Home    News Archive    Translate Traducen

News may 20003

31 may 2003 New Trojans: SubRoot 1.2 Silent Spy 2.09 server (version 2) Mini LD 1.1 Vulnerabilities & Exploits: www.idefense.com: Apache Portable Runtime Denial of Service and Arbitrary Code Execution Vulnerability. Read more www.securitytracker.com: 'b2' Blog 'b2-tools' Scripts Have Include File Errors That Let Remote Users Execute Arbitrary PHP Code and OS Commands on the Target Server. Read more www.securitytracker.com: Softrex Tornado www-Server Bugs Disclose Specified Files to Remote Users and Allow Remote Users to Crash the Web Service. Read more www.securitytracker.com: Geeklog Authentication Flaws Let Remote Users Gain 'Admin' Status and Execute Arbitrary PHP Code on the System. Read more www.securitytracker.com: GoldMine Lets Remote Users Send E-mail to Execute Arbitrary Code. Read more www.securitytracker.com: Webfroot Shoutbox Input Validation Flaws Let Remote Users View Files and Execute Commands on the System. Read more www.securitytracker.com: VisNetic FTP Server Discloses Directory Listings to Remote Authenticated Users, Including Anonymous Users. Read more www.securitytracker.com: Titan FTP Server Discloses Directory Listings to Remote Authenticated Users, Including Anonymous Users. Read more www.securitytracker.com: Son hServer Web Server Input Validation Flaw Lets Remote Users View Arbitrary Files on the System. Read more www.securitytracker.com: Bandmin Input Filtering Flaw Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more www.securitytracker.com: 'Remote PC Access' Server Can Be Crashed By Remote Users. Read more www.securiteam.com: Microsoft IIS ssinc.dll Over-long Filename Buffer Overflow Vulnerability. Read more www.securiteam.com: Activity Monitor Remote Denial of Service (TCP 15163). Read more Webfroot Shoutbox Directory Traversal and Code Injection. Read more www.securiteam.com: News: www.theregister.co.uk: Fizzer blasts Klez-H off top spot in viral charts. Read more www.theregister.co.uk: US cyber crime losses tumble. Read more

30 may 2003 New Trojans: Deaths Corner 1.0.2 Asylum File Binder 1.0 Nethief 4.5 Infector`s IP Sweeper 1.0 Vulnerabilities & Exploits: www.securitytracker.com: gPS Process Monitor Access Control Flaw Lets Remote Users Connect to the Remote gPS Poller. Read more www.securitytracker.com: Microsoft IIS Buffer Overflow Lets Remote Users With Upload Privileges Execute Code - Remote Users Can Also Crash the Service. Read more www.securitytracker.com: Microsoft Windows Media Services (nsiislog.dll) Extension to Internet Information Server (IIS) Lets Remote Execute Arbitrary Code. Read more www.securitytracker.com: Apache Web Server Can Be Crashed By Remote Users Via mod_dav Flaws and Also Via Basic Authentication. Read more www.securitytracker.com: BaSoMail Server Can Be Crashed By Remote Users and Also Discloses Passwords to Local Users. Read more www.securitytracker.com: Batalla Naval Game Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: iPlanet Messaging Server HTML Attachment Viewing Permits Cross-Site Scripting Attacks. Read more www.securitytracker.com: Sun ONE Application Server Discloses JSP Source Code to Remote Users and Passwords to Local Users. Read more www.securitytracker.com: D-Link DI-704P Router Can Be Crashed By Remote Authenticated Users. Read more www.securitytracker.com: PalmVNC Discloses VNC Server Usernames and Passwords to Local Users. Read more www.securitytracker.com: Axis Network Camera Web Interface Authentication Flaw Yields Root Access to Remote Users. Read more www.securitytracker.com: Meteor FTP Server Discloses Whether a Specified Username is Valid or Not. Read more www.securitytracker.com: BRS WebWeaver HTTP Buffer Overflows Let Remote Users Crash the Web Service. Read more www.securitytracker.com: UpClient Command Line Buffer Overflow Grants 'kmem' Privileges to Local Users. Read more www.securitytracker.com: Newsscript Input Validation Flaw Allows Remote Users to Gain Administrative Access on the Application. Read more www.securiteam.com: Remote PC Access Server DoS Attack Vulnerability. Read more www.securiteam.com: Flaw in ISAPI Extension for Windows Media Services Could Cause Denial of Service. Read more www.securiteam.com: Weakness in GoldMine Email Manager Allows Arbitrary Code Execution. Read more www.securiteam.com: Cumulative Patch for Internet Information Service (28 May 2003). Read more www.securiteam.com: Internet Information Services 5.0 Denial of Service (WebDAV). Read more News: www.smh.com.au: Security researcher accuses Redmond of misleading customer. Read more www.nwfusion.com: Microsoft creates new group to clean its coding act. Read more www.theregister.com: Wakey, Wakey it's Patching Day. Again. Read more www.phrack.org: PHRACK MAGAZINE call for papers. Read more www.eweek.com: Lipner Steps Down as Head of MSRC. Read more www.wired.com: Lamo Hacks Cingular Claims Site. Read more www.hindustantimes.com: Internet war on as Pak hackers deface 10 sites in a day. Read more www.gomemphis.com: Taking the offensive on identity theft. Read more www.nwfusion.com: Apache group issues update, warns of security hole. Read more www.theregister.com: HP's printer team in espionage drama. Read more reuters.com: Top Calif. Court Reviews DVD Decryption Case. Read more www.forbes.com: Stealing The Show (Satellite hackers). Read more www.lasvegassun.com: Casinos need to improve online security. Read more

29 may 2003 New Trojans: dSocks4 1.0 MzN 3.0 Remote Operations 2.2 Optix Lite 0.2 (c) server Vulnerabilities & Exploits: www.secnap.net: Weakness in GoldMine(tm) Email Manager allows arbitrary code execution. Read more www.spidynamics.co: Internet Information Services 5.0 Denial of service. Read more www.securitytracker.com: Vignette Content Management Suite Has Multiple Security Flaws That Disclose Information, Allow Code/Command Execution, and Permit Cross-Site Scripting Attacks. Read more www.securitytracker.com: PostNuke Input Validation Flaws in Glossary May Allow SQL Injection. Read more www.securitytracker.com: FastTrack P2P (KaZaA) Buffer Overflow May Let Remote Users Execute Arbitrary Code on a Supernode. Read more www.securitytracker.com: AnalogX Proxy URL Buffer Overflow Lets Remote Users Execute Arbitrary Code With Administrator Privileges. Read more News: Microsoft Security Bulletin MS03-007 Unchecked Buffer In Windows Component Could Cause Server Compromise (815021). Read more Microsoft Security Bulletin MS03-013 Buffer Overrun in Windows Kernel Message Handling could Lead to Elevated Privileges (811493). Read more Microsoft Security Bulletin MS03-018 Cumulative Patch for Internet Information Service (811114). Read more Microsoft Security Bulletin MS03-019 Flaw in ISAPI Extension for Windows Media Services Could Cause Denial of Service (817772). Read more www.securityfocus.com: Malware Myths and Misinformation, Part Two: Attachments, AV Software and Firewalls. Read more www.sunspot.net: Microsoft recalls security software. Read more www.katu.com: PayPal users beware; watch out for scam emails. Read more www.blackhat.com: Call for Papers Black Hat USA 2003. Read more www.gomemphis.com: Taking the offensive on identity theft. Read more www.santacruzsentinel.com: Hackers threaten confidential student records. Read more zdnet.com.com: Security can't stop Asian hackers. Read more zdnet.com.com: Munich breaks with Windows for Linux. Read more zdnet.com.com: Asia running out of IP-address room. Read more straitstimes.asia1.com.sg: Shop online? Security's still a worry for S'poreans. Read more

