Home.
News Archive    Translate Traducen
News December 2002
30 december 2002

New Trojans:
Akosch 2 client

Cookie Monster 0.24 beta

Gates of Hell 1.2

Vulnerabilities & Exploits:
www.dsinet.org:
Potential DOS attack with Web-CyrAdm. Read More

online.securityfocus.com:
Microsoft Windows File Protection Signed File Replacement Vulnerability. Read More

online.securityfocus.com:
Microsoft Windows File Protection Code-Signing Verification Weakness. Read More

online.securityfocus.com:
Microsoft Internet Explorer Multimedia Page Cross-Site Scripting Vulnerability. Read More

www.securitytracker.com:
PHP Buffer Overflow in Wordwrap() Function May Let Remote Users Crash the Server. Read More

www.securitytracker.com:
SkyStream Networks Edge Media Router (EMR-5000) Command Shell Buffer Overflow Lets Remote Authenticated Users Gain Root Privileges. Read More

www.securitytracker.com:
Typespeed Buffer Overflow May Let Local Users Obtain 'Games' Group Privileges. Read More

www.securiteam.com:
PHRACK #60 Has Been Released. Read More

www.securiteam.com:
PUTTY SSH-Client Exploit. Read More

News:
www.guninski.com:
2002 In review. Read More

mdn.mainichi.co.jp:
'Big brother' data for entire town stolen. Read More

www.gulf-news.com:
Mideast firms urged to focus on e-security. Read More

www.nypost.com:
MAD HACKER: I'LL WRECK U.S. WITH ‘WAR' VIRUS. Read More

29 december 2002

New Trojans:
MSN Trojan 4.0

Skun 0.1.5

Fearless Webdownloader 1.2

Vulnerabilities & Exploits:
www.securitytracker.com:
Microsoft Windows File Protection Mechanism Weakness in Trusting Code-Signing Certificate Chains Lets Arbitrary Remote Users Sign Code That Will Be Trusted By Windows. Read More

www.securitytracker.com:
Microsoft Windows File Protection Weakness May Let Local Users Replace Code With Previous Vulnerable Versions Without Detection. Read More

www.securitytracker.com:
Microsoft Internet Explorer Bug in Loading Multimedia Files May Let Remote Users Execute Arbitrary Scripting Code in Other Domains. Read More

www.securitytracker.com:
Monopd Game Server Buffer Overflow May Let Remote Users Execute Arbitrary Code on the System. Read More

News:
online.securityfocus.com:
Former computer hacker granted radio license; may go back online next month. Read More

www.nydailynews.com:
Notorious hacker is back online. Read More

www.bday.co.za:
Hacker helps pupils view results. Read More

www.theinquirer.net:
Yahoo Chat could have a security problem. Read More

hoovnews.hoovers.com:
FBI sets up a cybercrime center in South Carolina. Read More

www.washtimes.com:
Hacker threat seen as overdone. Read More

www.canada.com:
Internet, key computer systems vulnerable to cyber attack, say experts. Read More

www.zdnet.com.au:
Threats move beyond Linux to Windows. Read More

28 december 2002

New Trojans:
RBackdoor 1.2

Nethief 3.1

Vulnerabilities & Exploits:
Internet Security Systems:
Dynamic Trojan Horse Network Hybrid Threat Propagation. Read More

online.securityfocus.com:
ncftpd STAT File Globbing Remote Buffer Overflow Vulnerability. Read More

online.securityfocus.com:
MHonArc m2h_text_html Filter Cross Site Scripting Vulnerability. Read More

online.securityfocus.com:
Melange Chat System msgText Remote Buffer Overflow Vulnerability. Read More

online.securityfocus.com:
Wu-imapd Partial Mailbox Attribute Remote Buffer Overflow Vulnerability. Read More

online.securityfocus.com:
HP JFS Improper Sticky Bit Functionality Vulnerability. Read More

online.securityfocus.com:
Microsoft Windows XP Wireless LAN AP Information Disclosure Vulnerability. Read More

online.securityfocus.com:
Eric S. Raymond Fetchmail Heap Corruption Vulnerability. Read More

News:
rtnews.globetechnology.com:
Cyberspace sentinels brace for trouble. Read More

27 december 2002

New Trojans:
NetMagik 1.6Xp

DDoS Trojan 2.0

Invisible Activity Spy 2.2

Vulnerabilities & Exploits:

News:

26 december 2002

New Trojans:
Cold Fusion 1.0

Jesus Touch 1.5

Magic Link 1.2

Tools:
MAC Changer. A GNU/Linux utility for viewing/manipulating the MAC address of network interfaces. Read More

Nmap 3.10ALPHA9 is now available. Read More

Vulnerabilities & Exploits:
www.securitytracker.com:
Xpdf 'pdftops' Integer Overflow May Let Remote Users Cause Arbitrary Code to Be Executed By a Target User. Read More

www.securitytracker.com:
Common UNIX Printing System (CUPS) 'pdftops' Integer Overflow May Let Remote Users Cause Arbitrary Code to Be Executed By a Target User. Read More

www.securitytracker.com:
MATLAB Unsafe Temporary Files Lets Local Users Overwrite Certain Files or Cause Target Users to Execute Arbitrary Code. Read More

www.securitytracker.com:
Junkbuster Proxy Default Configuration on Red Hat Linux Lets Remote Users Send SPAM Via the Proxy. Read More

www.securitytracker.com:
PHP-Nuke Discloses Installation Path to Remote Users. Read More

www.securitytracker.com:
Hyperion FTP Server Buffer Overflow Lets Remote Authenticated Users Execute Arbitrary Code. Read More

www.securitytracker.com:
Apache 'printenv' Script Input Validation Bugs in Older Versions May Let Remote Users Conduct Cross-Site Scripting Attacks. Read More

www.securitytracker.com:
Chetcpasswd.cgi Bugs May Disclose Some Shadow Password File Contents to Remote Users and May Let Local Users Grab Root Privileges. Read More

www.securiteam.com:
zkfingerd Remote Exploit. Read More

www.securiteam.com:
Melange Chat System Remote Exploit Code Released. Read More

www.securiteam.com:
Multiple Buffer overruns RealNetworks Helix Universal Server. Read More

www.securiteam.com:
Polycom Video Conference System Management Server Authentication Bypass Vulnerability. Read More

www.securiteam.com:
ProFTPD Long Password Crash. Read More

News:
www.pcmag.com:
Security Alert: Beware Nasty Flash 'Toons. Read More

online.securityfocus.com:
XP audio vuln shout goes out. Read More

www.eweek.com:
Microsoft Users Upset With 'Security Updates'. Read More

www.net-security.org:
Interview with Bob Toxen. Read More

star-techcentral.com:
Hack, the herald angels sing! Read More

www.washtimes.com:
Hacker threat seen as overdone. Read More

www.newsre.com:
Number of Hacking Web Sites Grows 45 Percent. Read More

25 december 2002

New Trojans:
Theef 2.00 Beta 0.3 Public

LANfiltrator 1.0 fixed

Nethief 1.3

Vulnerabilities & Exploits:
www.idefense.com:
Integer Overflow in pdftops. Read More

