-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Executive Summary
- -----------------
Unprivileged local users can obtain root access on Unix systems where
the DISA SRR scripts are run. If a remote user can introduce a file
into the filesystem (e.g. anonymous ftp, http upload, cdrom, samba
share, etc.), root access may be obtained by remote, and potentially
>>> iPhone Safari phone-auto-dial (vulnerability)
>>>
>>> Vulnerability class:
>>> application logic bug
>>>
>>> Executive Summary:
>>> A malicious website can initiate a phone call without the need of user
>>> interaction. The destination phone number is chosen by the attacker.
>>>
>>> Risk: MEDIUM-HIGH
>>> Medium to high risk due to the possibility of financial gain through
Subsystem: Near Field Communication
-----------------------------
Executive Summary:
URL Spoofing when displaying the content of a NDEF
URI tag. Web browser does not display full hostname when
loading a web page.
Crash of the parser for parts of a NDEF record, reboots
Date: April 28th, 2009
URL: <http://www.positronsecurity.com/advisories/2009-001.html>
I. Executive Summary
Memcached [1] is a popular open-source, multi-platform database-
caching software program used to alleviate repetitive database
operations. It was originally developed by Danga Interactive [2].
MemcacheDB [3] is a fork of the memcached project which adds
Subsystem: Near Field Communication
-----------------------------
Executive Summary:
URI/URL Spoofing when displaying the content of a NDEF Smart Poster
and plain URI tag. Web browser does not display full hostname when
loading a web page.
Crash of the parser for various parts of NDEF records, reboots
Date: March 30th, 2009
URL: <http://www.positronsecurity.com/advisories/2009-000.html>
I. Executive Summary
MapServer [1] is a popular open-source, multi-platform program for
creating interactive map applications. It was originally developed by
the University of Minnesota with support from the U.S. National
Aeronautics and Space Administration (NASA) [2]. It is currently
>> iPhone Safari phone-auto-dial (vulnerability)
>>
>> Vulnerability class:
>> application logic bug
>>
>> Executive Summary:
>> A malicious website can initiate a phone call without the need of user
>> interaction. The destination phone number is chosen by the attacker.
>>
>> Risk: MEDIUM-HIGH
>> Medium to high risk due to the possibility of financial gain through
> iPhone Safari phone-auto-dial (vulnerability)
>
>Vulnerability class:
> application logic bug
>
>Executive Summary:
> A malicious website can initiate a phone call without the need of user
> interaction. The destination phone number is chosen by the attacker.
>
>Risk: MEDIUM-HIGH
> Medium to high risk due to the possibility of financial gain through
iPhone Safari phone-auto-dial (vulnerability)
Vulnerability class:
application logic bug
Executive Summary:
A malicious website can initiate a phone call without the need of user
interaction. The destination phone number is chosen by the attacker.
Risk: MEDIUM-HIGH
Medium to high risk due to the possibility of financial gain through
-Remote Code Execution
-Buffer Overflow
-Privilege escalation
Executive summary:
Consona products uses a propietary ActiveX site-lock mechanism that can
be defeated through XSS attacks.
Once an attacker can inject arbitrary JS code within the context of an
b. Make sure that your documentation includes a risk analysis
(without the standard FUD)
c. Make sure that your documentation includes the research on
protection of personal information and breach notification
d. Make sure that your documentation includes both technical
details as well as an executive summary for non-technical executives
And last but not least . . .
4. Make sure that you give this information to more than one person
in your company chain of command. This will ensure that it does not get