28 may 2003 New Trojans: Let Me Rule 2.0 beta 7.1 Latinus 1.0 by [sp]one Yet Another Trojan 1.2 Vulnerabilities & Exploits: www.securitytracker.com: Microsoft Internet Connection Firewall Fails to Block IP Version 6 Protocol. Read more www.coresecurity.com: Axis Network Camera HTTP Authentication Bypass. Read more www.securiteam.com: Admin Access Vulnerability in P-News (Records Injection). Read more www.securiteam.com: UPB Discussion Board/Web-Site Takeover. Read more www.securiteam.com: TextPortal Default Password Vulnerability. Read more www.securiteam.com: Nessus NASL Scripting Engine Security Issues. Read more News: www.theinquirer.net: Microsoft pulls security patch for Windows XP. Read more www.smh.com.au: New Windows worm in the wild. Read more www.securityfocus.com: Conducting a Security Audit: An Introductory Overview. Read more www.nwfusion.com: ISS hatches 'virtual patching' plan. Read more times.hankooki.com: Korea Strengthens Internet Security. Read more www.usatoday.com: Data detectives have their eyes on workplace surfing. Read more star-techcentral.com: The dangers of neglecting identity management. Read more www.sfgate.com: 'Yes scam' bilks AT&T customers Company says they must pay for unauthorized calls. Read more www.post-gazette.com: Banks, consumers clash as losses linked to ATM theft mount. Read more straitstimes.asia1.com.sg: Fix online security lapses. Read more

27 may 2003 New Trojans: Let Me Rule 2.0 beta 5 Snow 1.6 Optix Lite 0.4 (d) Tool: www.chkrootkit.org: chkrootkit is a tool to locally check for signs of a rootkit. Read more Vulnerabilities & Exploits: www.securitytracker.com: Encrypted Virtual Filesystem (EVFS) Buffer Overflow May Let Local Users Gain Root Privileges. Read more www.securitytracker.com: P-News Input Validation Flaw in 'p-news.php' Lets Remote Authenticated Users Create and Access Administrator Accounts. Read more www.securitytracker.com: Ultimate PHP Board Input Validation Flaw in 'iplog' File Lets Remote Users Cause Arbitrary PHP Code to Be Executed on the System. Read more www.securitytracker.com: TextPortal Default Password May Allow Remote Users to Gain Access. Read more www.securitytracker.com: Privacyware Privatefirewall Does Not Filter Certain Remote TCP Scans. Read more www.securitytracker.com: BLNews Include File Bug in 'objects.inc.php4' Lets Remote Users Execute Arbitrary Commands. Read more www.securiteam.com: WsMp3d Remote Exploit for Heap Overflow Vulnerability (CHA). Read more www.securiteam.com: Apple Safari and Konqueror Embedded Common Name Verification Vulnerability. Read more www.securiteam.com: Eudora DoS (Dotted Filename). Read more www.securiteam.com: Buffer Overflow in AnalogX Proxy (Long URL). Read more www.securiteam.com: Snitz Forum SQL Injection Vulnerability (register.asp). Read more www.securiteam.com: Internet Explorer Program Execution (Flooding). Read more www.securiteam.com: iisPROTECT SQL Injection Vulnerability in Admin Interface. Read more www.securiteam.com: Authentication Bypass in iisPROTECT. Read more News: www.securityfocus.com: Security Tools: From Mermaids to Suckling Pigs. Read more onenews.nzoom.com: Hackers inspired by Iraq war. Read more www.hindustantimes.com: Virus gets into Indo-Pak cyber war. Read more www.theage.com.au: On the trail of hackers anonymous. Read more www.timesofoman.com: No passport out of password prison. Read more straitstimes.asia1.com.sg: Fix online security lapses. Read more www.nzherald.co.nz: Born-again PGP wins over security boffins. Read more

26 may 2003 New Trojans: Password Duddie 2.0 version 2 HTTP RAT 0.1b (h) Beast 1.92 (e) Vulnerabilities & Exploits: www.securityfocus.com: Microsoft Internet Connection Firewall IPv6 Traffic Blocking Vulnerability. Read more www.securitytracker.com: CUPS HTTP Header Processing Flaw Lets Remote Users Deny Service. Read more www.securitytracker.com: Snort State Tracking Flaw May Allow TCP Sessions to Continue Undetected. Read more www.securitytracker.com: Sergey Taldykin's FTP Service Discloses Files to Remote Authenticated Users. Read more www.securitytracker.com: EServ Can Be Used as HTTP and FTP Proxy Even When Not Configured as a Proxy. Read more www.securitytracker.com: Prishtina FTP Client Can Be Crashed By Remote FTP Servers With Long Banners. Read more www.securitytracker.com: iisPROTECT Input Validation Hole Lets Remote Users Execute SQL Stored Procedures. Read more www.securitytracker.com: Magic WinMail Server Format String Flaw Lets Remote Users Crash the POP Server. Read more News: www.theage.com.au: Cyber-crime crackdown. Read more www.theregister.co.uk: US lawmakers lose patience over spam. Read more www.theregister.co.uk: Ex-local councillor gets two years for online child abuse. Read more www.theregister.co.uk: The .org whois saga and why EPP may save the Net. Read more

25 may 2003 New Trojans: Let Me Rule 2.0 beta 7 GOD Remote Keylogger 2.0 beta 9 ColdLife 5.1 GWGhost 2.72 Glacier 5.3 Vulnerabilities & Exploits: www.securitytracker.com: Demarc PureSecure Discloses Logging Server Password to Local Users. Read more www.securitytracker.com: Polymorph Buffer Overflow Lets Local Users Execute Arbitary Code. Read more www.securitytracker.com: Apple Darwin Streaming Server Integer Processing Flaws May Let Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: Platform LSF Privilege Flaw Lets Local Users Execute Arbitrary Code with Root Privileges. Read more www.securitytracker.com: Nessus Scanner Input Validation Flaws in libnasl and libnessus May Let Local Scripts Execute Arbitrary Code. Read more www.securitytracker.com: Cisco VPN Client Lets Local Users Gain Administrator Privileges on the Operating System. Read more www.securitytracker.com: XMB Forum (Partagium) Input Validation Hole in 'member.php' Allows Cross-Site Scripting Attacks. Read more www.securitytracker.com: iisPROTECT Lets Remote Users Access Protected Files Using URL Encoding. Read more News:

