Home    News Archive    Translate Traducen

News September 2004

30 September 2004 Vulnerabilities & Exploits www.securitytracker.com: SGI 'bsd.a' Kernel Networking Flaw Has Unspecified Impact. Read more www.securitytracker.com: RealPlayer Flaws May Let Remote Users Execute Arbitrary Code or Delete Known Files. Read more www.securitytracker.com: Serendipity Input Validation Errors Let Remote Users Inject SQL Commands. Read more www.securitytracker.com: Vignette Application Portal 'diag' Utility Discloses Information to Remote Users. Read more www.securitytracker.com: WordPress Input Validation Hole Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more www.securitytracker.com: Icecast Buffer Overflow in Processing HTTP Headers Lets Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: ParaChat Server Input Validation Flaw Discloses Files to Remote Users. Read more www.securitytracker.com: dBpowerAMP Audio Player Buffer Overflows Let Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: dBpowerAMP Music Converter Buffer Overflows Let Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: Microsoft SQL Server Can Be Crashed By Remote Users Sending a Specially Crafted Large Buffer. Read more www.securitytracker.com: PeopleSoft Human Resources Management System (HRMS) Input Validation Holes Let Remote Users Conduct Cross-Site Scripting Attacks. Read more www.securitytracker.com: @lex Guestbook Include File Error Lets Remote Users Execute Arbitrary Commands. Read more www.securitytracker.com: ChatMan Input Validation Error Lets Remote Users Crash the Application. Read more   News: www.theregister.co.uk: Ha, ha you're infected. Read more www.theinquirer.net: JPEG flaw gets instant messaging worm. Read more www.sunnetwork.org: Hackers attack al-Qaeda linked web site. Read more www.crime-research.org: Phishing once more. Read more

29 September 2004 Guides, Papers, etc www.securityfocus.com: Defeating Honeypots: Network Issues, Part 1. Read more   Vulnerabilities & Exploits www.us-cert.gov: Multiple vulnerabilities in Mozilla products. Read more www.securitytracker.com: dBpowerAMP Audio Player Buffer Overflows Let Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: dBpowerAMP Music Converter Buffer Overflows Let Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: Microsoft SQL Server Can Be Crashed By Remote Users Sending a Specially Crafted Large Buffer. Read more www.securitytracker.com: PeopleSoft Human Resources Management System (HRMS) Input Validation Holes Let Remote Users Conduct Cross-Site Scripting Attacks. Read more www.securitytracker.com: @lex Guestbook Include File Error Lets Remote Users Execute Arbitrary Commands . Read more www.securitytracker.com: ChatMan Input Validation Error Lets Remote Users Crash the Application. Read more www.securitytracker.com: Sendmail 'sasl-bin' on Debian Linux Lets Remote Users Relay E-mail. Read more www.securitytracker.com: IBM Reliable Scalable Cluster Technology (RSCT) Lets Local Users Corrupt Files. Read more   News: www.securityfocus.com: U.N. warns of nuclear cyber attack risk. Read more www.microscope.co.uk: Hackers use porn to target Jpeg flaw. Read more www.newsfactor.com: Trojan Exploits Microsoft JPEG Flaw. Read more www.snpx.com: JPEG Exploit Hits Usenet, Worm Close Behind. Read more www.snpx.com: 'JpegOfDeath' Using Windows Weakness To Spread Trojan. Read more

28 September 2004 Tools isc.sans.org: gdiscan.exe was written for Windows 2000 and higher. It scans the drive containing the Windows %system% directory and Looks for vulnerable versions of gdiplus.dll, sxs.dll, wsxs.dll, mso.dll. Read more   Vulnerabilities & Exploits www.securitytracker.com: MyServer Can Be Crashed By Remote Users With a Specially Crafted HTTP POST Request. Read more www.securitytracker.com: YPOPs! Buffer Overflows Let Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: Intellipeer Email Server Discloses Valid User Account Names to Remote Users. Read more www.securitytracker.com: Web Wiz Journal Discloses Database to Remote Users. Read more www.securitytracker.com: Web Wiz Internet Search Engine Discloses Database to Remote Users. Read more www.securitytracker.com: MegaBBS Input Validation Errors Let Remote Users Inject SQL Commands and Conduct Response Splitting Attacks. Read more www.securitytracker.com: Broadboard Input Validation Holes Let Remote Users Inject SQL Commands. Read more www.debian.org: DSA-554-1 sendmail -- pre-set password. Read more www.debian.org: DSA-553-1 getmail -- symlink vulnerability. Read more   News: news.netcraft.com: JPEG Exploit Attempt Sent to Newsgroups, Read more www.winnetmag.com: JPEG GDI+ Trojan Unleashed. Read more www.crime-research.org: Hackers: A JPEG Attack? Read more

27 September 2004 Vulnerabilities & Exploits www.securitytracker.com: fprobe Flaw in 'Change User' Feature Has Unspecified Impact. Read more www.securitytracker.com: Baal Smart Form Lets Remote Users Modify the Administrative Password. Read more www.securitytracker.com: paFileDB Input Validation Flaw in 'file' Module Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more www.securitytracker.com: Groups@AOL Group Invitation Flaw May Let Remote Users Determine User E-mail Addresses or Hijack AIM Accounts. Read more www.securitytracker.com: Motorola WR850G Wireless Router Grants Remote Users Administrative Access. Read more www.securitytracker.com: Linux Kernel ide-cd SG_IO Flaw May Let Local Users Write to Media. Read more   News: nwc.securitypipeline.com: Hackers Smell Blood In Common Windows Interface. Read more nwc.securitypipeline.com: NSF Awards $13 Million For Anti-Worm Research. Read more www.telecomasia.net: US banking agency issues warning on 'phishing'. Read more www.winnetmag.com: Microsoft Nixes Outlook, Outlook Express Access to Free Hotmail Accounts. Read more

