« November 2005 |
Main
| January 2006 »
US-CERT Cyber Security Bulletin SB2005 -- Cyber Security Bulletin 2005 Summary
Information in the US-CERT Cyber Security Bulletin is a compilation and includes information published by outside sources, so the information should not be considered the result of US-CERT analysis. Software vulnerabilities are categorized in the appropriate section reflecting the operating system on which the vulnerability was reported; however, this does not mean that the vulnerability only affects the operating system reported since this information is obtained from open-source information.
This bulletin provides a year-end summary of software vulnerabilities that were identified between January 2005 and December 2005. The information is presented only as a index with links to the US-CERT Cyber Security Bulletin the information was published in. There were 5198 reported vulnerabilities: 812 Windows operating system vulnerabilities; 2328 Unix/Linux operating vulnerabilities; and 2058 Multiple operating system vulnerabilities.
Vulnerabilities
* Windows Operating System
* Unix/ Linux Operating System
* Multiple Operating System
#
Windows Operating Systems
* 1Two Livre d'Or Input Validation Errors Permit Cross-Site Scripting
* 3Com 3CDaemon Multiple Remote Vulnerabilities
* 3Com 3CDaemon Multiple Remote Vulnerabilities (Updated)
* 3Com 3CDaemon Multiple Remote Vulnerabilities (Updated)
* 3Com 3CServer FTP Command Buffer Overflows
* 3Com Network Supervisor File Disclosure
* 7-Zip Arbitrary Code Execution
* Aaron Outpost ASP Inline Corporate Calendar Permits Remote SQL Injection
* Absolute Image Gallery XE Cross-Site Scripting
* Absolute Shopping Package Solutions Shopping Cart Cross-Site Scripting
* Access Remote PC Password Disclosure
* Acidcat CMS SQL Injection Vulnerability
* ACNews Information Disclosure
* Acoo Browser Javascript Spoofing
* Acrobat Reader Invalid-ID-Handle-Error Remote Code Execution Vulnerability
* Active News Manager Username and Password SQL Injection
* ActiveBuyandSell SQL Injection and Cross-Site Scripting
* ActiveWeb Active Auction House SQL Injection and Cross-Site Scripting Vulnerability
* Acuity CMS Cross-Site Scripting
* Acute Website Incorporated PeerFTP_5 FTP Password Disclosure
* Adaptive Hosting Solutions ProductCart Cross-Site Scripting and SQL Injection Vulnerabilities
* Adobe Acrobat and Reader File Discovery
* Adobe Acrobat and Reader File Discovery (Updated)
* Adobe Acrobat Reader Invalid-ID-Handle-Error Remote Code Execution (Updated)
* Adobe License Management Service Elevated Privilege Vulnerability
* Adobe SVG Viewer Lets Remote Users Determine if Files Exist
* Advanced Browser Javascript Spoofing
* Advanced Communications Hosting Controller Lets Remote Users Create User and Host Accounts
* Adventia Chat Cross-Site Scripting Vulnerabilities
* aeNovo Information Disclosure
* aeNovo SQL Injection or Cross-Site Scripting
* A-FAQ SQL Injection
* AhnLab V3 Antivirus Arbitrary Code Execution
* AhnLab V3 DeviceIoControl Multiple Vulnerabilities
* Allinta Cross-Site Scripting
* Altiris Deployment Solution AClient Security Bypass
* Alt-N MDaemon and WorldClient Denial of Service
* Alt-N MDaemon Directory Traversal and Arbitrary File Writing
* Alt-N Technologies MDaemon Denial of Service
* Alt-N WebAdmin Multiple Remote Vulnerabilities
* ALWIL avast! antivirus May Fail to Detect Certain Viruses
* ALWIL Software Avast! Antivirus Aavmker4 Device Driver Elevated Privileges
* ALZip Arbitrary Code Execution
* ALZip Unauthorized System Control
* AM Browser Javascript Spoofing
* AMAX Information Technologies, Inc. Magic Winmail Server Input Validation
* Amp II 3D Game Engine Remote Denial of Service
* AN HTTP Server 'cmdIS.DLL' Buffer Overflow Arbitrary Code Execution and Cross-Site Scripting Vulnerability
* AOL Instant Messenger Buddy Icon Remote Denial of Service (Updated)
* AOL Instant Messenger Smiley Icon Location Remote Denial Of Service Vulnerability
* APG Technology ClassMaster Folder Access Vulnerability
* Apple Darwin Streaming Server Denial of Service
* Apple iTunes Arbitrary Code Execution
* Apple QuickTime for Windows Denial of Service Vulnerability
* Apple 'quicktime.qts' Error in Parsing 'qtif' Images Remote Denial of Service
* Ares Arbitrary Code Execution
* ArGoSoft FTP Server 'DELE' Command Remote Buffer Overflow
* ArGoSoft FTP Server 'DELE' Command Remote Buffer Overflow (Updated)
* ArGoSoft FTP Server Discloses Username Status to Remote Users
* ArGoSoft FTP Server 'SITE COPY' Shortcut File
* Argosoft Mail Server Cross-Site Scripting and Script Insertion Vulnerabilities
* ArGoSoft Mail Server Directory Traversals
* ASP Fast Forum Cross Site Scripting
* ASP Knowledgebase SQL Injection Vulnerability
* ASP Nuke SQL Injection and Cross Site Scripting
* Asp Press ACS Blog Access Vulnerability
* ASP Resources Forum SQL Injection
* ASPBB Information Disclosure
* aspclick.it ACNews Administrative Access Vulnerability
* ASP-DEV XM Forum Cross Site Scripting
* ASP-DEv XM Forum Cross-Site Scripting Vulnerability
* ASPJar Guestbook Input Validation
* ASPjar Guestbook SQL Injection
* ASPMForum SQL Injection
* ASPNuke Cross Site Scripting
* ASPPlayground .NET Arbitrary Upload
* asppress ACS Blog Cross-Site Scripting Vulnerability
* aspReady FAQ Manager SQL Injection
* ASP-Rider SQL Injection
* Asus VideoSecurity Online Directory Traversal or Information Disclosure
* atrium software Mercur Messaging Multiple Vulnerabilities
* Avant Browser Dialog Box Origin Spoofing
* Avast! antivirus Arbitrary Code Execution
* Avaya CMS FTP Daemon Wildcard Denial of Service
* AVIRA Antivirus Arbitrary Code Execution
* BakBone NetVault Buffer Overflows Permit Remote Code Execution
* Befriendly.com Einstein Password Disclosure
* BFCommand & Control Server Managers Multiple Vulnerabilities
* BisonFTP Server Denial of Service
* BitDefender Anti-Virus Arbitrary Code Execution or Privilege Elevation
* Bjornar Henden 'Yet Another Forum.net' Input Validation Errors Permits Cross-Site Scripting
* BK Forum SQL Injection Vulnerability
* Black Cactus Warrior Kings Denial of Service and Format String Vulnerabilities
* BlueCollar Productions i-Gallery Cross-Site Scripting & Directory Traversal
* BlueWhaleCRM SQL Injection
* Bontago Game Server Nickname Remote Buffer Overflow
* Brat Designs Breed Remote Denial of Service
* BrightStor ARCserve Backup Arbitrary Code Execution or Denial of Service
* BrightStor ARCserve Backup Discovery Service Buffer Overflow
* bttlxeForum Discloses Installation Path to Remote Users
* Bugtracker.NET Unspecified SQL Injection Vulnerabilities
* BulletProof FTP Server Privilege Escalation
* Bungie Studios Halo: Combat Evolved Denial of Service Vulnerability
* Captaris Infinite Mobile Delivery Input Validation
* Capturix ScanShare Password Disclosure
* CartWIZ Cross Site Scripting
* CartWIZ Cross Site Scripting or SQL Injection
* Centra Profile Script Insertion Vulnerability
* Centrinity FirstClass Bookmark Input File Execution Vulnerability
* Cerberus FTP Server Denial of Service
* Cerulean Studios Trillian Insecure Image Data Remote Buffer Overflow
* Cerulean Studios Trillian Remote Code Execution Vulnerability
* Cerulean Studios Trillian User Information Disclosure
* CF_Nuke Cross-Site Scripting or Information Disclosure
* Chris Moneymaker's World Poker Championship Arbitrary Code Execution
* CIS WebServer Remote Directory Traversal
* Cisco Security Agent Elevated Privileges
* CiscoWorks Information Spoofing or Disclosure
* Citrix MetaFrame Conferencing Manager Access Control Vulnerability
* Citrix MetaFrame Secure Access Manager and NFuse Elite Cross-Site Scripting
* Citrix MetaFrame Security Restriction Bypassing
* Citrix Program Neighborhood Agent Two Vulnerabilities
* Citrix Program Neighborhood Client Information Disclosure
* ClearSwift MIMEsweeper Arbitrary Code Injection
* Clever's Games Terminator 3: War of the Machines Remote Buffer Overflow & Denial of Service
* Code Ocean Ocean FTP Server Multiple Connections Denial of Service
* Comersus BackOffice Multiple Vulnerabilities
* Comersus BackOffice Plus Cross-Site Scripting
* Comersus Cart Cross Site Scripting or SQL Injection
* Comersus Cart Multiple Vulnerabilities
* Comersus Cross-Site Scripting Vulnerability
* Comersus Cross-Site Scripting Vulnerability
* Community Server Cross Site Scripting
* Community Server Forums Cross Site Scripting
* Computalynx CProxy Directory Traversal & Remote Denial of Service
* Computer Associates eTrust Antivirus Integer Overflow in Processing Microsoft OLE Data Lets Remote Users Execute Arbitrary Code
* Computer Associates eTrust Intrusion Detection Denial of Service Vulnerability
* Computer Associates Unicenter Asset Management Multiple Vulnerabilities
* Computer Knacks, Inc. SendLink Password Disclosure
* Compuware DriverStudio Privilege Elevation or Arbitrary Code Execution
* Compuware Softice 'DbgMsg.sys' Remote Denial of Service
* CoolCafe 'login.asp' SQL Injection & Information Disclosure
* Cosminexus Collaboration and Groupmax Collaboration Cross-Site Scripting or Denial of Service
* Crazy Browser Javascript Spoofing
* Crob FTP Server Buffer Overflow Vulnerabilities
* Crystal FTP Pro Buffer Overflow (Updated)
* Crystal Reports/ Business Objects Enterprise Server Denial of Service
* CSystems WebArchiveX Arbitrary File Access
* Cybration ICUII Password Disclosure
* DameWare Arbitrary Code Execution
* DameWare Mini Remote Control Privilege Escalation Vulnerability
* DameWare Password Disclosure Vulnerability
* Darrel O'Neil ASP Virtual News Remote SQL Injection Vulnerability
* Dead Pirate Software SimpleCam Directory Traversal Flaw
* DelphiTurk CodeBank (KodBank) Elevated Privileges
* DelphiTurk CodeBank Password Disclosure
* DelphiTurk FTP Information Disclosure
* DG Remote Control Server Denial of Service
* Digger Solutions Intranet Open Source SQL Injection
* DivX Player Skin File Directory Traversal
* DotNetNuke Script Insertion Vulnerabilities
* Doug Luxem Liberum Help Desk "id" SQL Injection Vulnerability
* DVBBS Cross Site Scripting
* DzSoft PHP Editor Denial of Service
* Early Impact ProductCart Input Validation Flaws in Lets Remote Users Inject SQL Commands
* Ecomm Professional Guestbook "AdminPWD" SQL Injection
* Ecomm Professional Shopping Cart SQL Injection Vulnerability
* ECW-Cart Cross-Site Scripting
* Elemental Software CartWIZ SQL Injection and Cross-Site Scripting Vulnerability
* EnCase Device Configuration Overlay Data Acquisition Vulnerability
* enVivo!soft enVivo!CMS SQL Injection and Privilege Escalation
* ePolicy Information Disclosure and Privilege Elevation
* E-POST SPA-PRO Mail @Solomon IMAP Directory Traversal and Buffer Overflow
* e-Quick Cart Multiple Vulnerabilities
* Eset NOD32 Arbitrary Code Execution
* Eternal Lines Web Server Remote Denial of Service
* Eternal Lines Web Server Remote Denial of Service (Updated)
* Eudora WorldMail Server Information Disclosure
* Eurofull E-Commerce 'mensresp.asp' Cross-Site Scripting
* exdwc NewsletterEz Input Validation Vulnerability Lets Remote Users Inject SQL Commands
* eXeem Password Disclosure
* ExoticSoft FilePocket Password Disclosure
* exploitlabs WebcamXP User Redirection and Denial of Service Vulnerability
* Fast Browser Pro Javascript Spoofing
* Fastream NETFile FTP/Web Server FTP Bounce Vulnerability
* Fastream NETFile Server File Creation Vulnerability
* FastStone 4in1 Browser Information Disclosure Vulnerability
* File Transfer Anywhere Passwords Disclosure
* FileZilla Server Denial of Service
* FileZilla Server Terminal Privilege Elevation or Arbitrary Code Execution
* Firefly Studios Stronghold 2 Remote Denial of Service
* FL Studio Arbitrary Code Execution
* Fortibus CMS SQL Injection & Information Modification
* forumKIT Cross-Site Scripting
* Foxmail 'MAIL FROM:' Remote Buffer Overflow
* Free SMTP Server As Open Relay
* Freeftpd Denial of Service
* freeFTPd Denial of Service
* F-Secure Anti-Virus for Exchange and Internet Gatekeeper Directory Traversal
* F-Secure ARJ Archive Buffer Overflow
* FTGate Denial of Service or Arbitrary Code Execution
* FTPshell Server Denial of Service
* FUN labs Games Denial of Service Vulnerability
* Funduc Search and Replace Buffer Overflow
* FutureSoft TFTP Server 2000 Directory Traversal & Buffer Overflows