24 may 2003 New Trojans: Telecommando client OICQsearch 1.3 Little Witch 6.3 Lamers Death 2.6 (e) server SubSeven Password Changer 1.0 Vulnerabilities & Exploits: www.securitytracker.com: Microsoft Outlook Express Lets Remote Users Silently Install Arbitrary Code Using Audio and Media Files. Read more www.securitytracker.com: BlackMoon FTP Server Discloses User Passwords to Local Users. Read more www.securitytracker.com: Slackware Linux Configuration Flaw in 'sysvinit' May Let Local Users Bypass Some Filesystem Access Restrictions. Read more www.securitytracker.com: 'WsMp3 web_server' Heap Overflow Lets Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: WsMp3 web_server Lets Remote Users View Files and Execute Binaries on the Server. Read more www.securitytracker.com: Sun Cluster Discloses Database Passwords to Local Users. Read more News: www.securityfocus.com: Passive Network Traffic Analysis: Understanding a Network Through Passive Monitoring. Read more www.infoworld.com: Hacking: it�s not just for teenagers anymore. Read more www.eweek.com: University of Calgary to Offer Virus-Writing Class. Read more www.vnunet.com: Students offered virus writing course. Read more www.theregister.co.uk: Credit card firms 'profit from Net fraud'. Read more star-techcentral.com: 'Kingpin' hacker arrested in Thailand. Read more

23 may 2003 New Trojans: Zalivator 1.3 Pro Updated(build 80) WM Chat System 1.3 Glacier 1.0 Beast 1.92 (h) Vulnerabilities & Exploits: www.securitytracker.com: Microsoft Outlook Express May Be Affected by W32/Palyh@MM Mass-Mailing Worm. Read more www.securitytracker.com: Microsoft Outlook May Be Affected by W32/Palyh@MM Mass-Mailing Worm. Read more www.securitytracker.com: ShareMailPro Discloses Valid Account Names to Remote Users. Read more www.securitytracker.com: ShareMailPro Mail Server Discloses Some Administrative Information to Remote Authenticated Users. Read more www.securitytracker.com: Microsoft Windows Can Be Crashed By Remote Users via Malformed NetMeeting URLs. Read more www.securitytracker.com: BadBlue Administrator Authentication Can Be Bypassed By Remote Users. Read more www.securitytracker.com: BZFlag Game Server Can Be Crashed By Remote Users. Read more www.idefense.com: Authentication Bypass in iisPROTECT. Read more News: www.securityfocus.com: PayPal Scam Rises Again. Read more www.eweek.com: Latest E-Mail Bank Scam Targets Citibank. Read more www.vnunet.com: 'Microsoft' worm has 13-day timebomb. Read more www.entrepreneur.com: Instant Mess. Read more slashdot.org: Canadian University to Begin Training Hackers. Read more icberkshire.icnetwork.co.uk: A computer crime hotbed. Read more www.vnunet.com: Don't copy Matrix hacking, says BCS. Read more news.com.com: Harvard study wrestles with Gator. Read more www.boston.com: Worker vengeance makes its way online. Read more

22 may 2003 New Trojans: Let Me Rule 2.0 beta 4 Yet Another Trojan 1.1 Balistix 1.0 Vulnerabilities & Exploits: www.securitytracker.com: slocate Integer Overflow May Let Local User Gain Elevated Privileges. Read more www.securitytracker.com: Maelstrom Game Buffer Overflow Lets Local Users Gain Elevated Privileges. Read more www.securitytracker.com: Mac OS X IPSec Policy Flaw May Remote Users Bypass Access Controls. Read more www.securiteam.com: Maelstrom Vulnerable to a Local Buffer Overflow (Exploit). Read more www.securiteam.com: Cdrecord Format String Vulnerability. Read more www.securiteam.com: Remote BZFlag Server DoS. Read more www.securiteam.com: Microsoft's Windows Script Engine this/self.window() Security Flaw. Read more www.securiteam.com: BadBlue Remote Administrative Access Vulnerability (ATS). Read more www.securiteam.com: Remote Heap Corruption Overflow vulnerability in WsMp3d (CHA). Read more www.securiteam.com: WsMP3d Directory Traversing Vulnerability. Read more www.securiteam.com: Poster Version.two Privilege Escalation. Read more www.securiteam.com: Owl Intranet Engine Security Bypassing. Read more Security Vulnerability in "ioperm" System Call.Read more News: www.theregister.co.uk: Why spammers lurve the 'Microsoft support' worm. Read more www.idg.net: How Can We Stop the Spread of Worms? Read more www.reuters.com: Hackers Flex Growing Cyber Muscle in China. Read more www.computerworld.com.au: On the trail of a telco hacker. Read more www.hindustantimes.com: Internet hacker wanted in US arrested in Thailand. Read more www.zwire.com: Watch Out for Internet Scam. Read more www.thestate.com: Hackers hijack computers remotely in new surge of spam. Read more techupdate.zdnet.co.uk: You've been hacked: What to do first. Read more www.thestate.com: Hackers hijack computers remotely in new surge of spam. Read more www.thescotsman.co.uk: E-commerce needs it own security net. Read more www.theage.com.au: Breaking into The Realm. Read more

21 may 2003 New Trojans: Excessive Force 1.0 beta Storm 1.0 Code Injection Downloader Vulnerabilities & Exploits: www.securitytracker.com: Sendmail Temporary File Flaw May Let Local Users Gain Elevated Privileges. Read more www.debian.org: DSA-306-1 ircii-pana -- buffer overflows, integer overflow. Read more www.debian.org: DSA-303-1 mysql -- privilege escalation. Read more www.debian.org: DSA-304-1 lv -- privilege escalation. Read more www.debian.org: DSA-305-1 sendmail -- insecure temporary files. Read more www.security-corporation.com: Buffer overflow in Explorer.exe. Read more nautopia.coolfreepages.com: Blue screen in Windows. Read more News: edition.cnn.com: Worm disguised as e-mail from Microsoft. Read more www.channelnewsasia.com: New computer worm on the loose. Read more www.securityfocus.com: Malware Myths and Misinformation, Part One: Windows, Mac, Exchange, and IIS. Read more australia.internet.com: Consumers Still Wary of Online Security. Read more

