Home    News Archive    Translate Traducen
News January 20004
31 january 2004

New in Archive
Servidor (a)

HTTP RAT 0.1b (e)

Hotdog

Backdoor.VB.bj

Guides, Papers, etc.
www.math.org.il:
Refuting tall-tales and stories about the Mydoom.A and the Mydoom.B worms. Read more

www.math.org.il:
Information and reverse engineering bits of the Mydoom worms. Read more

www.gi-fb-sicherheit.de:
Detection of Intrusions and Malware & Vulnerability Assessment.
DIMVA 2004, July 6-7 2004, Dortmund, Germany. Read more

Vulnerabilities & Exploits
www.securitytracker.com:
PhpGedView Include File Holes in 'conf' Files Let Remote Users Execute Arbitrary Commands. Read more

www.securitytracker.com:
Kietu? Include File Flaw Lets Remote Users Execute Arbitrary Commands. Read more

www.securitytracker.com:
PJreview_Neo.cgi Input Validation Hole Discloses Files to Remote Users. Read more

News
www.attrition.org:
Anti-Virus Companies: Tenacious Spammers. Read more

www.theregister.co.uk
MS drop authentication technique to foil phishing. Read more

www.overclockersclub.com:
"News: MyDoom virus linked to Russian sources". Read more

www.hindustantimes.com:
Experts worry about MyDoom Internet worm after-effects. Read more

www.pcworld.com:
How to Kill the Worm. Read more

www.securitypipeline.com:
Mydoom Code Contains Apology From Author. Read more

30 january 2004

New in Archive
CmjSpy (g)

Bigshot 1.0 server Client was already in Archive.

Cult (a)

PianoYes v2

RBackdoor 1.0

Vulnerabilities & Exploits
www.securitytracker.com:
BRS WebWeaver Input Validation Flaw in ISAPISkeleton.dll Permits Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
SurfNOW Proxy Service Can Be Denied By Remote Users. Read more

www.securitytracker.com:
Macromedia ColdFusion Lets Remote Users Deny Service By Sending Many Form Fields. Read more

www.securitytracker.com:
Macromedia ColdFusion MX 6.1 Access Control Flaw Lets Objects Bypass Sandbox Security. Read more

www.securitytracker.com:
TRR19 Lets Local Users Execute Commands With 'Games' Group Privileges. Read more

www.securitytracker.com:
DotNetNuke Multiple Input Validation Flaws Disclose Files to Remote Users and Permit SQL Injection. Read more

www.securiteam.com:
Alphanumeric GetPC Code and Shellcode Encoder-Decoder. Read more

www.securiteam.com:
Serv-U FTPD "SITE CHMOD" Command Remote Exploit. Read more

News
www.securityfocus.com:
Microsoft offers $250,000 reward for arrest of author of latest virus. Read more

www.securityfocus.com:
Comcast targets Internet `abusers' but won't reveal limits. Read more

www.overclockersclub.com:
"News: Microsoft to issue security patch for IE". Read more

www.washingtonpost.com:
New Worm Spawns Headaches for Computer Users. Read more

english.aljazeera.net:
Flaws hold back Mydoom virus. Read more

news.com.com:
FTC eyes network operators in spam battle. Read more

29 january 2004

New in Archive
Gen0cide

Backdoor.Delf.av

Nucker

Alop

Tools
www.eeye.com:
Retina MyDoom Scanner from eEye Digital Security. Read more

Guides, Papers, etc.
The Streamlined Blackhole Project.
A Streamlined Blackhole can be defined as a real-time (as in up-to-the-minute), machine-automated blackhole list where blacklisting is performed based on how wide spread the phenomenon being measured is as opposed to the number of reports received. Read more

www.auug.org.au:
Security Symposium, 20 February 2004 - Canberra. Read more

Vulnerabilities & Exploits
www.securitytracker.com:
IBM Informix Dynamic Server Buffer Overflows and Format String Flaws Let Local Users Gain Elevated Privileges. Read more

www.securitytracker.com:
Leif M. Wright Web Blog Input Validation Flaw Discloses Files to Remote Users. Read more

www.securitytracker.com:
Kerio Personal Firewall Administration Menu Lets Local Users Run Applications With SYSTEM Privileges. Read more

www.securiteam.com:
Serv-U Ftp Site Chmod Long Filename Exploit. Read more

www.debian.org:
DSA-430-1 trr19 -- missing privilege release. Read more

www.debian.org:
DSA-429-1 gnupg -- cryptographic weakness. Read more

News
www.theregister.co.uk:
MyDoom variant attacks Microsoft.com. Read more

www.theregister.co.uk:
MyDoom is the worst virus ever. Read more

www.infoworld.com:
Hackers capitalizing on Mydoom's success. Read more

www.pcworld.com:
Hackers Jump on Mydoom's Coattails. Read more

news.bbc.co.uk:
Bounty on creators of e-mail worm. Read more

star-techcentral.com:
Virus-buster cracks MyDoom in two hours. Read more

www.washingtonpost.com:
New Worm, Same Old Problem. Read more

support.microsoft.com:
Microsoft plans to release a software update that modifies the default behavior of Internet Explorer for handling user information in HTTP and HTTPS URLs. Read more

www.securityfocus.com:
'Warspying' San Francisco. Read more

www.chicoer.com:
Latest Internet scam alleges Patriot Act violations. Read more

www.guardian.co.uk:
A big catch in the phishing season. Read more

28 january 2004

New in Archive
IceBraker 1.0

Alicia (o)

