Home    News Archive    Translate Traducen

News may 20004

31 may 2004 New Trojans: Waldo Beta 0.7 Stealth Password Sender 1.4 Tranzhva server 4.1   Tools: packetstormsecurity.nl: boclient 1.3.0 - boclient is a remote windows administration tool which uses BackOrifice or NetBus servers on Windows. It is an improvement of version 1.21. Most recent versions have GNU readline support, NetBus commands, portability to other platforms (BeOS, QNX and 64bit architectures like Alpha) and async network I/O. Download   Guides, Papers, etc os.newsforge.com: Linux and Windows security compared. Read more Udp remote Controls. Article that explains how to control any server using the connectionless protocol UDP by Angelo Rosiello. Read more Worm Mitigation on Broadband Networks (pdf). Read more   Vulnerabilities & Exploits www.debian.org: DSA-511-1 ethereal -- buffer overflows. Read more www.debian.org: DSA-510-1 jftpgw -- format string. Read more www.debian.org: DSA-509-1 gatos -- privilege escalation. Read more www.securitytracker.com: Land Down Under Input Validation Hole in BBcodes Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more www.securitytracker.com: AppleFileServer Has Unspecified Flaw in Reporting Errors. Read more www.securitytracker.com: Apple Mac OS X Has Unspecified Flaw in Package Installation. Read more www.securitytracker.com: Apple Mac OS X Has Unspecified Flaw in LoginWindow. Read more www.securitytracker.com: Apple Mac OS X Has Unspecified Flaw in NFS. Read more www.securitytracker.com: Mollensoft FTP Server Can Be Crashed By Remote Authenticated Users With a CD Command. Read more www.securiteam.com: SSH URI Handler Code Execution. Read more www.securiteam.com: Land Down Under (LDU) Cross-Site Scripting Vulnerabilities. Read more www.securiteam.com: e107 Multiple Vulnerabilities (Path Disclosures, File Inclusions and SQL Injections). Read more   News: www.bizjournals.com: Hackers racing even faster to beat latest security patches. Read more www.crime-research.org: The FBI is increasing its effort to investigate spammers. Read more nwc.securitypipeline.com: 83% Of Financial Sector Admits Security Breaches. Read more www.detnews.com: Wi-Fi popularity breeds huge security hole at home. Read more nwc.securitypipeline.com: Police Grab Suspected Hackers In Canada, Taiwan. Read more www.theregister.co.uk: Spamhaus assaults 'Great Wall of Spam'. Read more news.zdnet.co.uk: Stealth searches scan personal data. Read more

30 may 2004 New Trojans: Caznova IRC Spy 2.0.1 System33r Downloader 0.7.4b2 (LITE) Guides, Papers, etc www.winnetmag.com: Honeypots for Windows. Read more Vulnerabilities & Exploits www.securitytracker.com: jPORTAL Input Validation Hole Lets Remote Users Inject SQL Commands. Read more News: www.computerworld.com: Suspect charged in Canada for Randex worm. Read more www.computerworld.com: Cheswick: Viruses primed to be more complex, vicious. Read more www.crime-research.org: Cyber Crime Conference Summary. Read more www.informationweek.securitypipeline.com: 83% Of Financial Sector Admits Security Breaches. Read more www.nj.com: Phishing grows as a threat. Read more

29 may 2004 New Trojans: INSAIM 2.0 Omega 0.1.0 Backdoor.Loony.g Iroffer 1.3b05 (a) Vulnerabilities & Exploits www.securitytracker.com: PHP 'php://input' Command May Let Remote Users Bypass Include Filters to Include Remote Code. Read more www.securitytracker.com: WildTangent Web Driver Buffer Overflows in WTHoster and WebDriver Let Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: Apache mod_ssl Stack Overflow in ssl_util_uuencode_binary() May Let Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: Sun Java Application Server Discloses Installation Path to Remote Users. Read more www.securitytracker.com: 3Com OfficeConnect ADSL Router Authentication Can Be Bypassed By Remote Users. Read more www.securitytracker.com: Microsoft Windows IPSec Filtering Can Be Bypassed By Remote Users. Read more xinehq.de: Multiple vulnerabilities in the Real-Time Streaming Protocol (RTSP) client for RealNetworks servers. Read more News: news.zdnet.co.uk: Peeping Taiwanese Trojan author is arrested. Read more.  See Peep Trojan www.newsfactor.com: Trojan Virus Writer Faces Slammer. Read more news.zdnet.co.uk: Mounties charge teenage virus suspect. Read more news.zdnet.co.uk: Banks and insurance firms facing flood of cyberattacks. Read more www.crime-research.org: Spam is up two-thirds of all emails. Read more www.theregister.co.uk: First 64-bit Windows virus sighted. Read more www.theregister.co.uk: Buffalo spammer jailed. Read more www.crime-research.org: Viruses nip Russia after the Cold War. Read more

28 may 2004 New Trojans: Theef 2.01 Iroffer 1.3b07 (1308) Red ZONE Christmas Guides, Papers, etc Create a bootable CD-ROM that will install Windows XP unattended. Read more Vulnerabilities & Exploits www.securitytracker.com: SGI IRIX libcpr Error Lets Local Users Execute Arbitrary Code With Root Privileges. Read more www.securitytracker.com: Xdm May Open Random TCP Sockets. Read more www.securitytracker.com: 3Com OfficeConnect 812 ADSL Router Can Be Crashed With Long Telnet String. Read more www.securitytracker.com: Canon imageRUNNER 210s Can Be Crashed By Scanning Port 80. Read more www.securitytracker.com: F-Secure Anti Virus Buffer Overflow in Processing LHA Archives May Let Remote Users Deny Service. Read more www.securitytracker.com: F-Secure Internet Security Buffer Overflow in Processing LHA Archives May Let Remote Users Deny Service. Read more www.securitytracker.com: F-Secure Internet Gatekeeper Buffer Overflow in Processing LHA Archives May Let Remote Users Deny Service. Read more www.securitytracker.com: Isoqlog Buffer Overflow May Let Local Users Gain Elevated Privileges. Read more www.securitytracker.com: MiniShare Can Be Crashed By Remote Users With Incomplete HTTP Requests. Read more www.securitytracker.com: FreeBSD msync MS_INVALIDATE Error May Let Local Users Prevent File Changes. Read more www.securiteam.com: Isoqlog Buffer Overflow While Parsing Sendmail Logfiles. Read more www.securiteam.com: 3Com OfficeConnect Remote 812 ADSL Router Telnet Protocol DoS Vulnerability. Read more News: www.smh.com.au: Mega-patch caused mega problems: network pro. Read more www.securityfocus.com: Taiwanese engineer arrested for creating Trojan. Read more www.theregister.co.uk: Taiwanese engineer 'assisted Chinese hackers'. Read more news.zdnet.co.uk: Mounties arrest teenage virus suspect. Read more www.theregister.co.uk: Windows worms tax ISPs. Read more www.computerworld.com: Suspect charged in Canada for Randex worm. Read more www.crime-research.org: Insane hacker blackmailed Yandex. Read more www.smh.com.au: First virus for 64-bit Windows trapped. Read more news.zdnet.co.uk: Stealth searches scan personal data. Read more news.zdnet.co.uk: Yahoo joins spyware fight with toolbar upgrade. Read more news.com.com: Antispam framework scores Microsoft endorsement. Read more

