Home    News Archive    Translate Traducen

News march 20004

31 march 2004 New in Archive DUOS W.D. Backdoor.VB.x Iroffer 1.3b04 (1305.f) Iroffer 1.3b04 (1305.g) Tools www.computec.ch: The acronym ATK stands for Attack Tool Kit. It was first developed to provide a very small and handy tool for Windows to realize simple security checks. Read more Guides, Papers, etc. www.securityfocus.com: Dogs of War: Securing Microsoft Groupware Environments with Unix (Part One). Read more Vulnerabilities & Exploits www.securitytracker.com: SillySearch Input Validation Bug Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more www.securitytracker.com: MPlayer Buffer Overflow in Parsing HTTP Location Header Lets Remote Servers Execute Arbitrary Code. Read more www.securitytracker.com: Tcpdump Boundary Checking Error in 'print-isakmp.c' Lets Remote Users Crash Tcpdump. Read more www.securitytracker.com: Prozilla Real Estate Script Lets Remote Users Bypass the Payment Process. Read more www.securiteam.com: Ethereal IGAP Dissector Message Overflow Exploit. Read more www.securiteam.com: ISS PAM ICQ Server Response Processing Exploit. Read more www.securiteam.com: Ethereal EIGRP Dissector Buffer Overflow Exploit. Read more News: www.securityfocus.com: Human Nature vs. Security. Read more www.theregister.co.uk: The rise of the white collar hacker. Read more www.internetweek.com: Netsky.q Leads Latest Worm Wave. Read more www.internet-magazine.com: New Netsky variant to attack Kazaa. Read more www.techworld.com: Netsky variant prepares distributed attack. Read more www.eweek.com: Linux vs. Windows: Which Is More Secure? Read more

30 march 2004 New in Archive Kyrgyz Trojan 2.7 Caznova IRC Spy 2.0 Cab of Filth 1.2e (h) Vulnerabilities & Exploits www.securitytracker.com: WebCT Input Validation Flaw Permits Remote Cross-Site Scripting Attacks Using @import url(). Read more CloisterBlog Input Validation Flaw Permits Directory Traversal and Authentication Error Grants Administrative Access. Read more www.securitytracker.com: oftpd Can Be Crashed By Remote Users Sending a PORT Command. Read more www.securitytracker.com: FreeBSD IPv6 secsockopt(2) Input Validation Flaws May Disclose Memory to Local Users or Permit Local Denial of Service. Read more www.securitytracker.com: pam-pgsql Input Validation Flaws in Authentication Data Let Remote Users Inject SQL Commands. Read more www.securitytracker.com: A-CART Input Validation Hole in 'category.asp' Lets Remote Users Inject SQL Commands. Read more www.securitytracker.com: Fresh Guest Book (guest.cgi) Input Validation Bug in 'Name' Field Permits Cross-Site Scripting Attacks. Read more www.securitytracker.com: NessusWX Discloses Remote Account Passwords to Local Users. Read more www.securitytracker.com: NeWT Discloses Remote Account Passwords to Local Users, Read more www.securitytracker.com: Nessus Discloses Remote Account Passwords to Local Users. Read more www.securitytracker.com: Emil Buffer Overflows and Format String Flaws Let Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: PhotoPost PHP Pro Has Multiple Input Validation Holes That Let Remote Users Inject SQL Commands and Conduct Cross-Site Scripting Attacks. Read more www.securitytracker.com: Cisco IOS 11.2 Access Controls Can By Bypassed With Packets With Both RST and ACK Set. Read more www.nextgenss.com: Norton AntiSpam Remote Buffer Overrun. Read more www.debian.org: DSA-469-1 pam-pgsql -- missing input sanitising. Read more News: www.theregister.co.uk: NetSky-Q worm targets Kazaa and eDonkey. Read more www.nwfusion.com: Netsky variant blames users. Read more www.theinquirer.net: Pesky Netsky.q launched into cybervoid. Read more Frontline Defenders. An inside look at how one of Symantec's security operations centers protects clients from cyberattacks. Read more www.terra.net.lb: Virus creators run online commerce scam from infected computers. Read more australianit.news.com.au: New viruses used in net scams. Read more story.news.yahoo.com: Witty Worm Broke Speed Records. Read more news.com.com: NetSky variant a greater threat than thought. Read more www.theregister.co.uk: How to hack a network in nine easy steps. Read more

29 march 2004 New in Archive Cheng Beast 1.8 (d) Burbulatorheads (b) Backdoor.Dumador.e Vulnerabilities & Exploits www.securitytracker.com: psInclude Input Validation Flaw in 'template' Variable Lets Remote Users Execute Arbitrary Code. Read more www.debian.org: DSA-468-1 emil -- several vulnerabilities. Read more News: www.theregister.co.uk: Auditing the mind of a hacker. Read more www.smh.com.au: Worm exposes flaws in patch system: report. Read more www.smh.com.au: Cisco warns of publicly available exploit code. Read more reviews-zdnet.com.com: Richard Clarke: He could have secured the Net. Read more www.computerweekly.com: Thought for the day: Any time, any place, anywhere. Read more www.crime-research.org: Israeli hackers attack Islamic portal. Read more

28 march 2004 New in Archive NeoControlRed 2.0.0 Cab of Filth 1.2d (h) Backdoor.Lomdoor-DD Iroffer 1.3b04 (1305.d) Iroffer 1.3b04 (1305.e) Guides, Papers, etc. software.newsforge.com: Port scanning and Nmap 3.5. Read more News: www.itp.net: Worm variants keep on coming. Read more www.securityfocus.com: Bagle-U plays MS Hearts. Read more www.pcadvisor.co.uk: New Bagel.U: a virus of few words. Read more