Debian Security Advisory:
DSA-216-1 fetchmail -- buffer overflow. Read More

online.securityfocus.com:
W-Agora EditForm.PHP Cross-Site Scripting Vulnerability. Read More

online.securityfocus.com:
W-Agora EditForm.PHP PHP Include Vulnerability. Read More

online.securityfocus.com:
CUPS Negative Length HTTP Header Vulnerability. Read More

online.securityfocus.com:
Multiple Vendor X Font Server Remote Buffer Overrun Vulnerability. Read More

online.securityfocus.com:
Interbase GDS_Lock_MGR Interbase Environment Variable Buffer Overflow Vulnerability. Read More

online.securityfocus.com:
Multiple Vendor SSH2 Implementation Incorrect Field Length Vulnerabilities. Read More

online.securityfocus.com:
Multiple Vendor SSH2 Implementation Buffer Overflow Vulnerabilities. Read More

online.securityfocus.com:
Multiple Vendor SSH2 Implementation Empty Elements / Multiple Separator Vulnerabilities. Read More

online.securityfocus.com:
Multiple Vendor SSH2 Implementation Null Character Handling Vulnerabilities. Read More

www.macromedia.com:
Macromedia Flash Malformed Header Vulnerability Issue. Read More

News:
linuxtoday.com:
ZDNet Australia: Trojan Horses Plague Open Source. Read More

www.pcmag.com:
Security Alert: Beware Nasty Flash 'Toons. Read More

news.com.com:
A happy New Year for hacker Mitnick. Read More

www.eweek.com:
Microsoft Security Guru Leaves Post. Read More

www.dailymail.com:
County vulnerable to hackers. Read More

24 december 2002

New Trojans:
Magic Link 1.66

Trojan Spirit 2001a Beta Edition

GOP 1.2

Vulnerabilities & Exploits:
Debian Security Advisory:
DSA-215-1 cyrus-imapd -- buffer overflow. Read More

www.iss.net:
SuSE gfxmenu could allow a local attacker to bypass. Read More

www.securitytracker.com:
Axis Network Camera and Other Devices May Let Remote Users Execute Arbitrary Code. Read More

www.securitytracker.com:
KDE Input Validation Vulnerabilities May Let Remote Users Execute Arbitrary Commands on the System. Read More

www.securitytracker.com:
Captaris Infinite WebMail Server Input Validation Flaws Let Remote Users Conduct Cross-Site Scripting Attacks. Read More

www.securityfocus.com:
Top Attacks for the 1st Quarter 2002. Read More

News:
www.silicon.com:
Users warned over IE clipboard exploit. Read More

www.stjoenews-press.com:
St. Joseph man held as hacker. Read More

online.securityfocus.com:
STMPClean Race Condition Vulnerability. Read More

hoovnews.hoovers.com:
The Observer: Cyber thieves net millions as Christmas shoppers go online. Read More

www.wnbc.com:
Queens Hacker Arrested For Stealing Kinko's Credit-Card Numbers. Read More

www.newsfactor.com:
Daily CyberCrime and Security Report for December 23, 2002. Read More

23 december 2002

New Trojans:
TrojMax 2.0

NETMagik 1.5

LittleBusters 1.0

Tool:
sourceforge.net:
Winfingerprint 0.5.5
Winfingerprint is a Win32 MFC VC++ .NET based security tool that is able to Determine OS, enumerate users, groups, shares, SIDs, transports, sessions, services, service pack and hotfix level, date and time, disks, and open tcp and udp ports. Read More

Vulnerabilities & Exploits:
www.securitytracker.com:
PHP-Nuke Mail Feature CR-LF Injection Bug Lets Remote Users Send E-mail Via the System. Read More

www.securitytracker.com:
Polycom ViewStation FX Discloses Administrator Password to Remote Users. Read More

www.securitytracker.com:
Cisco IOS Routers Can Be Made to Consume All Available Bandwidth By Remote Users Sending Spoofed EIGRP Announcements. Read More

www.securiteam.com:
Microsoft Hotmail Cross-Site Scripting (XSS) Flaws. Read More

www.securiteam.com:
Remote Heap malloc/free and Multiple Overflow Vulnerability in WSMP3 (Exploit). Read More

www.securiteam.com:
XSS Vulnerabilities in Oracle Website. Read More

www.securiteam.com:
Security Problems Found with mkstemp(). Read More

www.i-security.nl:
Cobalt RaQ 4 and possibly others overflow.cgi remote root exploit which takes advantage of a flaw in the Security Hardening Package. Read More

News:
online.securityfocus.com:
'Twas the Night Before Christmas, 2002. Read More

online.securityfocus.com:
A Year-end Mailbag. Read More

www.betanews.com:
Symantec Invites pcAnywhere 11.0 Testers. Read More

cryptome.org:
Mole hunt at Foreign Office to find internet leaker. Read More

22 december 2002

New Trojans:
KoreTek 1.4

HoaVeLu 2.0 client

iSpyNow 2.0

Tool:
sniffdet.sourceforge.net:
SniffDet - Remote Sniffer Detection Tool/Library. Read More

rpcap.sourceforge.net:
RPCAP, Remote Packet Capture System. Read More

Vulnerabilities & Exploits:
www.securitytracker.com:
nCipher PKCS#11 Library Access Control Bugs May Let Users Obtain Plaintext Keys. Read More

www.securitytracker.com:
Cisco IOS Operating System Has SSH Bugs That Allow Remote Users to Cause the Device to Reboot. Read More

www.securitytracker.com:
Open WebMail Input Validation Bug Lets Local Users and Certain Remote Users Execute Code With Root Privileges. Read More

www.securitytracker.com:
OKENA StormWatch Default Configuration Error Gives Remote Users Adminstrative Access to the Database. Read More

www.securitytracker.com:
Common UNIX Printing System (CUPS) Has Multiple Bugs That Let Remote and Local Users Gain Root Privileges on the System. Read More

www.securitytracker.com:
Winamp Audio Player Buffer Overflows Let Remote Users Execute Arbitrary Code. Read More