CmjSpy (d)

Backdoor.Delf.ar

Tools
www.pyrexic.com:
RECUB (Remote Encrypted Callback Unix Backdoor), is a handy admin tool which can be also used as a backdoor on a linux system. Some of its features make it unique to other backdoors. Read more

News
news.bbc.co.uk:
Mydoom virus 'biggest in months'. Read more

sfgate.com:
Computer virus experts say latest e-mail worm is vicious and spreading fast. Read more

www.reuters.com:
MyDoom Worm Aimed at SCO Web Site. Read more

www.theregister.co.uk:
Viruses and hackers make Windows more secure - Gates. Read more

www.news-journalonline.com:
Purveyors of Web viruses show deft. Read more

star-techcentral.com:
FBI launches probe into MyDoom virus. Read more

www.securityfocus.com:
The Soft Underbelly: Attacking the Client. Read more

www.securityfocus.com:
Experts: 'Mydoom' virus is vicious. Read more

27 january 2004

New in Archive
DTr 1.6 final

mtm ftp server beta 1.0

Transistor 1.0

BdURL

Backdoor.Delf.ak

Messiah 1.0 v1 server. (Client was already in Archive)

Guides, Papers, etc.
www.icir.org:
Network Intrusion Detection: Evasion, Traffic Normalization, and End-to-End Protocol Semantics. Read more

Vulnerabilities & Exploits
www.securitytracker.com:
BEA WebLogic May Disclose Managed Server Password to Local Users. Read more

www.securitytracker.com:
BEA WebLogic May Write Administrator Password in Clear Text to 'config.xml'. Read more

www.securitytracker.com:
BEA WebLogic May Disclose MBean Passwords to Operators in Certain Cases. Read more

www.securitytracker.com:
WebLogic Server and Express Input Validation Flaw in Processing HTTP TRACE Requests Permits Cross-Site Scripting. Read more

www.securitytracker.com:
ProxyNow! Buffer Overflow Lets Remote Users Gain SYSTEM Privileges. Read more

www.securitytracker.com:
BremsServer Input Validation Flaw Discloses Files to Remote Users. Read more

www.securitytracker.com:
Gaim Contains Multiple Overflows That Let a Remote User Execute Arbitrary Code. Read more

www.securitytracker.com:
Xoops Input Validation Flaw in 'newbb' Module Permits Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
Mbedthis AppWeb Can Be Crashed By Remote Users. Read more

www.securitytracker.com:
McAfee ePolicy Orchestrator Agent Can Be Crashed By Remote Users. Read more

www.securitytracker.com:
Check Point FireWall-1/VPN-1 Contains H.323 Processing Vulnerabilities With Unspecified Impact. Read more

www.securitytracker.com:
IBM Net.Data db2www Input Validation Flaw Permits Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
PhpGedView 'login.php' Discloses Installation Path to Remote Users. Read more

News
xforce.iss.net:
MyDoom Mass-Email Worm. Read more

www.ceas.cc:
First Conference on Email and Anti-Spam (CEAS). Read more

www.theinquirer.net:
Major worm attack makes email life a misery. Read more

www.techworld.com:
New, fast-spreading worm spells 'doom' for many. Read more

star-techcentral.com:
Hackers in it for the money. Read more

news.com.com:
The virus hunter. Read more

www.computerworld.com:
Experts: Mydoom worm spreading faster than last year's Sobig-F. Read more

26 january 2004

New in Archive
AntiMks 0.1 beta

Iroffer 1.2b27

Iroffer 1.3b02

Backdoor.Delf.ab

Backdoor.Delf.ai

Alicia (l)

Snex

Tools
forgate.sourceforge.net:
Forgate (Forge Gateway) allows you to capture traffic from a third party in a switched environment at the expense of a slight increase in latency to that third party host. Utilizing ARP cache poisoning, packet capture and packet reconstruction techniques, Forgate works with nearly all TCP, ICMP and UDP IPv4 traffic flows. Read more

Vulnerabilities & Exploits
www.securitytracker.com:
Windows XP Explorer Executes Arbitrary Code in Folders. Read more

www.securitytracker.com:
Reptile Web Server HTTP Request Flaw Lets Remote Users Deny Service. Read more

www.securitytracker.com:
Serv-U FTP Server 'site chmod' Stack Overflow Lets Remote Users Execute Arbitrary Codee. Read more

www.securitytracker.com:
Borland Web Server Input Validation Flaw Discloses Files to Remote Users. Read more

www.securitytracker.com:
IntraForum Input Validation Flaw Permits Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
Maelstrom Game '-player' Command Buffer Overflow Lets Local Users Gain Elevated Privileges. Read more

www.securityfocus.com:
Netbus Directory Listings Disclosure and File Upload Vulnerability. Read more

News
www.overclockersclub.com:
"News: Mutating software could predict hacker attacks". Read more

www.stuff.co.nz:
Internet banking scam helpers face jail. Read more

www.naplesnews.com:
Identity theft, Internet-related fraud top consumers' complaints. Read more

25 january 2004

New in Archive
AF

Alien Hacker 1.0

Backdoor.Delf.aq

Guides, Papers, etc.
Malware: Fighting Malicious Code
www.amazon.com:
by Ed Skoudis (Author), Lenny Zeltser (Author). Read more

www.net-security.org:
An Introduction To SQL Injection Attacks For Oracle Developers. (pdf) Read more

