Bookmark or link to: kobayashi.cjb.net. All other url`s could change!

Home   News Archive    Translate Traducen

News September 2003

30 september 2003 New Trojans: Back Attack 2.0 Danton 4.2.3 NetControl TakeOver 2.0 (a) server Hacker defender 0.37 Blackhole 2002 (g & h) Guides, Papers, etc. www.securityfocus.com: Exploiting Cisco Routers (Part One). Read more Vulnerabilities & Exploits: www.securitytracker.com: Freesweep Buffer Overflows Let Local Users Obtain 'games' Group Privileges. Read more www.securiteam.com: MPlayer Buffer Overflow (asf_streaming). Read more www.securiteam.com: Marbles HOME Environment Overflow Exploit Code. Read more www.securiteam.com: ArGoSoft FTP Server XCMD Buffer Overflow. Read more www.securiteam.com: mIRC USERHOST Buffer Overflow. Read more www.securiteam.com: Multiple Vulnerabilities in 602Pro LAN SUITE 2003 (Incorrect File Permissions, File Reading). Read more www.securiteam.com: sbox Information Disclosure Vulnerability. Read more www.securiteam.com: mj-server Long Hostname Buffer Overflow (client). Read more www.securiteam.com: Cfengine Remotely Exploitable Buffer Overflow (net.c). Read more www.debian.org: DSA-392-1 webfs -- buffer overflows, file and directory exposure. Read more www.debian.org: DSA-391-1 freesweep -- buffer overflow. Read more www.debian.org: DSA-390-1 marbles -- buffer overflow. Read more www.proftpd.org: X-Force Research Discovers Remote Exploit. Read more News: www.townhall.com: Spam E-mail Reveals Internet Security Threat, Experts Warn. Read more news.com.com: IE holes lead to AIM, dial-up attacks. Read more www.internetweek.com: Recent Internet Explorer Patch Failed To Fix Security Hole. Read more http://www.securityfocus.com: The Subpoenas are Coming! Read more www.theregister.co.uk: FBI bypasses First Amendment to nail a hacker. Read more

29 september 2003 New Trojans: LANfiltrator 1.1 fixed Fearless Keyspy 2.0 Taladrator 2003 3.1 public Guides, Papers, etc. www.softpanorama.org: Integrity Checkers and Trojan detectors. Read more Vulnerabilities & Exploits: www.securitytracker.com: Geeklog Input Validation Flaws Permit SQL Injection and Cross-Site Scripting Attacks. Read more www.securitytracker.com: Invision Power Board Configuration File Permission Flaw Lets Local Users Inject Malicious Code. Read more www.securitytracker.com: A-CART Input Validation Flaw in 'signin.asp' Permits Remote Cross-Site Scripting Attacks. Read more News: joongangdaily.joins.com: Computers here hit by new worm. Read more www.computerweekly.com: Thought for the day: Share the love, not the viruses. Read more worldwatch.linuxgazette.com: [US] Author of 'How MS Software Poses Security Risk' Report Fired. Read more

28 september 2003 New Trojans: Jodeitor 1.0 beta Jodeitor 1.1 beta KCGame Guides, Papers, etc. P2P ENTRAPMENT - INCRIMINATING PEER TO PEER NETWORK USERS. (pdf) Read more PhreakNIC is a convention held yearly in Nashville, TN, usually during the month of October. Read more Vulnerabilities & Exploits: www.securitytracker.com: Apache Web Server mod_cgi Error May Let Malicious CGI Scripts Crash the Web Service. Read more www.securitytracker.com: Marbles Game HOME Environment Variable Buffer Overflow Lets Local Users Gain Elevated Privileges. Read more News: www.theregister.co.uk: Microsoft: a threat to global IT and job security? Read more rss.com.com: Microsoft critic dismissed by @Stake. Read more www.gridtoday.com: Top College Declares War on Hackers, Virus Authors. Read more

27 september 2003 New Trojans: Fwb Dloader 1.0 Beta NetScreen 2.0 MagicLink netPcSpy 1.0 Legend 3.97 Guides, Papers, etc. CyberInsecurity: The cost of Monopoly (pdf) Vulnerabilities & Exploits: www.securitytracker.com: Sambar Server Contains Multiple Unspecified Vulnerabilities. Read more www.securitytracker.com: sbox May Disclose Installation Path and User Account Paths to Remote Users. Read more www.securitytracker.com: Cfengine Buffer Overflow in 'cfservd' Lets Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: myServer Input Validation Flaw Discloses Files on the System to Remote Users. Read more News: www.pcworld.com: IM Worms Pose Growing Threat. Read more times.hankooki.com: New Computer Worm Spreading. Read more zdnet.com.com: Feds nab second suspect in worm attacks. Read more www.internetweek.com: How An Online Business Is Defending Itself Against A Denial-Of-Service Attack From The Swen Virus. Read more www.azcentral.com: Computer virus cripples visa-checking system. Read more