News:
www.newsday.com:
Hacker admits to downloading information from Kinko's computers. Read More

www.stjoenews-press.com:
St. Joseph man held as hacker. Read More

www.lightreading.com:
Picolight Site Hacked. Read More

21 december 2002

New Trojans:
Beast 1.9

Beast 1.8 version b

Stealth Recorder 2.0

Vulnerabilities & Exploits:
www.securitytracker.com:
Microsoft Windows XP Shell Buffer Overflow in Processing Audio Files Allows Remote Users to Execute Arbitrary Code. Read More

Debian Security Advisory:
DSA-214-1 kdnetwork -- buffer overflows. Read More

News:
www.silicon.com:
Welsh virus writer infects 27,000. Read More

www.hindustantimes.com:
Briton admits creating notorious computer viruses. Read More

www.internetwk.com:
Report: Bush Administration Plans Mandatory Government Internet Monitoring. Read More

online.securityfocus.com:
White House: Internet monitoring center wouldn't spy on e-mails. Read More

abcnews.go.com:
Thieves Using Cyber-Methods to Commit Brick-and-Mortar Crime. Read More

20 december 2002

New Trojans:
MoSucker 3.0 (b)

DataRape 1.3

DataRape 1.2 modified server

Vulnerabilities & Exploits:
www.idefense.com:
Multiple Security Vulnerabilities in Common Unix Printing System (CUPS). Read More

www.securitytracker.com:
TYPSoft FTP Server Failure to Filter '...' Strings Lets Remote Users View Arbitrary Directory Listings. Read More

www.securitytracker.com:
Melange Chat System Buffer Overflow Lets Remote Users Execute Arbitrary Code on the System. Read More

www.securitytracker.com:
LocalWEB2000 Web Server Discloses Plaintext Passwords to Remote Users. Read More

www.securitytracker.com:
CartMan Shopping Cart Lets Remote Users Modify Prices of Items in Their Shopping Basket. Read More

www.securitytracker.com:
SpeedProject's SpeedCommander Input Validation Flaw May Let Malicious 'tar' Archives Overwrite or Create Arbitrary Files When Expanded. Read More

www.securitytracker.com:
SpeedProject's Squeez Input Validation Flaw May Let Malicious 'tar' Archives Overwrite or Create Arbitrary Files When Expanded. Read More

www.securitytracker.com:
Aladdin ZipMagic Input Validation Flaw May Let Malicious 'tar' Archives Overwrite or Create Arbitrary Files When Expanded. Read More

www.securitytracker.com:
PKZIP Input Validation Flaw May Let Malicious 'tar' Archives Overwrite or Create Arbitrary Files When Expanded. Read More

www.securitytracker.com:
WinZip Input Validation Flaw May Let Malicious 'tar' Archives Overwrite or Create Arbitrary Files When Expanded. Read More

www.securitytracker.com:
GNU 'cpio' Input Validation Flaw May Let Malicious 'tar' Archives Overwrite or Create Arbitrary Files When Expanded. Read More

www.securitytracker.com:
Linux 2.2 Kernel Bug in /proc/pid/mem mmap() Interface May Let Local Users Crash the System. Read More

www.securitytracker.com:
Community Wizard Input Validation Flaw Lets Remote Users Inject SQL Commands. Read More

www.securitytracker.com:
GoAhead Web Server Discloses Script Source Code to Remote Users. Read More

News:
europe.cnn.com:
E-card virus warning for Christmas. Read More

www.wired.com:
Beware the Latest MP3 Worms. Read More

www.internetwk.com:
Iraq_Oil Virus Finds New Way Of Spreading. Read More

www.tomshardware.com:
Software Hackers 1, DCMA 0. Read More

www.theinquirer.net:
MP3 bug in Windows XP desktop affects security - critically. Read More

news.com.com:
Microsoft flaws could hit music traders. Read More

www.newsfactor.com:
Daily CyberCrime and Security Report for December 19, 2002. Read More

19 december 2002

New Trojans:
MyCenter

Prosty

Frapes 0.14

Tool:
www.insecure.org:
Nmap 3.10ALPHA7 Released. Read More

Vulnerabilities & Exploits:
www.securitytracker.com:
Zkfingerd Daemon Unsafe Syslog Call Lets Remote Users Execute Arbitrary Code. Read More

www.securitytracker.com:
PFinger Daemon Format String Bug May Let Remote Users Execute Arbitrary Code in Certain Cases. Read More

www.securitytracker.com:
Xerces XML Parser Bug in Handling DTDs May Let Users Cause Denial of Service Conditions. Read More

www.securitytracker.com:
Sybase EAServer Bug in Parsing XML DTDs May Let Remote Users Crash the Server. Read More

www.securitytracker.com:
Symantec VelociRaptor Firewall Buffer Overflow in RealAudio Proxy Allows Remote Users to Deny Service and Possibly Execute Arbitrary Code on the Firewall. Read More

www.securitytracker.com:
Symantec Enterprise Firewall Buffer Overflow in RealAudio Proxy Allows Remote Users to Deny Service and Possibly Execute Arbitrary Code on the Firewall. Read More

www.securitytracker.com:
SSH Communications SSH Client and Server SSH2 Implementation Bugs May Allow Remote Denial of Service or Code Execution. Read More

www.securitytracker.com:
F-Secure SSH Client and Server SSH2 Implementation Bugs May Allow Remote Denial of Service or Code Execution. Read More

www.securitytracker.com:
Cryptainer Discloses Password in Memory to Local Users. Read More

News:
Microsoft Security Bulletin MS02-072
Unchecked Buffer in Windows Shell Could Enable System Compromise (329390). Read More

www.zdnet.com.au:
Vulnerability compromises Explorer multimedia handling. Read More

www.vnunet.com:
Users bemoan Microsoft's security initiatives. Read More

www.vnunet.com:
Klez wins virus of the year. Read More

www.silicon.com:
'Flash!' Aaargghh... here to hack every one of us. Read More

itmanagement.earthweb.com:
Worm Spreads Without Help From Email, Web. Read More

www.thestate.com:
Computer crime center opens. Read More

www.newsfactor.com:
Daily CyberCrime and Security Report for December 18, 2002. Read More

