Home    News Archive    Translate Traducen

News april 20003

30 april 2003 New Trojans: Nuclear Keys 1.2 Iddono 2.0 (beta 1.0) Rouge-Bots Xdcc Vulnerabilities & Exploits: www.securitytracker.com: album.pl Photo Album Software May Let Remote Users Execute Arbitrary Commands. Read more www.securitytracker.com: BRS WebWeaver Can Be Crashed By Remote Authenticated Users Via the RETR Command. Read more www.securitytracker.com: Tridion R5 Content Management System May Disclose Administrator Password to Local Users. Read more www.securitytracker.com: Macromedia ColdFusion MX Server Discloses Installation Path to Remote Users. Read more News: boston.com: British authorities arrest hacker wanted as `Fluffi Bunni'. Read more news.bbc.co.uk: Viruses bite businesses hard. Read more www.computerworld.com.au: Tackling security threats from within. Read more www.sfgate.com: Student pleads guilty to economic espionage. Read more www.eweek.com: Microsoft Braces for Windows Attacks. Read more

29 april 2003 New Trojans: Corrupted Lite 1.0 Oxygene Light Red-Spy 1.2 Express 2.01 Vulnerabilities & Exploits: www.securiteam.com: PoPToP PPTP Server Remote Exploit Code Released. Read more www.securiteam.com: Cross Site Scripting in OneCenter Forum. Read more www.securiteam.com: Xeneo Web Server Vulnerable to a Denial of Service Attack. Read more www.securiteam.com: JBoot Password Bypassing Vulnerability. Read more www.securiteam.com: PTNews Vulnerability Allows Administrator Access without Authentication. Read more www.securiteam.com: Poppassd Local Root Vulnerability and Exploit (smbpasswd). Read more www.securiteam.com: PY-Members Vulnerable to SQL Injection. Read more www.securiteam.com: Bugzilla Patch Available for the XSS and Insecure Temporary Filenames Vulnerabilities. Read more www.securiteam.com: OpenBB Forums Vulnerable to SQL Injection. Read more www.securiteam.com: Multiple Vulnerabilities Found in phpSysInfo. Read more www.securiteam.com: Album.pl Vulnerable to Remote Command Execution. Read more www.securiteam.com: Options Parsing Tool Shared Library Vulnerability. Read more News: www.vnunet.com: Comment: The perils of browsing. Read more

28 april 2003 New Trojans: Z-downloader 1.0 KoKo 1.0 (b) AlexMessoMalex Beta 2 (version 2) Little Witch 6.1 (t) server ZomBot 1.0 Vulnerabilities & Exploits: www.securitytracker.com: SGI IRIX libns_ldap Bug May Let Remote Users Access Systems Without a Password. Read more www.securitytracker.com: Bugzillia Insecure Temporary File Processing May Let Local Users Gain Elevated Privileges. Read more www.securitytracker.com: TrueGalerie Authentication Flaw Lets Remote Users Gain Administrator Access to the Application. Read more www.securiteam.com: Snort TCP Stream Reassembly Integer Overflow Exploit. Read more www.securiteam.com: Path Disclosure in Macromedia ColdFusion MX Server. Read more www.securiteam.com: Buffer Overflow in Internet Explorer's HTTP Parsing Code. Read more www.securiteam.com: SAP Database Local Root Vulnerability During the Installation Process. Read more News: slashdot.org: Spamming Trojan "Proxy Guzu". Read more story.news.yahoo.com: Hackers Have Field Day with Madonna Decoy. Read more observer.co.uk: They've got your number... Read more

27 april 2003 New Trojans: Medusa 1.2 rcmd KWA (a) Satanz Backdoor1.0 (b) server Vulnerabilities & Exploits: www.securityfocus.com: Microsoft Internet Explorer dragDrop Method Local File Reading Vulnerability. Read more www.securityfocus.com: Microsoft Outlook Express MHTML URL Handler File Rendering Vulnerability. Read more www.securityfocus.com: Microsoft Internet Explorer Remote URLMON.DLL Buffer Overflow Vulnerability. Read more www.securityfocus.com: Microsoft Internet Explorer Dialog Style Same Origin Policy Bypass Vulnerability. Read more www.securityfocus.com: Microsoft Shlwapi.dll Malformed HTML Form Tag Denial of Service Vulnerability. Read more www.securitytracker.com: Nokia IPSO Appliances Disclose Files on the System to Remote Authenticated Users. Read more www.securitytracker.com: VisNetic ActiveDefense Can Be Crashed By Remote Users. Read more www.securitytracker.com: Cisco Catalyst OS Lets Remote Authenticated Users Enter 'enable' Mode Without a Password. Read more www.securiteam.com: ATM on Linux Exploit Code Release (les, local). Read more www.securiteam.com: Cisco Catalyst Enable Password Bypass Vulnerability. Read more www.securiteam.com: UDP Bypassing in Kerio Firewall (UDP Scan). Read more www.securiteam.com: Remote Buffer Overflow Vulnerability in Web Management Interface of Cisco Secure ACS. Read more www.securiteam.com: Internet Explorer ActiveX Control Heap Overflow (Plugin.ocx, Load). Read more www.securiteam.com: YABB SE Allows Remote Command Execution. Read more News: www.crime-research.org: Cyber attacks a concern. Read more www.theregister.co.uk: Judge backs P2P file traders. Read more www.blackhat.com: Black Hat Europe 2003 Briefings and Training. Read more