26 september 2003 New Trojans: CrashCool 1.0 CrashCool 2.0 TBT Nightmare 1.0 XHX 1.73 Vulnerabilities & Exploits: www.securitytracker.com: 602Pro LAN Suite Discloses Files on the System to Remote Authenticated Users. Read more www.securitytracker.com: Comment Board Message Field Input Validation Flaws Permit Remote Cross-Site Scripting Attacks. Read more www.securitytracker.com: GNOME Desktop on Solaris May Not Let Root Users Lock the Screen. Read more www.securitytracker.com: WebTool-userpass May Disclose SSH User Passphrases to Certain Local Users. Read more www.securitytracker.com: Re-Boot Design ASP Forum SQL Injection Flaw Yields Remote Access to Any User Account. Read more www.securitytracker.com: Thread-IT Message Field Input Validation Flaws Permit Remote Cross-Site Scripting Attacks. Read more www.securitytracker.com: Null httpd Can Be Crashed By Remote Users Sending Incomplete HTTP POST Requests. Read more www.securitytracker.com: BRS WebWeaver May Fail to Properly Log Certain Requests With Long Host Field Contents. Read more www.securitytracker.com: Gauntlet Firewall 'sql-gw' Proxy Can Be Crashed By Remote Users Sending Invalid Data. Read more www.securitytracker.com: Savant Web Server Can Be Crashed By Remote Users Requesting '/%x' and Similar Strings. Read more www.securitytracker.com: TclHttpd 'dirlist.tcl' Discloses Directory Contents to Remote Users and Permits Remote Cross-Site Scripting Attacks. Read more www.securitytracker.com: MondoSearch 'MsmSetup.exe' Query String Flaw Lets Remote Users Execute Arbitrary Code. Read more News: www.securityfocus.com: Car shoppers' credit details exposed in bulk. Read more www.centredaily.com: FBI steps up pursuit of cybercrime. Read more insight.zdnet.co.uk: Who writes viruses? Read more www.theregister.co.uk: Sobig linked to DDoS attacks on anti-spam sites. Read more www.newsfactor.com: Virus Attack Highlights Need for U.S. Patch-Management Policy. Read more www.securityfocus.com: AtStake fires executive over Microsoft criticism. Read more

25 september 2003 New Trojans: Danton 4.1.4 beta SuperBot Trojan 1.0 Snow 2.8 Guides, Papers, etc. www.securityfocus.com: Intrusion Detection Terminology (Part Two). Read more Vulnerabilities & Exploits: www.securitytracker.com: mpg123 Buffer Overflow In Reading Remote Strings Lets Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: ProFTPD ASCII Mode File Upload Buffer Overflow Lets Certain Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: wzdftpd Login Exception Handling Flaw Lets Remote Users Crash the FTP Service. Read more www.securitytracker.com: Sanctum AppScan Audit Edition May Not Detect Certain Javascript URLs. Read more www.securitytracker.com: Portable OpenSSH PAM free() Bug May Let Remote Users Execute Root Code. Read more www.securitytracker.com: Ingate Firewall May Let Remote Users Setup Sessions By Sending SYN+RST Packets. Read more www.securitytracker.com: NetUP UTM Input Validation Flaws Permit Remote Session Hijacking and Subsequent Command Execution. Read more www.securiteam.com: ColdFusion Cross-Site Scripting Security Vulnerability (Default Error Page). Read more www.securiteam.com: Microsoft BizTalk Server ISAPI HTTP Receive Function Buffer Overflow (biztalkhttpreceive.dll). Read more www.securiteam.com: SpeakFreely Spoofed DoS. Read more www.securiteam.com: Mpg123 Remote Client-Side Heap Corruption (Exploit, readstring()). Read more www.securiteam.com: ProFTPD ASCII File Remote Compromise Vulnerability. Read more News: www.securityfocus.com: Police hunt down owner of fake banking Web site. Read more www.ciol.com: Microsoft �monoculture� a threat to security. Read more www.smh.com.au: Reliance on Microsoft a threat to security: experts. Read more www.internetweek.com: Security Problems Could Destroy Microsoft (Wagner's Weblog). Read more www.news.com.au: Virus hits US State Department. Read more www.azcentral.com: Computer virus cripples visa-checking system. Read more www.philly.com: Personal Computing | Scourge of viruses reaches crisis stage. Read more www.nbc4.tv: DirecTV Hacker Is First Person Convicted Under Digital Millennium Copyright Act. Read more