* Gaim File Transfer Remote Denial of Service
* GASoft Gurgens Guest Book Discloses Database and Passwords to Remote Users
* GASoft Ultimate Forum Discloses Database and Passwords to Remote Users
* GD Software SD Server Directory Traversal
* Gene6 FTP Server Insecure Critical Functionality
* GeoVision Digital Video Surveillance System Authentication Bypass
* GFI LANguard Network Security Scanner Password Disclosure
* GFi MailEssentials Denial of Service Vulnerability
* GFI MailSecurity Arbitrary Code Execution or Denial of Service
* GlobalScape CuteFTP Multiple Command Response Buffer Overflow (Updated)
* GlobalSCAPE Secure FTP Server Buffer Overflow Lets Remote Users Execute Arbitrary Code
* GlobalSCAPE Secure FTP Server Buffer Overflow Lets Remote Users Execute Arbitrary Code (Updated)
* GNU DC++ Arbitrary Files Modification Vulnerability
* GNU FileZilla Server Denial of Service Vulnerabilities
* GNU Maxthon Security ID Disclosure Vulnerability
* GNU MyServer Directory Listing and Cross-Site Scripting Vulnerability
* Golden FTP Server File and Path Disclosure
* GoodTech Systems GoodTech SMTP Server "RCPT TO" Denial of Service Vulnerability
* GoodTech Systems Telnet Server for Windows NT/2000/XP/2003 Remote Buffer Overflow
* GoodTech's SMTP Server Arbitrary Code Execution
* Google Talk Denial Of Service
* GoSurf Browser Javascript Spoofing
* Gracebyte Network Assistant Remote Denial of Service
* GraphOn GO-Global For Windows Denial of Service or Arbitrary Code Execution
* Groove Virtual Office / Workspace Multiple Vulnerabilities
* Halocon Remote Denial of Service
* Handy Address Book Server Cross-Site Scripting
* Handy Address Book Server Cross-Site Scripting (Updated)
* Hauri Arbitrary Code Execution
* Hitachi Multiple Hibun Products Security Restriction Bypass
* Home FTP Server Arbitrary File Access
* Hosting Controller Credit Modification or Account Creation
* Hosting Controller Error.ASP Cross Site Scripting
* Hosting Controller Information Disclosure
* Hosting Controller Multiple Information Disclosure
* Hosting Controller Multiple Vulnerabilities
* Hosting Controller 'resellerresources.asp' SQL Injection
* Hosting Controller 'UserProfile.asp' Authentication Bypass
* HP VCRM Password Disclosure
* HTMLJunction EZGuestbook Discloses Database to Remote Users
* Hyper Estraier Information Disclosure
* IA eMailServer Denial of Service
* Iatek PortalApp Cross-Site Scripting Vulnerabilities
* Iatek PortalApp SQL Injection and Cross-Site Scripting Vulnerabilities
* Iatek SiteEnable SQL Command Injection and Cross-Site Scripting Vulnerabilities
* IBM DB2 Denial of Service & Information Disclosure
* IBM Rational ClearQuest Multiple Cross-Site Scripting
* IBM WebSphere Application Server File Servlet Source Code Disclosure
* IBM WebSphere Application Server JSP Engine Source Code Disclosure
* IceWarp Web Mail Cross Site Scripting or Directory Traversal
* IceWarp Web Mail Multiple Remote
* IceWarp Web Mail Multiple Remote Vulnerabilities (Updated)
* iCMS Cross-Site Scripting or SQL Injection
* IISWorks ASPKnowledgeBase Cross-Site Scripting
* IISWorks.com ASP KnowledgeBase Database Disclosure
* IISWorks.com ASP Webmail Database Disclosure
* IISWorks.com Fileman Database Disclosure
* IISWorks.com ListPics Database Disclosure
* IMRadio Password Disclosure
* INCA nProtect Gameguard Unauthorized Read/Write Access
* INCA nProtect Gameguard Unauthorized Read/Write Access (Updated)
* India Software Solution Shopping Cart 'signin.asp' SQL Injection
* Indiatimes Messenger Denial of Service
* InnerMedia DynaZip Arbitrary Code Execution
* Internet Explorer Arbitrary Code Execution
* Intersoft NetTerm Remote Code Execution (Updated)
* Ipswitch IMail Server IMAP EXAMINE Command Remote Buffer Overflow
* Ipswitch IMail Server Multiple Vulnerabilities
* Ipswitch IMail Server Multiple Vulnerabilities (Updated)
* Ipswitch IMail Server Remote Buffer Overflow (Updated)
* Ipswitch IMailMailEnable Denial of Service
* Ipswitch WhatsUp Multiple Vulnerabilities
* Ipswitch WhatsUp Professional SQL Injection Vulnerability
* Ivory.org Whisper 32 Password Disclosure
* IVT BlueSoleil Directory Traversal Vulnerability
* Jeuce Personal Web Server Directory Traversal & Denial of Service
* Jeuce Personal Web Server Remote Denial of Service
* JiRo's Upload System Input Validation Vulnerability Lets Remote Users Inject SQL Commands
* JoWood Chaser Remote Buffer Overflow
* JoWood Productions Soldner Secret Wars Multiple Remote Vulnerabilities
* JView Profiler Arbitrary Code Execution
* KarjaSoft Sami HTTP Server Input Validation Holes
* Kaspersky Anti-Virus Klif.Sys Privilege Escalation Vulnerability
* Kerio Personal Firewall Access Vulnerability
* Kerio Personal Firewall and Server Firewall Denial of Service
* Kerio Products Password Brute Force and Denial of Service
* Kerio WinRoute Firewall Security Restriction Bypassing
* Keyvan1 ImageGallery Information Disclosure Vulnerability
* KF Web Server Directory Listings Disclosure
* KillProcess Arbitrary Code Execution
* K-Meleon Denial of Service
* K-Meleon Denial of Service (Update)
* Kmint Software Golden FTP Server 'USER" Remote Buffer Overflow
* KMiNT21 Software Golden FTP Server RNTO Command Buffer Overflow
* KMiNT21 Software Golden FTP Server RNTO Command Buffer Overflow (Updated)
* LeapFTP Arbitrary Code Execution
* Lightspeed Technologies DeluxeFTP Information Disclosure Vulnerability
* LionMax Software Chat Anywhere Password Disclosure
* livingmailing Input Validation Hole Lets Remote Users Inject SQL Commands
* LocazoList Classifieds Cross-Site Scripting
* LogiSphere Denial of Service
* Loki Download Manager SQL Injection
* LS Games War Times Denial of Service
* M. Dev Software ZipGenius Remote File Creation Vulnerability
* Macallan Mail Solution Denial of Service Vulnerability
* Macromedia Breeze Communication Server Denial of Service
* Macromedia Breeze Information Disclosure
* Macromedia Contribute Publishing Server Information disclosure
* Macromedia Products eLicensing Function Escalated Privilege Vulnerability
* Magnus Lundvall Yawcam Information Disclosure Vulnerability
* MailEnable Arbitrary Code Execution
* MailEnable Arbitrary Code Execution
* MailEnable Arbitrary Code Execution
* MailEnable Arbitrary Code Execution (Updated)
* MailEnable Arbitrary Code Execution or Denial of Service
* MailEnable Denial of Service
* MailEnable Denial of Service
* MailEnable Denial of Service Vulnerability
* MailEnable HTTPMail Vulnerability
* MailEnable IMAP "LOGIN" Command Buffer Overflow Vulnerability
* MailEnable Professional Arbitrary Code Execution
* MailEnable Standard SMTP Format String Vulnerability
* MailEnable Unspecified SMTP Authentication Denial of Service
* MailSite Express Arbitrary Code Execution
* Mall23 SQL Injection
* Mall23 SQL Injection (Updated)
* Massimiliano Montoro Cain Abel Buffer Overflow Causes Remote Code Execution
* MaxWebPortal Cross-Site Scripting and SQL Injection
* MaxWebPortal Input Validation Hole in 'password.asp' Permits SQL Injection
* MaxWebPortal SQL Injection and Cross-Site Scripting Vulnerabilities
* MaxWebPortal SQL Injection and Privilege Escalation
* McAfee Internet Security Suite Elevated Privilege Vulnerability
* McAfee IntruShield Security Management System Cross Site Scripting & Information Disclosure
* McAfee Security Management System Elevated Privileges or Cross Site Scripting
* Media Online Store Portal SQL Injection Vulnerability
* Media2 CMS Shop SQL Injection
* Merak Mail Server Arbitrary File Access
* Mercury Mail Arbitrary Code Execution
* MercurySteam Scrapland Game Server Remote Denials of Service
* Metalinks MetaBid Three SQL Injection Vulnerabilities
* Metalinks MetaCart Multiple SQL Injection Vulnerabilities
* Microsoft ActiveSync Information Disclosure or Denial of Service
* Microsoft Agent Could Allow Spoofing
* Microsoft Agent Could Allow Spoofing
* Microsoft ASP.NET Canonicalization (Updated)
* Microsoft ASP.NET Canonicalization (Updated)
* Microsoft ASP.NET Canonicalization (Updated)
* Microsoft ASP.NET Canonicalization (Updated)
* Microsoft ASP.NET Unicode Character Conversion Multiple Cross-Site Scripting
* Microsoft ASP.NET ViewState Denial of Service and Security Bypass
* Microsoft Client Service for NetWare Arbitrary Code Execution
* Microsoft Client Service for NetWare Arbitrary Code Execution (Updated)
* Microsoft Collaboration Data Objects Arbitrary Code Execution
* Microsoft DirectX DirectShow Arbitrary Code Execution
* Microsoft DirectX DirectShow Arbitrary Code Execution (Updated)
* Microsoft DirectX DirectShow Arbitrary Code Execution (Updated)
* Microsoft DirectX DirectShow Arbitrary Code Execution (Updated)
* Microsoft DirectX DirectShow Arbitrary Code Execution (Updated)
* Microsoft DirectX DirectShow Arbitrary Code Execution (Updated)
* Microsoft Excel Arbitrary Code Execution
* Microsoft Exchange Server 2003 Denial of Service
* Microsoft Exchange Server Nested Subfolders Remote Denial of Service
* Microsoft Exchange Server Remote Code Execution Vulnerability
* Microsoft Exchange Server Remote Code Execution Vulnerability (Updated)
* Microsoft Exchange Server Remote Code Execution Vulnerability (Updated)
* Microsoft FrontPage 2000 DAV File Upload
* Microsoft FrontPage Denial of Service
* Microsoft HTML Help Could Allow Remote Code Execution
* Microsoft IIS Denial of Service
* Microsoft Internet Explorer AddChannel Cross-Zone Scripting
* Microsoft Internet Explorer Arbitrary Code Execution
* Microsoft Internet Explorer Arbitrary Code Execution
* Microsoft Internet Explorer Arbitrary Code Execution
* Microsoft Internet Explorer Arbitrary Code Execution
* Microsoft Internet Explorer Arbitrary Code Execution
* Microsoft Internet Explorer Arbitrary Code Execution
* Microsoft Internet Explorer Arbitrary Code Execution (Updated)
* Microsoft Internet Explorer Arbitrary Code Execution (Updated)
* Microsoft Internet Explorer Arbitrary Code Execution (Updated)
* Microsoft Internet Explorer Arbitrary Code Execution (Updated)
* Microsoft Internet Explorer Arbitrary Code Execution (Updated)
* Microsoft Internet Explorer Arbitrary Code Execution (Updated)
* Microsoft Internet Explorer Could Allow Remote Code Execution
* Microsoft Internet Explorer Denial of Service
* Microsoft Internet Explorer Denial of Service
* Microsoft Internet Explorer Denial of Service (Updated)
* Microsoft Internet Explorer DHTML Edit Control Script Injection (Updated)
* Microsoft Internet Explorer DHTML Edit Control Script Injection (Updated)
* Microsoft Internet Explorer DHTML Edit Control Script Injection (Updated)
* Microsoft Internet Explorer Dialog Origin Spoofing Vulnerability
* Microsoft Internet Explorer Dialog Origin Spoofing Vulnerability (Updated)
* Microsoft Internet Explorer Dynamic IFRAME Security Bypass
* Microsoft Internet Explorer Favorites List
* Microsoft Internet Explorer FTP Download Directory Traversal
* Microsoft Internet Explorer HREF Tag Mouse Event
* Microsoft Internet Explorer Information Disclosure
* Microsoft Internet Explorer Information Disclosure
* Microsoft Internet Explorer Information Disclosure (Updated)
* Microsoft Internet Explorer JavaScript OnLoad Handler Remote Denial of Service
* Microsoft Internet Explorer Lets Remote Users Hide Scripting Code
* Microsoft Internet Explorer Malformed 'File:' URI Denial of Service
* Microsoft Internet Explorer MSHTML.DLL CSS Handling Remote Denial of Service
* Microsoft Internet Explorer Remote Code Execution Vulnerability
* Microsoft Internet Explorer Remote Code Execution Vulnerability (Updated)
* Microsoft Internet Explorer Remote Information Disclosure
* Microsoft Internet Explorer Restricted Sites Malformed URI Remote Denial of Service
* Microsoft Internet Explorer Script-initiated Pop-up Windows Spoofing
* Microsoft Internet Explorer Unauthorized Access
* Microsoft Internet Explorer Unauthorized Access (Updated)
* Microsoft Internet Explorer Unauthorized Access (Updated)
* Microsoft Internet Explorer Unauthorized Access (Updated)
* Microsoft Internet Explorer Vulnerabilities
* Microsoft Internet Explorer Vulnerabilities (Updated)
* Microsoft Internet Explorer Web Folder Behaviors Information Disclosure or Arbitrary Code Execution
* Microsoft Internet Information Server HTTP Response Smuggling