27 may 2004 New Trojans: Lame RAT 1.0 System33r Downloader 0.7.4b (LITE) Caznova Spy IRC 1.0 Hackarmy (n) Vulnerabilities & Exploits www.securitytracker.com: Orenosv HTTP/FTP Server Can Be Crashed By Remote Users. Read more www.securitytracker.com: Linksys Routers May Disclose Kernel Memory Contents in Response to BOOTP Packets. Read more www.securitytracker.com: Mailman Discloses Subscriber Passwords to Remote Users. Read more www.securitytracker.com: F-Secure Anti Virus Fails to Detect Sober.D/G Worms Within Zip Archives. Read more www.securitytracker.com: HP OpenView Select Access UTF-8 Decoding Flaw May Let Remote Users Access Restricted Resources. Read more www.securitytracker.com: HP integrated Lights Out Can Be Crashed By Remote Users. Read more www.securitytracker.com: Linux Kernel e1000 Buffer Overflow May Let Local Users Execute Arbitrary Code With Elevated Privileges. Read more www.securitytracker.com: BusyBox Netlink Messages Can Be Spoofed By Local Users. Read more News: www.internetnews.com: Korgo Worm Targets LSASS Flaw. Read more www.extremetech.com: Dangerous Bobax Worm Hits System Files. Read more zdnet.com.com: Back to school for cybercops. Read more www.crime-research.org: Investigating Computer Crimes. Read more www.hardwarezone.com: Hackers Faster, Harder To Keep Out. Read more www.theregister.co.uk: Regulator fines Net sex firm. Read more www.theregister.co.uk: Singapore to make spammers pay - literally. Read more

26 may 2004 New Trojans: BlackCore 2.1 Mafia Downloader 1.0 Infector 1.3 v2 Vulnerabilities & Exploits www.k-otik.com: Windows Lsasrv.dll Remote Universal Exploit XP/2K (MS04-011). Read more www.securitytracker.com: cPanel Apache mod_phpsuexec Options Let Local Users Gain Elevated Privileges. Read more www.securitytracker.com: e107 Input Validation Hole in 'usersettings.php' Permits Cross-Site Scripting Attacks. Read more www.securitytracker.com: VocalTec Telephony Gateway Can Be Crashed By Specially Crafted Packets. Read more www.securitytracker.com: Apple Safari SSH URL Processing Flaw Lets Remote Users Execute Arbitrary Commands. Read more www.securitytracker.com: F5 BIG-IP TCP SYN Cookie Processing Flaw Lets Remote Users Deny Service. Read more www.securitytracker.com: NETGEAR RP114 URL Filtering Can By Bypassed With Long URLs. Read more www.securitytracker.com: Mollensoft Lightweight FTP Server Can Be Crashed By Remote Authenticated Users With CWD Commands. Read more News: zone-h.org: Microsoft defaced once again! Read more www.crime-research.org: Phishing - phish for some fish. Read more www.theregister.co.uk: Two thirds of emails now spam: official. Read more news.zdnet.co.uk: Mac patch fails to fix problem. Read more australianit.news.com.au: Eastern mob hires hackers. Read more news.zdnet.co.uk: Email gateway products get smart with spam. Read more news.zdnet.co.uk: Open season for phishing as attacks soar. Read more news.zdnet.co.uk: Microsoft pre-installs network security. Read more www.iseriesnetwork.com: Is Linux Truly More Secure than Windows? Read more www.computerweekly.com: Hackers on the move. Read more

25 may 2004 New Trojans: Ccobra 1.0 Only1 1.92 Satan RAT 1.50 Iroffer 1.3b02 (1303.d) Iroffer 1.3b02 (1303.e) Vulnerabilities & Exploits www.securitytracker.com: xpcd Buffer Overflow in libpcd pcd_open() May Let Local Users Gain Elevated Privileges. Read more www.securitytracker.com: Liferay Enterprise Portal Lack of Input Validation Permits Cross-Site Scripting Attacks. Read more www.securitytracker.com: PimenGest2 Debug Error in 'rowLatex.inc.php' May Disclose Database Password. Read more www.securitytracker.com: Liferay Cross Site Scripting Flaw. Read more www.securitytracker.com: Mollensoft Lightweight FTP Server CWD Buffer Overflow. Read more www.securitytracker.com: cPanel mod_phpsuexec Vulnerability. Read more www.insecure.ws: SSH URI handler code execution. Read more News: www.theregister.co.uk: Beware of 'IBM laptop order' email. Read more www.smh.com.au: Hackers getting harder to keep out: survey. Read more congreso.seguridad.unam.mx: Computer Security Mexico 2004 "10th Years celebrating Computer Security Mexico". Read more www.news-journalonline.com: Computer virus researcher looks to biology for clues. Read more www.smh.com.au: Organisations losing ground to hackers. Read more nwc.securitypipeline.com: Zone Labs Adds Anti-Virus To Firewall. Read more www.computerweekly.com: Hackers on the move. Read more www.vnunet.com: Phishing rocks the e-commerce boat. Read more

24 may 2004 New Trojans: ProRat 1.6 Special Edition Fuck MZN Troyan 3.0 v2 ServerSpyDD Vulnerabilities & Exploits www.securiteam.com: Allegro RomPager DoS Exploit. Read more www.securiteam.com: CVS Remote Entry Line Heap Overflow Root Exploit. Read more www.securiteam.com: BNBT BitTorrent Tracker DoS. Read more www.securiteam.com: Firebird Database Remote Database Name Overflow. Read more www.securiteam.com: PHP / Apache DoS (Resource Consumption). Read more www.gentoo.org: Buffer Overflow in Firebird. Read more News: news.com.com: New Zone Alarm to warn of viruses. Read more www.crime-research.org: Russia: credit card frauds. Read more australianit.news.com.au: Security game won't 'end nicely'. Read more www.theinquirer.net: More emerges about Brazilian hacking hacker. Read more www.nwfusion.com: Are you l33t? Read more