26 September 2004 Vulnerabilities & Exploits www.rigelksecurity.com: "Multiple Vulnerabilities in Symantec Enterprise Firewall/Gateway Security Products". Read more www.securitytracker.com: aspWebAlbum Input Validation Holes Let Remote Users Inject SQL Commands. Read more www.securitytracker.com: aspWebCalendar Input Validation Holes Let Remote Users Inject SQL Commands. Read more www.securitytracker.com: flc Command Line Buffer Overflow Lets Local Users Execute Arbitrary Code. Read more www.securiteam.com: Sharutils Format String Vulnerability. Read more www.securiteam.com: Mdaemon SMTP and IMAP Server Remote Buffer Overflow (SAML, LIST commands). Read more www.securiteam.com: Mambo Remote Code Execution And Cross Site Scripting. Read more   News: www.theregister.co.uk: So what is it about Win2k security MS won't enhance? Read more news.bbc.co.uk: Net security threats growing fast. Read more

25 September 2004 Vulnerabilities & Exploits www.securitytracker.com: MySQL libmysqlclient Buffer Overflow in Executing Prepared Statements Has Unspecified Impact. Read more www.securitytracker.com: HP StorageWorks Command View XP Lets Users Bypass Access Controls. Read more www.securitytracker.com: ActivePost Lets Remote Users Upload Arbitrary Files, Detemine Passwords, and Crash the System, and D. Read more www.securitytracker.com: ColdFusion MX May Disclose Source Code to Remote Users. Read more Macromedia JRun Has Multiple Bugs That Permit Session Hijacking, Cross-Site Scripting, and File Source Code Disclosure. Read more   News: www.securityfocus.com: JPEG exploit toolkit spotted online. Read more www.gcn.com: Tool to exploit MS vulnerability is discovered. Read more www.securityfocus.com: US credit card firm fights DDoS attack. Read more www.securityfocus.com: Online Theft. Read more

24 September 2004 Guides, Papers, etc www.securityfocus.com: Detecting Worms and Abnormal Activities with NetFlow, Part 2. Read more   Vulnerabilities & Exploits xforce.iss.net: Microsoft GDI+ JPEG Processing Exploitation. Read more www.securitytracker.com: Yahoo! Store Commerce System Lets Remote Users Modify Prices When Purchasing. Read more www.securitytracker.com: redhat-config-nfs May Set Incorrect Export Permissions. Read more www.securitytracker.com: Subversion mod_authz_svn Discloses Metadata to Remote Users. Read more www.securitytracker.com: Symantec Enterprise Firewall Lets Remote Users Deny Service or Modify the Configuration. Read more www.securitytracker.com: Symantec Gateway Security Lets Remote Users Modify the Configuration. Read more www.securitytracker.com: Sophos Anti-Virus Fails to Detect Malicious Code in Files Named With Reserved DOS Device Names. Read more www.securitytracker.com: MDaemon SMTP and IMAP Buffer Overflows in SAML, SOML, SEND, MAIL, and LIST Commands May Permit Remote Code Execution. Read more www.securitytracker.com: Apache Satsify Directive Error May Let Remote Users Access Restricted Resources. Read more   News: www.theinquirer.net: Hackers work out SP2 JPEG virus. Read more story.news.yahoo.com: Exploit Code Appears for MS Graphics Flaw. Read more www.theregister.co.uk: Virus-obsessed firms ignore insider risk. Read more www.theregister.co.uk: Internet junkies in chilling cold turkey experiment. Read more www.crime-research.org: A man admits hacking into computers of high tech company. Read more

23 September 2004 Vulnerabilities & Exploits www.k-otik.com: Windows JPEG GDI+ Overflow Administrator Exploit (MS04-028). Read more www.securiteam.com: Buffer Overrun in JPEG Processing (GDI+) Exploit. Read more www.securitytracker.com: jadc2s XML Parsing Bug Lets Remote Users Crash the Service . Read more www.securitytracker.com: jabberd XML Parsing Bug Lets Remote Users Crash the Service. Read more www.securitytracker.com: PopMessenger Can Be Crashed By Remote Users With Specially Crafted Messages. Read more www.securitytracker.com: CA Unicenter Management Portal Lets Remote Users Determine Valid Account Names. Read more www.securitytracker.com: Pinnacle ShowCenter Web Interface Can Be Damaged By Remote Users. Read more www.securitytracker.com: OpenBSD login_radius() Authentication Error Lets Remote Users Login to the System. Read more www.securiteam.com: Sophos Small Business Suite Reserved Device Name Handling Vulnerability. Read more www.securiteam.com: PopMessenger Broadcast Crash. Read more www.securiteam.com: glFTPd Local Stack Buffer Overflow. Read more www.securiteam.com: OpenBSD Radius Authentication Vulnerability. Read more www.debian.org: DSA-551-1 lukemftpd -- incorrect internal variable handling. Read more www.debian.org: DSA-552-1 imlib2 -- unsanitised input. Read more   News: news.com.com: Code to exploit Windows graphics flaw now public. Read more www.theregister.co.uk: P-cube goes hunting for zombie PCs. Read more www.theregister.co.uk: Click here to become infected. Read more www.pcworld.com: Hackers Hit Credit Card Company. Read more www.crime-research.org: The former employee of computer consulting firm pleads guilty to computer attack charge. Read more

