: http://www.securityfocus.com/bid/23887
Summary:
Python applications that use the 'PyLocale_strxfrm' function are prone to an information leak.

Exploiting this issue allows remote attackers to read portions of memory.

Python 2.4.4-2 and 2.5 are confirmed vulnerable to this issue.

55. Clam AntiVirus ClamAV PDF Handling Remote Denial Of Service Vulnerability
BugTraq ID: 23656
Remote: Yes
Last Updated: 2007-05-09
Relevant URL: http://www.securityfocus.com/bid/23656
Summary:
ClamAV is prone to a denial-of-service vulnerability.

A successful attack may allow an attacker to cause denial-of-service conditions.

56. Clam AntiVirus ClamAV Multiple Remote Vulnerabilities
BugTraq ID: 23473
Remote: Yes
Last Updated: 2007-05-09
Relevant URL: http://www.securityfocus.com/bid/23473
Summary:
ClamAV is prone to a file-descriptor leakage vulnerability and a buffer-overflow vulnerability.

A successful attack may allow an attacker to obtain sensitive information, cause denial-of-service conditions, and execute arbitrary code in the context of the user running the affected application.

ClamAV versions prior to 0.90.2 are vulnerable to these issues.

57. PHP Filter_Var FILTER_VALIDATE_EMAIL Newline Injection Vulnerability
BugTraq ID: 23359
Remote: Yes
Last Updated: 2007-05-09
Relevant URL: http://www.securityfocus.com/bid/23359
Summary:
PHP is prone to an email-newline-injection vulnerability because it fails to properly sanitize user-supplied input.

Exploiting this issue may allow a malicious user to create arbitrary email headers, and then create and transmit spam messages from the affected computer.

58. Microsoft Step-by-Step Interactive Training Buffer Overflow Vulnerability
BugTraq ID: 22484
Remote: Yes
Last Updated: 2007-05-09
Relevant URL: http://www.securityfocus.com/bid/22484
Summary:
Microsoft Step-by-Step Interactive Training is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker could exploit this issue by enticing a victim to load a bookmark link file. If the vulnerability is successfully exploited, this could result in the execution of arbitrary code in the context of the currently logged-in user.

59. PHP sqlite_udf_decode_binary() Function Buffer Overflow Vulnerability
BugTraq ID: 23235
Remote: Yes
Last Updated: 2007-05-09
Relevant URL: http://www.securityfocus.com/bid/23235
Summary:
PHP is prone to a buffer-overflow vulnerability because the application fails to perform boundary checks before copying user-supplied data to insufficiently sized memory buffers.

An attacker can exploit this issue to execute arbitrary machine code in the context of the affected webserver. Failed exploit attempts will likely crash the webserver, denying service to legitimate users.

This issue affects PHP versions prior to 4.4.5 and 5.2.1.

60. PHP 5 PHP_Stream_Filter_Create() Function Buffer Overflow Vulnerability
BugTraq ID: 23237
Remote: Yes
Last Updated: 2007-05-09
Relevant URL: http://www.securityfocus.com/bid/23237
Summary:
PHP is prone to a buffer-overflow vulnerability because the application fails to perform boundary checks before copying user-supplied data to insufficiently sized memory buffers.

An attacker can exploit this issue remotely by supplying a 'php://filter' URL to one of the file functions.

The attacker can exploit this issue to execute arbitrary machine code in the context of the affected webserver. Failed exploit attempts will likely crash the webserver, denying service to legitimate users.

Successful exploits for this issue will depend on the application's heap-memory implementation. PHP version 5.2.0 introduced a new memory manager that makes all little-endian platforms exploitable.

This issue affects PHP versions prior to 5.2.1.

61. OpenVMS Exception Handling Local Denial of Service Vulnerability
BugTraq ID: 23744
Remote: No
Last Updated: 2007-05-09
Relevant URL: http://www.securityfocus.com/bid/23744
Summary:
OpenVMS is prone to a local denial-of-service vulnerability because the operating system fails to handle exceptions properly.

Attackers must have AUDIT privileges to exploit this issue. This privilege is not commonly granted to normal users.

A local attacker can exploit this vulnerability to crash affected computers, denying service to legitimate users.

Few technical details are currently available. We will update this BID as more information emerges.

