Home    News Archive    Translate Traducen
News February 20003
28 february 2003

New Trojans:
Lithium 1.01 server (version b)

Little Witch 6.1 (f) server

Unknown server Delf.ax (030226)

Unknown server (030227)

EagleBoy 1.0

Vulnerabilities & Exploits:
www.securitytracker.com:
Microsoft Internet Explorer Vulnerable Codebase Object Lets Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
CuteNews Include File Flaw Lets Remote Users Execute Arbitrary Commands on the Server. Read more

www.debian.org:
DSA-255-1 tcpdump -- infinite loop. Read more

www.debian.org:
DSA-254-1 traceroute-nanog -- buffer overflow. Read more

www.securitytracker.com:
VERITAS Bare Metal Restore for Tivoli Storage Manager Has Unspecified Flaw That Yields Root Privileges to Remote Users. Read more

www.securitytracker.com:
GroupWise WebAccess Input Validation Bug Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
Nokia 6210 Mobile Phone Format String Flaw in Processing SMS vCards Lets Remote Users Crash the Phone. Read more

www.securitytracker.com:
Columbia SIP User Agent (sipc) SIP Protocol Bugs Let Remote Users Deny Service. Read more

www.securitytracker.com:
ClarkConnect Gateway Discloses Information About the System to Remote Users. Read more

News:
www.net-security.org:
Trojans Used to Spread Massive Infections on the Increase. Read more

star-techcentral.com:
Security flaw found in Windows ME. Read more

www.net-security.org:
MS-Windows ME IE/Outlook/HelpCenter Critical Vulnerability. Read more

theregister.co.uk:
Cryptome Hacked. Read more

www.wired.com:
Credit Card Cos. Watch Own Backs. Read more

www.smh.com.au:
Help, they took my identity. Read more

theregister.co.uk:
Bloomberg hacker convicted of extortion. Read more

www.securitynewsportal.com:
Federal police seizing control of domain names for Web sites that allegedly violate the law. Read more

www.securityfocus.com:
Monster.com warns false job postings could lead to identity theft. Read more

www.bayarea.com:
Is open access an invitation? Read more

news.com.com:
Is vigilante hacking legal? Read more

27 february 2003

New Trojans:
Nethief 3.4

Nethief 2.4

NOSecure 1.3 AOL

NOSecure 2.1 DOS

Tools:
www.insecure.org:
Nmap 3.15BETA2 Released. Read more

fileforum.betanews.com:
Etherscan Password Sniffer 1.0 Beta. Read more

Vulnerabilities & Exploits:
www.securitytracker.com:
QuickTime/Darwin Streaming Server Administration Server Bugs Let Remote Users Execute Arbitrary Commands and May Yield Root Access. Read more

www.securitytracker.com:
Mambo Site Server Authentication Bug Gives Remote Users Administrative Access. Read more

www.securitytracker.com:
GONICUS System Administrator (GOsa) Include File Vulnerability Lets Remote Users Execute Arbitrary PHP Code. Read more

www.securitytracker.com:
Usermin Input Validation Flaw in 'miniserv.pl' May Let Remote Users Gain User or Root Access. Read more

www.securitytracker.com:
Webmin Input Validation Flaw in 'miniserv.pl' May Let Remote Users Spoof Session IDs and Gain Root Access. Read more

www.securitytracker.com:
PlatinumFTPserver Input Validation Flaw Lets Remote Users View and Replace Files on the Server. Read more

www.securiteam.com:
A new Mass-Mailing and Backdoor Capable Worm Found in the Wild. Read more

www.securiteam.com:
Path Disclosure Bug in TOPo. Read more

News:
Microsoft Security Bulletin MS03-006
Flaw in Windows Me Help and Support Center Could Enable Code Execution (812709). Read more

www.securityfocus.com:
Computer hacker convicted of trying to shake down Bloomberg. Read more

www.eweek.com:
Mitnick: Leaving the Dark Side. Read more

www.vnunet.com:
UK businesses are virus incubators. Read more

www.theage.com.au:
Beijing spies a useful friend in Castro. Read more

www.nbc6.net:
Ridge: Plant, Port Security Lacking. Read more

26 february 2003

New Trojans:
AppServ 1.1

Lite-Socks

Lamers Death 2.5 (i) server

Wini 1.0

Vulnerabilities & Exploits:
www.securitytracker.com:
Linux 'eject' Utility May Let Local Users Determine Whether Privileged Files on the System Exist. Read more

www.securitytracker.com:
phpBB SQL Injection Flaw Lets Remote Users Gain Administrative Access. Read more

www.securitytracker.com:
Moxftp Client Buffer Overflow Lets Remote Servers Execute Arbitrary Code on the Client. Read more

www.securitytracker.com:
SIRCD IRC Daemon Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
Telindus Router Weak Encoding Algorithm Discloses Administrator Password to Remote Users. Read more

www.securitytracker.com:
zlib Compression Library Buffer Overflow in 'gzprintf()' May Let Users Execute Arbitrary Code. Read more

www.securitytracker.com:
Rogue Game Software Buffer Overflow Lets Local Users Obtain Elevated Privileges. Read more

www.securitytracker.com:
WihPhoto Image Gallery Software Discloses Files to Remote Users. Read more

News:
www.zdnet.com.au:
Lovegate worm's got a hold on PCs. Read more

edition.cnn.com:
'Lovegate' computer worm spreading. Read more

www.hardwarezone.com:
Introducing the LoveGate-C Trojan. Read more

www.nzherald.co.nz:
Hacker ordered to put computer skills to better use. Read more

www.enn.ie:
Alleged AOL hack raises new concerns. Read more

www.theage.com.au:
Defence expert warns cyber-terrorism is latest weapon. Read more

25 february 2003

New Trojans:
Tourniquet 1.0 beta 2

MSN Corruption

Nethief 3.5

SatanzCrew Notifier 1.0

Vulnerabilities & Exploits:
www.securityfocus.com:
Multiple Vendor FTP pipe Vulnerability. Read more

www.debian.org:
DSA-253-1 openssl -- information leak. Read more

www.securitytracker.com:
WWWboard Input Validation Flaw in Message Posting Field Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
Microsoft Outlook Express Security Domain Flaw Lets Remote Users Silently Install and Execute Arbitrary Code. Read more