* Microsoft IPV6 TCPIP Loopback LAND Denial of Service Vulnerability
* Microsoft ISA Access and Elevation of Privilege Vulnerabilities
* Microsoft ISA Server in SecureNAT Configuration Denial of Service
* Microsoft Jet Database Remote Code Execution Vulnerability
* Microsoft Jet Database Remote Code Execution Vulnerability (Updated)
* Microsoft Jet Database Remote Code Execution Vulnerability (Updated)
* Microsoft JView Profiler Arbitrary Code Execution (Updated)
* Microsoft Log Sink Class ActiveX Control
* Microsoft Media Player & Windows/MSN Messenger PNG Processing
* Microsoft Media Player & Windows/MSN Messenger PNG Processing (Updated)
* Microsoft Media Player & Windows/MSN Messenger PNG Processing (Updated)
* Microsoft Media Player & Windows/MSN Messenger PNG Processing (Updated)
* Microsoft Media Player & Windows/MSN Messenger PNG Processing (Updated)
* Microsoft Media Player & Windows/MSN Messenger PNG Processing (Updated)
* Microsoft MSN Messenger / Internet Explorer Application Crash
* Microsoft MSN Messenger Remote Code Execution Vulnerability
* Microsoft MSN Messenger Remote Code Execution Vulnerability (Updated)
* Microsoft MSRPC Information Disclosure
* Microsoft NetDDE Remote Code Execution (Updated)
* Microsoft Network Connection Manager Denial of Service
* Microsoft Network Connection Manager Denial of Service (Updated)
* Microsoft Office Denial of Service
* Microsoft Office InfoPath 2003 Information Disclosure Vulnerability
* Microsoft Office RC4 Stream Cipher
* Microsoft Office URL File Location Handling Buffer Overflow
* Microsoft Office URL File Location Handling Buffer Overflow (Updated)
* Microsoft Office URL File Location Handling Buffer Overflow (Updated)
* Microsoft Office URL File Location Handling Buffer Overflow (Updated)
* Microsoft Outlook 2002 Connector For IBM Lotus Domino Policy Bypass Vulnerability
* Microsoft Outlook and Outlook Web Access Email Spoofing Vulnerability
* Microsoft Outlook Express Could Allow Remote Code Execution
* Microsoft Outlook Express Could Allow Remote Code Execution (Updated)
* Microsoft Outlook Express Could Allow Remote Code Execution (Updated)
* Microsoft Outlook Express Information Disclosure or System Crash
* Microsoft Outlook Web Access for Exchange Server 5.5 Could Allow Cross-Site Scripting Attacks
* Microsoft Outlook Web Access URI Redirection
* Microsoft Plug and Play Arbitrary Code Execution or Elevated Privileges
* Microsoft Plug and Play Arbitrary Code Execution or Elevated Privileges (Updated)
* Microsoft Plug and Play Arbitrary Code Execution or Elevated Privileges (Updated)
* Microsoft Remote Desktop Protocol Denial of Service
* Microsoft Server Message Block Could Allow Remote Code Execution
* Microsoft SMTP Remote Code Execution (Updated)
* Microsoft SMTP Remote Code Execution (Updated)
* Microsoft SQL Server 2000 Multiple Vulnerabilities
* Microsoft Step-by-Step Interactive Training Could Allow Remote Code Execution
* Microsoft Telephony Service Remote Code Execution
* Microsoft Telnet Client Could Allow Information Disclosure
* Microsoft Update Rollup 1 for Windows 2000 SP4
* Microsoft Web Client Service Could Allow Remote Code Execution
* Microsoft Windows 2000 Group Restriction Bypass
* Microsoft Windows ANI File Parsing Errors (Updated)
* Microsoft Windows ANI File Parsing Errors (Updated)
* Microsoft Windows ANI File Parsing Errors (Updated)
* Microsoft Windows ANI File Parsing Errors (Updated)
* Microsoft Windows ANI File Parsing Errors (Updated)
* Microsoft Windows ANI File Parsing Errors (Updated)
* Microsoft Windows ANI File Parsing Errors (Updated)
* Microsoft Windows Color Management Module Buffer Overflow or Arbitrary Code Execution
* Microsoft Windows Color Management Module Buffer Overflow or Arbitrary Code Execution (Updated)
* Microsoft Windows CreateRemoteThread Denial of Service
* Microsoft Windows Drag and Drop
* Microsoft Windows EMF File Denial of Service Vulnerability
* Microsoft Windows EMF File Denial of Service Vulnerability (Updated)
* Microsoft Windows Explorer and Internet Explorer Denial of Service Vulnerability
* Microsoft Windows Explorer Preview Pane Script Injection Vulnerability
* Microsoft Windows Explorer Preview Pane Script Injection Vulnerability (Updated)
* Microsoft Windows FTP Client Arbitrary File Control
* Microsoft Windows FTP Client Arbitrary File Control (Updated)
* Microsoft Windows Graphics Rendering Engine Arbitrary Code Execution
* Microsoft Windows HTML Help ActiveX Control
* Microsoft Windows HTML Help ActiveX Control (Updated)
* Microsoft Windows Hyperlink Object Library Buffer Overflow
* Microsoft Windows Hyperlink Object Library Buffer Overflow (Updated)
* Microsoft Windows Hyperlink Object Library Buffer Overflow (Updated)
* Microsoft Windows Image Rendering Denial of Service Vulnerability
* Microsoft Windows Indexing Service Buffer Overflow
* Microsoft Windows Indexing Service Buffer Overflow (Updated)
* Microsoft Windows Kerberos PKINIT Information Disclosure or Denial of Service
* Microsoft Windows Kerberos PKINIT Information Disclosure or Denial of Service
* Microsoft Windows Kernel Denial Of Service
* Microsoft Windows Kernel Elevation of Privilege and Denial of Service Vulnerabilities
* Microsoft Windows Kernel Elevation of Privilege and Denial of Service Vulnerabilities (Updated)
* Microsoft Windows Kernel Elevation of Privilege and Denial of Service Vulnerabilities (Updated)
* Microsoft Windows LAND Attack Remote Denial of Service
* Microsoft Windows License Logging Service Buffer Overflow
* Microsoft Windows License Logging Service Buffer Overflow (Updated)
* Microsoft Windows License Logging Service Buffer Overflow (Updated)
* Microsoft Windows License Logging Service Buffer Overflow (Updated)
* Microsoft Windows License Logging Service Buffer Overflow (Updated)
* Microsoft Windows LoadImage API Buffer Overflow (Updated)
* Microsoft Windows LoadImage API Buffer Overflow (Updated)
* Microsoft Windows LoadImage API Buffer Overflow (Updated)
* Microsoft Windows Local Denial Of Service Vulnerability
* Microsoft Windows Media Player May Allow Redirection
* Microsoft Windows Message Queuing Remote Code Execution Vulnerability
* Microsoft Windows Message Queuing Remote Code Execution Vulnerability (Updated)
* Microsoft Windows Message Queuing Remote Code Execution Vulnerability (Updated)
* Microsoft Windows MSDTC and COM+ Privilege Elevation, Arbitrary Code Execution, or Denial of Service
* Microsoft Windows MSDTC and COM+ Privilege Elevation, Arbitrary Code Execution, or Denial of Service (Updated)
* Microsoft Windows MSDTC and COM+ Privilege Elevation, Arbitrary Code Execution, or Denial of Service (Updated)
* Microsoft Windows MSDTC and COM+ Privilege Elevation, Arbitrary Code Execution, or Denial of Service (Updated)
* Microsoft Windows Network Connections Manager Library Denial of Service
* Microsoft Windows NTFS File Block Initialization
* Microsoft Windows OLE / COM Remote Code Execution
* Microsoft Windows Plug and Play Arbitrary Code Execution
* Microsoft Windows Plug and Play Arbitrary Code Execution (Updated)
* Microsoft Windows Plug and Play Arbitrary Code Execution (Updated)
* Microsoft Windows Print Spooler Arbitrary Code Execution
* Microsoft Windows Privilege Elevation
* Microsoft Windows Privilege Elevation (Updated)
* Microsoft Windows Remote Desktop Denial of Service
* Microsoft Windows Remote Desktop Protocol Private Key Disclosure
* Microsoft Windows Remote Desktop Protocol Server Private Key Disclosure
* Microsoft Windows Remote Desktop 'TSShutdn.exe' Denial of Service Vulnerability
* Microsoft Windows Resource Kit 'w3who.dll' Buffer Overflow & Input Validation (Updated)
* Microsoft Windows Server 2003 Local Denial of Service Vulnerabilities
* Microsoft Windows SharePoint Services Cross-Site Scripting & Spoofing
* Microsoft Windows SharePoint Services Cross-Site Scripting & Spoofing (Updated)
* Microsoft Windows Shell Arbitrary Code Execution
* Microsoft Windows Shell Arbitrary Code Execution (Updated)
* Microsoft Windows Shell Remote Code Execution (Updated)
* Microsoft Windows Shell Remote Code Execution Vulnerability
* Microsoft Windows Shell Remote Code Execution Vulnerability (Updated)
* Microsoft Windows SMB Buffer Overflow
* Microsoft Windows SMB Buffer Overflow (Updated)
* Microsoft Windows SMB Buffer Overflow (Updated)
* Microsoft Windows SMB Buffer Overflow (Updated)
* Microsoft Windows TCP/IP Remote Code Execution and Denial of Service Vulnerabilities
* Microsoft Windows TCP/IP Remote Code Execution and Denial of Service Vulnerabilities (Updated)
* Microsoft Windows TCP/IP Remote Code Execution and Denial of Service Vulnerabilities (Updated)
* Microsoft Windows TCP/IP Remote Code Execution and Denial of Service Vulnerabilities (Updated)
* Microsoft Windows USB Driver Buffer Overflow
* Microsoft Windows 'User32.DLL' Icon Handling Remote Denial of Service
* Microsoft Windows XP Named Pipe Information Disclosure
* Microsoft Windows XP Windows Management Instrumentation Denial of Service
* Microsoft Windows XP Wireless Zero Configuration Service Information Disclosure
* Microsoft WINS Name Validation (Updated)
* Microsoft WINS Name Validation (Updated)
* Microsoft Word Buffer Overflow or Arbitrary Code Execution
* Microsoft Word MCW File Handler Buffer Overflow Vulnerability
* Microsoft Word Remote Code Execution & Escalation of Privilege Vulnerabilities (Updated)
* Microsoft Word Remote Code Execution and Escalation of Privilege Vulnerabilities
* Microsoft Word Remote Code Execution and Escalation of Privilege Vulnerabilities (Updated)
* Microsoft Word Remote Code Execution and Escalation of Privilege Vulnerabilities (Updated)
* Microsoft Word Remote Code Execution and Escalation of Privilege Vulnerabilities (Updated)
* MindAlign Multiple Vulnerabilities
* Miranda IM PopUp Plus Plugin Remote Code Execution Vulnerability
* Miranda IM PopUp Plus Plugin Remote Code Execution Vulnerability (Updated)
* Mozilla Bugzilla Internal Error
* Mozilla Firefox Download Dialog Spoofing Vulnerabilities
* MS ASP.NET Denial of Service
* MSN Messenger Protocol Denial of Service
* Multi-Computer Control System Denial of Service
* Multiple Vendor Arbitrary Code Execution
* Multiple Vendor ZoneAlarm Denial of Service
* Multiple Vendors Mozilla/Netscape/Firefox Browser Modal Dialog Spoofing
* Multiple Vendors Mozilla/Netscape/Firefox Browser Modal Dialog Spoofing (Updated)
* Musicmatch Jukebox Elevated Privilege and Cross-Site Scripting Vulnerabilities
* My Album Information Disclosure
* MyInternet Browser Javascript Spoofing
* Mysoft Technology Maxthon "m2_search_text" Information Disclosure Vulnerability
* MyTemplateSite Cross-Site Scripting
* NateOn Messenger Arbitrary Code Execution or Denial of Service
* Naxtor e-Directory Cross-Site Scripting or SQL Injection
* Naxtor Shopping Cart Cross-Site Scripting or SQL Injection
* Neslo Desktop Rover Denial of Service Vulnerability
* NetAuctionHelp Auction Software Cross-Site Scripting
* NetCaptor Browser Javascript Spoofing
* NetCPlus BusinessMail Server SMTP Command Validation Error Remote Denial of Service
* NetLeaf Limited NotJustBrowsing Discloses Application Passwords
* NetManage RUMBA Profile Handling Multiple Buffer Overflow
* NetManage RUMBA Profile Handling Multiple Buffer Overflow (Updated)
* NetObjects Fusion Information Disclosure
* Netscape Browser Information Disclosure Vulnerability
* Netscape Denial of Service
* Netscape IDN Implementation URL Spoof
* NetWin DMail Errors Let Remote Users Bypass Authentication and Execute Code
* NetworkActiv Web Server Cross-Site Scripting
* Network-Client.com FTP Now Local Information Disclosure Vulnerability
* Newmad Technologies PicoWebServer Remote Buffer Overflow
* NEXTWEB (i)Site Discloses Database and Passwords to Remote Users and Permits SQL Injection
* NodeManager SNMPv1 traps Buffer Overflow
* NodeManager SNMPv1 traps Buffer Overflow (Updated)
* Nortel Contivity VPN Client Password Disclosure Vulnerability
* Nortel Contivity VPN Client Password Disclosure Vulnerability (Updated)
* Nortel VPN Client Privilege Elevation
* Notify Technology NotifyLink Enterprise Server Multiple Vulnerabilities
* NotJustBrowsing Browser Javascript Spoofing