62. Microsoft Exchange Base64 MIME Message Remote Code Execution Vulnerability
BugTraq ID: 23809
Remote: Yes
Last Updated: 2007-05-09
Relevant URL: http://www.securityfocus.com/bid/23809
Summary:
Microsoft Exchange is prone to a remote code-execution vulnerability because the application fails to properly decode specially crafted email messages.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the vulnerable application, which may lead to a complete compromise of affected computers.

63. HP OpenView Storage Data Protector Backup Agent Remote Arbitrary Command Execution Vulnerability
BugTraq ID: 19495
Remote: Yes
Last Updated: 2007-05-09
Relevant URL: http://www.securityfocus.com/bid/19495
Summary:
HP OpenView Storage Data Protector Backup Agent is prone to an arbitrary command-execution vulnerability.

Attackers can exploit this vulnerability to execute arbitrary commands in the context of the affected process. This may help them compromise the underlying system; other attacks are also possible.

64. Miplex SmartyFU.Class.PHP Remote File Include Vulnerability
BugTraq ID: 23884
Remote: Yes
Last Updated: 2007-05-09
Relevant URL: http://www.securityfocus.com/bid/23884
Summary:
Miplex is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

65. PHP Prior to 5.2.2/4.4.7 Multiple Remote Buffer Overflow Vulnerabilities
BugTraq ID: 23813
Remote: Yes
Last Updated: 2007-05-09
Relevant URL: http://www.securityfocus.com/bid/23813
Summary:
PHP is prone to three remote buffer-overflow vulnerabilities because the application fails to perform boundary checks before copying user-supplied data to insufficiently sized memory buffers.

An attacker can exploit these issues to execute arbitrary machine code in the context of the affected webserver. Failed exploit attempts will likely crash the webserver, denying service to legitimate users.

All three issues affect PHP 5.2.1 and prior versions; PHP 4.4.6 and prior versions are affected only by one of the issues.

Few details are available at the moment. These issues may have been previously described in other BIDs. This record may be updated or retired if further analysis shows that these issues have been reported in the past.

66. GnuEDU Multiple Remote File Include Vulnerabilities
BugTraq ID: 23883
Remote: Yes
Last Updated: 2007-05-09
Relevant URL: http://www.securityfocus.com/bid/23883
Summary:
GNU Edu is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

These issues affect GNU Edu 1.3b2; other versions may also be affected.

67. Berylium2 Berylium-Classes.PHP Remote File-Include Vulnerability
BugTraq ID: 23882
Remote: Yes
Last Updated: 2007-05-09
Relevant URL: http://www.securityfocus.com/bid/23882
Summary:
Berylium2 is prone to a remote file-include vulnerability.

Exploiting this issue allows an attacker to execute arbitrary code in the context of the webserver.

This issue affects Berilium2 2003-08-18; other versions may also be affected.

68. CGX Multiple Remote File Include Vulnerabilities
BugTraq ID: 23880
Remote: Yes
Last Updated: 2007-05-09
Relevant URL: http://www.securityfocus.com/bid/23880
Summary:
CGX is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

CGX 20050314 is vulnerable; other versions may also be affected.

69. Crie Seu PHPLojaFacil Path_Local Parameter Multiple Remote File Include Vulnerabilities
BugTraq ID: 23879
Remote: Yes
Last Updated: 2007-05-09
Relevant URL: http://www.securityfocus.com/bid/23879
Summary:
PHPLojaFacil is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

This issue affects PHPLojaFacil 0.1.5; other versions may also be affected.

70. TutorialCMS Search.PHP SQL Injection Vulnerability
BugTraq ID: 23905
Remote: Yes
Last Updated: 2007-05-09
Relevant URL: http://www.securityfocus.com/bid/23905
Summary:
TutorialCMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.

Version 1.00 is vulnerable; other versions may also be affected.

71. Simple News Print.PHP SQL Injection Vulnerability
BugTraq ID: 23904
Remote: Yes
Last Updated: 2007-05-09
Relevant URL: http://www.securityfocus.com/bid/23904
Summary:
Simple News is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input.

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.

Simple News 1.0.0 FINAL is reported vulnerable; other versions may also be affected.

72. TellTargetCMS Multiple Remote File Include Vulnerabilities
BugTraq ID: 23903
Remote: Yes
Last Updated: 2007-05-09
Relevant URL: http://www.securityfocus.com/bid/23903
Summary:
telltargetCMS is prone to multiple remote file-includes vulnerabilities because the application fails to properly sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary server-side script code on an affected computer with the privileges of the webserver process.

