Bookmark or link to: www.kobayashi.cjb.net. All other url`s could change!

Home    News Archive    Translate Traducen

News July 2003

31 july 2003 New Trojans: BlueWater 1.6 MSN Crack Store 2.0 Sect 1.0 Iroffer 1.2b10 Tools www.thc.org: The Reverse-WWW-Tunnel-Backdoor is proof-of-concept Perl program for the paper "Placing Backdoors through Firewalls". It allows communicating with a shell through firewalls and proxy servers by imitating webtraffic. The master/slave relation is reversed, therefore no listening ports are used on the target machine. Download Vulnerabilities & Exploits: www.securecoding.org: Analysis of Topical Vulnerabilities. Read more www.securitytracker.com: 'man-db' Buffer Overflows Let Local Users Execute Arbitrary Code. Read more www.securitytracker.com: Linux 'lockdev' May Let Local Users Gain Elevated Privileges. Read more www.securitytracker.com: Linux 2.4 Kernel NFSv3 Integer Overflow May Let Remote Users Cause a Kernel Panic. Read more www.securitytracker.com: NetScreen ScreenOS Can Be Crashed By Remote Users Sending Packets With Certain TCP Window Sizes. Read more www.securitytracker.com: Sun Solaris 'ld.so.1' Runtime Linker Buffer Overflow Lets Local Users Gain Root Privileges. Read more www.securitytracker.com: Roundup Input Validation Hole Permits Cross-Site Scripting Attacks. Read more www.securitytracker.com: KDE Konqueror May Disclose URL-based Passwords to Remote Users Via the Referer Field. Read more www.securitytracker.com: FreeRADIUS Buffer Overflow in Processing CHAP Challenges Lets Remote Users Execute Arbitrary Code. Read more www.debian.org: DSA-356-1 xtokkaetama -- buffer overflows. Read more www.debian.org: DSA-355-1 gallery -- cross-site scripting. Read more www.debian.org: DSA-354-1 xconq -- buffer overflows. Read more News: www.securityfocus.com: Panel Probes the Half-life of Bugs. Read more www.securityfocus.com: Legislation takes aim at spyware. Read more www.theregister.co.uk: I'm working for the FBI, claims accused hacker. Read more www.eurekalert.org: Hackers turn to Google. Read more gcn.com: Zimmermann: Public too slow to adopt encryption. Read more news.bbc.co.uk: The leaky net. Read more

30 july 2003 New Trojans: Stealth Redirector 1.4 Inspiration 1.1 Pro Agent 1.21 Guides, Papers, etc. www.securityfocus.com: Firewall Evolution - Deep Packet Inspection. Read more www.linuxsecurity.com: Fun Things To Do With Your Honeypot. Read more Vulnerabilities & Exploits: www.securitytracker.com: TelnetXQ Default Account With Common Password Lets Remote Users Access the System. Read more www.securitytracker.com: Novell iChain Login Buffer Overflows Let Remote Users Crash the Software. Read more www.securitytracker.com: Hassan Shopping Cart Discloses Configuration Data to Remote Users. Read more www.securitytracker.com: Opera Browser 'Location' Header Flaw Lets Remote Users Crash the Browser. Read more www.securitytracker.com: Gallery Input Validation Hole in Search Feature Permits Cross-Site Scripting Attacks. Read more www.securitytracker.com: Cisco Aironet Wireless Devices Can Be Crashed By Remote Users. Read more www.securitytracker.com: Cisco IOS-based Devices Disclose Valid User Account Names to Remote Users. Read more www.securitytracker.com: Xconq Game USER Environment Variable Buffer Overflow Lets Local Users Gain Elevated Privileges. Read more www.securitytracker.com: 'mod_mylo' Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: HP Patch for 'nettl' and 'netfmt' Lets Local Users Deny Service. Read more www.securitytracker.com: MySQL World-Writable Configuration File May Let Local Users Gain Root Privileges. Read more www.debian.org: DSA-353-1 sup -- insecure temporary file. Read more News: www.networknews.co.uk: Hackers pounce on latest Microsoft flaw. Read more www.crn.com: More Exploit Code For Windows Vulnerability Posted--Worms Expected To Follow. Read more www.eweek.com: Black Hat: Joining Forces to Fight Hacking. Read more news.bbc.co.uk: Virus writers turn to spam. Read more www.theregister.co.uk: So what info does WinXP really send to MS? Read more www.editorandpublisher.com: Credit Card Server Hacked at 'Greenville News'. Read more www.thesundaymail.news.com.au: Hacker's computer returned. Read more www.mytelus.com: French, Canadian hackers use Kentucky state computers to store pirated files. Read more www.theregister.co.uk: Red Hat Enteprise Linux 3.0 beta up for grabs. Read more www.theregister.co.uk: Hi-Fi meets Wi-Fi with Linksys. Read more zdnet.com.com: McDonald's beefs up Wi-Fi trials. Read more

29 july 2003 New Trojans: SomeTrouble 1.0 Peeper1st 2.3 NT RootKit 0.44 G-SPOT www 1.0 server 2 Tools www.kodeit.org: IISShield - Application Layer Firewall. Read more www.team-teso.net: Zodiac - DNS protocol monitoring and spoofing program. Read more www.eeye.com: Retina RPC DCOM Vulnerability Scanner from eEye Digital Security. Read more Vulnerabilities & Exploits: www.cisco.com: Cisco Security Advisory: HTTP GET Vulnerability in AP1x00. Read more www.securitytracker.com: Mitel Voice Over IP Servers Disclose Calling Data to Remote Users. Read more www.securiteam.com: miniSQL Format String Vulnerability Exploit Code. Read more www.securiteam.com: Microsoft SQL Server DoS Exploit Code. Read more www.securiteam.com: RPC Overflow Exploit Code. Read more www.securiteam.com: XBlast Local Root Exploit. Read more www.securiteam.com: Samba reply_nttrans() Remote Root Exploit. Read more www.securiteam.com: Buffer Overflow in EF Commander. Read more www.securiteam.com: Analysis of LSD's Buffer Overrun in Windows RPC Interface. Read more www.securiteam.com: NetScreen non-IP Protocol Denial of Service (And non-IP Machine Compromise). Read more www.securiteam.com: CPU/BIOS/OS Issue Allows Local Attacker to Cause a DoS Attack. Read more www.securiteam.com: Oracle E-Business Suite AOL/J Setup Test Information Disclosure. Read more www.securiteam.com: Oracle E-Business Suite FNDWRR Buffer Overflow. Read more www.securiteam.com: Oracle Extproc Buffer Overflow. Read more www.securiteam.com: Opera Denial of Service (Long Protocol Name). Read more www.securiteam.com: Remotely Exploitable Overflow In mod_mylo For Apache. Read more News: www.zdnet.com.au: Hacker code could unleash Windows worm. Read more australianit.news.com.au: Data logger pirate caught. Read more www.technewsworld.com: WiFi Is Open, Free and Vulnerable to Hackers. Read more www.govexec.com: Security officials discuss efforts to combat computer crime. Read more www.enquirer.com: Hacker claims he was working for FBI. Read more www.mg.co.za: Police charge Absa hacker suspect. Read more www.theregister.co.uk: Copying is Theft - and other legal myths. Read more

28 july 2003 New Trojans: Glacier XX4 WinEggDrop Shell 1.39 Guangwai Girl 1.52c server BlueWater 1.4 CN Black Dream 1.0 Vulnerabilities & Exploits: none today News: www.zdnet.com: Beware: It's now easier to crack your passwords. Read more www.news.com.au: Hacker gets four-year term. Read more finance.lycos.com: Owner of stolen 'sex.com' can sue VeriSign-court. Read more