22 September 2004 Vulnerabilities & Exploits www.securitytracker.com: MySQLGuest Lack of Input Validation Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more www.securitytracker.com: Emulive Server4 Authentication Error Grants Administrative Access to Remote Users. Read more www.securitytracker.com: Windows XP Service Pack 2 Firewall Configuration Error Exposes File and Print Sharing to Remote Users. Read more www.securitytracker.com: LaTeX2rtf Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: PostNuke 'admin.php' and Other Files Disclose Installation Path to Remote Users. Read more www.securitytracker.com: Mambo Server Cache_library Input Validation Hole Lets Remote Users Execute Arbitrary Commands. Read more www.securitytracker.com: FreeRADIUS 'Ascend-Send-Secret' Processing Error Lets Remote Users Crash the Service. Read more www.securitytracker.com: TUTOS Input Validation Holes in 'file_overview' and 'app_new' Permit SQL Injection and Cross-Site Scripting Attacks. Read more www.securiteam.com: Buffer Overrun in JPEG Processing Proof Of Concept (MS04-028). Read more www.securiteam.com: GTK+ XPM Decoder Parsing Overflows. Read more www.securiteam.com: GNU Radius SNMP String Length Integer Overflow DoS. Read more www.debian.org: DSA-551-1 lukemftpd -- incorrect internal variable handling. Read more   News: www.pcwelt.de: PC-WELT discovers and fixes serious security issue in Windows XP SP2. Read more www.theregister.co.uk: Poor netiquette and jobs for net vandals. Read more www.theregister.co.uk: Windows is the 'biggest beta test in history' - Gartner. Read more www.crime-research.org: Internet has become the most vulnerable ever. Read more www.winnetmag.com: True to the Image: JPEG Exploits on the Loose. Read more www.dailyrundown.com: Security Flaw Found In The Google Toolbar. Read more

21 September 2004 Vulnerabilities & Exploits www.debian.org: DSA-550-1 wv -- buffer overflow. Read more www.securitytracker.com: Lords of the Realm III User Nickname Input Validation Error Lets Remote Users Crash the Game Server. Read more www.securiteam.com: Engenio/LSI Logic Controllers DoS/Data Corruption. Read more www.securiteam.com: Apache htpasswd Local Stack Overflow. Read more www.securiteam.com: Snitz Forums 2000 HTTP Response Splitting. Read more www.securiteam.com: SUS Local Root Privilege Escalation Vulnerability. Read more   News: www.theinquirer.net: Exploit for Microsoft image flaw published. Read more www.theregister.co.uk: Rise of the Botnets. Read more www.theregister.co.uk: VMware creates PC software condom. Read more www.theinquirer.net: AOL beefs up security. Read more www.computerweekly.com: Growth in security holes will increase downtime. Read more www.theregister.co.uk: Sasser author gets IT security job. Read more www.theregister.co.uk: UK police arrest Cisco source code suspect. Read more www.theregister.co.uk: 11 charged over 'biggest-ever' MS piracy bust. Read more

20 September 2004 Vulnerabilities & Exploits www.securitytracker.com: getmail Temporary File Symlink Flaws May Let Local Users Obtain Root Privileges. Read more www.securiteam.com: VP-ASP 'shoprestoreorder.asp' May Let Remote Users Keep Database Connections Open. Read more www.securiteam.com: CDRecord's readcd Local Root Privileges. Read more www.securiteam.com: Pigeon Server DoS. Read more www.securiteam.com: Ipswitch WhatsUp Gold prn.htm DoS. Read more   News: www.hindustantimes.com: Viruses aimed at Microsoft rise sharply: Symantec. Read more www.spamfo.co.uk: A visual history of spam and virus emails. Read more news.zdnet.com: VMware aims to secure network sharing. Read more

19 September 2004 Guides, Papers, etc www.informit.com: Details Emerge on the First Windows Mobile Virus (Part 1 of 3). Read more www.informit.com: Details Emerge on the First Windows Mobile Virus (Part 2 of 3). Read more www.informit.com: Details Emerge on the First Windows Mobile Virus (Part 3 of 3). Read more   Vulnerabilities & Exploits www.securitytracker.com: Mambo Server Input Validation Hole in 'filecatid' Lets Remote Users Inject SQL Commands. Read more   News: www.securityfocus.com: Microsoft warns of poisoned picture peril. Read more cio-today.newsfactor.com: Microsoft Image Flaw Opens Door to Hackers. Read more news.netcraft.com: Exploit for Microsoft JPEG Flaw Is Published. Read more seclists.org: Bugtraq: JPEG Processing BOF Proof Of Concept. Read more www.detnews.com: Business in computer security continues to grow. Read more