24 september 2003 New Trojans: TRKShell 0.1 Beast 1.91 & 1.92(b) server Net Metropolitan 1.04 Guides, Papers, etc. www.blackhat.com: Black Hat Call for Papers. Read more Vulnerabilities & Exploits: www.securitytracker.com: Mac OS X arplookup() May Let Local Subnet Users Crash the System. Read more www.securitytracker.com: Speak Freely Can Be Crashed By Remote Users Sending Spoofed Packets or a Malformed GIF File. Read more www.securitytracker.com: wu-ftpd MAIL_ADMIN Option May Let Remote Authenticated Users Execute Arbitrary Code. Read more www.securitytracker.com: Xitami Web Server Can Be Crashed By Remote Users Sending Large HTTP GET Request Headers. Read more www.securiteam.com: SpeakFreely Malformed GIF Vulnerability. Read more xforce.iss.net: ProFTPD ASCII File Remote Compromise Vulnerability. Read more News: www.theregister.co.uk: MSN torches chatrooms. Read more story.news.yahoo.com: Security Report Puts Blame on Microsoft. Read more www.eweek.com: Unfriendly Updates. Read more www.esj.com: CERT: Best Practices for Beating Worms. Read more www.securityfocus.com: State Department's warns visa-checking system crippled by computer virus. Read more www.theregister.co.uk: Man beats Microsoft, becomes instant domain expert. Read more news.zdnet.co.uk: Intrusion detection team denies Trojan claim. Read more news.bbc.co.uk: 'Relentless' pace of hack attacks. Read more www.bayarea.com: Hollywood hacks impress experts. Read more www.theregister.co.uk: Cable ISP kneecaps heavy users. Read more www.theregister.co.uk: VeriSign stands firm on Site Finder. Read more www.theregister.co.uk: Dutch spammer to appear in US court. Read more

23 september 2003 New Trojans: Illusion 1.0 Stability 1.0 CyberJack 1.01 server 2 Guides, Papers, etc. www.cert.org: Viruses and Worms: What Can We Do About Them? Read more Vulnerabilities & Exploits: www.securiteam.com: myPHPnuke SQL Injection ($aid). Read more www.securiteam.com: LSH Vulnerable to Remote Root Compromise (channel_commands, read_line). Read more News: www.theregister.co.uk: Norton Antivirus product activation cracked. Read more www.theregister.co.uk: Microsoft ordered to pay Mass legal fees. Read more www.usatoday.com: Tech pros get to know their enemy. Read more www.theregister.co.uk: Credit checkers launch ID fraud watch services. Read more

22 september 2003 New Trojans: A-311 Death 1.03 (g) Der Spaeher 3.0 (b) client Netget (a) Guides, Papers, etc. IAB Commentary: Architectural Concerns on the use of DNS Wildcards. Read more Vulnerabilities & Exploits: www.securiteam.com: hztty Buffer Overflow Exploit Code (-I). Read more www.securiteam.com: Knox Arkeia Pro Remote Root Exploit. Read more www.securiteam.com: Solaris SADMIND Exploitation (Single UDP Packet, MetaSploit). Read more www.securitytracker.com: Lucent (Ascend) MAX TNT Universal Gateway May Grant Root Access to Dial-up User. Read more www.securitytracker.com: ipmasq Filtering Rules May Let Remote Users Pass Unauthorized Packets Through the Firewall. Read more www.securiteam.com: Denial of Service and JVM Crash via User Injectable XSL Template (toStdout). Read more www.securiteam.com: Denial of Service Vulnerability in DB2 Discovery Service. Read more www.securiteam.com: Yahoo! Webcam ActiveX Control Buffer Overflow. Read more www.securiteam.com: Microsoft BizTalk Server Documentation and Repository Sites Weak Permissions. Read more www.securiteam.com: Community Wizard Authentication Bypass Vulnerability (SQL Injection). Read more www.securiteam.com: Directory Traversal Vulnerability in Plug & Play Web Server. Read more www.securiteam.com: Denial of Service in Plug and Play's FTP Server. Read more News: www.zdnet.com: Will Microsoft ever get secure? Read more

21 september 2003 New Trojans: OICQsearch 1.4 ICMP-Cmd 1.0 Guides, Papers, etc. The Analysis of RPC Long Filename Heap Overflow AND a Way to Write Universal Heap Overflow of Windows. Read more Vulnerabilities & Exploits: bug in NORTON ANTIVIRUS FOR WINXP. Read more www.securitytracker.com: Powerslave Portalmanager Discloses Database Information to Remote Users. Read more www.securitytracker.com: ColdFusion Default Error Handlers Permit Remote Cross-Site Scripting Attacks. Read more www.securitytracker.com: Knox Arkei Pro Buffer Overflow Yields Root Privileges to Remote Users. Read more www.securitytracker.com: Midnight Commander Uninitialized Buffer May Let Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: lsh Buffer Overflow Lets Remote Users Execute Arbitrary Code With Root Privileges. Read more www.debian.org: DSA-388-1 kdebase -- several vulnerabilities. Read more

