Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: VII, Issue: 21
May 22, 2008

SANS Newsletters Home

Question 1: What do CA, Symantec and IBM all have in common? They are all selling security and they each have a critical buffer overflow problem (CA and IBM) or SQL Injection problem (Symantec) in commonly used software: CA ArcServe, IBM Lotus Domino Webserver, and Symantec Altiris Deployment. Question 2: Which of the three companies has tested all or most of their software developers on secure coding skills? If you think they should, put that in your procurement specs. If you don't put programmer skill testing and source/binary code security testing (with results delivered to customers) in your procurements, you cannot really complain when they deliver software that has security flaws. Alan

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Platform Number of Updates and Vulnerabilities
    • - ------------------------ -------------------------------------
    • Third Party Windows Apps
    • 8 (#2, #5)
    • Linux
    • 3
    • HP-UX
    • 1
    • Cross Platform
    • 15 (#1, #3)
    • Web Application - Cross Site Scripting
    • 11
    • Web Application - SQL Injection
    • 25
    • Web Application
    • 29
    • Network Device
    • 2 (#4)

************************* Sponsored By SANS *****************************

Come hear how pen testing pioneers are pushing the envelope in developing new tools and techniques to find flaws. Come hear what the current trends are in malicious attacks and how pen testing processes must adapt to them. Come hear real-world testing techniques. All at the Penetration Testing and Ethical Hacking Summit June 2-3 in Las Vegas. http://www.sans.org/info/29223

*************************************************************************

TRAINING UPDATE Where can you find the newest Penetration Testing techniques, Application Pen Testing, Hacker Exploits, Secure Web Application Development, Security Essentials, Forensics, Wireless, Auditing, both new Pen Testing courses, CISSP, and SANS' other top-rated courses plus evening sessions with Internet Storm Center handlers. - - SANSFIRE 2008 in Washington DC (7/22-7/31) SANS' biggest summer program with many bonus sessions and a big exhibition of security products: http://www.sans.org/info/26774 - - London (6/2-6/7) and Amsterdam (6/16-6/21) and Brussels (6/16-6/21) http://www.sans.org/secureeurope08 - - Denver (6/7-6/13) http://www.sans.org/rockymnt2008/ - - Singapore (6/30-7/5) http://www.sans.org/singapore08/ - - Boston (8/9-8/16) http://www.sans.org/boston08/ - - and in 100 other cites and on line any time: www.sans.org

*************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Third Party Windows Apps
Linux
HP-UX
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application
Network Device
PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rohit Dhamankar at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (4) HIGH: Cisco IOS and Service Control Engine SSH DoS
  • Affected:
    • Cisco devices running certain 12.4-based IOS releases with SSH service enabled
    • Service Control Engine (SCE) 1000 and 2000 series devices with SSH enabled.

  • Description: Cisco devices are usually managed remotely via SSH protocol. The SSH server on certain Cisco IOS versions contains multiple vulnerabilities. These vulnerabilities can be exploited by an unauthenticated attacker to reload the Cisco devices. Repeated attacks would lead to a denial-of-service to the affected Cisco devices. The details about the vulnerabilities are not publicly posted. Cisco Service Control Engine device used to manage network bandwidth is also affected by multiple vulnerabilities in its SSH server. These vulnerabilities can be exploited to reload the SCE devices.

  • Status: Cisco has released fixes for the vulnerable IOS and SCE versions. A workaround is to block SSH access from the Internet to the Cisco devices' management interface.

  • References:
  • (5) HIGH: Cisco Unified Communications Manager DoS
  • Affected:
    • Cisco Unified CallManager 4.1
    • Cisco Unified Communications Manager 4.2, 4.3, 5.x, 6.x

  • Description: Cisco Unified Communications Manager, which runs on Windows platform, is the main server in a Cisco enterprise VoIP deployment. The Unified Communications Manager is responsible for the call processing and routing functions. It contains multiple denial-of-service vulnerabilities that can be triggered by (a) Sending malformed TCP packets to port 2444/tcp (b) Sending malformed SIP JOIN and INVITE requests (c) Sending malformed UDP packets to port 61441/udp (d) Sending specially crafted packets to port 3804/tcp. The Cisco advisory indicates that the malformed packets can be generated by using the ISIC tool and other protocol fuzzing tools. Note that causing a denial-of-service to Call Manager may result in loss of phone service in an enterprise.