18 September 2004 Vulnerabilities & Exploits www.securitytracker.com: RsyncX Privilege Error Lets Local Users Obtain Root Privileges. Read more www.securitytracker.com: Google Toolbar Input Validation Hole in 'About' Page Lets Remote Users Execute Scripting Code in the Local Computer Zone. Read more www.securitytracker.com: F-Secure Internet Gatekeepr MIME Decoding Errors Have Unspecified Impact. Read more www.securitytracker.com: Business Objects WebIntelligence Input Validation Holes Let Remote Users Conduct Cross-Site Scripting Attacks. Read more www.securitytracker.com: Business Objects WebIntelligence Access Control Lets Remote Authenticated Users Delete Documents Without Permission. Read more www.securitytracker.com: IBM OEM Version of Windows XP Silently Creates Administrator Account With No Password. Read more www.securitytracker.com: sudo '-u' sudoedit Error Discloses Restricted Files to Local Users. Read more www.securitytracker.com: Apache SSL Connection Abort State Error Lets Remote Users Deny Service. Read more www.securitytracker.com: phpGroupWare Input Validation Error in Wiki Module Permits Cross-Site Scripting Attacks. Read more www.securitytracker.com: Apple iChat May Let Remote Users Start Applications on the Target User's System in Certain Cases. Read more www.securitytracker.com: xine-lib DVD Subpicture Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: xine-lib VideoCD Buffer Overflows Let Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: DNS4Me Lets Remote Users Crash the Web Service and Conduct Cross-Site Scripting Attacks. Read more www.securitytracker.com: Pigeon Server Input Validation Error in Login Parameter Lets Remote Users Freeze the Server. Read more www.debian.org: DSA-549-1 gtk+ -- several vulnerabilities. Read more   News: www.theregister.co.uk: SP2 on XP Home. Read more story.news.yahoo.com: German teen who made Sasser worm hired by computer security firm. Read more www.theregister.co.uk: FTC backs spammer bounties (false). Read more www.internetweek.com: Passwords Fail To Defend Enterprises. Read more www.crime-research.org: Hackers' warfare. Read more

17 September 2004 Guides, Papers, etc www.securityfocus.com: Metasploit Framework, Part Three. Read more www.securityfocus.com: Examining a Public Exploit, Part 2. Read more   Vulnerabilities & Exploits www.securitytracker.com: Microsoft Internet Explorer Bug in Setting Cookies in Certain Domains May Let Remote Users Conduct Session Fixation Attacks. Read more www.securitytracker.com: Firefox Bug in Setting Cookies in Certain Domains May Let Remote Users Conduct Session Fixation Attacks. Read more www.securitytracker.com: Konqueror Bug in Sending Non-Secure Cookies via SSL May Let Remote Users Conduct Session Fixation Attacks. Read more www.securitytracker.com: Opera Bug in Sending Non-Secure Cookies via SSL May Let Remote Users Conduct Session Fixation Attacks. Read more www.securitytracker.com: libXpm Integer and Stack Overflows May Let Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: Firefox Various Overflows and Scripting Errors May Let Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: Thunderbird Various Overflows and Scripting Errors May Let Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: Mozilla Various Overflows and Scripting Errors May Let Remote Users Execute Arbitrary Code. Read more   News: www.internetweek.com: Hackers Jump On Windows Vulnerability. Read more www.theregister.co.uk: German lawyer arrested in piracy crackdown. Read more www.theregister.co.uk: Freegate is not Trojan horse, says Symantec. Read more

16 September 2004 Guides, Papers, etc www.schneier.com: Benevolent Worms. Read more www.schneier.com: Full Disclosure and the Window of Exposure. Read more www.virusbtn.com: The 14th Virus Bulletin International Conference takes place at The Fairmont, Chicago, IL, USA from Wednesday 29 September to Friday 1 October. Read more 2004.   Vulnerabilities & Exploits www.debian.org: DSA-545-1 cupsys -- denial of service. Read more www.secnap.com: Vulnerability in IBM Windows XP default hidden Administrator account allows local Administrator access. Read more www.securitytracker.com: PHP Array Processing Error in Handling RFC1867 MIME Formatting May Let Remote Users Overwrite Memory. Read more www.securitytracker.com: Apache ap_resolve_env() Buffer Overflow in Reading Configuration Files May Let Local Users Gain Elevated Privileges. Read more www.securitytracker.com: Apache IPv6 Address Parsing Flaw May Let Remote Users Deny Service. Read more www.securitytracker.com: Foomatic Bug in foomatic-rip Filter Lets Remote Users Execute Commands. Read more www.securitytracker.com: GNU RADIUS Server SNMP Integer Overflow Lets Remote Users Crash the Service. Read more www.securitytracker.com: gdk-pixbug BMP, ICO, and XPM Image Processing Errors May Let Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: CUPS Browsing Can Be Disabled By Remote Users. Read more www.securitytracker.com: PHP Array Parsing Error in php_variables May Disclose Memory Contents via phpinfo(). Read more www.securitytracker.com: MyServer './' Input Validation Error Discloses Files to Remote Users. Read more www.securitytracker.com: PerlDesk Input Validation Error in 'lang' Parameter May Disclose System Information to Remote Users. Read more www.securitytracker.com: Inkra Switch Error in Processing IP Options May Let Remote Users Crash the System. Read more www.securitytracker.com: SUS Format String Flaw Lets Local Users Execute Code With Root Privileges. Read more www.securitytracker.com: McAfee VirusScan System Tray Applet Lets Local Users Execute Commands With SYSTEM Privileges. Read more www.securitytracker.com: Webmin 'maketemp.pl' Unsafe Temporary Directory Lets Local Users Gain Elevated Privileges. Read more www.securitytracker.com: Usermin 'maketemp.pl' Unsafe Temporary Directory Lets Local Users Gain Elevated Privileges. Read more www.securiteam.com: Real Life Vuln-Dev Process of a Win32 Stack Buffer Overflow. Read more www.securiteam.com: BlackJumboDog FTP Server Remote Code Execution. Read more www.securiteam.com: Cdrecord RSH SUID Shell Creation. Read more   News: www.theregister.co.uk: Mozilla updates browsers after bug hunt. Read more www.theregister.co.uk: Microsoft warns of poisoned picture peril. Read more www.securityfocus.com: Feds say Lamo inspired other hackers. Read more news.com.com: IBM protects passwords with PC chip. Read more www.stuff.co.nz: Government paid hackers seek to save America. Read more