18 december 2002

New Trojans:
DKangel 2.51 server

masterU

Tight VNC 1.2.1

Vulnerabilities & Exploits:
The Evolution of Cross-Site Scripting Attacks (pdf). Read More

online.securityfocus.com:
MyPHPSoft MyPHPLinks SQL Injection Administration Bypassing Vulnerability. Read More

online.securityfocus.com:
Bea Systems WebLogic Xerces XML Parser Denial Of Service Vulnerability. Read More

www.securitytracker.com:
MyPHPLinks Input Validation Flaw Lets Remote Users Inject SQL Characters to Gain Administrative Access on the Application. Read More

www.securiteam.com:
XSS Vulnerability Found in Cisco Website. Read More

www.securiteam.com:
Vulnerabilities in SSH2 Implementations from Multiple Vendors. Read More

www.securiteam.com:
TYPSoft FTP Server Directory Traversal Vulnerability. Read More

www.securiteam.com:
Macromedia Shockwave Flash Malformed Header Overflow (Additional problems). Read More

News:
www.pcworld.com:
'Iraq Oil' Worm Oozes Onto the Net. Read More

www.informationweek.com:
New Virus Attacks Windows 2000, XP Machines. Read More

www.smh.com.au:
New Windows network worm detected. Read More

www.internetweek.com:
Flash Has Security Hole, But Fix Is Offered. Read More

www.pcpro.co.uk:
Secure Shell found to be not so secure. Read More

linuxtoday.com:
Two Book Reviews on Wireless Security and Crackproof Software. Read More

www.siliconvalley.com:
High school student earns A in hacking. Read More

www.chron.com:
Prosecutors don't seek jail for hacker `DVD Jon'. Read More

www.newsfactor.com:
Daily CyberCrime and Security Report for December 17, 2002. Read More

17 december 2002

New Trojans:
Sonick Trojan 2.0

UpFucker Backdoor 1.0

Invisible Activity Spy 2.1

Vulnerabilities & Exploits:
bvlive01.iss.net:
Internet Security Systems Security Alert Summary AS02-50. Read More

www.nextgenss.com:
PFinger Format String vulnerability. Read More

www.nextgenss.com:
zkfingerd Format String vulnerability. Read More

www.rapid7.com:
Vulnerabilities in SSH2 Implementations from Multiple Vendors. Read More

www.nii.co.in:
Password Disclosure in Cryptainer. Read More

online.securityfocus.com:
LogiSense Hawk-i Login SQL Injection Vulnerability. Read More

online.securityfocus.com:
WGet NLST Client Side File Overwriting Vulnerability. Read More

online.securityfocus.com:
Halcyon Software iASP File Disclosure Vulnerability. Read More

online.securityfocus.com:
XOOPS Information Disclosure Vulnerability. Read More

online.securityfocus.com:
mICQ Denial Of Service Vulnerability. Read More

online.securityfocus.com:
EServ Buffer Overflow Vulnerability. Read More

News:
star-techcentral.com:
E-mail viruses double in 2002. Read More

www.newhousenews.com:
Who Is Liable When Hackers Breach Software Security? Read More

www.smh.com.au:
Virus warning: old wine in new bottles. Read More

www.eweek.com:
Researchers Warn of Serious SSH Flaws. Read More

www.theregister.co.uk:
Home user insecurity spurs email virus growth in 2002. Read More

www.theregister.co.uk:
Your Microsoft critical security patches tonight. Read More

www.internetweek.com:
Microsoft Gets Serious About Web Service Security. Read More

news.bbc.co.uk:
E-mail security warning for MPs. Read More

triangle.bizjournals.com:
High risk for cyber attack. Read More

www.eweek.com:
Feds Call for Security Help. Read More

www.newsfactor.com:
Daily CyberCrime and Security Report for December 16, 2002. Read More

16 december 2002

New Trojans:
Sweet Heart 1.0 version b

DarkSky 1.0 version b

Cang

Vulnerabilities & Exploits:
online.securityfocus.com:
Symantec Enterprise Firewall RealAudio Proxy Buffer Overflow Vulnerability. Read More

online.securityfocus.com:
Overkill Remote Buffer Overflow Vulnerability. Read More

online.securityfocus.com:
Lynx Command Line URL CRLF Injection Vulnerability. Read More

online.securityfocus.com:
Mambo Site Server Account Registration HTML Injection Vulnerability. Read More

online.securityfocus.com:
Mambo Site Server Path Disclosure Vulnerability. Read More

online.securityfocus.com:
Mambo Site Server PHPInfo.PHP Information Disclosure Vulnerability. Read More

online.securityfocus.com:
Apache AB.C Web Benchmarking Read_Connection() Buffer Overflow Vulnerability. Read More

online.securityfocus.com:
Webshots Desktop Screen Saver Password Bypassing Vulnerability. Read More

online.securityfocus.com:
Mod_SSL Wildcard DNS Cross Site Scripting Vulnerability. Read More

online.securityfocus.com:
Macromedia Flash Unspecified SWF Buffer Overflow Vulnerability. Read More

online.securityfocus.com:
Apache Server Side Include Cross Site Scripting Vulnerability. Read More

online.securityfocus.com:
VIM ModeLines Arbitrary Command Execution Vulnerability. Read More

online.securityfocus.com:
Apache Web Server Scoreboard Memory Segment Overwriting SIGUSR1 Sending Vulnerability. Read More

online.securityfocus.com:
Microsoft Java Virtual Machine Java Object Instantiation Denial Of Service Vulnerability. Read More

online.securityfocus.com:
Microsoft Java Virtual Machine Standard Security Manager Access Validation Vulnerability. Read More

online.securityfocus.com:
Microsoft Java Virtual Machine user.dir Access Information Disclosure Vulnerability. Read More

online.securityfocus.com:
Microsoft Java Virtual Machine JDBC API Access Vulnerability. Read More

online.securityfocus.com:
Microsoft Java Virtual Machine URL Parsing Vulnerability. Read More

online.securityfocus.com:
Microsoft Java Virtual Machine CODEBASE Parameter File Disclosure Vulnerability. Read More