20 september 2003 New Trojans: Danton 4.2.1 beta Winlogin Red ZONE 6.3 Vulnerabilities & Exploits: www.securitytracker.com: hztty Buffer Overflows Let Local Users Gain Elevated Privileges. Read more www.securitytracker.com: Half-Life 'rcon' Remote Console Sends Passwords in Clear Text. Read more www.securitytracker.com: Mambo Site Server Input Validation Flaw in '$id' Permits SQL Injection. Read more www.securitytracker.com: IBM DB2 Discovery Service Can Be Crashed By Remote Users. Read more www.securitytracker.com: Microsoft BizTalk Server Default Directory Permissions May Let Remote Users Deny Service. Read more News: www.theregister.co.uk: Nasty worm poses as MS security update. Read more www.bizreport.com: Screen Shots of Swen Worm. Read more www.internetweek.com: 'Swen' Worm Posing As Microsoft E-Mail Spreads Fast. Read more www.nzherald.co.nz: New email worm targets hole in Internet Explorer. Read more www.securityfocus.com: Accused AOL phisher spammed the FBI. Read more www.theregister.co.uk: Software guru wants New Accounting. Read more www.theregister.co.uk: Verisign backlash gathers force. Read more

19 september 2003 New Trojans: WebDownloader VBS (b) BFGhost 1.0 Guangwai Girl 1.52b Guides, Papers, etc. www.securityfocus.com: Wireless Network Policy Development (Part One). Read more Vulnerabilities & Exploits: www.debian.org: DSA-387-1 gopher -- buffer overflows. Read more www.debian.org: DSA-386-1 libmailtools-perl -- input validation. Read more www.debian.org: DSA-385-1 hztty -- buffer overflows. Read more www.debian.org: DSA-384-1 sendmail -- buffer overflows. Read more www.coresecurity.com: Multiple IBM DB2 Stack Overflow Vulnerabilities. Read more www.securitytracker.com: IBM DB2 db2licm and db2dart Buffer Overflows Let Local Users Obtain Root Privileges. Read more www.securitytracker.com: Plug and Play Web Server Lets Remote Authenticated Users Crash the FTP Service Sending Long FTP Commands. Read more www.securitytracker.com: Sendmail Ruleset Buffer Overflow Has Unspecified Impact. Read more News: www.theinquirer.net: Beware fake Microsoft "security" spam. Read more www.ciol.com: Internet Explorer abets new worm attack. Read more www.nwfusion.com: New Internet worm targets e-mail, P2P software. Read more www.securityfocus.com: Verisign's 'SiteFinder' finds privacy hullabaloo. Read more www.eweek.com: Solaris Flaw Leaves Machines Open to Attacks. Read more www.computerworld.com: Four questions to ask to stay secure in an anywhere, anytime world. Read more www.theregister.co.uk: Blaster trial set for November 17. Read more www.theregister.co.uk: Melissa author helped Feds track other virus writers. Read more www.bayarea.com: Hollywood hacks impress experts. Read more

18 september 2003 New Trojans: Beast 2.02 Hacker defender 0.21 Skull-Burrow 5.0 server (i) WinEggDrop Shell 1.50 Guides, Papers, etc. www.securityfocus.com: Dynamic Honeypots. Read more Vulnerabilities & Exploits: www.debian.org: DSA-383-1 ssh-krb5 -- possible remote vulnerability. Read more www.debian.org: DSA-382-2 ssh -- possible remote vulnerability. Read more www.securitytracker.com: Sendmail Prescan Flaw May Let Remote Users Execute Arbitrary Code With Root Privileges. Read more www.securitytracker.com: TM-POP3 Mail Server Discloses User Passwords to Local Users. Read more www.securitytracker.com: Yahoo! Webcam Viewer ActiveX Buffer Overflow Permits Remote Code Execution. Read more www.securitytracker.com: KDE Display Manager pam_setcred() Failure May Grant Root Access to Remote Authenticated Users. Read more www.securitytracker.com: OpenSSH buffer_append_space() and Other Buffer Management Errors May Let Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: Solaris sadmind Weak Authentication May Let Remote Users Execute Arbitrary Commands With Root Privileges. Read more www.securiteam.com: Yak! File Transfer Mechanism Exposes System To Compromise. Read more www.securiteam.com: Buffer Overflow in WideChapter Browser. Read more www.securiteam.com: Microsoft ASP.NET Request Validation Bypass Vulnerability. Read more www.securiteam.com: SCO Internet Manager Allows Local Users to Gain Root Level Privileges. Read more www.securiteam.com: KDM Vulnerabilities (pam_setcred, session cookie). Read more www.securiteam.com: OpenSSH Buffer Management Vulnerability. Read more www.securiteam.com: Exploit Code Released for Buffer Overflow in Liquidwar. Read more www.securiteam.com: RealOne Player 9 Privileges Escalation (cook.so.6.0). Read more www.securiteam.com: Remote rpc.mountd Exploit for xlog() Vulnerability. Read more www.securiteam.com: Windows RPC DCOM Long Filename Heap Overflow Exploit (MS03-039). Read more News: story.news.yahoo.com: Worm Exploiting Latest Windows Flaw Expected 'Any Day'. Read more www.securityfocus.com: Melissa author helped FBI bust other virus writers. Read more www.securityfocus.com: Teen charged in Internet worm attack pleads innocent. Read more www.theregister.co.uk: New exploit heralds Blaster 2 attack. Read more www.nzherald.co.nz: Hacker put details on web in spite. Read more www.securityfocus.com: Does Microsoft Give a Damn? Read more www.theregister.co.uk: BIND developer blocks Verisign Net grab move. Read more