15 September 2004 Guides, Papers, etc md.hudora.de: NoSEBrEaK - Attacking Honeynets. Read more www.blackhat.com: Fingerprinting through Windows RPC. Read more   Vulnerabilities & Exploits www.securitytracker.com: Microsoft GDI+ Buffer Overflow in Processing JPEG Images Lets Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: getInternet Input Validation Holes Let Remote Users Inject SQL Commands. Read more www.securitytracker.com: getIntranet Input Validation Holes Let Remote Users Inject SQL Commands, Upload Files, Execute Scripting Code, and Gain Administrative Application Privileges. Read more www.securitytracker.com: Microsoft Works Suite Buffer Overflow in WordPerfect Converter Lets Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: Microsoft Publisher Buffer Overflow in WordPerfect Converter Lets Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: Microsoft FrontPage Buffer Overflow in WordPerfect Converter Lets Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: Microsoft Office Buffer Overflow in WordPerfect Converter Lets Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: Apache mod_dav LOCK Method Error May Let Remote Users Deny Service. Read more www.securitytracker.com: Linux Kernel TCP Socket State Error Lets Local Users Deny Service. Read more www.securitytracker.com: QNX crrtrap Race Condition May Let Local Users Grab Root Privileges. Read more www.securitytracker.com: QNX Binaries Have Buffer Overflows in '-s' Switch That May Let Local Users Gain Elevated Privileges. Read more www.securitytracker.com: mod_cplusplus Buffer Overflow Has Unspecified Impact. Read more www.securitytracker.com: ripMIME MIME Decoding Errors May Have Security Impact on Applications Using ripMIME. Read more www.securitytracker.com: Pingtel xpressa Boundary Error in HTTP Management Interface Lets Remote Authenticated Users Crash the Phone. Read more www.securitytracker.com: WebLogic May Transmit Sensitive Information in Clear Text When the Administration Port is Not Enabled. Read more www.securitytracker.com: WebLogic Active Directory LDAP Error May Fail to Disable User Accounts. Read more www.securitytracker.com: WebLogic Server May Deploy With Incomplete Security When an Error Occurs During Deployment. Read more www.securitytracker.com: WebLogic Discloses System Version Information to Remote Users. Read more www.securitytracker.com: WebLogic Administrative Console May Display Passwords in Certain Cases. Read more www.securitytracker.com: WebLogic Command and Administrative Scripts May Contain Clear Text Passwords. Read more www.securitytracker.com: WebLogic Case-Sensitive 'web.xml' Patterns May Let Remote Users Access Restricted URLs. Read more www.securitytracker.com: WebLogic Server Lets Remote Users Execute Some Administration Commands. Read more www.securitytracker.com: BEA WebLogic May Disclose Some Internal Server Objects to Remote Users. Read more www.debian.org: DSA-544-1 webmin -- insecure temporary directory. Read more   News: Microsoft Security Bulletin MS04-027 Vulnerability in WordPerfect Converter Could Allow Code Execution (884933) Read more Microsoft Security Bulletin MS04-028 Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987). Read more news.netcraft.com: New Worm Installs Network Traffic Sniffer. Read more www.theregister.co.uk: Symantec labels China censor-busting software as Trojan. Read more www.theinquirer.net: Nearly 90% of Chinese computers have worms. Read more

14 September 2004 Vulnerabilities & Exploits www.corsaire.com: Corsaire identify multiple vulnerabilities in Core MIME Protocol. Read more www.securitytracker.com: Gadu-Gadu Buffer Overflow in GG_MSG_IMAGE_REPLY Image Transfer Message Lets Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: Lexar JumpDrive Secure Discloses Password to Local Users. Read more www.securitytracker.com: Samba smbd Infinite Loop Lets Remote Users Consume All Available Memory. Read more www.securitytracker.com: Samba Input Validation Error in nmbd process_logon_packet() Lets Remote Users Crash the nmbd Service. Read more   News: www.theregister.co.uk: Beware of malformed MIME artists. Read more www.theregister.co.uk: Virus 'talks' to victims. Read more www.theinquirer.net: Talking worm spotted. Read more www.pcworld.idg.com.au: Transmeta claims anti-virus first with new processor. Read more www.pcworld.idg.com.au: Security holes plague Windows Help. Read more www.antiphishing.org: Paypal - 'Fraud'. Read more