20 may 2003 New Trojans: Cruel Intentionz 1.1 (b) server AIMVision [NextGen] 1.4 Darksun 2.2 HGZ 0.1 Vulnerabilities & Exploits: www.securitytracker.com: PHP-Nuke Input Validation Flaws in Several Modules (Sections, AvantGo, Surveys, Downloads, Reviews, Web_Links) Let Remote Users Inject SQL Commands. Read more www.securitytracker.com: Horde Turba Module Discloses Installation Path to Remote Users. Read more www.securitytracker.com: MailMax IMAP Server SELECT Command Buffer Overflow Lets Remote Authenticated Users Execute Arbitrary Code With System Privileges. Read more News: www.washingtonpost.com: Despite U.S. Efforts, Web Crimes Thrive. Read more www.europemedia.net: Dutch professor calls for openness in IT security. Read more www.bangkokpost.com: Computer ministry website hacked. Read more icnewcastle.icnetwork.co.uk: Taking bigabytes out of criminals. Read more www.publicbroadcasting.net: Internet Dreams Turn To Crime. Read more www.gulf-news.com: Officials to act against Indian hackers. Read more

19 may 2003 New Trojans: Elgolf 1.0 Beta User32 Near Mohists 1.86 Vulnerabilities & Exploits: www.securitytracker.com: PoPToP PPTP Buffer Overflow May Let Local Users Gain Elevated Privileges. Read more www.securitytracker.com: Microsoft ISA Server Input Validation Flaw Lets Remote Users Execute Scripting Code in Arbitrary Security Domains. Read more www.securitytracker.com: 'lv' File Viewer May Let Local Users Gain Elevated Privileges. Read more www.securiteam.com: Apple AirPort Administrative Password Obfuscation. Read more www.securiteam.com: Cisco IOS Software Processing of SAA Packets. Read more www.securiteam.com: Vulnerabilities in Kerio Personal Firewall (Exploit). Read more www.securiteam.com: Buffer Overflow Vulnerability found in MailMax (SELECT). Read more www.securiteam.com: Cerberus FTP Server Stores Password in the Clear. Read more www.securiteam.com: IP Messenger for Win Buffer Overflow Vulnerability. Read more www.securiteam.com: Maelstrom Vulnerable to a Local Buffer Overflow. Read more www.securiteam.com: Algorithmic Complexity Attacks and the Linux Networking Code. Read more www.securiteam.com: PHP-Proxima Remote File Access Vulnerability. Read more News: www.smh.com.au: New email worm starts doing the rounds. Read more www.publicbroadcasting.net: Internet Dreams Turn To Crime. Read more www.washingtonpost.com: A Tempting Offer for Russian Pair. Read more hinduonnet.com: Cyber crime buster faults laws. Read more

18 may 2003 New Trojans: Resoil FTP Optix Pro 1.31 Black Dream 1.0 Little Witch 6.1 (u) server Vulnerabilities & Exploits: www.securitytracker.com: HaloScan Comment Software Input Validation Flaw Permits Cross-Site Scripting Attacks. Read more www.securitytracker.com: Tcpdump Can Be Crashed By Remote Users Sending Unknown RADIUS Attributes. Read more www.securitytracker.com: Cisco IOS Router Can Be Crashed By Remote Users Sending Malformed Service Assurance Agent Packets. Read more www.securitytracker.com: Linux 2.4 Kernel Bug in ioperm() Gives Local Users Access to Restricted I/O Ports. Read more www.securitytracker.com: Java Media Framework Bug May Let Remote Applets Crash the Java Virtual Machine or Gain Unauthorized Privileges. Read more www.securitytracker.com: Linux 2.4 Kernel Route Cache Flaw Allows Remote Users to Cause Denial of Service Conditions. Read more News: www.computeruser.com: Fizzer worm serves a warning. Read more www.internetwk.com: Hack That Fixed Fizzer Is Removed From The Internet. Read more

17 may 2003 New Trojans: Let Me Rule 1.0 Yet Another Trojan 1.0 Katux Latinus 2.0 server (icq fix) Beast 2.00 Vulnerabilities & Exploits: www.securitytracker.com: Microsoft Internet Explorer May Execute Arbitrary Code in the Wrong Security Domain When Processing Large Numbers of Download Requests. Read more www.securitytracker.com: Eudora E-mail Client Integer Overflow May Let Remote IMAP Servers Execute Arbitrary Code on the Client. Read more www.securitytracker.com: Sylpheed Integer Overflow Lets Remote IMAP Servers Cause the Client to Crash. Read more www.securitytracker.com: Microsoft Outlook Express Integer Overflow Lets Remote IMAP Servers Cause the Client to Crash. Read more www.securitytracker.com: Movable Type Input Validation Flaw Permits Remote Cross-Site Scripting Attacks. Read more www.securitytracker.com: Balsa E-mail Client Integer Overflow Lets Remote IMAP Servers Crash the Client. Read more www.securitytracker.com: Mutt E-mail Client Integer Overflow Lets Remote IMAP Servers Crash the Client. Read more www.securitytracker.com: Mozilla E-mail Client Integer Overflow Lets Remote IMAP Servers Execute Arbitrary Code on the Client. Read more www.securitytracker.com: PROXIMA ADD-ON Discloses Files on the System to Remote Users. Read more www.securitytracker.com: Ximian Evolution E-mail Client Integer Overflow Lets Remote IMAP Servers Execute Arbitrary Code on the Client. Read more www.securitytracker.com: UW-IMAP Client Integer Overflow Lets Remote IMAP Servers Execute Arbitrary Code on the Client. Read more www.securitytracker.com: Owl Intranet Engine 'browse.php' Script Fails to Authenticate Remote Users. Read more www.securitytracker.com: Pine Integer Overflow Lets Remote IMAP Servers Execute Arbitrary Code on the Client. Read more www.securitytracker.com: PalmOS Can Be Disabled By Remote Users Sending Continuous ICMP Echo Requests. Read more www.securitytracker.com: vBulletin Input Validation Hole in Private Message Preview Permits Cross-Site Scripting Attacks. Read more www.securitytracker.com: Poster Input Validation Bug Allows Remote Authenticated Users to Gain Administrative Privileges. Read more www.securitytracker.com: IBM AIX Printer Commands Let Local Users Gain Elevated or Root Privileges and Also Crash the 'lpd' Server. Read more www.securitytracker.com: Inktomi Traffic Server Input Validation Flaw Lets Remote Users Execute Scripting Code in Arbitrary Security Domains. Read more News: www.internetweek.com: Fizzer Virus Apparently Hacked To Make It Self-Destruct. Read more www.lasvegassun.com: North Korea May Be Training Hackers. Read more www.vnunet.com: Hackers bigger threat than rogue staff. Read more www.hackinglinuxexposed.com: Who's listening on that port? Read more www.computerworld.com: Security spending rising for data centers, surveys show. Read more hoovnews.hoovers.com: Timeline: The U.S. Government and Cybersecurity. Read more zdnet.com.com: 130 arrested in Net fraud crackdown. Read more