17 september 2003 New Trojans: The Matrix Chat 0.7 Beta Iroffer 1.2b20 WinEggDrop Shell 1.34 Mtexer 1.0 Tools www.insecure.org: Nmap 3.45: Version Scanning. Read more Gspoof is a tool which make easier and accurate the building and sending of tcp-ip packets. It works from console (command line) and has an interface graphics written in GTK+ too. Read more Vulnerabilities & Exploits: www.securitytracker.com: Liquid War HOME Environment Variable Overflow Lets Local Users Gain Elevated Privileges. Read more www.securitytracker.com: Nokia Electronic Documentation Default Configuration Permits Remote HTTP Proxy Services. Read more www.securitytracker.com: Easy File Sharing Web Server Discloses Files and Passwords to Remote Users. Read more www.securitytracker.com: WideChapter Browser Buffer Overflow Allows Arbitrary Code Execution. Read more www.securitytracker.com: phpBB Smiley Panel Input Validation Flaw Permits Remote Cross-Site Scripting. Read more www.securitytracker.com: Minihttp File Sharing for net Password Parsing Flaw Grants Admin Privileges to Remote Users. Read more www.securitytracker.com: Minihttp Forum Web Server Password Parsing Flaw Grants Admin Privileges to Remote Users. Read more www.securitytracker.com: ChatZilla Client Can Be Crashed By IRC Servers Sending Long Requests. Read more www.securitytracker.com: FTGate Pro 'ftgatedump' Discloses Mailboxes, Passwords, and Configuration Data to Remote Users. Read more www.securitytracker.com: MyPHPNuke 'auth.inc.php' $aid Input Validation Flaw Permits Remote SQL Injection. Read more www.securitytracker.com: SCO Internet Manager (mana) Environment Variable Validation Flaw Lets Local Users Grab Root Privileges. Read more www.securiteam.com: Remote Vulnerability in 4D WebSTAR Server (Long PASS, PCC Exploit). Read more www.securiteam.com: PINE Exploit Code Released (message/external-body type, e-mail headers). Read more www.securiteam.com: Gordano Messaging Suite - Multiple Vulnerabilities. Read more www.securiteam.com: Predictability and Vulnerability in the Canadian Firearms Centre's On-Line Services Web Site. Read more www.securiteam.com: Nokia Electronic Documentation - Multiple Vulnerabilities. Read more www.securiteam.com: Multiple Overflows in Spider. Read more www.securiteam.com: Remote Root Exploitation of Default Solaris sadmind Setting. Read more www.securiteam.com: Vulnerability in Bandsite Allows Gaining Admin Access. Read more www.securiteam.com: DSPAM Default Permissions Vulnerability. Read more www.securiteam.com: ChatZilla Remote Denial of Service Vulnerability (Long Buffer). Read more www.securiteam.com: Asterisk CallerID CDR SQL Injection. Read more www.securiteam.com: Buffer Overflow in Liquidwar. Read more News: www.sfgate.com: Hackers distributing new software to break into Windows computers. Read more www.theage.com.au: Exploit code for Windows flaw available on the net. Read more www.620ktar.com: Hackers Pass Out New Software for Attacks. Read more

16 september 2003 New Trojans: X2a 1.0 Danton 4.1.1 beta System33r Downloader 0.4 WinCrash Server (b) Vulnerabilities & Exploits: www.securitytracker.com: Spider Linux Game Buffer Overflows Let Local Users Gain 'games' Group Privileges. Read more www.securitytracker.com: Enceladus Server Suite FTP Command Buffer Overflows Let Remote Authenticated Users Crash the FTP Service. Read more www.securitytracker.com: DBabble Chat Server Input Validation Flaws Permit Remote Cross-Site Scripting Attacks. Read more www.texonet.com: SCO OpenServer / Internet Manager (mana). Read more News: www.smh.com.au: Fears of new Windows exploit grow. Read more www.news.com.au: Microsoft 'humbled' on security. Read more www.computerweekly.com: Virus attacks: who is to blame? Read more www.billingsgazette.com: Only some Hollywood depictions of hackers get it right. Read more www.computerweekly.com: Groundswell: Have we been let off lightly by virus attacks? Read more star-techcentral.com: Ballmer talks tough on viruses. Read more seattlepi.nwsource.com: Should Microsoft be liable for bugs? Read more www.wired.com: Sex Sites Sick of Getting Screwed. Read more