13 September 2004 Guides, Papers, etc www.net-security.org: Detecting and Understanding Rootkits. Read more   Vulnerabilities & Exploits www.securitytracker.com: Turbo Seek Null Byte Error Discloses Files to Remote Users. Read more www.securitytracker.com: TwinFTP Server Input Validation Flaw in CWD/STOR/RETR Commands Lets Remote Authenticated Users Write Files to Arbitrary Locations. Read more www.securitytracker.com: Serv-U FTP Server Can Be Crashed By Remote Authenticated Users With Various STOU Commands. Read more www.securiteam.com: Oracle SYS_CONTEXT Procedure Buffer Overflow Vulnerability. Read more   News: nwc.securitypipeline.com: ISPs Given Thumbs Down For Virus, Hacker Control. Read more www.dailybreeze.com: Don't be lured by the phishing lines or you might be caught. Read more

12 September 2004 Vulnerabilities & Exploits www.securitytracker.com: Squid Overflow in clientAbortBody() Lets Remote Users Crash the Proxy. Read more   News: www.theregister.co.uk: Telenor takes down 'massive' botnet. Read more www.neowin.net: McAfee's Trojan horse error gets developer's goat. Read more

11 September 2004 Vulnerabilities & Exploits www.securitytracker.com: Apache mod_ssl Can Be Crashed By Remote Users When Reverse Proxying SSL Connections. Read more www.securitytracker.com: OpenOffice World-Readable Temporary Files Disclose Files to Local Users. Read more www.securitytracker.com: BBS e-Market Professional Include File Error Lets Remote Users Execute Arbitrary Commands. Read more www.securitytracker.com: Subjects Postnuke Module Input Validation Hole Lets Remote Users Inject SQL Commands. Read more   News: www.theregister.co.uk: Gizza job, virus writers ask AV industry. Read more www.crime-research.org: Russia: 80% of software is illegal. Read more www.internetweek.com: Spammers Using Authentication To Dodge Detection. Read more

10 September 2004 Vulnerabilities & Exploits www.securitytracker.com: Halo: Combat Evolved Off-by-One Error Lets Remote Deny Service. Read more www.securitytracker.com: F-Secure Internet Gatekeeper Input Validation Bug in Content Scanner Server Lets Remote Users Deny Service. Read more www.securitytracker.com: F-Secure Anti-Virus for Microsoft Exchange Input Validation Bug in Content Scanner Server Lets Remote Users Deny Service. Read more www.securitytracker.com: MailEnable Can Be Crashed By a Remote DNS Server. Read more www.securiteam.com: Usermin Remote Arbitrary Shell Command Execution Vulnerability. Read more   News: www.usatoday.com: Are hackers using your PC to spew spam and steal? Read more itvibe.com: Talking virus emerges. Read more www.theregister.co.uk: German jailed for email bomb hoax. Read more www.theregister.co.uk: Mitnick movie comes to the US. Read more www.net4nowt.com: Sleep walking, viruses and other IT security maladies. Read more www.theinquirer.net: Teen hacker controls ebay. Read more

09 September 2004 Guides, Papers, etc www.securityfocus.com: Feast of Egos. Read more   Vulnerabilities & Exploits www.securitytracker.com: Star Has Unspecified Flaw That May Let Local Users Gain Root Privileges. Read more www.securitytracker.com: OpenLDAP May Accept CRYPT Password Values as Plaintext Passwords. Read more www.securiteam.com: Trillian Buffer Overflow In MSN Module. Read more www.securiteam.com: Call Of Duty Broadcast Shutdown DoS Vulnerability. Read more www.securiteam.com: PHP-Nuke ViewAdmin Cross Site Scripting Bug. Read more www.securiteam.com: phpScheduleIt Multiple Cross-Site Scripting And Privilege Escalation Vulnerabilities. Read more www.securiteam.com: OpenCA PKI Component Cross Site Scripting. Read more www.securiteam.com: Mpg123 Buffer Overflow Due To Bugs In Header Checks Code. Read more   News: www.theregister.co.uk: Sasser kid charged with computer sabotage. Read more www.crime-research.org: A hacker nabbed. Read more www.techweb.com: ISPs Given Thumbs Down For Virus, Hacker Control. Read more www.securityfocus.com: Mitnick movie comes to the U.S. Read more

08 September 2004 Guides, Papers, etc www.securityfocus.com: Metasploit Framework, Part Two. Read more   Vulnerabilities & Exploits www.securitytracker.com: PSnews Input Validation Holes Let Remote Users Conduct Cross-Site Scripting Attacks. Read more www.securitytracker.com: Trillian Buffer Overflow MSN Module Lets Remote Users Execute Arbitrary Code in Certain Cases. Read more www.securitytracker.com: Apple Safari Frame Boundary Flaw Lets Remote Users Render HTML in an Arbitrary Site's Domain. Read more www.securitytracker.com: Apple QuickTime Streaming Server State Error Lets Remote Users Deny Service. Read more www.securitytracker.com: PPPDialer Unsafe Log Files May Let Local Users Gain Elevated Privileges. Read more www.securitytracker.com: Mac OS X CoreFoundation Buffer Overflow and Library Loading Bugs Let Local Users Gain Elevated Privileges. Read more www.securitytracker.com: Usermin Web Mail HTML Filtering Flaw Lets Remote Users Execute Arbitrary OS Commands. Read more www.securitytracker.com: net-acct Unsafe Temporary File May Let Local Users Gain Elevated Privileges. Read more www.securitytracker.com: Cosminexus Portal Framework May Disclose Cached Content to the Wrong User. Read more www.securitytracker.com: mpg123 Buffer Overflow in 'layer2.c' Lets Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: Sun Solaris 'in.named' Can Be Crashed By Remote Users. Read more www.securitytracker.com: Fujitsu ServerView Lets Local Users Modify MIB Values. Read more www.securitytracker.com: OpenCA Input Valiadation Flaw Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more   News: www.theregister.co.uk: McAfee AV ate my application. Read more