Vulnerabilities & Exploits
www.net-security.org:
NetBus Pro Web Server Direcory Listing And Remote File Upload Vulnerability. Read more

www.securitytracker.com:
Oracle HTTP Server 'isqlplus' Input Validation Flaws Let Remote Users Conduct Cross-Site Scripting Attacks. Read more

News
slashdot.org:
Scam Combines Patriot Act FUD With IE Bug. Read more

news.com.com:
Security pros question flaw find. Read more

24 january 2004

New in Archive
WinFucker 2.3

Let Me Rule 2.0 beta 9

Takit

Hapig

Vulnerabilities & Exploits
www.securitytracker.com:
Q-Shop ASP Shopping Cart Input Validation Holes Let Remote Users Inject SQL Commands. Read more

www.securitytracker.com:
SurfinGate Proxy Mode Lets Remote Users Execute Application Commands. Read more

www.securitytracker.com:
Sun Solaris modload() May Grant Root Access to Local Users. Read more

News
www.securityfocus.com:
Online fraud, I.D. theft soars. Read more

framehosting.dowjonesnews.com:
DJ Brazil Earns Reputation As Online Banking Fraud Haven. Read more

www.nbc11.com:
PayPal Warns Customers About Fraudulent E-mails, Web sites. Read more

www.eweek.com:
Feds Shut Down Web Site in Scam Probe. Read more

zdnet.com.com:
E-mail scam taps antiterrorist push, says FDIC. Read more

www.theregister.co.u:
Dell server inferno hell. Read more

23 january 2004

New in Archive
Freddy K beta 1 server

AimRat 1.0 (b)

Pointex (j)

FireBird (a)

TMS

AntiSars Microsoft 1.0.0.1

Alicia (h)

Vulnerabilities & Exploits
www.securitytracker.com:
Apache mod_python String Processing Bug Still Lets Remote Users Crash the Web Server. Read more

www.securitytracker.com:
NetWare Enterprise Server PERL Handler Input Validation Flaw Permits Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
GeoVision GeoHttpServer Authentication Bypass Grants Access to Remote Users. Read more

www.securitytracker.com:
'Need for Speed Hot Pursuit 2' Buffer Overflow Lets Remote Servers Execute Arbitrary Code. Read more

www.securitytracker.com:
'the banner exchange' Input Validation Flaw Lets Remote Authenticated Users Execute Arbitrary Code. Read more

www.securiteam.com:
Mephistoles HTTPd Cross Site Scripting Vulnerability. Read more

News
www.geek.com:
UPDATED: FBI raids hacker home in search of stolen Half-Life 2 code. Read more

www.washingtonpost.com:
Romanian Court Indicts Accused 'Blaster' Virus Author. Read more

www.theinquirer.net:
I Hate You worm starts popping up. Read more

www.hindustantimes.com:
India, Pak hackers declare truce. Read more

www.eweek.com:
Senate Security Hole Enables Partisan Spying. Read more

22 january 2004

New in Archive
XZone 0.1 client

SMTP Server

Y2KCount

Tools
Nmap 3.50 Released. Read more

Guides, Papers, etc.
INFOSEC Zeitgeist
The emergence of trends and patterns in the security community. Read more

Vulnerabilities & Exploits
www.securitytracker.com:
Apache mod_perl File Descriptor Leak May Let Local Users Hijack the http and https Services. Read more

www.securitytracker.com:
PointBase Database Lack of Policy File Permits Remote Users to Crash the System. Read more

www.securitytracker.com:
Mephistoles httpd Input Validation Flaw Permits Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
Honeyd TCP Response Flaw Lets Remote Users Detect the Honey Pot. Read more

www.securitytracker.com:
Cisco Internet Service Node Default Configuration on IBM Servers Grants Administrative Access to Remote Users. Read more

www.securitytracker.com:
Cisco Emergency Responder Default Configuration on IBM Servers Grants Administrative Access to Remote Users. Read more

www.securitytracker.com:
Cisco IP Interactive Voice Response Default Configuration on IBM Servers Grants Administrative Access to Remote Users. Read more

www.securitytracker.com:
Cisco Conference Connection Default Configuration on IBM Servers Grants Administrative Access to Remote Users. Read more

www.securitytracker.com:
SEH InterCon Smart Print Server Grants Administrative Access to Remote Users. Read more

www.securitytracker.com:
GeoHttpServer Can Be Crashed By a Remote User Sending a Long Password. Read more

www.securitytracker.com:
webcamXP Web Interface Input Validation Flaw Permits Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
Sun Solaris in.iked Internet Key Exchange ASN.1 Buffer Overflow May Let Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
PHPix Gallery Lets Remote Users Execute Arbitrary Commands on the Target System. Read more

www.debian.org:
DSA-428-1 slocate -- buffer overflow. Read more

News
IT-DEFENSE 2004
Outstanding IT Security Conference with highly qualified speakers from the USA and Europe is now taking place for the second time. Read more

www.sundaytimes.co.za:
Bagle worm hits SA home users, SMEs. Read more

www.securityfocus.com:
Prison time for unlucky phisher. Read more

australianit.news.com.au:
Hackers head for home. Read more

www.securityfocus.com:
A Visit from the FBI. Read more

www.theregister.co.uk:
Zip file encryption compromise thrashed out. Read more

www.theregister.co.uk:
Danish spammer fined £37k. Read more

21 january 2004

New in Archive
Muma

Remote HAVOC 1.0.0 (b)