27 march 2004 New in Archive Toquito Bandito 1.1 Harvester 2003 (mail) 05 Recon 1.2 Backdoor.Ident Vulnerabilities & Exploits www.securitytracker.com: nstxd Null Pointer Dereference Flaw Lets Remote Users Crash the Process. Read more www.securitytracker.com: bBlog Input Validation Flaw in Blog Name Permits Cross-Site Scripting Attacks. Read more www.securitytracker.com: phpBB Input Validation Flaw in 'privmsg.php' Lets Remote Users Inject SQL Commands. Read more www.securitytracker.com: Foxmail 'From' Address Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: XMB Forum 'forumdisplay.php' and Other Scripts Permit SQL Injection and Cross-Site Scripting Attacks. Read more www.securitytracker.com: Blogger Input Validation Holes in User Profile Fields Permit Cross-Site Scripting Attacks. Read more www.securitytracker.com: YaBB Lets Remote Users Determine if User Accounts Exist on the Forum. Read more www.securitytracker.com: Ethereal RADIUS Attribute Parsing Null Pointer Dereference Lets Remote Users Deny Service. Read more www.securitytracker.com: Dameware Mini Remote Control Sends a File Encryption Key as Clear Text. Read more www.securitytracker.com: NetSupport School Pro Weak Password Encoding Lets Local Users Decode Passwords. Read more News: www.technewsworld.com: Bagle.U Worm Spreads Despite Simplicity. Read more news.com.com: Witty worm frays patch-based security. Read more www.internetweek.com: New Worms Threaten Windows Email Users. Read more www.bizreport.com: Phatbot's Family Ties. Read more www.computerworld.com: Security product flaws attract attackers. Read more itvibe.com: Bagle-U virus plays card games. Read more itvibe.com: Man charged with Blaster virus creation. Read more www.crime-research.org: Romanian hacker is on trial. Read more www.sundaytimes.co.za: Making hotspots secure. Read more

26 march 2004 New in Archive Remote Ziper 2.0.4 Slim Horse 1.0 beta Blaxill Downloader 2.0 Psycho Derek 2.1 Guides, Papers, etc. esorics04.eurecom.fr: ESORICS 2004 9th European Symposium on Research in Computer Security. Read more Vulnerabilities & Exploits www.securitytracker.com: HP Web Jetadmin Lets Remote Authenticated Users Read and Write Files on the System. Read more www.securitytracker.com: MySQL 'mysqlbug' Temporary File Flaw Lets Local Users Overwrite Files. Read more www.securitytracker.com: eSignal Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more www.securiteam.com: Multiple Cisco Exploit Codes. Read more News: www.theregister.co.uk: Trust me I'm clean, claims virus. Read more www.caida.org: The Spread of the Witty Worm. Read more www.eweek.com: New Worms Stretching Across Web. Read more www.securityfocus.com: Dutch Internet blackmailer gets 10 years. Read more www.theregister.co.uk: Interview with the keystroke caperist. Read more www.computerworld.com: Is hacking ethical? Read more

25 march 2004 New in Archive Toxic Fireball NetPrank 1.7 Snow 3.7 Cab of Filth 1.2c Tools CryptCat is netcat with Twofish encryption for added security. Read more Vulnerabilities & Exploits www.securitytracker.com: Random Ident Server (ridentd) Lets Local Users Overwrite Certain Files. Read more www.securitytracker.com: PicoPhone Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: TrendMicro InterScan VirusWall Discloses Files to Remote Users. Read more www.securitytracker.com: a.shopKart Default Installation Discloses Database to Remote Users. Read more www.securitytracker.com: Kerio WinRoute Firewall May Crash Due to Malformed HTTP Headers. Read more www.securitytracker.com: Kerio MailServer SPAM Filter Has Buffer Overflow. Read more www.securitytracker.com: Microsoft Operating Systems Have Unspecified Flaw That Yields Kernel Level Access to Local Users. Read more www.securitytracker.com: Nextgen FTP Server Discloses Arbitrary Files to Remote Authenticated Users. Read more www.debian.org: DSA-467-1 ecartis -- several vulnerabilities. Read more News: www.informationweek.com: Hackers Keep Talking Trash. Read more www.crime-research.org: Internet as an instrument of cyber crime. Read more www.crime-research.org: Some trends of computer crime in Russia. Read more www.theregister.co.uk: Opera browser to recognise speech. Read more

24 march 2004 New in Archive NtRootkit 1.21 U-Boot IIB Build 108 Iroffer 1.2b29 (a) Iroffer 1.3b04 (1305.c) Guides, Papers, etc. SAPPHIRE WORM CODE DISASSEMBLED. Read more "Analysis of the Exploitation Processes" (.pdf). Read more Practical SEH exploitation (pdf). Read more Vulnerabilities & Exploits www.greymagic.com: Remotely Exploitable Cross-Site Scripting in Hotmail and Yahoo. Read more www.securitytracker.com: cPanel 'dodelautores.html' and 'addhandle.html' Input Validation Flaws Permit Cross-Site Scripting Attacks. Read more www.securitytracker.com: The Rage Game Service Can Be Crashed By Remote Users. Read more www.securitytracker.com: CDE dtlogin Double-Free Bug Lets Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: Yahoo! Mail 'HTML+TIME' Tag Filtering Hole Permits Remote Users to Conduct Cross-Site Scripting Attacks. Read more www.securitytracker.com: Hotmail 'HTML+TIME' Tag Filtering Hole Permits Remote Users to Conduct Cross-Site Scripting Attacks. Read more www.securitytracker.com: PHP SQL Library Lets Remote Users Bypass safe_mode Restrictions. Read more www.securitytracker.com: Ethereal Buffer Overflows in NetFlow, EIGRP, BGP, and Other Protocol Dissectors May Let Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: Linux Kernel kmod Permission Error May Let Local Users Crash the Kernel. Read more www.securitytracker.com: WS_FTP Server Backdoor Lets Local Users Execute Local Applications With SYSTEM Privileges. Read more www.securitytracker.com: SSH Tectia Server May Disclose Private Key to Remote Users. Read more www.securitytracker.com: HiGuest Message Input Validation Bug Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more www.securitytracker.com: WS_FTP Server ALLO Error Lets Remote Authenticated Users Execute Arbitrary Code With SYSTEM Privileges. Read more www.securitytracker.com: WS_FTP Server REST File Pointer Error Lets Remote Authenticated Users Consume Disk Space. Read more www.securitytracker.com: FirstClass HTTP Server Input Validation Flaw in 'Upload.shtml' Permits Cross-Site Scripting Attacks. Read more www.securiteam.com: Eudora Attachment Spoof Exploit Revisited. Read more www.securiteam.com: Norton AntiSpam Remote Buffer Overrun (SymSpamHelper). Read more www.securiteam.com: Norton Internet Security Remote Command Execution (WrapNISUM). Read more capnbry.net: Dark Age of Camelot login client vulnerability to man in the middle attack. Read more News: www.theregister.co.uk: IE flaw exposes weakness in Yahoo! filtering. Read more www.lubbockonline.com: Teenager faces prison in scam. Read more