26 april 2003 New Trojans: AIMVision [NextGen] 1.3 AimFrame - Alpha 1 Snow 1.5 NetCrack 1.3 (b) Vulnerabilities & Exploits: www.securitytracker.com: Microsoft Internet Explorer Bugs (URLMON.DLL Buffer Overflow, File Upload Control Bypass, Plug-in URL Input Validation Flaw, CSS Modal Dialog Input Validation Flaw) Let Remote Users Execute Arbitrary Code or Access Local Files. Read more www.securityfocus.com: Microsoft Windows RegEdit.EXE Registry Key Value Buffer Overflow Vulnerability. Read more www.securitytracker.com: HP Jetdirect Printer FTP Service Lets Any Remote User Print. Read more www.securitytracker.com: GKrellM Newsticker Lets Remote Users Execute Arbitrary Shell Commands on the Target User's Client. Read more www.securitytracker.com: Sambar Server WebMail Discloses User Passwords Transmitted Via the Network. Read more www.securitytracker.com: Cisco Secure Access Control Server Buffer Overflow May Yield System Administrator Access to Remote Users. Read more www.securitytracker.com: bttlxeForum Input Validation Flaw in Login Process Lets Remote Users Gain Access Without Authenticating. Read more News: www.securityfocus.com: Rise of the Spam Zombies. Read more www.net4nowt.com: New Coronex worm uses SARS Virus as theme. Read more www.techweb.com: Not All Microsoft Apps Run On Windows Server 2003. Read more zdnet.com.com: Windows guru--hackers to hire. Read more

25 april 2003 New Trojans: Optix PRO 1.3 Vision de Control 2.0 Litmus 1.08 Tool: www.insecure.org: Nmap 3.26 Released. Read more Vulnerabilities & Exploits: www.cisco.com: Cisco Catalyst Enable Password Bypass Vulnerability. Read more www.securitytracker.com: Xeneo PHP Web Server URL Encoding Input Validation Bug Lets Remote Users Crash the Web. Read more www.securitytracker.com: 'screend' on HP Tru64 UNIX Has Unspecified Flaw That Allows Remote Users to Cause Denial of Service. Read more www.securitytracker.com: HP Tru64 UNIX Flaw in NFS on TruCluster Servers May Let Remote Users Cause Denial of Service. Read more www.securitytracker.com: SAP DB Helper Tools Provide Root Access to Local Users. Read more www.securitytracker.com: Kerio Personal Firewall Default Setting Lets Remote Users Send UDP Packets Through the Firewall. Read more www.securitytracker.com: XMB Forum Input Validation Hole in 'members.php' Lets Remote Users Inject SQL Commands. Read more www.securitytracker.com: 'mime-support' Insecure Temporary File Lets Local Users Gain Elevated Privileges. Read more www.securitytracker.com: YaBB SE Include File Error in Language Setting Lets Remote Authenticated Users Execute Arbitrary Operating System Commands. Read more www.securiteam.com: MHTML vulnerability in Outlook Express. Read more www.securiteam.com: Cumulative Patch for Internet Explorer. Read more News: www.theregister.co.uk: Look out for the latest IE and Outlook patches. Read more www.nwfusion.com: Microsoft fixing patch that can slow Windows XP. Read more www.computerworld.com.sg: Silent enemy. Read more www.getreading.co.uk: Program put child porn pics on my PC. Read more www.smudailycampus.com: Hackers wreak havoc on university campuses. Read more www.chinapost.com.tw: Tougher penalties for cybercrimes. Read more news.bbc.co.uk: Hacker causes havoc for websites. Read more www.wired.com: Organizer: 'Hackathon' Will Go On. Read more www.kypost.com: Porn pops up on NKU channel. Read more www.bayarea.com: AT&T says victims should pay hackers' bills. Read more www.theregister.co.uk: DirecTV mole to plead guilty. Read more

24 april 2003 New Trojans: PowerSpider 2.03 Remote Viewport 0.91 ProRat 1.0b AIMVision [NextGen] Vulnerabilities & Exploits: www.securitytracker.com: Xeneo Web Server Can Be Crashed By Remote Users. Read more www.securitytracker.com: AN HTTPD Web Server Sample Script ('count.pl') Lets Remote Users Create or Overwrite Files on the System. Read more www.securitytracker.com: PT News Authentication Flaw Lets Remote Users Access Administrative Functions. Read more www.securitytracker.com: Apache mod_ntlm Buffer Overflow and Format String Flaw Let Remote Users Execute Arbitary Code. Read more www.securitytracker.com: 360 Degree Web PlatinumSecret Access Control Flaw Gives Physically Local Users Limited Access. Read more www.securitytracker.com: MPCSoftWeb GuestBook Discloses Administrator Password to Remote Users. Read more www.secunia.com: Internet Explorer Four Vulnerabilities. Read more www.cisco.com: Cisco Secure Access Control Server for Windows Admin Buffer Overflow Vulnerability. Read more www.aqtronix.com: Microsoft Active Server Pages DoS. Read more www.debian.org: DSA-294-1 gkrellm-newsticker -- missing quoting, incomplete parser. Read more www.debian.org: DSA-293-1 kdelibs -- insecure execution. Read more News: Microsoft Security Bulletin MS03-015 Cumulative Patch for Internet Explorer (813489). Read more Microsoft Security Bulletin MS03-007 Unchecked Buffer In Windows Component Could Cause Server Compromise (815021). Read more Microsoft Security Bulletin MS03-014 Cumulative Patch for Outlook Express (330994). Read more www.eweek.com: Microsoft Patches IE, Outlook Flaws. Read more www.web-user.co.uk: New virus exploits SARs worries. Read more www.zdnet.com.au: Ruxcon: A security conference with a difference. Read more www.zdnet.com.au: New spy tools--for good or evil? Read more news.bbc.co.uk: Hacker causes havoc for websites. Read more www.cornellsun.com: I.D. Fraud Hits Colleges. Read more www.washingtonpost.com: Cyber War Game Tests Future Troops. Read more www.guardian.co.uk: The paranoia that paid off. Read more