16 may 2003 New Trojans: Near Mohists 1.81 SharaQQ 4.5 Iddono 1.4 beta Tool: www.thc.org: Amap is a next-generation scanning tool, it identifies applications and services even if they are not listening on the default port by creating a bogus-communication. Read more Vulnerabilities & Exploits: www.cisco.com: Cisco IOS Software Processing of SAA Packets. Read more www.securitytracker.com: XMMS Remote Input Validation Flaw in 'XMMS.pm' Lets Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: 'cdrtools' Format String Flaw Lets Local Users Gain Elevated Privileges. Read more www.securitytracker.com: 3Com OfficeConnect DSL Router Memory Leak May Disclose Previous HTTP Request Data. Read more www.securitytracker.com: Neoteris Instant Virtual Extranet Input Validation Flaw Lets Remote Users Hijack VPN Sessions. Read more www.securitytracker.com: Microsoft Outlook Express May Be Affected by W32.Fizzer.A@mm Mass-Mailing Worm. Read more www.securitytracker.com: Microsoft Outlook May Be Affected by W32.Fizzer.A@mm Mass-Mailing Worm. Read more www.securitytracker.com: IP Messenger Buffer Overflow May Let Remote Users Cause Arbitrary Code to Be Executed. Read more News: www.securityfocus.com: Matrix Sequel Has Hacker Cred. Read more www.ajc.com: Coke says internal hacker got personal info on 450 employees. Read more news.bbc.co.uk: Small firms 'shun' PC security. Read more www.reuters.com: Peer-To-Peer Systems Can Create Privacy Risks. Read more www.auctionbytes.com: Expired Domains Expose EBay Security Glitch. Read more www.internet-magazine.com: Wireless cameras: security or snooping? Read more www.theinquirer.net: Latest hacking tool is a light. Read more

15 may 2003 New Trojans: LiveList Notifier 1.0 NT Hack 1.0 Xueji Coldlife 3.0 Vulnerabilities & Exploits: www.securitytracker.com: 'Drag and Zip' Buffer Overflow Can Crash the Application and May Execute Arbitrary Code. Read more www.securitytracker.com: BEA WebLogic May Disclose Clear-Text Passwords to Local Users or Remote Authenticated Users. Read more www.securitytracker.com: Snitz Forums 2000 Input Validation Flaw in 'register.asp' Permits SQL Command Injection. Read more www.securitytracker.com: Apple AirPort Wireless Base Station Discloses Administrator Password to Remote Users. Read more News: ntbugtraq.ntadvice.com: The dangers of using Windows Update. Read more ntbugtraq.ntadvice.com: So Windows Update is a dog, now what? Read more news.com.com: Fizzer virus pains IRC networks. Read more www.newscientist.com: Computer worm fails to fizzle out. Read more www.startribune.com: Hacker-turned-consultant Mitnick speaks at Expo. Read more www.computerworld.com.au: Fake bank Web site scam reaches US. Read more www.businessworld.ie: 39pc of banks suffer security breaches. Read more www.marketwire.com: COMPUTERBILD Discloses Security Loophole at eBay. Read more www.businessweek.com: Privacy vs. Convenience: It's Up to You. Read more www.japantimes.co.jp: Is your wireless network airtight? Read more www.theregister.co.uk: Hacking victim goes postal. Read more

14 may 2003 New Trojans: Back Attack 1.4 Cabronator 2.1.1 AFX Windows Rootkit 2003 NT RootKit 0.31 NT RootKit 0.40 Lesbot 1.52 Vulnerabilities & Exploits: www.securitytracker.com: eServ Connection Handling Memory Leak Lets Remote Users Deny Service. Read more News: www.wininformant.com: It's a Worm, It's a Trojan, It's a Keystroke Logger. It's Fizzer. Read more www.securityfocus.com: Security research exemption to DMCA considered. Read more www.tracking-hackers.com: Definitions and Value of Honeypots. Read more www.securityfocus.com: The Nowhere Men. Read more news.com.com: New hacking tool sees the light. Read more asia.cnet.com: Taiwan braces for Chinese hacker onslaught. Read more zdnet.com.com: Beware of the new breed of hackers. Read more www.onlamp.com: Secure Programming Techniques, Part 4. Read more zdnet.com.com: Hackers like the sound of iTunes. Read more www.abc.net.au: Hackers causing major damage, conference hears. Read more www.dailypress.com: Hacker claim doesn't rattle Va. campuses. Read more itjobs.mycareer.com.au: Wanted : top hackers as trackers. Read more news.com.com: MasterCard sued over Net billing methods. Read more

13 may 2003 New Trojans: Nethief 4.4 HGZ 0.3 Let Me Rule! 2.0 Beta 5.2 Vulnerabilities & Exploits: www.atstake.com: Apple AirPort Administrative Password Obfuscation. Read more www.securitytracker.com: CMailServer SMTP Command Buffer Overflow Lets Remote Users Execute Arbitrary Code With System Privileges. Read more www.securiteam.com: Polycom 6100-4 NetEngine Denial of Service Attack (TFTP). Read more www.securiteam.com: Pi3Web Vulnerable to a DoS (Multiple /). Read more www.securiteam.com: Multiple Buffer Overflow Vulnerabilities found in FTGate Pro Mail Server (MAIL, RCPT). Read more www.securiteam.com: Multiple Buffer Overflow Vulnerabilities found in CMailServer (MAIL, RCPT). Read more www.securiteam.com: Happymall E-Commerce Input Validation Flaw Lets Remote Users Execute Arbitrary Commands. Read more www.securiteam.com: Opera Browser Extension Buffer Overflows. Read more www.securiteam.com: Intuity Audix Voicemail Restricted Interface Circumvention (rexec). Read more www.securiteam.com: PowerLink WAN Aggregator Multiple Vulnerabilities. Read more News: news.bbc.co.uk: Sneaky virus spreading rapidly. Read more zdnet.com.com: Fizzer worm spreads across the Internet. Read more timesofindia.indiatimes.com: 'Fizzer' computer virus spreading fast. Read more www.internetnews.com: Get It Right, Redmond. Read more reuters.com: Microsoft Says Passport Flaw Exposed User Data. Read more www.theage.com.au: Cyber-crime threatens business, says minister. Read more www.stoughtonnews.com: One �hacker� expelled; more hearings scheduled. Read more www.thestar.com: On display: your data. 'Stealth software' or 'spyware' is quietly, invisibly worming its way into computers. Read more www.asahi.com: EDITORIAL: Internet identification. Read more www.thestar.com: One way to stymie e-spys: leave a 'decoy' data trail. Read more zdnet.com.com: Feds warn SARS spammers. Read more