online.securityfocus.com:
Microsoft Java Virtual Machine COM Object Access Validation Vulnerability. Read More

online.securityfocus.com:
Safe.PM Unsafe Code Execution Vulnerability. Read More

online.securityfocus.com:
Deerfield VisNetic WebSite Cross Site Scripting Vulnerability. Read More

online.securityfocus.com:
Microsoft Internet Explorer PNG Deflate Heap Corruption Vulnerability. Read More

online.securityfocus.com:
Microsoft Windows SMB Signing Vulnerability. Read More

online.securityfocus.com:
Microsoft Java Virtual Machine Multiple Vulnerabilities. Read More

online.securityfocus.com:
Microsoft Windows Window Message Subsystem Design Error Vulnerability. Read More

online.securityfocus.com:
Microsoft Windows 2000/XP NetDDE Privilege Escalation Vulnerability. Read More

www.securitytracker.com:
Stryon Instant ASP (iASP) Input Validation Flaw Discloses Files on the System to Remote Users. Read More

www.securitytracker.com:
Eserv Boundary Error Lets Remote Users Crash the Mail, News, Web, and FTP Services. Read More

www.securitytracker.com:
Fetchmail Buffer Overflow in Processing Addresses Lets Remote Users Execute Arbitrary Code on the System. Read More

www.securiteam.com:
Multiple Mambo Site Server Security Weaknesses. Read More

www.securiteam.com:
Remote Console Applet Allows Remote File Retrieval. Read More

www.securiteam.com:
VisNetic WebSite XSS vulnerability through HTTP Referer header. Read More

www.securiteam.com:
Eserv Remote Denial of Service (5mb HELO). Read More

www.securiteam.com:
MyPHPLinks Vulnerable to SQL Injection. Read More

www.securiteam.com:
gfxboot Allows Boot Password Circumvention. Read More

News:
www.ananova.com:
'Big increase in e-mail viruses'. Read More

www.counterpane.com:
Fun with Vulnerability Scanners. Read More

www.counterpane.com:
ECHELON Technology. Read More

www.counterpane.com:
The Fallacy of Cracking Contests. Read More

15 december 2002

New Trojans:
Bouffe Troyen 1.0

BlueAdeptz (test 02)

Storm DDOS Attack 1.2

Vulnerabilities & Exploits:
online.securityfocus.com:
Cobalt RaQ4 Administrative Interface Command Execution Vulnerability. Read More

online.securityfocus.com:
Deerfield VisNetic Website OPTIONS Memory Corruption Vulnerability. Read More

online.securityfocus.com:
GNU SharUtils UUDecode Symbolic Link Attack Vulnerability. Read More

online.securityfocus.com:
Macromedia JRun 4/ColdFusion MX XML Parser Denial Of Service Vulnerability. Read More

online.securityfocus.com:
Gordano Mail Server 'rword' Filter Bypass Vulnerability. Read More

online.securityfocus.com:
Multiple Unspecified RealOne Player Buffer Overflow Vulnerabilities. Read More

online.securityfocus.com:
dvips Arbitrary Command Execution Vulnerability. Read More

online.securityfocus.com:
Multiple Vendor FTP Client Side File Overwriting Vulnerability. Read More

online.securityfocus.com:
myServer File Disclosure Vulnerability. Read More

online.securityfocus.com:
HP-UX Visualize Conference Insecure Default Permissions Vulnerability. Read More

online.securityfocus.com:
Cisco OSM Line Cards Denial Of Service Vulnerability. Read More

online.securityfocus.com:
Sun Solaris Network Interface Denial Of Service Vulnerability. Read More

online.securityfocus.com:
Trend Micro PC-cillin Mail Scanner Buffer Overflow Vulnerability. Read More

online.securityfocus.com:
HP-UX xntpd Unspecified Denial Of Service Vulnerability. Read More

online.securityfocus.com:
Samba Server Encrypted Password Buffer Overrun Vulnerability. Read More

online.securityfocus.com:
Zeus Web Server Admin Interface Cross Site Scripting Vulnerability. Read More

online.securityfocus.com:
PADL Software nss_ldap DNS Buffer Overflow Vulnerability. Read More

www.securitytracker.com:
Macromedia ColdFusion Server Bug In Parsing XML DTDs May Let Remote Users Crash the Server. Read More

www.securitytracker.com:
Macromedia JRun Server Bug In Parsing XML DTDs May Let Remote Users Crash the Server. Read More

www.securitytracker.com:
Macromedia Flash Player Buffer Overflow in Processing Flash Headers Allows Remote Users to Execute Arbitrary Code. Read More

www.securitytracker.com:
vBulletin Forum Fails to Filter Scripting Code From Certain HTML Tags, Permitting Cross-Site Scripting Attacks. Read More

www.securitytracker.com:
Mambo Site Server Content Management System Has Multiple Bugs That May Let Remote Users Gain Access to the Database. Read More

www.securitytracker.com:
RealNetworks Helix Universal Server Has Unspecified Vulnerabilities. Read More

www.securitytracker.com:
MySQL Overflow and Authentication Bugs May Let Remote Users Execute Code or Access Database Accounts. Read More

News:
firstmonday.org:
Analysis of Defacement of Indian Web Sites. Read More

www.thescotsman.co.uk:
Angry Kuwaiti hacker launches cyber attack. Read More

www.eweek.com:
New Language Assesses Software Flaws. Read More

www.theregister.co.uk:
All bugs are created equal. Read More

14 december 2002

New Trojans:
Reverse Trojan 2.12

Magic Link 1.3

Jad 1.1

Vulnerabilities & Exploits:
security.e-matters.de:
Fetchmail remote vulnerability. Read More

online.securityfocus.com:
TCPDump Memory Corruption Vulnerability. Read More

online.securityfocus.com:
Kunani FTP File Disclosure Vulnerability. Read More

online.securityfocus.com:
GTetrinet Multiple Remote Buffer Overflow Vulnerabilities. Read More

online.securityfocus.com:
Canna Server Denial Of Service Vulnerability. Read More

online.securityfocus.com:
Sun/Netscape Java Virtual Machine Bytecode Verifier Vulnerability. Read More

online.securityfocus.com:
Canna Server Local Buffer Overflow Vulnerability. Read More

www.securitytracker.com:
Microsoft Windows OS Bug in Processing WM_TIMER Messages May Let Local Users Gain Elevated Privileges. Read More