These issues affects versions 1.3.3 and prior.

73. AForum Func.PHP Remote File Include Vulnerability
BugTraq ID: 23902
Remote: Yes
Last Updated: 2007-05-09
Relevant URL: http://www.securityfocus.com/bid/23902
Summary:
aForum is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input.

Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

This issue affects aForum 1.32; other versions may also be vulnerable.

74. Brujula Toolbar NULL Pointer Dereference Denial of Service Vulnerability
BugTraq ID: 23901
Remote: Yes
Last Updated: 2007-05-09
Relevant URL: http://www.securityfocus.com/bid/23901
Summary:
Brujula Toolbar is prone to a denial-of-service vulnerability.

An attacker may cause an access violation error by triggering a NULL pointer dereference, resulting in a denial-of-service condition.

Successful exploits will result in denial-of-service conditions within the affected application.

75. Audio CD Ripper AudioCDRipperOCX.OCX ActiveX Control Denial of Service Vulnerability
BugTraq ID: 23900
Remote: Yes
Last Updated: 2007-05-09
Relevant URL: http://www.securityfocus.com/bid/23900
Summary:
Audio CD Ripper ActiveX control is prone to a denial-of-service vulnerability.

An attacker may exploit this issue by enticing victims into opening a malicious webpage or HTML email that invokes the affected control.

An attacker can exploit this issue to cause denial-of-service conditions in Internet Explorer or other applications that use the vulnerable ActiveX control.

This issue affects version 1.0; other vesions may also be affected.

76. Microsoft Windows Terminal Services Remote Security Restriction Bypass Vulnerability
BugTraq ID: 23899
Remote: Yes
Last Updated: 2007-05-09
Relevant URL: http://www.securityfocus.com/bid/23899
Summary:
Microsoft Windows Terminal Services is prone to a remote security-restriction bypass vulnerability. This issue is due to a failure of the server software to properly enforce encryption requirements.

This issue allows users to connect to affected servers without utilizing encryption, bypassing security requirements configured by administrators. This may allow attackers to perform man-in-the-middle attacks, or to eavesdrop on RDP sessions.

This issue affects Terminal Services installed on Windows 2003 Server; other versions may also be affected.

77. PHPMyPortal Articles.Inc.PHP Remote File Include Vulnerability
BugTraq ID: 23898
Remote: Yes
Last Updated: 2007-05-09
Relevant URL: http://www.securityfocus.com/bid/23898
Summary:
phpMyPortal is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input.

Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

This issue affects phpMyPortal 3.0.0 RC3; other versions may also be vulnerable.

78. OpenLD Unspecified Cross-Site Scripting Vulnerability
BugTraq ID: 23896
Remote: Yes
Last Updated: 2007-05-09
Relevant URL: http://www.securityfocus.com/bid/23896
Summary:
OpenLD is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Versions prior to 1.1-modified3 are vulnerable.

79. PHP Folded Mail Headers Email Header Injection Vulnerability
BugTraq ID: 23145
Remote: Yes
Last Updated: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/23145
Summary:
PHP is prone to an email-header-injection vulnerability because it fails to properly sanitize user-supplied input when constructing email messages.

Exploiting this issue allows a malicious user to create arbitrary email headers, and then create and transmit spam messages from the affected computer.

The following versions are vulnerable:

PHP 4 up to and including 4.4.6
PHP 5 up to and including 5.2.1

80. PHP Hash Table Overwrite Arbitrary Code Execution Vulnerability
BugTraq ID: 23119
Remote: No
Last Updated: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/23119
Summary:
PHP is prone to an arbitrary-code-execution vulnerability.

An attacker may exploit this issue to execute arbitrary code within the context of the affected webserver.

This issue affects PHP 4 (prior to 4.4.5) and PHP 5 (prior to 5.2.1).

81. PHP Session_Regenerate_ID Function Double Free Memory Corruption Vulnerability
BugTraq ID: 22968
Remote: No
Last Updated: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/22968
Summary:
PHP is prone to a double-free memory-corruption vulnerability.

Attackers may be able to exploit this issue to execute arbitrary code in the context of the webserver process or to cause denial-of-service conditions.

This issue is proven to be locally exploitable. Remote attack vectors may also be possible, but this is yet to be confirmed.

This issue affects PHP versions 5 to 5.2.1. PHP version 4 is vulnerable only if successful remote exploits are proven.