News:
www.zdnet.com.au:
Lovegate worm's got a hold on PCs. Read more

www.theage.com.au:
Variant of Lovgate worm found. Read more

www.theregister.co.uk:
Introducing the Lovgate.C Trojan. Read more

www.ciol.com:
Users learn to knock off 'Lovegate' virus. Read more

www.collegian.psu.edu:
Hacker fraud causes banks to use caution. Read more

www.theregister.co.uk:
Ethical wireless hacker is innocent. Read more

www.nzherald.co.nz:
Hacker admits wilful damage. Read more

www.nzherald.co.nz:
Hacker ordered to put computer skills to better use. Read more

www.timesonline.co.uk:
Attacks on UK computer systems soar. Read more

cryptome.org:
Citibank tries to gag crypto bug disclosure. Read more

money.cnn.com:
Cybercrime: Living with it. Read more

www.chron.com:
Jurors acquit man of hacking system at district clerk's office. Read more

www.theinquirer.net:
AOL sets new record for (in)security. Read more

www.theregister.co.uk:
Program hides secret messages in executables. Read more

24 february 2003

New Trojans:
zGET 0.2

Pet

Badbot 2.0

MSN Troyano 2.01

Vulnerabilities & Exploits:
www.securitytracker.com:
NuKed-KlaN Input Validation Flaws in 'index.php' Let Remote Users Conduct Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
glFtpD FTP Server Bugs Let Remote Authenticated Users Gain Root Level Access. Read more

www.securitytracker.com:
Cisco PIX Firewall SIP Protocol Bugs Let Remote Users Deny Service. Read more

www.securitytracker.com:
Cisco IOS Router SIP Protocol Bugs Let Remote Users Deny Service. Read more

www.securitytracker.com:
Cisco IP Phone SIP Protocol Bugs Let Remote Users Deny Service. Read more

www.securitytracker.com:
Nortel Succession Communication Server SIP Protocol Bugs Let Remote Users Execute Code or Deny Service. Read more

www.securitytracker.com:
iptel.org SIP Express Router SIP Protocol Bugs Let Remote Users Execute Code or Deny Service. Read more

www.securiteam.com:
Proxomitron Naoko Long Path Buffer Overflow/DoS. Read more

www.securiteam.com:
Symantec Norton AntiVirus 2002 Buffer Overflow Vulnerability. Read more

News:
online.securityfocus.com:
Forensics on the Windows Platform, Part One. Read more

online.securityfocus.com:
Forensics on the Windows Platform, Part Two. Read more

www.securitynewsportal.com:
Whitehat hacker dukes it out with Blackhat hacker on Mitnicks Corporate Server. Read more

money.cnn.com:
Cybercrime: Living with it. Read more

www.scotlandonsunday.com:
Hackers bid to derail Deepcut campaign. Read more

www.canada.com:
Mafiaboy opened eyes to cybercrime. Read more

www.newscientist.com:
Cash machines vulnerable to hackers. Read more

23 february 2003

New Trojans:
RemoteCtrol 1.1

Beast 1.92

Elite Spyz 4

CMD 1.0

Vulnerabilities & Exploits:
www.securityfocus.com:
Norton Antivirus 2002 Email Scanner Buffer Overflow Vulnerability. Read more

www.securityfocus.com:
PHPBB Auth.PHP File Disclosure Vulnerability. Read more

www.securitytracker.com:
login_ldap May Grant Access to Remote Users When No Password Is Supplied. Read more

www.securitytracker.com:
phpMyNewsletter 'customize.php' Include File Bug Discloses Files to Remote Users. Read more

www.securitytracker.com:
Sage Content Management System Bugs Disclose Installation Path and Let Remote Users Conduct Cross-Site Scripting Flaws. Read more

www.securiteam.com:
SquirrelMail Proxies IMAP Vulnerability. Read more

News:
linuxtoday.com:
NewsForge: Open Source Security Manual and Training for Ethical Hacking. Read more

www.securityfocus.com:
How to get an ATM PIN number in 15 guesses. Read more

news.bbc.co.uk:
Net security software exposed. Read more

www.theregister.co.uk:
Poker.com continues fight over 'hijacked' URL. Read more

22 february 2003

New Trojans:
pcLog 5.10

Invisible Evil 1.1

Sin 2.0

wCRAT 1.2b

Vulnerabilities & Exploits:
home.eunet.no:
Offline NT Password & Registry Editor, Bootdisk. Read more

www.securitytracker.com:
myPHPNuke Input Validation Flaws in 'links.php' Let Remote Users Conduct Cross-Site Scripting Attack. Read more

www.securitytracker.com:
Symantec Norton Anti-Virus E-mail Scanning Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
OpenSSL Flaw in Processing Padding Errors May Let Remote Users Obtain Certain Plaintext Information. Read more

www.securitytracker.com:
Sun Solaris rpcbind Bug Lets Remote Users Deny Service on the System. Read more

News:
www.wininformant.com:
Windows XP Wide Open Using Windows 2000 CD-ROM. Read more

www.wired.com:
XP Hole Plagues All Similar Apps. Read more

www.theregister.co.uk:
AOL probes hacker "breach". Read more

www.net4nowt.com:
TK worm still poses a threat. Read more

www.theregister.co.uk:
Open Source security manual and training for ethical hacking. Read more

www.theregister.co.uk:
Crypto attack against SSL outlined. Read more

www.informationweek.com:
Hacker Forces Deactivation of 16,000 Check Cards. Read more

www.tom-cat.com:
Is it Adware? ...or is it Spyware?? Read more

www.theregister.co.uk:
CDT attacks anti child-porn law. Read more

www.theregister.co.uk:
Schoolgirl turns tables on email credit card fraudster. Read more

21 february 2003

New Trojans:
Nethief 1.7

Protoss 1.3 console

Fxdoor 1.1 client

Ehks 2.0 beta

Vulnerabilities & Exploits:
www.securitytracker.com:
cPanel Web Hosting Control Panel Bugs Let Remote Users Execute Arbitrary Commands and Local Users Gain Root Privileges. Read more

www.securitytracker.com:
HP-UX Bastille Configuration Error Lets Remote Users Query Sendmail With EXPN and VRFY Commands to Obtain Information About Operating System Users. Read more

www.securiteam.com:
Unauthorized File Access Vulnerability Found in phpMyNewsletter. Read more

News:
news.com.com:
Lawyers: Hackers sentenced too harshly. Read more

arstechnica.com:
H/Cracker sentences too stiff? Read more

news.bbc.co.uk:
Net security software exposed. Read more

www.eweek.com:
Database Vulnerabilities In The Spotlight. Read more

www.blackhat.com:
Call For Papers Announcement: Black Hat Briefings Amsterdam. Read more

www.nwfusion.com:
Flaws discovered in Lotus software. Read more

www.securityfocus.com:
Airport limo firm allegedly hobbled by revenge hack. Read more

www.eweek.com:
Microsoft Forms Academic Advisory Board. Read more

www.timesonline.co.uk:
Firms warned of IT terrorists. Read more

www.guardian.co.uk:
Electronic Pearl Harbor. Read more

20 february 2003

New Trojans:
Kronical Fire 1.0

Igloo 1.8

Igloo 1.5 (b)