www.securitytracker.com:
Microsoft SMB Signing Flaw May Let Remote Users With Access to an SMB Session Gain Control of a Network Client. Read More

www.securitytracker.com:
BEA WebLogic Bug In Parsing XML DTDs May Let Remote Users Crash the Server. Read More

www.securitytracker.com:
Several FTP Clients Have an Input Validation Flaw That May Let Malicious Servers Write Files to Arbitrary Locations. Read More

www.securitytracker.com:
Wget FTP Client Input Validation Flaw May Let Malicious Servers Write Files to Arbitrary Locations. Read More

www.securitytracker.com:
Multi-Tech ProxyServer Default Configuration Gives Remote Users Control of the System. Read More

www.securitytracker.com:
VisNetic WebSite Web Server Software Can Be Crashed By Remote Users. Read More

www.securitytracker.com:
RealOne Player Has Multiple, Unspecified Buffer Overruns That May Let Remote Users Execute Arbitrary Code. Read More

www.securitytracker.com:
Cisco IOS With Optical Service Module (OSM) Line Cards Can Be Crashed By Remote Users on the Local Network. Read More

www.securitytracker.com:
HP-UX Visualize Conference Unsafe File Permissions May Let Local Users Gain Elevated Privileges. Read More

www.securitytracker.com:
Xntpd Time Daemon on HP-UX May Crash or Degrade. Read More

www.securitytracker.com:
myServer Web Server Input Validation Flaw Discloses Files on the System to Remote Users. Read More

News:
zdnet.com.com:
Week in review: More security flaws. Read More

zdnet.com.com:
Spam headaches bring more pain. Read More

www.newsfactor.com:
Daily CyberCrime and Security Report for December 13, 2002. Read More

13 december 2002

New Trojans:
Exception manager

Depth Charge 1.0 Beta 2

LazyAdmin 1.42

Vulnerabilities & Exploits:
www.guninski.com:
Some vim problems, yet still vim much better than windows. Read More

Debian Security Advisory
DSA-208-1 perl -- broken safe compartment. Read More

Debian Security Advisory
DSA-205-1 gtetrinet -- buffer overflow. Read More

Debian Security Advisory
DSA-206-1 tcpdump -- denial of service. Read More

Debian Security Advisory
DSA-207-1 tetex-bin -- arbitrary command execution. Read More

security.e-matters.de:
Multiple MySQL vulnerabilities. Read More

www.securitytracker.com:
Apt-www-proxy Server Format String Hole Lets Remote Users Execute Arbitrary Commands. Read More

www.securitytracker.com:
Kunani FTP Server Input Validation Flaw Discloses Files on the System to Remote Users. Read More

www.securitytracker.com:
Trend Micro OfficeScan Buffer Overflow May Let Local Users Gain Elevated Privileges. Read More

www.securitytracker.com:
Trend Micro PC-cillin Scanner Buffer Overflow May Let Local Users Gain Elevated Privileges. Read More

www.securiteam.com:
OSM Line Card Header Corruption Vulnerability. Read More

www.securiteam.com:
MTPSR1-120 Firewall Proxy Configuration Software Insecurity. Read More

www.securiteam.com:
Kunani FTP Server Vulnerable to a Directory Traversal Attack. Read More

www.securiteam.com:
Directory Traversing Vulnerability in 'myServer' Web Server. Read More

www.securiteam.com:
Enceladus Server Directory Traversal Vulnerability. Read More

www.securiteam.com:
Flaw in SMB Signing Could Enable Group Policy to be Modified. Read More

News:
www.itconsultantmagazine.com:
Is remote admin software cause for concern? Read More

www.net-security.or:
New "Prestige" Worm Uses Social Engineering. Read More

www.zdnet.com.au:
IDC: Cyberterror to hit in 2003. Read More

www.theregister.co.uk:
Your Microsoft critical security patches tonight. Read More

www.informationweek.com:
Microsoft Patches Eight New Security Holes. Read More

quote.bloomberg.com:
Microsoft Says Windows Is Susceptible to Takeover Bug (Update1). Read More

www.tennessean.com:
Hacker routed online paper to porn site, publisher says. Read More

www.canada.com:
Wardriving for Wi-Fi. Read More

www.newsfactor.com:
Daily CyberCrime and Security Report for December 12, 2002. Read More

12 december 2002

New Trojans:
Freak 1.0

SlimFTP 3.12

Tourniquet 1.1.667

NetDown 1.0

Vulnerabilities & Exploits:
www.eeye.com:
PNG (Portable Network Graphics) Deflate Heap Corruption Vulnerability. Read More

www.krusesecurity.dk:
VisNetic WebSite Denial of Service. Read More

online.securityfocus.com:
KisMac Insecure File Permissions Vulnerability. Read More

online.securityfocus.com:
Ultimate PHP Board ViewTopic.PHP Cross Site Scripting Vulnerability. Read More

online.securityfocus.com:
Ultimate PHP Board ViewTopic.PHP Directory Contents Browsing Vulnerability. Read More

online.securityfocus.com:
Ultimate PHP Board Add.PHP Path Disclosure Vulnerability. Read More

www.securitytracker.com:
Enceladus Server Suite Buffer Overflow Lets Remote Users Execute Arbitrary Code on the System. Read More

www.securitytracker.com:
Ikonboard Input Filtering Bug in Photo URL and Another Field Allows Cross-Site Scripting Attacks. Read More

www.securitytracker.com:
OpenLDAP2 Libraries Have Unspecified Buffer Overflows That May Allow Remote Users to Execute Arbitrary Code. Read More

www.securiteam.com:
Directory Traversal Vulnerabilities in FTP Clients. Read More

www.securiteam.com:
Enceladus Server Suite Buffer Overflow Vulnerability. Read More

News:
Virus Alert: WORM_WINEVAR.A
This destructive Internet worm runs on all Windows platforms. This worm propagates using its own SMTP or Simple Mail Transfer Protocol engine and sends email to addresses it gathers from HTML files on the infected system. This worm sends email using a known exploit that causes the attachment to automatically execute when the message is viewed or previewed on Internet Explorer-based email clients, such as Microsoft Outlook and Outlook Express. This exploit is known as Automatic Execution of Embedded MIME type. It is capable of terminating certain monitoring programs and antivirus products from memory. Upon restart, this worm deletes all files from local drives, except files that are currently running on the system. Read More