23 may 2004 New Trojans: Remote Format 2 LAN Supervisor Backdoor.Hackarmy.m Vulnerabilities & Exploits www.securitytracker.com: Apple Mac OS X Terminal URL Processing Flaw Has Unspecified Impact. Read more www.securitytracker.com: CBTT Can Be Crashed By Remote Users Sending Specially Crafted HTTP Basic Authentication Headers. Read more www.securitytracker.com: BNBT Can Be Crashed By Remote Users Sending Specially Crafted HTTP Basic Authentication Headers. Read more www.securitytracker.com: e107 Input Validation Flaw in 'log.php' Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more www.debian.org: DSA-508-1 xpcd -- buffer overflow. Read more News: www.sacbee.com: Child-porn probe used first live Internet wiretap. Read more www.suburbanchicagonews.com: Identity thieves, con men turn to 'phishing' to get consumer info. Read more www.zone-h.com: Mitnick: feel foolish if Sasser hit you. Read more

22 may 2004 New Trojans: Hackerz Backdoor 3.7 Backdoor.Shabo Backdoor.Zhangpo Guides, Papers, etc www.imperva.com: SQL Injection Signatures Evasion. Read more Vulnerabilities & Exploits www.securitytracker.com: Symantec Norton Anti-Virus Lets Remote Users Execute Applications on the Target User's System. Read more www.maths.usyd.edu.au: Do not use Eudora. Read more security.e-matters.de: CVS remote vulnerability. Read more security.e-matters.de: libneon date parsing vulnerability. Read more security.e-matters.de: Subversion remote vulnerability. Read more News: www.theregister.co.uk: Sasser fan club stops rattling tin. Read more news.zdnet.co.uk: Spammers get fussy as zombie army grows. Read more www.securitypipeline.com: Microsoft Needs To Work Harder Distributing Software Patches. Read more news.bbc.co.uk: Taming the Wild West of viruses. Read more itmanagement.earthweb.com: Sneak Peek Into Microsoft Research. Read more www.foundstone.com: Computer Vulnerability-to-Worm Cycle Compressing Dramatically. Read more www.infosyssec.com: India's Secret Army of Ad Clickers - Rupees for Clicks. Read more www.techworld.com: Phishing attacks getting worse. Read more straitstimes.asia1.com.sg: Microsoft hacks employee benefits. Read more kerneltrap.org: Interview: Andrea Arcangeli. Read more

21 may 2004 New Trojans: Backdoor.VB.n Backdoor.Angelfire.b Backdoor.VB.im Guides, Papers, etc www.securityfocus.com: Malware Analysis for Administrators. Read more Vulnerabilities & Exploits www.securiteam.com: Configuration Disclosure on Sweex 802.11g Wireless Accesspoint/Router. Read more www.securiteam.com: OpenBSD Procfs Memory Disclosure Vulnerability. Read more News: www.theinquirer.net: Hackers hacked by hacker. Read more www.theregister.co.uk: 'Deceptive duo' hacker pleads guilty. Read more www.vnunet.com: Hackers penetrate global finance firms. Read more zdnet.com.com: How to stop viruses? Build a 'killer bot'. Read more

20 may 2004 New Trojans: SndCom 0.4 Ras51D TNT 1.1 v2 Tools: Netwox, network testing toolbox. Toolbox netwox helps to find and solve network problems : - sniff, spoof - clients, servers - DNS, FTP, HTTP, IRC, NNTP, SMTP, SNMP, SYSLOG, TELNET, TFTP - scan, ping, traceroute - etc. Read more Guides, Papers, etc www.microsoft.com: Help: I Got Hacked. Now What Do I Do? Read more www.worldwidewardrive.org: The OFFICIAL DEF CON 12 WARDRIVING CONTEST. Read more Vulnerabilities & Exploits Phorum Sessions Can Be Hijacked By Remote Users. Read more Subversion Date Parsing Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more CVS Entry Line Heap Overflow Lets Remote Users Execute Arbitrary Code. Read more neon Library Heap Overflow in ne_rfc1036_parse() Date Parsing Function May Let Remote Users Execute Arbitrary Code. Read more OmniHTTPd Buffer Overflow in HTTP GET Range Header May Let Remote Users Execute Arbitrary Code. Read more www.debian.or: DSA-507-1 cadaver -- buffer overflow. Read more www.debian.or: DSA-506-1 neon -- buffer overflow. Read more www.debian.or: DSA-505-1 cvs -- heap overflow. Read more www.debian.or: DSA-504-1 heimdal -- missing input sanitising. Read more www.oliverkarow.de: ActiveState ActivePerl Buffer Overflow. Read more News: www.theregister.co.uk: MS' anti-virus bounty success. Read more www.newsfactor.com: How Are Script Kiddies Outwitting I.T. Experts? Read more www.crime-research.org: Russia: Citybank clients scammed. Read more www.securityfocus.com: 'Patriot' hacker pleads guilty. Read more www.eweek.com: Kibuv Worm, Bobax Trojan Try Many Methods. Read more news.com.com: Bobax worm takes tip from Sasser. Read more www.informationweek.com: New Worm Spreads By Replying To All Mail. Read more news.zdnet.co.uk: Plug and Play port scan reveals new worms. Read more www.businessweek.com: A New Chinese Specialty: Spam. Read more www.techuser.net: Why Windows is a Security Nightmare. Read more news.zdnet.co.uk: Researcher reveals details of OS X security flaw. Read more www.computerworld.com: Spyware sneaks into the desktop. Read more