* Novell eDirectory Can Be Crashed With Requests Containing MS-DOS Device Names
* Novell eDirectory Denial of Service or Unauthorized File Access
* Novell eDirectory Security Bypass
* Novell GroupWise Arbitrary Code Execution
* Novell GroupWise Client Local Password Disclosure
* Novell Nsure Audit Denial of Service Vulnerability
* Nullsoft Winamp Malformed MP4 Remote Denial of Service (Updated)
* Nullsoft Winamp Multiple Unspecified Vulnerabilities
* Nullsoft Winamp Variant IN_CDDA.dll Remote Buffer Overflow
* OASYS Lite Cross-Site Scripting
* Ocean12 Calendar Manager Pro Authentication Bypassing
* Ocean12 Calendar Manager SQL Injection Vulnerability
* Ocean12 Mailing List Manager Remote SQL Injection
* Ocean12 Membership Manager Pro Cross-Site Scripting and SQL Injection Vulnerability
* OKBSYS Lite Cross-Site Scripting
* Oleh Yuschuk OllyDbg Error in Loading Causes Denial of Service Vulnerability
* Omni Browser Javascript Spoofing
* OneWorldStore Denial of Service Vulnerability
* OneWorldStore Information Disclosure Vulnerability
* OneWorldStore Multiple Vulnerabilities
* OpenConnect Systems WebConnect Remote Denial of Service and Information Disclosure
* OpenConnect Systems WebConnect Remote Denial of Service and Information Disclosure (Updated)
* Opera 'data:' URI Handler Spoofing
* Opera Web Browser Download Dialog File Manipulation
* Optimal Desktop Javascript Spoofing
* Orenosv HTTP/FTP Server Buffer Overflows
* Orvado ASP Nuke SQL Injection and Cross-Site Scripting Vulnerabilities
* OS4E 'LOGIN.ASP' SQL Injection
* Painkiller Buffer Overflow Remote Denial of Service
* Panda Software Antivirus Library ZOO Archive Heap Overflow
* pcAnywhere Authentication Denial of Service Vulnerability
* Peer2Mail Password Disclosure
* Peer2Mail Password Disclosure (Updated)
* Pegasus Mail Arbitrary Code Execution
* Perception LiteWeb Protected File Access Vulnerability
* Piotr Kowalski LANChat Pro Remote Denial of Service
* PlatinumFTPServer Malformed User Name Connection Remote Denial of Service
* PMSoftware Simple Web Server Buffer Overflow Permits Remote Code Execution
* PMSoftware Simple Web Server Remote Code Execution Vulnerability (Updated)
* PowerArchiver Arbitrary Code Execution
* PPP Infotech netMailshar Professional Two Vulnerabilities
* Pragma TelnetServer Lets Remote Users Hide Log Entries
* Prevx Pro File Modification & Driver Spoofing
* PrivaShare Denial of Service
* Process Explorer Arbitrary Code Execution
* ProRat Server Arbitrary Code Execution
* PY Software Active Webcam Webserver Remote Denials of Service & Information Disclosure
* Qualcomm Eudora E-mail, Stationary/Mailbox Files Remote Code Execution
* Quick 'n Easy FTP Server Denial of Service
* RaidenHTTPD Directory Traversal
* RaidenHTTPD Multiple Remote Vulnerabilities
* Randy Wable datatrac Denial of Service Vulnerability
* RARLAB WinRAR Directory Traversal
* Raysoft Video Cam Server Multiple Vulnerabilities
* RealArcade Vulnerabilities
* RealNetworks Realplayer Enterprise Buffer Overflow Vulnerability
* RealPlayer Enterprise Arbitrary Code Execution
* RealPlayer Security Zone Bypass
* Rebrand P2P Share Spy Information Disclosure Vulnerability
* Rediff Bol Window's Address Book Disclosure
* Reflection for Secure IT Multiple Vulnerabilities
* RhinoSoft Serv-U FTP Server Remote Denial of Service
* RockLiffe MailSite Express WebMail Multiple Vulnerabilities
* RSA ACE/ Agent for Web Cross Site Scripting
* RSA Authentication Agent for Web Buffer Overflow Vulnerability
* RSA Authentication Agent for Web Buffer Overflow Vulnerability (Updated)
* RSA Authentication Agent for Web for IIS Cross-Site Scripting Vulnerability
* RSA Authentication Agent for Web for IIS Cross-Site Scripting Vulnerability (Updated)
* Runtime GetDataBack for NTFS Local Information Disclosure Vulnerability
* rwAuction Pro Cross-Site Scripting
* SafeNet Sentinel License Manager Remote Buffer Overflow
* SafeNet Sentinel License Manager Remote Buffer Overflow (Updated)
* SafeNet SoftRemote VPN Client Key Disclosure
* Savant Web Server Remote Buffer Overflow
* Savant Web Server User Information Disclosure
* SecureOL VE2 Security Restriction Bypass
* SecureW2 Information Disclosure
* SecureW2 Information Disclosure (Updated)
* ServersCheck Directory Traversal
* Serv-U FTP Server Denial of Service
* Sights 'n Sounds Streaming Media Server Denial of Service
* Sigma ISP Manager SQL Injection Vulnerabilities
* SiteBeater MP3 Catalog Cross-Site Scripting
* SiteBeater News System Cross-Site Scripting
* Skype for Windows Security Bypass
* Slim Browser Javascript Spoofing
* SlimFTPd Arbitrary Code Execution
* SlimFTPd Denial of Service
* Small HTTP Server Arbitrary File Writing
* SmarterMail Cross-Site Scripting
* SnugServer FTP Service Directory Traversal
* soft3304 04WebServer Directory Traversal
* software602 602LAN SUITE HTML Log File Processing Flaw Lets Remote Users Hide Log Entries
* Software602 602LAN SUITE Input Validation
* Software602 602LAN SUITE Input Validation (Updated)
* Software602 602LAN SUITE Local File Detection and Denial of Service
* Software602 602LAN SUITE Local File Detection and Denial of Service (Updated)
* Softwin BitDefender Insecure Program Execution Vulnerability
* Solupress News Cross-Site Scripting
* Sony SunnComm MediaMax Insecure Directory Permissions (Updated)
* Sophos Anti-Virus Denial of Service
* SpeedProject Arbitrary Code Execution
* SSH Secure Shell and Tectia Server Key Disclosure
* SSH Secure Shell and Tectia Server Key Disclosure (Updated)
* StoneGate Firewall and VPN Engine Denial of Service
* Storage Exec/ StorageCentral Arbitrary Code Execution
* Storage Exec/ StorageCentral Arbitrary Code Execution
* StorePortal Multiple SQL Injection High
* Stormy Studios KNet Remote Buffer Overflow
* StumbleInside GoText Discloses Users Configuration Data
* Sukru Alatas's Guestbook Database Disclosure
* Sun Java System Web Server Denial of Service Vulnerability
* Sybari Antigen for Exchange Security Bypass
* Sybase Adaptive Server Enterprise Unspecified Vulnerability
* Symantec Anti Virus Arbitrary Code Execution
* Symantec Anti Virus Arbitrary Code Execution (Updated)
* Symantec Anti Virus Password Disclosure
* Symantec AntiVirus Corporate Edition and Client Security Privilege Elevation
* Symantec AntiVirus Products RAR Archive Virus Detection Bypass
* Symantec AntiVirus SMB Scan Detection Bypass
* Symantec 'CcErrDsp.ErrorDisplay.1' ActiveX Buffer Overflow
* Symantec Discovery Unauthorized Access
* Symantec Multiple Products AutoProtect Errors Denial of Service Vulnerability
* Symantec Multiple Products AutoProtect Errors Denial of Service Vulnerability (Updated)
* Symantec Norton GoBack Lets Local Users Bypass Authentication
* Symantec pcAnywhere Privilege Escalation Vulnerability
* TAC Vista Directory Traversal
* TCP Chat Denial of Service
* TCP-IP Datalook Denial of Service
* Team JohnLong RaidenFTPD Information Disclosure Vulnerability
* Techland Xpand Rally Remote Denial of Service
* Techland XPand Rally Remote Format String
* Techno Dreams Multiple Product SQL Injection
* ThePoolClub iPool Information Disclosure Vulnerability
* ThePoolClub iSnooker Information Disclosure Vulnerability
* ToCA Race Driver Arbitrary Code Execution
* TrackerCam Multiple Remote Vulnerabilities
* TrackerCam Multiple Remote Vulnerabilities (Updated)
* Trend Micro OfficeScan Information Disclosure
* Trend Micro PC-cillin Privilege Elevation
* Trend Micro ServerProtect Multiple Vulnerabilities
* Typsoft FTP Server Denial of Service
* Uapplication Products Password Disclosure
* Uapplication Ublog Cross-Site Scripting Vulnerability
* Ubisoft The Settlers: Heritage of Kings Player Logging Buffer Overflow Vulnerability
* Ublog Reload SQL Injection and Cross-Site Scripting
* UR Software W32Dasm Remote Buffer Overflow
* UStore Cross-Site Scripting or SQL Injection
* VERITAS Backup Exec Buffer Overflow (Updated)
* Veritas Backup Exec Multiple Vulnerabilities
* Veritas Backup Exec Multiple Vulnerabilities (Updated)
* VERITAS NetBackup Arbitrary Code Execution
* VERITAS NetBackup Arbitrary Code Execution (Updated)
* Veritas NetBackup Denial of Service
* Virtools Web Player Arbitrary Code Execution or Arbitrary File Control
* VLAIBB 'sig2dat' Integer Overflow & Remote Denial of Service
* VP-ASP Shopping Cart Cross-Site Scripting
* VP-ASP SQL Injection
* vxFtpSrv Arbitrary Code Execution
* vxTftpSrv Arbitrary Code Execution
* vxWeb Denial of Service
* Walla! TeleSite SQL Injection or Cross-Site Scripting
* War FTP Daemon Remote Denial of Service
* Watchfire AppScan Arbitrary Code Execution
* Web Vulnerability Scanner Denial of Service
* Web Wiz Forums Information Disclosure
* WebEOC Multiple Vulnerabilities
* WebInspect Cross Site Scripting
* Webroot Desktop Firewall Authentication Bypassing or Arbitrary Code Execution
* Webroot Software My Firewall Plus Arbitrary File Corruption Vulnerability
* WebWasher Classic HTTP CONNECT Unauthorized Access
* WebWasher Classic HTTP CONNECT Unauthorized Access (Updated)
* WhatsUp Small Business Directory Traversal and Information Disclosure
* WheresJames Webcam Publisher Remote Code Execution Vulnerability
* Wichio 27Tools-in-1 Browser Javascript Spoofing
* Winace Remote Directory Traversal
* Winamp Arbitrary Code Execution
* WinHKI Multiple Remote Vulnerabilities
* Winmail Server Multiple Vulnerabilities
* WinRAR Arbitrary Code Execution
* WMailserver Information Disclosure
* WMR Simpson BookReview Input Validation Holes Permit Cross-Site Scripting & Path Disclosure
* Woodstone Servers Alive Help Function Escalated Privilege Vulnerability
* Woppoware PostMaster Multiple Vulnerabilities
* Working Resources BadBlue MFCISAPICommand Remote Buffer Overflow
* WSW ShowOff! Digital Media Software Two Vulnerabilities
* WWWeb Concepts Events System Input Validation Vulnerability
* WWWguestbook SQL Injection
* XcClassified Cross-Site Scripting
* XcPhotoAlbum Cross-Site Scripting
* Xinkaa WEB Station Directory Traversal
* X-Ways WinHex Denial of Service Vulnerability
* Yager Denial of Service and Remote Code Execution Vulnerabilities
* Yahoo! Messenger Custom Message Buffer Overflow
* Yahoo! Messenger Download Dialogue Box File Name Spoofing
* Yahoo! Messenger Insecure Default Installation
* Yahoo! Messenger URL Handler Remote Denial Of Service Vulnerability
* Yaosoft COOL! Remote Control Denial of Service
* YusASP Web Asset Manager Unauthorized Access
* ZipGenius Arbitrary Code Execution
* ZipGenius Multiple Directory Traversal Vulnerabilities
* ZipTorrent Password Disclosure
* ZixForum SQL Injection
* Zone Labs ZoneAlarm Vet Antivirus Engine Buffer Overflow
* ZonGG Input Validation Hole in 'ad/login.asp' Permits SQL Injection
[back to top]
#
Unix/ Linux Operating Systems
* 4D WebSTAR Grants Access to Remote Users and Elevated Privileges to Local Users
* 4D WebStar Remote IMAP Denial of Service
* 4D WebStar Tomcat Plugin Remote Buffer Overflow
* 4D WebStar Tomcat Plugin Remote Buffer Overflow (Updated)
* Abuse Multiple Vulnerabilities
* Adobe Acrobat Reader mailListIsPdf() Buffer Overflow (Updated)
* Adobe Acrobat Reader mailListIsPdf() Buffer Overflow (Updated)
* Adobe Acrobat Reader UnixAppOpenFilePerform Buffer Overflow
* Adobe Acrobat Reader UnixAppOpenFilePerform Buffer Overflow (Updated)
* Adobe Reader / Acrobat Arbitrary Code Execution & Elevated Privileges
* Adobe Reader For Unix Local File Disclosure
* Adobe Version Cue for Mac OS X Elevated Privileges
* Adobe Version Cue for Mac OS X Elevated Privileges (Updated)
* ADP Elite System Max 9000 Series Shell Access
* Adrian Pascalau GIPTables Firewall Insecure Temporary File Creation
* Alexander Barton ngIRCd Remote Buffer Overflow
* Alexander Barton ngIRCd Remote Format String
* Alexander Palmo Simple PHP Blog Remote Directory Traversal
* Alexis Sukrieh Backup Manager Information Disclosure
* Alexis Sukrieh Backup Manager Information Disclosure (Updated
* Alkalay.Net Multiple Scripts Arbitrary Remote Command Execution & Directory Traversal
* AlmondSoft Almond Classifieds SQL Injection
* ALSA Stack Protection Weakness
* AltantForum Multiple Cross-Site Scripting
* Andrew Church IRC Services LISTLINKS Information Disclosure
* Andrew W. Rogers pcal Buffer Overflows (Updated)
* Apache Insecure Temporary File Creation
* Apache mod_include Buffer Overflow (Updated)