23 march 2004 New in Archive R8myp00 IrcBot 1.0 NeoControlRed 2.0.3 RunRat 2004 Guides, Papers, etc. Forensic Analysis of a Live Linux System, Part One. Read more Vulnerabilities & Exploits www.securitytracker.com: PHP Discloses Session IDs to Local Users. Read more www.securitytracker.com: xine Unsafe Temporary File May Let Local Users Gain Elevated Privileges. Read more www.securitytracker.com: phpBB 'profile.php' Input Validation Flaw in 'avatarselect' Permits Cross-Site Scripting Attacks. Read more www.securitytracker.com: squidGuard '%00' URL Character Access Control Bug May Let Remote Users Bypass Certain Access Controls. Read more www.securitytracker.com: Apache mod_survey HTML Report Format Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more www.securitytracker.com: XWeb '../' Input Validation Flaw Discloses Files to Remote Users. Read more www.securitytracker.com: Linksys WAP55AG Discloses Private SNMP Strings to Remote Users. Read more www.securitytracker.com: InnoMedia VideoPhone Lets Remote Users Bypass Authentication. Read more www.securitytracker.com: Invision Power Board 'Personal Photo' Error Message Discloses the Installation Path to Remote Users. Read more www.securitytracker.com: ReGet Directory Traversal Bug May Cause Files to Be Downloaded to Arbitrary Locations. Read more www.securitytracker.com: Invision Gallery Multiple Input Validation Errors Let Remote Users Inject SQL Commands. Read more www.securitytracker.com: Invision Power Top Site List Input Validation Hole in 'comment' Feature Permits SQL Injection. Read more www.securitytracker.com: phpBB Input Validation Flaws in 'admin_smilies.php' and 'admin_styles.php' Let Remote Authenticated Administrators Inject SQL. Read more News: www.theregister.co.uk: Scripting flaws threaten Norton software. Read more www.theregister.co.uk: Stopping the enemy at the gate. Read more www.theregister.co.uk: AOL attacks spamvertisers. Read more www.crime-research.org: Cyberpolice website is created. Read more www.computerweekly.com: Hackers still exploiting MyDoom as users find patching increasingly unmanageable. Read more

22 march 2004 New in Archive System33r Downloader 0.7.3b Backdoor.Masteseq.a Devil 6 (a) X Spy 1.0 (version 2) Vulnerabilities & Exploits www.securitytracker.com: Apache mod_disk_cache Stores Authentication Credentials on Disk. Read more www.debian.org: DSA-466-1 linux-kernel-2.2.10-powerpc-apus -- failing function and TLB flush. Read more News: www.theregister.co.uk: Phatbot primed to steal your credit card details. Read more www.theregister.co.uk: Witty attacks your firewall and destroys your data. Read more www.stltoday.com: Viruses are becoming sneakier and more complex all the time. Read more www.smh.com.au: Worm trashes machines running ISS firewall. Read more www.businessweek.com: Computer Security 101. Read more

21 march 2004 New in Archive 20cn FTP Server 1.0 ShutAll 2.1 Pointex (e) DTr 1.4 (c) server Vulnerabilities & Exploits www.securitytracker.com: Expinion Member Management System Input Validation Holes Let Remote Users Inject SQL and Conduct Cross-Site Scripting Attacks. Read more www.securitytracker.com: Expinion News Manager Authentication Flaw Lets Remote Users Gain Administrator Access. Read more www.securitytracker.com: Samba 'smbprint' Unsafe Temporary File May Let Local Users Gain Elevated Privileges. Read more www.securityfocus.com: DameWare Mini Remote Control Server Weak Encryption Implementation Vulnerability. Read more News: news.netcraft.com: Witty Worm Targets Black Ice, Disables Machines. Read more www.lurhq.com: Witty Worm Analysis. Read more www.securityfocus.com: 'Witty' Worm Wrecks Computers. Read more www.eweek.com: Fast-Moving Worm Crashes Computers. Read more www.crime-research.org: Germany: largest hacker crack down operation ever held. Read more www.newsforge.com: Proven: Windows is more secure than Linux out of the box. Read more arstechnica.com: Anti-virus companies milking their cash cow? Read more

20 march 2004 New in Archive Nethief 5.5 Undetectable pseudoRAT 0.1 (f) ZZ 2.0 Vulnerabilities & Exploits www.nextgenss.com: Norton Internet Security Remote Command Execution. Read more www.securitytracker.com: Clam AntiVirus May Crash When Processing Certain RAR Archives. Read more www.securitytracker.com: Tarantella Enterprise Input Validation Flaws in 'ttaarchives.cgi' and 'ttacab.cgi' Permit Cross-Site Scripting Attacks. Read more www.securitytracker.com: Borland Interbase Unsafe Permissions on 'admin.ib' Let Local Users Gain Database Administrative Privileges. Read more www.securitytracker.com: Winamp Player May Crash When Opening Certain Files. Read more www.securitytracker.com: 'Terminator 3: War of the Machines' Game Buffer Overflow Lets Servers Execute Arbitrary Code on Connected Clients. Read more www.securitytracker.com: Symantec Norton AntiSpam Stack Overflow in 'sysspam.dll' Lets Remote Users Execute Arbitary Code. Read more www.securitytracker.com: Norton Internet Security 'WrapUM.dll' Lets Remote Users Run Arbitrary Executable Files. Read more www.securitytracker.com: Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service. Read more www.securitytracker.com: Apple Mac OS X Admin Service Buffer Overflow Lets Remote Users Crash the Service. Read more www.securitytracker.com: Check Point SmartDashboard Buffer Overflow May Let Remote Authenticated Users Execute Arbitrary Code. Read more News: www.securityfocus.com: Report: Phishing attacks on the rise. Read more www.internetweek.com: New Bagle Worm Infects Windows Without File Attachments. Read more zdnet.com.com: Report: Rise in virus attacks costs firms dearly. Read more www.internetnews.com: It is Time for Some 'Friendly' Worms. Read more www.crime-research.org: Russia: increase of credit card frauds. Read more