  • Status: Cisco has released the following versions to fix the vulnerabilities: 4.1.3SR7, 4.2(3)SR4, 4.3(2), 5.1(3), 6.1(1)

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 21, 2008

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 5888 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 08.21.1 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Symantec Altiris Deployment Solution Agent User Interface Local Privilege Escalation
  • Description: Symantec Altiris Deployment Solution is software for deploying and managing servers, desktops, notebooks, thin clients, and handheld devices from a centralized location. It is available for Microsoft Windows. Symantec Altiris Deployment Solution is exposed to a local privilege escalation issue in the Altiris Deployment Solution Agent's user interface.
  • Ref: http://www.symantec.com/avcenter/security/Content/2008.05.14a.html
  • 08.21.2 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Symantec Altiris Deployment Solution Registry Keys Local Unauthorized Access
  • Description: Symantec Altiris Deployment Solution is software for deploying and managing servers, desktops, notebooks, thin clients, and handheld devices from a centralized location. It is available for Microsoft Windows. The application is exposed to a local unauthorized access issue. The problem occurs because the application creates registry keys with insufficient access security.
  • Ref: http://www.symantec.com/avcenter/security/Content/2008.05.14a.html
  • 08.21.3 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Symantec Altiris Deployment Solution Install Directory Local Privilege Escalation
  • Description: Symantec Altiris Deployment Solution is software for deploying and managing servers, desktops, notebooks, thin clients, and handheld devices from a centralized location. It is available for Microsoft Windows. The application is exposed to a local privilege escalation issue.
  • Ref: http://www.symantec.com/avcenter/security/Content/2008.05.14a.html
  • 08.21.4 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Symantec Altiris Deployment Solution Domain Credential Unauthorized Access
  • Description: Symantec Altiris Deployment Solution is software for deploying and managing servers, desktops, notebooks, thin clients, and handheld devices from a centralized location. It is available for Microsoft Windows. The application is exposed to an issue that allows unauthorized users to gain access to the affected application. This issue occurs because the application allows attackers to gain access to domain credentials without proper authorization.
  • Ref: http://www.zerodayinitiative.com/advisories/ZDI-08-025/
  • 08.21.5 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Symantec Altiris Deployment Solution Tooltip Local Privilege Escalation
  • Description: Symantec Altiris Deployment Solution is software for deploying and managing servers, desktops, notebooks, thin clients, and handheld devices from a centralized location. It is available for Microsoft Windows. The application is exposed to a local privilege escalation issue in the tooltip graphical user interface (GUI) element.
  • Ref: http://www.symantec.com/avcenter/security/Content/2008.05.14a.html
  • 08.21.6 - CVE: CVE-2007-4943
  • Platform: Third Party Windows Apps
  • Title: BaoFeng Storm "sparser.dll" ActiveX Control Multiple Remote Buffer Overflow Vulnerabilities
  • Description: BaoFeng Storm is a multimedia player. The application is exposed to multiple buffer overflow issues because it fails to perform adequate boundary checks on user-supplied data. BaoFeng Storm version 2.8 is affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 08.21.7 - CVE: CVE-2008-0957
  • Platform: Third Party Windows Apps
  • Title: PhotoStockPlus Uploader Tool ActiveX Control Multiple Stack-Based Buffer Overflow Vulnerabilities
  • Description: PhotoStockPlus is a digital photo marketplace with an image uploader tool. An ActiveX control in the image uploader tool is exposed to multiple stack-based buffer overflow issues because it fails to perform adequate boundary checks on user-supplied data.
  • Ref: http://www.kb.cert.org/vuls/id/406937
  • 08.21.8 - CVE: CVE-2008-1104
  • Platform: Third Party Windows Apps
  • Title: Foxit Reader "util.printf()" Remote Buffer Overflow
  • Description: Foxit Reader is a freely available PDF viewer for Microsoft Windows operating systems. The application is exposed to a remote buffer overflow issue because it fails to properly bounds check user-supplied data before copying it to an insufficiently sized buffer. Foxit Reader version 2.3 build 2825 is affected.
  • Ref: http://secunia.com/secunia_research/2008-18/advisory/
  • 08.21.9 - CVE: CVE-2008-2136
  • Platform: Linux
  • Title: Linux Kernel "ipip6_rcv()" Remote Denial of Service
  • Description: The Linux Kernel is exposed to a remote denial of service issue. The issue occurs due to a memory leak while parsing specially crafted IPv6 packets. Specifically, the "ipip6_rcv()" function included in the IPv6 over IPv4 tunneling driver fails to handle certain specially-crafted network packets resulting in a denial of service condition. Linux Kernel version 2.6.25.2 is affected.
  • Ref: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.3
  • 08.21.10 - CVE: CVE-2007-6712
  • Platform: Linux
  • Title: Linux Kernel "hrtimer_forward()" Local Denial of Service
  • Description: The Linux kernel is exposed to a local denial of service issue because it fails to properly handle certain large timer expiry values. This issue occurs because of inadequate checks in the "hrtimer_forward()" function of the "kernel/hrtimer.c" source file. Linux kernel versions 2.6.21-rc4 and earlier running on 64-bit architectures are affected.
  • Ref: http://rhn.redhat.com/errata/RHSA-2008-0275.html
  • 08.21.11 - CVE: Not Available
  • Platform: Linux
  • Title: libxslt XSL File Processing Buffer Overflow