15 september 2003 New Trojans: Cruel Intentionz 1.21 Zdziubus 0.1 beta Iroffer 1.2b19 Vulnerabilities & Exploits: www.securitytracker.com: vbPortal 'auth.inc.php' Input Validation Flaw Lets Remote Users Inject. Read more www.securitytracker.com: Yak! Chat Default Account Lets Remote Users Access the File System. Read more www.securitytracker.com: MyServer 'cgi-lib.dll' Buffer Overflow Permits Remote Code Execution. Read more www.securitytracker.com: VSNL POP E-mail Client Discloses Account Authentication Information Via the Referer Field. Read more www.securiteam.com: Rational Clearcase Exploit Code Released. Read more www.securiteam.com: Eudora Attachment Spoof (Exploit). Read more www.securiteam.com: Integer Overflow in OpenBSD Kernel (PoC). Read more www.securiteam.com: MyServer Buffer Overflow Vulnerability (math_sum.mscgi). Read more www.securiteam.com: RAR Fails to Determine Actual File Size (DoS). Read more www.securiteam.com: Multiple Heap Overflows in FTP Desktop. Read more www.securiteam.com: Apache::Gallery Local Privilege Escalation (Exploit). Read more News: www.theage.com.au: Hacker goes over to the other side. Read more www.smh.com.au: Virus-crackers kept on their toes. Read more www.net4nowt.com: Windows� flaws encourage Hackers. Read more www.rockymountainnews.com: Digital crime fighters. Read more www.usatoday.com: Virus writers difficult to find in cyberspace. Read more www.guardian.co.uk: Barclays calls in cyber-police. Read more news.independent.co.uk: Fraud hits online bankers. Read more www.infoanarchy.org: Don't link to that story! Read more

14 september 2003 New Trojans: AHS 1.14 Snow 2.7 Let Me Rule 2.0 beta 8.1 Half Life Jacker 1.0 Vulnerabilities & Exploits: www.securitytracker.com: Bandsite Portal Software Authentication Flaw Lets Remote Users Add Administrators. Read more www.securitytracker.com: Microsoft Internet Explorer Media Sidebar Flaw Lets Remote Users Execute Arbitrary Code on the System. Read more www.securitytracker.com: Microsoft Internet Explorer Various Cross-Domain Flaws Permit Remote Scripting in Arbitrary Domains. Read more www.securitytracker.com: 4D WebSTAR Password Command Buffer Overflow in FTP Service Lets Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: 'man' Buffer Overflow in MANPL Variable May Let Local Users Gain Elevated Group Privileges. Read more www.securitytracker.com: Asterisk PBX Input Validation Flaw Lets Remote Users Inject SQL Commands via CallerID. Read more News: www.mb.com.ph: Experts warn vs PC zombies, �drive by� hackers in the wild. Read more

13 september 2003 New Trojans: Danton 4.2.2 Stealth Shutdown PsyberMind 1.12 Remote HAVOC 1.0.2 Remote HAVOC 3.0.1 Vulnerabilities & Exploits: www.debian.org: DSA-380-1 xfree86 -- buffer overflows, denial of service. Read more www.securitytracker.com: myPHPNuke 'displayCategory.php' Include File Flaw Lets Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: GtkHTML hts_fit_line() Null Pointer Dereference Lets Remote Users Crash the Application. Read more www.securitytracker.com: Gordano Messaging Suite (GMS) Can Be Crashed By Remote Users Sending Certain Invalid URLs. Read more www.securitytracker.com: MySQL acl_init() Buffer Overflow Permits Remote Authenticated Administrators to Execute Arbitrary Code. Read more www.securitytracker.com: Pine E-mail Client Buffer Overflows in Parsing Message Attributes Permit Remote Code Execution. Read more www.securitytracker.com: OpenBSD Semaphore Integer Overflow Lets Local Root Users Bypass 'securelevel()' Access Controls. Read more www.securitytracker.com: Microsoft Windows Remote Procedure Call (RPC) DCOM Activation Buffer Overflows Let Remote Users Execute Arbitrary Code. Read more News: www.securitynewsportal.com: Symantec wants to criminalize the sharing of security info and tools. Read more www.theregister.co.uk: E-mail fraudsters target Barclays. Read more www.wired.com: Just Say No to Viruses and Worms. Read more linux.oreillynet.com: The Hacker Behind "Hacking the XBox". Read more www.mytelus.com: Hacker accused of breaking into New York Times system free on bail. Read more www.reuters.com: U.S. computer hacker ordered to live with parents. Read more www.theregister.co.uk: Wi-Fi whistle blower faces criminal charges. Read more www.theregister.co.uk: Microsoft in reasonable Net action shocker! Read more

