Home    News Archive    Translate Traducen
News September 2004
30 September 2004

Vulnerabilities & Exploits
www.securitytracker.com:
SGI 'bsd.a' Kernel Networking Flaw Has Unspecified Impact. Read more

www.securitytracker.com:
RealPlayer Flaws May Let Remote Users Execute Arbitrary Code or Delete Known Files. Read more

www.securitytracker.com:
Serendipity Input Validation Errors Let Remote Users Inject SQL Commands. Read more

www.securitytracker.com:
Vignette Application Portal 'diag' Utility Discloses Information to Remote Users. Read more

www.securitytracker.com:
WordPress Input Validation Hole Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
Icecast Buffer Overflow in Processing HTTP Headers Lets Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
ParaChat Server Input Validation Flaw Discloses Files to Remote Users. Read more

www.securitytracker.com:
dBpowerAMP Audio Player Buffer Overflows Let Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
dBpowerAMP Music Converter Buffer Overflows Let Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
Microsoft SQL Server Can Be Crashed By Remote Users Sending a Specially Crafted Large Buffer. Read more

www.securitytracker.com:
PeopleSoft Human Resources Management System (HRMS) Input Validation Holes Let Remote Users Conduct Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
@lex Guestbook Include File Error Lets Remote Users Execute Arbitrary Commands. Read more

www.securitytracker.com:
ChatMan Input Validation Error Lets Remote Users Crash the Application. Read more

 

News:
www.theregister.co.uk:
Ha, ha you're infected. Read more

www.theinquirer.net:
JPEG flaw gets instant messaging worm. Read more

www.sunnetwork.org:
Hackers attack al-Qaeda linked web site. Read more

www.crime-research.org:
Phishing once more. Read more

29 September 2004

Guides, Papers, etc
www.securityfocus.com:
Defeating Honeypots: Network Issues, Part 1. Read more

 

Vulnerabilities & Exploits
www.us-cert.gov:
Multiple vulnerabilities in Mozilla products. Read more

www.securitytracker.com:
dBpowerAMP Audio Player Buffer Overflows Let Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
dBpowerAMP Music Converter Buffer Overflows Let Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
Microsoft SQL Server Can Be Crashed By Remote Users Sending a Specially Crafted Large Buffer. Read more

www.securitytracker.com:
PeopleSoft Human Resources Management System (HRMS) Input Validation Holes Let Remote Users Conduct Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
@lex Guestbook Include File Error Lets Remote Users Execute Arbitrary Commands . Read more

www.securitytracker.com:
ChatMan Input Validation Error Lets Remote Users Crash the Application. Read more

www.securitytracker.com:
Sendmail 'sasl-bin' on Debian Linux Lets Remote Users Relay E-mail. Read more

www.securitytracker.com:
IBM Reliable Scalable Cluster Technology (RSCT) Lets Local Users Corrupt Files. Read more

 

News:
www.securityfocus.com:
U.N. warns of nuclear cyber attack risk. Read more

www.microscope.co.uk:
Hackers use porn to target Jpeg flaw. Read more

www.newsfactor.com:
Trojan Exploits Microsoft JPEG Flaw. Read more

www.snpx.com:
JPEG Exploit Hits Usenet, Worm Close Behind. Read more

www.snpx.com:
'JpegOfDeath' Using Windows Weakness To Spread Trojan. Read more

28 September 2004

Tools
isc.sans.org:
gdiscan.exe was written for Windows 2000 and higher. It scans the drive containing the Windows %system% directory and Looks for vulnerable versions of gdiplus.dll, sxs.dll, wsxs.dll, mso.dll. Read more

 

Vulnerabilities & Exploits
www.securitytracker.com:
MyServer Can Be Crashed By Remote Users With a Specially Crafted HTTP POST Request. Read more

www.securitytracker.com:
YPOPs! Buffer Overflows Let Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
Intellipeer Email Server Discloses Valid User Account Names to Remote Users. Read more

www.securitytracker.com:
Web Wiz Journal Discloses Database to Remote Users. Read more

www.securitytracker.com:
Web Wiz Internet Search Engine Discloses Database to Remote Users. Read more

www.securitytracker.com:
MegaBBS Input Validation Errors Let Remote Users Inject SQL Commands and Conduct Response Splitting Attacks. Read more

www.securitytracker.com:
Broadboard Input Validation Holes Let Remote Users Inject SQL Commands. Read more

www.debian.org:
DSA-554-1 sendmail -- pre-set password. Read more

www.debian.org:
DSA-553-1 getmail -- symlink vulnerability. Read more

 

News:
news.netcraft.com:
JPEG Exploit Attempt Sent to Newsgroups, Read more

www.winnetmag.com:
JPEG GDI+ Trojan Unleashed. Read more

www.crime-research.org:
Hackers: A JPEG Attack? Read more

27 September 2004

Vulnerabilities & Exploits
www.securitytracker.com:
fprobe Flaw in 'Change User' Feature Has Unspecified Impact. Read more

www.securitytracker.com:
Baal Smart Form Lets Remote Users Modify the Administrative Password. Read more

www.securitytracker.com:
paFileDB Input Validation Flaw in 'file' Module Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
Groups@AOL Group Invitation Flaw May Let Remote Users Determine User E-mail Addresses or Hijack AIM Accounts. Read more

www.securitytracker.com:
Motorola WR850G Wireless Router Grants Remote Users Administrative Access. Read more

www.securitytracker.com:
Linux Kernel ide-cd SG_IO Flaw May Let Local Users Write to Media. Read more

 

News:
nwc.securitypipeline.com:
Hackers Smell Blood In Common Windows Interface. Read more

nwc.securitypipeline.com:
NSF Awards $13 Million For Anti-Worm Research. Read more

www.telecomasia.net:
US banking agency issues warning on 'phishing'. Read more

www.winnetmag.com:
Microsoft Nixes Outlook, Outlook Express Access to Free Hotmail Accounts. Read more

26 September 2004

Vulnerabilities & Exploits
www.rigelksecurity.com:
"Multiple Vulnerabilities in Symantec Enterprise Firewall/Gateway Security Products". Read more

www.securitytracker.com:
aspWebAlbum Input Validation Holes Let Remote Users Inject SQL Commands. Read more

www.securitytracker.com:
aspWebCalendar Input Validation Holes Let Remote Users Inject SQL Commands. Read more

www.securitytracker.com:
flc Command Line Buffer Overflow Lets Local Users Execute Arbitrary Code. Read more

www.securiteam.com:
Sharutils Format String Vulnerability. Read more

www.securiteam.com:
Mdaemon SMTP and IMAP Server Remote Buffer Overflow (SAML, LIST commands). Read more

www.securiteam.com:
Mambo Remote Code Execution And Cross Site Scripting. Read more

 

News:
www.theregister.co.uk:
So what is it about Win2k security MS won't enhance? Read more

news.bbc.co.uk:
Net security threats growing fast. Read more

25 September 2004

Vulnerabilities & Exploits
www.securitytracker.com:
MySQL libmysqlclient Buffer Overflow in Executing Prepared Statements Has Unspecified Impact. Read more

www.securitytracker.com:
HP StorageWorks Command View XP Lets Users Bypass Access Controls. Read more

www.securitytracker.com:
ActivePost Lets Remote Users Upload Arbitrary Files, Detemine Passwords, and Crash the System, and D. Read more

www.securitytracker.com:
ColdFusion MX May Disclose Source Code to Remote Users. Read more

Macromedia JRun Has Multiple Bugs That Permit Session Hijacking, Cross-Site Scripting, and File Source Code Disclosure. Read more

 

News:
www.securityfocus.com:
JPEG exploit toolkit spotted online. Read more

www.gcn.com:
Tool to exploit MS vulnerability is discovered. Read more

www.securityfocus.com:
US credit card firm fights DDoS attack. Read more

www.securityfocus.com:
Online Theft. Read more

24 September 2004

Guides, Papers, etc
www.securityfocus.com:
Detecting Worms and Abnormal Activities with NetFlow, Part 2. Read more

 

Vulnerabilities & Exploits
xforce.iss.net:
Microsoft GDI+ JPEG Processing Exploitation. Read more

www.securitytracker.com:
Yahoo! Store Commerce System Lets Remote Users Modify Prices When Purchasing. Read more

www.securitytracker.com:
redhat-config-nfs May Set Incorrect Export Permissions. Read more

www.securitytracker.com:
Subversion mod_authz_svn Discloses Metadata to Remote Users. Read more

www.securitytracker.com:
Symantec Enterprise Firewall Lets Remote Users Deny Service or Modify the Configuration. Read more

www.securitytracker.com:
Symantec Gateway Security Lets Remote Users Modify the Configuration. Read more

www.securitytracker.com:
Sophos Anti-Virus Fails to Detect Malicious Code in Files Named With Reserved DOS Device Names. Read more

www.securitytracker.com:
MDaemon SMTP and IMAP Buffer Overflows in SAML, SOML, SEND, MAIL, and LIST Commands May Permit Remote Code Execution. Read more

www.securitytracker.com:
Apache Satsify Directive Error May Let Remote Users Access Restricted Resources. Read more

 

News:
www.theinquirer.net:
Hackers work out SP2 JPEG virus. Read more

story.news.yahoo.com:
Exploit Code Appears for MS Graphics Flaw. Read more

www.theregister.co.uk:
Virus-obsessed firms ignore insider risk. Read more

www.theregister.co.uk:
Internet junkies in chilling cold turkey experiment. Read more

www.crime-research.org:
A man admits hacking into computers of high tech company. Read more

23 September 2004

Vulnerabilities & Exploits
www.k-otik.com:
Windows JPEG GDI+ Overflow Administrator Exploit (MS04-028). Read more

www.securiteam.com:
Buffer Overrun in JPEG Processing (GDI+) Exploit. Read more

www.securitytracker.com:
jadc2s XML Parsing Bug Lets Remote Users Crash the Service . Read more

www.securitytracker.com:
jabberd XML Parsing Bug Lets Remote Users Crash the Service. Read more

www.securitytracker.com:
PopMessenger Can Be Crashed By Remote Users With Specially Crafted Messages. Read more

www.securitytracker.com:
CA Unicenter Management Portal Lets Remote Users Determine Valid Account Names. Read more

www.securitytracker.com:
Pinnacle ShowCenter Web Interface Can Be Damaged By Remote Users. Read more

www.securitytracker.com:
OpenBSD login_radius() Authentication Error Lets Remote Users Login to the System. Read more

www.securiteam.com:
Sophos Small Business Suite Reserved Device Name Handling Vulnerability. Read more

www.securiteam.com:
PopMessenger Broadcast Crash. Read more

www.securiteam.com:
glFTPd Local Stack Buffer Overflow. Read more

www.securiteam.com:
OpenBSD Radius Authentication Vulnerability. Read more

www.debian.org:
DSA-551-1 lukemftpd -- incorrect internal variable handling. Read more

www.debian.org:
DSA-552-1 imlib2 -- unsanitised input. Read more

 

News:
news.com.com:
Code to exploit Windows graphics flaw now public. Read more

www.theregister.co.uk:
P-cube goes hunting for zombie PCs. Read more

www.theregister.co.uk:
Click here to become infected. Read more

www.pcworld.com:
Hackers Hit Credit Card Company. Read more

www.crime-research.org:
The former employee of computer consulting firm pleads guilty to computer attack charge. Read more

22 September 2004

Vulnerabilities & Exploits
www.securitytracker.com:
MySQLGuest Lack of Input Validation Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
Emulive Server4 Authentication Error Grants Administrative Access to Remote Users. Read more

www.securitytracker.com:
Windows XP Service Pack 2 Firewall Configuration Error Exposes File and Print Sharing to Remote Users. Read more

www.securitytracker.com:
LaTeX2rtf Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
PostNuke 'admin.php' and Other Files Disclose Installation Path to Remote Users. Read more

www.securitytracker.com:
Mambo Server Cache_library Input Validation Hole Lets Remote Users Execute Arbitrary Commands. Read more

www.securitytracker.com:
FreeRADIUS 'Ascend-Send-Secret' Processing Error Lets Remote Users Crash the Service. Read more

www.securitytracker.com:
TUTOS Input Validation Holes in 'file_overview' and 'app_new' Permit SQL Injection and Cross-Site Scripting Attacks. Read more

www.securiteam.com:
Buffer Overrun in JPEG Processing Proof Of Concept (MS04-028). Read more

www.securiteam.com:
GTK+ XPM Decoder Parsing Overflows. Read more

www.securiteam.com:
GNU Radius SNMP String Length Integer Overflow DoS. Read more

www.debian.org:
DSA-551-1 lukemftpd -- incorrect internal variable handling. Read more

 

News:
www.pcwelt.de:
PC-WELT discovers and fixes serious security issue in Windows XP SP2. Read more

www.theregister.co.uk:
Poor netiquette and jobs for net vandals. Read more

www.theregister.co.uk:
Windows is the 'biggest beta test in history' - Gartner. Read more

www.crime-research.org:
Internet has become the most vulnerable ever. Read more

www.winnetmag.com:
True to the Image: JPEG Exploits on the Loose. Read more

www.dailyrundown.com:
Security Flaw Found In The Google Toolbar. Read more

21 September 2004

Vulnerabilities & Exploits
www.debian.org:
DSA-550-1 wv -- buffer overflow. Read more

www.securitytracker.com:
Lords of the Realm III User Nickname Input Validation Error Lets Remote Users Crash the Game Server. Read more

www.securiteam.com:
Engenio/LSI Logic Controllers DoS/Data Corruption. Read more

www.securiteam.com:
Apache htpasswd Local Stack Overflow. Read more

www.securiteam.com:
Snitz Forums 2000 HTTP Response Splitting. Read more

www.securiteam.com:
SUS Local Root Privilege Escalation Vulnerability. Read more

 

News:
www.theinquirer.net:
Exploit for Microsoft image flaw published. Read more

www.theregister.co.uk:
Rise of the Botnets. Read more

www.theregister.co.uk:
VMware creates PC software condom. Read more

www.theinquirer.net:
AOL beefs up security. Read more

www.computerweekly.com:
Growth in security holes will increase downtime. Read more

www.theregister.co.uk:
Sasser author gets IT security job. Read more

www.theregister.co.uk:
UK police arrest Cisco source code suspect. Read more

www.theregister.co.uk:
11 charged over 'biggest-ever' MS piracy bust. Read more

20 September 2004

Vulnerabilities & Exploits
www.securitytracker.com:
getmail Temporary File Symlink Flaws May Let Local Users Obtain Root Privileges. Read more

www.securiteam.com:
VP-ASP 'shoprestoreorder.asp' May Let Remote Users Keep Database Connections Open. Read more

www.securiteam.com:
CDRecord's readcd Local Root Privileges. Read more

www.securiteam.com:
Pigeon Server DoS. Read more

www.securiteam.com:
Ipswitch WhatsUp Gold prn.htm DoS. Read more

 

News:
www.hindustantimes.com:
Viruses aimed at Microsoft rise sharply: Symantec. Read more

www.spamfo.co.uk:
A visual history of spam and virus emails. Read more

news.zdnet.com:
VMware aims to secure network sharing. Read more

19 September 2004

Guides, Papers, etc
www.informit.com:
Details Emerge on the First Windows Mobile Virus (Part 1 of 3). Read more

www.informit.com:
Details Emerge on the First Windows Mobile Virus (Part 2 of 3). Read more

www.informit.com:
Details Emerge on the First Windows Mobile Virus (Part 3 of 3). Read more

 

Vulnerabilities & Exploits
www.securitytracker.com:
Mambo Server Input Validation Hole in 'filecatid' Lets Remote Users Inject SQL Commands. Read more

 

News:
www.securityfocus.com:
Microsoft warns of poisoned picture peril. Read more

cio-today.newsfactor.com:
Microsoft Image Flaw Opens Door to Hackers. Read more

news.netcraft.com:
Exploit for Microsoft JPEG Flaw Is Published. Read more

seclists.org:
Bugtraq: JPEG Processing BOF Proof Of Concept. Read more

www.detnews.com:
Business in computer security continues to grow. Read more

18 September 2004

Vulnerabilities & Exploits
www.securitytracker.com:
RsyncX Privilege Error Lets Local Users Obtain Root Privileges. Read more

www.securitytracker.com:
Google Toolbar Input Validation Hole in 'About' Page Lets Remote Users Execute Scripting Code in the Local Computer Zone. Read more

www.securitytracker.com:
F-Secure Internet Gatekeepr MIME Decoding Errors Have Unspecified Impact. Read more

www.securitytracker.com:
Business Objects WebIntelligence Input Validation Holes Let Remote Users Conduct Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
Business Objects WebIntelligence Access Control Lets Remote Authenticated Users Delete Documents Without Permission. Read more

www.securitytracker.com:
IBM OEM Version of Windows XP Silently Creates Administrator Account With No Password. Read more

www.securitytracker.com:
sudo '-u' sudoedit Error Discloses Restricted Files to Local Users. Read more

www.securitytracker.com:
Apache SSL Connection Abort State Error Lets Remote Users Deny Service. Read more

www.securitytracker.com:
phpGroupWare Input Validation Error in Wiki Module Permits Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
Apple iChat May Let Remote Users Start Applications on the Target User's System in Certain Cases. Read more

www.securitytracker.com:
xine-lib DVD Subpicture Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
xine-lib VideoCD Buffer Overflows Let Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
DNS4Me Lets Remote Users Crash the Web Service and Conduct Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
Pigeon Server Input Validation Error in Login Parameter Lets Remote Users Freeze the Server. Read more

www.debian.org:
DSA-549-1 gtk+ -- several vulnerabilities. Read more

 

News:
www.theregister.co.uk:
SP2 on XP Home. Read more

story.news.yahoo.com:
German teen who made Sasser worm hired by computer security firm. Read more

www.theregister.co.uk:
FTC backs spammer bounties (false). Read more

www.internetweek.com:
Passwords Fail To Defend Enterprises. Read more

www.crime-research.org:
Hackers' warfare. Read more

17 September 2004

Guides, Papers, etc
www.securityfocus.com:
Metasploit Framework, Part Three. Read more

www.securityfocus.com:
Examining a Public Exploit, Part 2. Read more

 

Vulnerabilities & Exploits
www.securitytracker.com:
Microsoft Internet Explorer Bug in Setting Cookies in Certain Domains May Let Remote Users Conduct Session Fixation Attacks. Read more

www.securitytracker.com:
Firefox Bug in Setting Cookies in Certain Domains May Let Remote Users Conduct Session Fixation Attacks. Read more

www.securitytracker.com:
Konqueror Bug in Sending Non-Secure Cookies via SSL May Let Remote Users Conduct Session Fixation Attacks. Read more

www.securitytracker.com:
Opera Bug in Sending Non-Secure Cookies via SSL May Let Remote Users Conduct Session Fixation Attacks. Read more

www.securitytracker.com:
libXpm Integer and Stack Overflows May Let Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
Firefox Various Overflows and Scripting Errors May Let Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
Thunderbird Various Overflows and Scripting Errors May Let Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
Mozilla Various Overflows and Scripting Errors May Let Remote Users Execute Arbitrary Code. Read more

 

News:
www.internetweek.com:
Hackers Jump On Windows Vulnerability. Read more

www.theregister.co.uk:
German lawyer arrested in piracy crackdown. Read more

www.theregister.co.uk:
Freegate is not Trojan horse, says Symantec. Read more

16 September 2004

Guides, Papers, etc
www.schneier.com:
Benevolent Worms. Read more

www.schneier.com:
Full Disclosure and the Window of Exposure. Read more

www.virusbtn.com:
The 14th Virus Bulletin International Conference takes place at The Fairmont, Chicago, IL, USA from Wednesday 29 September to Friday 1 October. Read more 2004.

 

Vulnerabilities & Exploits
www.debian.org:
DSA-545-1 cupsys -- denial of service. Read more

www.secnap.com:
Vulnerability in IBM Windows XP default hidden Administrator account allows local Administrator access. Read more

www.securitytracker.com:
PHP Array Processing Error in Handling RFC1867 MIME Formatting May Let Remote Users Overwrite Memory. Read more

www.securitytracker.com:
Apache ap_resolve_env() Buffer Overflow in Reading Configuration Files May Let Local Users Gain Elevated Privileges. Read more

www.securitytracker.com:
Apache IPv6 Address Parsing Flaw May Let Remote Users Deny Service. Read more

www.securitytracker.com:
Foomatic Bug in foomatic-rip Filter Lets Remote Users Execute Commands. Read more

www.securitytracker.com:
GNU RADIUS Server SNMP Integer Overflow Lets Remote Users Crash the Service. Read more

www.securitytracker.com:
gdk-pixbug BMP, ICO, and XPM Image Processing Errors May Let Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
CUPS Browsing Can Be Disabled By Remote Users. Read more

www.securitytracker.com:
PHP Array Parsing Error in php_variables May Disclose Memory Contents via phpinfo(). Read more

www.securitytracker.com:
MyServer './' Input Validation Error Discloses Files to Remote Users. Read more

www.securitytracker.com:
PerlDesk Input Validation Error in 'lang' Parameter May Disclose System Information to Remote Users. Read more

www.securitytracker.com:
Inkra Switch Error in Processing IP Options May Let Remote Users Crash the System. Read more

www.securitytracker.com:
SUS Format String Flaw Lets Local Users Execute Code With Root Privileges. Read more

www.securitytracker.com:
McAfee VirusScan System Tray Applet Lets Local Users Execute Commands With SYSTEM Privileges. Read more

www.securitytracker.com:
Webmin 'maketemp.pl' Unsafe Temporary Directory Lets Local Users Gain Elevated Privileges. Read more

www.securitytracker.com:
Usermin 'maketemp.pl' Unsafe Temporary Directory Lets Local Users Gain Elevated Privileges. Read more

www.securiteam.com:
Real Life Vuln-Dev Process of a Win32 Stack Buffer Overflow. Read more

www.securiteam.com:
BlackJumboDog FTP Server Remote Code Execution. Read more

www.securiteam.com:
Cdrecord RSH SUID Shell Creation. Read more

 

News:
www.theregister.co.uk:
Mozilla updates browsers after bug hunt. Read more

www.theregister.co.uk:
Microsoft warns of poisoned picture peril. Read more

www.securityfocus.com:
Feds say Lamo inspired other hackers. Read more

news.com.com:
IBM protects passwords with PC chip. Read more

www.stuff.co.nz:
Government paid hackers seek to save America. Read more

15 September 2004

Guides, Papers, etc
md.hudora.de:
NoSEBrEaK - Attacking Honeynets. Read more

www.blackhat.com:
Fingerprinting through Windows RPC. Read more

 

Vulnerabilities & Exploits
www.securitytracker.com:
Microsoft GDI+ Buffer Overflow in Processing JPEG Images Lets Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
getInternet Input Validation Holes Let Remote Users Inject SQL Commands. Read more

www.securitytracker.com:
getIntranet Input Validation Holes Let Remote Users Inject SQL Commands, Upload Files, Execute Scripting Code, and Gain Administrative Application Privileges. Read more

www.securitytracker.com:
Microsoft Works Suite Buffer Overflow in WordPerfect Converter Lets Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
Microsoft Publisher Buffer Overflow in WordPerfect Converter Lets Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
Microsoft FrontPage Buffer Overflow in WordPerfect Converter Lets Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
Microsoft Office Buffer Overflow in WordPerfect Converter Lets Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
Apache mod_dav LOCK Method Error May Let Remote Users Deny Service. Read more

www.securitytracker.com:
Linux Kernel TCP Socket State Error Lets Local Users Deny Service. Read more

www.securitytracker.com:
QNX crrtrap Race Condition May Let Local Users Grab Root Privileges. Read more

www.securitytracker.com:
QNX Binaries Have Buffer Overflows in '-s' Switch That May Let Local Users Gain Elevated Privileges. Read more

www.securitytracker.com:
mod_cplusplus Buffer Overflow Has Unspecified Impact. Read more

www.securitytracker.com:
ripMIME MIME Decoding Errors May Have Security Impact on Applications Using ripMIME. Read more

www.securitytracker.com:
Pingtel xpressa Boundary Error in HTTP Management Interface Lets Remote Authenticated Users Crash the Phone. Read more

www.securitytracker.com:
WebLogic May Transmit Sensitive Information in Clear Text When the Administration Port is Not Enabled. Read more

www.securitytracker.com:
WebLogic Active Directory LDAP Error May Fail to Disable User Accounts. Read more

www.securitytracker.com:
WebLogic Server May Deploy With Incomplete Security When an Error Occurs During Deployment. Read more

www.securitytracker.com:
WebLogic Discloses System Version Information to Remote Users. Read more

www.securitytracker.com:
WebLogic Administrative Console May Display Passwords in Certain Cases. Read more

www.securitytracker.com:
WebLogic Command and Administrative Scripts May Contain Clear Text Passwords. Read more

www.securitytracker.com:
WebLogic Case-Sensitive 'web.xml' Patterns May Let Remote Users Access Restricted URLs. Read more

www.securitytracker.com:
WebLogic Server Lets Remote Users Execute Some Administration Commands. Read more

www.securitytracker.com:
BEA WebLogic May Disclose Some Internal Server Objects to Remote Users. Read more

www.debian.org:
DSA-544-1 webmin -- insecure temporary directory. Read more

 

News:
Microsoft Security Bulletin MS04-027
Vulnerability in WordPerfect Converter Could Allow Code Execution (884933) Read more

Microsoft Security Bulletin MS04-028
Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987). Read more

news.netcraft.com:
New Worm Installs Network Traffic Sniffer. Read more

www.theregister.co.uk:
Symantec labels China censor-busting software as Trojan. Read more

www.theinquirer.net:
Nearly 90% of Chinese computers have worms. Read more

14 September 2004

Vulnerabilities & Exploits
www.corsaire.com:
Corsaire identify multiple vulnerabilities in Core MIME Protocol. Read more

www.securitytracker.com:
Gadu-Gadu Buffer Overflow in GG_MSG_IMAGE_REPLY Image Transfer Message Lets Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
Lexar JumpDrive Secure Discloses Password to Local Users. Read more

www.securitytracker.com:
Samba smbd Infinite Loop Lets Remote Users Consume All Available Memory. Read more

www.securitytracker.com:
Samba Input Validation Error in nmbd process_logon_packet() Lets Remote Users Crash the nmbd Service. Read more

 

News:
www.theregister.co.uk:
Beware of malformed MIME artists. Read more

www.theregister.co.uk:
Virus 'talks' to victims. Read more

www.theinquirer.net:
Talking worm spotted. Read more

www.pcworld.idg.com.au:
Transmeta claims anti-virus first with new processor. Read more

www.pcworld.idg.com.au:
Security holes plague Windows Help. Read more

www.antiphishing.org:
Paypal - 'Fraud'. Read more

13 September 2004

Guides, Papers, etc
www.net-security.org:
Detecting and Understanding Rootkits. Read more

 

Vulnerabilities & Exploits
www.securitytracker.com:
Turbo Seek Null Byte Error Discloses Files to Remote Users. Read more

www.securitytracker.com:
TwinFTP Server Input Validation Flaw in CWD/STOR/RETR Commands Lets Remote Authenticated Users Write Files to Arbitrary Locations. Read more

www.securitytracker.com:
Serv-U FTP Server Can Be Crashed By Remote Authenticated Users With Various STOU Commands. Read more

www.securiteam.com:
Oracle SYS_CONTEXT Procedure Buffer Overflow Vulnerability. Read more

 

News:
nwc.securitypipeline.com:
ISPs Given Thumbs Down For Virus, Hacker Control. Read more

www.dailybreeze.com:
Don't be lured by the phishing lines or you might be caught. Read more

12 September 2004

Vulnerabilities & Exploits
www.securitytracker.com:
Squid Overflow in clientAbortBody() Lets Remote Users Crash the Proxy. Read more

 

News:
www.theregister.co.uk:
Telenor takes down 'massive' botnet. Read more

www.neowin.net:
McAfee's Trojan horse error gets developer's goat. Read more

11 September 2004

Vulnerabilities & Exploits
www.securitytracker.com:
Apache mod_ssl Can Be Crashed By Remote Users When Reverse Proxying SSL Connections. Read more

www.securitytracker.com:
OpenOffice World-Readable Temporary Files Disclose Files to Local Users. Read more

www.securitytracker.com:
BBS e-Market Professional Include File Error Lets Remote Users Execute Arbitrary Commands. Read more

www.securitytracker.com:
Subjects Postnuke Module Input Validation Hole Lets Remote Users Inject SQL Commands. Read more

 

News:
www.theregister.co.uk:
Gizza job, virus writers ask AV industry. Read more

www.crime-research.org:
Russia: 80% of software is illegal. Read more

www.internetweek.com:
Spammers Using Authentication To Dodge Detection. Read more

10 September 2004

Vulnerabilities & Exploits
www.securitytracker.com:
Halo: Combat Evolved Off-by-One Error Lets Remote Deny Service. Read more

www.securitytracker.com:
F-Secure Internet Gatekeeper Input Validation Bug in Content Scanner Server Lets Remote Users Deny Service. Read more

www.securitytracker.com:
F-Secure Anti-Virus for Microsoft Exchange Input Validation Bug in Content Scanner Server Lets Remote Users Deny Service. Read more

www.securitytracker.com:
MailEnable Can Be Crashed By a Remote DNS Server. Read more

www.securiteam.com:
Usermin Remote Arbitrary Shell Command Execution Vulnerability. Read more

 

News:
www.usatoday.com:
Are hackers using your PC to spew spam and steal? Read more

itvibe.com:
Talking virus emerges. Read more

www.theregister.co.uk:
German jailed for email bomb hoax. Read more

www.theregister.co.uk:
Mitnick movie comes to the US. Read more

www.net4nowt.com:
Sleep walking, viruses and other IT security maladies. Read more

www.theinquirer.net:
Teen hacker controls ebay. Read more

09 September 2004

Guides, Papers, etc
www.securityfocus.com:
Feast of Egos. Read more

 

Vulnerabilities & Exploits
www.securitytracker.com:
Star Has Unspecified Flaw That May Let Local Users Gain Root Privileges. Read more

www.securitytracker.com:
OpenLDAP May Accept CRYPT Password Values as Plaintext Passwords. Read more

www.securiteam.com:
Trillian Buffer Overflow In MSN Module. Read more

www.securiteam.com:
Call Of Duty Broadcast Shutdown DoS Vulnerability. Read more

www.securiteam.com:
PHP-Nuke ViewAdmin Cross Site Scripting Bug. Read more

www.securiteam.com:
phpScheduleIt Multiple Cross-Site Scripting And Privilege Escalation Vulnerabilities. Read more

www.securiteam.com:
OpenCA PKI Component Cross Site Scripting. Read more

www.securiteam.com:
Mpg123 Buffer Overflow Due To Bugs In Header Checks Code. Read more

 

News:
www.theregister.co.uk:
Sasser kid charged with computer sabotage. Read more

www.crime-research.org:
A hacker nabbed. Read more

www.techweb.com:
ISPs Given Thumbs Down For Virus, Hacker Control. Read more

www.securityfocus.com:
Mitnick movie comes to the U.S. Read more

08 September 2004

Guides, Papers, etc
www.securityfocus.com:
Metasploit Framework, Part Two. Read more

 

Vulnerabilities & Exploits
www.securitytracker.com:
PSnews Input Validation Holes Let Remote Users Conduct Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
Trillian Buffer Overflow MSN Module Lets Remote Users Execute Arbitrary Code in Certain Cases. Read more

www.securitytracker.com:
Apple Safari Frame Boundary Flaw Lets Remote Users Render HTML in an Arbitrary Site's Domain. Read more

www.securitytracker.com:
Apple QuickTime Streaming Server State Error Lets Remote Users Deny Service. Read more

www.securitytracker.com:
PPPDialer Unsafe Log Files May Let Local Users Gain Elevated Privileges. Read more

www.securitytracker.com:
Mac OS X CoreFoundation Buffer Overflow and Library Loading Bugs Let Local Users Gain Elevated Privileges. Read more

www.securitytracker.com:
Usermin Web Mail HTML Filtering Flaw Lets Remote Users Execute Arbitrary OS Commands. Read more

www.securitytracker.com:
net-acct Unsafe Temporary File May Let Local Users Gain Elevated Privileges. Read more

www.securitytracker.com:
Cosminexus Portal Framework May Disclose Cached Content to the Wrong User. Read more

www.securitytracker.com:
mpg123 Buffer Overflow in 'layer2.c' Lets Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
Sun Solaris 'in.named' Can Be Crashed By Remote Users. Read more

www.securitytracker.com:
Fujitsu ServerView Lets Local Users Modify MIB Values. Read more

www.securitytracker.com:
OpenCA Input Valiadation Flaw Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more

 

News:
www.theregister.co.uk:
McAfee AV ate my application. Read more
07 September 2004

Guides, Papers, etc
www.eetimes.com:
Hole seen in Intel's bug-busting feature. Read more

 

Vulnerabilities & Exploits
www.securitytracker.com:
YaBB SE 'Admin.php' Discloses Installation Path to Remote Users. Read more

www.securitytracker.com:
Call of Duty Game Can Be Shutdown By Remote Users. Read more

www.securiteam.com:
Samba FindNextPrintChangeNotify Error Allows Remote Authenticated Users To Crash smbd. Read more

www.securiteam.com:
TorrentTrader SQL Injection. Read more

 

News:
m2.com:
Norwegian online banks have many security holes - claim. Read more

software.silicon.com:
Security: Can you really trust JUST techies? Read more

www.komotv.com:
Herb Weisbaum: Public Still Getting Hooked By 'Phishing' Scams. Read more

www.pcworld.idg.com.au:
Sophos Advises on Simple Steps to Avoid Being Phished. Read more

06 September 2004

Vulnerabilities & Exploits
www.securitytracker.com:
Brocade Switches Can Be Crashed By Remote Users. Read more

www.securitytracker.com:
IBM Disk Systems Can Be Crashed By Remote Users and Data Corruption May Occur. Read more

www.securitytracker.com:
StorageTek Disk Systems Can Be Crashed By Remote Users and Data Corruption May Occur. Read more

www.securitytracker.com:
PHP-Nuke 'admin.php' Authentication Flaw Lets Remote Users View Information and Delete Administrative Accounts. Read more

www.securitytracker.com:
PHP-Nuke Authentication Flaw in 'admin.php' Lets Remote Users Gain Administrative Privileges. Read more

www.securitytracker.com:
Site News Authentication Error May Let Local Users Add Messages. Read more

www.securiteam.com:
Courier-IMAP Remote Format String Vulnerability Exploit. Read more

 

News:
nwc.securitypipeline.com:
WinZip Vulnerable To Hacks. Read more

www.theregister.co.uk:
Plea deal in 'war spamming' prosecution. Read more

05 September 2004

Vulnerabilities & Exploits
www.securitytracker.com:
WhatsUp Gold Web Interface May Let Remote Users Cause Denial of Service Conditions. Read more

www.securitytracker.com:
Keene Digital Media Server Lets Remote Users Gain Administrative Access. Read more

www.securitytracker.com:
Altnet Download Manager Buffer Overflow in bstrFilepath Lets Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
QNX PPPoEd Buffer Overflow and Path Specification Bug May Let Local Users Gain Root Privileges. Read more

 

News:
www.theregister.co.uk:
eBay domain hijacker arrested. Read more

04 September 2004

Guides, Papers, etc
www.eurocompton.net:
Bypassing Secure Web Transactions via DNS Corruption. Read more

www.eurocompton.net:
Topology of Denial-of-Service. Read more

www.eurocompton.net:
Fun with Packets. Read more

 

Vulnerabilities & Exploits
www.securitytracker.com:
Kerio Personal Firewall Application Security Can Be Disabled By Certain Local Users. Read more

www.securitytracker.com:
Squid NTLM Input Validation Error in ntlm_fetch_string() Lets Remote Users Crash the System. Read more

www.securitytracker.com:
CuteNews 'show_archives.php' Include File Flaw Lets Remote Users Execute Arbitrary Commands on the Server. Read more

www.securitytracker.com:
IMail Server E-mail and Calendar Bugs May Let Remote Users Crash the Server. Read more

www.securitytracker.com:
MailWorks Professional Authentication Flaw Grants Administrative Access to Remote Users. Read more

www.securitytracker.com:
Juniper Networks NetScreen-IDP May Let Remote SSH Servers Overwrite Files in Certain Cases. Read more

 

News:
www.techweb.com:
WinZip Vulnerable To Hacks. Read more

www.theregister.co.uk:
Spammers embrace email authentication. Read more

www.usatoday.com:
Few electronic disruptions hit GOP convention. Read more

nwc.bizintelligencepipeline.com:
Oracle Products Exposed To Hackers. Read more

www.nwfusion.com:
Symantec joins anti-phishing group. Read more

03 September 2004

Guides, Papers, etc
www.vividmachines.com:
Shellcoding for Linux and Windows Tutorial. Read more

 

Vulnerabilities & Exploits
www.securitytracker.com:
OpenSSH Default Configuration May Be Unsafe When Used With Anonymous SSH Services. Read more

www.securitytracker.com:
Opera Embed Tag Error Lets Remote Users Crash the Browser. Read more

www.securitytracker.com:
HP Systems Insight Manager May Not Let Users Login After Applying a Microsoft Security Patch. Read more

www.securitytracker.com:
IBM DB2 Buffer Overflows May Let Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
Linux Kernel Integer Overflow in kNFSd Lets Remote Users Panic the System. Read more

www.securiteam.com:
Cisco VPN 3000 Kerberos Authentication Implementation Remote Code Execution And DoS. Read more

www.securiteam.com:
NetworkEverywhere Router Model NR041 Script Injection via DHCP. Read more

www.securiteam.com:
Xedus Webserver Directory Traversal and DoS. Read more

www.securiteam.com:
Chat Anywhere DoS. Read more

www.securiteam.com:
MIT Kerberos ASN.1 Decoder DoS. Read more

www.appsecinc.com:
Multiple vulnerabilities in Oracle Database Server. Read more

pacsec.jp:
Sites with default SSHD configs and anonymous CVS or other "public" access are vulnerable to port bounce attacks. Read more

 

News:
www.theregister.co.uk:
WinXP SP2 = security placebo? Read more

www.theregister.co.uk:
Slack users blamed for virus longevity. Read more

www.hindustantimes.com:
Microsoft warns spyware could bungle security update. Read more

www.mosnews.com:
Why Internet Still Not Paralyzed — Russian Expert. Read more

02 September 2004

Guides, Papers, etc
papers.ssrn.com:
A Model for when Disclosure Helps Security: What Is Different About Computer and Network Security? Read more

 

Vulnerabilities & Exploits
www.securitytracker.com:
Comersus Shopping Cart 'redirecturl' Input Validation Flaw Permits HTTP Response Splitting Attacks. Read more

www.securitytracker.com:
dasBlog Input Validation Hole in Event and Activity Viewer Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
Cerbere Proxy Server Lets Remote Users Consume Excessive CPU Resources. Read more

www.securitytracker.com:
WinZip Unspecified Buffer Overflows May Let Remote or Local Users Execute Arbitrary Code. Read more

www.securitytracker.com:
bsdmainutils Privilege Error in 'calendar' May Let Local Users Gain Elevated Privileges. Read more

www.securitytracker.com:
phpScheduleIt Input Validation Holes Let Remote Users Conduct Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
Oracle Application Server Has Multiple Portal and iSQL*Plus Flaws That Let Remote Users Take Control of the Server. Read more

www.securitytracker.com:
Oracle Database Server Has Multiple Flaws That Let Remote Users Take Control of the Server. Read more

www.securitytracker.com:
phpWebSite Input Validation Bugs in 'cal_template' and Other Parameters Permit SQL Injection and Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
pLog Input Validation Flaw in 'register.php' Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
WFTPD Pro Can Be Crashed By Remote Authenticated Users Sending a Specially Crafted MLST Command. Read more

www.securitytracker.com:
Titan FTP Server Can Be Crashed By Remote Authenticated Users Sending Long Commands. Read more

www.securiteam.com:
D-Link DCS-900 Internet Camera Abitrary IP Changing Vulnerability. Read more

www.securiteam.com:
WebAPP Directory Traversal and Encrypted DES Disclosure. Read more

 

News:
www.theregister.co.uk:
New Bagle worm drops in and downloads. Read more

www.theregister.co.uk:
Phishers suspected of eBay Germany domain hijack. Read more

zdnet.com.com:
Security pros warn of critical flaws in Kerberos. Read more

www.crime-research.org:
Cybercrime is not limited by boundaries. Read more

www.fcw.com:
DOD reveals viral infection. Read more

01 September 2004

Tools
www.insecure.org:
Nmap 3.70 Released. Read more

 

Vulnerabilities & Exploits
www.debian.org:
DSA-543-1 krb5 -- several vulnerabilities. Read more

www.debian.org:
DSA-458-2 python2.2 -- buffer overflow. Read more

www.securitytracker.com:
Oracle Enterprise Manager Has Local Vulnerabilities With Unspecified Impact. Read more

www.securitytracker.com:
Kerberos 5 ASN.1 Decoder Infinite Loop Lets Remote Users Deny Service. Read more

www.securitytracker.com:
Kerberos 5 KDC Double-Free Errors May Let Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
imlib2 BMP Decoding Buffer Overflow May Let Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
imlib BMP Decoding Buffer Overflow May Let Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
ImageMagick BMP Decoding Buffer Overflow Lets Remote Users Crash the Application. Read more

www.securitytracker.com:
PvPGN 'watchall' and 'unwatchall' Command Buffer Overflow May Let Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
XOOPS Dictionary Module Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
D-Link DCS-900 Camera Lets Remote Users Modify the IP Address. Read more

www.securitytracker.com:
CuteNews Default Configuration Lets Local Users Modify the News File. Read more

www.securitytracker.com:
Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes. Read more

www.securitytracker.com:
Samba FindNextPrintChangeNotify() Error Lets Remote Authenticated Users Crash smbd. Read more

www.securitytracker.com:
TYPSoft FTP Service Can Be Affected By Remote Users With a Certain RETR Command Sequence. Read more

www.securitytracker.com:
WS_FTP CD Command Path Parsing Flaw May Let Remote Authenticated Users Deny Service. Read more

www.securitytracker.com:
SugarCRM Discloses Passwords to Local Users. Read more

www.securitytracker.com:
Password protect Input Validation Holes Let Remote Users Inject SQL Commands and Conduct Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
Xedus Web Server Input Validation Flaws Disclose Files to Remote Users and Permit Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
cdrtools Lets Local Users Obtain Root Privileges. Read more

 

News:
www.pcworld.idg.com.au:
SonicWALL hosting internet security seminars to raise customers' awareness of pressing security issues. Read more

www.technologyreview.com:
Is Encryption Doomed? Read more


Copyright© MegaSecurity.org