Bookmark or link to: www.kobayashi.cjb.net. All other url`s could change!
Home    News Archive    Translate Traducen
News June 2003
30 june 2003

New Trojans:
Let Me Rule 2.0 beta 8

Telserver 4.05

Vulnerabilities & Exploits:
www.securitytracker.com:
'wzdftpd' FTP Service Can Be Crashed By Remote Authenticated Users. Read more

www.securitytracker.com:
WebBBS Guest Book Input Validation Flaw Permits Remote Cross-Site Scripting Attacks. Read more

News:
www.zdnet.com:
How viruses (and your PC) are used to send spam. Read more

29 june 2003

New Trojans:
EjTroj 1.0

Remote Revise 1.71 Beta

GWGhost 2.2

Programming:
DLL Injection revised by Nasser Remy Rowhani (Assembly Language Tutor included). Download

Vulnerabilities & Exploits:
www.securitytracker.com:
VERITAS File System (VxFS) on Sun Solaris Grants File Access to Local Users. Read more

www.securitytracker.com:
Sun ONE Application Server LDAP Authentication Flaw May Yield Remote Access. Read more

www.securitytracker.com:
Microsoft Internet Explorer Buffer Overflow in Processing Scripted 'HR' Tags Lets Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
HP Tru64 UNIX /usr/bin/ksh Flaw Lets Local Users Consume All CPU Processing Time. Read more

www.securitytracker.com:
Symantec Norton Anti-Virus Protection Fails to Detect Viruses on Floppy Diskettes Windows-XP. Read more

www.securitytracker.com:
Bahamut IRCd Format String Flaw Lets Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
Mabry's FTPServer/X Buffer Overflow in Returning Responses May Let Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
BRS WebWeaver Input Validation Hole in Generating Error Messages Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
ProductCart Shopping Cart Input Validation Bug Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
Comersus Shopping Cart Discloses the Commerce Database to Remote Users. Read more

www.securitytracker.com:
more.groupware Input Validation Flaws Permit Remote Cross-Site Scripting Attacks. Read more

News:
news.com.com:
Microsoft, Google may go head-to-head. Read more

news.com.com:
eBay beefs up antifraud policies. Read more

www.itworld.com:
Windows 2000 gets fourth service pack. Read more

28 june 2003

New Trojans:
Reni

Zalivator 1.4 Pro (build 90)

Beast 2.01

Beast 2.00 (b)

iD_2001 remover

Vulnerabilities & Exploits:
www.securitytracker.com:
MRV OptiSwitch Yields Root Privileges to Remote Users. Read more

www.securitytracker.com:
Microsoft Windows Media Services (nsiislog.dll) Extension to Internet Information Server (IIS) Has Another Buffer Overflow That Lets Remote Execute Arbitrary Code. Read more

www.securitytracker.com:
NetScreen HTTP, Telnet, and FTP Authentication Feature Can Be Bypassed in Certain Cases. Read more

www.securitytracker.com:
Microsoft Windows Media Player Access Control Flaw Lets Remote Users View, Modify, and Delete Media Library Metadata. Read more

News:
www.silicon.com:
Microsoft the anti-virus company: Could it really happen? Read more

www.onlineathens.com:
New law forces companies to warn consumers of computer security holes. Read more

www.usatoday.com:
Bill would require e-customers to be told after site hack. Read more

www.theregister.co.uk:
I am not the Spammer you think I am. Read more

www.globetechnology.com:
Ottawa aiming to thwart cyber-terrorists. Read more

27 june 2003

New Trojans:
Snow 1.9

MiniCommand 2.0.3

Little Witch 6.1 (y) server

Vulnerabilities & Exploits:
www.securitytracker.com:
SGI IRIX Operating System 'inetd' Can Be Crashed By Remote Users. Read more

www.securitytracker.com:
iXmail Bugs Let Remote Users Login, View and Delete Files, and Execute Arbitrary Commands on the System. Read more

www.securitytracker.com:
LBreakout2 Format String Flaw Lets Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
'ike-scan' Buffer Overflow May Allow Local Users to Gain Elevated Privileges in Non-Default Configurations. Read more

www.securitytracker.com:
Alt-N WebAdmin Buffer Overflow in 'USER' Parameter Lets Remote Users Execute Arbitrary Code With System Privileges. Read more

www.securitytracker.com:
GKrellM Daemon Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more

www.securiteam.com:
FTPServer/X Response Buffer Overflow Vulnerability. Read more

www.securiteam.com:
Windows Media Services Remote Command Execution (Large POST). Read more

www.securiteam.com:
BRS WebWeaver Error Page Cross-Site Scripting Vulnerability. Read more

www.secunia.com:
Mabry Software FTPServer/X Response Buffer Overflow Vulnerability. Read more

News:
news.com.com:
Are spammers planting viruses in your PC? Read more

story.news.yahoo.com:
Spreading Internet Virus Spoofs E-Mail Addresses. Read more

www.blackhat.com:
Black Hat USA 2003 Briefings and Training. Read more

www.bayarea.com:
Reporter exploits weak Wi-Fi network; accesses student info. Read more

moneycentral.msn.com:
Is your financial data really safe? Read more

www.globetechnology.com:
Gates says Big Brother not necessarily bad. Read more

sify.com:
Indo-Pak hackers intensify 'cyber-war'. Read more

www.siliconvalley.com:
Legendary con artist warns: Hackers play mind games Read more

www.nzherald.co.nz:
Attack casts shadow over school. Read more

26 june 2003

New Trojans:
Sandesa 1.5

Igloo 00

Mona 3.5

Vulnerabilities & Exploits:
www.securitytracker.com:
VisNetic MailServer Web Mail Interface Discloses PHP Source Code to Remote Users. Read more

www.securitytracker.com:
GuestBookHost Input Validation Flaws in Several Fields Permit Remote Cross-Site Scripting Attack. Read more

www.securitytracker.com:
iWeb Server Lets Remote Users View Files on the System. Read more

www.securitytracker.com:
Tcptraceroute Fails to Drop Root Privileges. Read more

www.securitytracker.com:
Symantec Norton Anti-Virus Intelligent Update Failure May Disable Protections. Read more

www.securitytracker.com:
TUTOS Input Validation Vulnerabilities Permit Remote Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
Horde IMP Server Discloses Files on the System to Remote Users. Read more

www.securitytracker.com:
Simple Dynamic Finger Daemon (sdfingerd) Lets Local Users Obtain Root Privileges. Read more

www.securitytracker.com:
XMB Forum Input Validation Flaw in 'buddy.php' Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more

www.securiteam.com:
GKrellM Vulnerable to Remotely Exploitable Buffer Overflow (Shellcode Exploit). Read more

www.securiteam.com:
Flaw in ISAPI Extension for Windows Media Services Could Cause Code Execution. Read more

www.securiteam.com:
Flaw In Windows Media Player May Allow Media Library Access. Read more

www.securiteam.com:
Gnome Batalla Naval Remotely Exploitable Buffer Overflow (Exploit). Read more