12 may 2003 New Trojans: DarkSky 2.7 AlexMessoMalex 1.0 Beast 1.90 (b) Vulnerabilities & Exploits: www.securitytracker.com: NetBus Grants Remote Access Without Authentication. Read more www.security-corporation.com: Opera java.util.zip.* Vulnerability. Read more www.securitytracker.com: Firebird Database Buffer Overflows Let Local Users Gain Elevated or Root Privileges. Read more www.securitytracker.com: miniPortail Provides Administrative Access to Remote Users. Read more www.securitytracker.com: PowerLink Redundancy Device Discloses Files on the System to Remote Users. Read more www.securitytracker.com: Avaya Intuity Audix Uses Non-Secure Administrative Authentication By Default. Read more www.securiteam.com: eServ Memory Leak Enables Denial of Service Attacks. Read more www.securiteam.com: Multiple Buffer Overflows in SLMail. Read more www.securiteam.com: Multiple Vulnerabilities in SLWebMail. Read more www.securiteam.com: Windows Media Player Directory Traversal Vulnerability (WMZ). Read more News: www.dailytimes.com.pk: Microsoft in the dock over security. Read more www.theage.com.au: Cyber-crime threatens business, says minister. Read more www.stoughtonnews.com: One �hacker� expelled; more hearings scheduled. Read more

11 may 2003 New Trojans: Idiot NetBus PortPatch Amitis 1.3 Igloo 1.8.1 Msn Troyano 2.0 Vulnerabilities & Exploits: www.securitytracker.com: RT Request Tracker Input Validation Flaw Permits Cross Site Scripting Attacks. Read more www.securitytracker.com: ListProc 'catmail' Buffer Overflow Lets Local Users Grab Root Privileges. Read more www.securitytracker.com: FlashFXP Password Encoding Scheme Lets Local Users Decode Passwords. Read more News: security.itworld.com: CERT warns of Mother's Day threat. Read more www.vnunet.com: Six holes found in AOL ICQ. Read more

10 may 2003 New Trojans: Fear 1.5 (c) Let Me Rule 2.0 Beta 6 Iblis 0.2 Vulnerabilities & Exploits: www.securitytracker.com: Microsoft .NET Passport Passwords, Including Hotmail Passwords, Can Be Changed By Remote Users. Read more www.securitytracker.com: Fuzz Unsafe Temporary File May Let Local Users Gain Elevated Privileges. Read more www.securitytracker.com: SCO (Caldera) OpenLinux Does Not Reject Certain TCP SYN Packets, Potentially Facilitating Remote Attacks. Read more www.securitytracker.com: Verilink (Polycom) NetEngine 6100-4 Router Can Be Crashed By Remote Users. Read more www.securitytracker.com: SL Mail Server Has Multiple Buffer Overflows That Let Remote Users Execute Arbitrary Code With System Privileges. Read more www.securitytracker.com: SLwebmail3 Discloses Files on the System to Remote Users and May Let Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: Cisco VPN 3000 Series Concentrators May Let Remote Users Traverse The VPN Device. Read more www.securitytracker.com: Windows Media Player Skin File Processing Lets Remote Users Write Arbitrary Files to Arbitrary Locations. Read more www.securitytracker.com: MAILsweeper for SMTP Filename Whitespace Bug Allows Remote Users to Bypass the Filters. Read more www.securitytracker.com: MAILsweeper for SMTP PowerPoint Processing Flaw Allows Remote Denial of Service. Read more www.securitytracker.com: Adobe Acrobat (Full Version) Javascript Parsing Flaw Lets Malicious PDF Files Execute Arbitrary Code. Read more News: www.securityfocus.com: 'Banned' Xbox Hacking Book Selling Fast. Read more www.securityfocus.com: Starting from Scratch: Formatting and Reinstalling after a Security Incident. Read more www.computeruser.com: Hackers damage Internet radio site. Read more news.bbc.co.uk: Flaw exposes Microsoft ID service. Read more asia.reuters.com: Microsoft Says Passport Flaw Exposed User Data. Read more www.eweek.com: Anti-War Group Defaces ISS Page. Read more www.eweek.com: First Union Hoax on the Loose. Read more

09 may 2003 New Trojans: Near Mohists 1.8 RAT Cracker 1.6 Mimic 3.0 Vulnerabilities & Exploits: www.pakcert.org: Multiple Vulnerabilities found in Microsoft .Net Passport Services. Read more www.securitytracker.com: Siemens 45 Series Mobile Phones Can Be Crashed By Remote Users. Read more www.securitytracker.com: Ethereal Overflows in Multiple Dissectors Let Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: youbin Buffer Overflow Yields Root Privileges to Local Users. Read more www.securitytracker.com: FTGate Pro Mail Server Buffer Overflows Let Remote Users Grab System Privileges. Read more www.securiteam.com: ListProc Mailing List ULISTPROC_UMASK Overflow. Read more www.securiteam.com: Multiple Vulnerabilities in Mirabilis ICQ Client. Read more www.securiteam.com: Microsoft BizTalk Server DTA Vulnerable to SQL Injection. Read more News: www.siliconvalley.com: Microsoft admits Passport identity service was vulnerable. Read more news.com.com: Passport problems could cost Microsoft. Read more www.nwfusion.com: Fluffi Bunni worked for Siemens. Read more news.com.com: Microsoft: A separate look for security. Read more www.80211-planet.com: AirDefense: N+I = No Wireless Security. Read more www.bday.co.za: Hack binge on SA Linux sites. Read more www.informationweek.com: Internet Security Systems' Web Site Defaced. Read more

08 may 2003 New Trojans: Yet Another Trojan 0.1betta Osiris 2.1 Sub7Finder KBD 1.4.5 Vulnerabilities & Exploits: www.nextgenss.com: Multiple Vulnerabilities in SLWebMail. Read more www.debian.org: DSA-301-1 libgtop -- buffer overflow. Read more www.debian.org: DSA-302-1 fuzz -- privilege escalation. Read more www.securitytracker.com: Apache mod_survey Input Validation Flaw Lets Remote Users Fill Up Disk Space. Read more www.securitytracker.com: Happymall E-Commerce Input Validation Flaw Lets Remote Users Execute Arbitrary Commands. Read more www.securitytracker.com: ICQ Pro 2003a Has Multiple Flaws That May Permit Remote Arbitrary Code Execution and Denial of Service. Read more www.securitytracker.com: CommuniGate Pro Webmail May Disclose User Session IDs to Remote Users. Read more News: Microsoft Security Bulletin MS03-017 Flaw in Windows Media Player Skins Downloading could allow Code Execution (817787). Read more www.theinquirer.net: Microsoft Media Player has security bug. Read more www.wininformant.com: Problems with Microsoft Security Patch and IIS Transactions. Read more www.infoanarchy.org: Encrypting Your Online Conversations. Read more www.computerworld.com.au: Microsoft and Hollywood hit the control button. Read more www.timesdispatch.com: Credit union responds to data hacking. Read more www.adtmag.com: SCO suffers DoS attack in wake of Web services announcement. Read more english.chosun.com: Activists to Sue for Internet Snafu. Read more www.bday.co.za: Hack binge on SA Linux sites. Read more zdnet.com.com: EarthLink sues the 'Buffalo spammer'. Read more