82. PHP Mb_Parse_Str Function Register_Globals Activation Weakness
BugTraq ID: 23016
Remote: Yes
Last Updated: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/23016
Summary:
PHP is prone to a weakness that allows attackers to enable the 'register_globals' directive because the application fails to handle a memory-limit exception.

Enabling the PHP 'register_globals' directive may allow attackers to further exploit latent vulnerabilities in PHP scripts.

This issue is related to the weakness found in the non-multibyte 'parse_str()' from BID 15249 - PHP Parse_Str Register_Globals Activation Weakness.

This issue affects PHP versions 4 to 4.4.6 and 5 to 5.2.1.

83. PHP PHP_Binary Heap Information Leak Vulnerability
BugTraq ID: 22805
Remote: No
Last Updated: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/22805
Summary:
PHP 'php_binary' serialization handler is prone to a heap-information leak.

The vulnerability arises because of a missing boundary check in the extraction of variable names. A local attacker can exploit this issue to obtain sensitive information (such as heap offsets and canaries) that may aid in other attacks.

These versions are affected:

PHP4 versions prior to 4.4.5
PHP5 versions prior to 5.2.1

Updates are available.

84. PHP Shared Memory Functions Resource Verification Arbitrary Code Execution Vulnerability
BugTraq ID: 22862
Remote: No
Last Updated: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/22862
Summary:
PHP shared memory functions (shmop) are prone to an arbitrary-code-execution vulnerability.

An attacker may exploit this issue to execute arbitrary code within the context of the affected webserver. The attacker may also gain access to RSA keys of the SSL certificate.

This issue affects PHP 4 versions prior to 4.4.5 and PHP 5 versions prior to 5.2.1.

85. OpenSSH-portable PAM Authentication Remote Information Disclosure Vulnerability
BugTraq ID: 11781
Remote: Yes
Last Updated: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/11781
Summary:
The portable version of OpenSSH is reported prone to an information-disclosure vulnerability. The portable version is distributed for operating systems other than its native OpenBSD platform.

This issue is related to BID 7467. Reportedly, the previous fix for BID 7467 didn't completely fix the issue. This current issue may involve differing code paths in PAM, resulting in a new vulnerability, but this has not been confirmed.

Exploiting this vulnerability allows remote attackers to test for the presence of valid usernames. Knowledge of usernames may aid them in further attacks.

86. IncrediMail IMMenuShellExt ActiveX Control Remote Buffer Overflow Vulnerability
BugTraq ID: 23674
Remote: Yes
Last Updated: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/23674
Summary:
IncrediMail is prone to a stack-based buffer-overflow vulnerability because it fails to sufficiently check boundaries of user-supplied input before copying it to an insufficiently sized memory buffer.

An attacker may exploit this issue by enticing victims into opening a malicious webpage or HTML email that invokes the affected control.

Successful exploits will corrupt process memory, allowing attacker-supplied arbitrary code to run in the context of the client application using the affected ActiveX control.

87. PHP 5 Substr_Compare Integer Overflow Vulnerability
BugTraq ID: 22851
Remote: No
Last Updated: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/22851
Summary:
PHP 5 'substr_compare()' function is prone to an integer-overflow vulnerability because it fails to ensure that integer values aren't overrun.

A local attacker can exploit this vulnerability to obtain sensitive information (such as stack offsets, variables, and canaries) that may aid in other attacks.

PHP 5 version 5.2.1 and earlier are reported vulnerable to this issue.

88. Research In Motion Blackberry TeamOn Import Object ActiveX Control Buffer Overflow Vulnerability
BugTraq ID: 23331
Remote: Yes
Last Updated: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/23331
Summary:
The Blackberry TeamOn Import Object ActiveX control is prone to a buffer-overflow vulnerability because the software fails to properly bounds-check user-supplied input before using it in an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary machine-code on a vulnerable computer in the context of the victim running the affected application.

89. Acer LunchApp.APlunch ActiveX Control Remote Code Execution Vulnerability
BugTraq ID: 21207
Remote: Yes
Last Updated: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/21207
Summary:
Acer LunchApp.APlunch ActiveX is prone to a remote code-execution vulnerability.

Exploiting this issue allows remote attackers to execute arbitrary code in the context of applications using the affected ActiveX control and possibly to compromise affected computers.