27 july 2003 New Trojans: Snow 2.2 Blackhole 2002 Beast 2.00 (d & e) (may 24, 2003) MiniuII 1.1 Vulnerabilities & Exploits: illmob.org: DCOM RPC exploit paper by illwill. Read more www.xfocus.org: The Analysis of LSD's Buffer Overrun in Windows RPC Interface. Read more www.xfocus.org: Microsoft Windows 2000 RPC DCOM Interface DOS AND Privilege Escalation Vulnerability. Read more www.securitytracker.com: EF Commander Buffer Overflow in Processing FTP Banners May Let Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: e107 Website System Input Validation Hole in Custom Format Tags Permits Remote Cross-Site Scripting Attacks. Read more www.securitytracker.com: PBLang Input Filtering Flaw Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more www.securitytracker.com: Microsoft Outlook Express Again Executes Scripting Code in Plain Text E-mail Messages. Read more www.securitytracker.com: QmailAdmin Forwarding Rule Lets Remote Users Execute Arbitrary Commands on the System. Read more www.securitytracker.com: 'top' Environment Variable Buffer Overflow Lets Local Users Execute Arbitrary Code. Read more www.securitytracker.com: Outpost Firewall Software Can Be Silently Crashed By Local Users. Read more News: www.business.scotsman.com: Edinburgh firms' wireless networks open for hackers. Read more www.eweek.com: Group Posts Program That Exploits Windows. Read more www.themoscowtimes.com: Don't Spam This Deputy Minister. Read more

26 july 2003 New Trojans: Near Mohists 1.99 Optix Pager 2.0 Firewall Bypass Pro Agent 1.2 AGM65's Keylog Trojan 1.0 Harvester 5.0 Vulnerabilities & Exploits: www.securitytracker.com: mSQL Database Format String Flaw Lets Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: e107 Website System Discloses Usernames and Hashed Passwords to Remote Users. Read more www.securitytracker.com: paFileDB Authentication Flaw Lets Remote Users Upload and Execute Arbitrary Code. Read more www.securitytracker.com: UMN Gopherd do_command() Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: HP Color LaserJet Web Interface Permits Remote Cross-Site Scripting Attacks. Read more www.securitytracker.com: PHP-Gastebuch Discloses System Information and Hashed Admin Password to Remote Users. Read more www.securitytracker.com: Opera M2 Mail Client Embedded Image Viewing Restrictions Can Be Bypassed By Remote Users. Read more www.securitytracker.com: VMware Workstation Lets Local Users Execute Programs With Root Privileges. Read more www.securitytracker.com: VMware GSX Server Lets Local Users Execute Programs With Root Privileges. Read more www.securitytracker.com: Windows Media Player Again Lets Remote Users Install and Execute Code. Read more www.lsd-pl.net: Buffer Overrun in Windows RPC Interface. Read more News: www.securityfocus.com: The Hackers Who Broke Windows. Read more www.securityfocus.com: Group posts code to exploit Windows flaw, attack computers. Read more www.vnunet.com: Credit card hackers swap tricks online. Read more www.ecommercetimes.com: Microsoft Warns of DirectX Security Flaw. Read more fileforum.betanews.com: Keyser Soze's Unofficial XP Security Pack 1.002. Read more story.news.yahoo.com: Japan Cancels National Hacking Contest. Read more www.onlineathens.com: Brawl over online music file-swapping spawns 'secure' software. Read more news.com.com: Hacker code could unleash Windows worm. Read more www.ecommercetimes.com: Cracking Technique Highlights Password Concerns. Read more www.theregister.co.uk: A virus ate my exam results. Read more www.theregister.co.uk: Alcatel beefs up router security with Tripwire. Read more

25 july 2003 New Trojans: Inspiration 1.0 Little Witch 6.1 (x) server Msn Trojan 2.0 Vulnerabilities & Exploits: www.securitytracker.com: Apple Mac OS X Workgroup Manager May Let Remote Users Access New Accounts. Read more www.securitytracker.com: Oracle E-Business Suite Discloses Configuration and System Information to Remote Users. Read more www.securitytracker.com: Oracle Database EXTPROC Buffer Overflow Lets Remote Authenticated Users Execute Arbitrary Code. Read more www.securitytracker.com: Oracle E-Business Suite FNDWRR Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: Microsoft Windows NT File Management Flaw May Let Remote Users Crash Certain Applications. Read more www.securitytracker.com: Microsoft Data/Desktop Engine Named Pipe and LPC Flaws Let Local Users Execute Arbitrary Code. Read more www.securitytracker.com: Microsoft SQL Server Named Pipe and LPC Flaws Let Local Users Execute Arbitrary Code. Read more www.securitytracker.com: Microsoft DirectX Heap Overflow in Loading MIDI Files Lets Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: phpGroupWare Unspecified Bug Lets Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: XAVi X7028r Wireless ADSL Router Can Be Rebooted By Remote Users. Read more www.securitytracker.com: 3Com OfficeConnect DSL Router Can Be Crashed With Long URL. Read more www.securitytracker.com: NetWare Enterprise Web Server PERL Handler Buffer Overflow Lets Remote Users Crash the Web Service. Read more www.securitytracker.com: FDclone /tmp Directory Permission Flaw May Let Local Users Gain Elevated Privileges. Read more www.securitytracker.com: Microsoft MDAC ODBC Component May Store Database Passwords in Plaintext in the Registry. Read more www.securitytracker.com: more.groupware Include File Hole May Let Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: Apple QuickTime/Darwin Streaming Server Bugs Let Remote Users View Files and Crash the Server. Read more www.securitytracker.com: Microsoft IIS 6.0 Vulnerabilities Permit Cross-Site Scripting and Password Changing Attacks Against Administrators. Read more www.securiteam.com: University of Minnesota Gopherd do_command Buffer Overflow Vulnerability. Read more www.securiteam.com: Drupal XSS Vulnerability. Read more www.securiteam.com: Windows NT 4.0 with IBM JVM Denial of Service. Read more www.securiteam.com: Windows MIDI Decoder (QUARTZ.DLL) Heap Corruption. Read more www.securiteam.com: Flaw in Windows Function Could Allow Denial of Service. Read more www.securiteam.com: Unchecked Buffer in DirectX Could Enable System Compromise. Read more www.eeye.com: Windows MIDI Decoder (QUARTZ.DLL) Heap Corruption. Read more News: www.mg.co.za: Spyware, scumware and Absa. Read more edition.cnn.com: U.S. bank hit by international hackers. Read more www.iol.co.za: 'Users at fault in Net fraud cases, not bank'. Read more www.hackexpo.com: HACK ASIA 2003, Asian Information Technology Security Conference. Read more www.theregister.co.uk: MS alerts users to Windows DirectX vulnerability. Read more www.infoworld.com: Security experts question DOD cybersecurity. Read more