23 april 2003 New Trojans: LANfiltrator Beta 11 LANfiltrator Beta 7 Skull Burrow Connection Bouncer 2.0 Chat Spy 1.0 Tools: AFX Windows Rootkit 2003 This software generates a system patch that will hide files, registry keys and netstat entries from Windows 95/98/ME/NT/2k/XP/2003. Read more VNCPwdump can be used to dump and decrypt the registry key containing the encrypted VNC password in a few different ways. Read more Vulnerabilities & Exploits: www.ngsec.com: YABB SE, remote command execution. Read more www.debian.org: DSA-292-1 mime-support -- insecure temporary file creation. Read more www.debian.org: DSA-291-1 ircii -- buffer overflows. Read more www.securitytracker.com: Monkey Web Server Buffer Overflow in Processing POST Requests Lets Remote Users Execute Arbitary Code. Read more www.securitytracker.com: BadBlue Server. Read more www.securiteam.com; Xeneo Web Server Denial of Service Vulnerability (? Attack). Read more News: www.eweek.com: Thwarting the Zombies. Read more www.eweek.com: Up With Good Worms. Read more www.nwfusion.com: Latest Windows XP patch can slow down PCs. Read more www.hivercon.com: HiverCon 2003 Call For Papers. Read more www.theregister.co.uk: Like a virgin - Madonna hacked for the very first time. Read more grep.law.harvard.edu: Court Rules Trojan Responsible For Child pr0n. Read more the.honoluluadvertiser.com: Student faces hacking charges. Read more www.informationweek.com: Retailers Report Sales Bounce Using Security Certificate. Read more www.hindustantimes.com: Hyderabad institute to train ethical hackers. Read more

22 april 2003 New Trojans: Oblivion Joiner 0.1 BlueAngel Little Witch 6.1 (n) server Vulnerabilities & Exploits: www.securitytracker.com: Microsoft NTLM Authentication Protocol Flaw Lets Malicious SMB Servers Gain Access to Systems. Read more www.securitytracker.com: Windows XP Service Control Manager Timing Flaw in Service Shutdown May Disclose Sensitive Information to Local Users. Read more www.securitytracker.com: CGIC Library Buffer Overflow May Let Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: Cerberus FTP Server Discloses Existence of User Accounts to Remote Users. Read more www.securiteam.com: Half-Life Exploit Code Released (Malformed Packet). Read more www.securiteam.com: Interbase ISC_LOCK_ENV Overflow. Read more www.securiteam.com: Java Agent Freezes Lotus Notes and Domino. Read more www.securiteam.com: Directory Traversal bug in QuickFront Webserver. Read more www.securiteam.com: Buffer Overrun in Windows Kernel Message Handling could Lead to Elevated Privileges. Read more www.securiteam.com: BadBlue Arbitrary Administrative Actions Vulnerability. Read more www.securiteam.com: Remote Vulnerabilties in mod_ntlm. Read more www.securiteam.com: ChiTeX Local Root Vulnerability. Read more www.securiteam.com: Monkey HTTP Daemon Remote Buffer Overflow. Read more News: www.securityfocus.com: Anti-Virus Defence In Depth. Read more zdnet.com.com: New spy tools--for good or evil? Read more www.nytimes.com: AT&T Trying to Collect Bills From the Victims of Hackers. Read more www.crime-research.org: A hacker committed to ethics. Read more www.smh.com.au: Hack attacks launched mainly by outsiders. Read more www.dailypennsylvanian.com: Students work to combat hackers. Read more zdnet.com.com: Windows faces new competition: Itself. Read more

21 april 2003 New Trojans: Sin Static Ip Notifier Nethief 4.3 Iowa's Webdownloader 2.0 Lamers Death 2.6 (c) server IC-Manage-IT Vulnerabilities & Exploits: www.securitytracker.com: Xinetd Has Another File Descriptor Leak That May Let Remote Users Deny Service. Read more www.securitytracker.com: Quickfront Input Validation Flaw Discloses Files on the System to Remote Users. Read more www.securitytracker.com: Vexira Antivirus Buffer Overflow Lets Local Users Gain Elevated Privileges. Read more www.securitytracker.com: Twilight Utilities Denial of Service Vulnerability (TW-WebServer). Read more www.securitytracker.com: Directory Traversal Vulnerability in EZ Server. Read more www.securitytracker.com: Authentication Flaw in Microsoft SMB Protocol Still Present After 3 Years. Read more www.securiteam.com: Apache mod_access_referer Denial of Service Issue. Read more www.securiteam.com: Heap Corruption in Gaim-Encryption Plugin. Read more News: www.hardwarezone.com: Arrival of Windows Server 2003 Heralds New Era for Software Security. Read more www.crime-research.org: Student faces hacking charges. Read more www.theregister.co.uk: Office workers give away passwords for a cheap pen. Read more www.thesun.co.uk: Madonna's net amused. Read more

20 april 2003 New Trojans: Nuclear WebDownloader 1.0 Invasion Crash Drive The Bus Serial Pager 1.3 Tool: www.insecure.org: Nmap 3.25 Released. Read more Vulnerabilities & Exploits: www.securitytracker.com: Microsoft REGEDIT.EXE May Let Local Users Gain Elevated Privileges. Read more www.securitytracker.com: Snitz Forums Input Validation Script Filtering Can Be Circumvented By Remote Users to Conduct Cross-Site Scripting Attacks. Read more www.securitytracker.com: Web Wiz Forums Discloses Forum Database to Remote Users. Read more News: www.crime-research.org: Beware of Cyber crimes. Read more