* Apache mod_include Buffer Overflow (Updated)
* Apache Mod_Proxy Remote Buffer Overflow (Updated)
* Apache mod_ssl Denial of Service (Updated)
* Apache mod_ssl Remote Denial of Service (Updated)
* Apache Mod_SSL SSL_Util_UUEncode_Binary Stack Buffer Overflow (Updated)
* Apache mod_ssl SSLCipherSuite Access Validation (Updated)
* Apache mod_ssl SSLCipherSuite Access Validation (Updated)
* Apache 'Mod_SSL SSLVerifyClient' Restriction Bypass
* Apache 'Mod_SSL SSLVerifyClient' Restriction Bypass (Updated)
* Apache 'Mod_SSL SSLVerifyClient' Restriction Bypass (Updated)
* Apache 'Mod_SSL SSLVerifyClient' Restriction Bypass (Updated)
* Apache 'Mod_SSL SSLVerifyClient' Restriction Bypass (Updated)
* Apache 'Mod_SSL SSLVerifyClient' Restriction Bypass (Updated)
* Apache 'Mod_SSL SSLVerifyClient' Restriction Bypass (Updated)
* Apache 'Mod_SSL SSLVerifyClient' Restriction Bypass (Updated)
* Apache 'Mod_SSL SSLVerifyClient' Restriction Bypass (Updated)
* Apache SpamAssassin Lets Remote Users Deny Service
* Apache SpamAssassin Lets Remote Users Deny Service (Updated)
* Apache SpamAssassin Lets Remote Users Deny Service (Updated)
* ApacheTop Insecure Temporary File Creation
* Appfluent Technology Database IDS Buffer Overflow
* Appfluent Technology Database IDS Buffer Overflow (Updated)
* Apple ColorSync ICC Header Remote Buffer Overflow
* Apple iSync mRouter Buffer Overflow
* Apple iSync mRouter Buffer Overflow
* Apple Keynote 'keynote:' Lets Remote Users Access Local Files
* Apple Mac OS X AirPort Card Automatic Network Association
* Apple Mac OS X AppleFileServer Remote Denial of Service
* Apple Mac OS X 'at' Utility Information Disclosure
* Apple Mac OS X 'at' Utility Information Disclosure (Updated)
* Apple Mac OS X Default Pseudo-Terminal Permission
* Apple Mac OS X Finder 'DS_Store' Insecure File Creation
* Apple Mac OS X Font Book Font Collection Buffer Overflow
* Apple Mac OS X Java Update
* Apple Mac OS X Kernel searchfs() Buffer Overflow
* Apple Mac OS X Multiple Arbitrary Code Execution Vulnerabilities
* Apple Mac OS X Multiple Vulnerabilities
* Apple Mac OS X Multiple Vulnerabilities
* Apple Mac OS X Multiple Vulnerabilities
* Apple Mac OS X Multiple Vulnerabilities
* Apple Mac OS X Multiple Vulnerabilities (Updated)
* Apple Mac OS X Multiple Vulnerabilities (Updated)
* Apple Mac OS X NetInfo Setup Tool Buffer Overflow
* Apple Mac OS X NetInfo Setup Tool Buffer Overflow (Updated)
* Apple Mac OS X 'parse_machfile()' Denial of Service
* Apple Mac OS X Perl Privilege Dropping
* Apple Mac OS X Security Update
* Apple Mac OS X Security Update
* Apple Mac OS X Security Update
* Apple Mac OS X Vulnerabilities
* Apple MacOS X Vulnerabilities
* Apple Mail EMail Message ID Header Information Disclosure
* Apple QuickTime Quartz Composer File Information Disclosure
* Apple QuickTime Quartz Composer File Information Disclosure (Updated)
* Apple Safari Data URI Memory Corruption
* Apple Safari Dialog Box Origin Spoofing
* Apple Safari IDN Implementation URL Spoof
* Apple Safari IDN Implementation URL Spoof (Updated)
* Apple Safari Input Validation
* Apple Safari Input Validation (Updated)
* Apple Safari Open Windows Injection (Updated)
* Apple Safari Web Browser HTTPS Denial of Service
* Apple Safari Web Browser JavaScript Remote Denial of Service
* APSIS Pound Remote Buffer Overflow
* APSIS Pound Remote Buffer Overflow (Updated)
* Arc Insecure Temporary File Creation
* Arc Insecure Temporary File Creation (Updated)
* ARJ Software UNARJ Remote Buffer Overflow (Updated)
* ARJ Software UNARJ Remote Buffer Overflow (Updated)
* ARJ Software UNARJ Remote Buffer Overflow (Updated)
* ARJ Software UNARJ Remote Buffer Overflow (Updated)
* Astaro Security Linux HTTP CONNECT Unauthorized Access
* Astaro Security Linux HTTP CONNECT Unauthorized Access (Updated)
* Astaro Security Linux ISAKMP IKE Traffic Denial of Service
* Astaro Security Linux PPTP Server Unspecified Remote Denial of Service
* Asterisk Voicemail Unauthorized Access
* Atlant Pro Cross-Site Scripting
* Avaya Labs Libsafe Multi-threaded Process Race Condition Security Bypass
* Backup Manager File Permissions
* BackupNinja Insecure Temporary File Creation
* Bacula Insecure Temporary File Creation
* Bacula Insecure Temporary File Creation (Updated)
* BeMoore Software News2Net SQL Injection
* Benchmark Designs WHM AutoPilot 'server_inc' Include File Flaw
* Berlios GPSD Remote Format String
* Bidwatcher Remote Format String
* Bidwatcher Remote Format String (Updated)
* Binary Board System Multiple Cross-Site Scripting
* Black List Daemon select() Remote Buffer Overflow
* Black List Daemon select() Remote Buffer Overflow (Updated)
* Blog Torrent Password Disclosure
* Blue Coat Reporter Multiple Vulnerabilities
* BlueZ Arbitrary Command Execution
* BlueZ Arbitrary Command Execution (Updated)
* BlueZ Arbitrary Command Execution (Updated)
* BlueZ Arbitrary Command Execution (Updated)
* BMC Control M Agent Insecure File Permission
* BMV Buffer Overflow
* Brooky CubeCart Multiple Vulnerabilities
* BrT CopperExport 'XP_Publish.PHP' SQL Injection
* Bugzilla Private Summary Disclosure or Flag Modification
* BZip2 File Permission Modification
* BZip2 File Permission Modification (Updated)
* BZip2 File Permission Modification (Updated)
* BZip2 File Permission Modification (Updated)
* BZip2 File Permission Modification (Updated)
* BZip2 File Permission Modification (Updated)
* BZip2 File Permission Modification (Updated)
* BZip2 File Permission Modification (Updated)
* BZip2 File Permission Modification (Updated)
* BZip2 File Permission Modification (Updated)
* bzip2 Remote Denial of Service
* bzip2 Remote Denial of Service (Updated)
* Bzip2 Remote Denial of Service (Updated)
* Bzip2 Remote Denial of Service (Updated)
* Bzip2 Remote Denial of Service (Updated)
* Bzip2 Remote Denial of Service (Updated)
* Bzip2 Remote Denial of Service (Updated)
* Bzip2 Remote Denial of Service (Updated)
* Bzip2 Remote Denial of Service (Updated)
* CA BrightStor ARCserve Backup UniversalAgent Backdoor Account
* Cadsoft.de VDR Daemon Remote File Overwrite
* Caolan McNamara & Dom Lachowicz wvWare Library Buffer Overflow (Updated)
* Carnegie Mellon Cyrus IMAP Server Off-by-one Overflow (Updated)
* Carnegie Mellon University Cyrus IMAP Server Multiple Remote Buffer Overflows
* Carnegie Mellon University Cyrus IMAP Server Multiple Remote Buffer Overflows (Updated)
* Carnegie Mellon University Cyrus IMAP Server Multiple Remote Buffer Overflows (Updated)
* Carnegie Mellon University Cyrus IMAP Server Multiple Remote Buffer Overflows (Updated)
* Carnegie Mellon University Cyrus IMAP Server Multiple Remote Buffer Overflows (Updated)
* Carnegie Mellon University Cyrus IMAP Server Multiple Remote Buffer Overflows (Updated)
* Carnegie Mellon University Cyrus IMAP Server Multiple Remote Buffer Overflows (Updated)
* Carnegie Mellon University Cyrus SASL Buffer Overflow & Input Validation (Updated)
* Carnegie Mellon University Cyrus SASL Buffer Overflow & Input Validation (Updated)
* Carnegie Mellon University Cyrus SASL Buffer Overflow & Input Validation (Updated)
* Carsten Haitzler imlib Image Decoding Integer Overflow (Updated)
* Carsten Haitzler imlib Image Decoding Integer Overflow (Updated)
* Carsten Haitzler imlib Image Decoding Integer Overflow (Updated)
* CartKeeper CKGold Cross-Site Scripting
* CDRTools Unspecified Privilege Escalation (Updated)
* Centericq Empty Packet Remote Denial of Service
* Centericq Empty Packet Remote Denial of Service (Updated)
* CenterICQ Insecure Temporary File
* CenterICQ Insecure Temporary File (Updated)
* CenterICQ Insecure Temporary File (Updated)
* Cheetah Elevated Privileges
* Cheetah Elevated Privileges (Updated)
* Christoph Dalitz abctab2ps Buffer Overflows (Updated)
* Citadel/UX select() System Call Remote Buffer Overflow
* Clam Anti-Virus ClamAV Mac OS X Command Execution
* Clam Anti-Virus ClamAV OLE2 File Handling Denial of Service
* Clam Anti-Virus ClamAV Remote Denials of Service
* Clam Anti-Virus ClamAV Remote Denials of Service (Updated)
* Clam AntiVirus Denial of Service
* Clam AntiVirus Multiple Vulnerabilities (Updated)
* Clam AntiVirus Multiple Vulnerabilities (Updated)
* Clam AntiVirus Remote Denial of Service& Arbitrary Code Execution
* ClamAV UPX Buffer Overflow & FSG Handling Denial of Service
* ClamAV UPX Buffer Overflow & FSG Handling Denial of Service (Updated)
* ClamAV UPX Buffer Overflow & FSG Handling Denial of Service (Updated)
* ClamAV UPX Buffer Overflow & FSG Handling Denial of Service (Updated)
* Cmd5checkpw Poppasswd Disclosure
* Cocktail Admin Password Disclosure
* Common-lisp-controller Elevated Privileges
* Common-lisp-controller Elevated Privileges (Updated)
* Conectiva netpbm Privilege Escalation
* Courier Mail Server Remote Denial of Service
* Courier Mail Server Remote Denial of Service (Updated)
* cPanel Cross-Site Scripting
* cPanel 'User' Parameter Cross-Site Scripting
* Crip Helper Script Insecure Temporary File Creation
* Crip Helper Script Insecure Temporary File Creation (Updated)
* cURL / libcURL URL Parser Buffer Overflow
* cURL / libcURL URL Parser Buffer Overflow (Updated)
* cURL / libcURL URL Parser Buffer Overflow (Updated)
* CVS 'Cvsbug.In' Script Insecure Temporary File Creation (Updated)
* CVS 'Cvsbug.In' Script Insecure Temporary File Creation (Updated)
* CVS 'Cvsbug.In' Script Insecure Temporary File Creation (Updated)
* Cyphor Cross-Site Scripting & SQL Injection
* Cyphor SQL Injection
* Cyrus SASL Buffer Overflow & Input Validation (Updated)
* Cyrus SASL Buffer Overflow & Input Validation (Updated)
* Cyrus SASL Buffer Overflow & Input Validation (Updated)
* D. J. Bernstein QMail Remote Denials of Service
* Dada Mail Archives HTML Injection
* Darryl Burgdorf Webhints Remote Command Execution
* Darwin Kernel Denial of Service
* David Gay F2C Multiple Insecure Temporary File Creation
* David Gay F2C Multiple Insecure Temporary File Creation (Updated)
* David Mischler Linux IPRoute2 'Netbug' Script Insecure Temporary File
* DCP-Portal Cross-Site Scripting & SQL Injection
* DCP-Portal Input Validation
* Debian Apt-Cacher Remote Arbitrary Code Execution
* Debian CVS-Repouid Remote Authentication Bypass & Denial of Service
* Debian CVS-Repouid Remote Authentication Bypass & Denial of Service (Updated)
* Debian File Permission
* Debian Horde Default Administrator Password
* Debian Lintian Insecure Temporary File
* Debian Linux Firewall Loading Failure
* Debian Module-Assistant Insecure Temporary File Creation
* Debian Pam Radius Auth File Information Disclosure
* Debian Reportbug Multiple Information Disclosure
* Debian Toolchain-Source Multiple Insecure Temporary File Creation
* Denial of Service & IRC Protocol Plug-in Arbitrary Code Execution
* dhcpcd Denial of Service (Updated)
* Dick Copits PDEstore Cross-Site Scripting
* Dillo 'a_Interface_msg()' Format String
* DNA MKBold-MKItalic Remote Format String
* Dnsmasq Multiple Remote Vulnerabilities
* Dnsmasq Multiple Remote Vulnerabilities (Updated)
* Dnsmasq Multiple Remote Vulnerabilities (Updated)
* Domain Name Relay Daemon Arbitrary Code Execution
* Dropbear SSH Server Buffer Overflow
* DRZES HMS Cross-Site Scripting & SQL Injection
* Easy Search System Cross-Site Scripting
* Easy Software Products CUPS Access Control List Bypass
* Easy Software Products CUPS Access Control List Bypass (Updated)
* Easy Software Products CUPS HTTP GET Denial of Service
* Easy Software Products CUPS HTTP GET Denial of Service (Updated)
* Easy Software Products CUPS HTTP GET Denial of Service (Updated)
* Edgewall Software Trac Arbitrary File Upload/Download
* Edgewall Software Trac Search Module SQL Injection
* Edgewall Trac SQL Injection
* EKG 'LIbGadu' Multiple Vulnerabilities (Updated)
* Elm 'Expires' Header Remote Buffer Overflow
* Elm 'Expires' Header Remote Buffer Overflow (Updated)
* Elm 'Expires' Header Remote Buffer Overflow (Updated)
* Elmo Arbitrary File Overwrite
* Eric Raymond Fetchmail 'fetchmailconf' Information Disclosure
* Eric Raymond Fetchmail 'fetchmailconf' Information Disclosure (Updated)
* Eric Raymond Fetchmail 'fetchmailconf' Information Disclosure (Updated)
* Eric Raymond Fetchmail 'fetchmailconf' Information Disclosure (Updated)
* Eric Raymond Fetchmail POP3 Client Buffer Overflow (Updated)