24 july 2003 New Trojans: Danton 4.1.0 beta Remote Control 1.0 Double Helix 2.5 Lamers Death 2.7 (e) server WinEggDrop Shell 1.38 Remotecmd 1.0 Guides, Papers, etc. www.securityfocus.com: Detecting SQL Injection in Oracle. Read more Vulnerabilities & Exploits: www.pivx.com: Unpatched IE security holes. Read more www.atstake.com: Microsoft SQL Server DoS. Read more www.atstake.com: Microsoft SQL Server Local Code Execution. Read more www.atstake.com: Windows NT 4.0 with IBM JVM Denial of Service. Read more www.securitytracker.com: GuanxiCRM Include File Holes Let Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: Linux 2.4 Kernel Forwarding Table Can Be Spoofed By Remote Users. Read more www.securitytracker.com: XBlast Buffer Overflow in $HOME Variable Lets Local Users Gain Elevated Privileges. Read more www.securitytracker.com: Linux 2.4 Kernel '/proc/self' Error May Disclose Sensitive Information to Local Users. Read more www.securitytracker.com: ashnews '$pathtoashnews' Include File Flaw Lets Remote Users Execute Arbitrary Code on the System. Read more www.securitytracker.com: Linux 2.4 Kernel execve() Access Control Flaw May Let Local Users Access File Descriptors. Read more www.securitytracker.com: Linux 2.4 Kernel RPC Bug Lets Local Users Bind to Ports Already in Use. Read more www.securitytracker.com: Linux 2.4 Kernel execve() Race Condition May Let Local Users Crash the System. Read more www.securitytracker.com: Linux 2.4 Kernel /proc/tty/driver/serial May Disclose Password Characteristics to Local Users. Read more www.securitytracker.com: Linux 2.4 Kernel Spanning Tree Protocol Bug Lets Remote Users Deny Service. Read more www.securitytracker.com: Sun Solaris 8 Can Be Crashed By Remote Users Sending IPv6 Packets. Read more www.securitytracker.com: phpGroupWare Include File Bug in 'tables_update.inc.php' Lets Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: Microsoft Outlook Web Access Can Be Crashed By Remote Authenticated Users With an Outlook 2003 Client. Read more www.securiteam.com: Another Exploit Code Release for Toppler Game Vulnerability. Read more www.securiteam.com: Buffer Overflow in Netware Web Server PERL Handler. Read more www.securiteam.com: Denial of Service in XAVI X7028r DSL Wireless Router (Long GET Request). Read more www.securiteam.com: Multiple Vulnerabilities Apple QuickTime/Darwin Streaming Server. Read more News: www.theregister.co.uk: Welsh virus writer loses appeal. Read more news.bbc.co.uk: Virus writer's appeal fails. Read more Microsoft Security Bulletin MS03-029 Flaw in Windows Function Could Allow Denial of Service (823803). Read more Microsoft Security Bulletin MS03-030 Unchecked Buffer in DirectX Could Enable System Compromise. Read more Microsoft Security Bulletin MS03-031 Cumulative Patch for Microsoft SQL Server (815495). Read more zdnet.com.com: Microsoft reveals 'critical' flaw. Read more news.com.com: Cracking Windows passwords in seconds. Read more www.santacruzsentinel.com: Cyber-cafes prepared for sabotage. Read more www.detnews.com: Internet in China, handheld shipments, advertising lawsuit, security tech, Google news. Read more www.fcw.com: Security adviser warns of cyberthreats. Read more www.theregister.co.uk: 'Online banking in SA was a time-bomb waiting to go off'. Read more www.newsfactor.com: Do Security Companies Create Monsters? Read more www.thestar.co.za: Another bank attacked as hackers go on spree. Read more www.theregister.co.uk: Spam clients outed, credit card details published. Read more

23 july 2003 New Trojans: iA Keylogger & Downloader Beast 2.00 (d) (may 28, 2003) Notify Gold 1.0.0.1 Guides, Papers, etc. www.hackinthebox.org: Camouflaging Nmap Scans. Read more Vulnerabilities & Exploits: www.securitytracker.com: Drupal Input Validation Hole Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more www.securitytracker.com: AtomicBoard Input Validation Flaw Discloses Files on the System to Remote Users. Read more www.securitytracker.com: Guidescope Filetering Software May Let Remote Users Relay Connections (SPAM) Via the System. Read more www.securitytracker.com: CGI.pm Library Input Validation Flaw Permits Remote Cross-Site Scripting Attacks. Read more www.securitytracker.com: WebCalendar $user_inc Global Variable Lets Remote Users View Files on the System. Read more www.securitytracker.com: Savant Web Server Can Be Crashed By Remote Users Making Many Connections. Read more www.securiteam.com: Microsoft Windows 2000 RPC DCOM Interface DOS and Privilege Escalation Vulnerability. Read more www.securiteam.com: BRU Format String Vulnerability Exploit. Read more www.debian.org: DSA-351-1 php4 -- cross-site scripting. Read more News: www.capetimes.co.za: Hacking into bank accounts is dead easy, say experts. Read more www.sabcnews.com: Big Four Banks Meet Over Internet Fraud. Read more www.bankrate.com: Feds warn of latest e-mail scams. Read more www.nydailynews.com: Phishin' for your ID. Read more www.fbi.gov: The Case of the Hacked South Pole. Read more www.accountingweb.com: Internet Vulnerability Mobilizes Hackers. Read more www.information-security.net: Firms Raced to Fix Internet Hardware Flaw. Read more www.fcw.com: Security without the sweat. Read more

22 july 2003 New Trojans: Global Patrol 1.31 QQ Ambush 1.0 Little Witch 6.1 client (s) RMT Vulnerabilities & Exploits: www.securiteam.com: GNATS Buffer Overflow Exploit Code Released (queue-pr). Read more www.securiteam.com: GopherD's FTP Gateway, and GSisText() Buffer Overflow Vulnerabilities (Exploit). Read more www.securiteam.com: Cisco IOS Interface Blocked by IPv4 Packets. Read more www.securiteam.com: Firewall Bypassing With BHO and MSIE. Read more www.securiteam.com: Splatt Forum XSS Vulnerability in icon Posting. Read more www.securiteam.com: Default CGI.pm Settings Vulnerable to Cross-site Scripting. Read more www.securiteam.com: Web Calendar Directory Traversal. Read more News: www.news.com.au: FBI issues fraud email warning. Read more www.canada.com: Con artists pretending to be Internet companies a growing problem. Read more news.zdnet.co.uk: Cisco flaw exploit posted online. Read more australianit.news.com.au: Cybercrime wave stretches resources. Read more www.theregister.co.uk: Trojan infection linked to SA Net bank thefts. Read more www.theregister.co.uk: ID thieves rip off 7m US adults a year. Read more www.theregister.co.uk: E-mail abuses cost UK firms millions. Read more afr.com: Police training to lift network-security skills. Read more www.theregister.co.uk: The War against 'Viagra'. Read more

21 july 2003 New Trojans: Jack Trojan 1.1 beta Double Helix 1.5 Antilamer 2.0 (m) server Vulnerabilities & Exploits: www.securitytracker.com: Witango Application Server Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: Apache HTTP Server 'rotatelogs' Bug on Win32 and OS/2 May Cause the Logging to Stop. Read more www.securiteam.com: Denial-of-Service of TCP-based Services in CatOS (Exploit). Read more www.securiteam.com: EST BRU Backup and Restore Utility Local Root Exploit. Read more www.securiteam.com: SurfControl Filter for SMTP Can Be Bypassed via Nested Zips. Read more www.securiteam.com: RAV Online Scanning ActiveX Buffer Overflow. Read more www.securiteam.com: Buffer Overflow in MSN Messenger. Read more www.securiteam.com: Witango & Tango 2000 Application Server Remote System Buffer Overrun. Read more www.securiteam.com: Digi-News and Digi-Ads Allow Gaining of Admin Privileges without Authentication. Read more www.securiteam.com: IBM U2 UniVerse Users with UVADM Rights can Elevate Privileges via UVADMSH. Read more www.securiteam.com: CFTP Buffer Overflow Vulnerability (HOME). Read more News: www.ebcvg.com: Trojans - and how to protect your network against them. Read more newsobserver.com: Researchers report hackers trying to abuse Cisco flaw. Read more www.theregister.co.uk: Service tunes 56Kbps modems up to 784Kbps. Read more www.recordonline.com: Warning: Thieves want your identity. Read more www.news24.com: 'Cyber hacker' not involved. Read more