19 april 2003 New Trojans: Sequel 0.1.2 [ROULA] Titi 1.01 Ptakks resurrecion Beta 1 Vulnerabilities & Exploits: www.securitytracker.com: 'rinetd' Buffer Management Flaw Lets Remote Users Crash the Service. Read more www.securitytracker.com: Apache mod_access_referer Module Null Pointer Dereference May Faciliate Denial of Service Attacks. Read more www.securitytracker.com: NetScreen Global PRO Policy Manager May Configure VPNs With a Weaker Cryptographic Algorithm. Read more www.securitytracker.com: EZ Server Discloses Files Located Outside of the Document Directory to Remote Users. Read more www.securitytracker.com: Microsoft Windows OS Kernel Messaging Buffer Overflow Lets Local Users Gain Full Control of the System. Read more www.securiteam.com: Remote BSD Samba call_trans2open i386 Buffer Overflow Exploit. Read more www.securiteam.com: Local Exploit for Sendmail's prescan() Function. Read more www.securiteam.com: Vignette Story Server Sensitive Information Disclosure. Read more www.securiteam.com: Snort TCP Stream Reassembly Integer Overflow Vulnerability. Read more www.securiteam.com: MacOS X DirectoryService Privilege Escalation and DoS Attack. Read more www.securiteam.com: Multiple Vulnerabilities in Snort Preprocessors (RPC, stream4). Read more www.securiteam.com: Directory Traversal Bug Found in QuickFront Web Server. Read more www.securiteam.com: iWeb Mini Web Server Remote Directory Traversal. Read more www.securiteam.com: Root Directory Revealing Vulnerability found in 12Planet Chat Server. Read more www.securiteam.com: Path Disclosure Vulnerability found in MailMax/Web. Read more www.securiteam.com: Buffer Overflow Vulnerability found in MailMax. Read more www.securiteam.com: Buffer Overflow in Vexira Antivirus. Read more www.securiteam.com: Multiple Vulnerabilities in Ez Publish. Read more News:

18 april 2003 New Trojans: HDDL 1.0 G0te Cruel Intentionz 1.1 Vulnerabilities & Exploits: www.chez.com: Vulnerability in regedit.exe. Read more www.securitytracker.com: NETGEAR RP114 Router Input Validation Flaw Lets Remote Users Conduct Cross-Site Scripting Attacks Against Administrators. Read more www.securitytracker.com: Mozilla Browser Domain Change Security Context Flaw Lets Scripts in One Page Execute in the Security Context of Another Page. Read more www.securitytracker.com: iWeb Server Input Validation Directory Traversal Flaw Discloses Files to Remote Users. Read more www.securitytracker.com: Twilight Utilities Web Server Can Be Crashed By Remote Users. Read more www.securitytracker.com: Snort Buffer Overflow in Processing TCP Sequence Numbers Lets Remote Users Execute Arbitrary Code. Read more www.debian.org: DSA-289-1 rinetd -- incorrect memory resizing. Read more www.debian.org: DSA-290-1 sendmail-wide -- char-to-int conversion. Read more News: www.securityfocus.com: Getting Realistic in the War on Hackers. Give up on the notion that computer security can be improved by putting more people in prison. Read more www.sfgate.com: Pros, cons of hiring ex-criminal hackers. Read more www.internetweek.com: Microsoft Posts Security Alert And Patch For Windows NT, 2000, XP. Read more www.washingtonpost.com: Blackboard Gets Gag Order Against Smart-Card Hackers. Read more www.msnbc.com: Cadets train for cyber combat. Read more www.accessatlanta.com: Student finds debit card flaw, but can't tell. Read more straitstimes.asia1.com.sg: Iraq war opens another front - online attacks on Arab sites. Read more

17 april 2003 New Trojans: Nuclear Uploader 1.0 PowerSpider 3.20 Lamers Death 2.6 (d) server FiendishPerson 1.6 Vulnerabilities & Exploits: www.securitytracker.com: Microsoft Windows 2003 'win2k.sys' Printing Bug Lets Users Crash the System. Read more www.securitytracker.com: NetComm NB1300 ADSL Router Default Configuration Discloses Administrator Password to Remote Users. Read more www.securitytracker.com: Ez publish Forum Discloses Installation Path and Database Password to Remote Users. Read more www.securitytracker.com: Progress Database Buffer Overflow in BINPATHX Lets Local Users Gain Root Privileges. Read more www.securitytracker.com: fipsGastebuch Input Validation Flaw in 'new_entry.asp' Permits Cross-Site Scripting Attacks. Read more www.securitytracker.com: Web Wiz Site News Discloses Administrator Password to Remote Users. Read more www.securitytracker.com: ActivCard Discloses Usernames and Passwords to Local Users via Memory Dumps. Read more www.debian.org: DSA-288-1 openssl -- several vulnerabilities. Read more News: Microsoft Security Bulletin MS03-013 Buffer Overrun in Windows Kernel Message Handling could Lead to Elevated Privileges (811493). Read more www.securityfocus.com: Use a Honeypot, Go to Prison? Read more www.eetimes.com: Cryptographers sound warnings on Microsoft security plan. Read more www.techweb.com: Hiring Hackers: A Heated Debate. Read more www.sunspot.net: Voicemail hacking leaves ears ringing. Read more www.businessweek.com: Sparks over Power Grid Cybersecurity. Read more sportsillustrated.cnn.com: Mass. man will ask for probation in mass e-mail case. Read more www.thecrimson.com: Swipe Card Hack Prompts Complaint. Read more www.bayarea.com: Partnership creates standards to combat cyberterrorism. Read more www.pcworld.com: What's the Biggest Security Problem? Read more siliconvalley.internet.com: RSA Unveils 'Internet Insecurity Index'. Read more