This issue affects Acer TravelMate 4150 and Acer Aspire 5600 notebooks with LunchApp.APlunch version 1.0.

90. Trend Micro ServerProtect EarthAgent.EXE Remote Stack Based Buffer Overflow Vulnerability
BugTraq ID: 23866
Remote: Yes
Last Updated: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/23866
Summary:
Trend Micro ServerProtect is prone to a stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

Exploiting this issue allows attackers to execute arbitrary machine code with SYSTEM-level privileges and to completely compromise affected computers. Failed exploit attempts will result in a denial of service.

91. Microsoft Capicom ActiveX Control Remote Code Execution Vulnerability
BugTraq ID: 23782
Remote: Yes
Last Updated: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/23782
Summary:
The Microsoft CAPICOM ActiveX control is prone to a remote code-execution vulnerability.

An attacker could exploit this issue to execute code in the context of the user visiting a malicious web page.

92. RETIRED: Microsoft May 2007 Advance Notification Multiple Vulnerabilities
BugTraq ID: 23800
Remote: Yes
Last Updated: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/23800
Summary:
Microsoft has released advance notification that the vendor will be releasing seven security bulletins on May 8, 2007. The highest severity rating for these issues is 'Critical'.

Further details about these issues are not currently available. Individual BIDs will be created for each issue; this record will be removed when the security bulletins are released.

These vulnerabilities have been assigned to the following BIDs:
23810 Microsoft Exchange IMAP Command Processing Remote Denial of Service Vulnerability
23780 Microsoft Excel Filter Records Remote Code Execution Vulnerability
23809 Microsoft Exchange Base64 MIME Message Remote Code Execution Vulnerability
23808 Microsoft Exchange iCal Request Remote Denial of Service Vulnerability
23806 Microsoft Outlook Web Access Remote Script Injection Vulnerability
23804 Microsoft Word Array Remote Code Execution Vulnerability
23779 Microsoft Excel Set Font Remote Code Execution Vulnerability
23760 Microsoft Excel BIFF Record Remote Code Execution Vulnerability
23771 Microsoft Internet Explorer Object Handling Remote Code Execution Vulnerability
23836 Microsoft Word RTF Parsing Remote Code Execution Vulnerability
23826 Microsoft Office Malformed Drawing Object Remote Code Execution Vulnerability
23827 Microsoft Windows Media Server MDSAuth.DLL ActiveX Control Remote Code Execution Vulnerability
23782 Microsoft Capicom ActiveX Control Remote Code Execution Vulnerability
23772 Microsoft Internet Explorer HTML Objects Script Errors Remote Code Execution Vulnerability
23770 Microsoft Internet Explorer HTML Objects Script Errors Variant Remote Code Execution Vulnerability
23769 Microsoft Internet Explorer Property Method Remote Code Execution Vulnerability
23470 Microsoft Windows DNS Server Escaped Zone Name Parameter Buffer Overflow Vulnerability
22567 Microsoft Word 2000/2002 Document Stream Remote Code Execution Vulnerability
19529 Microsoft Internet Explorer CHTSKDIC.DLL Arbitrary Code Execution Vulnerability
21207 Acer LunchApp.APlunch ActiveX Control Remote Code Execution Vulnerability
23331 Research In Motion Blackberry TeamOn Import Object ActiveX Control Buffer Overflow Vulnerability

93. Microsoft Outlook Web Access Remote Script Injection Vulnerability
BugTraq ID: 23806
Remote: Yes
Last Updated: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/23806
Summary:
Microsoft Outlook Web Access is prone to a script-injection vulnerability because the application fails to properly handle specially crafted email attachments.

To exploit this issue, attackers must send specially crafted files through email messages to users of the affected application. When users open the file, attacker-supplied script code will be executed in the context of the affected website.

Successful exploits allow attackers to access Outlook Web Access sessions with the privileges of the targeted user. As a result, attackers may be able to obtain sensitive information and send, modify, or delete email; other attacks are also possible.

94. Microsoft Windows DNS Server Escaped Zone Name Parameter Buffer Overflow Vulnerability
BugTraq ID: 23470
Remote: Yes
Last Updated: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/23470
Summary:
Microsoft Windows Domain Name System (DNS) Server Service is prone to a stack-based buffer-overflow vulnerability in its Remote Procedure Call (RPC) interface.

A remote attacker may exploit this issue to run arbitrary code in the context of the DNS Server Service. The DNS service runs in the 'SYSTEM' context.