07 September 2004 Guides, Papers, etc www.eetimes.com: Hole seen in Intel's bug-busting feature. Read more   Vulnerabilities & Exploits www.securitytracker.com: YaBB SE 'Admin.php' Discloses Installation Path to Remote Users. Read more www.securitytracker.com: Call of Duty Game Can Be Shutdown By Remote Users. Read more www.securiteam.com: Samba FindNextPrintChangeNotify Error Allows Remote Authenticated Users To Crash smbd. Read more www.securiteam.com: TorrentTrader SQL Injection. Read more   News: m2.com: Norwegian online banks have many security holes - claim. Read more software.silicon.com: Security: Can you really trust JUST techies? Read more www.komotv.com: Herb Weisbaum: Public Still Getting Hooked By 'Phishing' Scams. Read more www.pcworld.idg.com.au: Sophos Advises on Simple Steps to Avoid Being Phished. Read more

06 September 2004 Vulnerabilities & Exploits www.securitytracker.com: Brocade Switches Can Be Crashed By Remote Users. Read more www.securitytracker.com: IBM Disk Systems Can Be Crashed By Remote Users and Data Corruption May Occur. Read more www.securitytracker.com: StorageTek Disk Systems Can Be Crashed By Remote Users and Data Corruption May Occur. Read more www.securitytracker.com: PHP-Nuke 'admin.php' Authentication Flaw Lets Remote Users View Information and Delete Administrative Accounts. Read more www.securitytracker.com: PHP-Nuke Authentication Flaw in 'admin.php' Lets Remote Users Gain Administrative Privileges. Read more www.securitytracker.com: Site News Authentication Error May Let Local Users Add Messages. Read more www.securiteam.com: Courier-IMAP Remote Format String Vulnerability Exploit. Read more   News: nwc.securitypipeline.com: WinZip Vulnerable To Hacks. Read more www.theregister.co.uk: Plea deal in 'war spamming' prosecution. Read more

05 September 2004 Vulnerabilities & Exploits www.securitytracker.com: WhatsUp Gold Web Interface May Let Remote Users Cause Denial of Service Conditions. Read more www.securitytracker.com: Keene Digital Media Server Lets Remote Users Gain Administrative Access. Read more www.securitytracker.com: Altnet Download Manager Buffer Overflow in bstrFilepath Lets Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: QNX PPPoEd Buffer Overflow and Path Specification Bug May Let Local Users Gain Root Privileges. Read more   News: www.theregister.co.uk: eBay domain hijacker arrested. Read more

04 September 2004 Guides, Papers, etc www.eurocompton.net: Bypassing Secure Web Transactions via DNS Corruption. Read more www.eurocompton.net: Topology of Denial-of-Service. Read more www.eurocompton.net: Fun with Packets. Read more   Vulnerabilities & Exploits www.securitytracker.com: Kerio Personal Firewall Application Security Can Be Disabled By Certain Local Users. Read more www.securitytracker.com: Squid NTLM Input Validation Error in ntlm_fetch_string() Lets Remote Users Crash the System. Read more www.securitytracker.com: CuteNews 'show_archives.php' Include File Flaw Lets Remote Users Execute Arbitrary Commands on the Server. Read more www.securitytracker.com: IMail Server E-mail and Calendar Bugs May Let Remote Users Crash the Server. Read more www.securitytracker.com: MailWorks Professional Authentication Flaw Grants Administrative Access to Remote Users. Read more www.securitytracker.com: Juniper Networks NetScreen-IDP May Let Remote SSH Servers Overwrite Files in Certain Cases. Read more   News: www.techweb.com: WinZip Vulnerable To Hacks. Read more www.theregister.co.uk: Spammers embrace email authentication. Read more www.usatoday.com: Few electronic disruptions hit GOP convention. Read more nwc.bizintelligencepipeline.com: Oracle Products Exposed To Hackers. Read more www.nwfusion.com: Symantec joins anti-phishing group. Read more

03 September 2004 Guides, Papers, etc www.vividmachines.com: Shellcoding for Linux and Windows Tutorial. Read more   Vulnerabilities & Exploits www.securitytracker.com: OpenSSH Default Configuration May Be Unsafe When Used With Anonymous SSH Services. Read more www.securitytracker.com: Opera Embed Tag Error Lets Remote Users Crash the Browser. Read more www.securitytracker.com: HP Systems Insight Manager May Not Let Users Login After Applying a Microsoft Security Patch. Read more www.securitytracker.com: IBM DB2 Buffer Overflows May Let Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: Linux Kernel Integer Overflow in kNFSd Lets Remote Users Panic the System. Read more www.securiteam.com: Cisco VPN 3000 Kerberos Authentication Implementation Remote Code Execution And DoS. Read more www.securiteam.com: NetworkEverywhere Router Model NR041 Script Injection via DHCP. Read more www.securiteam.com: Xedus Webserver Directory Traversal and DoS. Read more www.securiteam.com: Chat Anywhere DoS. Read more www.securiteam.com: MIT Kerberos ASN.1 Decoder DoS. Read more www.appsecinc.com: Multiple vulnerabilities in Oracle Database Server. Read more pacsec.jp: Sites with default SSHD configs and anonymous CVS or other "public" access are vulnerable to port bounce attacks. Read more   News: www.theregister.co.uk: WinXP SP2 = security placebo? Read more www.theregister.co.uk: Slack users blamed for virus longevity. Read more www.hindustantimes.com: Microsoft warns spyware could bungle security update. Read more www.mosnews.com: Why Internet Still Not Paralyzed � Russian Expert. Read more