16 april 2003 New Trojans: Prophet Backdoor.VB.bs server HTTP RAT 0.1b (g) pseudoRAT 0.1 (d) Tool: www.klcconsulting.net: SMAC is a Windows MAC Address Modifying Utility which allows users to change MAC address for almost any Network Interface Cards (NIC) on the Windows 2000 and XP systems. Read more Vulnerabilities & Exploits: www.securitytracker.com: InstaBoard Input Validation Flaws Let Remote Users Inject SQL Commands. Read more www.securitytracker.com: Ximian Evolution Bug in GtkHTML Library Allows Remote Users to Crash a Client. Read more www.securitytracker.com: Linksys WAP11 Wireless Access Point Transmits Administrator Password in Clear Text. Read more www.securitytracker.com: LPRng Unsafe Temporary File in 'psbanner' May Let Local Users Gain Elevated Privileges. Read more www.securitytracker.com: (Sun Issues Fix) Sun XView Library Buffer Overflow Lets Local Users Gain Root Privileges. Read more www.securitytracker.com: Macromedia Flash Content May Facilitate Cross-Site Scripting Via the 'clickTAG'. Read more www.debian.org: DSA-287-1 epic -- buffer overflows. Read more News: www.securityfocus.com: Debate: Should You Hire a Hacker? Read more timesofindia.indiatimes.com: Expert at 17, will lecture IT big wigs on Net security. Read more www.internetweek.com: Microsoft Aims To Tighten Windows Security. Read more www.securityfocus.com: BitchX Trojan Horse Vulnerability. Read more www.vnunet.com: RSA splits data to stop hackers. Read more catless.ncl.ac.uk: Nevada hospital system hack traced to Russia. Read more zdnet.com.com: Taking on Microsoft and the DMCA. Read more www.eetimes.com: Cryptographers sound warnings on Microsoft security plan. Read more www.zdnet.com.au: US court bars security speakers. Read more www.salon.com: The copyright cops strike again. Read more

15 april 2003 New Trojans: Assasin 2.0 Pegasus final Tunnel AntiLamer Backdoor 1.3 (a) server VC 1.0 Vulnerabilities & Exploits: www.securitytracker.com: SheerDNS Directory Traversal and Buffer Overflow Bugs Allow Local Users (and Possibly Remote Users) to Gain Root Privileges. Read more www.securiteam.com: Report Review Agent (RRA/FNDFS) Vulnerability in Oracle E-Business Suite. Read more www.securiteam.com: Linksys WAP11 Password in Clear Text Vulnerability. Read more www.securiteam.com: Misuse of Macromedia Flash Ads clickTAG Option May Lead to Privacy Breach. Read more www.securiteam.com: KDE PS/PDF handling vulnerability. Read more www.debian.org: DSA-286-1 gs-common -- insecure temporary file. Read more www.debian.org: DSA-285-1 lprng -- insecure temporary file. Read more News: www.zdnet.com.au: US court bars security speakers. Read more www.theregister.co.uk: It's another bug, confirms Google. Read more www.theregister.co.uk: Application Vulnerability Description Language coined. Read more www.salon.com: The copyright cops strike again. Read more www.theregister.co.uk: How to automate a DoS attack using the Post Office. Read more hoovnews.hoovers.com: The Threat From Inside -- The biggest danger to computer systems comes from employees. Read more www.globeandmail.com: Big Brother stalks cyberspace. Read more www.prnewswire.com: Microsoft Outlines Plans to Simplify Secure Computing. Read more www.theregister.co.uk: Hoaxster hacker discovers infinite-wealth algorithm. Read more www.theregister.co.uk: DNS inventor calls for security overhaul. Read more

14 april 2003 New Trojans: Nethief XP EvilBot (a) Troyen 1.0 Vulnerabilities & Exploits: www.securitytracker.com: Ocean12 ASP Guestbook Manager Discloses Database, Including the Administrator's Password, to Remote Users. Read more www.securitytracker.com: Linksys BEFVP41 VPN Router Discloses Internal Host Information to Remote Users. Read more www.securitytracker.com: Gaim-Encryption Plugin May Let Remote Users Crash the GAIM Client. Read more News: www.securityfocus.com: Cryptographic File Systems, Part Two: Implementation. Read more www.securityfocus.com: 'Super-DMCA' fears suppress security research. Read more www.smh.com.au: The slippery world of spyware. Read more www.zdnet.com: Want to foil hackers? Pick a better password. Read more www.orlandosentinel.com: Encryption proposal makes activists uneasy. Read more asia.cnet.com: Open-source team fights buffer overflows. Read more

13 april 2003 New Trojans: Backdoor.Delf.er server Backdoor.VB.ga server AMS Vulnerabilities & Exploits: www.debian.org: DSA-284-1 kdegraphics -- insecure execution. Read more www.securitytracker.com: Mac OS X File Sharing/Service Gives Authenticated Users Read Access to the Write-Only DropBox. Read more www.securitytracker.com: MailMax/Web Discloses Installation Path to Remote Users. Read more www.securitytracker.com: MailMax IMAP Server Buffer Overflow in 'Login' Parameter Lets Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: 12Planet Chat Server Sends Administrative Password Over the Network in Clear Text. Read more www.securitytracker.com: FileMaker Pro and FileMaker Server Send Unencrypted Passwords Via the Network. Read more www.securitytracker.com: KDE Configuration Flaw Lets Remote Users Create Files That Will Execute Arbitrary Commands When Loaded. Read more www.securitytracker.com: Oracle E-Business Suite Report Review Agent Discloses Files to Remote Users. Read more www.securitytracker.com: Super Guestbook Discloses Configuration and Administrative Password to Remote Users. Read more www.securitytracker.com: Rainman's GuestBook Software Discloses the Administrator Password to Remote Users. Read more www.securitytracker.com: CC Guestbook Input Validation Flaw in 'Name' and 'Webpage Title' Lets Remote Users Conduct Cross-Site Scripting Attack. Read more www.securitytracker.com: CC Log Input Validation Hole in HTTP Header Fields Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more www.securitytracker.com: Mac OS X DirectoryService Unsafe System() Call Lets Local Users Gain Root Privileges. Read more News: www.theregister.co.uk: Microsoft licenses WinCE source code for commercial use. Read more www.theregister.co.uk: DNS inventor calls for security overhaul. Read more news.com.com: Open-source team fights buffer overflows. Read more www.nwfusion.com: XML security standard touted at show. Read more www.theregister.co.uk: Why we love the Iraqi information minister. (no security link)Read more