* Eric Raymond Fetchmail POP3 Client Buffer Overflow (Updated)
* Eric Raymond Fetchmail POP3 Client Buffer Overflow (Updated)
* Eric Raymond Fetchmail POP3 Client Buffer Overflow (Updated)
* eric3 Unspecified Vulnerability
* eric3 Unspecified Vulnerability (Updated)
* eric3 Unspecified Vulnerability (Updated)
* Eskuel Unauthorized Administrator Access
* ESMI PayPal Storefront SQL Injection & Cross-Site Scripting
* ESRI ArcInfo Workstation s Buffer Overflows and Format String
* Ethereal Multiple Dissector Vulnerabilities
* Ethereal Multiple Dissector Vulnerabilities (Updated)
* Ethereal Multiple Dissector Vulnerabilities (Updated)
* Ethereal Multiple Remote Protocol Dissector Vulnerabilities
* Ethereal Multiple Remote Protocol Dissector Vulnerabilities (Updated)
* Ethereal Multiple Remote Protocol Dissector Vulnerabilities (Updated)
* Ethereal Multiple Remote P
December 31, 2005 at 11:47 AM in Security | Permalink | TrackBack (509) | Top of page | Blog Home
It won't look the same. But with reimagining, the local daily ain't dead yet
The boss walks into your office and shuts the door. Sits down. Looks you solemnly in the eye. "We're buying a bunch of newspapers from Knight Ridder (KRI )," he says. Tilts back in his chair. "We know there's something to be done with them, but we don't know what. Your new job is to figure that out. Which functions can go, which stay, what must be expanded, where the new revenue is. We -- well, you -- will remake the local newspaper for this century." He holds your gaze, nods twice, and exits.
At which point, judging from the reactions of those to whom this scenario was suggested, you put your head down and weep. Even among other still-profitable-yet-challenged media, newspapers have an especially bad case of cooties. "The components of what we historically know as the newspaper have become unbundled," says Warburg Pincus managing director Mark Colodny. Google (GOOG ) and Yahoo! (YHOO ) can offer sharply targeted local ads, craigslist has free classifieds, news is free everywhere, and next-generation news aggregators such as topix.net and inform.com are creeping in.
What's to be done? One recent blogger notion involves seeking federal assistance, but PBS can tell you how well that works. Absent extracting newspapers from investors' profit demands, your to-do list likely includes the following:
STEAL FROM GOOGLE. Make your ads hyper-accountable. Identify the top advertisers in your local market and figure out what it would take to grab 100% of their ad budgets. Give them unlimited pages, on paper and online, until they reach their goals. You're the biggest guy in town. Your per-page cost of newsprint is cheap -- and your per-impression cost online is even cheaper. Leverage that to cut off your rivals' oxygen.
BIFURCATE. Take what the The Washington Post (WPO ) and Chicago Tribune (TRB ) are doing a step further: Offer a free news-digest daily aimed at your least committed readers. Then price up a more elite daily newspaper, so the old $1 ceiling becomes the new floor for single-copy prices. Goodbye, daily paper. Hello daily papers -- one mass (free) and one premium. And given the elite daily's audience, charge more for its ads.
REDEPLOY MERCILESSLY. Save pages and dollars: Put all stock and TV listings online. Rethink everything and ask hard questions: Do you need a Washington bureau if you're not The Washington Post or The New York Times (NYT )? How much international news do your readers want -- can you pick it up from other sources, or run it online? Do you need a Saturday edition? Send a blogger, not a phalanx of reporters, to the news-free Republican and Democratic conventions. Which critics and columnists are crucial, and which won't be missed? Can you outsource the phone sales of your classifieds?
INCREASE LOCAL COVERAGE. An old saw, but local is newspapers' last unique attribute. It also provides the lens through which you view the larger world. What foreign reportage matters most to your readers? Find out which countries receive the most money from local residents.
REDESIGN YOUR PREMIUM PRODUCT. Production values for other media are higher than they've ever been. Do your pages have to look so newspaperish? A classier environment attracts richer advertisers.
USE YOUR READERS. Building communities and businesses around community-created content was not invented by MySpace.com. One bright spot for the Reader's Digest Assn. (RDA ) is Reiman Publications, which runs a host of homey, ad-free titles that lean heavily on reader-written contributions. Is there a sufficient subcultural pulse in your city to pull off a mini-myspace? Are locals writing hobbyist blogs that you can build about.coms around? There have always been more talented content creators than full-time jobs for them; the platform of the Net makes them visible. Do you want them inside your tent as partners or outside it as competitors?
To discuss the daily paper of tomorrow, go to Fine's blog at www.businessweek.com/innovate/FineOnMedia
December 31, 2005 at 10:35 AM in Journalism | Permalink | TrackBack (52) | Top of page | Blog Home
Web services thrive, but outages outrage users - Yahoo! News
By Adam Pasick Fri Dec 30, 1:20 PM ET
LONDON (Reuters) - Web sites that share blogs, bookmarks and photos exploded in popularity in 2005, but in recent weeks a number of major outages left users stranded and frustrated.
The new breed of Web site includes blogging services such as TypePad, the photo site Flickr, the shared bookmark site del.icio.us and many others. They are sometimes known collectively as "Web 2.0": hosted online, relying heavily on users' submissions, and frequently updated and tweaked by their owners.
Their growth in the last year has been huge. Flickr and del.icio.us were high-profile acquisitions for Internet giant Yahoo, and there are now at least 20 million blogs in existence, according to some estimates, with tens of thousands being added every day.
But the surge in Web-based applications hasn't come without some serious hiccups as several notable services have crashed.
Six Apart, whose TypePad service is used by many high-profile bloggers, experienced nearly an entire day of downtime on December 16, when it suffered a hardware failure. Del.icio.us had a major power failure on December 14. Services including Bloglines, Feedster and WordPress have also experienced problems.
Nothing underlines the importance of these "social media" services as much as the outcry of users when the sites crash. While the services were usually back up and running within a few days at most, the outages prompted much consternation from users who were temporarily unable to share their blogs and bookmarks with the world.
Russell Buckley and Carlo Longino wrote on their blog MobHappy (http://mobhappy.typepad.com/) that waiting for TypePad to be fixed was like "waiting for a train to arrive, when you're sitting on a cold, damp platform. It's mildly irritating for the first 5 minutes, but then annoyance levels start to rise exponentially."
"TypePad has been growing so rapidly that it is finding the hard way that scale and scalability matter," Business 2.0 technology writer Om Malik wrote on his blog (http://gigaom.com/). "Are they the only ones? Not really -- over (the) past few days Bloglines, Feedster and Wordpress.com have been behaving like a temperamental 3-year-old."
The usefulness of Web 2.0 services -- which also include the collaborative Web pages known as Wikis and RSS feeds that deliver customized information to users -- is highlighted when they are abruptly taken away.
"You need those services to be 'on.' I have come to expect 99.9 percent uptime, and when a service crashes there is significant frustration," said David Boxer, director of instructional technology and research at the Windward School in Los Angeles, where he runs workshops on subjects like podcasting and photoblogging.
"When those services go down, then we are stuck in a ditch," he said.
Boxer's students have worked on projects aimed at making them "citizen journalists" via publishing their own blogs, podcasts, documentaries and photo essays. But when those services suffer outages, everything grinds to a halt.
When the Blogger Web site went down, Boxer's students lost some of their work. And when del.icio.us crashed recently, "it left me personally in a lurch," he said.
"I knew that eventually a machine or software application will crash, but I always expect a third-party provider like del.icio.us will build enough redundancy into the infrastructure that it will never go down," Boxer said.
It is still early days for Web 2.0, and some of the recent difficulties are likely just teething problems as companies adapt to their new popularity. However, the outages may make it harder to convince businesses and investors that blogging is ready for primetime.
Boxer, for one, is willing to ride out a few outages to take advantage of the new services.
"They allow for elements of personalization, content delivery and information pushing unlike any previous incarnation of the Net," he said.
WEB 2.0 LINKS
TypePad (http://www.typepad.com/): A paid-for service for publishing blogs and photo albums. Competitors include Wordpress (http://wordpress.org/) and Google's Blogger.com (http://www.blogger.com).
Flickr (http://www.flickr.com/): An online service for sharing and managing photos.
Del.icio.us (http://del.icio.us): A site for storing and sharing bookmarked Web pages.
Computer book publisher Tim O'Reilly's essay on Web 2.0 (http://www.oreillynet.com/pub/a/oreilly/tim/news/2005/09/30/wha t-is-web-20.html)
December 31, 2005 at 10:31 AM in Web 2.0 | Permalink | TrackBack (36) | Top of page | Blog Home
Wired 14.01: How Click Fraud Could Swallow the Internet
Pay-per-click advertising is big, big, big business. So are bogus hits on Internet ads. It's search giants against scam artists in an arms race that could crash the entire online economy.
Stuart Cauff launched a charter-jet service in Miami Beach back in 2002. Being a 21st-century business, JetNetwork advertised on the Internet, especially on search engines. Anyone who Googled, say, "air charter Miami" would be greeted with the familiar list of search results and, in a separate place, a plain box of text with a blue hyperlink to JetNetwork's Web site.
Search ads were perfect for Cauff's business. His potential customers - a diverse group of celebrities, photojournalists, medical evacuees, and people who just needed to get away from or to Miami in a hurry - were scattered across the country. To reach this audience with traditional advertising, he would have had to buy time on scores of television and radio stations and space in just as many newspapers and magazines, something that only wealthy, established companies could afford. Even if Cauff could pay for the ads, the vast majority of people exposed to them wouldn't care about charter jets, so most of his money would be wasted. But with search-based ads, JetNetwork's name would appear, at least in theory, only before people who were actually interested in Miami charter flights.
Still, the ads were expensive. This kind of advertising is known as pay-per-click, because advertisers shell out money to a search engine every time a surfer clicks on their links. The price and placement depend mainly on how much the advertiser wants to bid for the search term - also known as the keyword in ad jargon. As other charter-air companies began PPC advertising, the cost of a click on a top-ranked ad rose to about $10 - in some cases as high as $30 - and there could be hundreds of clicks a month.
Which is why Cauff was infuriated when he discovered that up to "40 percent, maybe more" of the clicks on his keyword ads apparently came not from potential customers around the nation but from a single Internet address, one that belonged to a rival based in New York City. "If we get clicked fraudulently, it uses up our ad budget," he says. Advertisers usually set limits on how much they will spend, and search engines drop ads once they hit that limit. As a result, fraudulent clicking "literally pushes us off the page," Cauff explains. "And then our competition buys in at a lower price when we're not there."