19 may 2004 New Trojans: Backdoor.Kalmer RedHacker Iroffer 1.3b02 (1303.a) Iroffer 1.3b02 (1303.b) Iroffer 1.3b02 (1303.c) Vulnerabilities & Exploits www.securitytracker.com: Sun Java Secure Socket Extension (JSSE) Authentication Flaw May Validate Invalid Certificates. Read more www.securitytracker.com: Blue Coat ProxySG May Disclose Private Key to Remote Users. Read more www.securitytracker.com: phpMyFAQ Input Validation Holes Let Remote Users View and Execute Files on the Target System. Read more www.securitytracker.com: Microsoft Outlook 2003 Scripting Restrictions Can Be Bypassed By Remote Users. Read more www.securitytracker.com: Libuser Memory Error May Cause Denial of Service Conditions. Read more www.securitytracker.com: PHP-Nuke $modpath Include File Flaw May Let Remote Users Execute Arbitrary Commands in Certain Cases. Read more www.securitytracker.com: SGI IRIX rpc.mountd Has Infinite Loop Denial of Service Flaw. Read more www.securitytracker.com: Linux passwd May Truncate Passwords Supplied Via stdin. Read more www.securitytracker.com: PHP-Nuke Input Validation Flaw in Union Tap Prevention Feature Permits Cross-Site Scripting Attacks. Read more www.securitytracker.com: osCommerce Directory Traversal Flaw in 'admin/file_manager.php' Discloses Files to Remote Authenticated Administrators. Read more www.securitytracker.com: Microsoft Visual Basic Buffer Overflow May Let Local Users Gain Elevated Privileges. Read more www.securitytracker.com: Turbo Traffic Trader C Input Validation Holes Let Remote Users Conduct Cross-Site Scripting Attacks. Read more www.securitytracker.com: KDE URL Processing Flaw Lets Remote Users Create or Overwrite Files or Execute Commands. Read more www.securitytracker.com: Zen Cart Password Input Validation Flaw Lets Remote Users Inject SQL Commands. Read more www.securitytracker.com: NetChat Buffer Overflow in HTTP Service Lets Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: Wget May Overwrite Files in Certain Cases and Allow a Local User to Gain Elevated Privileges. Read more www.securiteam.com: Microsoft Internet Explorer ImageMap URL Spoof Vulnerability. Read more www.debian.org: DSA-504-1 heimdal -- missing input sanitising. Read more www.oliverkarow.de: ActiveState ActivePerl Buffer Overflow. Read more News: www.theregister.co.uk: Police probe Sasser informant. Read more news.zdnet.co.uk: Analysts downplay Cisco code leak. Read more news.zdnet.co.uk: Skills not money needed to fight cybercrime. Read more www.infoworld.com: Phishing scam reports skyrocket in April. Read more www.techweb.com: High Port 5000 Traffic Indicates Kibuv.b Worm At Work. Read more

18 may 2004 New Trojans: System33r Multi Webdownloader 1.2 Manslut Uploader 1.0rc4 pseudoRAT 0.1 (b) Backdoor.Wowhack Guides, Papers, etc www.securityfocus.com: TCP/IP Skills Required for Security Analysts. Read more Vulnerabilities & Exploits www.securitytracker.com: WebCT Input Validation Holes in Discussion Board Permit Cross-Site Scripting Attacks. Read more www.securitytracker.com: Apple Safari 'runscript' Function Lets Remote Users Execute Code. Read more www.securitytracker.com: Microsoft Outlook Express Mail Troubleshooting Function May Disclose SMTP Password to Local Users. Read more www.securitytracker.com: Microsoft Internet Explorer Image Map URL Display Error Lets Remote Users Spoof URLs. Read more www.securiteam.com: Internet Explorer Crash (Malformed META Tag). Read more www.securiteam.com: Mac OS-X/Safari Remote Help-Call Script Execution. Read more www.securiteam.com: Linksys BOOTP Memory Leak. Read more www.deprotect.com: Kernel memory disclosure via procfs. Read more www.oliverkarow.de: ActiveState ActivePerl Buffer Overflow. Read more News: www.theregister.co.uk: Phatbot suspect released on bail. Read more www.computerweekly.com: Learn to identify the new generation of security threats and protect your network. Read more www.theregister.co.uk: Google's Ethics Committee revealed. Read more www.theregister.co.uk: FBI arrest 65 in P2P child porn raids. Read more www.microscope.co.uk: Teenage hackers shame IT industry again. Read more www.crime-research.org: Computer crimes to block business activity. Read more www.crime-research.org: Ukrainian Hacker Story. Read more www.iht.com: Criminal gangs exploit Internet employment sites. Read more news.zdnet.co.uk: Bagle turns to anti-spam trick. Read more

17 may 2004 New Trojans: 2004 Hacking RAT 1.0 Little Witch 6.1 (aa) server MiniDL Lamers Death 2.7 undetected server Vulnerabilities & Exploits www.securiteam.com: DoS Vulnerability in IEEE 802.11 Wireless Devices. Read more www.securiteam.com Symantec Multiple Firewall DNS Response DoS Exploit (PoC). Read more www.eeye.com: Symantec Multiple Firewall NBNS Response Processing Stack Overflow. Read more www.eeye.com: Symantec Multiple Firewall DNS Response DoS. Read more www.eeye.com: Symantec Multiple Firewall NBNS Response Remote Heap Corruption. Read more www.eeye.com: Symantec Multiple Firewall Remote DNS KERNEL Overflow. Read more News: nwc.securitypipeline.com: "Wallon" Virus Contains Phony Yahoo Link. Read more www.smh.com.au: Singapore schools hit by Agobot worm. Read more

16 may 2004 New Trojans: PhatBot BAD R.A.T. 1.0 TWeb Web Server 1.1 RPC-2 News: news.zdnet.co.uk: 'Survivor' site contains malicious code. Read more www.intego.com: Intego Announces Protection against a new Mac OS X Trojan Horse: AS.MW2004.Trojan. Read more www.computerworld.com: Wallon worm uses Yahoo, IE flaw to spread. Read more www.usatoday.com: Vietnam to monitor its Internet users. Read more www.computerworld.com: Intrusion response dips down to end-user level. Read more www.computerworld.com: How to protect the network from the inside out. Read more www.computerworld.com: Behavioral network security: Is it right for your company? Read more

15 may 2004 New Trojans: Cerberus 0.1 Serial Thief SSPPYY version 2 Hook p2p Vulnerabilities & Exploits www.securitytracker.com: Solaris Management Console Server Discloses File and Directory Existence to Remote Users. Read more www.securitytracker.com: libtASN1 DER Parsing Flaw Has Unspecified Impact. Read more www.securitytracker.com: Ethereal SIP, AIM, SPNEGO, and MMSE Dissector Flaws Allow Remote Users to Crash Ethereal or Execute Arbitrary Code. Read more News: www.theregister.co.uk: Dabber exploits Sasser flaw. Read more www.techweb.com: Sneaky Virus Pretends To Be Yahoo. Read more software.silicon.com: Virus warning: Wallon destroys Media Player. Read more www.zone-h.org: Agobot Trojan author released in Germany. Read more www.newsfactor.com: As the Worm Turns. Read more www.securityfocus.com: Sasser suspect has fans. Read more www.theregister.co.uk: Spam fighters infiltrate spam clubs. Read more www.theregister.co.uk: Symantec fights auto-responder menace. Read more www.sophos.com Police breaking open Skynet virus gang in North Germany, Sophos reports. Read more