News:
Microsoft Security Bulletin MS03-021
Flaw In Windows Media Player May Allow Media Library Access (819639). Read more

Microsoft Security Bulletin MS03-022
Flaw in ISAPI Extension for Windows Media Services Could Cause Code Execution (822343). Read more

www.networknewz.com:
EtterCap - ARP Spoofing And Beyond. Read more

www.nwfusion.com:
Symantec under fire for bugs, flaws. Read more

zdnet.com.com:
Sobig spawns a recipe for secret spam. Read more

zdnet.com.com:
IE flaw could unearth worm. Read more

australianit.news.com.au:
Security survey says life's a breach. Read more

www.hindustantimes.com:
Security isn't all Big Brother: Bill Gates. Read more

www.bayarea.com:
Your e-mail can haunt you forever. Read more

silicon.com:
IT myths: Who writes the viruses? Read more

www.snitch.com:
The weird evolution of wireless criminal possibilities. Read more

25 june 2003

New Trojans:
PWD Trojan 2.0

Little Witch 6.1 (e) client

Anal Rape 1.0

Windows AnonIRC 1.0

Vulnerabilities & Exploits:
www.securitytracker.com:
Alguest Grants Administrative Access to Remote Users. Read more

www.securitytracker.com:
Active MailServer Can Be Crashed By Remote Users. Read more

www.securitytracker.com:
PerlEdit Can Be Crashed By Remote Users. Read more

www.securitytracker.com:
GNATS Buffer Overflows Let Local Users Gain Elevated Privileges. Read more

www.securitytracker.com:
zenTrack Input Validation Flaw Discloses Files to Remote Users. Read more

www.securitytracker.com:
Symantec Security Check ActiveX Control Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more

www.securiteam.com:
Exploit Released for Buffer Overrun in WebAdmin.exe. Read more

www.securiteam.com:
Sphera HostingDirector and Final User Control Panel CSS, DoS and Session Hijacking. Read more

www.securiteam.com:
SSI Vulnerability in Compaq Web Based Management Agent. Read more

www.securiteam.com:
InterForum Contains Multiple Vulnerabilities (CSS, Private Message Reading, Admin Privileges). Read more

www.securiteam.com:
myServer Vulnerable to Multiple Slashes Vulnerability (///..///). Read more

www.securiteam.com:
Remote System Buffer Overrun in WebAdmin.exe. Read more

www.securiteam.com:
GKrellM Vulnerable to Remotely Exploitable Buffer Overflow (Exploit). Read more

www.securiteam.com:
ike-scan Buffer Overflow Vulnerabilitie. Read more

www.securiteam.com:
Cross Site Scripting Vulnerability Found in TUTOS. Read more

security.ziffdavis.com:
A Dictionary For Vulnerabilities. Read more

News:
hoovnews.hoovers.com:
Massive Distributed Denial of Service Attack Hits ClickBank and SpamCop.ne. Read more

www.abc.net.au:
Pope Moves Against Hackers. Read more

www.msnbc.com:
Hackers move on to hijacking. Read more

asia.cnet.com:
'Mod chip' design goes open source. Read more

hoovnews.hoovers.com:
Hike in use of IP on mobile networks to drive up risk. Read more

24 june 2003

New Trojans:
DSK-Lite 1.0

Beast 1.92 (a) (february 28, 2003)

Szaprika

Danton 4.0.1

Vulnerabilities & Exploits:
www.securitytracker.com:
QNX Demodisk Web Server Discloses Files to Remote Users. Read more

www.securiteam.com:
JNetHack Exploit Code Released. Read more

www.securiteam.com:
Exploit Code Released for GNATS Multiple Buffer Overflow Vulnerabilities. Read more

www.securiteam.com:
Local File Retrieving in QNX Internet Appliance Toolkit http-daemon. Read more

www.securiteam.com:
NGC Active Mail Server Multiple Buffer Overflows (HELO, MAIL FROM, and RCPT TO). Read more

www.securiteam.com:
IMP Allows Arbitrary File Reading and Path Disclosure. Read more

www.securiteam.com:
XSS Vulnerabilities Found in XMB Forum. Read more

www.securiteam.com:
GNATS (The GNU bug-tracking system) Multiple Buffer Overflow Vulnerabilities. Read more

www.debian.org:
DSA-329-1 osh -- buffer overflows. Read more

News:
www.securiteam.com:
55808 Trojan Analysis. Read more

www.securityfocus.com:
Securing PHP: Step-by-step. Read more

www.pcworld.com:
Best Buy Warns of E-Mail Scam. Read more

www.securityfocus.com:
Guess settles with FTC over cybersecurity snafu. Read more

www.hindustantimes.com:
Pak hackers deface 126 Indian sites. Read more

www.cbsnews.com:
Feds Form Anti-Terror E-Posse. Read more

www.salon.com:
Probe finds IRS workers abuse Internet. Read more

23 june 2003

New Trojans:
Deaths Corner 1.2

Specrem 4.0 (a)

T-Cmd 1.0 beta

Tool:
www.securityprofiling.com:
Honeyd is a small daemon that creates virtual hosts on a network that enhances network security by providing "honeypot" decoys that enable network security officers to detect, monitor, and contain unauthorized network activities without the intruder knowing they are being tracked. Read more

Vulnerabilities & Exploits:
www.securitytracker.com:
Progress Application Compiler May Let Local Users Gain Elevated Privileges. Read more

www.securitytracker.com:
Sun Solaris Buffer Overflow in dbm_open() and dbminit() Database Functions Lets Local Users Grab Root Privileges. Read more

www.securiteam.com:
Windows XP gethostbyaddr() NULL h_name Pointer. Read more

News:
www.620ktar.com:
Law Aims to Warn of Tech Security Holes. Read more

www.osforge.com:
Security companies warn of devious new Trojan. Read more

www.msnbc.com:
Online job seeker duped to help con. Read more

www.ccc.de:
Chaos Communication Camp 2003. The International Hacker Open Air Gathering. Read more

22 june 2003

New Trojans:
Furier Trojan 1.0

Badluck Reloaded

Nuclear FTPd 1.0

HTTP RAT 0.2 (i)