Microsoft Security Bulletin MS02-071
Flaw in Windows WM_TIMER Message Handling Could Enable Privilege Elevation (328310). Read More

Microsoft Security Bulletin MS02-069
Flaw in Microsoft VM Could Enable System Compromise (810030). Read More

Microsoft Security Bulletin MS02-070
Flaw in SMB Signing Could Enable Group Policy to be Modified (309376). Read More

online.securityfocus.com:
Rooting Out Corrupted Code. Read More

zdnet.com.com:
Researchers seek to "throttle" worms. Read More

www.newsfactor.com:
Trojans Declare War on PC Users. Read More

asia.cnn.com:
eBay warns users of Net scam. Read More

straitstimes.asia1.com.sg:
China's great firewall really works. Read More

www.silicon.com:
Teen hacker faces two years for DeCSS 'offence'. Read More

zdnet.com.com:
Gov't tightens its case in hacking trial. Read More

www.hoosiertimes.com:
'Hackers' eyes cutting-edge subculture. Read More

zdnet.com.com:
IT users in password hell. Read More

www.newsfactor.com:
Daily CyberCrime and Security Report for December 11, 2002. Read More

11 december 2002

New Trojans:
Cyanure 1.0

HLS Heroin Injector 2.0

Master

Vulnerabilities & Exploits:
online.securityfocus.com:
KisMac Insecure File Permissions Vulnerability. Read More

online.securityfocus.com:
Fortres 101 Software Disabling Protection Circumventing Vulnerability. Read More

online.securityfocus.com:
Apple Mac OS X Directory Kernel Panic Denial Of Service Vulnerability. Read More

online.securityfocus.com:
Groff Pre-Processor Buffer Overflow Vulnerability. Read More

www.securitytracker.com:
Ultimate PHP Board Discloses Path to Remote Users and Allows Cross-Site Scripting Attacks. Read More

www.securitytracker.com:
TFTPD32 FTP Server Can Be Crashed By Remote Authenticated Users Requesting DOS Devices. Read More

www.securitytracker.com:
APBoard Forum Access Control Bug in 'useraction.php' May Let Remote Users Subscribe to Intenal Forum Message Threads. Read More

News:
wichita.bizjournals.com:
SC Telcom hit by international hackers. Read More

www.theregister.co.uk:
DALnet debilitated by DoS attacks. Read More

www.wired.com:
Hackers Want Their Prize Money. Read More

www.eweek.com:
Patch as Patch Can. Read More

www.msnbc.com:
Elaborate credit card con still works. Read More

www.theregister.co.uk:
Hi-tech crime threatens UK plc - survey. Read More

www.wired.com:
Complex Networks Too Easy to Hack. Read More

news.com.com:
Testimony ends in Adobe hacking trial. Read More

www.internetweek.com:
Microsoft Ups Rating of IE Security Flaw's Severity. Read More

www.techtv.com:
The Latest Hacker Techniques. Read More

www.idg.net:
Next Year's Hot Security Tools. Read More

news.com.com:
Code cracking in court. Read More

news.com.com:
Web filters blocking health sites. Read More

www.wired.com:
Raided Firm's Software Checks Out. Read More

www.newsfactor.com:
Daily CyberCrime and Security Report for December 10, 2002. Read More

10 december 2002

New Trojans:
Remote Hack 1.6 Beta

WM Chat System 1.1

REA2

Vulnerabilities & Exploits:
online.securityfocus.com:
APBoard Unauthorized Thread Reading Vulnerability. Read More

online.securityfocus.com:
Multiple Vendor X Font Server Remote Buffer Overrun Vulnerability. Read More

online.securityfocus.com:
Calisto Internet Talker Denial Of Service Vulnerability. Read More

online.securityfocus.com:
SuSE GNUPlot French Documentation Buffer Overflow Vulnerability. Read More

online.securityfocus.com:
OpenLDAP Multiple Buffer Overflow Vulnerabilities. Read More

online.securityfocus.com:
Sapio WebReflex Directory Traversal Vulnerability. Read More

online.securityfocus.com:
LPRNG html2ps Remote Command Execution Vulnerability. Read More

online.securityfocus.com:
Debian Internet Message Insecure Temporary File Creation Vulnerability. Read More

online.securityfocus.com:
Apache AB.C Web Benchmarking Read_Connection() Buffer Overflow Vulnerability. Read More

online.securityfocus.com:
Apache Web Server Scoreboard Memory Segment Overwriting SIGUSR1 Sending Vulnerability. Read More

online.securityfocus.com:
Apache Server Side Include Cross Site Scripting Vulnerability. Read More

online.securityfocus.com:
Cobalt RaQ4 Administrative Interface Command Execution Vulnerability. Read More

online.securityfocus.com:
Akfingerd File Disclosure Vulnerability. Read More

online.securityfocus.com:
Akfingerd Local Denial Of Service Attack. Read More

online.securityfocus.com:
Akfingerd Remote Denial Of Service Vulnerability. Read More

online.securityfocus.com:
Samba Server Encrypted Password Buffer Overrun Vulnerability. Read More

online.securityfocus.com:
KDE KIO Subsystem Network Protocol Implementation Arbitrary Command Execution Vulnerability. Read More

online.securityfocus.com:
Exim Internet Mailer Format String Vulnerability. Read More

online.securityfocus.com:
Microsoft Windows XP Wireless LAN AP Information Disclosure Vulnerability. Read More

News:
europe.cnn.com:
Teen hacker denies DVD pirating. Read More

news.com.com:
Sklyarov testifies in copyright trial. Read More

news.com.com:
Germany cautious on Microsoft security. Read More

www.theregister.co.uk:
Web pedos crack into corporate servers. Read More

www.jsonline.com:
The good and bad of computer hacking. Read More

www.smh.com.au:
More spam, less viruses - stats tell the tale. Read More

europe.cnn.com:
FBI: Hacker stole 80,000 credit cards. Read More

www.theregister.co.uk:
Organised Net crime rising sharply - top UK cop. Read More

www.newsfactor.com:
Daily CyberCrime and Security Report for December 9, 2002. Read More

09 december 2002

New Trojans:
Remote Operations 2.4

LazyAdmin 1.1

TrojMax

Vulnerabilities & Exploits:
www.securitytracker.com:
Mac OS X Can Be Crashed By Local Users. Read More