20 july 2003 New Trojans: Guangwai Girl 1.53A Nethief 4.9 The Cryptic Remote Keylogger Gnotify 1.0 by Gobo Vulnerabilities & Exploits: www.securitytracker.com: Simpnews Include File Error Lets Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: WatchGuard ServerLock Access Control Flaws Let Local Users Take Control of the System. Read more www.securitytracker.com: eStore Input Validation Flaw Lets Remote Users Inject SQL Commands. Read more News: www.washingtonpost.com: Internet Security Experts Escalate Warnings. Read more www.theregister.co.uk: Cisco IOS DoS exploit released in the wild. Read more www.theregister.co.uk: Bush's e-mail faces DoS attack. Read more www.wired.com: Upload a File, Go to Prison. Read more

19 july 2003 New Trojans: Liciaa Fwb Downloader 1.0 IP Rape 1.0 Insecure Executable Downloader 1.0 Win-Spy 7.2.3 Vulnerabilities & Exploits: www.securitytracker.com: SGI IRIX Login Hole May Let Local Users Gain Root Privileges. Read more www.securitytracker.com: SGI IRIX Name Service Daemon (nsd) Bugs Let Remote Users Crash the System. Read more www.securitytracker.com: Message Foundry Permits Cross-Site Scripting Attacks and Lets Remote Authenticated Users Change Other User Passwords. Read more www.securitytracker.com: Elite News Authentication Flaw Grants Remote Users Administrative Privileges. Read more www.securitytracker.com: Cisco IOS Router Interfaces Can Be Blocked by Remote Users Sending Certain IPv4 Packets. Read more www.securitytracker.com: BRU Backup Software Buffer Overflow and Format String Bugs Let Local Users Execute Arbitrary Code. Read more www.securitytracker.com: digi-ads Authentication Error Grants Administrative Access to Remote Users. Read more www.securitytracker.com: digi-news Authentication Error Grants Administrative Access to Remote Users. Read more www.securitytracker.com: Synthigence Forum/Chat Software Discloses User Passwords to Remote Users. Read more www.securitytracker.com: .netCART Discloses Credit Card and Other Shopping Cart Information to Remote Users. Read more www.securitytracker.com: OmniHTTPd Web Server Has Input Validation Holes in Additional Sample Scripts That Let Remote Users Conduct Cross-Site Scripting Attacks. Read more www.securitytracker.com: Microsoft Windows XP Shell Buffer Overflow in Processing Folder Display Attributes Permits Remote Code Execution. Read more www.securitytracker.com: Microsoft Windows Remote Procedure Call (RPC) Service Buffer Overflow in Processing DCOM Requests Allows Remote Code Execution. Read more News: www.securityfocus.com: Guilty Plea in Kinko's Keystroke Caper. Read more www.securityfocus.com: Forensic Log Parsing with Microsoft's LogParser. Read more www.theage.com.au: Fraudsters net gullible users. Read more www.boston.com: Cisco offering patch to fix networking software flaw. Read more www.vnunet.com: Spammers target Wi-Fi security. Read more www.bayarea.com: Unshackling the Xbox: hackers and the right to tinker. Read more

18 july 2003 New Trojans: Back Attack 1.7 Poltergeist 1.0 Snow 2.1 URCS 1.05 (build1) Vulnerabilities & Exploits: www.cisco.com: Cisco IOS Interface Blocked by IPv4 Packet. Read more www.securitytracker.com: Deutsche Telekom Teledat 530 DSL Router Can Be Crashed By Remote Users Conducting Port Scans. Read more www.securitytracker.com: IBM U2 UniVerse Database Flaws in 'cci_dir' and 'uvadmsh' Let Local Users Obtain Root Privileges. Read more www.securitytracker.com: xfstt TrueType Font Server Buffer Overflow Lets Remote Users Crash the Server. Read more www.securitytracker.com: Microsoft SMTP Service Can Be Crashed By Remote Users Sending Mail With an Invalid FILETIME Header. Read more www.securitytracker.com: Microsoft Exchange Server Can Be Crashed By Remote Users Sending Mail With an Invalid FILETIME Header. Read more www.securitytracker.com: Splatt Forum Input Validation Hole in Icon IMG Tag Allows Remote Cross-Site Scripting Attacks. Read more www.securitytracker.com: Citadel/UX Input Validation Flaw and Buffer Overflows Let Remote Authenticated Users Execute Arbitrary Code. Read more www.securiteam.com: Hummingbird's Exceed X Emulator Fonts Directive Mishandling. Read more www.securiteam.com: ISA Server - Error Page Cross-Site Scripting (Additional Details). Read more www.securiteam.com: Moby's Netsuite Directory Traversal Vulnerability. Read more www.securiteam.com: Unchecked Buffer in Windows Shell Could Enable System Compromise (XP). Read more www.securiteam.com: IBM U2 UniVerse UVADM Can Take Root via Buffer Overflows. Read more www.securiteam.com: BRU Buffer Overflow and Format String Vulnerabilities. Read more www.securiteam.com: Linux nfs-utils xlog() Off-by-One Bug. Read more News: www.theregister.co.uk: Trojan turns victims into DDoS, spam zombies. Read more www.theregister.co.uk: Cisco issues network security brown alert. Read more news.com.com: Twin flaws have security pros worried. Read more www.securityfocus.com: Honeytokens: The Other Honeypot. Read more australianit.news.com.au: Disk clone tells all on Bali suspect. Read more cryptome.org: Web Privacy Services Complicate Work of Federal Investigators. Read more www.vnunet.com: Spammers target Wi-Fi security. Read more

17 july 2003 New Trojans: Joker 1.0 (SourceForge-Version) KPSULE 1.0 ProAgent 1.1 XQ 0.998 Vulnerabilities & Exploits: xforce.iss.net: Cisco IOS Remote Denial of Service Vulnerability. Read more www.pivx.com: ISA Server HTTP error handler XSS. Read more www.securitytracker.com: Hummingbird Exceed Font Processing Bug May Let Remote Authenticated Users Execute Arbitrary Code. Read more www.securitytracker.com: ASUS ADSL Router Web Interface Discloses Passwords to Remote Users. Read more www.securitytracker.com: ImageMagick May Execute Arbitrary Code in Malicious Image Files. Read more www.securitytracker.com: Sierra Starsiege Tribes Game Can Be Crashed By Remote Users. Read more www.securitytracker.com: Netscape Client Detection Tool Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: Microsoft Internet Explorer 'Chromeless' Window May Let Remote Users Spoof Various User Interface Characteristics. Read more www.securitytracker.com: WebShield SMTP for Windows NT Lets Remote Users Send Executables Through the Filter. Read more www.securitytracker.com: 'nfs-utils' Buffer Overflow May Let Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: NeoModus Direct Connect Permits Remote Denial of Service Attacks. Read more www.securiteam.com: Buffer Overflows Vulnerability in IglooFTP PRO (Exploit). Read more www.securiteam.com: DoS Attack Against Twilight Web Server (Long GET Request). Read more www.securiteam.com: Remote DoS Vulnerability in NeoModus Direct Connect. Read more www.securiteam.com: Microsoft JET Database Engine 4.0 Buffer Overflow. Read more www.securiteam.com: Apple Issues Patch to Address Screen Saver Bypassing. Read more www.debian.org: DSA-350-1 falconseye -- buffer overflow. Read more www.debian.org: DSA-349-1 nfs-utils -- buffer overflow. Read more News: Microsoft Security Bulletin MS03-026 Buffer Overrun In RPC Interface Could Allow Code Execution (823980). Read more Microsoft Security Bulletin MS03-027 Unchecked Buffer in Windows Shell Could Enable System Compromise (821557). Read more Microsoft Security Bulletin MS03-028 Flaw in ISA Server Error Pages Could Allow Cross-Site Scripting Attack (816456). Read more www.securityfocus.com: Microsoft admits critical flaw in nearly all Windows software. Read more asia.reuters.com: Microsoft Warns of Flaw in Windows. Read more www.globeandmail.com: Windows cracked again. Read more www.theregister.co.uk: Symantec 'security scan' distributes rootkit. Read more www.infoworld.com: New worm poses as Microsoft patch. Read more www.guardian.co.uk: Beware Trojans bearing gifts. Read more www.securitynewsportal.com: Was Google hacked or is Google getting into the SPAM business. Read more money.cnn.com: Burden of spoof. Read more www.theregister.co.uk: Student hackers: we didn't defeat campus debit card system. Read more www.iht.com: Walking through a hacker's wireless paradise. Read more www.attrition.org: Deconstructing the Defacer Challenge Hoax/FUD. Read more