Vulnerabilities & Exploits:
www.securitytracker.com:
phpBB SQL Injection Flaw in 'viewtopic.php' Discloses Password Hashes to Remote Users. Read more

www.securitytracker.com:
InterForum Lets Remote Authenticated Users Gain Administrator Privileges on the Application. Read more

www.securitytracker.com:
SurfControl for Microsoft ISA Server Discloses Files to Remote Users. Read more

www.securitytracker.com:
Power Server Discloses Passwords and Files to Remote Users. Read more

www.securitytracker.com:
ProFTPD Input Validation Flaw When Authenticating Against Postgresql Using 'mod_sql' Lets Remote Users Gain Access. Read more

www.securitytracker.com:
pMachine Input Validation Hole Permits Remote Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
Kerio MailServer Buffer Overflows in 'add_acl', 'do_map', 'do_subscribe', and 'list' Modules Let Remote Authenticated Users Execute Arbitrary Code. Read more

www.securitytracker.com:
HP-UX 'tftpd' Has Unspecified Flaw That Lets Remote Users Crash the Daemon. Read more

www.securitytracker.com:
Sambar Server Buffer Overflow in 'search.pl' Lets Remote Users Crash the Service. Read more

www.securitytracker.com:
Portmon Lets Local Users Read and Write Arbitrary Files With Root Privileges. Read more

News:
www.adn.com:
Student charged with hacking university computers to derail election. Read more

www.infoanarchy.org:
How Google Edits the Web. Read more

21 june 2003

New Trojans:
Igloo 2.01.0

Mini LD 1.2

Little Witch 5.30 server

OICQSearch 1.65

Vulnerabilities & Exploits:
www.securitytracker.com:
Sun Management Center (SunMC) May Let Local Users Gain Root Privileges. Read more

www.securitytracker.com:
Avaya P330/P130 and G700 Switches Can Be Crashed By Remote Users. Read more

www.securitytracker.com:
MidHosting FTPd (mhftpd) Memory Access Control Flaw Lets Local Users Deny Service. Read more

www.securitytracker.com:
Qpopper Indicates Valid Account Status to Remote Users. Read more

www.securitytracker.com:
RSA SecurID ACE/Agent Input Validation Flaw Permits Remote Cross-Site Scripting Attacks. Read more

News:
news.zdnet.co.uk:
Hackers masquerade as Best Buy to steal credit-card details. Read more

www.pressofatlanticcity.com:
E-mail scam targeting eBay users for identity information. Read more

www.infoworld.com:
Security companies warn of devious new trojan. Read more

www.geek.com:
Mystery trojan confounds experts, gains steam worldwide. Read more

20 june 2003

New Trojans:
Evil-X 2.0.1

Insecure Executable Downloader 1.01

Hatred-Fiend 1.2

Nuclear Uploader 1.1

Vulnerabilities & Exploits:
www.iss.net:
"Stumbler" Distributed Stealth Scanning Network. Read more

www.securitytracker.com:
ARMIDA Web Server Lets Remote Users Introduct Denial of Service Conditions. Read more

www.securitytracker.com:
Microsoft Internet Explorer XML Parsing Error Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
Microsoft Internet Explorer Custom HTTP Error Pages May Let Remote Users Execute Scripts in the Local Computer Zone. Read more

www.securiteam.com:
Squid Buffer Overflow Exploit Code Released (FTP). Read more

www.securiteam.com:
New Ethereal Version Address Security Vulnerabilities. Read more

www.securiteam.com:
pMachine Include() Vulnerability Allows Path Disclosure and Code Injection. Read more

www.securiteam.com:
Multiple Buffer Overflows in Kerio Mail Server (subscribe, add_acl, list, and do_map). Read more

www.securiteam.com:
RSA SecurID ACE Agent Cross Site Scripting. Read more

www.securiteam.com:
Script Injection to Custom HTTP Errors in Local Zone. Read more

www.securiteam.com:
Multiple Vulnerabilities in Power Server. Read more

www.securiteam.com:
MidHosting FTPd Denial of Service Vulnerability (Non-NULL Terminated Username). Read more

www.securiteam.com:
SQL Inject in ProFTPD Login against PostgreSQL Using mod_sql. Read more

www.debian.org:
DSA-328-1 webfs -- buffer overflow. Read more

www.debian.org:
DSA-327-1 xbl -- buffer overflows. Read more

www.debian.org:
DSA-326-1 orville-write -- buffer overflows. Read more

News:
www.vnunet.com:
New Trojan in the wild. Read more

www.eweek.com:
Trojan Picks Up Steam, Baffles Experts. Read more

www.eweek.com:
Security Researchers Uncover Mystery Malware. Read more

www.canada.com:
Hacker who caught judge mad at ruling. Read more

pennlive.com:
Guess Inc. agrees to tighten Web security. Read more

www.cnn.com:
Geek challenge: A hack-proof network. Read more

www.greenwooddemocrat.com:
More internet fraud. Read more

newsobserver.com:
Universities try to hone cybersecurity niche. Read more

www.securityfocus.com:
Tracking Down the Phantom Host. Read more

www.securityfocus.com:
Security Researchers Nibble at Bluetooth. Read more

www.asiamedia.ucla.edu:
Military to create units against hacking, terrorism. Read more

19 june 2003

New Trojans:
Lula 1.00.0065

LiveList Notifier 1.0 (b)

Infinity WebDownloader 1.0

GWGhost 3.0

Vulnerabilities & Exploits:
www.securitytracker.com:
XOOPS Forum Tutorials Module Lets Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
Retrospect Client Default File Permissions Let Local Users Gain Elevated Privileges. Read more

www.securitytracker.com:
JEUS Web Server Input Validation Flaw Permits Remote Cross-Site Scripting Attack. Read more

www.securitytracker.com:
BNC Chat Client File Locking Flaw Lets Remote Users Deny Service. Read more

www.securitytracker.com:
Snitz Forums Input Validation Flaw in 'password.asp' Lets Remote Users Reset the Passwords of Arbitrary Users. Read more

www.securitytracker.com:
Linux PAM Flaw in 'pam_wheel' May Let Local Users Grab Root Privileges. Read more

www.securitytracker.com:
myServer Web Server Input Validation Flaw Discloses Files on the System to Remote Users. Read more

www.securitytracker.com:
ASP Chat Permits Remote Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
Mailtraq Mail Server Has Multiple Flaws, Disclosing Files to Remote Users and Passwords to Local Users. Read more

www.securiteam.com:
xpcd Buffer Overflow Exploit Code. Read more

www.securiteam.com:
Another Cdrecord Format String Vulnerability Exploit Released. Read more

www.securiteam.com:
Portmon Arbitrary File Read/Write Access Vulnerability. Read more