07 may 2003 New Trojans: Cyn 1.02 (a) server G.R.O.B. 3.0 Nethief 1.0 Beta 2 Vulnerabilities & Exploits: www.securityfocus.com: Microsoft MN-500 Plaintext Password Disclosure Weakness. Read more www.securityfocus.com: Microsoft IIS User Existence Disclosure Vulnerability. Read more www.securityfocus.com: Microsoft Internet Explorer Plugin.OCX EnableFullPage Input Validation Vulnerability. Read more www.securityfocus.com: Microsoft Internet Explorer Plugin.OCX Load() Method Buffer Overflow Vulnerability. Read more www.securityfocus.com: Ethereal PPP Dissector Integer Overflow Vulnerability. Read more www.securityfocus.com: Ethereal Mount Dissector Integer Overflow Vulnerability. Read more www.securityfocus.com: Ethereal Multiple Dissector One Byte Buffer Overflow Vulnerabilities. Read more www.securityfocus.com: Digi-Net Technologies DigiChat User IP Information Disclosure Vulnerability. Read more www.debian.org: DSA-300-1 balsa -- buffer overflow. Read more www.debian.org: DSA-299-1 leksbot -- improper setuid-root execution. Read more News: www.internetweek.com: Gates: Microsoft's Next-Generation Windows Security Won't Stifle User. Read more www.lasvegassun.com: Gates Touts New Secure Computing System. Read more www.pittsburghlive.com: New PCs' security to aid, not stifle, users, Gates says. Read more www.bday.co.za: Hack binge on SA Linux sites. Read more www.rockymountainnews.com: Hacker attack proves point. Read more www.csulb.edu: University combats online identity theft. Read more www.stockhouse.com: Backup Is Key to Identity Theft Protection. Read more zdnet.com.com: New spy tools--for good or evil? Read more www.vnunet.com: The danger of mobile viruses. Read more straitstimes.asia1.com.sg: Can a computer virus make your car sick? Read more

06 may 2003 New Trojans: AntiLamer Backdoor 2.0 (a &k) GwBoy 0.92 Alpha Snag 1.0 Ultor (a) Ultor (b) Vulnerabilities & Exploits: www.coresecurity.com: Multiple Vulnerabilities in Mirabilis ICQ client. Read more www.securitytracker.com: Microsoft IIS Authentication Manager Discloses Validity of User Names to Remote Users. Read more forensics.org: IIS Security and Programming Countermeasures by Jason Coombs. download www.securiteam.com: Mod_Survey SYSBASE Vulnerability. Read more www.securiteam.com: Cisco Content Service Switch 11000 Series DNS Negative Cache of Information Denial-of-Service Vulnerability. Read more www.securiteam.com: MDG Web Server 4D Buffer Overflow (GET). Read more www.securiteam.com: Cisco ONS15454, ONS15327, ONS15454SDH, and ONS15600 Nessus Vulnerabilities. Read more News: news.com.com: Security group: ICQ is flawed. Read more www.securitynewsportal.com: USG Hackers X-Force their way on to Internet Security Systems web site. Read more www.zone-h.org: Iss.net webdavized... where is the security? Read more www.rockymountainnews.com: Hacker attack proves point. Read more australianit.news.com.au: Private eyes now on the e-trail. Read more www.marinij.com: Blocking a cyberterror attack. Read more www.internetnews.com: The Deadly Duo: Spam and Viruses, April 2003. Read more www.wired.com: Apple Squashes E-Store ID Bug. Read more www.rockymountainnews.com: Hackers damage Internet radio site. Read more news.com.com: Net attack crushes SCO Web site. Read more www.computerworld.com: Offshore Coding Work Raises Security Concerns. Read more

05 may 2003 New Trojans: Taladrator 2.1 (a) HGZ 0.0.1.1145 R0xr4t 1.2 Mutant Version (b) Ultimate RAT 2.0 (c) Vulnerabilities & Exploits: www.securityfocus.com: Microsoft Windows Media Player File Attachment Script Execution Vulnerability. Read more www.securitytracker.com: Worker filemanager Access Control Flaw May Let Local Users Gain Unauthorized Read/Execute Access to Directories Being Copied. Read more www.securitytracker.com: webcamXP Input Validation Flaws Permit Cross-Site Scripting Attacks. Read more www.securitytracker.com: HP/UX rwrite Buffer Overflow May Let Local Users Gain Root Privileges. Read more www.securitytracker.com: HP/UX C-Kermit Buffer Overflows Allow Local Users to Gain Elevated Privileges. Read more www.securitytracker.com: Sun ONE Directory Server Buffer Overflow Lets Remote Users Crash the Directory Service. Read more News: news.bbc.co.uk: Closing the holes on hackers. Read more www.siliconvalley.com: Voicemail hacking on the rise. Read more www.thestate.com: Companies seek software to kill online music trading. Read more www.news24.com: Hacker has field day. Read more

04 may 2003 New Trojans: SA Downloader 1.1 Generado Victima Smtp ProRat 1.0b2 Vulnerabilities & Exploits: www.securitytracker.com: Microsoft Internet Explorer Web Folder Access Flaw Lets Remote Users Execute Arbitrary Scripting Code in the My Computer Zone. Read more www.securitytracker.com: Splatt Forum Input Validation Flaws Permit Cross-site Scripting Attacks. Read more www.securitytracker.com: Cisco ONS Control Card FTP and Telnet Vulnerabilities Allow a Remote User to Reset the Cards. Read more www.securitytracker.com: Microsoft MN-500 Wireless Base Station Backup Configuration File Discloses Administrator Password. Read more www.debian.org: DSA-297-1 snort -- integer overflow, buffer overflow. Read more www.securityfocus.com: HP-UX RExec Remote Username Flag Local Buffer Overrun Vulnerability. Read more www.securityfocus.com: Microsoft Windows NetDDE Privilege Escalation Vulnerability. Read more www.securityfocus.com: ScriptLogic RunAdmin Service Administrative Access Vulnerability. Read more News: catless.ncl.ac.uk: Bogus Internet domain-name renewal offers. Read more catless.ncl.ac.uk: Spammers use viruses to hijack computers. Read more www.2600.org: "HIPPIES FROM HELL" DOCUMENTARY ONLINE. Read more seifried.org: Network Intrustion Detection Systems and Virus Scanners - Are They The Answer? Read more www.crime-research.org: Military battling rise in child-sex cybercrimes. Read more grep.law.harvard.edu: The Consciense of a Cracker. Read more www.siliconvalley.com: They look at porn all day, so others won't be able to. Read more