  • Description: The "libxslt" library allows conversion between XML files and other textual formats. The library is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. libxslt versions 1.1.23 and earlier are affected.
  • Ref: https://bugzilla.redhat.com/show_bug.cgi?id=446809
  • 08.21.12 - CVE: CVE-2008-1660
  • Platform: HP-UX
  • Title: HP-UX "useradd" Security Bypass
  • Description: HP-UX is a Unix-based operating system. The application is exposed to a security bypass issue because it fails to properly restrict access to certain functionality. HP-UX versions B.11.11, B.11.23 and B.11.31 are affected.
  • Ref: http://www.securityfocus.com/bid/29286
  • 08.21.13 - CVE: CVE-2008-1158
  • Platform: Cross Platform
  • Title: Cisco Unified Presence Engine Service Malformed IP Packets Denial of Service
  • Description: Cisco Unified Presence collects information about a user's availability status and communications capabilities for use with the Cisco Unified Communications system. The application is exposed to a denial of service issue that occurs in the Presence Engine service. This issue occurs when handling specially-crafted IP packets.
  • Ref: http://www.cisco.com/warp/public/707/cisco-sa-20080514-cup.shtml
  • 08.21.14 - CVE: CVE-2008-1740
  • Platform: Cross Platform
  • Title: Cisco Unified Presence Engine Denial of Service
  • Description: Cisco Unified Presence collects information about a user's availability status and communications capabilities for use with the Cisco Unified Communications system. The application is exposed to a denial of service issue.
  • Ref: http://www.cisco.com/warp/public/707/cisco-sa-20080514-cup.shtml
  • 08.21.15 - CVE: CVE-2008-1742, CVE-2008-1743, CVE-2008-1744,CVE-2008-1745, CVE-2008-1746, CVE-2008-1747, CVE-2008-1748,CVE-2008-1749
  • Platform: Cross Platform
  • Title: Cisco Unified Communications Manager Multiple Denial of Service Vulnerabilities
  • Description: Cisco Unified Communications Manager (CUCM) is a software-based call-processing component of the Cisco IP telephony solution. The application was formerly named Unified CallManager. The application is exposed to multiple denial of service issues. Ref: http://www.cisco.com/warp/public/707/cisco-sa-20080514-cucmdos.shtml
  • 08.21.16 - CVE: CVE-2008-1741
  • Platform: Cross Platform
  • Title: Cisco Unified Presence SIP Proxy Denial of Service
  • Description: Cisco Unified Presence collects information about user availability and various communication capabilities on Cisco Unified Communications systems. The application is exposed to a denial of service issue. The issue occurs when the SIP Proxy service receives a TCP port scan.
  • Ref: http://www.securityfocus.com/archive/1/492092
  • 08.21.17 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Citrix Presentation Server Authentication Bypass
  • Description: Citrix Presentation Server is an access control application for Citrix desktops. The application is exposed to an unspecified authentication bypass issue. This issue is only exposed to users with authenticated access to affected servers.
  • Ref: http://support.citrix.com/article/CTX116941
  • 08.21.18 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Citrix Presentation Server ICA Protocol Weak Encryption
  • Description: Citrix Presentation Server is an access control application for Citrix desktops. The application is exposed to an issue that allows weak encryption to be used. This issue only occurs when the application is configured to use SecureICA, or ICA Basic encryption. SSL and TLS encryption methods are not affected.
  • Ref: http://support.citrix.com/article/CTX114893
  • 08.21.19 - CVE: Not Available
  • Platform: Cross Platform
  • Title: WordPress "Blog" Module "Write Tab" Arbitrary File Upload
  • Description: WordPress is a freely available application for personal publishing. The application is exposed to an arbitrary file upload issue that occurs in the "Blog" module. This issue occurs because the application fails to sufficiently sanitize user-supplied data. WordPress version 2.5.1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/492230
  • 08.21.20 - CVE: CVE-2008-2241, CVE-2008-2242
  • Platform: Cross Platform
  • Title: Computer Associates ARCserve Backup "caloggerd" and "xdr" Functions Multiple Remote Vulnerabilities
  • Description: Computer Associates ARCserve Backup is an automated backup solution that runs on various platforms. The application is exposed to multiple remote issues.
  • Ref: http://www.securityfocus.com/archive/1/492266
  • 08.21.21 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Stunnel Windows Unspecified Local Privilege Escalation
  • Description: Stunnel is an application that lets users encapsulate arbitrary TCP connections in SSL traffic. The application is exposed to a local privilege escalation issue due to an unspecified error when running as a Windows service. Stunnel versions prior to 4.23 are affected.
  • Ref: http://www.stunnel.org/news/
  • 08.21.22 - CVE: Not Available
  • Platform: Cross Platform
  • Title: FireFTP "MLSD" And "LIST" Commands Directory Traversal
  • Description: FireFTP is an FTP client for Mozilla Firefox. The application is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input data. FireFTP version 0.97.1 is affected.
  • Ref: http://vuln.sg/fireftp0971-en.html
  • 08.21.23 - CVE: Not Available
  • Platform: Cross Platform
  • Title: mtr "split.c" Remote Stack-Based Buffer Overflow
  • Description: mtr is a network diagnostic tool available for Unix, Linux and other Unix-like operating systems. The application is exposed to a remote stack-based buffer overflow issue when handling malicious DNS replies because the application fails to perform adequate boundary checks on user-supplied data.
  • Ref: http://www.securityfocus.com/archive/1/492260
  • 08.21.24 - CVE: CVE-2008-1948, CVE-2008-1949, CVE-2008-1950
  • Platform: Cross Platform
  • Title: GnuTLS Prior to 2.2.5 Multiple Remote Vulnerabilities