Cauff was a victim of "click fraud," the illicit manipulation of keyword-based advertising. In this case, the scam appeared straightforward - one company clicked on a rival's search engine ads to drive up its costs. More complex is a second type of bogus ad click that exploits a second form of PPC advertising: ads fed to Web sites - anything from personal blogs to the sites of major corporations - by search providers like Google, Yahoo!, LookSmart, and, soon, MSN. The search engine indexes the content of the Web site and matches it with a group of relevant ads. (The most familiar form is Google's AdSense program - the sets of links labeled ads by goooooogle that show up on pages across the Internet. The advertisements that appear on Google itself are part of a separate but related program called AdWords.) Thus, bloggers who write about their air-travel experiences and choose to host such ads may find links on their pages for JetNetworks and its brethren. If a blog visitor clicks on the ad, the search engine splits its fee with the blogger. Although these "affiliate" ads have been hugely successful for advertisers, search engines, and the host Web sites, the system creates an incentive for affiliates to cheat. "All you have to do to make some money is find a way to click the ad sent by Google or Yahoo! to your own Web page," says search marketing consultant Joseph Holcomb. "Click! - there's 10 bucks. Click! - there's 10 bucks. It goes on all the time."
Pay-per-click is the fastest-growing segment of all advertising, reports the Interactive Advertising Bureau. Last year, Yahoo! alone ran more than 250 million individual listings, according to Michael Egan, the company's search-marketing director of content strategy. Yahoo! doesn't break out PPC earnings separately in its financial statements, but Goldman Sachs analyst Anthony Noto believes that keyword advertising accounted for about half of the company's estimated $3.7 billion in revenue for 2005. PPC is even more lucrative for Google. According to Noto, Google will end 2005 with $6.1 billion in revenue. About 99 percent of that revenue comes from keyword ads (over 56 percent from AdWords, according to the company's most recent quarterly financial statement, and 43 percent from AdSense), making Google a bigger recipient of ad dollars than any television network or newspaper chain. All of which is to say that little blue text links, a type of advertising that barely existed five years ago, are poised to become the single most important form of marketing in the US - unless click fraud ruins it.
If that occurs, the consequences will be felt throughout the Net. By splitting revenue with the sites that host the ads, search engines have become, in effect, the Internet's venture capitalists, funding the content that attracts people to the computer screen. Unlike the VCs who backed the boom-era Internet, search engines now provide revenue to thousands of wildly diverse sites at little up-front cost to them - PPC advertising is one of the few income sources available to bloggers, for instance. If rampant click fraud overwhelms the system, it will muffle the Internet's fabulous cacophony of voices.
The amount of click fraud is difficult to quantify; estimates of the proportion of fake clicks run from as low as 1 in 10 to as high as 1 in 2. In a widely cited recent study, MarketingExperiments.com, an online marketing research outfit, reported that "as much as 29.5 percent" of the clicks in three experimental PPC campaigns on Google were fraudulent. Whatever the exact figure, click fraud has become pervasive, and Google, Yahoo!, and the other major PPC firms have found themselves caught in a game of cat and mouse with its perpetrators. Even as the search engines shore up their defenses, click scammers are becoming more sophisticated, increasingly deploying complex software to disguise the origins of clicks. For now, the search companies and many of their clients maintain that the problem on their networks is under control. But some observers, like Holcomb, believe that click fraud is "a billion-dollar mess" that "has the potential of destroying the entire industry."
Last October, Boris Elpiner noticed something odd about the Web traffic coming to his company from its PPC ads. As vice president of marketing for RingCentral, an online telecommunications firm in San Mateo, California, Elpiner is in charge of its affiliate-ad program, which hired Yahoo! to distribute RingCentral's ads onto Web sites with compatible content. Poring over his records, he discovered that a keyword term ("fax software download") that had previously generated almost no clicks was suddenly pulling them in. The total cost to RingCentral for the clicks - $2,500 over about four weeks - "was significant, but not immediately noticeable."
Puzzled by the sudden change, Elpiner investigated further. When users visit a Web site, the site server notes the URLs from which they came, the visitors' IP addresses, and other data. Cauff, the charter-jet executive, had used such information to conclude that a competitor was clicking repeatedly on his ads. In this case, Elpiner didn't see an obvious pattern. At the same time, the URLs and IP addresses associated with the suspect clicks "didn't make any sense," he says. "Some of the URLs were error 404 messages, and a lot of the addresses didn't exist."
Elpiner took the matter to Yahoo!, whose analysts "figured it all out quickly," he says. One or more Yahoo! affiliates may have generated deceptive clicks on ads served to their sites, using special software to disguise the source. The scammers, he says, "were clever enough not to take a whole lot from [the ads on] one site, but must have been trying to siphon off a little from many advertisers." Yahoo! gave Elpiner full credit. But it did not, as far as he could tell, try to identify the perpetrators. Instead, Yahoo! and other PPC companies are responding to click fraud by deploying new antifraud technologies. For example, Yahoo! analysts have created click fraud filters - algorithmic screens that sift through the sea of incoming clicks to find patterns suggesting fraud and then discard phony clicks without regard to source or motive.
Although Google and Yahoo! will not, for security reasons, discuss their methods in detail, the advertisements themselves offer some clues. When affiliates sign up for a box of, say, Google ads, they are essentially hosting within their own Web page a small, separate page with its own, very long URL. According to Joseph Tierney, an Internet marketer in central Florida who describes himself as a repentant click frauder, that URL is embedded with a string of information including the time, in milliseconds; the last time the host Web page was updated, also in milliseconds; and other data used to track customer behavior. Analysts could use this material to match the various time stamps against one another, as well as other information provided by server logs. "If someone from such-and-such IP address clicks on the same ad four times in a second," says Elias Levy, a security architect at Symantec, "you can know that at least three of those clicks don't mean anything. It's inconceivable that Google wouldn't be looking at this."
The company won't confirm it, though. "We don't discuss our techniques," says Shuman Ghosemajumder, a Google business product strategy manager. Nor will Google disclose whether invalid clicks are common or whether it has "a lot" or "just a few" researchers working on click fraud. "We have recognized invalid clicks as a serious problem from the beginning," Ghosemajumder says. "We've done a good job at being effective with these issues in the past, and we believe we will be effective in the future." In his view, PPC companies should be judged not by whether they have succeeded in stamping out click fraud but by whether their advertisers are satisfied.
By that standard, Google and company seem largely successful, at least for now. Google is "very good at detecting multiple clicks from the same computer," says Ash Nallawalla, a former search engine advertising consultant in Melbourne, Australia. "I am not likely to be charged for any of those clicks, not even the first one." (Marketers contacted by Wired say much the same about Yahoo!) Google typically knocks about a third off the Chase Law Group's bill to discount for click fraud, according to James Butler, IT director for the Los Angeles-based firm, which draws about 60 percent of its clients through Internet advertising. "If we get 500 clicks from their ads," he says, "they bill us for 320 or so."
Not every customer comes away satisfied, though. Last summer Nathan McKelvey, president of the rent-a-jet firm CharterAuction.com in Quincy, Massachusetts, discovered an old server in his office with records of every visitor to his company's Web site since 2002. Many of the visits came through Google's and Yahoo!'s PPC programs. But a substantial number of those clicks came from Denmark, a country where CharterAuction did "exactly zero" of its business. When McKelvey asked Google and Yahoo! precisely which clicks he'd been billed for, neither company would tell him. All they'd reveal was how many clicks he'd paid for - not which ones or where they originated. Feeling stonewalled, he had his lawyer send a letter demanding refunds from both. "I have the strong suspicion," he says, "that we spent more than a quarter of a million dollars over a couple years on invalid clicks." According to McKelvey, the two companies have refused to refund his money or divulge further information. Google won't comment on specific actions with clients; Yahoo! says it is investigating the charges.
PPC companies may have to become more transparent to retain customer confidence, because click fraud has mutated into new, more complex forms. Responding to the demand for fake clicks, shady firms in India created click farms, facilities in which marginally employed people click on advertisements round the clock (these seem to have diminished in number or gone underground since 2004, when the Times of India revealed their existence). Companies also have begun attacking rivals with "impression fraud" - repeatedly reloading a search engine page where the rival's ad appears, without clicking on it, in order to eliminate it. (Google and Yahoo! routinely take steps to drop nonperforming ads.) In 2004, a programmer named Michael Bradley allegedly wrote click fraud software that disguised clicks' origins. He was arrested by the Secret Service and charged with attempting to extort $100,000 from Google by threatening to release the software on the Internet; a trial is pending. The action did not eliminate this kind of software - it is now readily available on the Net.
Other enterprising scammers manipulate the affiliate system by creating phony blogs - spam blogs, or splogs - that automatically generate content by continually copying bits from other Web sites, mixing in popular keywords, then signing up the resulting mélange as a Google or Yahoo! affiliate. By using software to link themselves repeatedly to well-known real blogs, splogs trick search engines into listing them high on their results list, thus generating traffic, which in turn generates ad clicks. When unsuspecting Internet searchers visit splogs, they end up clicking the ad links in a frustrated attempt to find some coherent text. Thousands of splogs exist, snarling the blogosphere - and the search engines that index it - in spam. Splogs are too profitable to be readily discouraged. According to RSS to Blog, a Brooklyn-based firm that sells automatic-blog software, sploggers can earn tens of thousands of dollars a month in PPC income, all without any human effort.
Probably the most worrisome emerging threat is zombie networks - hordes of linked machines controlled by rogue software. Without their owners' knowledge, these boxes continuously send spam, transmit worms and viruses, participate in denial-of-service attacks, and execute a host of other antisocial tasks. These zombie networks can be enormous. In October, Dutch police charged three young men with controlling an incredible 1.5 million computers. In recent months, the owners of zombie networks have begun turning to click fraud - with "very effective" results, according to Tierney, the former click frauder. The robot machines create clicks from all around the world at apparently random intervals, making them difficult to identify.
But even if zombie click fraud becomes common, the damage can probably be contained as long as its targets are limited to individual advertisers. As Symantec's Levy points out, PPC firms can always give the victims their month's service free - reducing click fraud to a type of overhead, a cost of doing business. But the impact would be much larger, he notes, if someone decided to attack not single companies but the PPC system itself. "It would not be difficult to construct a worm that would go through the Net, clicking on every Google or Yahoo! affiliate ad that it saw," Levy says. "If enough of these were loose, you'd swamp the entire system in noise - millions or even billions of extra clicks. It would be very hard to defend against."
Is this likely to happen? "I would like to be able to say that people aren't that stupid or greedy or aggressive or mindless," says Chase Law's Butler. "But I can't say any of those things. That is definitely the threat - a threat to the entire system by somebody who is just doing it for the hell of it."
Type "click fraud" into a search box and you get links to more than 30 million Web sites and ads for the dozens of companies that have sprung up to help victims track the practice. Down the right-hand side of the page march the ad links: Click Defense, Clicklab, Clickrisk, ClickAssurance, VeriClix, Authenticlick, WhosClickingWho. Stoking advertisers' fears by claiming that the system is drowning in click fraud, these outfits nonetheless solicit clients with … keyword ads on Yahoo! and Google. Indeed, a recent Google search for "click fraud" turned up more than 30 companies. (One outfit, Click Defense, has matched its actions to its words; it sued Google in June, claiming it was getting click-frauded on its "click fraud" keyword ads.)
Most of these firms simply provide ways for advertisers to outsource the tedious task of examining internal logs for fraud. Among those trying to do more is Visitlab, in Santa Cruz, California. According to CEO Vikas Kedia, Visitlab's clients channel incoming clicks through his company, which screens them with software tailored for each customer. The software, now in beta, consists of modules that look for telltale behavior - the use of a proxy server, say, or clicks coming from geographic areas that are unlikely to have customers. By amassing data on click behavior and constantly adjusting the software, Kedia believes, it should eventually be possible to detect even a single fraudulent click. "Google could do all this," he says. "But nobody is sure whether to trust them. We're a third party."
Bill Gross, the man who invented PPC back in the late '90s when he presided over the startup incubator Idealab, has argued that, despite the cleverness of the various methods used to fight it, click fraud will continue to cast a shadow over PPC advertising. Ultimately, he believes, advertisers will switch to another model, which he calls cost-per-action (others use terms like cost-per-transaction or cost-per-acquisition). Whatever the name, though, advertisers pay only when a click results in a specified action, such as a sale or a Web site registration. Gross started a CPA search engine, Snap.com, in late 2004. When customers enter the term "airline tickets" on the site, ads for airlines appear. But those airlines don't pay Snap a penny until someone who clicks the ad actually buys a ticket. Even if scammers used zombie networks, the system would ignore them, because it charges only for clicks that lead to an action. Snap, still in beta, is not exactly roaring ahead: According to its own statistics, the firm has 2,300 CPA advertisers. That's roughly 2 percent of Google's or Yahoo!'s advertising base.
Yahoo! is not looking into cost-per-action, Egan says, because such a system requires businesses to share sensitive cost data with their advertising partners. "We start having to ask how much they've sold and what their margins are," he says. "And if we carry ads for their competitors, we know about them, too. This is not information that businesses like to share with third parties, and for good reason." For the near future, he says, "I don't believe PPC is going to be supplanted, which is one reason we take click spam" - Yahoo!'s preferred term - "so seriously."