19 march 2004 New in Archive Recub 1.0 Big WebDL 1.0 Transistor 1.2 Izram Vulnerabilities & Exploits www.securitytracker.com: Hotmail Input Validation Flaw in Reply-To Subject Line Lets Remote Users Conduct Cross-Site Scripting and Other Attacks. Read more www.securitytracker.com: Chrome Game Server Can Be Crashed By Remote Users. Read more www.securitytracker.com: Apple Safari Can Be Crashed By Large Javascript Array Objects. Read more www.securitytracker.com: ISS Proventia Buffer Overflow in Processing ICQ Messages May Let Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: Error Manager Input Validation Holes Let Remote Users Conduct Cross-Site Scripting Attacks. Read more www.securitytracker.com: WFTPD Pro Administrative Control Panel Bug Lets Remote Authenticated Users Crash the GUI. Read more www.securitytracker.com: Mozilla S/MIME ASN.1 Implementation Bugs May Let Remote Users Execute Arbitrary Code. Read more News: www.theregister.co.uk: Latest Bagle worms spread on auto-pilot. Read more www.infoworld.com: New Bagle worms crawl through old MS hole. Read more news.com.au: Man in court over $5m Internet scam. Read more

18 march 2004 New in Archive ProRat 1.6 LanSpy 1.0 HatredChamber Downloader 1.0 D3S Webdownloader 1.0c Guides, Papers, etc. www.securityfocus.com: The 12kb Bomb. Read more www.blackangels.it: ROOTSHELL WITH ICMP_RCV() HOOKING. Read more www.securiteam.com: Gather Windows Shares With an cmd-script. Read more www.securityfocus.com: Detection of SQL Injection and Cross-site Scripting Attacks. Read more Vulnerabilities & Exploits www.securitytracker.com: Belchior Foundry vCard Lets Remote Users Delete Database Table Entries. Read more www.securitytracker.com: GlobalSCAPE Secure FTP Server SITE Command Buffer Overflow Lets Remote Users Crash the Service. Read more www.securitytracker.com: isakmpd Payload Handling Flaw Lets Remote Users Crash the Daemon. Read more www.securitytracker.com: OpenSSL SSL/TLS Handshade Flaws May Let Remote Users Crash OpenSSL-based Applications. Read more www.securitytracker.com: PHPX Lack of Authentication Lets Remote Users Hijack Sessions. Read more www.securitytracker.com: Courier Mail Server 'iso2022jp' and 'shiftjis' Buffer Overflows May Let Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: mySAP Host Header Buffer Overflows Let Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: SAP Internet Transaction Server WGate Fomat String Flaw Lets Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: SAP Internet Transaction Server AGate Buffer Overflows Let Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: Fizmez Web Server Can Be Crashed By Remote Users. Read more www.securitytracker.com: 4nGuestbook Module Input Validation Flaws Let Remote Authenticated Administrators Inject SQL Commands and Remote Users Conduct Cross-Site Scripting Attacks. Read more www.securitytracker.com: 4nalbum Module Input Validation Flaws Let Remote Users Execute Arbitrary Commands, Inject SQL Queries, and Conduct Cross-Site Scripting Attacks. Read more www.securiteam.com: Backdooring OpenSSH. Read more www.debian.org: DSA-465-1 openssl -- several vulnerabilities. Read more www.debian.org: DSA-464-1 gdk-pixbuf -- broken image handling. Read more News: www.detnews.com: Computer security experts warn of sophisticated new hacker program. Read more news.com.com: Malicious computer worm detected. Read more www.crime-research.org: EBay encounters more Internet frauds. Read more

17 march 2004 New in Archive InsaneDL Black Box Stealth Redirector 1.1 Backdoor.Mmcs.19 Vulnerabilities & Exploits www.securitytracker.com: Mambo Open Source Input Validation Errors in 'id' and Other Parameters Permit SQL Injection and Cross-Site Scripting Attacks. Read more www.securitytracker.com: IBM Lotus Domino 'webadmin.nsf' Flaws Let Remote Authenticated Administrators Create Arbitrary Directories. Read more www.securitytracker.com: ModSecurity Off-by-one Overflow in Processing POST Requests May Let Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: Twilight Utilities Web Server 'postfile.exe' Lets Remote Users Upload Files to Arbitrary Locations. Read more www.securitytracker.com: Opera Array Processing Error Lets Remote Users Crash the Browser. Read more www.securitytracker.com: vBulletin showthread, forumdisplay, and memberlist Input Validation Bugs Permit Cross-Site Scripting Attacks. Read more www.securitytracker.com: PHP-Nuke Input Validation Holes in Feedback, Downloads, Journal, and Other Modules Permit Cross-Site Scripting Attacks. Read more www.securitytracker.com: SPIP Input Validation Flaws Let Remote Users Execute Arbitrary Commands. Read more www.securitytracker.com: Sybari AntiGen Can Be Crashed By Remote Users Sending Certain Encrypted Files. Read more www.securitytracker.com: Mathopd prepare_reply() Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: Phorum HTTP_REFERER and Ohter Input Validation Flaw Permits Cross-Site Scripting Attacks. Read more www.securitytracker.com: Macromedia ColdFusion SOAP Request Processing Bug Lets Remote Users Deny Service. Read more www.securitytracker.com: Macromedia JRun SOAP Request Processing Bug Lets Remote Users Deny Service. Read more www.securitytracker.com: Sun Java Application Server SOAP Request Processing Bug Lets Remote Users Deny Service. Read more www.securitytracker.com: YaBB SE Input Validation Flaws in 'glow' and 'shadow' Tags Permit Cross-Site Scripting Attacks. Read more www.securitytracker.com: YaBB Input Validation Flaws in 'glow' and 'shadow' Tags Permit Cross-Site Scripting Attacks. Read more www.securitytracker.com: VocalTec VGW Telephony Gateway Basic Authorization Can Be Bypassed By Remote Users. Read more www.securitytracker.com: Computer Associates Unicenter TNG Stack Overflows Let Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: WS_FTP Pro ASCII Mode Directory Listing Buffer Overflow May Let Remote Servers Execute Arbitrary Code. Read more www.securiteam.com: Remote Buffer Overflow in MDaemon (Exploit). Read more News: www.informationweek.com: Symantec: Boom Times For Hackers. Read more www.theregister.co.uk: Why Microsoft 'Shared Source' can never be trusted. Read more www.crime-research.org: Hackers: interview with a "Ghost". Read more www.crime-research.org: The largest bank of Estonia under hacker attack. Read more www.techworld.com: New book reveals unknown hacking tools. Read more