16 july 2003 New Trojans: Hotmail Hacker X 0.9 Kaos Webdownloader WAY 2.5 [skyfire] Vulnerabilities & Exploits: www.securitytracker.com: Traceroute NANOG Integer Overflow Lets Local Users Access Privileged Sockets. Read more www.securitytracker.com: Grub Web Crawler Discloses Password to Local Users. Read more www.securitytracker.com: MDaemon Buffer Overflow in EXAMINE and SELECT IMAP Commands Allows Remote Authenticated Users to Execute Code. Read more www.securitytracker.com: CyberShop ASP May Disclose Shopping Cart Database to Remote Users. Read more www.securitytracker.com: Moby's NetSuite Input Validation Flaw Discloses Files on the System to Remote Users. Read more www.securiteam.com: Denial-of-Service of TCP-based Services in CatOS. Read more www.securiteam.com: IE Chromeless Window Vulnerabilities (More Examples). Read more www.securiteam.com: Grub Distributed Webcrawling Client Clear Text Password Vulnerability. Read more www.securiteam.com: StoreFront Vulnerable to SQL Injection. Read more www.securiteam.com: Multiple Vulnerabilities in Citadel/UX. Read more www.securiteam.com: Format String Vulnreability Found in ImageMagick. Read more News: www.hivercon.com: HIVERCON 2003 CALL FOR PAPERS. Read more www.newscientist.com: Red alert on the e-war front. Read more www.crbj.com: Identity theft: When bad things happen to good names. Read more www.forbes.com: Trojan Horse, Meet The Home Office. Read more www.ntsecurity.net: Honeynet Affiliates Help Dampen Credit Card Fraud. Read more www.pcworld.com: Securing Cyberspace: A Shared Duty. Read more

15 july 2003 New Trojans: Snow 2.0 Near Mohists 1.9 Svchost 0.2 beta Beast 1.92 (a & d) (march 05, 2003) URCS 1.04 (build1) Vulnerabilities & Exploits: www.securitytracker.com: BlazeBoard Default Installation May Disclose Installation Files to Remote Users. Read more www.securitytracker.com: Mabry FTPServer/X Buffer Overflows in Several FTP Commands Let Remote Users Crash the Server. Read more www.securitytracker.com: Polycom MGC-25 Conferencing System Management Port Can Be Crashed By Remote Users. Read more www.securitytracker.com: BlackBook Guest Book Contains Input Validation and Access Control Flaws. Read more www.securitytracker.com: ASP-DEV Discussion Forum Grants Admin Access to Remote Users and Discloses User Passwords. Read more www.securitytracker.com: StoreFront ASP Shopping Cart Input Validation Flaw Discloses User Information to Remote Users. Read more www.securiteam.com: Flaw in Windows Message Handling through Utility Manager Could Enable Privilege Elevation. Read more www.securiteam.com: Buffer Overflow Vulnerabilities in TurboFTP. Read more www.securiteam.com: Vulnerability in Microsoft's HTML Converter Could Allow Code Execution. Read more www.securiteam.com: CyberShop-ASP Vulnerable With Shopdbtest.ASP. Read more News: ntbugtraq.ntadvice.com: NTBugtraq Retreat. Read more www.virusbtn.com: Virus Bulletin 2003 conference. Read more story.news.yahoo.com: From Russia with porn: new Internet attacks baffle security experts. Read more news.com.com: Sony warns online buyers of spam scam. Read more www.nj.com: Bold thieves troll Web in slick, new scams for money and IDs. Read more www.adn.com: Student hackers settle debit-card device lawsuit. Read more www.computerweekly.com: Could hackers launch a denial-of-spam attack? Read more www.zdnet.com: Who's really responsible for hacker attacks. Read more www.themoscowtimes.com: Russia-Linked Porn Hackers Target PCs. Read more www.canada.com: Keeping cyber-thieves at bay. Read more www.dailyherald.com: British man arrested for hacking into Fermilab computers. Read more www.sunspot.net: Prank Message Via Google Mocks WMD Search. Read more

14 july 2003 New Trojans: Zalivator 1.4.2 Pro (build 92) MSN Log Thief 0.5 ProAgent 1.0 Remote GUI 0.92 Vulnerabilities & Exploits: www.securitytracker.com: Microsoft Jet Database Engine Buffer Overflow May Let Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: UMN Gopherd Buffer Overflows in GSisText() and in FTP Proxy Code Let Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: Trend Micro HouseCall Scanner Has Buffer Overflows That May Allow Remote Code Execution. Read more www.securitytracker.com: Invision Power Board Input Validation Hole in 'ipchat.php' Permits Remote SQL Injection. Read more www.securitytracker.com: W-Agora Input Validation Flaws Disclose System Information and May Permit Remote Code Execution. Read more www.securiteam.com: ASP-DEV Discussion Forum Information Disclosure. Read more www.securiteam.com: Gattaca Server Vulnerable to Multiple vulnerabilities. Read more News: www.dailyherald.com: British man arrested for hacking into Fermilab computers. Read more www.nj.com: Bold thieves troll Web in slick, new scams for money and IDs. Read more www.neowin.net: Trojan Hijacks PCs to Peddle Porn. Read more

13 july 2003 New Trojans: Annoy Toys 1.0 Resident Evil 1.0 beta R-Desktop 1.0 Fox Q 1.5 Nethief 4.8 Tools: www.thc.org: Amap is a scanning tool that allows you to identify the applications that are running on a specific port (linux). Download Guides, Papers, etc. packetwatch.net: Analysis of Remote Active Operating System Fingerprinting Tools (pdf). Read more www.idefense.com: Win32 Message Vulneralilities Redux. (pdf) Read more mutsonline.com: NetBIOS Enumeration and Bruteforce. (pdf) Read more Vulnerabilities & Exploits: www.securitytracker.com: Gattaca Server Discloses Files to Remote Users and Can Be Crashed By Remote Authenticated Users. Read more www.securitytracker.com: phpForum Include File Error Lets Remote Users Execute Arbitrary Code on the System. Read more www.securitytracker.com: aMSN Client May Disclose the User's Password to Local Users. Read more www.securitytracker.com: TurboFTP Client Buffer Overflow in Processing Server Responses May Crash the Client. Read more www.securitytracker.com: BiTBOARD Discloses Administrator's Hashed Password to Remote Users. Read more www.securitytracker.com: Macromedia JRun Discloses Page Source Code to Remote Users. Read more www.securitytracker.com: ColdFusion MX Discloses Page Source Code to Remote Users . Read more www.securitytracker.com: Mabry HTTPServer/X Discloses Files on the System to Remote Users. Read more www.securitytracker.com: Naviscope Processing Loop May Cause Denial of Service Conditions. Read more News: www.theregister.co.uk: Trojan serves porn off home PCs, not many dead. Read more www.theregister.co.uk: 'Open and helpful community' - of credit card thieves. Read more www.onlineathens.com: Student hackers blessing, curse to universities. Read more silicon.com: Ginseng Jim Twist To Spoof PayPal ID Theft Scam. Read more www.ecommercetimes.com: 'Brand Spoofing' a Growing E-Mail Scam. Read more