Backdoor.VB.ib

Backdoor.Delf.ah

Fate Server SE

Guides, Papers, etc.
Group Policy Settings Reference for Windows XP Professional Service Pack 2 Beta
Pre-Release Documentation. Read more

Vulnerabilities & Exploits
www.securitytracker.com:
SuSE 3ddiag Unsafe Temporary Files May Let Local Users Gain Elevated Privileges. Read more

www.securitytracker.com:
NetWorker 'nsr_shutdown' Unsafe Temporary File May Let Local Users Gain Root Privileges. Read more

www.securitytracker.com:
Anteco OwnServer Input Validation Flaw Discloses Files to Remote Users. Read more

www.securitytracker.com:
WebTrends Reporting Center Discloses Installation Path to Remote Users. Read more

www.securitytracker.com:
2Wire Gatway Input Validation Flaw Permits Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
DUforum Authentication Flaw Lets Remote Users Gain Administrative Access to the Application. Read more

www.securitytracker.com:
DUfaq Authentication Flaw Lets Remote Users Gain Administrative Access to the Application. Read more

www.securitytracker.com:
DUpaypal Authentication Flaw Lets Remote Users Gain Administrative Access to the Application. Read more

www.securitytracker.com:
DUamazon Authentication Flaw Lets Remote Users Gain Administrative Access to the Application. Read more

www.securitytracker.com:
DUnews Authentication Flaw Lets Remote Users Gain Administrative Access to the Application. Read more

www.securitytracker.com:
DUpoll Authentication Flaw Lets Remote Users Gain Administrative Access to the Application. Read more

www.securitytracker.com:
DUclassmate Authentication Flaw Lets Remote Users Gain Administrative Access to the Application. Read more

www.securitytracker.com:
DUarticle Authentication Flaw Lets Remote Users Gain Administrative Access to the Application. Read more

News
www.theregister.co.uk:
The Giant Wooden Horse Did It! Read more

www.terra.net.lb:
Quickly spreading Internet virus seen linked to spammers. Read more

star-techcentral.com:
Hundreds of public sector websites hacked in three days. Read more

insight.zdnet.co.uk:
What can you learn from a hacker site? Read more

www.bgnews.com:
Behind the Front Lines. Read more

20 january 2004

New in Archive
Trojaner 2.0

Trojaner 2.1

Cruel Intentionz 1.22b

Paszczus 1.4.1

Morbid God 1.0

Guides, Papers, etc.
phrack.org:
Phrack 63. Read more

Vulnerabilities & Exploits
www.securitytracker.com:
BUGS Discloses Database Credentials to Remote Users. Read more

www.securitytracker.com:
Netbpm Uses Unsafe Temporary Files and May Let Local Users Gain Elevated Privileges. Read more

www.securitytracker.com:
Pablo FTP Server Lets Remote Authenticated Users Determine File Existence. Read more

News
zdnet.com.com:
New worm draws Sobig comparisons. Read more

zdnet.com.com:
New Mimail mixes tricks for PayPal scam. Read more

www.theregister.co.uk:
Microsoft lawyers threaten Mike Rowe (17). Read more

www.theregister.co.uk:
'Saddam - my part in his downfall' - by Microsoft military guru. Read more

www.computerworld.com:
2003 viruses caused $55B damage, antivirus firm says. Read more

19 january 2004

New in Archive
Amitis 1.4.2

Little Witch 6.1 (z & y)

DragonIRC 1.7.1 (c)

Vulnerabilities & Exploits
www.securitytracker.com"
Agnitum Outpost Firewall Tray Icon Lets Local Users Execute Commands With SYSTEM Privileges. Read more

www.securitytracker.com"
Ultr@VNC ShellExecute() Lets Local Users Run Shell Commands With SYSTEM Privileges. Read more

www.debian.org:
DSA-426-1 netpbm-free -- insecure temporary files. Read more

News
www.smh.com.au:
Mass-mailing Windows worm on the move. Read more

www.winonadailynews.com:
Police in India to Monitor Cybercafes. Read more

seattletimes.nwsource.com:
Avoid giving out personal information. Read more

18 january 2004

New in Archive
Iroffer 1.3b01

Holzpferd 2.2

Lightning 1.0

TrojanMule

Vulnerabilities & Exploits
www.securitytracker.com:
SunForum H.323 Processing Bug May Let Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
Tcpdump l2tp_avp_print() Flaw May Let Remote Users Crash the System With Malformed L2TP Packets. Read more

www.securitytracker.com:
Metadot Portal Server Input Validation Holes Permit SQL Injection and Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
phpShop Multiple Input Validation Flaws Permit SQL Injection, Cross-Site Scripting, and Disclosure of Customer Data. Read more

www.securitytracker.com:
XTREME ASP Photo Gallery Input Input Validation Flaw Grants Administrative Access to Remote Users. Read more

www.securitytracker.com:
OpenCA May Trust Signatures From Alternate PKIs. Read more

www.securitytracker.com:
Q-Shop Discloses Shopping Database to Remote Users. Read more

www.securitytracker.com:
The Bat! PGP Message Recursion Flaw May Permit Remote Code Execution. Read more

www.securitytracker.com:
tcpdump RADIUS print_attr_string() Parameter Overflow Lets Remote Users Crash the Process. Read more

News
www.timesdispatch.com:
Be on guard against these Internet scams. Read more

www.silicon.com:
Hackers go all out with PayPal spam phishing scam Trojan. Read more

www.pittsburghlive.com:
Internet scams — police say be careful. Read more

www.keprtv.com:
Internet safety group goes after online predators. Read more

www.biosmagazine.co.uk:
Web application hacking: exposing your backend. Read more

www.sanmateocountytimes.com:
Adobe admits to currency blocker. Read more

17 january 2004

New in Archive
AimRat 1.0

System33r Stealth Downloader 0.7 (Private)