12 april 2003 New Trojans: Fear and Hope 1.0 Msn Trojan 1.0 Remote Operations Console Interface Vulnerabilities & Exploits: www.securitytracker.com: Python Documentation Server Input Validation Flaw Permits Cross-Site Scripting Attacks. Read more www.securitytracker.com: Hyperion FTP Server Buffer Overflow in USER Command May Let Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: PoPToP PPTP Server Buffer Overflow in 'read_pptp_header' May Let Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: phPay Web Shopping Input Validation Flaws Disclose Information to Remote Users and Permit Cross-Site Scripting Attacks. Read more www.securitytracker.com: Microsoft Proxy Service in Proxy Server 2.0 Has Unspecified Flaw That Lets Remote Users Stop Traffic. Read more www.securitytracker.com: Microsoft Firewall Service in ISA Server Has Unspecified Flaw That Lets Remote Users Stop Traffic. Read more www.securitytracker.com: Microsoft Windows VM Input Validation Flaw in ByteCode Verifier Lets Malicious Java Applets Execute Arbitrary Code. Read more News: news.com.com: Honeypots get stickier for hackers. Read more seattletimes.nwsource.com: Blocking file attachments helps tackle virus problem. Read more news.com.com: Windows key leak threatens mass piracy. Read more

11 april 2003 New Trojans: Sequel 0.1 beta 1 client [Special Edition] Skull De-Burrower 1.0 pseudoRAT 0.1b (version c) Vulnerabilities & Exploits: www.debian.org: DSA-283-1 xfsdump -- insecure file creation. Read more www.securitytracker.com: Internet Software Center's ASP Gastebuch Input Filtering Hole Permits Cross-Site Scripting Attacks. Read more www.securitytracker.com: AMaViS Anti-Virus Scanner May Let Remote Users Relay E-Mail. Read more www.securitytracker.com: Orplex Guest Book Input Filtering Flaw Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more News: asia.cnet.com: Flaw leaves Windows open to Java attack. Read more www.theage.com.au: New charges over web bank scam. Read more www.nbr.co.nz: Gartner tips top 11 cyberthreat issues. Read more

10 april 2003 New Trojans: Near Mohists 1.6 Evil-X 2.0 Lamers Death 2.5 (j) server Vulnerabilities & Exploits: www.idefense.com: Denial of Service in Microsoft Proxy Server 2.0 and Internet Security and Acceleration Server 2000. Read more www.debian.org: DSA-282-1 glibc -- integer overflow. Read more www.securitytracker.com: Mgetty Buffer Overflow in Processing Caller ID May Let Remote Callers Crash the System or Execute Arbitrary Code. Read more www.securitytracker.com: Opera Browser Buffer Overflow in Loading URLs May Let Remote Users Execute Code. Read more www.securitytracker.com: Coppermine Photo Gallery File Extension Validation Flaw Lets Remote Users Upload and Execute PHP Code. Read more www.securitytracker.com: Jpegx Steganography Software Access Control Can Be Bypassed. Read more www.securitytracker.com: Vignette StoryServer Discloses Server Stack Contents to Remote Users. Read more www.securitytracker.com: 'metrics' Uses Unsafe Temporary Files, Permitting Local Users to Gain Elevated Privileges. Read more www.securitytracker.com: Samba-TNG Buffer Overflow in call_trans2open() Function Lets Remote Users Execute Arbitrary Code With Root Privileges. Read more www.securitytracker.com: Samba Buffer Overflow in call_trans2open() Function Lets Remote Users Execute Arbitrary Code With Root Privileges. Read more News: Microsoft Security Bulletin MS03-011 Flaw in Microsoft VM Could Enable System Compromise (816093). Read more Microsoft Security Bulletin (MS00-084) Patch Available for 'Indexing Services Cross Site Scripting' Vulnerability. Read more Microsoft Security Bulletin MS03-012 Flaw In Winsock Proxy Service And ISA Firewall Service Can Cause Denial Of Service (331066). Read more www.internetweek.com: Microsoft Warns Of Security Hole In Java Virtual Machine. Read more newsobserver.com: Internet security worries on rise. Read more www.theage.com.au: Sophos questions release of OptusNet cracker. Read more www.securityfocus.com: Steganography Revealed. Read more www.zdnet.com.au: Commentary: Encryption, hashing, and obfuscation. Read more

09 april 2003 New Trojans: Neol SA Downloader Lite 1.0 War Trojan 1.06 client Vulnerabilities & Exploits: www.debian.org: DSA-281-1 moxftp -- buffer overflow. Read more www.securitytracker.com: SETI@home Buffer Overflow Allows Remote Server to Execute Arbitrary Code. Read more www.securiteam.com: New Oracle Database Listener Security Guide Released. Read more News: Cabronator coder arrested in Spain. Read more and here (spanish language) www.businessweek.com: Security firm regrets Samba disclosure. Read more www.businessweek.com: Don't Put All Your Data in One Basket. Read more www.eweek.com: Clarke: No One's Minding the Cyber Store. Read more www.bangkokpost.com: Catch viruses, enhance security. Read more cryptome.org: The court's order of 21 February 2003, gagging public disclosure of Citibank's crypto vulnerabilities. Read more