12 september 2003 New Trojans: System33r Stealth Downloader 0.1 System33r Stealth Downloader 0.3 Iroffer 1.2b18 Tools Microsoft Windows RPC DCOM II Unix based Scanner (MS03-039). Read more TCP Toolkit. A C frontend to the TCP packet creation capabilities provided by Libnet. Allows complete control when creating TCP packets, including forging/spoofing source IP and MAC addresses, payload, TCP flags, etc. Read more Guides, Papers, etc. www.securityfocus.com: Demonstrating ROI for Penetration Testing (Part Three). Read more www.securityfocus.com: Hardening the TCP/IP stack to SYN attacks. Read more Vulnerabilities & Exploits: www.debian.org: DSA-379-1 sane-backends -- several vulnerabilities. Read more www.securitytracker.com: Escapade Input Filtering Flaw Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more www.securiteam.com: Buffer Overrun In RPCSS Service Could Allow Code Execution. Read more News: news.bbc.co.uk: Windows faces fresh web worm woe. Read more www.securiteam.com: Lamo denies $300,000 database hack. Read more www.freep.com: Hacker's pranks started out small. Read more news.com.com: 'Homeless hacker' free pending court date. Read more news.com.com: IE patent endgame detailed. Read more

11 september 2003 New Trojans: trojan friend 1.0 NetCrack 1.3 alpha 3.0 ZeroHacker 1.0 Vulnerabilities & Exploits: www.eeye.com: Microsoft RPC Heap Corruption Vulnerability - Part II. Read more xforce.iss.net: Multiple Vulnerabilities in Microsoft RPC Service. Read more www.idefense.com: Two Exploitable Overflows in PINE. Read more www.nsfocus.com: Microsoft Windows RPC DCOM Interface Heap Overflow Vulnerability. Read more www.securitytracker.com: phpBB Input Filtering Flaw in BBCode '[URL]' Tag Permits Remote Cross-Site Scripting Attacks. Read more www.securitytracker.com: Apache::Gallery Unsafe Temporary Files May Let Local Users Gain Apache Web Server Privileges. Read more www.securitytracker.com: WebX Server Discloses Files on the System to Remote Users. Read more www.securitytracker.com: RealOne Player for Linux File Permissions May Allow Local Users to Gain Elevated Privileges. Read more www.securitytracker.com: MyServer Can Be Crashed By Remote Users Requesting Long (512 Character) URLs. Read more www.securitytracker.com: Winamp Buffer Overflow in 'IN_MIDI.DLL' Lets Malicious MIDI Files Execute Arbitrary Code. Read more www.securitytracker.com: FTP Desktop Heap Overflow in Processing FTP Banners Lets Remote Users Execute Arbitrary Code. Read more News: Microsoft Security Bulletin MS03-039 Buffer Overrun In RPCSS Service Could Allow Code Execution (824146). Read more www.chron.com: Microsoft reveals yet another Blaster-like security flaw. Read more www.smh.com.au: 30 unpatched holes in IE, says security researcher. Read more www.theregister.co.uk: Sobig-F is dead. Read more www.computerworld.com: Romanian man to be charged in Blaster release. Read more www.theregister.co.uk: NY Times hacker surrenders, is released. Read more

10 september 2003 New Trojans: WebcamNow Jacker RSC 1.0 RSC 1.1 SkullBurrow 3.0 server Vulnerabilities & Exploits: www.securiteam.com: xMule AttachToAlreadyKnown Double Free Vulnerability Exploit Code. Read more www.securiteam.com: Exploit Code Released for WordPerfect Converter Vulnerability. Read more www.securitytracker.com: ICQ Web Front Input Validation Flaw in Guest Book Code Permits Remote Cross-Site Scripting Attacks. www.securitytracker.com: mah-jong Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: WS_FTP Server Can Be Crashed By Remote Users Sending QUOTE Commands. Read more www.securitytracker.com: RealSecure Server Sensor Unicode Flaw Lets Remote Users Crash the IIS Web Service. Read more www.securitytracker.com: Asterisk 'chan_sip.c' SIP Message Buffer Overflow Lets Remote Users Gain Access to the System. Read more www.securitytracker.com: FoxWeb Buffer Overflow in 'foxweb.dll' Lets Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: Microsoft Visual Basic for Applications (VBA) in Multiple Microsoft Products Permits Remote Code Execution. Read more www.securitytracker.com: Microsoft Converter for WordPerfect Has Buffer Overflow That Lets Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: Microsoft Word Document Validation Error Lets Macros Run Without Warning. Read more www.securitytracker.com: Microsoft Windows NetBIOS Name Service May Disclose Memory Contents to Remote Users. Read more www.securitytracker.com: Microsoft Access Snapshot Viewer ActiveX Control Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: ZoneAlarm Network Connectivity Can Be Blocked By Remote Users Sending Multiple UDP Packets. Read more www.debian.org: DSA-378-1 mah-jong -- buffer overflows, denial of service. Read more www.debian.org: DSA-377-1 wu-ftpd -- insecure program execution. Read more News: www.nwfusion.com: Hackers jump through holes in Microsoft patch. Read more DoD Cyber Crime Conference. Call For Papers. Read more www.theregister.co.uk: Police smash UK's biggest credit card fraud ring. Read more www.theregister.co.uk: NY Times hacker set to surrender. Read more news.com.com: 'Homeless hacker' surrenders. Read more www.theregister.co.uk: Forgive me my trespasses. Read more