Dark trojan 1.0 client

Tools:
www.insecure.org:
Nmap version 3.15BETA1 released. Read more

www.cisiar.or:
Cisilia, Cluster Based Password Brute Forcer. Read more

LaBrea: "Sticky" Honeypot and IDS
LaBrea takes over unused IP addresses, and creates virtual servers that are attractive to worms, hackers, and other denizens of the Internet. The program answers connection attempts in such a way that the machine at the other end gets "stuck", sometimes for a very long time. Read more

Vulnerabilities & Exploits:
www.securitytracker.com:
Lotus iNotes Client ActiveX Control Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
Yahoo! Mobile May Disclose Private Information to Remote Users. Read more

www.securitytracker.com:
IBM Lotus Domino Web Server Redirect Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
Lotus Domino Web Server iNotes Buffer Overflow in 'PresetFields' Lets Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
Microsoft Windows 'riched20.DLL' Buffer Overflow May Let Remote Users Crash Applications. Read more

www.securitytracker.com:
PHP Bug in CGI SAPI Discloses Files on the Server to Remote Users. Read more

www.securitytracker.com:
NetCharts Server Chunked-Encoding Flaw May Disclose Information to Remote Users. Read more

News:
abcnews.go.com:
FBI Probing Theft of 8 Million Credit Card Numbers. Read more

www.msnbc.com:
Credit card hack traced to outsider. Read more

www.crn.com:
Hacker Likely Tapped Company's Computers To Get Credit Cards. Read more

catless.ncl.ac.uk:
Playing Russian Roulette with traffic lights. Read more

www.zwire.com:
Identity theft cases doubled last year. Read more

www.newbernsunjournal.com:
International computer attack affects local systems. Read more

www.crime-research.org:
Special unit to hunt down cybercriminals. Read more

19 february 2003

New Trojans:
Little Witch 6.1 (c)

Lamers Death 2.5 (b) Server

Aqua 0.2 modified client

Blhouse

Vulnerabilities & Exploits:
www.securitytracker.com:
Petitforum Discloses Information to Remote Users and Allows Remote Users to Post Messages Acting as Other Users. Read more

www.securitytracker.com:
BisonFTP Server Discloses Information to Remote Users and Lets Remote Users Deny Service. Read more

www.securitytracker.com:
D-forum Include File Error Lets Remote Users Execute Arbitrary Commands on the Target Server. Read more

www.securitytracker.com:
'Kietu?' Web Site Statistics Software Include File Error Lets Remote Users Execute Arbitrary Commands. Read more

www.securitytracker.com:
php-Board Forum Discloses Passwords to Remote Users. Read more

www.securitytracker.com:
BitchX IRC Chat Client Can Be Crashed By Remote Users. Read more

News:
www.bayarea.com:
Student arrested for breaking into school computer network. Read more

rss.com.com:
Microsoft going after Hotmail spammers. Read more

rss.com.com:
Oracle plugs six-pack of flaws. Read more

18 february 2003

New Trojans:
MRA Rat 1.0

RemoteNC beta3

Assasin 2.0 Public Beta 1.0

CoreServer

Unify 1.4

Vulnerabilities & Exploits:
www.securiteam.com:
NetHack 'games' Privileges Escalation Exploit Code (-s). Read more

www.securiteam.com:
Mulitple Vulnerabilities Found in BisonFTP (DoS, Directory Traversal @). Read more

www.securiteam.com:
ORACLE bfilename Function Buffer Overflow Vulnerability. Read more

www.securiteam.com:
Lotus iNotes Client ActiveX Control Buffer Overrun. Read more

www.securiteam.com:
Lotus Domino Web Server Host/Location Buffer Overflow Vulnerability. Read more

News:
europe.cnn.com:
Hacker accesses 2.2 million credit cards. Read more

uk.news.yahoo.com:
Visa/MasterCard accounts hacked into. Read more

www.smh.com.au:
Instant mayhem. IRC is the preferred medium for hack-attacks. Read more

www.zdnet.com.au:
US security group issues global honey challenge. Read more

www.thestar.com:
Exxon Valdez of data leaks may have happened. Read more

17 february 2003

New Trojans:
DeathBot 9.02

MSBot (b)

Remote Operations 2.2

Remote Operations 2.3

Tool:
The Reverse-WWW-Tunnel-Backdoor is proof-of-concept Perl program for the paper "Placing Backdoors through Firewalls". It allows communicating with a shell through firewalls and proxy servers by imitating webtraffic. The master/slave relation is reversed, therefore no listening ports are used on the target machine. (OS: Unix) Download

Vulnerabilities & Exploits:
www.securitytracker.com:
Apcupsd Format String Flaw May Let Remote Users Gain Root Access. Read more

www.securitytracker.com:
Mac OS X Apple File Protocol (AFP) Access Control Bug Lets Administrators Login Under Other User Identities. Read more

www.securitytracker.com:
MacOS Classic Emulator TruBlueEnvironment Access Control Bug Lets Local Users Create Files With Root Privileges to Gain Root Level Access. Read more

www.securitytracker.com:
[Indy]News Forum Software Lets Remote Users Upload Files to the System. Read more

www.securitytracker.com:
CheetaChat Discloses User Password to Local Users. Read more

www.securityfocus.com:
Microsoft Internet Explorer ShowHelp Arbitrary Command Execution Vulnerability. Read more

News:
www.trib.com:
Man charged with crashing employer's computer site. Read more

www.news-register.net:
Cyberterrorism Is a Concern. Read more

www.thestar.com:
Security documents at risk on federal site: Audit. Read more

Bogus Alerts Target PayPal Users. Read more

16 february 2003

New Trojans:
PtakkS 2.1 r1

PtakkS 2.1 r6

Kcom cookie 4.0

The Revenge Pack Configuration

Vulnerabilities & Exploits:
www.securitytracker.com:
HP-UX 'disable' Command Buffer Overflow May Let Local Users Gain Elevated Privileges. Read more

www.securitytracker.com:
Courier Mail Transfer Agent May Let Remote Users Inject and Execute SQL Statements. Read more

www.securitytracker.com:
Symantec's Norton Anti-Virus Fails to Work After Loading Corrupt Anti-Virus Definitions. Read more

www.securiteam.com:
RealServer 8 Remote Buffer Overflow Vulnerability (Exploit, SETUP, RTSP). Read more

www.securiteam.com:
Kaspersky Antivirus DoS (Long Path, AUX). Read more

www.securiteam.com:
Abyss WebServer Brute Force Vulnerability. Read more

www.securiteam.com:
CheetaChat Stores Passwords in the Clear. Read more

www.securiteam.com:
MacOS X TruBlueEnvironment Privilege Escalation Attack. Read more

www.securiteam.com:
FAR Utility Buffer Overflow. Read more

www.securiteam.com:
Windows NT 4.0/2000 cmd.exe Long Path Buffer Overflow/DoS. Read more

www.securiteam.com:
HPUX 'Disable' Buffer Overflow Vulnerability. Read more

News:
www.vnunet.com:
Catherine Zeta-Jones lacks pulling power. Read more

www.securitynewsportal.com:
Microsoft Files Lawsuit against unknown Hotmail Hackers. Read more

economictimes.indiatimes.com:
What's a cyber crime, and what's not. Read more

www.vnunet.com:
Hacker insurance set to rocket. Read more

news.com.com:
Bush unveils final cybersecurity plan. Read more

15 february 2003

New Trojans:
Nethief 3.6

4u

Harvester 1.0

Supervisor Plus 1.0

Vulnerabilities & Exploits:
arstechnica.com:
CD-ROM exploit makes XP passwords useless. Read more

www.securitytracker.com:
Oracle Application Server MOD_ORADAV Module and DAV_PUBLIC Directory Bugs Let Remote Users Deny Service. Read more

www.securitytracker.com:
Oracle Database Server Buffer Overflow in ORACLE.EXE Binary May Let Remote Users Execute Arbitrary Code. Read more