14 may 2004 New Trojans: Reload 0.33 Remote Format FTH2004 CiGiCiGi ViP 1.7 English Vulnerabilities & Exploits xforce.iss.net: Multiple Vulnerabilities in Symantec Client Firewall Products. Read more www.securitytracker.com: Symantec Client Firewall SYMDNS.SYS Driver Lets Remote Users Execute Arbitrary Code to Take Full Control of the System. Read more www.securitytracker.com: Symantec Client Security SYMDNS.SYS Driver Lets Remote Users Execute Arbitrary Code to Take Full Control of the System. Read more www.securitytracker.com: Norton AntiSpam SYMDNS.SYS Driver Lets Remote Users Execute Arbitrary Code to Take Full Control of the System. Read more www.securitytracker.com: Microsoft Internet Explorer showHelp Path Search Lets Remote Users Load Existing Local CHM Files. Read more secunia.com: Microsoft Outlook Express Loading of Arbitrary Web Content. Read more www.securitytracker.com: mah-jong Game Can Be Crashed By Remote Users With Empty Name Value. Read more www.securitytracker.com: Opera Web Browser URL Redirect Error Lets Remote Users Spoof the Status Bar Address. Read more www.securitytracker.com: OpenBSD procfs Integer Overflow Discloses Kernel Memory to Local Users. Read more www.securitytracker.com: IEEE 802.11 Wireless LANs Can Be Disrupted By Remote Users Within Transmission Range. Read more www.securitytracker.com: Agnitum Outpost Firewall Pro Can Be Crashed By Remote Users Sending a Sustained Packet Flood. Read more www.securitytracker.com: Sweex Wireless Broadband Router Disclosed Administrative Password to Remote Users. Read more www.securitytracker.com: Opera Telnet URL Processing Flaw Lets Remote Users Create or Overwrite Files. Read more www.gentoo.org: Utempter symlink vulnerability. Read more News: www.theregister.co.uk: Red alert over Symantec firewall flaw. Read more news.com.com: Worm feeds on Sasser-infected computers. Read more www.theregister.co.uk: German police raid five homes in Sasser case. Read more support-sasser.homepage.dk: Support the Sasser-author fund started. Read more www.smh.com.au: Skynet virus gang in Germany busted. Read more www.theregister.co.uk: New flaw takes Wi-Fi off the air. Read more www.internetweek.com: New Worm With A Twist Targets Sasser-Infected System. Read more www.neowin.net: Wallon worm uses Yahoo, MS to spread. Read more www.theregister.co.uk: Student uncovers US military secrets. Read more news.com.com: Search engines delete adware company. Read more www.wired.com: Microsoft to Battle Spyware. Read more www.crime-research.org: 7 years for doubtful photo business on the Net. Read more www.theregister.co.uk: Child porn case highlights browser hijack risks. Read more www.wired.com: Browser Hijackers Ruining Lives. Read more

13 may 2004 New Trojans: A-311 1.29 NeoControlRed 3.0.0 Yet Another Trojan 1.4 HGZ MiniHacker Vulnerabilities & Exploits www.securitytracker.com: ZoneMinder Buffer Overflow in zms May Let Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: Linux Kernel Integer Overflow in sctp_setsockopt() Lets Local Users Execute Arbitrary Code With Kernel Privileges. Read more www.securitytracker.com: BEA WebLogic May Let Remote Authenticated Admin/Operator Users Start or Stop Server. Read more www.securitytracker.com: BEA WebLogic 'security-role-assignment' Coding Error May Delete Access Controls Tag. Read more www.securitytracker.com: GTK+ Support Libraries Directory Permission Flaw on HP-UX Lets Local Users Gain Elevated Privileges. Read more www.securiteam.com: Monit Remote Shell Exploit (Long HTTP Request). Read more www.securiteam.com: Sasser Worm Remote FTPD Buffer Overflow Exploit Code (Port 5554). Read more www.securiteam.com: PaX Linux Kernel Patch DoS (Exploit). Read more www.securiteam.com: Trend OfficeScan Corporate Antivirus Permissions Insecurity. Read more www.securiteam.com: Outlook 2003 File Upload And Execution Vulnerability. Read more www.securiteam.com: Agnitum Outpost Firewall Pro DoS. Read more www.securiteam.com: Vulnerability in Help and Support Center Remote Code Execution (MS04-015). Read more www.securiteam.com: Outlook 2003 Not Yet SPAM Proof (PING). Read more News: www.theregister.co.uk: Phatbot arrest throws open trade in zombie PCs. Read more www.newsfactor.com: Why Are Virus Writers So Tough To Catch? Read more www.nzherald.co.nz: Police question more Sasser worm suspects. Read more www.eweek.com: German Police Hunt for Sasser Worm Accomplices. Read more www.smh.com.au: Suspected Agobot Trojan author arrested. Read more zdnet.com.com: Antivirus companies muting false alarms. Read more news.com.com: The lessons of Sasser. Read more www.theregister.co.uk: Chinese youths trash Internet caf�. Read more www.computerworld.com: Sasser arrest seen as small step in cybercrime fight. Read more

12 may 2004 New Trojans: BAD R.A.T. 1.1 TUploaderC2 TNT 1.1 Screen Spy 1.0 Guides, Papers, etc www.securityfocus.com: Automating Windows Patch Management: Part III. Read more Vulnerabilities & Exploits www.securitytracker.com: Microsoft Outlook 2003 Lets Remote Users Send E-mail to Cause the Recipient's Client to Contact a Remote Server. Read more www.securitytracker.com: Microsoft Help and Support Center HCP URL Validation Error May Let Remote Users Execute Arbitrary Code If User Interactions Occur. Read more www.securitytracker.com: Eudora Fails to Correctly Display the Status Bar for URLs Containing Many HTML Character Entities. Read more www.securitytracker.com: SCO OpenServer X Session Access Controls Do Not Permit Xauthority Controls for Some X Sessions. Read more www.securitytracker.com: Systrace BSD Privilege Check Error Lets Local Users Gain Root Privileges. Read more www.fribble.net: Arbitrary code inclusion vulnerability in phpShop. Read more xforce.iss.net: McAfee ePolicy Orchestrator Remote Compromise Vulnerability. Read more www.securitytracker.com: IBM Parallel Environment Sample Code Lets Local Users Execute Arbitrary Commands With Root Privileges. Read more www.securitytracker.com: eMule Service Can Be Crashed By Remote Users Sending a Variety of Malformed Requests. Read more www.securitytracker.com: MailEnable Buffer Overflow in HTTPMail Lets Remote Users Execute Arbitrary Code. Read more www.debian.org: DSA-502-1 exim-tls -- buffer overflow. Read more News: Microsoft Security Bulletin MS01-052 Invalid RDP Data can Cause Terminal Service Failure. Read more Microsoft Security Bulletin MS04-014 Vulnerability in the Microsoft Jet Database Engine Could Allow Code Execution (837001). Read more www.reuters.com: Net Worm Arrests Could Crack Cyber Ring: Experts. Read more www.theregister.co.uk: MS spells it out: pirates can, can't install WinXP Sp2. Read more www.theregister.co.uk: Lottery scams new flavour of the month. Read more zdnet.com.com: Microsoft patches new Windows flaw. Read more news.netcraft.com: Anti-Phishing Site Targeted by Hack Attacks. Read more