Successfully exploiting this issue allows attackers to execute arbitrary code, facilitating the remote compromise of affected computers.

Windows Server 2000 Service Pack 4, Windows Server 2003 Service Pack 1, and Windows Server 2003 Service Pack 2 are confirmed vulnerable to this issue.

Microsoft Windows 2000 Professional SP4, Windows XP SP2, and Windows Vista are not affected by this vulnerability.

95. Microsoft Internet Explorer Object Handling Remote Code Execution Vulnerability
BugTraq ID: 23771
Remote: Yes
Last Updated: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/23771
Summary:
Microsoft Internet Explorer is prone to a remote code-execution vulnerability.

This vulnerability is related to how the browser handles uninitialized or deleted objects. An attacker could exploit this issue to execute arbitrary code in the context of the user running the affected browser.

96. LaVague PrintBar.PHP Remote File Include Vulnerability
BugTraq ID: 23877
Remote: Yes
Last Updated: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/23877
Summary:
LaVague is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

Version 0.3 is vulnerable; other versions may also be affected.

97. Microsoft Word 2000/2002 Document Stream Remote Code Execution Vulnerability
BugTraq ID: 22567
Remote: Yes
Last Updated: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/22567
Summary:
Microsoft Word is prone to a remote code-execution vulnerability.

An attacker could exploit this issue by enticing a victim to open a malicious Word file. If the attack is successful, the attacker may be able to execute arbitrary code in the context of the currently logged-in user.

Note that this issue is distinct from previous Word vulnerabilities. This issue has been assigned CVE ID CVE-2007-0870.

98. Microsoft Windows Media Server MDSAuth.DLL ActiveX Control Remote Code Execution Vulnerability
BugTraq ID: 23827
Remote: Yes
Last Updated: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/23827
Summary:
The Microsoft Windows Media Server ActiveX control is prone to a remote code-execution vulnerability.

An attacker may exploit this issue by enticing victims into opening a maliciously crafted HTML document.

Successful exploits will allow attackers to overwrite certain files to execute arbitrary code. This will result in a complete compromise of affected computers. Failed exploit attempts will likely result in denial-of-service conditions.

99. Microsoft Office Malformed Drawing Object Remote Code Execution Vulnerability
BugTraq ID: 23826
Remote: Yes
Last Updated: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/23826
Summary:
Microsoft Office is prone to a remote code-execution vulnerability.

An attacker may exploit this issue by enticing a victim into opening a malicious Office file.

Successful exploits will allow attackers to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial-of-service conditions.

100. Microsoft Excel Set Font Remote Code Execution Vulnerability
BugTraq ID: 23779
Remote: Yes
Last Updated: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/23779
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.

An attacker can exploit this issue to execute arbitrary code in the context of a victim user running the application. A successful exploit will result in the compromise of the application and may aid in further attacks.

III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Experts scramble to quash IPv6 flaw
By: Robert Lemos
Only a few weeks after researchers raised the design issue in the next-generation Internet protocol, two drafts to the Internet Engineering Task Force propose different fixes.
http://www.securityfocus.com/news/11463

2. E-Gold charged with money laundering
By: Robert Lemos
Federal prosecutors claim the company and its owners violated federal funds transfer laws, saying it knowingly served online scammers, identity thieves and child pornographers.
http://www.securityfocus.com/news/11462

3. A Mac gets whacked, a second survives
By: Robert Lemos
Researchers use a previously unknown flaw in Apple's Safari browser to compromise a MacBook Pro and win the PWN to Own contest, but does the hack actually prove anything?
http://www.securityfocus.com/news/11461

4. MacBooks withstand mild attacks on patch day
By: Robert Lemos
On the same day that Apple releases an update for its Mac OS X, security professionals at a conference in Canada show little initial interest in attempting to crack the security of two MacBook Pros.
http://www.securityfocus.com/news/11460

IV. SECURITY JOBS LIST SUMMARY
-------------------------------
1. [SJ-JOB] Manager, Information Security, Basingstoke
http://www.securityfocus.com/archive/77/467616

2. [SJ-JOB] Security Consultant, London
http://www.securityfocus.com/archive/77/467619

3. [SJ-JOB] Security Product Manager, Blue Bell
http://www.securityfocus.com/archive/77/467629

4. [SJ-JOB] Security System Administrator, Sydney
http://www.securityfocus.com/archive/77/467597