03 may 2003 New Trojans: Little Witch 6.1 (p) server Glacier 8.4 Raven 2.17 Tool: www.nessus.org: Nessus is a free, up-to-date, and full featured remote security scanner for Linux, BSD, Solaris and other systems. Read more Vulnerabilities & Exploits: www.securitytracker.com: ScriptLogic Access Control Flaws Allow Remote Authenticated Users to Gain Administrative Control of a Target Server. Read more www.securitytracker.com: OpenSSH Timing Flaw With Pluggable Authentication Modules Can Disclose Valid User Account Names to Remote Users. Read more www.securitytracker.com: Web Server 4D Buffer Overflow in Processing Long URLs Allows Remote Users to Execute Arbitrary Code. Read more www.securitytracker.com: Microsoft BizTalk Server Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: Smallftpd Discloses Files on the System to Remote Users. Read more www.securitytracker.com: Cisco Content Service Switches May Provide Incorrect DNS Responses Resulting in Denial of Service Conditions. Read more News: www.crime-research.org: Computer crime sentences are 'not good enough'. Read more www.silicon.com: 'Rent-a-hacker' debate gets heated. Read more www.esecurityplanet.com: Another KaZaA Worm. Read more www.esecurityplanet.com: Worm Copies Itself to Network Folders. Read more www.esecurityplanet.com: Worm Targets Network Shared Resources. Read more www.theregister.co.uk: Anti-spam packages 'too unreliable' to certify. Read more www.cnn.com: Virginia threatens spammers with jail time. Read more www.eweek.com: Bounty Hunting for Spammers? Read more www.thisislondon.com: Warning over mobile spammers. Read more

02 may 2003 New Trojans: AntiLamer Light 2.1 Beast 1.92 (c) kDL PrivWare 1.0b Vulnerabilities & Exploits: www.debian.org: DSA-298-1 epic4 -- buffer overflows. Read more www.cisco.com: Cisco ONS15454, ONS15327, ONS15454SDH, and ONS15600 Nessus Vulnerabilities. Read more www.securitytracker.com: PHPOutsourcing Ideabox Include File Errors Let Remote Users Execute Arbitrary Commands. Read more www.securitytracker.com: Mozilla Browser document.domain Interpretation Flaw Discloses Information From Arbitrary Domains. Read more www.securitytracker.com: Netscape Navigator document.domain Interpretation Flaw Discloses Information From Arbitrary Domains. Read more www.securitytracker.com: Auerswald COMsuite CTI ControlCenter Creates Back Door Operating System Account. Read more www.securitytracker.com: HP/UX 'rexec' Buffer Overflow May Let Local Users Gain Root Privileges. Read more www.securitytracker.com: Sun Solaris rpcbind Unspecified Flaw Lets Remote Users Terminate the Service. Read more www.securitytracker.com: Sun Ray Smartcard Authentication Flaw May Allow Sessions to Persist After Removal of the Card. Read more www.securitytracker.com: Invision Power Board Forum Stores Plaintext Passwords in Cookies. Read more www.securitytracker.com: Sun Solaris 'lofiadm' Kernel Memory Leak May Let Local Users Crash the System. Read more www.securiteam.com: Vulnerabilities in Kerio Personal Firewall (Buffer Overflow, Replay). Read more www.securiteam.com: MDaemon SMTP/POP/IMAP Server DELE and UIDL DoS (Negative Value). Read more www.securiteam.com: HPUX rexec Buffer Overflow Vulnerability. Read more News: www.securityfocus.com: Honeypots: Simple, Cost-Effective Detection. Read more www.ntsecurity.net: Microsoft Updates Security Patch for Windows TSE. Read more www.smh.com.au: Win2K security hardening guide released. Read more www.vnunet.com: Patching is the problem, says Microsoft. Read more www.theregister.co.uk: Klez-H remains top nuisance. Read more www.dailytimes.com.pk: Govt websites under Indian virus attack. Read more www.madison.com: Stoughton hackers far from geeks. Read more www.theregister.co.uk: Fluffi Bunni nabbed at InfoSec. Read more www.theregister.co.uk: What's the difference between a viral attack and a scan? Read more straitstimes.asia1.com.sg: Man broke into ex-colleagues' e-mail. Read more

01 may 2003 New Trojans: Uploader 2.0b4 Taladrator 2.0 Beta 2.0 Cruel Intentionz 1.1 (c) Tool: www.appsecinc.com: Data Thief is a �proof-on-concept� tool used to demonstrate to web administrators and developers how easy it is to steal data from a web application that is vulnerable to SQL Injection. Read more Vulnerabilities & Exploits: www.appsecinc.com: Hunting Flaws in Microsoft SQL Server Presentation (pdf). Read more www.appsecinc.com: Hunting Flaws in Microsoft SQL Server White Paper (pdf). Read more www.debian.org: DSA-296-1 kdebase -- insecure execution. Read more www.debian.org: DSA-295-1 pptpd -- buffer overflow. Read more www.cisco.com: Cisco Content Service Switch 11000 Series DNS Negative Cache of Information Denial-of-Service Vulnerability. Read more www.securitytracker.com: HP Tru64 UNIX 'setld' Uses Unsafe Temporary Files That May Let Local Users Obtain Root Privileges. Read more www.securitytracker.com: HP Tru64 UNIX 'dupatch' Uses Unsafe Temporary Files That May Let Local Users Grab Root Privileges. Read more www.securitytracker.com: Opera Web Browser Can Be Crashed When Downloading a File With a Long Filename Extension. Read more www.securitytracker.com: ATM on Linux Buffer Overflow Yields Root Privileges to Local Users. Read more www.securitytracker.com: PHP-Nuke HTML Tag Style Input Validation Flaws Allow Cross Site Scripting Attacks. Read more www.securitytracker.com: SonicWALL Pro Can Be Crashed By Remote Users Due to Bug in Processing Large HTTP POST Requests. Read more www.securitytracker.com: Pi3Web Server Can Be Crashed By Remote Users Sending Malformed HTTP GET Requests. Read more www.securitytracker.com: Oracle Database Buffer Overflow in Oracle Net Services Lets Remote Authenticated Users Execute Arbitrary Code. Read more www.securitytracker.com: Kerio Personal Firewall Administrative Key Exchange Buffer Overflow Allows Remote Users to Execute Arbitrary Code. Read more www.securitytracker.com: 3D-FTP Client Can Be Crashed By a Remote Server Sending a Long Banner. Read more www.securitytracker.com: MDaemon POP3 Mail Service 'UIDL' and 'DELE' Command Signed Integer Flaw Lets Remote Authenticated Users Crash the Service. Read more www.securitytracker.com: MDaemon Mail Server IMAP Buffer Overflow Lets Remote Authenticated Users Execute Arbitrary Code with System Privileges. Read more www.securitytracker.com: mod_auth_any Input Validation Flaw Lets Remote Users Execute Arbitrary Commands. Read more www.securitytracker.com: JBoot PC Access Security Software Can Be Bypassed By Physically Local Users. Read more www.securitytracker.com: Qpopper 'poppassd' Path Specification Feature Lets Local Users Execute Arbitary Code with Root Privileges. Read more News: Microsoft Security Bulletin MS03-016 Cumulative Patch for BizTalk Server (815206). Read more Microsoft Security Bulletin MS02-071 Flaw in Windows WM_TIMER Message Handling Could Enable Privilege Elevation (328310). Read more www.smh.com.au: Klez variant tops virus charts again. Read more

Copyright� MegaSecurity.org