11 may 2004 New Trojans: BlackCore 2.0 JRat 1.3 NeoControlRed 2.5.1 New Cam Viewer Vulnerabilities & Exploits www.k-otik.com: Sasser Worm ftpd Remote Buffer Overflow Exploit (port 5554). Read more www.securitytracker.com: Mac OS X TruBlueEnviroment Argument Processing Flaw Lets Local Users Deny Service. Read more www.securitytracker.com: NukeJokes Input Validation Holes Permit SQL Injection and Cross-Site Scripting Attacks. Read more www.securitytracker.com: icecast Heap Overflow in Processing Basic Authentication Lets Remote Users Crash the Service. Read more News: www.theregister.co.uk: New version of Sasser undermines lone coder theory. Read more www.theinquirer.net: Microsoft paid $25,000 for the head of virus writer. Read more www.theregister.co.uk: German police arrest Sasser worm suspect. Read more www.suburbanchicagonews.com: Worm's creator tried to limit damage done. Read more www.newsfactor.com: Second German Teen Arrested After Sasser Author. Read more www.newsfactor.com: Despite German Teen Arrest, Sons of Sasser Live On. Read more nwc.securitypipeline.com: Hackers Moving Faster To Exploit Vulnerabilities. Read more news.com.com: Microsoft: Separate trail led to second virus writer. Read more

10 may 2004 New Trojans: Remote Password Reventator Harvester 2003 (mail) 08 Exception 1.0 Stealth Lan Downloader Guides, Papers, etc www.microsoft.com: Introduction to viruses, worms, and Trojan Horses. Read more Vulnerabilities & Exploits www.securiteam.com: SMC Routers Passwordless Remote Administration. Read more www.securiteam.com: Remote Command Execution Vulnerability In oMail. Read more www.securiteam.com: NukeJokes Module For PhpNuke Multiple Vulnerabilities. Read more www.securiteam.com: Pound Format String Exploit. Read more www.securiteam.com: Internet Explorer Remote Dos (Memory Access Violation). Read more www.securiteam.com: Eudora File URL Buffer Overflow. Read more www.securiteam.com: MyWeb Buffer Overflow. Read more News: nwc.securitypipeline.com: Sasser Worm Bites Businesses Worldwide. Read more www.newsfactor.com: Arrested German Teen Admits Being Sasser Worm Author. Read more www.informationweek.com: German Teenager Admits To Creating Sasser Worm. Read more www.microsoft.com: Microsoft Reward Program Helps Lead to Information Resulting in Arrest Related to Sasser Internet Worm. Read more www.crime-research.org: Who hacks? Who cracks? Read more

09 may 2004 New Trojans: Backdoor.VisualServer Savage dDevil Trojan TX chti WebDL Vulnerabilities & Exploits www.securitytracker.com: Microsoft Internet Explorer 'file://' URL Processing Flaw Lets Remote Users Damage the Registry. Read more www.securitytracker.com: efFingerD Buffer Overflow in sockFinger_DataArrival() Lets Remote Users Crash the Daemon. Read more www.securitytracker.com: TrendMicro OfficeScan Default Permissions Let Local Users Modify the Configuration. Read more www.securitytracker.com: Sun Java Virtual Machine Infinite Loop in decodeArrayLoop() Lets Remote Users Deny Service. Read more News: www.microsoft.com: Microsoft Reward Program Helps Lead to Information Resulting in Arrest Related to Sasser Internet Worm. Read more www.620ktar.com: Teen Confesses to Creating 'Sasser' Worm. Read more www.snpx.com: German police also arrest author of the Agobot and Phatbot worms. Read more www.snpx.com: Microsoft Reward Program Helped Lead to Arrest of Sasser author. Read more www.reuters.com: Net Worm Arrests Could Crack Cyber Ring: Experts. Read more www.signonsandiego.com: FACTBOX-Five major viruses on the Internet. Read more www.ctv.ca: German student arrested over computer virus. Read more www.wired.com: Sasser Worm Suspect Confesses. Read more zdnet.com.com: Microsoft reward snags suspected Sasser author. Read more www.gridtoday.com: Arrest Made In United Kingdom "Phishing" Case. Read more www.heise.de: German Language: Mutma�licher Phatbot-Entwickler bei L�rrach festgenommen. Read more

08 may 2004 New Trojans: PA HAC 1.2 2004 Infector NG 2004 Toxic Backdoor 1.0 Vulnerabilities & Exploits www.securitytracker.com: MyWeb Buffer Overflow Lets Remote Users Crash the Server With Long URLs. Read more www.securitytracker.com: Eudora Has Buffer Overflow in Loading 'file://' URLs. Read more www.securitytracker.com: Kolab Discloses LDAP Server Password to Local Users. Read more www.securitytracker.com: SUSE LINUX Live CD Configuration Error Yields Root Access to Remote Users. Read more www.securitytracker.com: e107 Input Validation Bug in 'News Submit' and 'Article Submit' Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more www.securitytracker.com: DeleGate Buffer Overflow in static ssl_prcert() Lets Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: Exim Buffer Overflows in 'accept.c' and 'verify.c' Let Remote Users Execute Arbitrary Code. Read more News: Latest news. Author of Sasser arrested. A german man is arrested for making the Sasser worm. www.techweb.com: Sasser, Netsky Work Of Same Hacker. Read more www.internetweek.com: Symantec: Sasser, Netsky Work Of Same Hacker. Read more www.internetnews.com: MS to Help Zap Worms Automatically. Read more www.theregister.co.uk: Sasser ups cost of Windows - Gartner. Read more www.newsfactor.com: Report: Phishing Scam Hits 57 Million Users. Read more www.theregister.co.uk: Mystery of MS's missing AV software. Read more www.theregister.co.uk: Stalkers target victims with email. Read more www.chron.com: University's computer system hit by hackers. Read more www.crime-research.org: Russia: Computer crimes statistics. Read more www.iht.com: Pirates and hackers roam in the Internet's Wild West. Read more