Oracle Database Server Buffer Overflow in TO_TIMESTAMP_TZ Function May Let Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
Oracle Database Server Buffer Overflow in TZ_OFSET Function May Let Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
Oracle Database Server Buffer Overflow in BFILENAME() DIRECTORY Parameter May Let Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
Abyss Web Server Permits Brute Force Password Guessing on the Administrative Interface. Read more

www.securitytracker.com:
Lotus Domino Web Server May Disclose File Source Code to Remote Users When Requests Are Appended With a Period. Read more

www.securitytracker.com:
HP-UX 'stmkfont' Typeface Compiler Buffer Overflow May Execute Arbitrary Code. Read more

www.securitytracker.com:
IBM AIX 'libIM.a' Library Buffer Overflow May Let Local Users Gain Elevated Privileges. Read more

www.securitytracker.com:
HP-UX 'rs.F3000' Graphics Driver May Allow Local Users to Gain Elevated Privileges. Read more

www.securitytracker.com:
HP-UX 'rpc.yppasswd' Daemon Buffer Overflow May Let Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
Sun Solaris 'mail' Application May Disclose User E-mails to Other Local Users. Read more

www.securitytracker.com:
WoltLab Burning Board Input Validation Bug in 'wiw.php' Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
HP-UX 'lanadmin' Utility Buffer Overflow May Let Local Users Gain Root Privileges. Read more

www.securitytracker.com:
HP-UX 'landiag' Utility Buffer Overflow May Let Local Users Gain Root Privileges. Read more

www.debian.org:
DSA-251-1 w3m -- missing HTML quoting. Read more

News:
www.securityfocus.com:
A Short History of Computer Viruses and Attacks. Read more

www.wired.com:
Bogus Alerts Target PayPal Users. Read more

14 february 2003

New Trojans:
MSN Kamuflao 3.0

Toxicity Remote KeyLog

Lamers Death 2.7 RC1

Lamers Death 2.5 (f) server

Vulnerabilities & Exploits:
www.securityfocus.com:
Multiple Vendor Email Client JavaScript Information Leakage Vulnerability. Read more

www.securityfocus.com:
Multiple Vendor HTTP CONNECT TCP Tunnel Vulnerability. Read more

www.securityfocus.com:
Cedric Email Reader Skin Configuration Script Remote File Include Vulnerability. Read more

www.securityfocus.com:
Cedric Email Reader Global Configuration Script Remote File Include Vulnerability. Read more

www.securityfocus.com:
Microsoft Windows NT/2000/XP LAN Manager Password Hashing Weakness. Read more

www.securityfocus.com:
PHPRecipeBook Data Modification Vulnerability. Read more

www.securityfocus.com:
Alt-N MDaemon/WorldClient Form2Raw Mail Header Spoofing Vulnerability. Read more

www.securityfocus.com:
Eset Software NOD32 Antivirus Local Buffer Overflow Vulnerability. Read more

www.securityfocus.com:
Opera opera.PluginContext Native Method Buffer Overflow Vulnerability. Read more

www.securityfocus.com:
CryptoBuddy Long Passphrase Truncation Weakness. Read more

www.securityfocus.com:
Norton Antivirus Corporate Edition Configuration File Modification Vulnerability. Read more

www.securityfocus.com:
CryptoBuddy Unused Encryption Passphrase Vulnerability. Read more

www.securityfocus.com:
Gallery Insecure File Permissions Vulnerability. Read more

www.securityfocus.com:
Opera Username URI Warning Dialog Buffer Overflow Vulnerability. Read more

www.securityfocus.com:
CryptoBuddy Predictable Encrypted Passphrase Weakness. Read more

www.securityfocus.com:
Netgear FM114P Wireless Firewall File Disclosure Vulnerability. Read more

www.securityfocus.com:
Gupta SQLBase EXECUTE Buffer Overflow Vulnerability. Read more

www.securitytracker.com:
CGI::Lite Input Validation Hole May Disclose Files or Grant Shell Access to Remote Users. Read more

www.securitytracker.com:
Opera Browser May Execute Arbitrary Code When Loading a Malicious URL. Read more

www.securitytracker.com:
FAR File Manager Shell Overflow May Let Local Users Execute Arbitrary Code. Read more

www.securitytracker.com:
Cisco IOS Devices May Accept Bogus ICMP Redirects From Remote Users and Reroute Packets Accordingly. Read more

www.securitytracker.com:
Ericsson ADSL Modem Web Management Interface Grants Access to Any Remote User. Read more

www.securitytracker.com:
Kaspersky Anti-Virus Can Be Crashed By Local Users. Read more

www.debian.org:
DSA-250-1 w3mmee-ssl -- missing HTML quoting. Read more

News:
www.gulftech.org:
Remote Shells Using NetCat. Read more

star-techcentral.com:
Worm lures users with Zeta-Jones photos. Read more

13 february 2003

New Trojans:
Silver FTP 1.1

Sigatarius_Spy 5.042

Specrem 6.1

Dominador 1.3

Tool:
www.securityfriday.com:
IE'en remotely controls Internet Explorer using DCOM. Read more

Vulnerabilities & Exploits:
www.idefense.com:
Buffer Overflow in AIX libIM.a. Read more

www.securitytracker.com:
Eggdrop IRC Bot Lets Certain Remote Authenticated Users Invoke the Bot as a Proxy. Read more

www.securitytracker.com:
NOD32 for UNIX Buffer Overflow May Let Local Users Gain Root Privileges. Read more

www.securitytracker.com:
CryptoBuddy Encryption Weakness Lets Local Users Decrypt Files. Read more

www.securitytracker.com:
Cedric Email Reader (Webmail) Include File Bug Lets Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
SQLBase Buffer Overflow Lets Remote Authenticated Users Gain System Privileges. Read more

www.securitytracker.com:
Gallery Image Management Software Lets Local Users Create or Modify Images. Read more

www.securitytracker.com:
NETGEAR FM114P Wireless Router Input Validation Bug May Disclose Configuration Files to Remote Users. Read more