16 march 2004 New in Archive PaSzCzuS 2.0-rc2 Amitis 1.4.3b Transistor 1.1 (b) Click'n'Show 1.0b Guides, Papers, etc. www.blackangels.it: Introduction to shellcoding for overflows exploiting. Read more www.blackangels.it: How to sniff network traffic and to inject new packets. Read more Vulnerabilities & Exploits www.securitytracker.com: phpBB 'search'php' show_results Parameter Lets Remote Users Inject SQL Commands. Read more www.immunitysec.com: Remote, unauthenticated stack overflow Computer Associates Unicenter TNG Utilities awservices.exe. (pdf) Read more News: www.crn.com: Bagle Worms Sneak Through Defenses. Read more www.theregister.co.uk: Bagle the 13th spread defies belief. Read more www.theregister.co.uk: Malicious code threats celebrate bumper 2003. Read more congreso.seguridad.unam.mx: Computer Security Mexico 2004 "10th Years celebrating Computer Security Mexico". Read more www.theregister.co.uk: Zombie PCs must die! Read more edition.cnn.com: Hotel networks face hacker threat. Read more www.theregister.co.uk: Explosive Cold War Trojan has lessons for Open Source exporters. Read more www.computerweekly.com: Thought for the day: Laptops let in the worms. Read more

15 march 2004 New in Archive Theef 2.00 Backdoor.Belang.12 Backdoor.Ptsnoop.b Backdoor.VB.is Tools OSSIM aims to unify network monitoring, security, correlation and qualification in one single tool. Using Snort, Acid, mrtg, NTOP, OpenNMS, nmap, nessus and rrdtool we want the user to have full control over every network or security aspect. Read more www.securiteam.com/: NetBus UNIX Ported Client. Read more Guides, Papers, etc. www.petefinnigan.com: Passwords transmitted in clear text on SQL*Net. Read more www.petefinnigan.com: Some issues with password protected roles. Read more Vulnerabilities & Exploits www.securitytracker.com: phpBB Input Validation Flaw in 'topicdays' Variable Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more News: www.businessweek.com: Toughing Out The Junk-Mail Virus. Read more www.crime-research.org: Russian hacker under arrest. Read more www.globetechnology.com: Net virus spread may have peaked: report. Read more www.eweek.com: Leaked Code Still Could Bear Malicious Fruit. Read more www.informationweek.com: IT Confidential: The Hacker Payoff; Youth Seduced March. Read more reviews-zdnet.com.com: Why firewalls aren't always enough. Read more www.crime-research.org: Scams and cybercrime. Read more news.com.au: 40 traders targeted over net scams. Read more

14 march 2004 New in Archive MiniMO 052 Beta TinyFWB 1.1 Atmaca Downloader 2.0 EasyServ 1.1 (b) client Guides, Papers, etc. Securing the Internal Network by Adam Richard. Read more Identity Theft - The Real Cause by Mike Lee & Brian Hitchen. Read more Vulnerabilities & Exploits www.securitytracker.com: Oracle Application Server Web Cache Has Unspecified High Risk Flaw. Read more www.securitytracker.com: IBM AIX rexecd May Let Remote Users Gain Root Access. Read more www.securitytracker.com: GroupWise WebAccess With Apache on NetWare Has Configuration Flaw That May Grant Web Access to Remote Users. Read more www.securitytracker.com: Macromedia Studio MX File Permission Setting Lets Local Users Modify a File to Gain Elevated Privileges. Read more www.securitytracker.com: Macromedia Flash MX File Permission Setting Lets Local Users Modify a File to Gain Elevated Privileges. Read more www.securitytracker.com: Macromedia Dreamweaver MX File Permission Setting Lets Local Users Modify a File to Gain Elevated Privileges. Read more www.securitytracker.com: Macromedia Fireworks MX File Permission Setting Lets Local Users Modify a File to Gain Elevated Privileges. Read more www.securitytracker.com: Macromedia Contribute File Permission Setting Lets Local Users Modify a File to Gain Elevated Privileges. Read more www.securitytracker.com: HP HTTP Server Certificates Can Be Compromised By Remote Users. Read more www.securitytracker.com: Plaxo Input Validation Flaw in Job Title Field Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more www.securitytracker.com: Open WebMail 'userstat.pl' Input Validation Hole Lets Remote Users Execute Arbitrary Commands. Read more www.securitytracker.com: Xitalk Lets Local Users Execute Arbitrary Commands With 'utmp' Group Privileges. Read more www.securitytracker.com: vHost Input Validation Flaw Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more www.securitytracker.com: CFWebstore Input Validation Bugs Let Remote Users Inject SQL Commands and Conduct Cross-Site Scripting Attacks. Read more News: www.ecommercetimes.com: The End of Passwords. Read more www.chron.com: Hacking class shows good offense best defense. Read more

13 march 2004 New in Archive Gobo's Remote Keylogger Backdoor.Winker.n Backdoor.CBlade.b Iroffer 1.3b05 (b) Vulnerabilities & Exploits www.securitytracker.com: cPanel 'dohtaccess' Input Validation Flaw Permits Cross-Site Scripting Attacks. Read more www.securitytracker.com: cPanel Password Reset and Login Features Let Remote Users Execute Arbitrary Commands With Root Privileges. Read more www.securitytracker.com: EMU Webmail 'emumail.fcgi' Input Validation Flaw Permits Cross-Site Scripting Attacks. Read more www.debian.org: DSA-462-1 xitalk -- missing privilege release. Read more News: informationweek.securitypipeline.com: Netsky Hacker Threatens New Attack. Read more

12 march 2004 New in Archive Backdoor.Flobo.b Paszczus 2.0 client Backdoor.Delf.fn Vulnerabilities & Exploits www.securitytracker.com: Pegasi Web Server Discloses Files Outside of the Web Document Directory to Remote Users. Read more www.securitytracker.com: MyProxy Input Validation Hole Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more www.debian.org: DSA-461-1 calife -- buffer overflow. Read more www.debian.org: DSA-460-1 sysstat -- insecure temporary file. Read more www.debian.org: DSA-459-1 kdelibs -- cookie path traversal. Read more News: www.smh.com.au: The anti-virus industry scam. Read more www.theregister.co.uk: More NetSky worms. So much for quitting. Read more www.techweb.com: Netsky Worm Reneged On Promise, Doesn't Retire. Read more news.zdnet.co.uk: Symbiot launches DDoS counter-strike tool. Read more news.zdnet.co.uk: Banks dismissive of 'phishing' losses. Read more www.nzherald.co.nz: Online scammers target Westpac for fourth time. Read more

