Dark Reading Registration Ad - Top Left
DATE: May 13, 2008
LIVE EVENT: The Future of Broadband 2008
LOCATION: The Westin Times Square, New York
More Information
Home > Blogs
Blogs
I Shadow
 BY KELLY JACKSON HIGGINS
No Way 'No Viruses Found'
 MAY 9, 2008
 12:30 PM -- There's nothing reassuring about regularly clean security scans -- especially when a secondary scan shows otherwise
Botnet Public Service Announcement
Silent But Deadly Web Defacement
Bot Wars
FBI Reports Record Financial Losses to Cybercrime
Evil Bits
 BY JOHN SAWYER
Don't Trust That User Agent
 MAY 7, 2008
 4:10 PM -- AT&T and Cisco are among vendors that have been bitten by user agents
Brew Your Own COFEE
An Over-Response to Incident Response
Sales Pitch From Hell
Detecting Rogue Wireless
CS Island
 BY CSI STAFF
CSI SX: Land of Questions & Ideas
 MAY 7, 2008
 9:00 AM -- At the latest Computer Security Institute conference in Las Vegas, the questions were as tricky as the slot machines
CSI: Washington
'Defenestration' Testing
Trade Ya'
Swallow This
Firewalled
 BY TIM THE ENCHANTER
Celebrating Dark Reading's Second Birthday
 MAY 1, 2008
 4:00 PM -- On our second birthday, Dark Reading looks back - and ahead
Security's Opposite Polls
Drawing the Big Picture
Getting Ready for the Big Dance
Old Vulnerabilities Die Hard
Snake Bytes
 BY RSNAKE
Crime & Punishment
 APRIL 29, 2008
 5:30 PM -- Cybercrime's dirty little secret: why the good guys need the bad guys
The Obfuscation Generation
Snake Oil
Loss Aversion: Security's Best Friend
Clicking Is Not a Criminal Offense
Srizbi Botnet Sending Over 60 Billion Spams a Day
New Trojan Masquerades as Free MP3 Player
Crime Server Discovered Containing 1.4 Gigabytes of Stolen Data
 MORE KEYHOLE
ENTERPRISE VULNERABILITIES
Vulnerability: iGaming CMS
Published: 2008-05-09
Severity: MEDIUM
Description: sql injection
vulnerability in
poll_vote.php in igaming cms
1.5 allows remote attackers
to execute arbitrary sql
commands via the id
parameter.
Vulnerability: Cine Galleristic
Published: 2008-05-09
Severity: MEDIUM
Description: sql injection
vulnerability in index.php
in galleristic 1.0, when
magic_quotes_gpc is
disabled, allows remote
attackers to execute
arbitrary sql commands via
the cat parameter.
Vulnerability: CMS Faethon CMS Faethon
Published: 2008-05-09
Severity: MEDIUM
Description: php remote
file inclusion vulnerability
in templates/header.php in
cms faethon 2.2 ultimate
allows remote attackers to
execute arbitrary php code
via a url in the mainpath
parameter, a different
vulnerability than cve-2006-
5588 and cve-2006-3185.
Vulnerability: CMS Faethon CMS Faethon
Published: 2008-05-09
Severity: HIGH
Description: cross-site
scripting (xss)
vulnerability in search.php
in cms faethon 2.2 ultimate
allows remote attackers to
inject arbitrary web script
or html via the what
parameter. note: some of
these details are obtained
from third party
information.
Vulnerability: Tux CMS
Published: 2008-05-09
Severity: HIGH
Description: multiple
cross-site scripting (xss)
vulnerabilities in tux cms
0.1 allow remote attackers
to inject arbitrary web
script or html via the (1) q
parameter to index.php and
the (2) returnurl parameter
to tux-login.php.
POWERFUL INFORMATION
AT YOUR FINGERTIPS
(SPONSORED LINKS)
Application Security  |  Attacks / Exploits / Threats  |  Authentication  |  Botnets  |  Browser security  |  Computer crime  |  Consultants  |  Content filtering  |  DOS  |  Encryption  |  End-user monitoring   |  Hashing algorithms  |  Host Protection  |  IBM  |  Identity management  |  Industry Trends   |  Key management  |  Law enforcement  |  Legal & Regulatory Topics  |  Legislation  |  Malware  |  Market Research  |  Messaging Security  |  Microsoft  |  Penetration testing  |  Penetration testing  |  Perimeter Security  |  Phishing  |  Policy management  |  RSA  |  Security Administration / Management  |  Security Industry  |  Security Services  |  Social engineering  |  Spam  |  Spyware  |  Storage Security  |  Stored data losses  |  Symantec  |  Trojans  |  User privacy  |  Viruses  |  Vulnerabilities  |  Vulnerability assessment  |  Vulnerability management  |  Vulnerability Management  |  Web services security  |  Wireless security  |  WLANs  |  Worms
Dark Reader Weekly Newsletter
Dark Reading Daily Newsletter
 MORE INFO
Copyright © 2008 United Business Media LLC - All rights reserved.
RSS FEED  |   ARCHIVE  |   FREE NEWSLETTER  |   ORDER REPRINTS  |   ADVERTISE WITH US  |   TECHWEB  |   CONTACT US  |   USER PREFERENCES  |   HELP
Companies
3Com (15), Aventail (7), CA (16), Check Point (29), Cisco (140), Enterasys (5), F-Secure (7), F5 (5), HP (16), IBM (121), Intel (6), ISS (34), Juniper (36), Alcatel-Lucent (2), McAfee (161), Microsoft (1125), NetIQ (2), Nokia (3), Nortel (6), Oracle (41), Qualys (2), RSA (62), Secure Computing (18), Sun (8), Symantec (276), Trend Micro (26), VeriSign (33)