News:
www.islandpacket.com:
Feds warn 'patriot-hackers' against cyber-attacks. Read more

story.news.yahoo.com:
If U.S. launches cyberattack, it could change nature of war. Read more

www.startribune.com:
Some experts say cyberterrorism is very unlikely. Read more

www.crime-research.org:
Cybercrime show tackles terrorism. Read more

www.vnunet.com:
'Annoying' script kiddies no real threat. Read more

rtnews.globetechnology.com:
Group charged with hacking into satellite TV. Read more

www.msnbc.com:
Step inside the world of hacking. Read more

dc.internet.com:
DoJ: We Want to Read Your E-Mail. Read more

online.securityfocus.com:
Mitnick Banned From Security Group. Read more

12 february 2003

New Trojans:
Remote Access (a)

Remote Access (b)

Remote Access Advanced

Remote

Vulnerabilities & Exploits:
online.securityfocus.com:
DCGUI Remote Directory Parsing File Download Vulnerability. Read more

online.securityfocus.com:
Microsoft Windows Window Message Subsystem Design Error Vulnerability. Read more

online.securityfocus.com:
WinZip File Encryption Scheme Limited Key Space Vulnerability. Read more

www.securitytracker.com:
NetHack Game Buffer Overflow Lets Local Users Obtain Additional Privileges. Read more

www.securitytracker.com:
Red Hat Linux Kernel-Utils 'uml_net' Configuration Error Lets Local Users Perform Privileged Operations. Read more

www.securitytracker.com:
HP/UX 'wall' Utility Buffer Overflow May Let Local Users Gain Elevated Privileges. Read more

News:
online.securityfocus.com:
What's the World's Most Stupid Security Measure? Read more

www.theregister.co.uk:
Mitnick shrugs off 'welcome back' hack attack. Read more

www.newsfactor.com:
How Vulnerable Is the Internet Now? Read more

www.theregister.co.uk:
Do it with spanners - how the Iraq cyber attack will work. Read more

usinfo.state.gov:
FBI Chief Says Al-Qaeda Threat Still Strong. Read more

quote.bloomberg.com:
South Korean Government Issues Warning About Internet Virus. Read more

www.smh.com.au:
Row over gaming engine security holes ends - peacefully. Read more

www.techtv.com:
'Unreal' Security Risk. Read more

www.siliconvalley.com:
Miguel Helft: If tech companies were liable for security holes, cyberspace would become safer. Read more

quote.bloomberg.com:
DirecTV, Echostar Lost Millions to Hackers, U.S. Says (Update1). Read more

www.reuters.com:
Microsoft offers e-mail security newsletter. Read more

11 february 2003

New Trojans:
Little Witch 5.7 Miniserver

KeyLogger 1.0

Msn Spider 1.0

Nethief 4.0

Vulnerabilities & Exploits:
www.illegalaccess.org:
Java-Applet crashes Opera 6.05 and 7.01. Read more

online.securityfocus.com:
irc2 SERVER Command Argument Buffer Overflow Vulnerability. Read more

online.securityfocus.com:
Microsoft Windows XP HCP URI Buffer Overflow Vulnerability. Read more

online.securityfocus.com:
RedHat Net-Tools Package Buffer Overflow Vulnerability. Read more

online.securityfocus.com:
Red Hat Linux User Mode Linux SetUID Installation Vulnerability. Read more

online.securityfocus.com:
Netscape JavaScript Cache Browsing Vulnerability. Read more

online.securityfocus.com:
Solaris in.ftpd Remote Denial of Service Vulnerability. Read more

online.securityfocus.com:
HPUX Wall Message Buffer Overflow Vulnerability. Read more

online.securityfocus.com:
Posadis DNS Request Question Section Denial Of Service Vulnerability. Read more

online.securityfocus.com:
Solaris priocntl() System Call Local Root Vulnerability. Read more

online.securityfocus.com:
Microsoft IIS False Logging Weakness. Read more

online.securityfocus.com:
W3M Image Attribute Cross Site Scripting Vulnerability. Read more

online.securityfocus.com:
W3M Frame Enabled Browsing Cross Site Scripting Vulnerability. Read more

News:
online.securityfocus.com:
Famous hacker suffers break-ins to own corporate Web site. Read more

www.smh.com.au:
When Hotmail isn't that hot. Read more

www.ctnow.com:
Cyber-Terrorism: Growing Risk. Read more

www.fcw.com:
Feds look for lessons from Internet worm. Read more

online.securityfocus.com:
Sacked sysadmin arrested on hacking charges. Read more

www.pcworld.com:
The Case of the Mysterious .gov Site. Read more

10 february 2003

New Trojans:
Broomop 6.3

Insider Server

AntiLamer Backdoor 1.4 (c) Server

Remote MSN 1.0

Vulnerabilities & Exploits:
online.securityfocus.com:
Netscape Enterprise Server HTTP Method Name Buffer Overflow Vulnerability. Read more

online.securityfocus.com:
Microsoft Windows DNS Resource Record Cache Corruption Vulnerability. Read more

online.securityfocus.com:
L-Soft Listserv SMTP Buffer Overflow Vulnerability. Read more

online.securityfocus.com:
Solaris NFS lockd Remote Denial of Service Vulnerability. Read more

online.securityfocus.com:
Sun JSSE/Java Plug-In/Java Web Start Incorrect Certificate Validation Vulnerability. Read more

online.securityfocus.com:
IBM WebSphere Exported XML Password Encoding Weakness. Read more

online.securityfocus.com:
Microsoft IIS Malformed HTTP Get Request Denial Of Service Vulnerability. Read more

online.securityfocus.com:
Microsoft Windows Network Monitor Weak Password Encryption Vulnerability. Read more

online.securityfocus.com:
Aladdin Knowledge Systems eSafe OPSEC CVP Virus Scanning Bypass Vulnerability. Read more

online.securityfocus.com:
Microsoft SQL Server 2000 Resolution Service Stack Overflow Vulnerability. Read more

online.securityfocus.com:
Xpdf/CUPS pdftops Integer Overflow Vulnerability. Read more

online.securityfocus.com:
CVS Directory Request Double Free Heap Corruption Vulnerability. Read more

online.securityfocus.com:
GlobalScape CuteFTP Clipboard URL Buffer Overflow Vulnerability. Read more

online.securityfocus.com:
Celestial Software AbsoluteTelnet Title Bar Buffer Overflow Vulnerability. Read more

online.securityfocus.com:
GlobalScape CuteFTP LIST Response Buffer Overflow Vulnerability. Read more

online.securityfocus.com:
Microsoft Internet Explorer ShowHelp Arbitrary Command Execution Vulnerability. Read more

online.securityfocus.com:
OpenLDAP Multiple Unspecified Arbitrary Code Execution Vulnerabilities. Read more

online.securityfocus.com:
OpenLDAP Multiple Buffer Overflow Vulnerabilities. Read more

online.securityfocus.com:
WindowMaker Image Handling Buffer Overflow Vulnerability. Read more