08 april 2003 New Trojans: Cabronator 3.12b X-filer prjIP 1.0 server Vulnerabilities & Exploits: www.atstake.com: Vignette Story Server sensitive information disclosure. Read more www.debian.org: DSA-280-1 samba -- buffer overflow. Read more www.debian.org: DSA-279-1 metrics -- insecure temporary file creation. Read more www.securitytracker.com: PY-Membres Input Validation Flaw Lets Remote Users Inject SQL Commands. Read more www.securitytracker.com: Firebird Database External Tables Access Control Flaw May Let Authenticated Users Modify Arbitrary Files on the System. Read more www.securitytracker.com: Borland InterBase External Tables Access Control Flaw May Let Authenticated Users Modify Arbitrary Files on the System. Read more www.securitytracker.com: Sign Here! Guest Book Input Validation Flaw Allows Cross-Site Scripting Attacks. Read more News: www.rgj.com: Ely hospital hacker traced to former Soviet Union. Read more www.businessweek.com: Samba flaw threatens Linux file servers. Read more www.smh.com.au: Australia leaves the hack door open to cyber sabotage. Read more www.pcworld.com: Space Searcher SETI@home Has Bugs. Read more www.informationweek.com: Security Threats To Business Are On The Rise. Read more www.salon.com: Libertarians struggle with surveillance. Read more

07 april 2003 New Trojans: Massaker 1.2 (b) server Red-Spy 1.0 Red-Spy 1.1 Vulnerabilities & Exploits: www.securitytracker.com: Abyss Web Server HTTP Header Validation Flaw Lets Remote Users Crash the Web Server. Read more www.securitytracker.com: Entrust Authority Security Manager Command Line Lets Local Authenticated Master Users Bypass the Multiple Authorization Feature. Read more www.securitytracker.com: ASPjar GuestBook Input Validation Hole Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more www.securitytracker.com: Hyperion FTP Server Buffer Overflow in Processing Commands Lets Remote Users Crash the Server. Read more www.securitytracker.com: libESMTP Buffer Overflow in 'read_smtp_response' May Let Remote Users Execute Arbitrary Code. Read more www.securiteam.com: Clear Text Password Vulnerability Found in DeskNow. Read more www.securiteam.com: Remote Multiple Buffer Overflow Vulnerabilities in Passlogd Sniffer. Read more www.securiteam.com: Integer overflow in PHP array_pad() function. Read more News: www.theage.com.au: Virus disrupts e-voting. Read more www.globetechnology.com: U.S. military helps fund Calgary hacker. Read more www.internetweek.com: Worms, Attacks, Assorted Security Threats On Businesses Rise Sharply In 2003. Read more www.stuff.co.nz: Defence against hackers. Read more www.crime-research.org: Criminalistics Characteristic of Cybercrimes� Committers. Read more

06 april 2003 New Trojans: The[X] 1.2 HTTP RAT 0.1b Lorexp Vulnerabilities & Exploits: www.securitytracker.com: Sakki's Guestbook Input Validation Flaw Allows Cross-Site Scripting Attacks. Read more www.securitytracker.com: Level One Routers Disclose Connection Password and May Allow Remote Re-configuration When Using UPNP. Read more www.securitytracker.com: NETGEAR FM114P Prosafe Wireless Firewall Discloses Connection Password When Using UPNP. Read more www.securitytracker.com: Progress Database Configuration File Error Messages May Disclose Root-Owned Information to Local Users. Read more www.securitytracker.com: WebC Shopping Cart Has Multiple Flaws That Allow Remote Users to Execute Arbitrary Code and Local Users to Gain Elevated Privileges. Read more News: www.upi.com: Spammers keep in touch with troops. Read more

05 april 2003 New Trojans: SEQRAT 1.0 Fade 1.0 beta2 Remscan Vulnerabilities & Exploits: www.securitytracker.com: IBM AIX 'ftpd' Server May Grant Root Access to Remote Users When Using Kerberos Authentication. Read more www.securitytracker.com: Borland Interbase Buffer Overflow in Processing ISC_LOCK_ENV Lets Local Users Execute Arbitrary Code With Root Privileges. Read more www.securitytracker.com: Compaq Insight Manager Discloses File Existence to Remote Users and May Allow Denial of Service Attacks. Read more www.securitytracker.com: ChiTex Path Specification Flaw Lets Local Users Execute Code With Root Privileges. Read more www.securitytracker.com: Phorum Input Validation Hole in Filtering 'Title' Field Allows Cross-Site Scripting Attacks. Read more www.securitytracker.com: BEA WebLogic May Disclose Internal Hostname to Remote Users. Read more www.securitytracker.com: Microsoft Windows Terminal Services RDP Implementation Does Not Validate Server Identity, Allowing Man-in-the-Middle Attacks. Read more www.securitytracker.com: IkonBoard Input Validation Flaw in Processing Cookies Lets Remote Users Execute Arbitrary Commands. Read more www.securitytracker.com: osCommerce Input Validation Flaws Allow Remote Users to Access the Application and Deny Service. Read more www.securitytracker.com: Apache 2.0 Web Server Has Unspecified Significant Denial of Service Flaw. Read more www.securitytracker.com: 'passlogd' Syslog Sniffer Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: DeskNow Web Mail Uses Clear Text Authentication for Web Mail Access. Read more www.debian.org: DSA-278-1 sendmail -- char-to-int conversion. Read more News: www.securityfocus.com: Fear of a Million Big Brothers. Read more www.europemedia.net: Cyber-attack blocks 400,000 websites. Read more www.networkmagazine.com: Strategies & Issues: Honeypots - Sticking It to Hackers. Read more cryptome.org: Citibank tries to gag crypto bug disclosure. Read more