News:
www.theregister.co.uk:
Fresh variant to tedious worm bores users into submission. Read more

www.internetnews.com:
SoBig Worm Rears Its Head Again. Read more

www.eweek.com:
Trojan Picks Up Steam, Baffles Experts. Read more

www.computerweekly.com:
Experts fear hacking scenes in Matrix Reloaded are too accurate. Read more

www.washingtonpost.com:
Cybersecurity Starts in the Office. Read more

straitstimes.asia1.com.sg:
Hackers turn SDP website into sex site. Read more

www.theregister.co.uk:
Cracker spills the beans on PDF flaw. Read more

www.oreillynet.com:
Clueless Senator and his Virus Proposal. Read more

18 june 2003

New Trojans:
Igloo 2.00.0

CiGiCiGi 1.5 (a)

NetDevil 1.0 (b)

NetDevil 1.3 (c) server

Tools:
www.ethereal.com:
Ethereal 0.9.13 has been released. Read more

gray-world.net:
Firepass - a tunneling tool, allowing to bypass firewall restrictions. Read more

Vulnerabilities & Exploits:
security.greymagic.com:
Script Injection to Custom HTTP Errors in Local Zone. Read more

security.greymagic.com:
Cross-Site Scripting in Unparsable XML Files. Read more

www.securitytracker.com:
UW-IMAP Server Flaws Disclose Files on the System to Remote Authenticated Users and Also Permit Remote File Operations. Read more

www.securitytracker.com:
LedNews Input Validation Flaw Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
Sphera HostingDirector Has Multiple Flaws That Let Remote Users Bypass Access Controls. Read more

News:
www.dchieftain.com:
Internet security crucial to homeland security. Read more

zdnet.com.com:
Microsoft takes spam fight to court. Read more

www.thestate.com:
Secret Service unit adds S.C. cybercrime center. Read more

zdnet.com.com:
Security vs. accessibility--a fine balance. Read more

www.securityfocus.com:
Bad Raps for Non-Hacks. Read more

www.eweek.com:
When to Shed Light (about software security vulnerabilities). Read more

straitstimes.asia1.com.sg:
Hackers turn SDP website into sex site. Read more

www.idg.net:
Windows Tips: Password-Protect Your Sensitive Files and Folders. Read more

17 june 2003

New Trojans:
Acid Reign 1.0 (version 2)

sBot 1.2

Snow 1.8

DftpSERVER 1.0 (version 2)

Vulnerabilities & Exploits:
www.idefense.com:
Linux-PAM getlogin() Spoofing Vulnerability. Read more

www.securitytracker.com:
Infobot IRC Bot Default User Accounts May Let Remote Users Access the System. Read more

www.securitytracker.com:
myServer Web Server HTTP Parsing Flaw Lets Remote Users Crash the Web Service. Read more

www.securitytracker.com:
pMachine Include File Bug in 'lib.inc.php' Lets Remote Users Execute Arbitrary OS Commands on the Target Server. Read more

www.securitytracker.com:
'pod.board' Input Validation Holes Permit Remote Cross-Site Scripting Attacks. Read more

www.securiteam.com:
Kon Exploit Code Released (Local). Read more

www.securiteam.com:
Polymorph Local Buffer Overflow. Read more

www.securiteam.com:
Ability Mail Server Stores Passwords in the Clear. Read more

www.securiteam.com:
Path Disclosure Vulnerability Found in Aiglon Web Server. Read more

www.securiteam.com:
Multiple Vulnerabilities in the Enceladus Server Suite (CSS, Clear text passwords, User file). Read more

www.securiteam.com:
Multiple Vulnerabilities in NGC Active FTP Server (USER, CWD, LS, GET, MKDIR). Read more

Linux-PAM getlogin() Spoofing Vulnerability. Read more

BNC Double File Locking Mechanism Allows Attackers to Cause a Denial of Service. Read more

News:
www.defcon.org:
Defcon 2003. Read more

www.eweek.com:
Researcher Leaks CERT Bulletin. Read more

www.securityfocus.com:
Penetration Testing for Web Applications. Read more

www.eweek.com:
New Breed of Trojan Raises Security Concerns. Read more

www.securityfocus.com:
Bad Raps for Non-Hacks. Read more

www.information-security.net:
The State Of Cyber Security. Read more

www.thestate.com:
Online privacy tough to maintain. Read more

www.chron.com:
Hackers put Bush photo on British site. Read more

16 june 2003

New Trojans:
GWGhost 2.5 A5

Near Mohists 1.866

Slime 1.1

Wildek 0.2 beta (a)

Nuclear Uploader 1.0 (b)

Vulnerabilities & Exploits:
www.securitytracker.com:
Xpdf May Execute Shell Commands Embedded Within PDF Files. Read more

www.securitytracker.com:
Adobe Acrobat Reader on Linux/UNIX May Execute Shell Commands Embedded Within PDF Files. Read more

www.securitytracker.com:
Typespeed Game Buffer Overflow in Networking Code Lets Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
Progress Database _dbagent Command Option Lets Local Users Execute Arbitrary Code With Root Privileges. Read more

www.securitytracker.com:
Progress Database Reliance on User-Supplied PATH Variable When Opening Shared Object Files Lets Local Users Grab Root Privileges. Read more

www.securitytracker.com:
Cistron RADIUS Server Single Byte Overflow Lets Remote Authenticated Users Execute Arbitrary Code. Read more

www.securitytracker.com:
Tarantella Session Routing Flaw May Send Keypresses From One User to Another User's Session. Read more

www.securiteam.com:
myServer Vulnerable to Terminated Connection DoS. Read more

www.securiteam.com:
myServer Directory Traversal Vulnerability. Read more

www.securiteam.com:
Lycos Authenticating Systems and Lycos News Server Vulnerabilities. Read more

www.securiteam.com:
Progress Database dbagent Security Vulnerability. Read more

www.securiteam.com:
Progress PATH Based dlopen() Issue. Read more

www.securiteam.com:
Multiple Vulnerabilities Found in Mailtraq (DoS, Password Decryption, Directory Traversal). Read more

www.debian.org:
DSA-318-1 lyskom-server -- denial of service. Read more

www.debian.org:
DSA-319-1 webmin -- session ID spoofing. Read more

www.debian.org:
DSA-320-1 mikmod -- buffer overflow. Read more

www.debian.org:
DSA-321-1 radiusd-cistron -- buffer overflow. Read more

www.security-corporation.com:
Infobot backdoor. Read more

News:
news.bbc.co.uk:
India gears up to fight hackers. Read more

www.keralanext.com:
Hackers put porn on Kolkata police's website. Read more

www.thesundaymail.news.com.au:
Chaos only a click away. Read more

www.dailynews.com:
4 student hackers suspected of 'improving' grades. Read more

www.cincypost.com:
Known cyber-hacker charged. Read more

www.theage.com.au:
Vandals or activists? Read more

15 june 2003

New Trojans:
FileHack

Back Attack 1.5

zGET 0.3

Little Witch 6.1 (v) server

Remote Keylogger (b)