  • Description: GNU Transport Layer Security Library (GnuTLS) is a library that implements the TLS 1.0 and SSL 3.0 protocols. It is maintained by GNU and is available for UNIX and Linux variants. The application is exposed to multiple remote issues. GnuTLS versions prior to 2.2.5 are affected.
  • Ref: http://rhn.redhat.com/errata/RHSA-2008-0489.html
  • 08.21.25 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Stunnel OCSP Certificate Validation Security Bypass
  • Description: Stunnel is an application that lets users encapsulate arbitrary TCP connections in SSL traffic. The application is exposed to a security bypass issue because the OCSP (Online Certificate Status Protocol) functionality fails to properly check revoked certificates. Stunnel versions prior to 4.24 are affected. Ref: http://stunnel.mirt.net/pipermail/stunnel-announce/2008-May/000035.html
  • 08.21.26 - CVE: CVE-2008-2240
  • Platform: Cross Platform
  • Title: IBM Lotus Domino Web Server "Accept Language" HTTP Header Buffer Overflow
  • Description: IBM Lotus Domino is a client/server product designed for collaborative working environments. The application is exposed to a remote stack-based buffer overflow issue because it fails to properly bounds check user-supplied data before copying it to an insufficiently sized memory buffer. IBM Lotus Domino versions 6.0, 6.5, 7.0 and 8.0 are affected.
  • Ref: http://www-1.ibm.com/support/docview.wss?uid=swg21303296
  • 08.21.27 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Borland InterBase Malformed Packet Remote Stack-Based Buffer Overflow
  • Description: Borland InterBase is a scalable database application available for multiple operating platforms. The application is exposed to a remote stack-based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. Borland InterBase 2007 SP2 is affected.
  • Ref: http://www.securityfocus.com/archive/1/492330
  • 08.21.28 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: AN Guestbook "send_email.php" Cross-Site Scripting
  • Description: AN Guestbook (ANG) is a web-based video-sharing application. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "postid" parameter of the "send_email.php" script. ANG version 0.4 is affected.
  • Ref: http://www.securityfocus.com/bid/29254
  • 08.21.29 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Horde Turba Multiple Cross-Site Scripting Vulnerabilities
  • Description: Horde Turba is a PHP-based contact management application. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user-supplied input to the "object%5Bemail5D" and "object%5Btitle5D" advanced search parameters of the "addobject.php" script. Turba Content Manager version 2.1.7 is affected.
  • Ref: http://www.securityfocus.com/bid/29213
  • 08.21.30 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: PicsEngine "index.php" Cross-Site Scripting
  • Description: PicsEngine is a photo gallery application. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "l" parameter of the "index.php" script. PicsEngine version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/29214
  • 08.21.31 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Microsoft Internet Explorer "Print Table of Links" Cross Zone Script Injection
  • Description: Microsoft Internet Explorer is a web browser application available for Windows operating platforms. The application is exposed to a script injection issue because it fails to adequately sanitize user-supplied input. Internet explorer versions 7.0 and 8.0b are affected. Ref: http://aviv.raffon.net/2008/05/14/InternetExplorerQuotPrintTableOfLinksquotCrossZoneScriptingVulnerability.aspx
  • 08.21.32 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Rgboard "bbs.lib.inc.php" Cross-Site Scripting
  • Description: Rgboard is a web-based bulletin board application. The application is exposed to multiple input validation issues, including 1) a remote file include issue affecting the "site_path" parameter of the "bbs.lib.inc.php" script, and 2) a cross-site scripting issue affecting the "bbs_id" parameter of the "rg_search.php" script. Rgboard version 3.0.12 is affected.
  • Ref: http://www.securityfocus.com/bid/29230
  • 08.21.33 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: phpVID "search_results.php" Cross-Site Scripting
  • Description: phpVID is a web-based video-sharing application. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "query" parameter of the "search_results.php" script. phpVID version 1.2 is affected.
  • Ref: http://www.securityfocus.com/bid/29238
  • 08.21.34 - CVE: CVE-2008-0416
  • Platform: Web Application - Cross Site Scripting
  • Title: Mozilla Firefox/Thunderbird/SeaMonkey Character Encoding Cross-Site Scripting Vulnerabilities
  • Description: Mozilla Firefox, Thunderbird and SeaMonkey are prone to multiple cross-site scripting issues because of a design error. The HTML parser used by these applications fails to properly handle certain character encodings.
  • Ref: http://www.mozilla.org/security/announce/2008/mfsa2008-13.html
  • 08.21.35 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: dotCMS "search-results.dot" Cross-Site Scripting
  • Description: dotCMS is a web-based content manager. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "search_query" parameter of the "search-results.dot" script.
  • Ref: http://www.securityfocus.com/bid/29287
  • 08.21.36 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: AppServ Open Project "appservlang" Parameter Cross-Site Scripting
  • Description: AppServ Open Project is an installation utility that ships with an application suite made up of open source software designed to facilitate the creation of web-based applications that require dynamic content generation and an underlying database. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "appservlang" parameter of the "index.php" script. AppServ Open Project version 2.5.10 is affected.
  • Ref: http://www.securityfocus.com/archive/1/492271
  • 08.21.37 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: IBM Lotus Domino Web Server Unspecified Cross-Site Scripting