11 march 2004 New in Archive Small Uploader 1.01 Harvester 2003 (mail) 04 Caznova LK Munga Bunga`s installer 1.0.3 (b) Backdoor.Sepro.f Vulnerabilities & Exploits www.securitytracker.com: Symantec Norton Internet Security Lets Remote Users Deny Service. Read more www.securitytracker.com: Symantec Norton Personal Firewall Lets Remote Users Deny Service. Read more www.securitytracker.com: Sysstat 'isag' Unsafe Temporary Files May Let Local Users Obtain Elevated Privileges. Read more www.securitytracker.com: sysstat 'post' and 'trigger' Scripts on Red Hat Let Local Users Gain Elevated Privileges. Read more www.securitytracker.com: Sun Solaris 'uucp' Has Unspecified Buffer Overflow That May Let Local Users Gain Elevated Privileges. Read more www.securitytracker.com: gdk-pixbuf Can Be Crashed By Remote Users With a Specially Crafted Bitmap File. Read more www.securitytracker.com: Unreal Game Engine Format String Flaw May Let Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: wMCam Server Lets Remote Users Deny Service With Many Connections. Read more www.securitytracker.com: Python getaddrinfo() IP Address Buffer Overflow May Let Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: Opera Cookie Path Restrictions Can Be Byassed By Remote Servers. Read more www.securitytracker.com: Apple Safari Cookie Path Restrictions Can Be Byassed By Remote Servers. Read more www.securitytracker.com: Mozilla Cookie Path Restrictions Can Be Byassed By Remote Servers. Read more www.securitytracker.com: KDE Konqueror Cookie Path Restrictions Can Be Byassed By Remote Servers. Read more www.securitytracker.com: Microsoft Internet Explorer Cookie Path Restrictions Can Be Byassed By Remote Servers. Read more www.securiteam.com: Nortel Networks Wireless LAN Access Point 2200 DoS. Read more News: www.securityfocus.com: NetSky author signs off. Read more www.nzherald.co.nz: Microsoft upgrades Outlook security warning to 'critical'. Read more news.netcraft.com: SSL's Credibility as Phishing Defense Is Tested. Read more news.bbc.co.uk: Bypassing China's net firewall. Read more www.winnetmag.com: Fending Off Viruses and Spam. Read more www.theage.com.au: Net buyers warned on eBay fraud. Read more www.nzherald.co.nz: Fraudsters use bank's website. Read more www.canada.com: Israeli, 19, hacked into Pennsylvania police system, erased records: police. Read more

10 march 2004 New in Archive rsCRT 1.0 MP Remote Logger 1.0 PaSzCzuS 1.9.1 Fenster 2.2 ibot 3.2 Guides, Papers, etc. www.securityfocus.com: Anti-Spam Solutions and Security. Read more www.securityfocus.com: Anti-Spam Solutions and Security, Part 2. Read more Vulnerabilities & Exploits www.nextgenss.com: IBM DB2 Remote Command Execution Privilege Upgrade. Read more www.securitytracker.com: Microsoft MSN Messenger May Disclose Known Files to Remote Users. Read more www.securitytracker.com: Microsoft Windows Media Services Can Be Crashed By Remote Users. Read more www.securitytracker.com: Microsoft Office XP 'mailto' URL Parsing Bug Lets Remote Users Execute Arbitrary Code in the Local Computer Domain. Read more www.securitytracker.com: Microsoft Outlook 'mailto' URL Parsing Bug Lets Remote Users Execute Arbitrary Code in the Local Computer Domain. Read more www.securitytracker.com: IBM DB2 'db2rcmd.exe' Lets Remote Authenticated Users Execute Commands With Elevated Privileges. Read more www.securitytracker.com: Chat Anywhere '%00' Input Validation Flaw Lets Remote Authenticated Users Hide Their Session. Read more www.securitytracker.com: Yahoo! Mail 'order' and 'sort' Field Input Validation Flaw Permits Cross-Site Scripting Attacks. Read more www.securitytracker.com: wu-ftpd Access Control Flaw Lets Remote Authenticated Users Bypass Group Restrictions. Read more www.securitytracker.com: ISS RealSecure Unspecified Flaw Yields SYSTEM Level Access to Remote Users. Read more www.securitytracker.com: ISS BlackICE Unspecified Flaw Yields SYSTEM Level Access to Remote Users. Read more www.securitytracker.com: Invision Power Board 'pop' Field Input Validation Flaw Permits Cross-Site Scripting Attacks. Read more www.securitytracker.com: GNU Automake 'distdir.am' Unsafe Temporary Directory Creation May Let Local Users Gain Elevated Privileges. Read more www.securitytracker.com: nfs-utils Incorrect DNS Settings May Let Remote Users Crash rpc.mountd. Read more www.securitytracker.com: PWebServer '../' Input Validation Flaw Lets Remote Users Traverse the Directory. Read more www.securitytracker.com: Apache mod_access Parsing Flaw May Fail to Enforce Allow/Deny Rules. Read more www.securitytracker.com: Apache mod_ssl Memory Leak Lets Remote Users Crash the Daemon. Read more News: Microsoft Security Bulletin MS04-010 Vulnerability in MSN Messenger Could Allow Information Disclosure (838512). Read more Microsoft Security Bulletin MS04-009 Vulnerability in Microsoft Outlook Could Allow Code Execution (828040). Read more Microsoft Security Bulletin MS04-008 Vulnerability in Windows Media Services Could Allow a Denial of Service (832359). Read more Microsoft Security Bulletin MS03-022 Vulnerability in ISAPI Extension for Windows Media Services Could Cause Code Execution (822343). Read more www.microsoft.com: Microsoft Windows Security Bulletin Summary for March, 2004. Read more www.theregister.co.uk: Microsoft's high-risk security strategy. Read more www.securityfocus.com: Googling Up Passwords Read more www.theregister.co.uk: We're just innocent techies, say accused spammers. Read more www.theadvertiser.news.com.au: Internet banking 'no longer safe'. Read more

09 march 2004 New in Archive Cab of Filth 1.2a English IRC bot plugin for Cold Fusion 1.1 Caznova Spy 0.1 beta Webster 1.0 Snow 3.6 News: www.internetweek.com: Sobering Worm Poses As Microsoft Patch.Read more www.sarawaktribune.com.my: Virus whiz-kids using cyberspace as playground for gangland wars. Read more catless.ncl.ac.uk: The price of e-mail is constant vigilance. Read more