News:
www.theregister.co.uk:
Security experts duped by Slammer 'jihad' rot. Read more

www.smh.com.au:
Backpackers' savings at risk from online banking scam. Read more

www.gomemphis.com:
Taking byte from Baghdad. Read more

09 february 2003

New Trojans:
Nethief 2.6

CS Trojan

RemotanZ - Clone

Igloo 1.5

Tool:
proDETECT is an open source promiscious mode scanner with a GUI. Read more

Vulnerabilities & Exploits:
www.securitytracker.com:
w3m Text Web Browser Input Validation Flaw Allows Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
Alt-N WorldClient Default CGI Configuration Lets Remote Users Send Forged Mail Via the Server. Read more

www.securitytracker.com:
IlohaMail Input Validation Bug Lets Remote Authenticated Users Upload Files to the Server. Read more

www.securitytracker.com:
Aladdin eSafe Gateway Can Be Bypassed When Used With the Check Point CVP Protocol. Read more

www.securitytracker.com:
AbsoluteTelnet Buffer Overflow in Title Bar Lets Remote Users Execute Arbitrary Code. Read more

online.securityfocus.com:
slocate Local Buffer Overrun Vulnerability. Read more

online.securityfocus.com:
ProFTPD 1.2.0rc2 log_pri() Format String Vulnerability. Read more

online.securityfocus.com:
UMN GopherD Unauthorized Proxy Vulnerability. Read more

online.securityfocus.com:
FileSeek CGI Script File Disclosure Vulnerability. Read more

online.securityfocus.com:
FileSeek CGI Script Remote Command Execution Vulnerability. Read more

online.securityfocus.com:
Microsoft Internet Explorer Dialog Box Cross-Domain Violation Vulnerability. Read more

online.securityfocus.com:
phpMyNewsLetter Remote File Include Vulnerability. Read more

online.securityfocus.com:
AOL Instant Messenger Password Encryption Weakness. Read more

online.securityfocus.com:
UMN GopherD File Disclosure Vulnerability. Read more

online.securityfocus.com:
Microsoft Windows XP Redirector Privilege Escalation Vulnerability. Read more

News:
www.sbpost.ie:
Netting a hacker. Read more

08 february 2003

New Trojans:
Noname Trojan 1.0

RMS 2.7

RMS 2.1 Server

Nuclear Keys 1.0

Vulnerabilities & Exploits:
online.securityfocus.com:
PHP-Nuke Avatar HTML Injection Vulnerability. Read more

online.securityfocus.com:
Microsoft Windows 2000 RPC Service Privilege Escalation Vulnerability. Read more

online.securityfocus.com:
Microsoft Windows 2000 NetBIOS Continuation Packets Kernel Memory Leak Vulnerability. Read more

online.securityfocus.com:
Macromedia ColdFusion HTTP Client Sample Application Proxy Access Vulnerability. Read more

online.securityfocus.com:
Electrasoft 32Bit FTP Client Long Server Banner Buffer Overflow Vulnerabiliity. Read more

online.securityfocus.com:
ByteCatcher FTP Client Long Server Banner Buffer Overflow Vulnerabiliity. Read more

online.securityfocus.com:
Courier-IMAP Username SQL Injection Vulnerability. Read more

online.securityfocus.com:
Microsoft Windows NT Win32k.sys Denial of Service Vulnerability. Read more

online.securityfocus.com:
Multiple Vendor Network Device Driver Frame Padding Information Disclosure Vulnerability. Read more

www.securitytracker.com:
Linux Kernel 2.4 O_DIRECT Processing Flaw May Disclose File System Information to Local Users. Read more

www.securitytracker.com:
Direct Connect 4 Linux DCGUI Discloses Files on the System to Remote Users. Read more

www.securitytracker.com:
Posadis DNS Server Buffer Overflow May Let Remote Users Crash the Server. Read more

www.securitytracker.com:
Microsoft Internet Explorer showHelp() Domain Security Flaw Lets Remote Users Execute Commands. Read more

www.securitytracker.com:
Microsoft Windows XP Redirector Buffer Overflow May Let Local Users Gain System Level Privileges. Read more

News:
online.securityfocus.com:
Ashcroft proposes vast new surveillance powers. Read more

news.com.com:
Microsoft coders get a bug-catcher. Read more

www.theregister.co.uk:
Security experts duped by Slammer 'jihad' rot. Read more

www.theregister.co.uk:
US and UK arrests in computer worm probe. Read more

www.smh.com.au:
The hackers are coming to town. Read more

www.theregister.co.uk:
Spyware found on one in three corporate networks. Read more

www.theregister.co.uk:
On the trail of a stolen Tablet PC. Read more

news.com.com:
International raid nabs two over TK worm. Read more

www.theregister.co.uk:
Student charged with massive ID fraud. Read more

www.washingtonpost.com:
Alleged Student Hacker Indicted in Massachusetts. Read more

news.yahoo.com:
FBI Seeks Hacker Who Stole EBay Info. Read more

www.reuters.co.uk:
EU to form cybercrime rapid reaction force. Read more

07 february 2003

New Trojans:
CamKing

Insane TCP Backdoor

The Klepto 1.1

BDirect 1.0

Vulnerabilities & Exploits:
online.securityfocus.com:
PAM pam_xauth Module Unintended X Session Cookie Access Vulnerability. Read more

online.securityfocus.com:
MySQL Double Free Heap Corruption Vulnerability. Read more

online.securityfocus.com:
Microsoft Internet Explorer dragDrop Method Local File Reading Vulnerability. Read more

www.securitytracker.com:
Opera Web Browser Multiple Flaws Disclose Private Information and Let Remote Users Access Local Files and Directories. Read more

www.securitytracker.com:
TOPo TOP System Bug Discloses Installation Path to Remote Users. Read more

www.securitytracker.com:
Secure Internet Live Conferencing (SILC) Discloses User Passphrase Via Memory. Read more

www.securitytracker.com:
WebSphere Discloses Passwords in the XML Configuration Export File. Read more

www.securitytracker.com:
Majordomo Mailing List Default Configuration Discloses List E-mail Addresses to Remote Users. Read more