5. [SJ-JOB] Security Engineer, Mountain View
http://www.securityfocus.com/archive/77/467601

6. [SJ-JOB] Security Consultant, Huntley
http://www.securityfocus.com/archive/77/467603

7. [SJ-JOB] Technical Support Engineer, Calgary
http://www.securityfocus.com/archive/77/467605

8. [SJ-JOB] Security Architect, San Jose (open)
http://www.securityfocus.com/archive/77/467612

9. [SJ-JOB] Developer, Calgary
http://www.securityfocus.com/archive/77/467614

10. [SJ-JOB] Application Security Engineer, Chicago
http://www.securityfocus.com/archive/77/467615

11. [SJ-JOB] Security Architect, Valley Forge
http://www.securityfocus.com/archive/77/467622

12. [SJ-JOB] Sr. Security Engineer, Central London
http://www.securityfocus.com/archive/77/467595

13. [SJ-JOB] Director, Information Security, Wilmington
http://www.securityfocus.com/archive/77/467598

14. [SJ-JOB] Security Engineer, Zurich
http://www.securityfocus.com/archive/77/467599

15. [SJ-JOB] Security Engineer, San Jose (open)
http://www.securityfocus.com/archive/77/467620

16. [SJ-JOB] Management, Cupertino
http://www.securityfocus.com/archive/77/467628

17. [SJ-JOB] Technical Support Engineer, Mountain View
http://www.securityfocus.com/archive/77/467577

18. [SJ-JOB] Software Engineer, Mountain View
http://www.securityfocus.com/archive/77/467585

19. [SJ-JOB] Senior Software Engineer, Cupertino
http://www.securityfocus.com/archive/77/467600

20. [SJ-JOB] Channel / Business Development, Boston
http://www.securityfocus.com/archive/77/467576

21. [SJ-JOB] Security Consultant, Berkshire
http://www.securityfocus.com/archive/77/467578

22. [SJ-JOB] Software Engineer, Mountain View
http://www.securityfocus.com/archive/77/467582

23. [SJ-JOB] Sr. Security Analyst, Ann Arbor
http://www.securityfocus.com/archive/77/467604

24. [SJ-JOB] Sales Engineer, New York
http://www.securityfocus.com/archive/77/467618

25. [SJ-JOB] CSO, Columbus
http://www.securityfocus.com/archive/77/467583

26. [SJ-JOB] Manager, Information Security, San Antonio
http://www.securityfocus.com/archive/77/467584

27. [SJ-JOB] Management, Calgary
http://www.securityfocus.com/archive/77/467596

28. [SJ-JOB] Sr. Security Analyst, New York City
http://www.securityfocus.com/archive/77/467586

29. [SJ-JOB] Certification & Accreditation Engineer, Alexandria
http://www.securityfocus.com/archive/77/467613

30. [SJ-JOB] Technical Support Engineer, Palo Alto
http://www.securityfocus.com/archive/77/467555

31. [SJ-JOB] Senior Software Engineer, Palo Alto
http://www.securityfocus.com/archive/77/467575

32. [SJ-JOB] Security Product Manager, Palo Alto
http://www.securityfocus.com/archive/77/467602

33. [SJ-JOB] Security System Administrator, New York
http://www.securityfocus.com/archive/77/467557

34. [SJ-JOB] Database Security Engineer, Baltimore
http://www.securityfocus.com/archive/77/467570

35. [SJ-JOB] Security Product Marketing Manager, Palo Alto
http://www.securityfocus.com/archive/77/467593

36. [SJ-JOB] Security Product Manager, Philadelphia
http://www.securityfocus.com/archive/77/467571

37. [SJ-JOB] Security Consultant, Various
http://www.securityfocus.com/archive/77/467606

38. [SJ-JOB] Manager, Information Security, Dulles
http://www.securityfocus.com/archive/77/467556

39. [SJ-JOB] Security Engineer, Washington DC
http://www.securityfocus.com/archive/77/467558

40. [SJ-JOB] VP, Information Security, Dubai
http://www.securityfocus.com/archive/77/467562

41. [SJ-JOB] Security Consultant, London / Berkshire
http://www.securityfocus.com/archive/77/467574

42. [SJ-JOB] Security Consultant, Riyadh
http://www.securityfocus.com/archive/77/467607

43. [SJ-JOB] Security Engineer, London
http://www.securityfocus.com/archive/77/467539