12 july 2003 New Trojans: The Infector 1.0 Zirgt 1.0 Sensive 5.1 (b) Sub-Mariner 1.1 client Vulnerabilities & Exploits: www.securitytracker.com: TinyWEB URL Processing Flaw Lets Remote Users Create Denial of Service Conditions. Read more www.securitytracker.com: ZoneAlarm Pro 4.0 May Drop Some Firewall Rules When Upgrading From a Previous Version. Read more www.securitytracker.com: Q-Shop Shopping Cart Authentication Flaw Lets Remote Users Upload and Execute Arbitrary Code. Read more www.securitytracker.com: Microsoft SMB Buffer Overflow Lets Remote Authenticated Users Execute Arbitrary Code. Read more www.securitytracker.com: Microsoft Windows 2000 Accessibility Utility Manager Lets Local Users Gain Elevated Privileges. Read more www.securitytracker.com: Coda File System RPC2 Library Bug Lets Remote Users Crash Affected Application. Read more www.securitytracker.com: terminatorX Environment Variable Buffer Overflow Lets Local Users Run Arbitrary Code With Root Privileges. Read more www.securitytracker.com: NetScreen Firewall Bridging Flaw Lets Remote Users Bypass the Firewall With Non-IP Packets. Read more www.securitytracker.com: Cisco CatOS Bug in Processing Non-Standard TCP Flags Permits Remote Denial of Service Attacks. Read more www.securitytracker.com: Apache HTTP Server FTP Proxy Bug May Cause Denial of Service Conditions. Read more www.securitytracker.com: Apache 'accept()' Errors May Cause Denial of Service Conditions. Read more www.securitytracker.com: Apache Web Server 'type-map' File Error Permits Local Denial of Service Attacks. Read more www.securitytracker.com: Apache 2.0 Web Server May Use a Weaker Encryption Implementation Than Specified in Some Cases. Read more News: www.securityfocus.com: Honeynet: Carders are Getting Slick. Read more silicon.com: Ginseng Jim twist to spoof PayPal ID theft scam. Read more www.ecommercetimes.com: 'Brand Spoofing' a Growing E-Mail Scam. Read more www.zdnet.com.au: ID Theft Battle Threatens Privacy. Read more www.examiner.ie: Call centre hackers spark terror probe. Read more

11 july 2003 New Trojans: SlimFTPd 3.14 M-ld beta URCS 1.0.3 build4 Peep 2.02 Vulnerabilities & Exploits: www.securitytracker.com: KNOPPIX CD Default Configuration May Let Local Users Grab Root Privileges. Read more www.securitytracker.com: phpSysInfo May Disclose Files on the System to Remote Users. Read more www.securitytracker.com: radware LinkProof SSH Connection Limitation Lets Remote Users Deny Administrative Service. Read more www.securitytracker.com: News51 Discloses Hashed Password File to Remote Users. Read more www.securitytracker.com: Forum51 Discloses Hashed Password File to Remote Users. Read more www.securitytracker.com: Board51 Discloses Hashed Password File to Remote Users. Read more www.securitytracker.com: BEA WebLogic Server May Disclose the Node Manager Password to Local Users. Read more www.securitytracker.com: BEA WebLogic Managed Server Independence Access Control Flaw May Yield Console Access to Remote Users. Read more www.securitytracker.com: Microsoft Outlook Web Access (OWA) May Disclose The User's OWA Password to Remote Users. Read more www.securitytracker.com: Zkfingerd Unsafe Syslog Call in _finger_error() Function Lets Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: BEA WebLogic Server and Express May Disclose 'Admin' Password to 'Operator' Users. Read more www.securitytracker.com: Rockliffe MailSite Express Discloses Attachments to Remote Users. Read more www.securitytracker.com: ezTrans Input Validation Flaw Discloses Files on the System to Remote Users. Read more News: www.lurhq.com: Reverse-Proxy Spam Trojan - Migmaf. Read more www.smh.com.au: Trojan uses home computers as porn proxy. Read more www.tracking-hackers.com: Know Your Enemy: Automated Credit Card Fraud (pdf). Read more silicon.com: Ginseng Jim twist to spoof PayPal ID theft scam. Read more www.iht.com: A virtual Pandora's (X)box opened by hackers. Read more www.zdnet.com.au: ID theft battle threatens Aust privacy: Experts. Read more news.zdnet.co.uk: Fake PayPal site could lead to identity theft. Read more www.examiner.ie: Call centre hackers spark terror probe. Read more www.guardian.co.uk: Feds: SSA Vulnerable to Identity Theft. Read more washingtontimes.com: Most businesses are hurt by cybercrime. Read more

10 july 2003 New Trojans: Password Devil 1.0 Trail Of Destruction 2.0 Tiny HTTP Server 1.1 Back Attack 1.6 Vulnerabilities & Exploits: www.nextgenss.com: Microsoft Utility Manager Local Privilege Escalation. Read more www.securitytracker.com: ICQ Pro Lets Local Users Login Without Passwords. Read more www.securitytracker.com: Canon GP300 Copier Can Be Crashed By Remote Users. Read more www.securitytracker.com: Microsoft Internet Explorer Can By Crashed By Loading 'C:\aux' URL. Read more www.securitytracker.com: BillingExplorer Lack of Authentication Lets Remote Users Modify Billing Data. Read more www.securitytracker.com: ColdFusion MX Server Default Configuration Gives Remote Users RDS Access. Read more www.securitytracker.com: 1st Screen Lock Access Control Flaw Discloses Password to Local Users. Read more www.securitytracker.com: Trillian Can By Crashed By Remote Users Sending a Malformed 'TypingUser' Message. Read more www.securitytracker.com: x-face.el Temporary File Vulnerability May Let Local Users Gain Elevated Privileges. Read more www.securitytracker.com: SEMI Temporary File Vulnerability May Let Local Users Gain Elevated Privileges. Read more www.securitytracker.com: IglooFTP Client Buffer Overflows Let Remote FTP Servers Execute Arbitrary Code on the Client. Read more www.securitytracker.com: cPanel Log File Filtering Flaw Permits Remote Cross-Site Scripting Attacks Against Administrators. Read more News: Microsoft Security Bulletin MS03-023 Buffer Overrun In HTML Converter Could Allow Code Execution (823559). Read more Microsoft Security Bulletin MS03-024 Buffer Overrun in Windows Could Lead to Data Corruption (817606). Read more Microsoft Security Bulletin MS03-025 Flaw in Windows Message Handling through Utility Manager Could Enable Privilege Elevation (822679). Read more www.securityfocus.com: IE Bugs Keep Coming. Read more www.informationweek.com: Brazilian Group Wins Hacker Contest. Read more www.eweek.com: Microsoft Warns of New Windows Flaws. Read more www.theregister.co.uk: Microsoft to face patent violation claims today. Read more