Harvester 2003 (mail) 03

.96mm 2.1

Vulnerabilities & Exploits
www.securitytracker.com:
RapidCache Can Be Crashed By Remote Users and Discloses Files to Remote Users. Read more

www.securitytracker.com:
qmail Buffer Overflow Lets Remote Users Overwrite Memory. Read more

News
www.securityfocus.com:
Feds seek input on spammer sentencing. Read more

www.krqe.com:
Agency computers hit by 'Trojan horse'. Read more

www.securitypipeline.com:
Latest Trojan 'Phishes' For Personal Data. Read more

www.securitypipeline.com:
More MiMail Worms Spotted, Others On The Way. Read more

zdnet.com.com:
PC viruses spawn $55 billion loss in 2003. Read more

www.eweek.com:
Locking Down SQL Server 2000. Read more

news.com.com:
Security a work in progress for Microsoft. Read more

www.securitypipeline.com:
Gartner Forecasts Greater Potential For Cyberattacks. Read more

16 january 2004

New in Archive
ZFriends Takeover 1.0

Paszczus 1.4

PSYchoFTP 1.1

Spook 3.0(b)

Tools
leviathan.sourceforge.net:
Leviathan is a network auditing and penetration tool which runs on and againist Microsoft machines. It dumps Users, Groups, Services, Shares, Transport devices and MAC addresses. Read more

Vulnerabilities & Exploits
www.guninski.com:
Lame crash in qmail-smtpd and memory overwrite according to gdb, yet still qmail much better than windows. Read more

www.securitytracker.com:
FishCart Shopping System Integer Overflow Lets Remote Users Trigger Caculation Errors. Read more

www.securitytracker.com:
PhpDig 'config.php' Include File Holes Let Remote Users Execute Arbitrary Commands. Read more

www.securiteam.com:
HD Soft Windows FTP Server Format String Vulnerability. Read more

www.securiteam.com:
payShield Library Bad Requests Verification. Read more

www.securiteam.com:
Vulnerability Issues in Implementations of the H.323 Protocol (Generic). Read more

www.securiteam.com:
Vulnerabilities in H.323 Message Processing. Read more

www.securiteam.com:
Multiple Vulnerabilities in WWW Fileshare Pro. Read more

www.securiteam.com:
RapidCache Multiple Vulnerabilities. Read more

www.securiteam.com:
PhpDig Remote Command Execution. Read more

www.securiteam.com:
Linux Kernel do_mremap Local Privilege Escalation Vulnerability (Technical Details). Read more

www.securiteam.com:
Unauthorized Deletion of IPSec (and ISAKMP) SAs in Racoon. Read more

www.securiteam.com:
FishCart Integer Overflow / Rounding Error. Read more

www.debian.org:
DSA-423-1 linux-kernel-2.4.17-ia64 -- several vulnerabilities. Read more

News
zdnet.com.com:
Report: IP networks easy prey for cyberattackers. Read more

www.thekansascitychannel.com:
Hacker Breaks Into UMKC Computer System. Read more

www.networkitweek.co.uk:
Hackers aim for the head. Read more

www.miami.com:
FTC helps victims of scam. Read more

www.nwfusion.com:
PayPal scam tries to jumpstart Mimail worm. Read more

15 january 2004

New in Archive
Iroffer 1.2b26

Rewind FTP Server 1.0

HackIT! 1.0

DarkZone 1.0

AMS 1.0.2.1

Guides, Papers, etc.
www.securityfocus.com:
Problems and Challenges with Honeypots. Read more

www.giac.org:
Stealing passwords from microsoft operating systems. (pdf) Read more

Vulnerabilities & Exploits
www.securitytracker.com:
Elm 'frm' Command Buffer Overflow Permits Remote Code Execution. Read more

www.securitytracker.com:
Tcpdump Can Be Crashed By a Remote User Sending a Malicious ISAKMP Packet. Read more

www.securitytracker.com:
KDE kdepim VCF Reader Buffer Overflow Lets Users Execute Arbitrary Commands. Read more

www.securitytracker.com:
CDE libDtSvc Buffer Overflow Yields Root Access to Local Users. Read more

www.securitytracker.com:
OmniCom AlphaLPD Can Be Crashed By Remote Users Opening Many Connections. Read more

www.securitytracker.com:
HP SharedX Insecure File Access May Grant Local Users Access to Files on the System. Read more

www.securitytracker.com:
Symantec Web Security Blocked Page Message Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
nCipher payShield Library May Validate Invalid Requests. Read more

www.securitytracker.com:
HP Tru64 IPSec Kit Flaw May Grant Access to Remote Users. Read more

www.securitytracker.com:
AntiVir Temporary File Symlink Flaw Lets Local Users Overwrite Files With Root Privileges. Read more

www.securitytracker.com:
Microsoft Windows Buffer Overflow in MDAC Lets Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
Microsoft Internet Security and Acceleration Server H.323 Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more

www.debian.org:
DSA-422-1 cvs -- remote vulnerability. Read more

News
www.securityfocus.com:
No relief from Microsoft phishing bug. Read more

www.pcworld.com:
Opteron, Athlon 64 add technology to protect PCs from security breaches from buffer overflow. Read more

www.upi.com:
The Web: Beware of 'spoofing' scams. Read more

13 january 2004

New in Archive
Cruel Intentionz 1.22

Holzpferd 2.5

.96mm

X Spy 1.0

NinjaSpy

Ehks 2.2

Guides, Papers, etc.
www.securityfocus.com:
Digital Signatures And European Laws. Read more