Tool:
www.insecure.org:
Nmap 3.28 Released. Read more

Vulnerabilities & Exploits:
www.securitytracker.com:
Methodus Input Validation Flaw in FTP Server Component Discloses Files to Remote Users. Read more

www.securitytracker.com:
Apple Mac OS X 'dsimportexport' Tool Discloses Password to Local Users. Read more

www.securitytracker.com:
'ike-scan' Format String Flaw May Allow Local Users to Gain Elevated Privileges. Read more

www.securitytracker.com:
MySQL Buffer Overflow in 'mysql_real_connect()' Client Function May Let Remote or Local Users Execute Arbitrary Code. Read more

www.securitytracker.com:
Ethereal Flaws in DCERPC, OSI, and Other Dissectors May Let Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
FakeBO Trojan Emulator Format String Flaw Lets Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
silentThought Simple Web Server Directory Traversal Flaw Discloses Files to Remote Users. Read more

News:
www.vnunet.com:
Spammers use Trojans to enslave home PCs. Read more

moneycentral.msn.com:
The top 9 e-mail hoaxes. Read more

14 june 2003

New Trojans:
Ghost 1.0 by Yu Guang Wai

Force 1.55 (c)

Huntergop 1.5

InjShell

Vulnerabilities & Exploits:
www.securitytracker.com:
Nuca WebServer Plugin Discloses Files on the System to Remote Users. Read more

www.securitytracker.com:
ArGoSoft Mail Server Freeware Version Can Be Crashed By Remote Users. Read more

www.securitytracker.com:
SMC Barricade Wireless Router Can Be Crashed By Remote Users. Read more

www.securitytracker.com:
WebBBS Pro Can Be Crashed By Remote Users. Read more

www.securitytracker.com:
NGC Active FTPServer USER Command Overflow Lets Remote Users Crash the FTP Service. Read more

News:
www.theregister.co.uk:
Security vuln in NTL spam. Read more

www.theregister.co.uk:
On MS, AV and Addictive Updates. Read more

www.securityfocus.com:
Honeypots: Are They Illegal? Read more

www.securityfocus.com:
Cracking Down on Cyberspace Land Grabs. Read more

www.cincypost.com:
Known cyber-hacker charged. Read more

www.thescotsman.co.uk:
HBOS and RBS targeted by latest computer virus seeking passwords. Read more

13 june 2003

New Trojans:
Cold Fusion 1.1 (build 041)

Remote Revise 1.7

Sin-4-cyn

Clandestine 1.5.2

Vulnerabilities & Exploits:
www.securitytracker.com:
Mollensoft FTP Server FTP Command Buffer Overflows Let Remote Authenticated Users Execute Arbitrary Code. Read more

www.securitytracker.com:
Nokia Gateway GPRS Support Node (GGSN) Can Be Crashed By Remote Users. Read more

www.securitytracker.com:
mnoGoSearch Buffer Overflows in 'ul' and 'tmplt' Variables Permit Remote Code Execution. Read more

www.securitytracker.com:
BookCMS Default Password Allows Remote Users to Login as Administrators. Read more

www.securiteam.com:
WebBBS Pro Multiple Denial of Service Vulnerabilities (AUX, *, LPT). Read more

www.securiteam.com:
Directory Traversal Found in silentThought Simple Web Server. Read more

www.debian.org:
DSA-313-1 ethereal -- buffer overflows, integer overflows. Read more

www.debian.org:
DSA-314-1 atftp -- buffer overflow. Read more

www.debian.org:
DSA-315-1 gnocatan -- buffer overflows, denial of service. Read more

www.debian.org:
DSA-316-1 nethack -- buffer overflow, incorrect permissions. Read more

www.debian.org:
DSA-317-1 cupsys -- denial of service. Read more

News:
seattletimes.nwsource.com:
Virus writers vs. virus fighters: Share vulnerabilities or not? Read more

www.cbsnews.com:
Zipped Files, Encrypted. Read more

www.reuters.com:
L.A. Man Pleads Guilty to Al-Jazeera Cyber Attack. Read more

www.lasvegassun.com:
Hacker Sentenced to Federal Prison. Read more

www.thescotsman.co.uk:
HBOS and RBS targeted by latest computer virus seeking passwords. Read more

www.cellular-news.com:
GPRS network could be hacked. Read more

cities.expressindia.com:
Cybersex costs Abu Dhabi man Rs 96 lakh. Read more

www.msnbc.com:
Man arrested in huge eBay fraud. Read more

www.astalavista.com:
Google: A Hacker's Best Friend. (PDF). Read more

12 june 2003

New Trojans:
Herman Uploader 1.0

Nethief 4.7

GWGhost 2.1

Vulnerabilities & Exploits:
www.securitytracker.com:
H-Sphere Template Input Validation Hole Lets Remote Users Conduct Cross-Site Scripting Attacks to Hijack Sessions. Read more

www.securitytracker.com:
Enceladus Server Suite Bugs Disclose Passwords to Local Users and Permit Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
Microsoft Windows Server 2003 Drivers May Leak Information From Memory Via Ethernet Packets Containing TCP Streams. Read more

www.securitytracker.com:
LeapFTP PASV Command Response Buffer Overflow Lets Remote FTP Servers Execute Arbitrary Code on the Client. Read more

www.securitytracker.com:
FTP Voyager File List Buffer Overflow Lets Remote FTP Servers Execute Arbitrary Code. Read more

www.securitytracker.com:
SmartFTP PWD Response Buffer Overflow Lets Remote FTP Servers Execute Arbitrary Code on the Client. Read more

www.securitytracker.com:
FlashFXP PASV Response Buffer Overflow Lets Remote Servers Execute Arbitrary Code. Read more

www.debian.org:
DSA-312-1 kernel-patch-2.4.18-powerpc -- several. Read more

www.securiteam.com:
ATFTPd Exploit Code Release (Long Filename). Read more

www.securiteam.com:
Exploit Code Release for lsmcode Vulnerability. Read more

www.securiteam.com:
Exploit Code Released for errpt. Read more

www.securiteam.com:
Exploit Code Released for diagrpt Vulnerability. Read more

www.securiteam.com:
Mollensoft FTP Server Buffer Overflow Vulnerabilities. Read more

www.securiteam.com:
Denial of Service Vulnerability in SMC Networks' Barricade Wireless Router. Read more

www.securiteam.com:
Nokia GGSN (IP650 Based) DoS. Read more

www.securiteam.com:
Speak Freely Multiple Remote and Local Vulnerabilities. Read more

www.securiteam.com:
mnoGoSearch Vulnerable to a Buffer Overflow Vulnerability (ul, tmplt). Read more

News:
www.securityfocus.com:
Effects of Worms on Internet Routing Stability. Read more

www.theregister.co.uk:
Microsoft enters AV market. Read more

huknews.hoovers.com:
UK wireless Lans are still left unsecured. Read more

hoovnews.hoovers.com:
Latest Bugbear virus claws at banks. Read more

www.usatoday.com:
Magazine, university draw ire of antivirus industry. Read more

www.washingtonpost.com:
Phone Networks Open Doors for Hackers. Read more

www.theargusonline.com:
Newark hacker may be expelled. Read more

www.cleveland.com:
Man indicted on charges of hacking, child porn. Read more

11 june 2003

New Trojans:
Remoter

Fast Internet Utility 1.666b

Fast Internet Utility 1.666d

Amitis 1.3 server update

Vulnerabilities & Exploits:
www.securitytracker.com:
Aiglon Web Server Discloses Installation Path to Remote Users. Read more

www.securitytracker.com:
Opera Access Control Flaw in Java Lets Malicious Javascript and Java Applets Bypass Security Restrictions. Read more

www.securitytracker.com:
Netscape Access Control Flaw in Java Lets Malicious Javascript and Java Applets Bypass Security Restrictions. Read more

www.securitytracker.com:
Mozilla Access Control Flaw in Java Lets Malicious Javascript and Java Applets Bypass Security Restrictions. Read more

www.securitytracker.com:
Sun JRE Java Vitual Machine Uses Unsafe Temporary Files, Letting Local Users Gain Elevated Privileges. Read more

www.securitytracker.com:
Speek Freely Voice Communications Software Buffer Overflows Let Remote Users Execute Arbitrary Code. Read more

News:
www.securityfocus.com:
The Enemy Within: Firewalls and Backdoors. Read more

www.ciol.com:
Microsoft’s secure move. Read more

www.fortune.com:
The Two Faces of Foundstone. Read more

techfocus.org:
Well-Known Security Company Accused of Widespread Piracy. Read more

www.computerweekly.com:
Firms let hackers in through their VPNs. Read more

10 june 2003

New Trojans:
SnagDos

CD-Rom Trojan

Bfpass2.998

Slime 1.0 (a)

Vulnerabilities & Exploits:
farking.daemon.sh:
zenTrack Remote Command Execution Vulnerabilities. Read more

www.nextgenss.com:
Etherleak information leak in Windows Server 2003 drivers. Read more

www.securiteam.com:
Apache 2.x APR Exploit Code. Read more

www.securiteam.com:
Magic Winmail Server Format String Vulnerability (Exploit). Read more

www.securiteam.com:
XSS Vulnerability in Synkron.web CMS. Read more

www.securiteam.com:
Buffer Overflows in Novell iChain Authentication. Read more

www.securiteam.com:
The Slammer Worm Effect: Why Linux OS is More Attackable than Windows OS. Read more

www.securiteam.com:
Etherleak Information Leak in Windows Server 2003 Drivers. Read more

www.securiteam.com:
AdSubtract Proxy ACL Bypass Vulnerability. Read more

www.securiteam.com:
Mailtraq Multiple Vulnerabilities (CSS, Path Disclosure, Source Viewing). Read more

www.securiteam.com:
Java Virtual Machine Symlink Vulnerability (jpsock). Read more

www.securiteam.com:
Linux 2.0 Remote Info Leak from Too Big ICMP Citation. Read more

www.debian.org:
DSA-310-1 xaos -- improper setuid-root execution. Read more

www.debian.org:
DSA-311-1 linux-kernel-2.4.18 -- several. Read more

News:
www.smh.com.au:
US Warns Banks Worldwide About BugBear Virus. Read more

www.theage.com.au:
BugBear has little impact at Australian banks. Read more

www.sltrib.com:
Avoid Being Victimized by E-Mail Cons. Read more

www.fortune.com:
The Two Faces of Foundstone. Read more

www.news.com.au:
Spammers hijack addresses. Read more

www.pcworld.com:
PGP Encryption Proves Powerful. Read more

09 june 2003

New Trojans:
Yet Another Trojan 1.3 by toxed

LANfiltrator 1.1

Sysdll

Beast 1.92 (a) (february 22, 2003)

WDoor 1.1

Vulnerabilities & Exploits:
www.securitytracker.com:
zenTrack Include File Error Lets Remote Users Execute Arbitrary Commands. Read more

www.securitytracker.com:
Novell iChain Bugs Let Remote Users Access a Restricted Page or Crash the Service. Read more

www.securitytracker.com:
Novell HTTPSTK Can Be Crashed By Remote Users. Read more

www.securitytracker.com:
MaxWebPortal Authentication Flaws Let Remote Users Access Any Account. Read more

www.securitytracker.com:
zblast Game Environment Variable Buffer Overflow Lets Local Users Gain Elevated Privileges. Read more

www.securitytracker.com:
XaoS Fractal Zoomer Command Line Buffer Overflow Gives Root Privileges to Local Users. Read more

www.securitytracker.com:
MDaemon IMAP Buffer Overflows Let Remote Users Execute Arbitrary Code With System Privileges. Read more

www.securitytracker.com:
MERCUR Mail Server IMAP Buffer Overflows Let Remote Users Execute Arbitrary Code With System Privileges. Read more

www.securitytracker.com:
Synkron.web Input Validation Flaw Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more

News:
straitstimes.asia1.com.sg:
North Korea 'churning out cyberterrorists'. Read more

www.sunspot.net:
Computer Hackers Gather in Pittsburgh. Read more

hinduonnet.com:
Indo-Pak. hacker war comes here too. Read more

www.zdnet.com:
Why schools should teach virus writing. Read more

www.gulf-news.com:
Scam a jolt to expatriate trust on ATMs. Read more

www.theage.com.au:
Cracking the Xbox. Read more

08 june 2003

New Trojans:
Sub7 tool scanner 1.0

Guangwai Girl 7.0xp

Snow 1.7

Vulnerabilities & Exploits:
www.securitytracker.com:
Sun Solaris utmp_update Buffer Overflow Yields Root Access to Local Users. Read more

www.securitytracker.com:
WordPress Input Validation Flaw Lets Remote Users Inject SQL Commands and Execute Arbitrary PHP Code. Read more

www.securitytracker.com:
myServer Web Service Can Be Crashed By Remote Users With Long URLs. Read more

www.securitytracker.com:
Sun Java (JRE/SDK) Access Control Flaw Lets Untrusted Applets Access Information From Other Applets. Read more

www.securitytracker.com:
Sambar Server Discloses Files on the System to Remote Users. Read more

www.securitytracker.com:
b2 Cafelog Lets Remote Users Inject SQL Commands to Gain Administrator Privilege. Read more

www.securitytracker.com:
NewsPHP Input Validation Hole in 'Comments' Feature Permits Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
HP/UX Network Stack Bug May Let Remote Users Crash Certain Applications. Read more

www.securitytracker.com:
HP/UX ftpd REST Command Flaw May Disclose Memory Contents to Remote Users. Read more

www.securitytracker.com:
ImageFolio Input Validation Flaw in 'admin.cgi' Lets Remote Authenticated Users View and Delete Files. Read more

www.securitytracker.com:
Monkey Web Server Test Files Disclose System Information and Permit Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
OpenSSH Host Access Restrictions Can Be Bypassed By Remote Users. Read more

www.debian.org:
DSA-308-1 gzip -- insecure temporary files. Read more

www.debian.org:
DSA-309-1 eterm -- buffer overflow. Read more

News:
www.fcw.com:
Feds escape Bugbear bite. Read more

cryptome.org:
Keith Decision Bans Domestic Electronic Spying. Read more

07 june 2003

New Trojans:
Munga Bunga's installer

sBot 1.0

Nethief 4.6

Vulnerabilities & Exploits:
www.securitytracker.com:
AdSubtract Access Control Flaw Lets Remote Users Connect to Arbitrary Hosts Via the Application. Read more

www.securitytracker.com:
Microsoft Internet Explorer Input Validation Flaw in Displaying FTP Site Names Lets Remote Users Execute Arbitrary Scripting Code in Arbitrary Domains. Read more

www.securitytracker.com:
Sun Solaris 'syslogd' Buffer Overflow Lets Remote Users Crash the Daemon. Read more

www.securitytracker.com:
Mac OS X May Transmit LDAP Passwords Without Encryption in Certain Cases. Read more

www.securitytracker.com:
Xpressions Commerce Software Discloses Credit Card Data to Remote Users. Read more

www.securitytracker.com:
MegaBrowser Web Server Discloses Files on the System to Remote Users. Read more

www.securitytracker.com:
Microsoft Internet Explorer (IE) Object Tag Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
Pablo's FTP Server Discloses Passwords to Remote Authenticated Users and to Local Users. Read more

www.securitytracker.com:
Ability Mail Server Discloses Passwords to Local Users. Read more

www.securitytracker.com:
Mailtraq E-mail Server Discloses Script Source Code to Remote Users and Permits Cross-Site Scripting Attacks. Read more

www.securiteam.com:
HPUX ftpd remote issue via REST. Read more

News:
www.adn.com:
New virus spreading on Internet. Read more

news.com.com:
Wired to publish Slammer code. Read more

news.com.com:
Virus could make for a freaky Friday. Read more

www.reuters.com:
Bugbear Virus Shut Down Stanford University E-Mail. Read more

www.securityfocus.com:
Two men charged with using "skimmer" to clone diners' credit cards. Read more

www.hindustantimes.com:
Hacker gathering is a roundup of web cowboys. Read more

www.theregister.co.uk:
Return to sender, false address unknown. Read more

06 june 2003

New Trojans:
SubSari 1.5 Beta1

Subsari 1.4 (b)

Mona 3.2

DKangel 2.5

Vulnerabilities & Exploits:
www.geocities.co.jp:
Microsoft Internet Explorer %USERPROFILE% Folder Disclosure Vulnerability. Read more

www.securitytracker.com:
Pi3Web Server Flaw in Sorting Directory Index Listings May Let Remote Users Crash the Web Service. Read more

www.securitytracker.com:
NewsPHP Input Validation Flaw Lets Remote Users Gain Administrator Privileges on the Application. Read more

www.securitytracker.com:
IRCXpro Chat Server Discloses Passwords to Local Users. Read more

www.securitytracker.com:
Sun Solaris in.telnetd Unspecified Bug May Let Remote Users Crash the System. Read more

www.eeye.com:
Internet Explorer Object Type Property Overflow. Read more

News:
www.duluthsuperior.com:
Hibbing man will fight hackers. Read more

boston.com:
EU Squabble May Sink Planned Cybercrime Agency. Read more

www.fcw.com:
HHS boosting cybersecurity. Read more

www.gulf-news.com:
ATM fraud losses by banks put at Dh1.5m. Read more

05 june 2003

New Trojans:
AntiLamer Light 2.01 server

WAY 1.0

ItEye 2.2

Vulnerabilities & Exploits:
www.oisafety.org:
Security Vulnerability Reporting and Response Process. Public Review Version 04 June 2003 Read more

www.securitytracker.com:
WebChat for PHP-Nuke Has Multiple Flaws That Allow Cross-Site Scripting and Possibly SQL Injection. Read more

www.securitytracker.com:
SPChat Input Validation Flaw in 'statussess' Field Permits Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
(Fix is Available) KDE Konqueror Embedded Fails to Validate SSL Server Certificates in Certain Cases Read more

www.securitytracker.com:
Crob FTP Server Format String Flaw Lets Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
Sun Management Center (SunMC) Change Manager Buffer Overflow in 'pamverifier' Yields Root Privileges to Local and Remote Users. Read more

www.net-security.org:
Analysis of Remote Active Operating System Fingerprinting Tools. (pdf) Read more

News:
Microsoft Security Bulletin MS03-020
Cumulative Patch for Internet Explorer (818529). Read more

www.securityfocus.com:
Group Releases Anti-Disclosure Plan. Read more

www.vnunet.com:
Linux hacks hit all-time high. Read more

www.theregister.co.uk:
First Win 2003 patch is really for IE. Read more

www.internetweek.com:
Virus-Writers Using Spammer Techniques To Speed Spread. Read more

www.pcworld.com:
Sobig: Spam, Virus, or Both? Read more

www.computerworld.com:
Microsoft to introduce security certifications. Read more

www.vnunet.com:
The danger of mobile viruses. Read more

04 june 2003

New Trojans:
Shadow32

GetPassword 1.0

gosocks

Vulnerabilities & Exploits:
www.securitytracker.com:
ICQ Lite Operating System File Permissions Let Remote Authenticated Users Gain Elevated Privileges. Read more

www.securitytracker.com:
Microsoft UrlScan Default Configuration Displays Identifying Characteristics to Remote Users. Read more

www.securitytracker.com:
JBoss Application Server Discloses JSP Source Code to Remote Users. Read more

www.securitytracker.com:
Ghostscript %pipe% Device Flaw May Allow Remote Users to Execute Arbitrary Commands Even in SAFER Mode. Read more

www.securitytracker.com:
'mod_gzip' Has Various Holes in Debug Mode That Let Remote Users Execute Arbitrary Code and May Yield Root Privileges to Local Users. Read more

www.securitytracker.com:
Yahoo! Voice Chat ActiveX Control Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
iisCART2000 Upload Authentication Error Lets Remote Users Upload and Execute Arbitrary Scripts. Read more

www.securitytracker.com:
Webstores 2000 Input Validation Flaw Lets Remote Users Inject SQL Commands. Read more

www.securiteam.com:
Multiple Vulnerabilities in mod_gzip Debugging Routines. Read more

News:
www.theregister.co.uk:
VX writers release sequel to infamous Sobig worm. Read more

www.theinquirer.net:
US taxpayers' details wide open to to hackers. Read more

www.eweek.com:
Microsoft Making Security Inroads. Read more

calgary.cbc.ca:
Experts question security of medical records. Read more

www.nwfusion.com:
Worm variant disguised as e-mail from Gates. Read more

thedaily.washington.edu:
Odegaard computers under attack. Read more

www.infoworld.com:
Experts: Worry more about insiders than cyberterrorism. Read more

www.businessweek.com:
Cyber Alert: Portrait of an Ex-Hacker. Read more

www.theregister.co.uk:
Microsoft backs servers with billions. Read more

www.nzherald.co.nz:
Boy hacks into hosts parents' bank account. Read more

www.iol.co.za:
Telkom snags 'clip on' phone line hackers. Read more

03 june 2003

New Trojans:
ProRat 1.0b3

Kodorjan

Subsari 1.3 (b)

BlueAngel For WebServer

Vulnerabilities & Exploits:
www.securitytracker.com:
Desktop Orbiter Remote Management Software Lets Remote Users Crash the Managed Host. Read more

www.securitytracker.com:
Gator eWallet Discloses Credit Card Numbers and Passwords to Local Users and Other Information to Remote Users. Read more

www.securiteam.com:
IIS WebDAV Exploit New Release. Read more

www.securiteam.com:
ntdll.dll Buffer Overflow Vulnerability (Local). Read more

www.securiteam.com:
Crob FTP Server Format String Vulnerability. Read more

www.securiteam.com:
Denial of Service via Algorithmic Complexity Attacks. Read more

News:
www.packetwatch.net:
Analysis of Remote Active Operating System Fingerprinting Tools. Read more

www.newscientist.com:
Net Attack Overwhelms Computers With Complexity. Read more

www.lasvegassun.com:
New Version of 'Sobig' Virus Spreading. Read more

www.theregister.com:
VX writers release sequel to infamous Sobig worm. Read more

www.freelancestar.com:
Scammers use trust to obtain your personal information. Read more

vmyths.com:
This column is banned in Canada. Read more

www.financialexpress.com:
Prevention Of Computer Frauds In Banking. Read more

news.bbc.co.uk:
Greedy staff pose security threat. Read more

www.online.ie:
Electronic voting 'open to abuse'. Read more

www.richmond.com:
Are you finished with that PC? Read more

02 june 2003

New Trojans:
Beast 1.92 (a) compiled march 01, 2003

Fearless Key Spy 1.0

Legendmir 1.02

Destructor 1.4

Vulnerabilities & Exploits:
www.securitytracker.com:
Forum Web Server Discloses Files to Remote Users and Passwords to Remote Users Sniffing the Network. Read more

www.securitytracker.com:
Sybari Antigen for Exchange Discloses System Information to Remote Users. Read more

www.securitytracker.com:
MRSoft Personal FTP Server (PFTP) Discloses Passwords to Local Users. Read more

www.security-corporation.com:
Yahoo! Audio Conferencing ActiveX control buffer overflow. Read more

News:
www.internetwk.com:
University Defends Virus-Writing Class. Read more

www.forbes.com:
Stealing The Show (DirecTV). Read more

01 june 2003

New Trojans:
FeRAT 1.00

Khurak 1.0

Little Witch 6.1 (m) server

TeeJayEm Keylogger 1.0

Vulnerabilities & Exploits:
www.securitytracker.com:
Philboard Forum Authentication Flaw Yields Administrator Access to Remote Users. Read more

www.securitytracker.com:
P-Synch Bugs Let Remote Users Inject and Execute Arbitrary Code. Read more

www.securitytracker.com:
Zeus Admin Server Input Validation Flaw in 'vs_diag.cgi' Permits Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
Activity Monitor 2002 Can Be Crashed By Remote Users. Read more

www.securiteam.com:
Maelstrom Vulnerable to a Local Buffer Overflow (Another Exploit). Read more

www.securiteam.com:
Additional Details of Apache 2.x Security Flaw (Attack Vectors). Read more

www.securiteam.com:
Vignette /vgn/legacy/save SQL Access. Read more

www.securiteam.com:
Vignette Server SSI Injection. Read more

www.securiteam.com:
Apache Portable Runtime Denial of Service and Arbitrary Code Execution Vulnerability. Read more

www.securiteam.com:
Multiple Vulnerabilities Found in Forums Web Server. Read more

www.securiteam.com:
Personal FTP Server Saves Passwords in the Clear. Read more

www.securiteam.com:
Remote DoS in Desktop Orbiter. Read more

www.securiteam.com:
Geeklog Multiple Vulnerabilities (Integer Rounding, File Upload). Read more

www.securiteam.com:
Zeus Web Server Admin Cross-Site Scripting. Read more

News:
news.com.com:
Microsoft to abandon standalone IE. Read more

news.com.com:
Judge dismisses suit against Google. Read more

www.businessweek.com:
Cyber Alert: Portrait of an Ex-Hacker. Read more


Copyright© MegaSecurity.org