08 march 2004 New in Archive NuclearBot 1.0 Abacap 0.9 beta MiNUS W.D. Fantasy-x 1.3 Backdoor.Charge.a Vulnerabilities & Exploits WFTPd STAT Command Remote Vulnerability Exploit. Read more News: reviews-zdnet.com.com: Virus 'gangs' to blame for recent epidemic. Read more australianit.news.com.au: Inside the email virus wars. Read more story.news.yahoo.com: Virus whiz-kids using cyberspace as playground for gangland wars. Read more software.newsforge.com: A peek at script kiddie culture. Read more www.vnunet.com: IT staff offered fast-track hacker course. Read more

07 march 2004 New in Archive Dyn-DL 1.0 Gadu Ghost 1.1 Caznova Key 1.2.1 Http Evilsocks 0.11 RAT Cracker 1.5 Tools sourceforge.net: EFC monitors the execution of a program by observing system calls made by the program.EFC is supposed to protect from many attacks which just could be lethal. EFC is a kernel module, and woks on Linux only. It can be used as real time syscall level IDS. Read more www.eicar.org: The Anti-Virus test file. Read more Vulnerabilities & Exploits www.securitytracker.com: Network Time Protocol (NTP) Server Integer Overflow May Return the Incorrect Time. Read more www.securityfocus.com: Multiple Microsoft Internet Explorer Script Execution Vulnerabilities. Read more News: itvibe.com: New wave worms pose dilemma for IT Managers. Read more www.itweek.co.uk: Hackers: who are they and how can they be stopped? Read more www.theinquirer.net: Chocolate teapot cracks zipped virus problem. Read more

06 march 2004 New in Archive Paszczus 1.9 Devil 6 (b)  DA-Web 2.2 AntiLamer Backdoor 1.4 (e) Server Backdoor.Divux.d Guides, Papers, etc. www.securityfocus.com: IIS 6.0 Security. Read more Vulnerabilities & Exploits www.securitytracker.com: SURECOM Router Configuration Interface Can Be Crashed By Remote Users. Read more www.securitytracker.com: Symantec's Norton Anti-Virus Fails to Scan Files With Certain Characters in Path Names. Read more www.securitytracker.com: VirtuaNews 'admin.php' Input Validation Holes Permit Remote Cross-Site Scripting Attacks. Read more www.securitytracker.com: SL Mail Pro SLWebMail Buffer Overflows Let Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: SL Mail Pro Buffer Overflow in Supervisor Report Center Lets Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: HP Tru64 IPSec/IKE Flaw in Processing Certificates May Let Remote Users Access the System. Read more www.securitytracker.com: wu-ftpd S/Key Challenge Buffer Overflow Lets Remote Users Execute Arbitrary Code With Root Privileges. Read more www.debian.org: DSA-456-1 linux-kernel-2.2.19-arm -- failing function and TLB flush. Read more www.debian.org: DSA-455-1 libxml -- buffer overflows. Read more www.cisco.com: Cisco CSS 11000 Series Content Services Switches Malformed UDP Packet Vulnerability. Read more News: news.zdnet.co.uk: Antivirus software decrypts Bagle attachments. Read more www.sourcewire.com: Russian antivirus service tops the tables in independent German study. Read more www.silicon.com: Antivirus vendors unzip encrypted email viruses. Read more www.itsecurity.com: Aladdin Warns of New Malicious Code Vector. Read more www.crn.com: Updates Protect Against New Bagle Worms' Encrypted Tactics. Read more www.theregister.co.uk: Virus writers in malicious code hide-and-seek. Read more www.theregister.co.uk: Spam turns ten today. Read more www.silicon.com: Antivirus industry slammed by DTI report. Read more www.sourcewire.com: Russian antivirus service tops the tables in independent German study. Read more itmanagement.earthweb.com: How Long Must You Wait for an Anti-Virus Fix? Read more

05 march 2004 New in Archive Toquito Bandito 1.0 Gadu Ghost 1.0 Caznova Key 1.2 Http Backdoor.Rwins Backdoor.Ducker Tools ircdefender.sourceforge.net: IRC Defender is a program designed for IRC networks, written in perl. It is a modular security service which amongst other things will keep virus and trojan drones from your network, allow you to set akills using regular expressions, and will prevent abuse of CGI:IRC proxies. Read more Guides, Papers, etc. www.blackhat.com: Announcing Black Hat's 2004 initial call for papers. Read more Vulnerabilities & Exploits www.securiteam.com: Adobe Acrobat Reader XML Forms Data Format Buffer Overflow. Read more www.securitytracker.com: Cisco Content Services Switch 11000 Series Can Be Reloaded By Remote Users. Read more www.securitytracker.com: GNU coreutils Integer Overflow in 'dir' Command Lets Local Users Deny Service. Read more www.debian.org: DSA-454-1 linux-kernel-2.2.22-alpha -- failing function and TLB flush. Read more www.debian.org: DSA-453-1 linux-kernel-2.2.20-i386+m68k+powerpc -- failing function and TLB flush. Read more News: www.publictechnology.net: Analysis: Digital Warfare - Combating malware & virus attack. Read more www.publictechnology.net: Analysis: Economic impact of malware virus attack. Read more www.publictechnology.net: Analysis: Q&A on malware & destructive virus security. Read more www.internetweek.com: Defending Against Worm Wave Proves Tough Task. Read more www.theregister.co.uk: Does open source software enhance security? Read more www.securityfocus.com: Calls to regulate 'failing' AV industry. Read more Cyber villains clash for world domination. Read more