Vulnerabilities & Exploits
www.securitytracker.com:
DansGuardian Webmin Module 'edit.cgi' Lets Remote Authenticated Users Edit Arbitrary Files. Read more

www.securitytracker.com:
VERITAS NetBackup Professional Open Transaction Manager Grants Remote Access to Files on the System During Backup. Read more

www.securitytracker.com:
FTPServer/X Format String Flaw and Buffer Overflow May Permit Remote Code Execution. Read more

www.debian.org:
DSA-419-1 phpgroupware -- missing filename sanitising, SQL injection. Read more

www.debian.org:
DSA-420-1 jitterbug -- improperly sanitised input. Read more

News
www.wired.com:
Kazaa Delivers More Than Tunes. Read more

www.smh.com.au:
Trojan site taken down. Read more

www.washingtonpost.com:
Outlook: Internet Honeypots. Read more

allafrica.com:
Fifty Local Websites Defaced in Five-Hour Hacking Blitz. Read more

www.courierpress.com:
Identity theft is big business. Read more

12 january 2004

New in Archive
Slinger

Speedup

Mint

P.L. Direct

Guides, Papers, etc.
www.net-security.org:
Improving Passive Packet Capture: Beyond Device Polling. (pdf) Read more

Vulnerabilities & Exploits
www.securiteam.com:
Cisco Personal Assistant User Password Bypass Vulnerability. Read more

www.securiteam.com:
FreeProxy/FreeWeb Multiple Vulnerabilities. Read more

www.securiteam.com:
Directory Traversal in Accipiter Direct AdServer. Read more

www.securiteam.com:
Windows FTP Server Format String Vulnerability. Read more

www.securiteam.com:
Leafnoe DoS (Missing Input). Read more

11 january 2004

New in Archive
Danton 4.3.0

Quimera

InLook Remote Controller 0.1c

MDM

Mill

Guides, Papers, etc.
www.cardcops.com:
Account takeovers and retrieval of personal information leading to identity theft. Read more

Vulnerabilities & Exploits
www.securityfocus.com:
RealOne Player SMIL File Script Execution Vulnerability. Read more

www.securityfocus.com:
RealOne Player SMIL File Script Execution Variant Vulnerability. Read more

www.aerasec.de:
bzip2 bombs still causes problems in antivirus-software. Read more

News

10 january 2004

New in Archive
Nuclear RAT 1.0 Public Beta 4.10

Snow 3.3

Reporter

Homiak

Vulnerabilities & Exploits
www.securitytracker.com:
Accipiter DirectServer Discloses Arbitrary Files on the System to Remote Users. Read more

www.securitytracker.com:
phpGroupWare Flaws Allow SQL Injection and PHP File Uploading. Read more

www.securitytracker.com:
FreeProxy Input Validation Flaw Discloses Files to Remote Users. Read more

www.securitytracker.com:
Leafnode Fetchnews May Hang When Retrieving News Messages With No Body. Read more

www.securiteam.com:
Linux Kernel do_mremap Improved Test. Read more

www.securiteam.com:
Switch Off Stack Buffer Overflow. Read more

News
www.theregister.co.uk:
VeriSign dead cert causes net instability. Read more

www.internetweek.com:
Befriending "Homeless Hacker" Adrian Lamo. Read more

www.smh.com.au:
Electronic fraud burgeoning: report. Read more

www.tech-report.com:
Study: Kazaa full of Trojans, viruses. Read more

www.computerworld.com:
New Trojan masquerades as Windows XP update. Read more

news.zdnet.co.uk:
Chips to fight viruses. Read more

09 january 2004

New in Archive
Rewind 1.3

Hacker defender 1.00

Dados

Rocket

Guides, Papers, etc.
ntbugtraq.ntadvice.com:
BadURLs Exchange Sink Event. Read more

www.securityfocus.com:
IIS Lockdown and Urlscan. Read more

Vulnerabilities & Exploits
www.securitytracker.com:
Windows Ftp Server Format String Flaw May Let Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
INN Buffer Overflow in ARTpost() May Let Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
Cisco Personal Assistant Lets Remote Users Modify User Configurations. Read more

www.securitytracker.com:
Yahoo! Messenger Download Filename Buffer Overflow May Let Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
vbox3 Privilege State Error Lets Local Users Execute TCL Scripts With Root Privileges. Read more

www.securitytracker.com:
PHP Input Validation Flaw in Transparent Session ID Support Permits Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
RealOne Player Input Validation Flaw Permits Remote Script Execution. Read more

www.securitytracker.com:
SnapStream PVS LITE Input Validation Flaw Permits Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
ZyWALL 10 Input Validation Flaw Permits Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
Edimax AR-6004 Router Input Validation Flaw Permits Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
fsp Input Validation Flaw Lets Remote Users Traverse the Directory. Read more

www.securitytracker.com:
fsp Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
Phorum Input Validation Flaw in 'register.php' Permits SQL Injection. Read more

www.securitytracker.com:
PhpGedView Input Validation Flaws Let Remote Users Execute Arbitrary Commands. Read more

www.securiteam.com:
KpyM Telnet Server DoS. Read more

www.securiteam.com:
Buffer Overflow in INN's control Message Handling. Read more

www.debian.org:
DSA-418-1 vbox3 -- privilege leak. Read more

www.cisco.com:
Cisco Personal Assistant User Password Bypass Vulnerability. Read more