  • Description: IBM Lotus Domino is a client/server product designed for collaborative working environments. The application is exposed to an unspecified cross-site scripting issue because it fails to sanitize user-supplied input. The issue affects the servlet engine/Web container. IBM Lotus Domino versions 6.0, 6.5, 7.0 and 8.0 are affected.
  • Ref: http://www-1.ibm.com/support/docview.wss?uid=swg21303296
  • 08.21.38 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Starsgames Control Panel "index.php" Cross-Site Scripting
  • Description: Starsgames Control Panel is a web-based application. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "st" parameter of the "showtopic.php" script. Starsgames Control Panel version 4.6.2 is affected.
  • Ref: http://www.securityfocus.com/archive/1/492264
  • 08.21.39 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: StanWeb CMS "default.asp" SQL Injection
  • Description: StanWeb CMS an ASP-based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "default.asp" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/archive/1/492196
  • 08.21.40 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Archangel Management Weblog "index.php" SQL Injection
  • Description: Archangel Management Weblog is a web-log application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "post_id" parameter of the "index.php" script before using it in an SQL query. Archangel Management Weblog version 0.90.02 is affected.
  • Ref: http://www.securityfocus.com/bid/29257
  • 08.21.41 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHP-Nuke "KuiraniKerim" Module "sid" Parameter SQL Injection
  • Description: KuiraniKerim is a module for the PHP-Nuke content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "sid" parameter before using it in an SQL query.
  • Ref: http://www.securityfocus.com/archive/1/492197
  • 08.21.42 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Links Pile "link.php" SQL Injection
  • Description: Links Pile is a links exchange application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cat_id" parameter of the "link.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/29223
  • 08.21.43 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Freelance Auction Script "browseproject.php" SQL Injection
  • Description: Freelance Auction Script is a web-based auction application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "pid" parameter of the "browseproject.php" script before using it in an SQL query. Freelance Auction Script version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/29225
  • 08.21.44 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Feedback and Rating Script "detail.php" SQL Injection
  • Description: Feedback and Rating Script is a product and site rating script. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "listingid" parameter of the "detail.php" script before using it in an SQL query. Feedback and Rating Script version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/29228
  • 08.21.45 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: W1L3D4 Philboard Multiple SQL Injection Vulnerabilities
  • Description: Philboard is a web-based forum implemented in ASP. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data. Philboard version 0.5 is affected.
  • Ref: http://www.securityfocus.com/bid/29229
  • 08.21.46 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Symantec Altiris Deployment Solution Unspecified SQL Injection
  • Description: Symantec Altiris Deployment Solution is software for deploying and managing servers, desktops, notebooks, thin clients, and handheld devices from a centralized location. It is available for Microsoft Windows. The application is exposed to an unspecified SQL injection issue because it fails to sufficiently sanitize user-supplied data. Symantec Altiris Deployment Solution versions prior to 6.9.176 are affected.
  • Ref: http://www.securityfocus.com/archive/1/492229
  • 08.21.47 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Kostenloses Linkmanagementscript "id" Parameter Multiple SQL Injection Vulnerabilities
  • Description: Kostenloses Linkmanagementscript is a link manager. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "view.php" and "top_view.php" scripts before using it in an SQL query.
  • Ref: http://www.securityfocus.com/archive/1/492111
  • 08.21.48 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: SunShop Shopping Cart "index.php" SQL Injection
  • Description: SunShop Shopping Cart is a web-based ecommerce application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "index.php" script when the "action" attribute is set to "item" before using it in an SQL query. SunShop Shopping Cart version 3.5.1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/492120
  • 08.21.49 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: 68 Classifieds "category.php" SQL Injection
  • Description: 68 Classifieds is a PHP classifieds script. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cat" parameter of the "category.php" script before using it in an SQL query. 68 Classifieds version 4.0 is affected.
  • Ref: http://www.68classifieds.com/forums/showthread.php?t=4894
  • 08.21.50 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: IMGallery Multiple SQL Injection Vulnerabilities
  • Description: IMGallery is a web-based image gallery. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data. IMGallery version 2.5 is affected.
  • Ref: http://www.securityfocus.com/bid/29250
  • 08.21.51 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: How2ASP.net Webboard "showQAnswer.asp" SQL Injection
  • Description: How2ASP.net Webboard is a web-based bulletin board. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "qNo" parameter of the "showQAnswer.asp" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/29263
  • 08.21.52 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: FicHive "category" Parameter SQL Injection