04 march 2004 New in Archive My Demise 1.0 Hotmail Hacker Log Edition U-Boot IIB JerWin SockServer Backdoor.Pointex.c Vulnerabilities & Exploits www.guninski.com: Buffer overflow in qmail-qmtpd. Read more www.securitytracker.com: Spider Sales Shopping Cart Input Validation Flaws Permit SQL Injection and Remote Command Execution. Read more www.securitytracker.com: SmarterMail Input Validation Flaws Disclose Files to Remote Authenticated Users and Permit Cross-Site Scripting Attacks. Read more www.securitytracker.com: Qmail-qmtpd Buffer Overflow in RELAYCLIENT May Let Local Users Gain Elevated Privileges. Read more www.securitytracker.com: GWeb '../' Input Validation Flaw Discloses Files to Remote Users. Read more www.securitytracker.com: [Vendor Disputes Claim] Web Wiz Forums 'Forgotten Password' Flaw Fails to Change Valid Authentication Cookie. Read more www.securitytracker.com: ignitionServer Undocumented Command Lets Operators Gain Elevated Privileges. Read more www.securitytracker.com: ProFTPD _xlate_ascii_write() Off-By-One Buffer Overflows Let Remote Users Execute Arbitrary Code With Root Privileges. Read more www.securitytracker.com: SPAex Search Engine Input Validation Flaw Permits Cross-Site Scripting Attacks. Read more www.securitytracker.com: Dream FTP Server Additional Format String Flaws Lets Remote Users Crash the FTP Service. Read more www.securitytracker.com: Nortel Wireless LAN Access Point 2200 Admin Port Can Be Crashed By Remote Users. Read more www.securitytracker.com: Hot Open Tickets (HOT) Lets Remote Authenticated Users Elevated Their Security Level. Read more www.securitytracker.com: UUDeview MIME Buffer Overflow May Let Remote Users Execute Arbitrary Code. Read more News: www.theregister.co.uk War of the worms turns into war of words. Read more english.aljazeera.net: 'War of the worms' erupts. Read more english.aljazeera.net: Sobig.F worm thwarted, for now. Read more afr.com: Netsky v Bagle: It's war of the worms. Read more www.computerworld.com: 'Worm war' behind recent virus releases, experts say. Read more www.theregister.co.uk Windows source code sharers face chop. Read more www.theregister.co.uk Passwords are passport to theft. Read more

03 march 2004 New in Archive [X]-ztoo 1.0 DA-Web 2.1 Stigma Caznova 1.1 bf Zer0 Tolerance 1.0 Vulnerabilities & Exploits www.securitytracker.com: SonicWall Firewall Bypasses Some ARP Requests, Allowing Remote Users to Determine IP Devices Behind the Firewall. Read more www.securitytracker.com: SkyHigh Chat Server Can Be Crashed By Remote Users. Read more www.securitytracker.com: FreeSpace 2 Game Client Buffer Overflow Lets Remote Servers Execute Arbitrary Code. Read more www.securitytracker.com: NetScreen-SA 5000 Input Validation Flaw in 'delhomepage.cgi' Permits Cross-Site Scripting Attacks. Read more www.securitytracker.com: Novell Client Firewall Tray Icon Lets Local Users Execute Commands With SYSTEM Privileges. Read more www.securitytracker.com: Apple QuickTime Player Has an Unspecified Flaw That Permits Remote Code Execution. Read more www.securitytracker.com: Mac OS X Bug in Apple File Protocol (AFP) Over SSH May Fail to Encrypt Some Connectoins. Read more www.securitytracker.com: Magic Winmail Server Discloses Installation Path to Remote Users. Read more www.securitytracker.com: XMB Forum 'header.php' and Other Input Validation Flaws Permit Cross-Site Scripting and SQL Injection Attacks. Read more www.securitytracker.com: 1st Class Mail Server POP3 Buffer Overflow May Let Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: eXtremail Numerical Password Bug Lets Remote Users Bypass Authentication to Access Certain Accounts. Read more www.securitytracker.com: XBoard '-icshome' Buffer Overflow Lets Local Users Execute Arbitrary Code. Read more www.securitytracker.com: FreeBSD mbuf Flaw Lets Remote Users Deny Service. Read more www.securitytracker.com: YaBB SE 'ModifyMessage' Input Validation Holes Let Remote Authenticated Users Delete Information and Files on the Target System. Read more www.securitytracker.com: ArGoSoft FTP Server Has Unspecified Vulnerabilities. Read more www.securitytracker.com: Red Faction Game Server Can Execute Arbitary Code on a Connected Client. Read more www.securitytracker.com: GNU Anubis Format String Flaw May Let Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: Motorola T720 Phones Can Be Shutdown By Remote Users. Read more www.securitytracker.com: GnuPG Key Validation Flaw May Fail to Warn When Encrypting to Users Without Sufficient Trust Paths. Read more www.securiteam.com: Serv-U MDTM Command Remote Vulnerability Exploit. Read more News: www.esj.com: Microsoft Says Security Improvements Coming. Read more news.xinhuanet.com: Mydoom worm still a threat to computers. Read more

02 march 2004 New in Archive LANfiltrator 1.5 BetaIII MiniMO 05 Beta 1 Caznova 1.1 beta Iroffer 1.3b03 Iroffer 1.3b04 Vulnerabilities & Exploits www.securitytracker.com: Squid Proxy Cache '%00' URL Character Access Control Bug May Let Remote Users Bypass Certain Access Controls. Read more www.securiteam.com: Microsoft Internet Explorer Cross Frame Scripting Restriction Bypass. Read more News: www.internetweek.com: Wave of Bagle and Netsky Worm Variants Hits the Internet. Read more www.theregister.co.uk: Netsky-D makes your PC go beep, beep, beep. Read more www.crime-research.org: New fraud in the Internet. Read more www.theregister.co.uk: Mossad website 'hacker' walks free. Read more www.theregister.co.uk: Windows leak dangers 'exaggerated'. Read more www.theregister.co.uk: MS takes fight to the spammers. Read more

01 march 2004 New in Archive 01 march 2004 New in Archive Levon Expert TinyFWB 1.0 The Fate of Doom 1.0 U-Boot IIB Beta 0.89 Vertigo Vulnerabilities & Exploits www.securitytracker.com: Free-BB Input Validation Flaw Permits Cross-Site Scripting Attacks. Read more www.securitytracker.com: Invision Power Board Input Validation Holes in 'showuser' and Others Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more News: www.smh.com.au: Study claims Linux most hacked but ignores malware. Read more www.smh.com.au: Worm creators keep abreast of the news. Read more zdnet.com.com: Microsoft enlists developers in security push. Read more www.theinquirer.net: Teenage female virus writer arrested. Read more

Levon Expert

TinyFWB 1.0

The Fate of Doom 1.0

U-Boot IIB Beta 0.89

Vertigo

Vulnerabilities & Exploits
www.securitytracker.com:
Free-BB Input Validation Flaw Permits Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
Invision Power Board Input Validation Holes in 'showuser' and Others Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more

News:
www.smh.com.au:
Study claims Linux most hacked but ignores malware. Read more

www.smh.com.au:
Worm creators keep abreast of the news. Read more

zdnet.com.com:
Microsoft enlists developers in security push. Read more

www.theinquirer.net:
Teenage female virus writer arrested. Read more

Copyright� MegaSecurity.org