News
www.smh.com.au:
Electronic fraud burgeoning: report. Read more

www.news.com.au:
New net banking scam. Read more

www.vnunet.com:
2004 to be year of the 'superworm'. Read more

08 january 2004

New in Archive
Satan 1.0

ENZO86 Asylum server

Bossat

CBlade (c)

Core 1.0

Stang 2.1

Tools
Privoxy is a web proxy with advanced filtering capabilities for protecting privacy, filtering web page content, managing cookies, controlling access, and removing ads, banners, pop-ups and other obnoxious Internet junk. Read more

Vulnerabilities & Exploits
www.securitytracker.com:
PostNuke Input Validation Flaw in 'sortby' Variable in 'members_list' Module Permits SQL Injection. Read more

www.securitytracker.com:
PortalApp May Disclose Database File to Remote Users. Read more

www.securitytracker.com:
jabberd SSL Connection Handling Flaw May Let Remote Users Crash the System. Read more

www.securitytracker.com:
vBulletin Input Validation Flaw in calendar.php 'eventid' Field Permits SQL Injection. Read more

www.securitytracker.com:
Lotus Notes Domino for Linux Default Configuration Permissions Let Local Users Gain Elevated Privileges. Read more

www.securitytracker.com:
vsftpd Discloses Whether Usernames are Valid or Not. Read more

www.securiteam.com:
QuikStore Shopping Cart Discloses Installation Path and Viewing and Executing Arbitrary Files. Read more

www.securiteam.com:
Multiple Payload Handling Flaws in ISAKMPd (Continued). Read more

www.securiteam.com:
Microsoft IIS Logging Failure. Read more

www.securiteam.com:
HotNews Arbitrary File Inclusion. Read more

www.securiteam.com:
vBulletin Forum calendar.php SQL Injection. Read more

www.securiteam.com:
Multiple Vulnerabilities in Phorum (common.php, common.php, login.php, register.php). Read more

www.securiteam.com:
Multiple Vulnerabilities in phpGedView. Read more

www.debian.org:
DSA-414-1 jabber -- denial of service. Read more

www.debian.org:
DSA-415-1 zebra -- denial of service. Read more

www.debian.org:
DSA-416-1 fsp -- buffer overflow, directory traversal. Read more

www.debian.org:
DSA-417-1 linux-kernel-2.4.18-powerpc+alpha -- missing boundary check. Read more

News
www.hindustantimes.com:
Almost half of Kazaa downloads 'threaten security'. Read more

www.theregister.co.uk:
Microsoft releases Blaster clean-up tool. Read more

www.securitypipeline.com:
New MiMail Worm Belittles President Bush. Read more

searchsecurity.techtarget.com:
Bugbros worm a bogus Microsoft alert. Read more

www.businesseurope.com:
Staff are 'biggest cyber-criminals'. Read more

www.news.com.au:
Fear about reporting e-crime. Read more

news.com.com:
Password protection in Microsoft Word criticized. Read more

www.sunspot.net:
Voting firm hit by hacker. Read more

07 january 2004

New in Archive
ProRat 1.1

War Trojan 1.06 (version 2) client

Xel Trojan

Peers (a)

Shadorium 2.1

Hackarmy (h)

Vulnerabilities & Exploits
www.securitytracker.com:
PostCalendar Input Validation Flaw Permits Remote SQL Injection. Read more

www.securitytracker.com:
KpyM Telnet Server Can Be Crashed By a Remote Connection Flood. Read more

www.securitytracker.com:
ThWboard 'board.php' Input Validation Flaw Permits Cross-Site Scripting. Read more

www.securitytracker.com:
nd Buffer Overflow Lets Remote Servers Execute Arbitrary Code. Read more

www.securitytracker.com:
mpg321 Format String Flaw May Let Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
FirstClass Desktop Client 'file://' URLs Execute Local Files Without Presenting a Warning Dialog. Read more

www.securitytracker.com:
Linux Kernel Real-time Clock Routines May Leak Kernel Data to User Applications. Read more

www.securiteam.com:
FreznoShop Cross Site Scripting Vulnerability (search.php). Read more

www.debian.org:
DSA-413-1 linux-kernel-2.4.18 -- missing boundary check. Read more

www.debian.org:
DSA-412-1 nd -- buffer overflows. Read more

www.debian.org:
DSA-411-1 mpg321 -- format string vulnerability. Read more

www.debian.org:
DSA-410-1 libnids -- buffer overflow. Read more

www.debian.org:
DSA-409-1 bind -- denial of service. Read more

News
www.channelnewsasia.com:
Japanese IT businesses turn to Gods to ward off viruses, hackers. Read more

catless.ncl.ac.uk:
Forget your bank balance? It's available on the Internet. Read more

www.oreillynet.com:
My Minature Embedded Hacking System Project. Read more

www.theinquirer.net:
Russian president intervenes in Internet love scam. Read more