News:
news.scotsman.com:
US Security Services Swoop on Suspected Hackers. Read more

www.ciol.com:
Computer worm criminals arrested. Read more

www.ciol.com:
Student hacker indicted. Read more

online.securityfocus.com:
If it's Thursday it must be IE patching day. Read more

www.japantimes.co.jp:
Police draw more cyber attacks. Read more

www.reuters.co.uk:
Calif. Man Charged with Hacking ViewSonic System. Read more

www.lasvegassun.com:
Web Magazine Retracts Virus Attack Story. Read more

www.newsday.com:
Man goes on trial in Bloomberg cyber-extortion case. Read more

www.wired.com:
Bush Data-Mining Plan in Hot Seat. Read more

www.usatoday.com:
'Erased' hard drives can bite you. Read more

06 february 2003

New Trojans:
Z-Demon 1.25

PowerSpider 3.11

Vision de Control 1.0

Broomop 6.2

Vulnerabilities & Exploits:
www.securitytracker.com:
Compaq Insight Manager Web Agent Session Security Hole May Yield Access to Remote Users. Read more

www.securitytracker.com:
SpamProbe Can Be Crashed By Remote Users Sending E-mail. Read more

www.securitytracker.com:
eL DAPo LDAP Management Software Bug Discloses Authentication Information to Remote Users. Read more

www.securitytracker.com:
Microsoft Internet Explorer May Disclose Local Files to Remote Users Via the dragDrop() Method. Read more

www.securitytracker.com:
OpenBSD 'chpass' Utility May Disclose the Contents of Files in Certain Formats to Local Users. Read more

www.securitytracker.com:
PHP-Nuke Input Validation Hole in Avatar Image Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
KaZaA Media Desktop Can Be Crashed By Remote Users in Certain Situations. Read more

www.securitytracker.com:
BladeEnc MP3 Signed Integer Flaw Lets Remote Users Cause Arbitrary Code to Be Executed. Read more

www.securitytracker.com:
Nuke Browser Input Validation Vulnerability Lets Remote Users Execute Arbitrary Commands on the Server. Read more

www.securitytracker.com:
PhpMyShop SQL Injection Flaw Allows Remote Users to Gain Access to the System. Read more

www.securiteam.com:
Banner Buffer Overflows Found in Multiple FTP Clients. Read more

www.securiteam.com:
File Stream Overflows Paper. Read more

www.pivx.co:
bugs founded in the Unreal engine. Read more

News:
Microsoft Security Bulletin MS03-005
Unchecked Buffer in Windows Redirector Could Allow Privilege Elevation (810577). Read more

Microsoft Security Bulletin MS03-004
Cumulative Patch for Internet Explorer (810847). Read more

quote.bloomberg.com:
Microsoft Says Security Flaws Found in Web Browser (Update1). Read more

news.zdnet.co.uk:
Phantoms of the Opera fixed. Read more

www.smh.com.au:
Your ABC unwittingly spreads virus. Read more

www.theregister.co.uk:
Slammer: Why security benefits from proof of concept code. Read more

quote.bloomberg.com:
`Slammer' Worm Fastest Ever, Doubling in 8.5 Seconds (Update4). Read more

www.theregister.co.uk:
BBC sends Archers fans computer virus. Read more

www.newsday.com:
Man goes on trial in Bloomberg cyber-extortion case. Read more

www.hindustantimes.com:
India gets its first cyber convict. Read more

05 february 2003

New Trojans:
Snurzi

GMF 1.0

Fictional Daemon 4.4

Taladrator 2.0

Vulnerabilities & Exploits:
security.greymagic.com:
Sniffing Opera's Tracks. Read more

security.greymagic.com:
Phantom of the Opera. Read more

security.greymagic.com:
Opera Images. Read more

www.securitytracker.com:
myphpPagetool Include File Error Lets Remote Users Execute Arbitrary Code. Read more

www.securiteam.com:
Weak Password Protection in WebSphere XML Configuration Export. Read more

www.securiteam.com:
Majordomo Found to Leak Information. Read more

online.securityfocus.com:
Microsoft SQL Server 7.0/2000 DBCC Buffer Overflow Vulnerability. Read more

online.securityfocus.com:
Microsoft SQL Agent Jobs Privilege Elevation Vulnerability. Read more

online.securityfocus.com:
Microsoft SQL Server User Authentication Remote Buffer Overflow Vulnerability. Read more

online.securityfocus.com:
Microsoft SQL Server Extended Stored Procedure Privilege Elevation Vulnerability. Read more

online.securityfocus.com:
SILC Server SSH2 Authentication Password Persistence Weakness. Read more

News:
www.nwfusion.com:
Security experts pick holes in new Opera browser. Read more

uk.news.yahoo.com:
Worm went global in 10 minutes. Read more

europe.cnn.com:
Experts: Microsoft security gets an 'F'. Read more

online.securityfocus.com:
Korean Net users blame MS for Slammer carnage. Read more

www.bakutoday.net:
Virus triggers suit against Microsoft. Read more

www.wininformant.com:
Microsoft Revises Five Security Bulletins. Read more

story.news.yahoo.com:
Kintera lawsuit alleges Convio tapped into private Web site. Read more

04 february 2003

New Trojans:
NetControl2 2.80

NetControl2 2.95

RMS 2.6 Client

RMS 2.0

RMS 1.1

Vulnerabilities & Exploits:
online.securityfocus.com:
Windows NT Win32k.sys Denial of Service Vulnerability. Read more

online.securityfocus.com:
MIT Kerberos / Key Distribution Center Shared Key User Spoofing Vulnerability. Read more

online.securityfocus.com:
MIT Kerberos ASN.1 Decoder Heap Corruption Vulnerability. Read more

online.securityfocus.com:
AIX 'lsfs' Local Privilege Escalation Vulnerability. Read more

online.securityfocus.com:
JustAddCommerce Hidden Form Field Manipulation Vulnerability. Read more

online.securityfocus.com:
IlohaMail Arbitrary File Attachment Upload Path Vulnerability. Read more

online.securityfocus.com:
SyGate Insecure UDP Source Port Firewall Bypass Weak Default Configuration Vulnerability. Read more

online.securityfocus.com:
SpamProbe Remote Denial of Service Vulnerability. Read more

online.securityfocus.com:
Sun Solaris AT Command Race Condition Vulnerability. Read more

online.securityfocus.com:
Sun Solaris AT Command Arbitrary File Deletion Vulnerability. Read more

online.securityfocus.com:
Multiple Vendor FTP pipe Vulnerability. Read more

News:
www.vnunet.com:
SQL Slammer used British code. Read more

www.nwfusion.com:
Study: Slammer was fastest-spreading worm yet. Read more

news.com.com:
Slammer--the first 'Warhol' worm? Read more

www.vnunet.com:
Worm turns on The Archers. Read more

www.securitynewsportal.com:
SummerCon 2003 for hackers and security pros - June 6-8 - Pittsburgh PA. Read more

news.com.com:
Report: Net attacks on businesses down. Read more

www.charlotte.com:
Snooping stalled. Read more

www.vnunet.com:
PC security flaws on the rise. Read more

www.securitynewsportal.com:
French hackers wipe clean over 100 Thailand Police web sites. Read more