07 may 2004 New Trojans: Acid Drop 1.0 Visitor 1.1 [Dropper] Gadu Ghost 1.2 server Vulnerabilities & Exploits www.guninski.com: Buffer overflows in exim, yet still exim much better than windows. Read more www.securitytracker.com: FuseTalk Grants Remote Users Access to 'banning' Template. Read more www.securitytracker.com: Microsoft IIS ASP Script Cookie Processing Flaw May Disclose Application Information to Remote Users. Read more www.securitytracker.com: P4DB Input Validation Holes Let Remote Users Execute Arbitrary Shell Commands. Read more www.securitytracker.com: Heimdal k5admind Framing Length Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: PHP-Nuke Input Validation Bugs in 'sid' Variable in 'Downloads' Module Permits SQL Injection and Cross-Site Scripting Attacks. Read more www.securitytracker.com: Simple Machines SMF '[size]' Tag Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more www.securitytracker.com: Verity Ultraseek Discloses Installation Path to Remote Users. Read more www.securitytracker.com: SurgeLDAP Web Administration Interface Authentication Flaw Lets Remote Users Gain Access. Read more www.securitytracker.com: PHPX Cookie Authentication Flaw Lets Remote Users Hijack a Target User's Account. Read more www.securiteam.com: DeleGate SSL Filter Buffer Overflow. Read more www.debian.org: DSA-501-1 exim -- buffer overflow. Read more www.securityfocus.com: Multiple LHA Buffer Overflow/Directory Traversal Vulnerabilities. Read more News: www.theregister.co.uk: China shuts 8,600 cybercafes. Read more www.channelnewsasia.com: Virus researchers warn of new Netsky worm that poses as Sasser cure. Read more www.tmcnet.com: Expected ''Nastier Sasser'' Worm Highlights Dangers of Relying on Patches -- Recent Attacks Are a ''Wake-up Call'' for Improving Application Defenses of Networks. Read more www.theregister.co.uk: Prison time for cyber stock swindler. Read more www.theregister.co.uk: Sasser boosts AV share prices. Read more www.adn.com: Hackers access University of California, San Diego server. Read more www.crime-research.org: Who are these cyber criminals? Read more www.terra.net.lb: New scourge of Web, spyware draws fire from US Congress, others. Read more

06 may 2004 New Trojans: Magic PS 1.5 Hotmail Hacker Log Edition 3.5 NeoControlRed 2.4.0 Vulnerabilities & Exploits www.securitytracker.com: ipmenu Unsafe 'ipmenu.log' Temporary File Lets Local Users Gain Root Privileges. Read more www.securitytracker.com: Titan FTP Server Can Be Crashed By Remote Authenticated Users Sending and Aborting a LIST Command. Read more www.securitytracker.com: PHPX Has Mulitple Input Validation Holes That Permit Cross-Site Scripting Attacks. Read more www.securitytracker.com: Check Point VPN-1 ISAKMP Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more News: news.bbc.co.uk: Hunt is on for Sasser worm writer. Read more www.theregister.co.uk: Sasser creates European pandemonium. Read more www.theregister.co.uk: Fear of phishing hits e-commerce. Read more www.globetechnology.com: Sasser worm sign of things to come? Read more www.theregister.co.uk: UK police arrest 12 phishing mule suspects. Read more www.hardwarezone.com: Sasser Worm Infections Increase by 43% during Second Day of Alert. Read more www.newsfactor.com: Sasser Fizzles Out as Search for Culprits Heats Up. Read more www.chron.com: Worm may join pals for trouble. Read more www.usatoday.com: Computer security experts lament laggardly pace of patches. Read more www.smh.com.au: Open source group says monoculture breeds worms. Read more www.crime-research.org: How to avoid Internet fraud. Read more www.theregister.co.uk: MS opens Hotmail to bulk mailers. Read more

05 may 2004 New Trojans: MiniMO 0.6 Beta Acessor 2.0 Snow 3.8 Vulnerabilities & Exploits www.securitytracker.com: SuSE Linux '/proc/scsi/qla2300/HbaApiNode' Permissions Let Local Users Deny Service. Read more www.securitytracker.com: Message Foundry Lets Remote Users Deny Service By Requesting '/com1'. Read more www.securitytracker.com: Apple Mac OS X RAdmin Bug in Processing Large Requests Has Unspecified Impact. Read more www.securitytracker.com: Apple CoreFoundation Environment Variable Flaw Has Unspecified Impact. Read more www.securitytracker.com: AppleFileServer Buffer Overflow in Processing Cleartext User Authentication Method Packets Lets Remote Users Execute Code With Root Privileges. Read more www.securitytracker.com: PaX Infinite Loop Lets Local Users Deny Service. Read more www.securitytracker.com: Aldo's Web Server Discloses Arbitrary Files to Remote Users. Read more www.securitytracker.com: YaBB Input Validation Flaw in 'Subject' Field Lets Remote Users Modify the '.txt' File. Read more www.securitytracker.com: Crystal Reports Unspecified Flaws Let Remote Users View and Delete Files and Deny Service. Read more www.securiteam.com: autoRST - Automated TCP RST Exploit. Read more www.securiteam.com: Squirrelmail Local Root Chpasswd Exploit. Read more www.securiteam.com: Dameware Mini Remote Control Weak Key Agreement Scheme. Read more www.securiteam.com: Web Wiz Forum SQL Injection and Security Bypass, Read more www.securiteam.com: Titan FTP Server Aborted LIST DoS. Read more News: www.theregister.co.uk: We've seen worse than Sasser - MS. Read more www.theregister.co.uk: 'Deceptive Duo' hacker charged. Read more www.theregister.co.uk: Sasser worm creates havoc. Read more www.chron.com: Way to keep worms at bay: automatic security updates. Read more www.detnews.com: Computer security experts lament laggardly pace of patches. Read more www.stuff.co.nz: Worm may help hackers. Read more www.stuff.co.nz: Microsoft details Windows plans amid security woes. Read more