  • Description: FicHive is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "category" parameter in the "index.php" script before using it in an SQL query. FicHive version 1.0 is affected.
  • Ref: http://www.milw0rm.com/exploits/5639
  • 08.21.53 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: CMS WebManager-Pro Multiple SQL Injection Vulnerabilities
  • Description: CMS WebManager-Pro is a PHP-based content manager. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "lang_id" and "menu_id" parameters of the "index.php" script.
  • Ref: http://www.securityfocus.com/bid/29266
  • 08.21.54 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: MX-System "index.php" SQL Injection
  • Description: MX-System is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "page" parameter of the "index.php" script before using it in an SQL query. MX-System version 2.7.3 is affected.
  • Ref: http://www.securityfocus.com/bid/29307
  • 08.21.55 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: MercuryBoard "login.php" SQL Injection
  • Description: MercuryBoard is a message board application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "login.php" script before using it in an SQL query. MercuryBoard version 1.1.5 is affected.
  • Ref: http://www.securityfocus.com/bid/29280
  • 08.21.56 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: AlkalinePHP "thread.php" SQL Injection
  • Description: AlkalinePHP is a site engine. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "thread.php" script before using it in an SQL query. AlkalinePHP version 00.80.00 beta is affected.
  • Ref: http://www.securityfocus.com/bid/29281
  • 08.21.57 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: EntertainmentScript "play.php" SQL Injection
  • Description: EntertainmentScript is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "play.php" script before using it in an SQL query. EntertainmentScript version 1.4.0 is affected.
  • Ref: http://www.securityfocus.com/bid/29284
  • 08.21.58 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Php-Jokesite "jokes_category.php" SQL Injection
  • Description: Php-Jokesite is web application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cat_id" parameter of the "jokes_category.php" script before using it in an SQL query. Php-Jokesite version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/29308
  • 08.21.59 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: vBulletin "faq.php" SQL Injection
  • Description: vBulletin is a commercially available web-based bulletin board. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "q" parameter of the "faq.php" script before using it in an SQL query. vBulletin version 3.7.0 Gold is affected.
  • Ref: http://www.securityfocus.com/archive/1/492290
  • 08.21.60 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Web Slider "slide" Parameter SQL Injection
  • Description: Web Slider is a PHP-based framework for hosting slides on the Internet. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "slide" parameter, when the "action" parameter is set to "slides", before using it in an SQL query. Web Slider version 0.6 is affected.
  • Ref: http://www.securityfocus.com/bid/29296
  • 08.21.61 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Site Tanitimlari Scripti Multiple SQL Injection Vulnerabilities
  • Description: Site Tanitimlari Scripti is a web-based application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data.
  • Ref: http://www.securityfocus.com/bid/29299
  • 08.21.62 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: DizaynPlus Nobetci Eczane Takip "ayrinti.asp" Parameter SQL Injection
  • Description: DizaynPlus Nobetci Eczane Takip is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "anahtar" parameter of the "ayrinti.asp" before using it in an SQL query. DizaynPlus Nobetci Eczane Takip version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/29300
  • 08.21.63 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: ComicShout "index.php" SQL Injection
  • Description: ComicShout is a PHP-based web comic application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "comic_id" parameter of the "index.php" script before using it in an SQL query. ComicShout version 2.5 is affected.
  • Ref: http://www.securityfocus.com/bid/29301
  • 08.21.64 - CVE: Not Available
  • Platform: Web Application
  • Title: Digital Hive "base_include.php" Local File Include
  • Description: Digital Hive is PHP-based forum application. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "page" parameter of the "base_include.php" script. Digital Hive version 2.0 RC2 is affected.
  • Ref: http://www.securityfocus.com/bid/29255
  • 08.21.65 - CVE: Not Available
  • Platform: Web Application
  • Title: Zomplog "install/newuser.php" Unauthorized Access
  • Description: Zomplog is a web-log application. The application is exposed to an unauthorized access issue because it fails to adequately limit access to administrative scripts. This issue affects the "install/newuser.php" script. Zomplog version 3.8.2 is affected.
  • Ref: http://www.securityfocus.com/bid/29258
  • 08.21.66 - CVE: CVE-2008-0167
  • Platform: Web Application
  • Title: GForge Insecure Temporary File Creation
  • Description: GForge is a PHP-based application for managing source code. The application runs unspecified scripts that create temporary files in an insecure way.
  • Ref: http://www.securityfocus.com/bid/29215
  • 08.21.67 - CVE: Not Available
  • Platform: Web Application
  • Title: AustinSmoke GasTracker Cookie Parameter Authentication Bypass
  • Description: AustinSmoke GasTracker is a PHP-based fuel consumption tracking application. The application is exposed to an authentication bypass issue because it fails to adequately verify user-supplied input used for cookie-based authentication.
  • Ref: http://www.securityfocus.com/bid/29224
  • 08.21.68 - CVE: Not Available
  • Platform: Web Application
  • Title: ActiveKB "auth" Cookie Parameter Authentication Bypass
  • Description: ActiveKB is a web-based knowledgebase application. The application is exposed to an authentication bypass issue because it fails to adequately verify user-supplied input used for cookie-based authentication. ActiveKB version 1.5 is affected.
  • Ref: http://www.securityfocus.com/bid/29226
  • 08.21.69 - CVE: Not Available
  • Platform: Web Application
  • Title: Internet Photoshow "login_admin" Parameter Unauthorized Access
  • Description: Internet Photoshow is a PHP-based gallery application. The application is exposed to an issue that can result in unauthorized database access. This occurs because the application grants administrative access to users that have a "login_admin" cookie parameter set to "true". Internet Photoshow Special Edition is affected.
  • Ref: http://www.securityfocus.com/bid/29227
  • 08.21.70 - CVE: Not Available
  • Platform: Web Application
  • Title: Kostenloses Linkmanagementscript Multiple Remote File Include Vulnerabilities
  • Description: Kostenloses Linkmanagementscript is a link manager. The application is exposed to multiple remote file include issues because it fails to properly sanitize user-supplied input to the "main_page_directory" and "page_to_include" parameters of the "index.php" script.
  • Ref: http://www.securityfocus.com/bid/29234
  • 08.21.71 - CVE: Not Available
  • Platform: Web Application
  • Title: Drupal Site Documentation Module Database Tables Information Disclosure
  • Description: Drupal Site Documentation is a module for the Drupal content management system. The application is exposed to an information disclosure issue because the application allows users with "access content" permission to list arbitrary tables contained in the database.
  • Ref: http://drupal.org/node/258547
  • 08.21.72 - CVE: Not Available
  • Platform: Web Application
  • Title: Rantx "admin.php" Unauthorized Access
  • Description: Rantx is a PHP-based blogging application. The application is exposed to an issue that can result in unauthorized access. The issue occurs because the application fails to verify passwords in a secure manner.
  • Ref: http://www.securityfocus.com/bid/29243
  • 08.21.73 - CVE: Not Available
  • Platform: Web Application
  • Title: Multi-Page Comment System "CommentSystemAdmin" Cookie Parameter Authentication Bypass
  • Description: Multi-Page Comment System is a content manager. The application is exposed to an authentication bypass issue because it fails to adequately verify user-supplied input used for cookie-based authentication. Multi-Page Comment System version 1.1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/29244
  • 08.21.74 - CVE: Not Available
  • Platform: Web Application
  • Title: Web Slider "admin" Cookie Parameter Authentication Bypass
  • Description: Web Slider is a framework application for the creation and publication of slide groups. The application is exposed to an authentication bypass issue because it fails to adequately verify user-supplied input used for cookie-based authentication. Web Slider version 0.6 is affected.
  • Ref: http://www.securityfocus.com/bid/29246
  • 08.21.75 - CVE: Not Available
  • Platform: Web Application
  • Title: News Manager Multiple Remote Vulnerabilities
  • Description: News Manager is a web-based RSS aggregator. The application is exposed to multiple remote issues. News Manager version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/29251
  • 08.21.76 - CVE: Not Available
  • Platform: Web Application
  • Title: Pet Grooming Management System "useradded.php" Unauthorized Access
  • Description: Pet Grooming Management System (PGMS) is a PHP-based application for managing pet stores. PGMS is exposed to an issue that can result in unauthorized access. The issue occurs because the application allows unauthorized users to add administrative accounts through the "useradded.php" script. PGMS version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/29252
  • 08.21.77 - CVE: Not Available
  • Platform: Web Application
  • Title: ACGV News "glossaire.php" Multiple Input Validation Vulnerabilities
  • Description: ACGV News is a PHP-based content manager. Since it fails to sufficiently sanitize user-supplied data, the application is exposed to multiple input validation issues. An SQL injection vulnerability as well as a cross-site scripting vulnerability affect the "id" parameter of the "gloassaire.php" script. ACGV News version 0.9.1 is affected.
  • Ref: http://www.securityfocus.com/bid/29253
  • 08.21.78 - CVE: Not Available
  • Platform: Web Application
  • Title: WR-Meeting "index.php" Local File Include
  • Description: WR-Meeting is web-based meeting application. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "msnum" parameter of the "index.php" script. WR-Meeting version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/29262
  • 08.21.79 - CVE: Not Available
  • Platform: Web Application
  • Title: Smeego Cookie Parameter Local File Include
  • Description: Smeego is a PHP-based content manager. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the Cookie "lang" parameter in the "mainfile.php" script. Smeego version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/29264
  • 08.21.80 - CVE: Not Available
  • Platform: Web Application
  • Title: AlkalinePHP "adduser.php" Security Bypass
  • Description: AlkalinePHP is a site engine. The application is exposed to a security bypass issue because it fails to properly validate user credentials before allowing access to the "adduser.php" script. AlkalinePHP versions 0.77.35 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/29267
  • 08.21.81 - CVE: Not Available
  • Platform: Web Application
  • Title: eCMS Cookie Multiple Security Vulnerabilities
  • Description: eCMS is a web-based content manager. The application is exposed to multiple security issues.
  • Ref: http://www.securityfocus.com/bid/29268
  • 08.21.82 - CVE: Not Available
  • Platform: Web Application
  • Title: LulieBlog Multiple Remote Vulnerabilities
  • Description: LulieBlog is a PHP-based web log application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter in the "visumedia.php" script. LulieBlog version 1.0.2 is affected.
  • Ref: http://www.securityfocus.com/bid/29269
  • 08.21.83 - CVE: Not Available
  • Platform: Web Application
  • Title: eCMS Multiple Security Vulnerabilities
  • Description: eCMS is a web-based content manager. eCMS is exposed to multiple issues. eCMS version 0.4.2 is affected.
  • Ref: http://www.securityfocus.com/archive/1/492279
  • 08.21.84 - CVE: Not Available
  • Platform: Web Application
  • Title: EntertainmentScript "page.php" Local File Include
  • Description: EntertainmentScript is a web-based application. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "page" parameter of the "page.php" script. EntertainmentScript version 1.4.0 is affected.
  • Ref: http://www.securityfocus.com/bid/29306
  • 08.21.85 - CVE: Not Available
  • Platform: Web Application
  • Title: GNU/Gallery "admin.php" Local File Include
  • Description: GNU/Gallery is a web-based gallery application. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "show" parameter of the "admin.php" script. GNU/Gallery versions 1.1.1.0 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/29270
  • 08.21.86 - CVE: Not Available
  • Platform: Web Application
  • Title: MeltingIce File System "admin/adduser.php" Security Bypass
  • Description: MeltingIce File System is a web-based personal file management application. The application is exposed to a security bypass issue because it fails to properly validate user credentials before allowing access to the "admin/adduser.php" script. MeltingIce File System versions 1.0 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/29271
  • 08.21.87 - CVE: Not Available
  • Platform: Web Application
  • Title: Mypicgallery "admin/addUser.php" Security Bypass
  • Description: Mypicgallery is a web-based application. The application is exposed to a security bypass issue because it fails to properly validate user credentials before allowing access to the "admin/addUser.php" script. Mypicgallery version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/29272
  • 08.21.88 - CVE: Not Available
  • Platform: Web Application
  • Title: testMaker Data Export Remote Information Disclosure
  • Description: testMaker is an application for designing and managing web-based tests. The application is exposed to a remote information disclosure issue due to an unspecified error in the data export functionality. testMaker versions prior to 3.0p10 are affected. Ref: http://sourceforge.net/project/shownotes.php?group_id=194778&release_id=599729
  • 08.21.89 - CVE: Not Available
  • Platform: Web Application
  • Title: bcoos "file" Parameter Local File Include
  • Description: bcoos is a content manager based on the E-Xoops CMS. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "file" parameter of the "class/debug/highlight.php" script. bcoos version 1.0.13 is affected. Ref: http://lostmon.blogspot.com/2008/05/bcoos-highlightphp-traversal-file.html
  • 08.21.90 - CVE: Not Available
  • Platform: Web Application
  • Title: cPanel "wwwact" Remote Privilege Escalation
  • Description: cPanel is a web-hosting control panel. The application is exposed to a remote privilege escalation issue that occurs because the application allows attackers to gain access to the application's root directory.
  • Ref: http://www.securityfocus.com/archive/1/492223
  • 08.21.91 - CVE: Not Available
  • Platform: Web Application
  • Title: microSSys CMS "PAGES[$P]" Remote File Include
  • Description: MicroSSys CMS is a PHP-based content management application. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "PAGES[$P]" parameter of the "index.php" script. MicroSSys CMS version 1.5 is affected.
  • Ref: http://www.securityfocus.com/bid/29278
  • 08.21.92 - CVE: Not Available
  • Platform: Web Application
  • Title: Mantis Multiple Input Validation Vulnerabilities
  • Description: Mantis is bug tracking software. The application is exposed to multiple input validation issues because it fails to adequately sanitize user-supplied input. Mantis version 1.1.1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/492306
  • 08.21.93 - CVE: CVE-2008-1749
  • Platform: Network Device
  • Title: Cisco Content Switching Module Layer 7 Load Balancing Denial of Service
  • Description: Cisco Content Switching Module (CSM) and Cisco Content Switching Module with SSL (CSM-S) are integrated server load balancing (SLB) line card modules included in Cisco Catalyst 6500 and Cisco Catalyst 7600. The application is exposed to denial of service issue due to a memory leak.
  • Ref: http://www.cisco.com/warp/public/707/cisco-sa-20080514-csm.shtml
  • 08.21.94 - CVE: Not Available
  • Platform: Network Device
  • Title: Aruba Mobility Controller Multiple Remote Vulnerabilities
  • Description: Aruba Mobility Controller is used to scale ArubaOS and other software modules on enterprise networks. The application is exposed to multiple remote issues. An attacker can exploit these issues to execute arbitrary script code, steal cookie-based authentication credentials and gain unauthorized access to the affected device.
  • Ref: http://www.securityfocus.com/bid/29240

(c) 2008. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

Valuable information to take back to work with me, as well as hands-on testing examples.
-Carol Jones, Office of Court Administration

vLive FOR508

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"The perfect balance of theory and hands-on experience."
- James D. Perry II, University of Tennessee

"Just amazing content and instruction, it's really a 'must do' for any info sec professional."
- Mark Austin, PHH Mortgage

"Expertise of the trainer is impressive, real life situations explained, very good manuals. Best training ever!"
- Jerry Robles de Medina, Godo CU