www.infoworld.com:
NASA servers hacked. Read more

03 february 2003

New Trojans:
Nethief 2.3

NEMAN's Trojan 1.0

NEMAN's Trojan 1.1

NEMAN's Trojan 1.2

Vulnerabilities & Exploits:
online.securityfocus.com:
Courier-IMAP Username SQL Injection Vulnerability. Read more

online.securityfocus.com:
Macromedia ColdFusion MX Windows User File Authorization Vulnerability. Read more

online.securityfocus.com:
HP Compaq Insight Manager/Compaq Web Agent Session Persistence Vulnerability. Read more

online.securityfocus.com:
slocate Local Buffer Overrun Vulnerability. Read more

online.securityfocus.com:
eL DAPo Authentication Information Disclosure Weakness. Read more

online.securityfocus.com:
3ware Disk Managment Malformed HTTP Request DoS Vulnerability. Read more

online.securityfocus.com:
Oracle 8i Listener Remote Redirect Denial of Service Vulnerability. Read more

online.securityfocus.com:
WinSCP SSH2 Authentication Password Persistence Weakness. Read more

online.securityfocus.com:
Nukebrowser Remote File Include Vulnerability. Read more

online.securityfocus.com:
Apache Tomcat Null Byte Directory/File Disclosure Vulnerability. Read more

online.securityfocus.com:
Microsoft Windows Locator Service Buffer Overflow Vulnerability. Read more

News:
www.computeruser.com:
Security experts: more Internet attacks will come. Read more

news.bbc.co.uk:
How digital Armageddon was averted. Read more

www.bayarea.com:
Zeroing in on software security. Read more

www.sunspot.net:
Hackers hit and run on Internet auction sites. Read more

joongangdaily.joins.com:
By whatever name, viruses spell trouble. Read more

joongangdaily.joins.com:
Computer laws, hackers squaring off. Read more

www.hardwarezone.com:
Microsoft preps Firewall upgrade. Read more

www.computerworld.com:
Free benchmark could have found Slammer vulnerability. Read more

02 february 2003

New Trojans:
Exploder Trojan

Akosch 1

Akosch 2

Akosch Uploader 2

Vulnerabilities & Exploits:
online.securityfocus.com:
SILC Server INVITE Command Double Free Heap Corruption Vulnerability. Read more

online.securityfocus.com:
Deerfield Website Pro Remote Denial of Service Vulnerability. Read more

online.securityfocus.com:
Van Dyke Software Entunnel SSH2 Authentication Password Persistence Weakness. Read more

online.securityfocus.com:
Van Dyke Software SecureFX SSH2 Authentication Password Persistence Weakness. Read more

online.securityfocus.com:
Van Dyke SecureCRT SSH2 Authentication Password Persistence Weakness. Read more

online.securityfocus.com:
Celestial Software AbsoluteTelnet SSH2 Authentication Password Persistence Weakness. Read more

online.securityfocus.com:
Putty SSH2 Authentication Password Persistence Weakness. Read more

online.securityfocus.com:
Web-cyradm Remote Denial of Service Vulnerability. Read more

online.securityfocus.com:
Microsoft Outlook Express S/MIME Buffer Overflow Vulnerability. Read more

online.securityfocus.com:
Microsoft SQL Server 2000 Resolution Service Stack Overflow Vulnerability. Read more

online.securityfocus.com:
Microsoft SQL Server 2000 Resolution Service Heap Overflow Vulnerability. Read more

online.securityfocus.com:
ISC DHCPD dhcrelay Extraneous Network Packets Vulnerability. Read more

online.securityfocus.com:
MPE/iX AIFCHANGELOGON Privilege Escalation Vulnerability. Read more

online.securityfocus.com:
DotProject Remote File Include Vulnerability. Read more

online.securityfocus.com:
Apache Tomcat Web.XML File Contents Disclosure Vulnerability. Read more

online.securityfocus.com:
Apache Tomcat Example Web Application Cross Site Scripting Vulnerability. Read more

online.securityfocus.com:
BEA Systems WebLogic Server and Express Session Sharing Vulnerability. Read more

online.securityfocus.com:
BEA WebLogic Keystore Clear Text Password Storage Vulnerability. Read more

online.securityfocus.com:
BEA Systems WebLogic Server and Express Null Character DOS Device Denial of Service Vulnerability. Read more

online.securityfocus.com:
MySQL Double Free Heap Corruption Vulnerability. Read more

www.securitytracker.com:
3ware 3DM Disk Management Utility Web Daemon Bugs Let Remote Users Crash the Software. Read more

www.securitytracker.com:
ColdFusion MX Configuration Error When Used With IIS and NT Authentication May Grant Unauthorized Access to Remote Authenticated Users. Read more

News:
www.securitynewsportal.com:
Hackers deface numerous NASA web servers on day of Space Shuttle Disaster. Read more

Hidden Backdoors, Trojan Horses and Rootkit Tools in a Windows Environment. Read more

www.prognosisx.com:
Counting the cost of Slammer. Read more

01 february 2003

New Trojans:
RMS 2.5 Server

Magic Link 2.1 version b

RBackdoor 1.3

Z-Demon 1.2

Vulnerabilities & Exploits:
online.securityfocus.com:
MIT Kerberos Key Distribution Center Remote Format String Vulnerabilities. Read more

www.securitytracker.com:
Apache Tomcat Server URL Parsing Error May Disclose Otherwise Inaccessible Web Directory Listings and Files to Remote Users. Read more

www.securitytracker.com:
EditTag Web Content Editing Script Discloses Files on the System to Remote Users. Read more

www.securitytracker.com:
BEA WebLogic May Disclose One User's Session Data to Another User. Read more

www.securitytracker.com:
BEA WebLogic Server and Express Access Control Error May Disclose Passwords to Local Users. Read more

www.securitytracker.com:
'dotproject' Include File Error Allows Remote Users to Execute Arbitrary Code. Read more

www.securitytracker.com:
Zorum Message Board Input Validation Flaw Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
PuTTY SSH2 Client Software Access Control Bug May Disclose Passwords to Local Users Via Memory. Read more

www.securitytracker.com:
AbsoluteTelnet SSH2 Client Software Access Control Bug May Disclose Passwords to Local Users Via Memory. Read more

www.securitytracker.com:
VanDyke Entunnel SSH2 Client Software Access Control Bug May Disclose Passwords to Local Users Via Memory. Read more

www.securitytracker.com:
VanDyke SecureFX SSH2 Client Software Access Control Bug May Disclose Passwords to Local Users Via Memory. Read more

www.securitytracker.com:
VanDyke SecureCRT SSH2 Client Software Access Control Bug May Disclose Passwords to Local Users Via Memory. Read more

www.securitytracker.com:
'plptools' Format String Flaw Lets Local Users Gain Root Privileges. Read more

News:
www.theregister.co.uk:
Trojan writers exploit Outlook to get around content filtering. Read more

www.vnunet.com:
Teenaged hacker 'Coolio' faces jail. Read more


Copyrightę MegaSecurity.org