Application and Perimeter Security
802.11x (46), Anomaly detection (74), Anti-spam (135), Application quality assurance (27), Application scanning (138), Auditing (27), AVDL (1), Buffer overflows (101), CERT (7), Consultants (203), Cross-site scripting (158), CVE (7), Database encryption (53), Digital vaults (8), DOS (186), EAP/LEAP (1), Email gateways (187), Encryption (125), Filtering (50), Firewalls (293), FIRST (1), HIPAA (101), Host-based IDS (45), Host/server configuration (16), Host/server encryption (9), IDS (14), IDS (163), IM (69), IPS (263), ISO 17799 (8), Key management (63), Least-privilege user (46), License management (30), Malware (1232), NAC (274), Network IDS (33), NIST (16), OWASP (14), OWASP (10), Patch management (285), PCI (184), Penetration testing (189), Phishing (613), PKI (44), Rootkits (102), SAML (2), Software metering (3), Source-code auditing (72), SOX (85), SSL (171), Systems integrators (8), VPNs (247), Vulnerability assessment (683), Web App Security Consortium (8), Web App Security Consortium (17), Web application firewall (81), Web services security (522), WLANs (342), Worms (268), WPA (15), XML (27)

Desktop Security
Anti-spam (135), Antivirus (338), Application Security (1000), Attacks / Exploits / Threats (2381), Authentication (824), Browser security (671), Digital certificates (58), Digital signatures (44), Disk encryption (54), DRM (51), Encryption (565), File/folder encryption (35), Identity management (320), IM (69), Malware (1232), Messaging Security (483), PGP (5), Phishing (613), Rootkits (102), S/MIME (2), Security Administration / Management (1570), Social engineering (321), Spam (645), Spyware (249), Tokens (67), Trojans (333), User privacy (1363), Viruses (354), VOIP security (112), Vulnerabilities (2722), Vulnerability Management (396), Worms (268)

Discovery and management
Anomaly detection (74), Application scanning (138), AVDL (1), Black Hat (108), COBIT (8), Consultants (203), Content filtering (162), CVE (7), End-user monitoring (238), Filtering (50), FISMA (19), HIPAA (101), Host intrusion prevention (105), Host-based IDS (45), IDS (14), IDS (163), IPS (263), ISACA (1), ISO 17799 (8), Log aggregation (51), Network IDS (33), OWASP (10), OWASP (14), PCI (184), Penetration testing (189), Penetration testing (175), SAML (2), SIM/SEM (193), Source-code auditing (72), SOX (85), Vulnerability assessment (683), Vulnerability management (767), Web App Security Consortium (8)

Host security
802.11x (46), Application quality assurance (27), Authentication (824), Backup security (64), Biometrics (152), Buffer overflows (101), Digital certificates (58), Disk encryption (54), Encryption (565), End-user monitoring (238), HIPAA (101), Host anti-spam (76), Host anti-spyware (99), Host antivirus (108), Host intrusion prevention (105), Host Protection (462), Host-based IDS (45), Host/server configuration (16), Host/server encryption (9), Host/server patching (10), IDS (14), IEEE (4), ISO 17799 (8), Least-privilege user (46), License management (30), NAC (274), P2P management (28), Patch management (285), PGP (14), Port control (12), Single sign-on (66), Smart cards (76), Software metering (3), SOX (85), Systems integrators (8), TCG (18), Tokens (67), User privacy (1363), Vulnerability Management (396), WPA (15)

Security services
Agency application (2), Application quality assurance (27), Application scanning (138), AVDL (1), COBIT (8), Consultants (203), FISMA (19), HIPAA (101), ISO 17799 (8), Managed services (291), PCI (184), Penetration testing (175), PKI (44), Policy management (440), SIM/SEM (193), Source-code auditing (72), SOX (85), Systems integrators (8)

Storage Security
AES (11), Backup security (64), COBIT (8), Database encryption (53), DES (3), Digital vaults (8), Disk encryption (54), Encryption (125), File/folder encryption (35), FIPS-140-2 (1), FISMA (19), Hashing algorithms (15), HIPAA (101), Host/server encryption (9), Identity management (101), ISO 17799 (8), Key management (63), Law enforcement (923), Legislation (289), Offsite backup (26), PCI (184), PKI (44), SOX (85), Stored data losses (308), Systems integrators (8), Triple DES (3), User privacy (1363)

Wireless Security
802.11x (46), AES (11), Auditing (27), COBIT (8), Credential service provider (8), DES (3), Digital certificates (58), Digital signatures (44), DOS (186), EAP/LEAP (1), FISMA (19), Hashing algorithms (15), HIPAA (101), Host/server encryption (9), IEEE (4), IETF (10), ISO 17799 (8), Key management (63), NAC (274), Network IDS (33), PCI (184), Penetration testing (175), PKI (44), Port control (12), Tokens (67), Triple DES (3), VPNs (247), Vulnerability assessment (683), WLANs (342), WPA (15)