04 april 2003 New Trojans: Goy FTP LANfiltrator Beta 6 Cruel Intentionz 1.0 (b) Vulnerabilities & Exploits: www.securitytracker.com: Progress Database DLC Bounds Checking Error May Give Local Users Root Privileges. Read more www.securitytracker.com: MiniPortal SOHO FTP Server Default Configuration Lets Anonymous Users Delete Directories. Read more www.securitytracker.com: Broker FTP Server 'CWD' Buffer Overflow Discloses Files on the System to Remote Users. Read more www.securitytracker.com: TYPSoft FTP Server Default Configuration Lets Remote Authenticated Users Create/Delete Directories. Read more www.securitytracker.com: XOOPS Glossary Module Input Validation Hole Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more www.debian.org: DSA-275-1 lpr-ppd -- buffer overflow. Read more www.debian.org: DSA-276-1 linux-kernel-s390 -- local privilege escalation. Read more www.debian.org: DSA-277-1 apcupsd -- buffer overflows, format string. Read more News: www.europemedia.net: Cyber-attack blocks 400,000 websites. Read more zdnet.com.com: Security--still in its infancy. Read more zdnet.com.com: Apache patch to thwart DoS attack. Read more www.pcworld.com: Dawn of the Superworm. Read more www.eweek.com: Thwarting the Zombies. Read more boston.com: Former hacker warns lawmakers about dangers to personal financial information. Read more newsobserver.com: Hackers target Florida congresswoman in e-mail prank. Read more www.vnunet.com: Spammers attack wireless networks. Read more

03 april 2003 New Trojans: GOP 1.01 Guangwai Girl 2.0 Musdie 1.1 nt Vulnerabilities & Exploits: www.securitytracker.com: Chindi Server Can Be Crashed By Remote Users. Read more www.securitytracker.com: BajieServer Input Validation Hole Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more www.securitytracker.com: Apple QuickTime Player Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: Kerio WinRoute Firewall Administration Interface Flaw Lets Remote Users Create Denial of Service Conditions. Read more www.securitytracker.com: HP Instant TopTools Can Be Crashed By Remote Users Sending Specific Requests. Read more www.securitytracker.com: SAP DB File Permissions Let Local Users Modify Files to Gain Elevated Privileges. Read more www.securitytracker.com: Xonic.ru News Application Lets Remote Users Post Items and Execute Arbitrary Commands on the Server. Read more www.securitytracker.com: Solaris 'dtsession' Buffer Overflow May Let Local Users Obtain Root Privileges. Read more www.securitytracker.com: Sun Solaris 'lpq' Buffer Overflow May Let Local Users Obtain Root Privileges. Read more www.securiteam.com: 3Com OfficeConnect Remote 812 ADSL router exposes internal LAN computer's ports. Read more www.securiteam.com: Quick Time Media Player for Windows Buffer Overflow. Read more www.securiteam.com: PowerFTP 2.25 Remote DoS. Read more News: www.smh.com.au: Many web sites still open to IIS 5.0 exploit. Read more zdnet.com.com: Holes found in RealPlayer, QuickTime. Read more www.suntimes.com: Point, click, fire: Hackers nail sites. Read more www.inform.umd.edu: Hackers strike Dorchester website. Read more asia.cnet.com: China: Watching what users type. Read more www.zdnet.com.au: Evil bit arrives on April Fools'. Read more www.theregister.co.uk: IT managers trust Microsoft on security...Read more www.thescotsman.co.uk: Vigilance is vital in keeping the hackers out. Read more www.pcmag.com: Spyware: It's Lurking on Your Machine. Read more

02 april 2003 New Trojans: NetCrack 1.1 (a) NetCrack 1.2 Lamers Death 2.5 (e) server Universal Cracker 3.0 Vulnerabilities & Exploits: www.securitytracker.com: EZ Server FTP Server Can Be Crashed By Remote Users Due to FTP Command Buffer Overflow. Read more News: www.thescotsman.co.uk: Vigilance is vital in keeping the hackers out. Read more www.reuters.co.uk: Norway Teen to Be Retried in DVD Piracy Case. Read more news.bbc.co.uk: Al-Jazeera site tackles hackers. Read more www.crime-research.org: Al-Qaida supporters hack into student's Web site. Read more www.mytelus.com: 'Al-Jazeera' beats 'sex' to become top Internet search term despite hacking. Read more www.pcworld.com: Tech Managers Wary of Microsoft Security. Read more news.com.com: Do you trust Microsoft? Read more www.commsdesign.com: DNS pioneer warns of Internet security. Read more

01 april 2003 New Trojans: pseudoRAT 0.1 (e) Skull De-Burrower 1.0.3 Progetto1 Vulnerabilities & Exploits: www.idefense.com: Buffer Overflow in Windows QuickTime Player. Read more www.securitytracker.com: ScozBook Guestbook Input Validation Flaws Permit Cross-Site Scripting Attacks. Read more www.securitytracker.com: Justice Guestbook Input Validation Flaws Permit Cross-Site Scripting Attacks. Read more www.securitytracker.com: Solaris newtask(1) Command Flaw Lets Local Users Grab Root Access. Read more www.securitytracker.com: Beanwebb Guestbook Lack of Authentication Gives Remote Users Administrative Access to the Guestbook. Read more www.securitytracker.com: Sendmail Buffer Overflow in Parsing Addresses May Let Remote or Local Users Execute Arbitrary Code With Root Privileges. Read more www.securiteam.com: Chindi DoS Exploit Code. Read more News: www.washingtonpost.com: Feds: Chinese Hack Attacks Likely. Read more www.theregister.co.uk: Klez-H hangs around like a bad smell. Read more www.theage.com.au: Language inspired by Orwell set to fool hackers. Read more www.theregister.co.uk: UK SMEs are sitting ducks for crackers. Read more www.yomiuri.co.jp: Cyberterrorism seen as future threat. Read more www.theregister.co.uk: Qualcomm 'superhacker' wins change of venue. Read more www.smh.com.au: Email creates tension for US soldiers, families. Read more

Copyright� MegaSecurity.org