44. [SJ-JOB] Application Security Architect, London
http://www.securityfocus.com/archive/77/467568

45. [SJ-JOB] Security Architect, South Florida
http://www.securityfocus.com/archive/77/467572

46. [SJ-JOB] Security Product Manager, Stoneham
http://www.securityfocus.com/archive/77/467594

47. [SJ-JOB] Jr. Security Analyst, Malibu
http://www.securityfocus.com/archive/77/467621

48. [SJ-JOB] Security Engineer, Zurich
http://www.securityfocus.com/archive/77/467536

49. [SJ-JOB] Account Manager, Houston
http://www.securityfocus.com/archive/77/467547

50. [SJ-JOB] Security Auditor, London
http://www.securityfocus.com/archive/77/467569

51. [SJ-JOB] Security Engineer, Alexandria
http://www.securityfocus.com/archive/77/467535

52. [SJ-JOB] Security Engineer, Canberra
http://www.securityfocus.com/archive/77/467544

53. [SJ-JOB] Technology Risk Consultant, Virtual, Travel to Client Site
http://www.securityfocus.com/archive/77/467545

54. [SJ-JOB] Director, Information Security, St. Louis
http://www.securityfocus.com/archive/77/467527

55. [SJ-JOB] Sr. Security Engineer, Canberra
http://www.securityfocus.com/archive/77/467534

56. [SJ-JOB] Technology Risk Consultant, Virtual, Travel to Client Site
http://www.securityfocus.com/archive/77/467543

57. [SJ-JOB] Security System Administrator, Dubai
http://www.securityfocus.com/archive/77/467522

58. [SJ-JOB] Director, Information Security, Elk Grove Village
http://www.securityfocus.com/archive/77/467525

59. [SJ-JOB] Technology Risk Consultant, St. Louis
http://www.securityfocus.com/archive/77/467529

60. [SJ-JOB] CISO, Buffalo
http://www.securityfocus.com/archive/77/467533

61. [SJ-JOB] Sr. Security Analyst, Portland
http://www.securityfocus.com/archive/77/467512

62. [SJ-JOB] Security Consultant, Virtual, Travel to Client Site
http://www.securityfocus.com/archive/77/467517

63. [SJ-JOB] Application Security Architect, Washington D.C.
http://www.securityfocus.com/archive/77/467520

64. [SJ-JOB] Sr. Security Analyst, Bellevue
http://www.securityfocus.com/archive/77/467526

65. [SJ-JOB] Security System Administrator, Denton
http://www.securityfocus.com/archive/77/467532

66. [SJ-JOB] Management, Mountain View
http://www.securityfocus.com/archive/77/467510

67. [SJ-JOB] Security Architect, Bay Area
http://www.securityfocus.com/archive/77/467518

68. [SJ-JOB] Disaster Recovery Coordinator, Washington
http://www.securityfocus.com/archive/77/467519

69. [SJ-JOB] Sr. Security Analyst, Nassau County
http://www.securityfocus.com/archive/77/467528

70. [SJ-JOB] Security Engineer, Denver
http://www.securityfocus.com/archive/77/467507

71. [SJ-JOB] Director, Information Security, Boulder
http://www.securityfocus.com/archive/77/467509

72. [SJ-JOB] Manager, Information Security, Denver
http://www.securityfocus.com/archive/77/467511

V. INCIDENTS LIST SUMMARY
---------------------------
VI. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
1. Training Classes in SyScan'07
http://www.securityfocus.com/archive/82/468113

2. Weird shellcode behavior
http://www.securityfocus.com/archive/82/467795

3. TCP segments reordering and covert channels
http://www.securityfocus.com/archive/82/467765

VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
1. understanding chkrootkit and rkhunter logs
http://www.securityfocus.com/archive/91/467957

2. Center for Internet Security - Call for Participation
http://www.securityfocus.com/archive/91/467965

X. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.

XI. SPONSOR INFORMATION
------------------------
This Issue is Sponsored by: SPI Dynamics

ALERT: Ajax Security Dangers- How Hackers are attacking Ajax Web Apps
While Ajax can greatly improve the usability of a Web application, it can also create several opportunities for possible attack if the application is not designed with security in mind. Download this SPI Dynamics white paper.

https://download.spidynamics.com/1/ad/AJAX.asp?Campaign_ID=70160000000Co
Ne

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus