Home    News Archive    Translate Traducen
News march 20004
31 march 2004

New in Archive
DUOS W.D.

Backdoor.VB.x

Iroffer 1.3b04 (1305.f)

Iroffer 1.3b04 (1305.g)

Tools
www.computec.ch:
The acronym ATK stands for Attack Tool Kit. It was first developed to provide a very small and handy tool for Windows to realize simple security checks. Read more

Guides, Papers, etc.
www.securityfocus.com:
Dogs of War: Securing Microsoft Groupware Environments with Unix (Part One). Read more

Vulnerabilities & Exploits
www.securitytracker.com:
SillySearch Input Validation Bug Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
MPlayer Buffer Overflow in Parsing HTTP Location Header Lets Remote Servers Execute Arbitrary Code. Read more

www.securitytracker.com:
Tcpdump Boundary Checking Error in 'print-isakmp.c' Lets Remote Users Crash Tcpdump. Read more

www.securitytracker.com:
Prozilla Real Estate Script Lets Remote Users Bypass the Payment Process. Read more

www.securiteam.com:
Ethereal IGAP Dissector Message Overflow Exploit. Read more

www.securiteam.com:
ISS PAM ICQ Server Response Processing Exploit. Read more

www.securiteam.com:
Ethereal EIGRP Dissector Buffer Overflow Exploit. Read more

News:
www.securityfocus.com:
Human Nature vs. Security. Read more

www.theregister.co.uk:
The rise of the white collar hacker. Read more

www.internetweek.com:
Netsky.q Leads Latest Worm Wave. Read more

www.internet-magazine.com:
New Netsky variant to attack Kazaa. Read more

www.techworld.com:
Netsky variant prepares distributed attack. Read more

www.eweek.com:
Linux vs. Windows: Which Is More Secure? Read more

30 march 2004

New in Archive
Kyrgyz Trojan 2.7

Caznova IRC Spy 2.0

Cab of Filth 1.2e (h)

Vulnerabilities & Exploits
www.securitytracker.com:
WebCT Input Validation Flaw Permits Remote Cross-Site Scripting Attacks Using @import url(). Read more

CloisterBlog Input Validation Flaw Permits Directory Traversal and Authentication Error Grants Administrative Access. Read more

www.securitytracker.com:
oftpd Can Be Crashed By Remote Users Sending a PORT Command. Read more

www.securitytracker.com:
FreeBSD IPv6 secsockopt(2) Input Validation Flaws May Disclose Memory to Local Users or Permit Local Denial of Service. Read more

www.securitytracker.com:
pam-pgsql Input Validation Flaws in Authentication Data Let Remote Users Inject SQL Commands. Read more

www.securitytracker.com:
A-CART Input Validation Hole in 'category.asp' Lets Remote Users Inject SQL Commands. Read more

www.securitytracker.com:
Fresh Guest Book (guest.cgi) Input Validation Bug in 'Name' Field Permits Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
NessusWX Discloses Remote Account Passwords to Local Users. Read more

www.securitytracker.com:
NeWT Discloses Remote Account Passwords to Local Users, Read more

www.securitytracker.com:
Nessus Discloses Remote Account Passwords to Local Users. Read more

www.securitytracker.com:
Emil Buffer Overflows and Format String Flaws Let Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
PhotoPost PHP Pro Has Multiple Input Validation Holes That Let Remote Users Inject SQL Commands and Conduct Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
Cisco IOS 11.2 Access Controls Can By Bypassed With Packets With Both RST and ACK Set. Read more

www.nextgenss.com:
Norton AntiSpam Remote Buffer Overrun. Read more

www.debian.org:
DSA-469-1 pam-pgsql -- missing input sanitising. Read more

News:
www.theregister.co.uk:
NetSky-Q worm targets Kazaa and eDonkey. Read more

www.nwfusion.com:
Netsky variant blames users. Read more

www.theinquirer.net:
Pesky Netsky.q launched into cybervoid. Read more

Frontline Defenders.
An inside look at how one of Symantec's security operations centers protects clients from cyberattacks. Read more

www.terra.net.lb:
Virus creators run online commerce scam from infected computers. Read more

australianit.news.com.au:
New viruses used in net scams. Read more

story.news.yahoo.com:
Witty Worm Broke Speed Records. Read more

news.com.com:
NetSky variant a greater threat than thought. Read more

www.theregister.co.uk:
How to hack a network in nine easy steps. Read more

29 march 2004

New in Archive
Cheng

Beast 1.8 (d)

Burbulatorheads (b)

Backdoor.Dumador.e

Vulnerabilities & Exploits
www.securitytracker.com:
psInclude Input Validation Flaw in 'template' Variable Lets Remote Users Execute Arbitrary Code. Read more

www.debian.org:
DSA-468-1 emil -- several vulnerabilities. Read more

News:
www.theregister.co.uk:
Auditing the mind of a hacker. Read more

www.smh.com.au:
Worm exposes flaws in patch system: report. Read more

www.smh.com.au:
Cisco warns of publicly available exploit code. Read more

reviews-zdnet.com.com:
Richard Clarke: He could have secured the Net. Read more

www.computerweekly.com:
Thought for the day: Any time, any place, anywhere. Read more

www.crime-research.org:
Israeli hackers attack Islamic portal. Read more

28 march 2004

New in Archive
NeoControlRed 2.0.0

Cab of Filth 1.2d (h)

Backdoor.Lomdoor-DD

Iroffer 1.3b04 (1305.d)

Iroffer 1.3b04 (1305.e)

Guides, Papers, etc.
software.newsforge.com:
Port scanning and Nmap 3.5. Read more

News:
www.itp.net:
Worm variants keep on coming. Read more

www.securityfocus.com:
Bagle-U plays MS Hearts. Read more

www.pcadvisor.co.uk:
New Bagel.U: a virus of few words. Read more

27 march 2004

New in Archive
Toquito Bandito 1.1

Harvester 2003 (mail) 05

Recon 1.2

Backdoor.Ident

Vulnerabilities & Exploits
www.securitytracker.com:
nstxd Null Pointer Dereference Flaw Lets Remote Users Crash the Process. Read more

www.securitytracker.com:
bBlog Input Validation Flaw in Blog Name Permits Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
phpBB Input Validation Flaw in 'privmsg.php' Lets Remote Users Inject SQL Commands. Read more

www.securitytracker.com:
Foxmail 'From' Address Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
XMB Forum 'forumdisplay.php' and Other Scripts Permit SQL Injection and Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
Blogger Input Validation Holes in User Profile Fields Permit Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
YaBB Lets Remote Users Determine if User Accounts Exist on the Forum. Read more

www.securitytracker.com:
Ethereal RADIUS Attribute Parsing Null Pointer Dereference Lets Remote Users Deny Service. Read more

www.securitytracker.com:
Dameware Mini Remote Control Sends a File Encryption Key as Clear Text. Read more

www.securitytracker.com:
NetSupport School Pro Weak Password Encoding Lets Local Users Decode Passwords. Read more

News:
www.technewsworld.com:
Bagle.U Worm Spreads Despite Simplicity. Read more

news.com.com:
Witty worm frays patch-based security. Read more

www.internetweek.com:
New Worms Threaten Windows Email Users. Read more

www.bizreport.com:
Phatbot's Family Ties. Read more

www.computerworld.com:
Security product flaws attract attackers. Read more

itvibe.com:
Bagle-U virus plays card games. Read more

itvibe.com:
Man charged with Blaster virus creation. Read more

www.crime-research.org:
Romanian hacker is on trial. Read more

www.sundaytimes.co.za:
Making hotspots secure. Read more

26 march 2004

New in Archive
Remote Ziper 2.0.4

Slim Horse 1.0 beta

Blaxill Downloader 2.0

Psycho Derek 2.1

Guides, Papers, etc.
esorics04.eurecom.fr:
ESORICS 2004 9th European Symposium on Research in Computer Security. Read more

Vulnerabilities & Exploits
www.securitytracker.com:
HP Web Jetadmin Lets Remote Authenticated Users Read and Write Files on the System. Read more

www.securitytracker.com:
MySQL 'mysqlbug' Temporary File Flaw Lets Local Users Overwrite Files. Read more

www.securitytracker.com:
eSignal Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more

www.securiteam.com:
Multiple Cisco Exploit Codes. Read more

News:
www.theregister.co.uk:
Trust me I'm clean, claims virus. Read more

www.caida.org:
The Spread of the Witty Worm. Read more

www.eweek.com:
New Worms Stretching Across Web. Read more

www.securityfocus.com:
Dutch Internet blackmailer gets 10 years. Read more

www.theregister.co.uk:
Interview with the keystroke caperist. Read more

www.computerworld.com:
Is hacking ethical? Read more

25 march 2004

New in Archive
Toxic Fireball

NetPrank 1.7

Snow 3.7

Cab of Filth 1.2c

Tools
CryptCat is netcat with Twofish encryption for added security. Read more

Vulnerabilities & Exploits
www.securitytracker.com:
Random Ident Server (ridentd) Lets Local Users Overwrite Certain Files. Read more

www.securitytracker.com:
PicoPhone Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
TrendMicro InterScan VirusWall Discloses Files to Remote Users. Read more

www.securitytracker.com:
a.shopKart Default Installation Discloses Database to Remote Users. Read more

www.securitytracker.com:
Kerio WinRoute Firewall May Crash Due to Malformed HTTP Headers. Read more

www.securitytracker.com:
Kerio MailServer SPAM Filter Has Buffer Overflow. Read more

www.securitytracker.com:
Microsoft Operating Systems Have Unspecified Flaw That Yields Kernel Level Access to Local Users. Read more

www.securitytracker.com:
Nextgen FTP Server Discloses Arbitrary Files to Remote Authenticated Users. Read more

www.debian.org:
DSA-467-1 ecartis -- several vulnerabilities. Read more

News:
www.informationweek.com:
Hackers Keep Talking Trash. Read more

www.crime-research.org:
Internet as an instrument of cyber crime. Read more

www.crime-research.org:
Some trends of computer crime in Russia. Read more

www.theregister.co.uk:
Opera browser to recognise speech. Read more

24 march 2004

New in Archive
NtRootkit 1.21

U-Boot IIB Build 108

Iroffer 1.2b29 (a)

Iroffer 1.3b04 (1305.c)

Guides, Papers, etc.
SAPPHIRE WORM CODE DISASSEMBLED. Read more

"Analysis of the Exploitation Processes" (.pdf). Read more

Practical SEH exploitation (pdf). Read more

Vulnerabilities & Exploits
www.greymagic.com:
Remotely Exploitable Cross-Site Scripting in Hotmail and Yahoo. Read more

www.securitytracker.com:
cPanel 'dodelautores.html' and 'addhandle.html' Input Validation Flaws Permit Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
The Rage Game Service Can Be Crashed By Remote Users. Read more

www.securitytracker.com:
CDE dtlogin Double-Free Bug Lets Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
Yahoo! Mail 'HTML+TIME' Tag Filtering Hole Permits Remote Users to Conduct Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
Hotmail 'HTML+TIME' Tag Filtering Hole Permits Remote Users to Conduct Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
PHP SQL Library Lets Remote Users Bypass safe_mode Restrictions. Read more

www.securitytracker.com:
Ethereal Buffer Overflows in NetFlow, EIGRP, BGP, and Other Protocol Dissectors May Let Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
Linux Kernel kmod Permission Error May Let Local Users Crash the Kernel. Read more

www.securitytracker.com:
WS_FTP Server Backdoor Lets Local Users Execute Local Applications With SYSTEM Privileges. Read more

www.securitytracker.com:
SSH Tectia Server May Disclose Private Key to Remote Users. Read more

www.securitytracker.com:
HiGuest Message Input Validation Bug Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
WS_FTP Server ALLO Error Lets Remote Authenticated Users Execute Arbitrary Code With SYSTEM Privileges. Read more

www.securitytracker.com:
WS_FTP Server REST File Pointer Error Lets Remote Authenticated Users Consume Disk Space. Read more

www.securitytracker.com:
FirstClass HTTP Server Input Validation Flaw in 'Upload.shtml' Permits Cross-Site Scripting Attacks. Read more

www.securiteam.com:
Eudora Attachment Spoof Exploit Revisited. Read more

www.securiteam.com:
Norton AntiSpam Remote Buffer Overrun (SymSpamHelper). Read more

www.securiteam.com:
Norton Internet Security Remote Command Execution (WrapNISUM). Read more

capnbry.net:
Dark Age of Camelot login client vulnerability to man in the middle attack. Read more

News:
www.theregister.co.uk:
IE flaw exposes weakness in Yahoo! filtering. Read more

www.lubbockonline.com:
Teenager faces prison in scam. Read more

23 march 2004

New in Archive
R8myp00 IrcBot 1.0

NeoControlRed 2.0.3

RunRat 2004

Guides, Papers, etc.
Forensic Analysis of a Live Linux System, Part One. Read more

Vulnerabilities & Exploits
www.securitytracker.com:
PHP Discloses Session IDs to Local Users. Read more

www.securitytracker.com:
xine Unsafe Temporary File May Let Local Users Gain Elevated Privileges. Read more

www.securitytracker.com:
phpBB 'profile.php' Input Validation Flaw in 'avatarselect' Permits Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
squidGuard '%00' URL Character Access Control Bug May Let Remote Users Bypass Certain Access Controls. Read more

www.securitytracker.com:
Apache mod_survey HTML Report Format Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
XWeb '../' Input Validation Flaw Discloses Files to Remote Users. Read more

www.securitytracker.com:
Linksys WAP55AG Discloses Private SNMP Strings to Remote Users. Read more

www.securitytracker.com:
InnoMedia VideoPhone Lets Remote Users Bypass Authentication. Read more

www.securitytracker.com:
Invision Power Board 'Personal Photo' Error Message Discloses the Installation Path to Remote Users. Read more

www.securitytracker.com:
ReGet Directory Traversal Bug May Cause Files to Be Downloaded to Arbitrary Locations. Read more

www.securitytracker.com:
Invision Gallery Multiple Input Validation Errors Let Remote Users Inject SQL Commands. Read more

www.securitytracker.com:
Invision Power Top Site List Input Validation Hole in 'comment' Feature Permits SQL Injection. Read more

www.securitytracker.com:
phpBB Input Validation Flaws in 'admin_smilies.php' and 'admin_styles.php' Let Remote Authenticated Administrators Inject SQL. Read more

News:
www.theregister.co.uk:
Scripting flaws threaten Norton software. Read more

www.theregister.co.uk:
Stopping the enemy at the gate. Read more

www.theregister.co.uk:
AOL attacks spamvertisers. Read more

www.crime-research.org:
Cyberpolice website is created. Read more

www.computerweekly.com:
Hackers still exploiting MyDoom as users find patching increasingly unmanageable. Read more

22 march 2004

New in Archive
System33r Downloader 0.7.3b

Backdoor.Masteseq.a

Devil 6 (a)

X Spy 1.0 (version 2)

Vulnerabilities & Exploits
www.securitytracker.com:
Apache mod_disk_cache Stores Authentication Credentials on Disk. Read more

www.debian.org:
DSA-466-1 linux-kernel-2.2.10-powerpc-apus -- failing function and TLB flush. Read more

News:
www.theregister.co.uk:
Phatbot primed to steal your credit card details. Read more

www.theregister.co.uk:
Witty attacks your firewall and destroys your data. Read more

www.stltoday.com:
Viruses are becoming sneakier and more complex all the time. Read more

www.smh.com.au:
Worm trashes machines running ISS firewall. Read more

www.businessweek.com:
Computer Security 101. Read more

21 march 2004

New in Archive
20cn FTP Server 1.0

ShutAll 2.1

Pointex (e)

DTr 1.4 (c) server

Vulnerabilities & Exploits
www.securitytracker.com:
Expinion Member Management System Input Validation Holes Let Remote Users Inject SQL and Conduct Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
Expinion News Manager Authentication Flaw Lets Remote Users Gain Administrator Access. Read more

www.securitytracker.com:
Samba 'smbprint' Unsafe Temporary File May Let Local Users Gain Elevated Privileges. Read more

www.securityfocus.com:
DameWare Mini Remote Control Server Weak Encryption Implementation Vulnerability. Read more

News:
news.netcraft.com:
Witty Worm Targets Black Ice, Disables Machines. Read more

www.lurhq.com:
Witty Worm Analysis. Read more

www.securityfocus.com:
'Witty' Worm Wrecks Computers. Read more

www.eweek.com:
Fast-Moving Worm Crashes Computers. Read more

www.crime-research.org:
Germany: largest hacker crack down operation ever held. Read more

www.newsforge.com:
Proven: Windows is more secure than Linux out of the box. Read more

arstechnica.com:
Anti-virus companies milking their cash cow? Read more

20 march 2004

New in Archive
Nethief 5.5

Undetectable

pseudoRAT 0.1 (f)

ZZ 2.0

Vulnerabilities & Exploits
www.nextgenss.com:
Norton Internet Security Remote Command Execution. Read more

www.securitytracker.com:
Clam AntiVirus May Crash When Processing Certain RAR Archives. Read more

www.securitytracker.com:
Tarantella Enterprise Input Validation Flaws in 'ttaarchives.cgi' and 'ttacab.cgi' Permit Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
Borland Interbase Unsafe Permissions on 'admin.ib' Let Local Users Gain Database Administrative Privileges. Read more

www.securitytracker.com:
Winamp Player May Crash When Opening Certain Files. Read more

www.securitytracker.com:
'Terminator 3: War of the Machines' Game Buffer Overflow Lets Servers Execute Arbitrary Code on Connected Clients. Read more

www.securitytracker.com:
Symantec Norton AntiSpam Stack Overflow in 'sysspam.dll' Lets Remote Users Execute Arbitary Code. Read more

www.securitytracker.com:
Norton Internet Security 'WrapUM.dll' Lets Remote Users Run Arbitrary Executable Files. Read more

www.securitytracker.com:
Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service. Read more

www.securitytracker.com:
Apple Mac OS X Admin Service Buffer Overflow Lets Remote Users Crash the Service. Read more

www.securitytracker.com:
Check Point SmartDashboard Buffer Overflow May Let Remote Authenticated Users Execute Arbitrary Code. Read more

News:
www.securityfocus.com:
Report: Phishing attacks on the rise. Read more

www.internetweek.com:
New Bagle Worm Infects Windows Without File Attachments. Read more

zdnet.com.com:
Report: Rise in virus attacks costs firms dearly. Read more

www.internetnews.com:
It is Time for Some 'Friendly' Worms. Read more

www.crime-research.org:
Russia: increase of credit card frauds. Read more

19 march 2004

New in Archive
Recub 1.0

Big WebDL 1.0

Transistor 1.2

Izram

Vulnerabilities & Exploits
www.securitytracker.com:
Hotmail Input Validation Flaw in Reply-To Subject Line Lets Remote Users Conduct Cross-Site Scripting and Other Attacks. Read more

www.securitytracker.com:
Chrome Game Server Can Be Crashed By Remote Users. Read more

www.securitytracker.com:
Apple Safari Can Be Crashed By Large Javascript Array Objects. Read more

www.securitytracker.com:
ISS Proventia Buffer Overflow in Processing ICQ Messages May Let Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
Error Manager Input Validation Holes Let Remote Users Conduct Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
WFTPD Pro Administrative Control Panel Bug Lets Remote Authenticated Users Crash the GUI. Read more

www.securitytracker.com:
Mozilla S/MIME ASN.1 Implementation Bugs May Let Remote Users Execute Arbitrary Code. Read more

News:
www.theregister.co.uk:
Latest Bagle worms spread on auto-pilot. Read more

www.infoworld.com:
New Bagle worms crawl through old MS hole. Read more

news.com.au:
Man in court over $5m Internet scam. Read more

18 march 2004

New in Archive
ProRat 1.6

LanSpy 1.0

HatredChamber Downloader 1.0

D3S Webdownloader 1.0c

Guides, Papers, etc.
www.securityfocus.com:
The 12kb Bomb. Read more

www.blackangels.it:
ROOTSHELL WITH ICMP_RCV() HOOKING. Read more

www.securiteam.com:
Gather Windows Shares With an cmd-script. Read more

www.securityfocus.com:
Detection of SQL Injection and Cross-site Scripting Attacks. Read more

Vulnerabilities & Exploits
www.securitytracker.com:
Belchior Foundry vCard Lets Remote Users Delete Database Table Entries. Read more

www.securitytracker.com:
GlobalSCAPE Secure FTP Server SITE Command Buffer Overflow Lets Remote Users Crash the Service. Read more

www.securitytracker.com:
isakmpd Payload Handling Flaw Lets Remote Users Crash the Daemon. Read more

www.securitytracker.com:
OpenSSL SSL/TLS Handshade Flaws May Let Remote Users Crash OpenSSL-based Applications. Read more

www.securitytracker.com:
PHPX Lack of Authentication Lets Remote Users Hijack Sessions. Read more

www.securitytracker.com:
Courier Mail Server 'iso2022jp' and 'shiftjis' Buffer Overflows May Let Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
mySAP Host Header Buffer Overflows Let Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
SAP Internet Transaction Server WGate Fomat String Flaw Lets Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
SAP Internet Transaction Server AGate Buffer Overflows Let Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
Fizmez Web Server Can Be Crashed By Remote Users. Read more

www.securitytracker.com:
4nGuestbook Module Input Validation Flaws Let Remote Authenticated Administrators Inject SQL Commands and Remote Users Conduct Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
4nalbum Module Input Validation Flaws Let Remote Users Execute Arbitrary Commands, Inject SQL Queries, and Conduct Cross-Site Scripting Attacks. Read more

www.securiteam.com:
Backdooring OpenSSH. Read more

www.debian.org:
DSA-465-1 openssl -- several vulnerabilities. Read more

www.debian.org:
DSA-464-1 gdk-pixbuf -- broken image handling. Read more

News:
www.detnews.com:
Computer security experts warn of sophisticated new hacker program. Read more

news.com.com:
Malicious computer worm detected. Read more

www.crime-research.org:
EBay encounters more Internet frauds. Read more

17 march 2004

New in Archive
InsaneDL

Black Box

Stealth Redirector 1.1

Backdoor.Mmcs.19

Vulnerabilities & Exploits
www.securitytracker.com:
Mambo Open Source Input Validation Errors in 'id' and Other Parameters Permit SQL Injection and Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
IBM Lotus Domino 'webadmin.nsf' Flaws Let Remote Authenticated Administrators Create Arbitrary Directories. Read more

www.securitytracker.com:
ModSecurity Off-by-one Overflow in Processing POST Requests May Let Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
Twilight Utilities Web Server 'postfile.exe' Lets Remote Users Upload Files to Arbitrary Locations. Read more

www.securitytracker.com:
Opera Array Processing Error Lets Remote Users Crash the Browser. Read more

www.securitytracker.com:
vBulletin showthread, forumdisplay, and memberlist Input Validation Bugs Permit Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
PHP-Nuke Input Validation Holes in Feedback, Downloads, Journal, and Other Modules Permit Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
SPIP Input Validation Flaws Let Remote Users Execute Arbitrary Commands. Read more

www.securitytracker.com:
Sybari AntiGen Can Be Crashed By Remote Users Sending Certain Encrypted Files. Read more

www.securitytracker.com:
Mathopd prepare_reply() Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
Phorum HTTP_REFERER and Ohter Input Validation Flaw Permits Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
Macromedia ColdFusion SOAP Request Processing Bug Lets Remote Users Deny Service. Read more

www.securitytracker.com:
Macromedia JRun SOAP Request Processing Bug Lets Remote Users Deny Service. Read more

www.securitytracker.com:
Sun Java Application Server SOAP Request Processing Bug Lets Remote Users Deny Service. Read more

www.securitytracker.com:
YaBB SE Input Validation Flaws in 'glow' and 'shadow' Tags Permit Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
YaBB Input Validation Flaws in 'glow' and 'shadow' Tags Permit Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
VocalTec VGW Telephony Gateway Basic Authorization Can Be Bypassed By Remote Users. Read more

www.securitytracker.com:
Computer Associates Unicenter TNG Stack Overflows Let Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
WS_FTP Pro ASCII Mode Directory Listing Buffer Overflow May Let Remote Servers Execute Arbitrary Code. Read more

www.securiteam.com:
Remote Buffer Overflow in MDaemon (Exploit). Read more

News:
www.informationweek.com:
Symantec: Boom Times For Hackers. Read more

www.theregister.co.uk:
Why Microsoft 'Shared Source' can never be trusted. Read more

www.crime-research.org:
Hackers: interview with a "Ghost". Read more

www.crime-research.org:
The largest bank of Estonia under hacker attack. Read more

www.techworld.com:
New book reveals unknown hacking tools. Read more

16 march 2004

New in Archive
PaSzCzuS 2.0-rc2

Amitis 1.4.3b

Transistor 1.1 (b)

Click'n'Show 1.0b

Guides, Papers, etc.
www.blackangels.it:
Introduction to shellcoding for overflows exploiting. Read more

www.blackangels.it:
How to sniff network traffic and to inject new packets. Read more

Vulnerabilities & Exploits
www.securitytracker.com:
phpBB 'search'php' show_results Parameter Lets Remote Users Inject SQL Commands. Read more

www.immunitysec.com:
Remote, unauthenticated stack overflow Computer Associates Unicenter TNG Utilities awservices.exe. (pdf) Read more

News:
www.crn.com:
Bagle Worms Sneak Through Defenses. Read more

www.theregister.co.uk:
Bagle the 13th spread defies belief. Read more

www.theregister.co.uk:
Malicious code threats celebrate bumper 2003. Read more

congreso.seguridad.unam.mx:
Computer Security Mexico 2004 "10th Years celebrating Computer Security Mexico". Read more

www.theregister.co.uk:
Zombie PCs must die! Read more

edition.cnn.com:
Hotel networks face hacker threat. Read more

www.theregister.co.uk:
Explosive Cold War Trojan has lessons for Open Source exporters. Read more

www.computerweekly.com:
Thought for the day: Laptops let in the worms. Read more

15 march 2004

New in Archive
Theef 2.00

Backdoor.Belang.12

Backdoor.Ptsnoop.b

Backdoor.VB.is

Tools
OSSIM aims to unify network monitoring, security, correlation and qualification in one single tool. Using Snort, Acid, mrtg, NTOP, OpenNMS, nmap, nessus and rrdtool we want the user to have full control over every network or security aspect. Read more

www.securiteam.com/:
NetBus UNIX Ported Client. Read more

Guides, Papers, etc.
www.petefinnigan.com:
Passwords transmitted in clear text on SQL*Net. Read more

www.petefinnigan.com:
Some issues with password protected roles. Read more

Vulnerabilities & Exploits
www.securitytracker.com:
phpBB Input Validation Flaw in 'topicdays' Variable Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more

News:
www.businessweek.com:
Toughing Out The Junk-Mail Virus. Read more

www.crime-research.org:
Russian hacker under arrest. Read more

www.globetechnology.com:
Net virus spread may have peaked: report. Read more

www.eweek.com:
Leaked Code Still Could Bear Malicious Fruit. Read more

www.informationweek.com:
IT Confidential: The Hacker Payoff; Youth Seduced March. Read more

reviews-zdnet.com.com:
Why firewalls aren't always enough. Read more

www.crime-research.org:
Scams and cybercrime. Read more

news.com.au:
40 traders targeted over net scams. Read more

14 march 2004

New in Archive
MiniMO 052 Beta

TinyFWB 1.1

Atmaca Downloader 2.0

EasyServ 1.1 (b) client

Guides, Papers, etc.
Securing the Internal Network by Adam Richard. Read more

Identity Theft - The Real Cause by Mike Lee & Brian Hitchen. Read more

Vulnerabilities & Exploits
www.securitytracker.com:
Oracle Application Server Web Cache Has Unspecified High Risk Flaw. Read more

www.securitytracker.com:
IBM AIX rexecd May Let Remote Users Gain Root Access. Read more

www.securitytracker.com:
GroupWise WebAccess With Apache on NetWare Has Configuration Flaw That May Grant Web Access to Remote Users. Read more

www.securitytracker.com:
Macromedia Studio MX File Permission Setting Lets Local Users Modify a File to Gain Elevated Privileges. Read more

www.securitytracker.com:
Macromedia Flash MX File Permission Setting Lets Local Users Modify a File to Gain Elevated Privileges. Read more

www.securitytracker.com:
Macromedia Dreamweaver MX File Permission Setting Lets Local Users Modify a File to Gain Elevated Privileges. Read more

www.securitytracker.com:
Macromedia Fireworks MX File Permission Setting Lets Local Users Modify a File to Gain Elevated Privileges. Read more

www.securitytracker.com:
Macromedia Contribute File Permission Setting Lets Local Users Modify a File to Gain Elevated Privileges. Read more

www.securitytracker.com:
HP HTTP Server Certificates Can Be Compromised By Remote Users. Read more

www.securitytracker.com:
Plaxo Input Validation Flaw in Job Title Field Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
Open WebMail 'userstat.pl' Input Validation Hole Lets Remote Users Execute Arbitrary Commands. Read more

www.securitytracker.com:
Xitalk Lets Local Users Execute Arbitrary Commands With 'utmp' Group Privileges. Read more

www.securitytracker.com:
vHost Input Validation Flaw Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
CFWebstore Input Validation Bugs Let Remote Users Inject SQL Commands and Conduct Cross-Site Scripting Attacks. Read more

News:
www.ecommercetimes.com:
The End of Passwords. Read more

www.chron.com:
Hacking class shows good offense best defense. Read more

13 march 2004

New in Archive
Gobo's Remote Keylogger

Backdoor.Winker.n

Backdoor.CBlade.b

Iroffer 1.3b05 (b)

Vulnerabilities & Exploits
www.securitytracker.com:
cPanel 'dohtaccess' Input Validation Flaw Permits Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
cPanel Password Reset and Login Features Let Remote Users Execute Arbitrary Commands With Root Privileges. Read more

www.securitytracker.com:
EMU Webmail 'emumail.fcgi' Input Validation Flaw Permits Cross-Site Scripting Attacks. Read more

www.debian.org:
DSA-462-1 xitalk -- missing privilege release. Read more

News:
informationweek.securitypipeline.com:
Netsky Hacker Threatens New Attack. Read more

12 march 2004

New in Archive
Backdoor.Flobo.b

Paszczus 2.0 client

Backdoor.Delf.fn

Vulnerabilities & Exploits
www.securitytracker.com:
Pegasi Web Server Discloses Files Outside of the Web Document Directory to Remote Users. Read more

www.securitytracker.com:
MyProxy Input Validation Hole Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more

www.debian.org:
DSA-461-1 calife -- buffer overflow. Read more

www.debian.org:
DSA-460-1 sysstat -- insecure temporary file. Read more

www.debian.org:
DSA-459-1 kdelibs -- cookie path traversal. Read more

News:
www.smh.com.au:
The anti-virus industry scam. Read more

www.theregister.co.uk:
More NetSky worms. So much for quitting. Read more

www.techweb.com:
Netsky Worm Reneged On Promise, Doesn't Retire. Read more

news.zdnet.co.uk:
Symbiot launches DDoS counter-strike tool. Read more

news.zdnet.co.uk:
Banks dismissive of 'phishing' losses. Read more

www.nzherald.co.nz:
Online scammers target Westpac for fourth time. Read more

11 march 2004

New in Archive
Small Uploader 1.01

Harvester 2003 (mail) 04

Caznova LK

Munga Bunga`s installer 1.0.3 (b)

Backdoor.Sepro.f

Vulnerabilities & Exploits
www.securitytracker.com:
Symantec Norton Internet Security Lets Remote Users Deny Service. Read more

www.securitytracker.com:
Symantec Norton Personal Firewall Lets Remote Users Deny Service. Read more

www.securitytracker.com:
Sysstat 'isag' Unsafe Temporary Files May Let Local Users Obtain Elevated Privileges. Read more

www.securitytracker.com:
sysstat 'post' and 'trigger' Scripts on Red Hat Let Local Users Gain Elevated Privileges. Read more

www.securitytracker.com:
Sun Solaris 'uucp' Has Unspecified Buffer Overflow That May Let Local Users Gain Elevated Privileges. Read more

www.securitytracker.com:
gdk-pixbuf Can Be Crashed By Remote Users With a Specially Crafted Bitmap File. Read more

www.securitytracker.com:
Unreal Game Engine Format String Flaw May Let Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
wMCam Server Lets Remote Users Deny Service With Many Connections. Read more

www.securitytracker.com:
Python getaddrinfo() IP Address Buffer Overflow May Let Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
Opera Cookie Path Restrictions Can Be Byassed By Remote Servers. Read more

www.securitytracker.com:
Apple Safari Cookie Path Restrictions Can Be Byassed By Remote Servers. Read more

www.securitytracker.com:
Mozilla Cookie Path Restrictions Can Be Byassed By Remote Servers. Read more

www.securitytracker.com:
KDE Konqueror Cookie Path Restrictions Can Be Byassed By Remote Servers. Read more

www.securitytracker.com:
Microsoft Internet Explorer Cookie Path Restrictions Can Be Byassed By Remote Servers. Read more

www.securiteam.com:
Nortel Networks Wireless LAN Access Point 2200 DoS. Read more

News:
www.securityfocus.com:
NetSky author signs off. Read more

www.nzherald.co.nz:
Microsoft upgrades Outlook security warning to 'critical'. Read more

news.netcraft.com:
SSL's Credibility as Phishing Defense Is Tested. Read more

news.bbc.co.uk:
Bypassing China's net firewall. Read more

www.winnetmag.com:
Fending Off Viruses and Spam. Read more

www.theage.com.au:
Net buyers warned on eBay fraud. Read more

www.nzherald.co.nz:
Fraudsters use bank's website. Read more

www.canada.com:
Israeli, 19, hacked into Pennsylvania police system, erased records: police. Read more

10 march 2004

New in Archive
rsCRT 1.0

MP Remote Logger 1.0

PaSzCzuS 1.9.1

Fenster 2.2

ibot 3.2

Guides, Papers, etc.
www.securityfocus.com:
Anti-Spam Solutions and Security. Read more

www.securityfocus.com:
Anti-Spam Solutions and Security, Part 2. Read more

Vulnerabilities & Exploits
www.nextgenss.com:
IBM DB2 Remote Command Execution Privilege Upgrade. Read more

www.securitytracker.com:
Microsoft MSN Messenger May Disclose Known Files to Remote Users. Read more

www.securitytracker.com:
Microsoft Windows Media Services Can Be Crashed By Remote Users. Read more

www.securitytracker.com:
Microsoft Office XP 'mailto' URL Parsing Bug Lets Remote Users Execute Arbitrary Code in the Local Computer Domain. Read more

www.securitytracker.com:
Microsoft Outlook 'mailto' URL Parsing Bug Lets Remote Users Execute Arbitrary Code in the Local Computer Domain. Read more

www.securitytracker.com:
IBM DB2 'db2rcmd.exe' Lets Remote Authenticated Users Execute Commands With Elevated Privileges. Read more

www.securitytracker.com:
Chat Anywhere '%00' Input Validation Flaw Lets Remote Authenticated Users Hide Their Session. Read more

www.securitytracker.com:
Yahoo! Mail 'order' and 'sort' Field Input Validation Flaw Permits Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
wu-ftpd Access Control Flaw Lets Remote Authenticated Users Bypass Group Restrictions. Read more

www.securitytracker.com:
ISS RealSecure Unspecified Flaw Yields SYSTEM Level Access to Remote Users. Read more

www.securitytracker.com:
ISS BlackICE Unspecified Flaw Yields SYSTEM Level Access to Remote Users. Read more

www.securitytracker.com:
Invision Power Board 'pop' Field Input Validation Flaw Permits Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
GNU Automake 'distdir.am' Unsafe Temporary Directory Creation May Let Local Users Gain Elevated Privileges. Read more

www.securitytracker.com:
nfs-utils Incorrect DNS Settings May Let Remote Users Crash rpc.mountd. Read more

www.securitytracker.com:
PWebServer '../' Input Validation Flaw Lets Remote Users Traverse the Directory. Read more

www.securitytracker.com:
Apache mod_access Parsing Flaw May Fail to Enforce Allow/Deny Rules. Read more

www.securitytracker.com:
Apache mod_ssl Memory Leak Lets Remote Users Crash the Daemon. Read more

News:
Microsoft Security Bulletin MS04-010
Vulnerability in MSN Messenger Could Allow Information Disclosure (838512). Read more

Microsoft Security Bulletin MS04-009
Vulnerability in Microsoft Outlook Could Allow Code Execution (828040). Read more

Microsoft Security Bulletin MS04-008
Vulnerability in Windows Media Services Could Allow a Denial of Service (832359). Read more

Microsoft Security Bulletin MS03-022
Vulnerability in ISAPI Extension for Windows Media Services Could Cause Code Execution (822343). Read more

www.microsoft.com:
Microsoft Windows Security Bulletin Summary for March, 2004. Read more

www.theregister.co.uk:
Microsoft's high-risk security strategy. Read more

www.securityfocus.com:
Googling Up Passwords Read more

www.theregister.co.uk:
We're just innocent techies, say accused spammers. Read more

www.theadvertiser.news.com.au:
Internet banking 'no longer safe'. Read more

09 march 2004

New in Archive
Cab of Filth 1.2a English

IRC bot plugin for Cold Fusion 1.1

Caznova Spy 0.1 beta

Webster 1.0

Snow 3.6

News:
www.internetweek.com:
Sobering Worm Poses As Microsoft Patch.Read more

www.sarawaktribune.com.my:
Virus whiz-kids using cyberspace as playground for gangland wars. Read more

catless.ncl.ac.uk:
The price of e-mail is constant vigilance. Read more

08 march 2004

New in Archive
NuclearBot 1.0

Abacap 0.9 beta

MiNUS W.D.

Fantasy-x 1.3

Backdoor.Charge.a

Vulnerabilities & Exploits
WFTPd STAT Command Remote Vulnerability Exploit. Read more

News:
reviews-zdnet.com.com:
Virus 'gangs' to blame for recent epidemic. Read more

australianit.news.com.au:
Inside the email virus wars. Read more

story.news.yahoo.com:
Virus whiz-kids using cyberspace as playground for gangland wars. Read more

software.newsforge.com:
A peek at script kiddie culture. Read more

www.vnunet.com:
IT staff offered fast-track hacker course. Read more

07 march 2004

New in Archive
Dyn-DL 1.0

Gadu Ghost 1.1

Caznova Key 1.2.1 Http

Evilsocks 0.11

RAT Cracker 1.5

Tools
sourceforge.net:
EFC monitors the execution of a program by observing system calls made by the program.EFC is supposed to protect from many attacks which just could be lethal. EFC is a kernel module, and woks on Linux only. It can be used as real time syscall level IDS. Read more

www.eicar.org:
The Anti-Virus test file. Read more Vulnerabilities & Exploits
www.securitytracker.com:
Network Time Protocol (NTP) Server Integer Overflow May Return the Incorrect Time. Read more

www.securityfocus.com:
Multiple Microsoft Internet Explorer Script Execution Vulnerabilities. Read more

News:
itvibe.com:
New wave worms pose dilemma for IT Managers. Read more

www.itweek.co.uk:
Hackers: who are they and how can they be stopped? Read more

www.theinquirer.net:
Chocolate teapot cracks zipped virus problem. Read more

06 march 2004

New in Archive
Paszczus 1.9

Devil 6 (b) 

DA-Web 2.2

AntiLamer Backdoor 1.4 (e) Server

Backdoor.Divux.d

Guides, Papers, etc.
www.securityfocus.com:
IIS 6.0 Security. Read more

Vulnerabilities & Exploits
www.securitytracker.com:
SURECOM Router Configuration Interface Can Be Crashed By Remote Users. Read more

www.securitytracker.com:
Symantec's Norton Anti-Virus Fails to Scan Files With Certain Characters in Path Names. Read more

www.securitytracker.com:
VirtuaNews 'admin.php' Input Validation Holes Permit Remote Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
SL Mail Pro SLWebMail Buffer Overflows Let Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
SL Mail Pro Buffer Overflow in Supervisor Report Center Lets Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
HP Tru64 IPSec/IKE Flaw in Processing Certificates May Let Remote Users Access the System. Read more

www.securitytracker.com:
wu-ftpd S/Key Challenge Buffer Overflow Lets Remote Users Execute Arbitrary Code With Root Privileges. Read more

www.debian.org:
DSA-456-1 linux-kernel-2.2.19-arm -- failing function and TLB flush. Read more

www.debian.org:
DSA-455-1 libxml -- buffer overflows. Read more

www.cisco.com:
Cisco CSS 11000 Series Content Services Switches Malformed UDP Packet Vulnerability. Read more

News:
news.zdnet.co.uk:
Antivirus software decrypts Bagle attachments. Read more

www.sourcewire.com:
Russian antivirus service tops the tables in independent German study. Read more

www.silicon.com:
Antivirus vendors unzip encrypted email viruses. Read more

www.itsecurity.com:
Aladdin Warns of New Malicious Code Vector. Read more

www.crn.com:
Updates Protect Against New Bagle Worms' Encrypted Tactics. Read more

www.theregister.co.uk:
Virus writers in malicious code hide-and-seek. Read more

www.theregister.co.uk:
Spam turns ten today. Read more

www.silicon.com:
Antivirus industry slammed by DTI report. Read more

www.sourcewire.com:
Russian antivirus service tops the tables in independent German study. Read more

itmanagement.earthweb.com:
How Long Must You Wait for an Anti-Virus Fix? Read more

05 march 2004

New in Archive
Toquito Bandito 1.0

Gadu Ghost 1.0

Caznova Key 1.2 Http

Backdoor.Rwins

Backdoor.Ducker

Tools
ircdefender.sourceforge.net:
IRC Defender is a program designed for IRC networks, written in perl. It is a modular security service which amongst other things will keep virus and trojan drones from your network, allow you to set akills using regular expressions, and will prevent abuse of CGI:IRC proxies. Read more

Guides, Papers, etc.
www.blackhat.com:
Announcing Black Hat's 2004 initial call for papers. Read more

Vulnerabilities & Exploits
www.securiteam.com:
Adobe Acrobat Reader XML Forms Data Format Buffer Overflow. Read more

www.securitytracker.com:
Cisco Content Services Switch 11000 Series Can Be Reloaded By Remote Users. Read more

www.securitytracker.com:
GNU coreutils Integer Overflow in 'dir' Command Lets Local Users Deny Service. Read more

www.debian.org:
DSA-454-1 linux-kernel-2.2.22-alpha -- failing function and TLB flush. Read more

www.debian.org:
DSA-453-1 linux-kernel-2.2.20-i386+m68k+powerpc -- failing function and TLB flush. Read more

News:
www.publictechnology.net:
Analysis: Digital Warfare - Combating malware & virus attack. Read more

www.publictechnology.net:
Analysis: Economic impact of malware virus attack. Read more

www.publictechnology.net:
Analysis: Q&A on malware & destructive virus security. Read more

www.internetweek.com:
Defending Against Worm Wave Proves Tough Task. Read more

www.theregister.co.uk:
Does open source software enhance security? Read more

www.securityfocus.com:
Calls to regulate 'failing' AV industry. Read more

Cyber villains clash for world domination. Read more

04 march 2004

New in Archive
My Demise 1.0

Hotmail Hacker Log Edition

U-Boot IIB

JerWin SockServer

Backdoor.Pointex.c

Vulnerabilities & Exploits
www.guninski.com:
Buffer overflow in qmail-qmtpd. Read more

www.securitytracker.com:
Spider Sales Shopping Cart Input Validation Flaws Permit SQL Injection and Remote Command Execution. Read more

www.securitytracker.com:
SmarterMail Input Validation Flaws Disclose Files to Remote Authenticated Users and Permit Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
Qmail-qmtpd Buffer Overflow in RELAYCLIENT May Let Local Users Gain Elevated Privileges. Read more

www.securitytracker.com:
GWeb '../' Input Validation Flaw Discloses Files to Remote Users. Read more

www.securitytracker.com:
[Vendor Disputes Claim] Web Wiz Forums 'Forgotten Password' Flaw Fails to Change Valid Authentication Cookie. Read more

www.securitytracker.com:
ignitionServer Undocumented Command Lets Operators Gain Elevated Privileges. Read more

www.securitytracker.com:
ProFTPD _xlate_ascii_write() Off-By-One Buffer Overflows Let Remote Users Execute Arbitrary Code With Root Privileges. Read more

www.securitytracker.com:
SPAex Search Engine Input Validation Flaw Permits Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
Dream FTP Server Additional Format String Flaws Lets Remote Users Crash the FTP Service. Read more

www.securitytracker.com:
Nortel Wireless LAN Access Point 2200 Admin Port Can Be Crashed By Remote Users. Read more

www.securitytracker.com:
Hot Open Tickets (HOT) Lets Remote Authenticated Users Elevated Their Security Level. Read more

www.securitytracker.com:
UUDeview MIME Buffer Overflow May Let Remote Users Execute Arbitrary Code. Read more