09 july 2003 New Trojans: Nuclear Uploader 1.1b RVC 0.91 EHKS 2.0 SuperMM 1.0 98 (b) HTTP RAT 0.21 (k) Vulnerabilities & Exploits: www.securityfocus.com: Microsoft Outlook Web Access HTML Attachment Script Execution Vulnerability. Read more www.securityfocus.com: Mirabilis ICQ Password Bypass Weakness. Read more www.securitytracker.com: ColdFusion MX Server Default Configuration Gives Remote Users RDS Access. Read more www.securitytracker.com: 1st Screen Lock Access Control Flaw Discloses Password to Local Users. Read more www.securitytracker.com: 1st Security Agent Access Control Flaw Discloses Password to Local Users. Read more www.securitytracker.com: Trillian Can By Crashed By Remote Users Sending a Malformed 'TypingUser' Message. Read more www.securitytracker.com: x-face.el Temporary File Vulnerability May Let Local Users Gain Elevated Privileges. Read more www.securitytracker.com: SEMI Temporary File Vulnerability May Let Local Users Gain Elevated Privileges. Read more www.securitytracker.com: IglooFTP Client Buffer Overflows Let Remote FTP Servers Execute Arbitrary Code on the Client. Read more www.securitytracker.com: cPanel Log File Filtering Flaw Permits Remote Cross-Site Scripting Attacks Against Administrators. Read more www.securitytracker.com: myServer CGI Script Input Validation Flaws Let Remote Users Crash the Web Server. Read more www.securitytracker.com: ProductCart Shopping Cart Default Configuration Lets Remote Users Download the Shopping Database. Read more www.securiteam.com: Yahoo Messenger Service Call Buffer Overflow Vulnerability Resurfaces. Read more www.securiteam.com: Exploit Code Release for Toppler Game Vulnerability. Read more www.debian.org: DSA-342-1 mozart -- unsafe mailcap configuration. Read more www.debian.org: DSA-341-1 liece -- insecure temporary file. Read more www.debian.org: DSA-339-1 semi -- insecure temporary file. Read more News: www.ajc.com: 'Spoof' e-mail scam spreads. Read more reuters.com: Experts Say Hacker Hype Is Threat on Its Own. Read more www.dailytimes.com.pk: Weird web data foxes experts. Read more www.komotv.com: Janitors Busted For Identity Theft. Read more thestar.com.my: Colombia blame it on hackers. Read more sci.newsfactor.com: Hacking Competition Gets Hacked. Read more www.net4nowt.com: Viruses reach record high. Read more

08 july 2003 New Trojans: OICQsearch 1.7 Remote Control 1.5 Remote Revise 1.72 Little Witch 6.1 (p) client StealthWatcher 1.5 Vulnerabilities & Exploits: www.securitytracker.com: ProductCart Shopping Cart Default Configuration Lets Remote Users Download the Shopping Database. Read more www.securiteam.com: gnuchess Buffer Overflow Vulnerability (Exploit, -s). Read more www.securiteam.com: gnuan Buffer Overflow Vulnerability (Exploit, -s). Read more www.securiteam.com: isdnrep Buffer Overflow Vulnerability (Exploit, -t). Read more www.securiteam.com: Serious Vulnerabilities Found in Rediffmail.com Web Mail Service (CSS). Read more www.securiteam.com: XBOX Dashboard Local Vulnerability. Read more News: www.securityfocus.com: Antivirus Concerns in XP and .NET Environments. Read more www.eweek.com: Requiem for a Hacker. Read more australianit.news.com.au: Mixed views on 'hacker contest'. Read more news.com.com: Web vandals' contest leaves faint trace. Read more www.asiamedia.ucla.edu: Hackers crack 17 Korean Web sites. Read more www.zdnet.com.au: How hackers had Microsoft over a barrel. Read more www.nzz.ch: Swiss turn up the heat on cybercrime. Read more

07 july 2003 New Trojans: SRNServ Igloo 2.02.0 Beast 2.00 (d) (may 23, 2003) Vulnerabilities & Exploits: www.securitytracker.com: Mac OS X Screensaver Flaw Lets Physically Local Users Access a Locked Desktop. Read more www.securitytracker.com: Novell iChain Discloses to Remote Users Whether Usernames Exist or Not. Read more www.securiteam.com: Essentia Web Server Exploit Code Released. Read more www.securiteam.com: cPanel Malicious HTML Tags Injection Vulnerability. Read more www.securiteam.com: AXIS 560x Web Interface Vulnerable to a DoS. Read more www.securiteam.com: NetMeeting Directory Traversal Vulnerability. Read more www.securiteam.com: Active Directory Stack Overflow. Read more www.securiteam.com: Trillian Remote DoS (Malformed TypingUser). Read more News: www.freep.com: Vandalism contest by hackers is disrupted. Read more www.internetweek.com: Hacker Trackers Attacked During Hacker Contest. Read more www.zdnet.com: Work at home? Here's how to stay secure. Read more www.theregister.co.uk: Dutch mass spammer loses grip. Read more

06 july 2003 New Trojans: Hatred-Fiend 1.3 Igloo 1.5 server (c) Furier Furier Trojan 1.1 Near Mohists 1.868 Vulnerabilities & Exploits: www.securitytracker.com: Rediffmail Password Changing Process Lets Remote Users Hijack Accounts. Read more www.securitytracker.com: VP-ASP Shopping Cart Input Validation Flaw Lets Remote Users Inject SQL Commands to Gain Administrative Access. Read more www.securitytracker.com: ProductCart Input Validation Flaw Lets Remote Users Inject SQL Commands to Gain Administrative Access. Read more www.securitytracker.com: Xbox Dashboard Font File Loader Integer Overflow Lets Local Users Execute Arbitrary Code. Read more www.securitytracker.com: Greymatter Weblog Input Validation Flaw Lets Remote Users Execute PHP Commands on the Target Server. Read more www.securitytracker.com: Roger Wilco Buffer Overflow Lets Remote Users Execute Arbitrary Code on Unsuspecting Clients. Read more www.securitytracker.com: OpenBSD pf Packet Filter May Disclose Internal IP Address and Port Number to Remote Users. Read more www.securitytracker.com: CCBill Input Validation Flaw in 'whereami.cgi' Script Permits Remote Operating System Command Execution. Read more www.securitytracker.com: Microsoft Windows 2000 ShellExecute() Buffer Overflow May Let Users Execute Arbitrary Code. Read more News: www.theregister.co.uk: Hacker group releases software-only Xbox mod details. Read more www.theregister.co.uk: Anyone ever managed to claim on PayPal's Money Back Guarantee? Read more www.globetechnology.com: Hackers compete in international battle Sunday. Read more

05 july 2003 New Trojans: Falling Star 1.22 OICQsearch 1.62 Magic Link 2.3 Vulnerabilities & Exploits: www.securitytracker.com: Microsoft Commerce Server Discloses SQL Server Password to Local Users. Read more www.securitytracker.com: HP NotStop Server Flaw Lets Local Users Gain Elevated Privileges. Read more www.securitytracker.com: ezbounce Format String Flaw Lets Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: PHPGroupWare Input Validation Flaws Permit Remote Cross-Site Scripting Attacks. Read more www.securitytracker.com: Microsoft NetMeeting Directory Traversal Flaw Lets Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: Microsoft Active Directory Stack Overflow in 'Lsaas.exe' Lets Remote Users Crash the Windows 2000 Server. Read more www.securiteam.com: Verity K2 Toolkit Query Builder XSS Vulnerability. Read more News: A new "IIS Media Services ISAPI Buffer Overflow Tutorial" is out, including source code (pdf). Download www.computerworld.com.au: Hoax bank sites target ANZ, Westpac. Read more net-security.org: Virus Writers Strictly PC - Macs Largely Snubbed By Cyber Underworld. Read more news.zdnet.co.uk: Microsoft defends security track record. Read more www.globetechnology.com: File sharing and firewalls. Read more www.zdnet.com.au: Group releases Xbox exploit amid MS prosecution threats. Read more