02 September 2004 Guides, Papers, etc papers.ssrn.com: A Model for when Disclosure Helps Security: What Is Different About Computer and Network Security? Read more   Vulnerabilities & Exploits www.securitytracker.com: Comersus Shopping Cart 'redirecturl' Input Validation Flaw Permits HTTP Response Splitting Attacks. Read more www.securitytracker.com: dasBlog Input Validation Hole in Event and Activity Viewer Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more www.securitytracker.com: Cerbere Proxy Server Lets Remote Users Consume Excessive CPU Resources. Read more www.securitytracker.com: WinZip Unspecified Buffer Overflows May Let Remote or Local Users Execute Arbitrary Code. Read more www.securitytracker.com: bsdmainutils Privilege Error in 'calendar' May Let Local Users Gain Elevated Privileges. Read more www.securitytracker.com: phpScheduleIt Input Validation Holes Let Remote Users Conduct Cross-Site Scripting Attacks. Read more www.securitytracker.com: Oracle Application Server Has Multiple Portal and iSQL*Plus Flaws That Let Remote Users Take Control of the Server. Read more www.securitytracker.com: Oracle Database Server Has Multiple Flaws That Let Remote Users Take Control of the Server. Read more www.securitytracker.com: phpWebSite Input Validation Bugs in 'cal_template' and Other Parameters Permit SQL Injection and Cross-Site Scripting Attacks. Read more www.securitytracker.com: pLog Input Validation Flaw in 'register.php' Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more www.securitytracker.com: WFTPD Pro Can Be Crashed By Remote Authenticated Users Sending a Specially Crafted MLST Command. Read more www.securitytracker.com: Titan FTP Server Can Be Crashed By Remote Authenticated Users Sending Long Commands. Read more www.securiteam.com: D-Link DCS-900 Internet Camera Abitrary IP Changing Vulnerability. Read more www.securiteam.com: WebAPP Directory Traversal and Encrypted DES Disclosure. Read more   News: www.theregister.co.uk: New Bagle worm drops in and downloads. Read more www.theregister.co.uk: Phishers suspected of eBay Germany domain hijack. Read more zdnet.com.com: Security pros warn of critical flaws in Kerberos. Read more www.crime-research.org: Cybercrime is not limited by boundaries. Read more www.fcw.com: DOD reveals viral infection. Read more

01 September 2004 Tools www.insecure.org: Nmap 3.70 Released. Read more   Vulnerabilities & Exploits www.debian.org: DSA-543-1 krb5 -- several vulnerabilities. Read more www.debian.org: DSA-458-2 python2.2 -- buffer overflow. Read more www.securitytracker.com: Oracle Enterprise Manager Has Local Vulnerabilities With Unspecified Impact. Read more www.securitytracker.com: Kerberos 5 ASN.1 Decoder Infinite Loop Lets Remote Users Deny Service. Read more www.securitytracker.com: Kerberos 5 KDC Double-Free Errors May Let Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: imlib2 BMP Decoding Buffer Overflow May Let Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: imlib BMP Decoding Buffer Overflow May Let Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: ImageMagick BMP Decoding Buffer Overflow Lets Remote Users Crash the Application. Read more www.securitytracker.com: PvPGN 'watchall' and 'unwatchall' Command Buffer Overflow May Let Remote Users Execute Arbitrary Code. Read more www.securitytracker.com: XOOPS Dictionary Module Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more www.securitytracker.com: D-Link DCS-900 Camera Lets Remote Users Modify the IP Address. Read more www.securitytracker.com: CuteNews Default Configuration Lets Local Users Modify the News File. Read more www.securitytracker.com: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes. Read more www.securitytracker.com: Samba FindNextPrintChangeNotify() Error Lets Remote Authenticated Users Crash smbd. Read more www.securitytracker.com: TYPSoft FTP Service Can Be Affected By Remote Users With a Certain RETR Command Sequence. Read more www.securitytracker.com: WS_FTP CD Command Path Parsing Flaw May Let Remote Authenticated Users Deny Service. Read more www.securitytracker.com: SugarCRM Discloses Passwords to Local Users. Read more www.securitytracker.com: Password protect Input Validation Holes Let Remote Users Inject SQL Commands and Conduct Cross-Site Scripting Attacks. Read more www.securitytracker.com: Xedus Web Server Input Validation Flaws Disclose Files to Remote Users and Permit Cross-Site Scripting Attacks. Read more www.securitytracker.com: cdrtools Lets Local Users Obtain Root Privileges. Read more   News: www.pcworld.idg.com.au: SonicWALL hosting internet security seminars to raise customers' awareness of pressing security issues. Read more www.technologyreview.com: Is Encryption Doomed? Read more

Copyright� MegaSecurity.org