04 may 2004 New Trojans: Backdoor.Autocrat.a Backdoor.Hackarmy.a Backdoor.Welkom Guides, Papers, etc chitchat.at.infoseek.co.jp: VMware Backdoor I/O Port. Read more Vulnerabilities & Exploits www.atstake.com: AppleFileServer Remote Command Execution. Read more www.securitytracker.com: Pound Format String Flaw in Syslog Processing Lets Remote Users Execute Arbitrary Code. Read more www.theregister.co.uk: Mitnick busts bomb hoaxer. Read more News: english.chosun.com: Variants of Computer Worm 'Sasser' Spread Rapidly. Read more www.startribune.com: 'Sasser' worm hits computers Windows flaw exploited worldwide. Read more www.news-journalonline.com: New virus snarls hundreds of thousands of machines worldwide. Read more news.bbc.co.uk: Sasser net worm disruption grows. Read more www.techweb.com: How To Protect PCs Against The Sasser Worm. Read more www.crime-research.org: Computer Crime Classification. Read more news.com.com: Microsoft signs security pact with Germany. Read more www.smh.com.au: Microsoft says mega-patch problems unresolved. Read more

03 may 2004 New Trojans: NeoControlRed 2.5.0 Magic PS 1.42 Beast 2.06 [b] server Tools: fileforum.betanews.com: Microsoft Sasser.A & .B Worm Removal Tool 1.0. Read more Vulnerabilities & Exploits www.securiteam.com: LHa Local Stack Overflow Proof of Concept. Read more www.securiteam.com: Windows Lsasrv.dll Remote Universal Exploit (MS04-011). Read more www.securiteam.com: HSFTP Format String Vulnerability (Walkthrough). Read more www.securiteam.com: 3Com NBX VoIP NetSet DoS. Read more www.securiteam.com: Buffer Overflows and Directory Traversal in LHA. Read more www.securiteam.com: SquirrelMail Cross Scripting Attacks (compose.php). Read more www.securiteam.com: Remote Buffer Overflow Vulnerabilities in Real RTSP Streaming. Read more www.securiteam.com: ssmtp Insecure File Creation. Read more www.securiteam.com: phpBB IP Spoofing Vulnerability. Read more www.securiteam.com: paFileDB Multiple Vulnerabilities (XSS, Path Disclosure). Read more www.securiteam.com: OpenBB Multiple Vulnerabilities (board.php, search.php, member.php, post.php, myhome.php, index.php). Read more www.securitytracker.com: FLIM Unsafe Temporary Files May Let Local Users Gain Elevated Privileges. Read more www.debian.org: DSA-500-1 flim -- insecure temporary file. Read more www.debian.org: DSA-499-1 rsync -- directory traversal. Read more News: www.microsoft.com: Microsoft Joins Law Enforcement to Track Perpetrators of Emerging Worm Attacks against Computer Users. Read more www.overclockersclub.com: Very Fast Spreading Worm on the Loose. Read more www.crime-research.org: FraudWatch warns of the escalation of Internet fraud. Read more

02 may 2004 New Trojans: Leviathan 0.1 Ramirez 1.1 DJ Client Server Tools: www.fpx.de: UUDeview is a program that helps you transmit and receive binary files over the Internet, using electronic mail or newsgroups. Read more Guides, Papers, etc www.zeltser.com: Reverse Engineering Malware. Read more Know Your Enemy: Honeynets in Universities. Read more www.eeye.com: Sasser Worm Technical Analysis. Read more Vulnerabilities & Exploits www.securitytracker.com: PROPS Input Validation Flaws Disclose Files to Remote Users and Permit Cross-Site Scripting Attacks. Read more www.securitytracker.com: SmartPeer Has Password Command Flaw With Unspecified Impact. Read more www.securitytracker.com: SMC Routers Enable Remote WAN-Side Administration With No Password By Default. Read more www.securitytracker.com: MPlayer Buffer Overflow in Playing Real Streams Lets Remote Servers Execute Arbitrary Code. Read more www.securitytracker.com: Xine Buffer Overflow in Playing Real Streams Lets Remote Servers Execute Arbitrary Code. Read more www.securitytracker.com: NetCache Can Be Crashed By Remote Users. Read more www.securitytracker.com: Web Wiz Forums Input Validation Hole in 'pop_up_ip_blocking.asp' Lets Remote Users Inject SQL Commands. Read more www.securitytracker.com: Veritas NetBackup Buffer Overflow and Format String Flaws Let Local Users Gain Root Privileges. Read more www.securitytracker.com: Apple QuickTime Bug Lets Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: Microsoft Internet Explorer SSL Icon Error May Let Remote Users Impersonate Secure Web Sites. Read more www.securitytracker.com: Moodle Input Validation Bug in 'help.php' Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more www.securitytracker.com: SquirrelMail Input Validation Hole in 'mailbox' Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more www.securitytracker.com: 3Com NBX NetSet Configuration Utility Can Be Crashed By a Remote User Conducting a Nessus Scan. Read more www.securitytracker.com: Coppermine Photo Gallery Include File Flaw Lets Remote Users Execute Arbitrary Code on the Target System. Read more News: www.theregister.co.uk: The illicit trade in compromised PCs. Read more english.aljazeera.net: Sasser virus infects cyberspace. Read more xforce.iss.net: Microsoft LSASS Sasser Worm Propagation. Read more www.microsoft.com: What You Should Know About the Sasser Worm and Its Variants. Read more seattletimes.nwsource.com: What are pesky spyware 'parasites' nibbling on? Read more

01 may 2004 New in Archive Bifrost 1.0 SndCom 0.2 ViriL.Devil 3.0 Vulnerabilities & Exploits www.securitytracker.com: ProFTPD Access Control Bug With CIDR Addresses May Let Remote Authenticated Users Access Files. Read more www.securitytracker.com: lha Buffer Overflows Let Remote Users Create Malicious Archives to Execute Arbitrary Code. Read more www.securitytracker.com: libpng Memory Access Violation When Creating Error Messages May Cause Denial of Service Conditions. Read more www.securitytracker.com: Linux Kernel do_fork() Memory Allocation Flaw Lets Local Users Consume Memory Resources and Deny Service. Read more www.securitytracker.com: ReciPants Input Validation Holes Let Remote Users Inject SQL Commands. Read more www.securitytracker.com: Rsync Path Validation Flaw May Let Remote Authenticated Users Write Files on the System. Read more www.securitytracker.com: Midnight Commander Has Multiple Bugs That May Let Local Users Gain Elevated Privileges. Read more www.debian.org: DSA-498-1 libpng -- out of bound access. Read more News: news.com.com: Worm warning intensifies. Read more www.esecurityplanet.com: Large Numbers of Gaobot Worm Variants Proliferating. Read more zdnet.com.com: Alarm growing over bot software. Read more searchsecurity.techtarget.com: New variants of the prolific Bagle and Netsky families get legs. Read more www.securityfocus.com: Takedown: Mitnick busts bomb hoaxer. Read more www.computerworld.com: Microsoft hole spawns false alarm, real attacks. Read more

Copyright� MegaSecurity.org