04 july 2003 The VoyForum of MegaSecurity has been closed by the VoyForums Staff due to its illegal password sharing. New Trojans: URCS 1.0.2 Downloader 1.0 MiniCommand 2.0.2 Vulnerabilities & Exploits: lists.netsys.com: XBOX Dashboard local vulnerability. Read more www.lac.co.jp: Windows 2000 ShellExecute() API Let Applications to Cause Buffer Overflow. Read more www.securitytracker.com: CyberStrong eShop Lets Remote Users Inject SQL Commands. Read more www.securitytracker.com: VisNetic WebSite Discloses Installation Path to Remote Users. Read more www.securitytracker.com: Adobe Acrobat Reader Buffer Overflow in WWWLaunchNetscape() May Let Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: InterSystems Cache Database File Permissions Let Local Users Modify Files to Gain Root Privileges. Read more www.securiteam.com: Statement on the Announced Defacement Challenge (Zone-H.org). Read more www.securiteam.com: Verity K2 Toolkit Query Builder XSS Vulnerability. Read more www.securiteam.com: URLMON.DLL Buffer Overflow - Technical Details (Exploit). Read more www.securiteam.com: Windows 2000 ShellExecute() API Lets Applications to Cause a Buffer Overflow. Read more www.securiteam.com: Remote Format String Vulnerabilities in eXtremail Server (MAIL FROM, Reappearing). Read more News: www.securityfocus.com: Penetration Testing for Web Applications (Part Two). Read more www.computerworld.com.au: Hoax bank sites target ANZ, Westpac. Read more www.crn.com: Illinois Supercomputer Center To Head Military Cybersecurity Effort. Read more www.securityfocus.com: Study: Wi-Fi users still don't encrypt. Read more business.boston.com: Government warns of large hacking attack. Read more www.news.com.au: Hacker contest fears dowsed. Read more www.zdnet.com.au: Group releases Xbox exploit amid MS prosecution threats. Read more

03 july 2003 New Trojans: Zalivator 1.4.1 Pro (build 91) R-Desktop 1.1 Igloo 2.02.5 Vulnerabilities & Exploits: www.idefense.com: Cach� Insecure Installation File and Directory Permissions. Read more www.security-corporation.com: Cross Site Scripting Vulnerability in Phpgroupware. Read more www.coresecurity.com: NetMeeting Directory Traversal Vulnerability. Read more www.coresecurity.com: Active Directory Stack Overflow. Read more www.krusesecurity.dk: VisNetic WebSite Path Disclosure Vulnerability. Read more www.securitytracker.com: Abyss Web Server Heap Overflow Lets Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: SSH Secure Shell RSA Signature Verification Flaw May Let Remote Users Forge Valid Signatures. Read more www.securiteam.com: Broadcast Buffer Overflow and Server Freeze in RogerWilco. Read more News: www.theage.com.au: US warns of mass hacker attacks. Read more asia.cnet.com: Hackers organize vandalism contest. Read more www.jsonline.com: Hackers plan 'contest' to deface Web sites. Read more www.smh.com.au: Computer crime centre launched. Read more www.smh.com.au: Hacker who threatened Bloomberg gets prison. Read more news.bbc.co.uk: Spam peddlers hijack computers. Read more

02 july 2003 New Trojans: Spy System 2.3 Roach 1.0 Snow 1.3 Little Witch 6.1 (w) server sBot 2.0 Vulnerabilities & Exploits: www.securitytracker.com: paBox Authentication Flaw Lets Remote Users Gain Administrative Access and Execute Arbitrary Commands. Read more www.securitytracker.com: CuteNews Input Validation Flaw Lets Remote Users Inject Control Panel Commands to Be Executed By an Administrator. Read more www.securiteam.com: Buffer Overflow Vulnerability in Adobe Acrobat Reader. Read more www.securiteam.com: Aprelium Abyss Webserver X1 Arbitrary Code Execution and Header Injection. Read more www.securiteam.com: Vulnerability Enables Passport Account Hijackings (No Secret Question). Read more www.securiteam.com: Information Disclosure Vulnerability in ShareMailPro. Read more www.securiteam.com: PinkNet Web Server Directory Traversal Issue. Read more www.securiteam.com: Linux 2.4.x execve() File Read Race Vulnerability. Read more www.securiteam.com: Admin Account Creation Vulnerability in CuteNews (CSS). Read more www.securiteam.com: Cach� Insecure Installation File and Directory Permissions. Read more www.securiteam.com: VMware Workstation Privilege Escalation Via Symlink Manipulation. Read more News: www.smh.com.au: Hacker who threatened Bloomberg gets prison. Read more www.globeandmail.com: Microsoft patches another Passport hole. Read more www.smh.com.au: Slammer worm beats the rest. Read more www.extremetech.com: ZoneLabs Won't Fix Hole In Free Firewall. Read more www.iht.com: U.S. cracks down on e-tailers it sees as lax on security. Read more boston.com: Compliance Challenges Seen for Calif. Hacking Law. Read more www.forbes.com: US oil platform watcher shuts net over Indian suit. Read more

01 july 2003 New Trojans: Hatred-Fiend 1.0 Postal irc bot C|0.5 OICQsearch 1.5 Vulnerabilities & Exploits: www.securitytracker.com: XGalaga Buffer Overflow May Let Local Users Gain Elevated Privileges. Read more www.securitytracker.com: PinkNet Web Server Discloses Files on the System to Remote Users. Read more www.securitytracker.com: ImageMagick Unsafe Temporary Files May Let Local Users Gain Elevated Privileges. Read more www.securitytracker.com: Mantis on Debian Linux Discloses Database Password to Local Users. Read more www.debian.org: DSA-338-1 proftpd -- SQL injection. Read more www.debian.org: DSA-337-1 gtksee -- buffer overflow. Read more www.debian.org: DSA-336-1 linux-kernel-2.2.20 -- several. Read more www.debian.org: DSA-335-1 mantis -- incorrect permissions. Read more www.debian.org: DSA-334-1 xgalaga -- buffer overflows. Read more News: www.securityfocus.com: PetCo Plugs Credit Card Leak. Read more www.pcworld.com: Another Passport Flaw Reported. Read more www.theregister.co.uk: Mindjail worms way through IRC. Read more www.theregister.co.uk: ZoneAlarm bells ring over freeware vuln. Read more www.theregister.co.uk: Virus writers boost output in 2003. Read more www.securityfocus.com: Can Microsoft End Spam? Read more www.wnbc.com: Nationwide Retailer Falls Prey To Hacker. Read more www.clickondetroit.com: Old E-Mail Scam Breeds New Life. Read more australia.internet.com: Nothing is Secret with Spyware Lurking in PCs. Read more www.computerworld.com.au: Corporation caught in the cross hairs. Read more www.sundayherald.com: Young cyber-terrorists hold top US firms to ransom in Transylvania. Read more www.sltrib.com: Hunting for Hot Spots. Read more www.mi2n.com: Hacking The Xbox: A Handbook For A New Generation Of Hackers. Read more

Copyright� MegaSecurity.org