A possible answer to the privacy worries may be something called Google Wallet. This new initiative, not yet unveiled as of early December, is believed to be a payment scheme that surfers would use, for example, when they bought something after clicking on a Google ad. In theory, at least, Google could process the payment to the advertiser without having to know anything about its costs, profit margins, or other sensitive data. Like Gross's cost-per-action, Google Wallet would be immune to click fraud - zombie machines could click away, and the system would simply ignore them.
Nobody thinks that these measures will eliminate click fraud. Keyword advertising - especially on affiliates - will continue to grow, making it an ever more inviting target to the Net's legion of bad actors. All the while, PPC will continue to be vulnerable to attacks by blackhats who want to disrupt the system as a whole, rather than defraud the individual companies that use it. In consequence, PPC providers seem doomed, at least for the near future, to an endless race against the scammers, spammers, and network jammers. "If you'd told me five years ago that I would be talking about 'fake clicks,' I would have told you that you were crazy," says John Slade, who leads Yahoo!'s click protection efforts. "Now it's all I spend my time on."
Contributing editor Charles C. Mann (www.charlesmann.org) is the author of 1491: New Revelations of the Americas
December 30, 2005 at 11:44 PM in Internet evolution | Permalink | TrackBack (59) | Top of page | Blog Home
A system to make Jove proud | Economist.com
Dec 29th 2005
From The Economist Global Agenda
Europe has launched the first of the satellites of its Galileo navigation system. Will it be a huge waste of money, a boost for the economy or a friend to Big Brother?
BY GIOVE, they’ve done it. On Wednesday December 28th, the Giove-A satellite was launched into space from Kazakhstan, kicking off the biggest-ever European space project. The Galileo In-Orbit Validation Element (the acronym is also Italian for Jove, the king of the Roman gods) is a crucial first step in the roll-out of Galileo, a satellite-based navigation system. Giove-A will test several key technologies for Galileo. If all goes well, the system will be operational in 2008.
European boosters are celebrating a technological leap forward that they say will give them economic and strategic independence from America’s Global Positioning System. GPS, a project of the American military begun in the 1970s, is provided as a free service worldwide, causing some to say that the €3.6 billion ($4.3 billion) Galileo project is unnecessary—it has even been dubbed “the common agricultural policy in space”. Projects like this tend to run over their estimated costs, and once the system is in place, Europe will feel bound to maintain it, whatever the cost.
But Galileo’s backers make several arguments in its favour. One is that GPS service is patchy, particularly in urban areas, and is accurate only to about ten metres. (The American military’s enhanced and exclusive service brings this down to three, and some 60% of air-to-ground bombs in the 2003 Iraq war were guided by GPS.) Galileo’s atomic clocks, which make the system work by triangulation of signals between satellites, are more accurate than those of the GPS system. They will give accuracy to about one metre for those with free access to the system, and down to centimetres for paying commercial users. The GPS system is being upgraded, but the new version won’t be ready until 2012.
Galileo, meanwhile, could have all kinds of nifty uses. It would allow easier and more widespread use of road-charging. Mobile-phone users could use it to find a restaurant or the nearest cash-dispensing machine. Emergency services could find people in distress more quickly and easily. People with precarious medical conditions could wear locators that make them easy to track down. Airline pilots could set their own routes (and separations from other aircraft), rather than relying on ground-based air-traffic controllers.
Advertisement <A TARGET="_blank" HREF="http://ad.doubleclick.net/click%3Bh=v5|335e|3|0|%2a|q%3B23003679%3B0-0%3B0%3B12033062%3B4307-300|250%3B13137216|13155112|1%3B%3B%7Efdr%3D22529013%3B0-0%3B0%3B7046742%3B799-350|300%3B12864783|12882679|1%3B%3B%7Esscs%3D%3fhttp://www.acura.com/index.aspx?initPath=RL&Source=Media_rl_nat_econ"><IMG SRC="http://m.2mdn.net/1031224/300x250_acu_06_RL_econ-w1_r.jpg" BORDER=0></A>
Another rationale is economic. Galileo is a joint project of the European Union and the European Space Agency, with backing also from China, Ukraine, Israel and India. In a year when “political Europe” suffered from the collapse of the proposed EU constitution after referendums in France and the Netherlands, Galileo can be rightly counted as a big step forward for pan-European economic efforts. A rainbow of European engineering and aerospace companies are involved, including EADS, France’s Thales and Alcatel, Britain’s Inmarsat, Italy’s Finmeccanica and others. Though user fees will not, by themselves, pay for the project, it is hoped that Galileo will create jobs and economic growth (including tax revenues) as industries develop new services based around the satellite system. A study by PricewaterhouseCoopers in 2001 estimated that Galileo could produce a benefit-to-cost ratio of 4.6 to one.
America, naturally, is uneasy. Galileo will be interoperable with GPS, and also with Russia’s ageing GLONASS system. But American defence chiefs fret that Galileo’s signals could interfere with GPS. More worrying, from the superpower’s point of view, is the possibility that Galileo could be used as America uses GPS—to guide missiles, perhaps those aimed at America itself. Why, the Americans wonder, is China backing it?
But the Europeans fire similar arguments back at America in supporting Galileo. Those of a Gaullist bent, including France’s president, Jacques Chirac, want strategic insurance against the possibility that America might switch GPS off or restrict or degrade its service. Mr Chirac has said that European companies could be American “vassals” without their own navigation system. For him, a grand projet like Galileo accomplishes several treasured goals: creating jobs in France, reducing its reliance on America, and bringing glory to European (including French) technology. The cost, in this calculation, is well worth it. (Despite the comparison made by Galileo’s critics, it will consume only a fraction of the funds taken by common agricultural policy, France’s favourite European project, which gobbles up tens of billions of euros each year.)
But there is another worry. Civil-liberties enthusiasts see the possibility that Galileo would allow unprecedented tracking of ordinary citizens’ movements. In an unrelated story, the Chicago Tribune reported this week that CIA agents lazily left their mobile-phone batteries in when abducting a terror suspect in Italy before “rendering” him to Egypt. This allowed the Italian police to retrace the agents’ movements during the incident. In future, systems such as Galileo and GPS could make it increasingly easy for police to track ordinary criminals (at least, those that are as sloppy as the CIA was in Milan). But as with every tool that can be used to keep tabs on people, it could be abused. Jove, after all, used his divine power not only to punish the wicked, but sometimes for his own capricious and selfish ends.
December 30, 2005 at 01:56 PM in Wireless | Permalink | TrackBack (32) | Top of page | Blog Home
Pew Internet & American Life Project Report: Women and Men Online
Women are catching up to men in most measures of online life. Men like the internet for the experiences it offers, while women like it for the human connections it promotes.
12/28/2005 | MemoReport | Deborah Fallows
A wide-ranging look at the way American women and men use the internet shows that men continue to pursue many internet activities more intensively than women, and that men are still first out of the blocks in trying the latest technologies.
At the same time, there are trends showing that women are catching up in overall use and are framing their online experience with a greater emphasis on deepening connections with people.
Some highlights from a new report show how men’s and women’s use of the internet has changed over time.
# The percentage of women using the internet still lags slightly behind the percentage of men. Women under 30 and black women outpace their male peers. However, older women trail dramatically behind older men.
# Men are slightly more intense internet users than women. Men log on more often, spend more time online, and are more likely to be broadband users.
# In most categories of internet activity, more men than women are participants, but women are catching up.
# More than men, women are enthusiastic online communicators, and they use email in a more robust way. Women are more likely than men to use email to write to friends and family about a variety of topics: sharing news and worries, planning events, forwarding jokes and funny stories. Women are more likely to feel satisfied with the role email plays in their lives, especially when it comes to nurturing their relationships. And women include a wider range of topics and activities in their personal emails. Men use email more than women to communicate with various kinds of organizations.
# More online men than women perform online transactions. Men and women are equally likely to use the internet to buy products and take part in online banking, but men are more likely to use the internet to pay bills, participate in auctions, trade stocks and bonds, and pay for digital content.
# Men are more avid consumers than women of online information. Men look for information on a wider variety of topics and issues than women do.
# Men are more likely than women to use the internet as a destination for recreation. Men are more likely to: gather material for their hobbies, read online for pleasure, take informal classes, participate in sports fantasy leagues, download music and videos, remix files, and listen to radio.
# Men are more interested than women in technology, and they are also more tech savvy.
Still, our data show that men and women are more similar than different in their online lives, starting with their common appreciation of the internet’s strongest suit: efficiency. Both men and women approach with gusto online transactions that simplify their lives by saving time on such mundane tasks as buying tickets or paying bills.
Men and women also value the internet for a second strength, as a gateway to limitless vaults of information. Men reach farther and wider for topics, from getting financial information to political news. Along the way, they work search engines more aggressively, using engines more often and with more confidence than women.
Women are more likely to see the vast array of online information as a “glut” and to penetrate deeper into areas where they have the greatest interest, including health and religion. Women tend to treat information gathering online as a more textured and interactive process – one that includes gathering and exchanging information through support groups and personal email exchanges.
December 30, 2005 at 10:34 AM in Web lifestyle | Permalink | TrackBack (13) | Top of page | Blog Home
Dec. 28 (Bloomberg) -- The move to online advertising is happening faster than analysts anticipated as companies devote more of their budgets to the Internet than traditional media.
The market for online ads will increase 32 percent to $16.6 billion next year, fueling growth at companies including Google Inc. and Yahoo! Inc., Credit Suisse First Boston analyst Heath Terry said in a research report. He had previously forecast 21 percent growth.
Sales of online ads that have animation, sound or interactive features will jump 66 percent next year to become the fastest growing area of Web ads, Credit Suisse predicts. Yahoo, the most-visited Web site, and No. 1 search-engine Google are winning business at the expense of publishers and broadcasters.
``We're seeing a shift to a more diverse set of media choices,'' said Mary Baglivo, chief executive officer of the New York office of advertising agency Saatchi & Saatchi. ``Certainly a move away from what had traditionally over the years been the vast majority television and print.''
Saatchi & Saatchi's clients include Cincinnati-based Procter & Gamble Co. and Detroit-based General Mills Inc. The agency is a unit of Paris-based Publicis Groupe SA, the world's fourth- biggest advertising company.
Almost half of the ad executives in a Credit Suisse survey intend to increase Internet spending by almost 30 percent in the next year, according to the brokerage's Dec. 9 report. The study, conducted by New York-based market researcher TNS Media Intelligence for Credit Suisse, included 90 companies and 10 ad agencies, with average accounts of $22 million.
Rising Shares
Shares of Mountain View, California-based Google have more than doubled this year and are worth five times their August 2004 initial public offering price of $85. They gained 24 cents to $424.88 at 10:28 a.m. New York time in Nasdaq Stock Market composite trading. Shares of Sunnyvale, California-based Yahoo climbed 13 cents to $40.07 and had risen 6 percent this year before today. They gained 67 percent in 2004.
Sponsored links next to search results, the main source of sales for Google, and graphical display ads, like the banners seen on Yahoo's site, will remain the two most popular types of online ads in 2006, Credit Suisse's Terry forecasts.
Still, display ads will be the slowest growing ad type next year as spending on animated, or so-called ``rich media'' ads, increases, according to Credit Suisse. Terry forecasts that group will overtake banner ads in 2008.
``Video is the most compelling and emotive creative medium available for advertisers,'' said Nate Elliott, an analyst with Jupiter Research in London. ``It does the best job of creating emotion.''
Doritos Video
Hewlett-Packard Co., the world's biggest printer maker, last week placed animated spots for its Photosmart photo printer on Yahoo's home page, and 30-second spots that roll before music videos on Yahoo Music. Other video advertisers on Yahoo included PepsiCo Inc.'s Doritos, and Detroit-based General Motors Corp. PepsiCo is based in Purchase, New York.
Ad executives in the Credit Suisse survey last month slated the biggest part of their budgets for Internet ads, compared with a No. 3 ranking behind magazines and broadcast TV in a survey conducted during the previous quarter.
Animated and video ads command a premium over static graphics. Companies paid an average of $10.81 for every 1,000 people that saw animated ads in November, compared with $2.85 for banners, according to Nielsen//NetRatings, which tracks Web use. Spending on animated ads rose 23 percent from a year earlier, while banner ad spending more than doubled.
30-Second Spot
Most Internet video ads are still just duplicates of 30- second spots made for television as companies aren't willing to invest in both formats, Elliott at Jupiter Research said.
That's changing as companies find cheaper ways to make online video spots and link them to TV campaigns, said Rosemarie Ryan, president of the New York office of J. Walter Thompson Co., an advertising agency whose clients include New York-based Merrill Lynch & Co. and Dearborn, Michigan-based Ford Motor Co.
The agency, founded 140 years ago and owned by London-based WPP Group Plc, added a digital video production studio to its New York office that can make 10 online video or animated ads for the price of one TV ad, Ryan said.
Advertisers including Johannesburg-based De Beers are now also linking their offline and online campaigns.
De Beers, the world's No. 1 diamond supplier, this year developed a campaign with a 30-second commercial on television that set the scene of a man struggling to get home to his wife for the holidays. The story continued through 13 extra video clips on the Web. The final episode then followed on television.
``It's a seismic shift for our business,'' Ryan said. ``Advertisers know they have to find new and interesting ways to get to people.''
To contact the reporter on this story:
Jonathan Thaw in San Francisco at jthaw@bloomberg.net.
Last Updated: December 28, 2005 10:31 EST
December 29, 2005 at 01:40 PM in Online Marketing | Permalink |