09 september 2003 New Trojans: SubRoot 1.3 Red ZONE 6.5 Red ZONE 4.1 Red ZONE 4.0 (beta3) URCS 1.07 superSpy 2.0 Beta (b) Hacker defender 0.30 Hacker defender 0.33 QFZ 5.0 SD Slime 1.2 Trojan Spirit 2001a Fixed Edition 1.2 Instalation [b] Small (d) Jack Trojan 2.0 Spybot 1.1 Spybot 1.2c HTTP RAT 0.3 (k) HTTP RAT 0.31 (l & m) Ontarget 1.1 FreeGatez Iroffer 1.2b15 Iroffer 1.2b16 Iroffer 1.2b17 WinEggDrop Shell 1.2 Optix PRO 1.32 WildThing 1.0 AIR 0.1 Minicom 3.6.5 Minicom 3.8.1 Cruel Intentionz 1.2 Blackcobra Downloader Blackcobra LAN Downloader Remote Revise 1.73 Remote Revise 1.72(updated) A-311 Death Server(g) Nuclear Scan 1.1 Zalivator 1.2 Pro (build 75) server Back Attack 1.9 Snow 2.6 Guides, Papers, etc. InlineEgg is a collection of python classes (a "library"), that will help you write small assembly programs, either to use as eggs/shellcode for your exploits or for anything else you may need small assembly programs for. Read more Vulnerabilities & Exploits: www.atstake.com: Asterisk SIP Implementation Issue. Read more www.securitytracker.com: XFree86 Font Library Integer Overflows May Allow Remote Access And Local Privilege Elevation. Read more www.securitytracker.com: SAP Internet Transaction Server Bugs in 'wgate.dll' Disclose Files to Remote Users. Read more securetarget.net: Microsoft Outlook PST Exposure. Read more www.securitytracker.com: LinuxNode Format String and Overflow Flaws Yield Root Access to Remote Users. Read more www.securitytracker.com: eNdonesia Input Filtering Flaw in 'mod' Parameter Allows Remote Users to Conduct Cross-Site Scripting Attacks. Read more www.securitytracker.com: miniPortail Filtering Flaw in 'lng' Parameter Permits Remote Cross-Site Scripting Attacks. Read more www.securitytracker.com: BEA WebLogic Integration Business Connect May Disclose Files to Remote Users. Read more www.securitytracker.com: 'File Sharing for net' Discloses Files on the System to Remote Users. Read more www.securitytracker.com: Yahoo! Messenger Weak Encoding Algorithm Discloses Archived Messages to Local Users. Read more www.securitytracker.com: newsPHP Flaws in 'nphpd' Permit Remote Users to View and Execute Files and Execute Script Functions. Read more www.securitytracker.com: suidperl Discloses File Existence to Local Users. Read more www.debian.org: DSA-375-1 node -- buffer overflow, format string. Read more News: Microsoft Security Bulletin MS03-034 Flaw in NetBIOS Could Lead to Information Disclosure (824105). Read more Microsoft Security Bulletin MS03-035 Flaw in Microsoft Word Could Enable Macros to Run Automatically (827653). Read more Microsoft Security Bulletin MS03-036 Buffer Overrun in WordPerfect Converter Could Allow Code Execution. Read more Microsoft Security Bulletin MS03-037 Flaw in Visual Basic for Applications Could Allow Arbitrary Code Execution (822715). Read more Microsoft Security Bulletin MS03-038 Unchecked buffer in Microsoft Access Snapshot Viewer Could Allow Code Execution (827104). Read more www.smh.com.au: Up close and personal with the social hackers. Read more www.sky.com: COMPUTER VIRUS CHARGE. Read more www.expressindia.com: Teenager arrested in connection with 'Blaster' internet worm. Read more www.terra.net.lb: Teen charged in connection with "Blaster" Internet worm. Read more www.securityfocus.com: Hacking-by-subpoena ruled illegal. Read more www.eweek.com: SoBig.F Packs Few Design Surprises. Read more

Copyright� MegaSecurity.org