06 january 2004

New in Archive
Remote VIREUS

Direct Connection 1.0

Fearless RAT 1.0 Console

Vulnerabilities & Exploits
www.securitytracker.com:
HotNews Include File Flaws Let Remote Users Execute Arbitrary Commands. Read more

www.securitytracker.com:
FreznoShop Input Validation Flaw in 'search' Variable Permits Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
Linux Kernel mremap() Improper Bounds Checking Lets Local Users Gain Root Privileges. Read more

www.securiteam.com:
Webcam Watchdog Stack Overflow. Read more

www.debian.org:
DSA-408-1 screen -- integer overflow. Read more

www.debian.org:
DSA-407-1 ethereal -- buffer overflows. Read more

www.debian.org:
DSA-406-1 lftp -- buffer overflow. Read more

News
www.sundaytimes.co.za:
Virus attacks increase in severity. Read more

www.sundaytimes.co.za:
MSN worm does rounds. Read more

zdnet.com.com:
'Homeless hacker' says he'll accept plea bargain. Read more

www.smh.com.au:
'DVD Jon' seals victory as police skip appeal. Read more

www.canada.com:
Don't take passwords to the grave. Read more

news.com.au:
HK online bank fraud grows. Read more

05 january 2004

New in Archive
Newone

Bills Death

Hackarmy (i)

Vulnerabilities & Exploits
www.securitytracker.com:
Invision Power Board Input Validation Flaw in 'calendar.php' Permits SQL Injection. Read more

www.securitytracker.com:
Flash FTP Server Directory Traversal Flaw Lets Remote Authenticated Users Read and Write Arbitrary Files. Read more

www.securiteam.com:
Microsoft Word Protection Bypass. Read more

www.securiteam.com:
xsok Buffer Overflow (-xsokdir). Read more

News
reviews-zdnet.com.com:
Welcome to yet another year of viruses. Read more

www.net4nowt.com:
Spammed viruses courtesy of your ‘bank’. Read more

www.computerworld.com.au:
Security predictions for 2004. Read more

04 january 2004

New in Archive
TROLL Downloader 1.0

System33r Tiny Webdownloader 0.2 (DLL Injection Edition)

mtm recorded pwd stealer

Hook downloader

Alicia version n

Amoeba 1.0

Tools
www.qwik-fix.net:
Qwik-Fix™ provides another layer of essential security by closing off the pathways that worms and viruses use to penetrate your PC.. It does not affect any of your virus programs, firewall or other programs. Read more

Vulnerabilities & Exploits
www.securitytracker.com:
Webcam Watchdog Stack Overflow Lets Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
Microsoft Office Security Features Can Be Bypassed. Read more

03 january 2004

New in Archive
YYServer

Loops

Symes

Vulnerabilities & Exploits
www.securitytracker.com:
GoodTech Systems Telnet Server for Windows NT/2000/XP Can Be Crashed By Remote Users. Read more

www.securitytracker.com:
EasyDynamicPages Include File Holes Let Remote Users Execute Arbitrary Commands on the Target System. Read more

www.securitytracker.com:
Microsoft Internet Explorer Flaw in Processing '.lnk' Shortcuts Lets Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
vCard4J Toolkit Input Validation Flaw May Permit Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
Y@Soft Switch Off Lets Remote Users Deny Service and Remote Authenticated Users Execute Arbitrary Code. Read more

www.secunia.com:
Internet Explorer showHelp() Restriction Bypass Vulnerability. Read more

News
www.theinquirer.net:
Internet Explorer gets early 2004 security warning. Read more

www.infoworld.com:
Security: The year ahead. Read more

news.com.com:
Happy New Worm. Read more

www.silicon.com:
Virus alerts: Malware in waiting for post-xmas chaos. Read more

02 january 2004

New in Archive
Alicia (m)

ZKT

Backdoor.VB.cr

Idim

Vulnerabilities & Exploits
www.securiteam.com:
MacOS X Local SecurityServer Daemon DoS. Read more

www.securiteam.com:
Remote Buffer Overflow in MDaemon (Raw Message Handler). Read more

www.securiteam.com:
Private Message System XSS. Read more

www.securiteam.com:
PHPCatalog E-Commerce SQL Injection. Read more

www.securityfocus.com:
NETObserve Authentication Bypass Vulnerability. Read more

www.debian.org:
DSA-405-1 xsok -- missing privilege release. Read more

News
star-techcentral.com
New Java brew of viruses. Read more

www.overclockersclub.com
New Worm Spreads Via MSN Messenger. Read more

01 january 2004

The Crew of MegaSecurity.org wish you and your loved ones a Happy and safe New Year.

New in Archive
Angelfire (c)

Remote Computer Control Center 1.25 server (b)

ControlTotal 0.12.0

Mind Control 7.0 (b)

Alicia (f)

Vulnerabilities & Exploits
www.securitytracker.com:
Canon VB-C10R Network Camera Input Validation Flaw Permits Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
Microsoft Internet Explorer showHelp() '\..\' Directory Traversal Flaw Lets Remote Users Execute Files on the Target System. Read more

www.securitytracker.com:
Mac OS X SecurityServer Can Be Crashed By Local Users. Read more

www.securiteam.com:
Jordan's Telnet Server Buffer Overflow. Read more

www.securiteam.com:
LANDesk Management Suite IRCRBOOT.DLL Buffer Overflow. Read more

www.securiteam.com:
Jordan's Telnet Server Buffer Overflow Exploit. Read more

News
www.theregister.co.uk:
Mitnick to exploit hackers for $500 a pop. Read more

www.eweek.com:
New Worm Spreads Via MSN Messenger. Read more

www.securityfocus.com:
Defenses lacking at social network sites. Read more

www.philly.com:
Rundll glitch may be virus. Read more

www.computerworld.com:
The future of security. Read more


Copyright© MegaSecurity.org