News:
www.theregister.co.uk War of the worms turns into war of words. Read more

english.aljazeera.net:
'War of the worms' erupts. Read more

english.aljazeera.net:
Sobig.F worm thwarted, for now. Read more

afr.com:
Netsky v Bagle: It's war of the worms. Read more

www.computerworld.com:
'Worm war' behind recent virus releases, experts say. Read more

www.theregister.co.uk
Windows source code sharers face chop. Read more

www.theregister.co.uk
Passwords are passport to theft. Read more

03 march 2004

New in Archive
[X]-ztoo 1.0

DA-Web 2.1

Stigma

Caznova 1.1 bf

Zer0 Tolerance 1.0

Vulnerabilities & Exploits
www.securitytracker.com:
SonicWall Firewall Bypasses Some ARP Requests, Allowing Remote Users to Determine IP Devices Behind the Firewall. Read more

www.securitytracker.com:
SkyHigh Chat Server Can Be Crashed By Remote Users. Read more

www.securitytracker.com:
FreeSpace 2 Game Client Buffer Overflow Lets Remote Servers Execute Arbitrary Code. Read more

www.securitytracker.com:
NetScreen-SA 5000 Input Validation Flaw in 'delhomepage.cgi' Permits Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
Novell Client Firewall Tray Icon Lets Local Users Execute Commands With SYSTEM Privileges. Read more

www.securitytracker.com:
Apple QuickTime Player Has an Unspecified Flaw That Permits Remote Code Execution. Read more

www.securitytracker.com:
Mac OS X Bug in Apple File Protocol (AFP) Over SSH May Fail to Encrypt Some Connectoins. Read more

www.securitytracker.com:
Magic Winmail Server Discloses Installation Path to Remote Users. Read more

www.securitytracker.com:
XMB Forum 'header.php' and Other Input Validation Flaws Permit Cross-Site Scripting and SQL Injection Attacks. Read more

www.securitytracker.com:
1st Class Mail Server POP3 Buffer Overflow May Let Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
eXtremail Numerical Password Bug Lets Remote Users Bypass Authentication to Access Certain Accounts. Read more

www.securitytracker.com:
XBoard '-icshome' Buffer Overflow Lets Local Users Execute Arbitrary Code. Read more

www.securitytracker.com:
FreeBSD mbuf Flaw Lets Remote Users Deny Service. Read more

www.securitytracker.com:
YaBB SE 'ModifyMessage' Input Validation Holes Let Remote Authenticated Users Delete Information and Files on the Target System. Read more

www.securitytracker.com:
ArGoSoft FTP Server Has Unspecified Vulnerabilities. Read more

www.securitytracker.com:
Red Faction Game Server Can Execute Arbitary Code on a Connected Client. Read more

www.securitytracker.com:
GNU Anubis Format String Flaw May Let Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
Motorola T720 Phones Can Be Shutdown By Remote Users. Read more

www.securitytracker.com:
GnuPG Key Validation Flaw May Fail to Warn When Encrypting to Users Without Sufficient Trust Paths. Read more

www.securiteam.com:
Serv-U MDTM Command Remote Vulnerability Exploit. Read more

News:
www.esj.com:
Microsoft Says Security Improvements Coming. Read more

news.xinhuanet.com:
Mydoom worm still a threat to computers. Read more

02 march 2004

New in Archive
LANfiltrator 1.5 BetaIII

MiniMO 05 Beta 1

Caznova 1.1 beta

Iroffer 1.3b03

Iroffer 1.3b04

Vulnerabilities & Exploits
www.securitytracker.com:
Squid Proxy Cache '%00' URL Character Access Control Bug May Let Remote Users Bypass Certain Access Controls. Read more

www.securiteam.com:
Microsoft Internet Explorer Cross Frame Scripting Restriction Bypass. Read more

News:
www.internetweek.com:
Wave of Bagle and Netsky Worm Variants Hits the Internet. Read more

www.theregister.co.uk:
Netsky-D makes your PC go beep, beep, beep. Read more

www.crime-research.org:
New fraud in the Internet. Read more

www.theregister.co.uk:
Mossad website 'hacker' walks free. Read more

www.theregister.co.uk:
Windows leak dangers 'exaggerated'. Read more

www.theregister.co.uk:
MS takes fight to the spammers. Read more

01 march 2004

New in Archive
01 march 2004

New in Archive
Levon Expert

TinyFWB 1.0

The Fate of Doom 1.0

U-Boot IIB Beta 0.89

Vertigo

Vulnerabilities & Exploits
www.securitytracker.com:
Free-BB Input Validation Flaw Permits Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
Invision Power Board Input Validation Holes in 'showuser' and Others Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more

News:
www.smh.com.au:
Study claims Linux most hacked but ignores malware. Read more

www.smh.com.au:
Worm creators keep abreast of the news. Read more

zdnet.com.com:
Microsoft enlists developers in security push. Read more

www.theinquirer.net:
Teenage female virus writer arrested. Read more

Levon Expert

TinyFWB 1.0

The Fate of Doom 1.0

U-Boot IIB Beta 0.89

Vertigo

Vulnerabilities & Exploits
www.securitytracker.com:
Free-BB Input Validation Flaw Permits Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
Invision Power Board Input Validation Holes in 'showuser' and Others Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more

News:
www.smh.com.au:
Study claims Linux most hacked but ignores malware. Read more

www.smh.com.au:
Worm creators keep abreast of the news. Read more

zdnet.com.com:
Microsoft enlists developers in security push. Read more

www.theinquirer.net:
Teenage female virus writer arrested. Read more


Copyrightę MegaSecurity.org