WebReflex Web Server Discloses Arbitrary Files on the System to Remote Users. Read More

www.securiteam.com:
Cobalt RaQ4 Remote Root Exploit (overflow.cgi). Read More

www.securiteam.com:
Lawson Financials RDBMS Insecurity. Read More

www.securiteam.com:
Proxy Vulnerability in TrendMicro InterScan VirusWall. Read More

www.securiteam.com:
WebReflex Directory Traversal Vulnerability. Read More

www.securiteam.com:
Bypassing Pedestal Software Integrity Protection Driver (Time Vulnerability). Read More

www.securiteam.com:
Local Netfilter / IPTables IP Queue PID Wrap Flaw. Read More

www.securiteam.com:
Local Root Vulnerability Found in Exim (pid_file_path). Read More

www.securiteam.com:
SAP Database Local Root via Symlink. Read More

www.securiteam.com:
SquirrelMail XSS Vulnerabilities. Read More

News:
www.zdnet.com.au:
Microsoft: IE hole worse than reported. Read More

www.haaretzdaily.com:
Hacker suspected of stealing data from American company. Read More

www.sfgate.com:
Hacker hero and Hollywood nemesis _ a Norwegian teenager _ goes on trial. Read More

online.securityfocus.com:
Barbarians at the Gate: An Introduction to Distributed Denial of Service Attacks. Read More

08 december 2002

New Trojans:
R0xr4t 1.2 Mutant Version

Niklaus

Majesty

Vulnerabilities & Exploits:
online.securityfocus.com:
Apache/Tomcat Mod_JK Chunked Encoding Denial Of Service Vulnerability. Read More

online.securityfocus.com:
ISC BIND SIG Cached Resource Record Buffer Overflow Vulnerability. Read More

online.securityfocus.com:
ISC BIND DNS Resolver Buffer Overflow Vulnerability. Read More

online.securityfocus.com:
Microsoft Outlook 2002 Email Header Processing Denial of Service Vulnerability. Read More

Multiple Microsoft Internet Explorer Cached Objects Zone Bypass Vulnerability. Read More

online.securityfocus.com:
Multiple Vendor Sun RPC xdr_array Buffer Overflow Vulnerability. Read More

online.securityfocus.com:
Sun Solaris Libthread Library Denial of Service Vulnerability. Read More

online.securityfocus.com:
GV Malformed File Local Buffer Overflow Vulnerability. Read More

online.securityfocus.com:
Multiple Vendor Invalid X.509 Certificate Chain Vulnerability. Read More

online.securityfocus.com:
SAP DB Symbolic Link Vulnerability. Read More

online.securityfocus.com:
Pine From: Field Heap Corruption Vulnerability. Read More

online.securityfocus.com:
HP-UX ied Unspecified Information Disclosure Vulnerability. Read More

online.securityfocus.com:
Computer Associates eTrust Antivirus EE Privilege Escalation Vulnerability. Read More

SMB2WWW Remote Command Execution Vulnerability. Read More

online.securityfocus.com:
Sun Solaris System Panic Denial Of Service Vulnerability. Read More

online.securityfocus.com:
KDE Konqueror Sub-Frames Script Execution Vulnerability. Read More

online.securityfocus.com:
KDE Secure Cookie Exposure Vulnerability. Read More

online.securityfocus.com:
KDE KPF Icon Option File Disclosure Vulnerability. Read More

online.securityfocus.com:
KDE Network RESLISA Buffer Overflow Vulnerability. Read More

online.securityfocus.com:
Bradford Barrett Webalizer Reverse DNS Buffer Overflow Vulnerability. Read More

www.securitytracker.com:
XOOPS Portal Input Filtering Flaw in Private Message Module Lets Remote Users Execute Cross-Site Scripting Attacks. Read More

www.securitytracker.com:
Sun Cobalt RaQ 4 Security Hardening Package CGI Input Validation Flaw Lets Remote Users Gain Root Access. Read More

www.securitytracker.com:
TrendMicro InterScan VirusWall Proxy Bug Lets Remote Users Connect to Internal Hosts Via the Proxy. Read More

www.securitytracker.com:
Akfingerd Finger Server Has Multiple Bugs That Allow Remote Users to Deny Service and Local Users to View Certain Files on the System. Read More

www.securitytracker.com:
Fortres 101 Disk Security Software Bug Lets Local Users Gain Unrestriced Disk Access. Read More

www.securitytracker.com:
Apache mod_jk Module Processing Bug When Used With Tomcat May Disclose Information to Remote Users or Crash. Read More

News:
www.business.scotsman.com:
Huge increase in hackers and pornographers. Read More

online.securityfocus.com:
Suspected terror financier target of U.S. search of Massachusetts firm. Read More

www.wired.com:
Hacker From the 'Hood Tells All. Read More

www.wired.com:
An Inside Look at China Filters. Read More

www.vnunet.com:
Beware the eBay identity thieves. Read More

www.vnunet.com:
UK still vulnerable to hackers. Read More

07 december 2002

New Trojans:
Volkoser 1.0

Ping Door 4.1

Big Brother 3.5.1

Vulnerabilities & Exploits:
Debian Security Advisory
DSA-204-1 kdelibs -- arbitrary program execution. Read More

online.securityfocus.com:
phpBB search.php Cross Site Scripting Vulnerability. Read More

online.securityfocus.com:
Aldap Contact Manager Authentication Bypass Vulnerability. Read More

online.securityfocus.com:
Zeroo HTTP Server Directory Traversal Vulnerability. Read More

online.securityfocus.com:
Microsoft Internet Explorer Dialog Style Same Origin Policy Bypass Vulnerability. Read More

online.securityfocus.com:
Linux Netfilter/IPTables IP Queuing Arbitrary Network Traffic Reading Vulnerability. Read More

online.securityfocus.com:
Buffalo AirStation Pro Intelligent Access Point Port 80 Denial Of Service Vulnerability. Read More

online.securityfocus.com:
Multiple Linksys Devices Heap Corruption Denial Of Service. Read More

online.securityfocus.com:
Multiple Linksys Devices strcat() Buffer Overflow Vulnerability. Read More

online.securityfocus.com:
Multiple Linksys Devices GET Request Buffer Overflow Vulnerability. Read More

online.securityfocus.com:
WindowMaker Image Handling Buffer Overflow Vulnerability. Read More

www.securitytracker.com:
KisMAC Wireless Protocol Stumbler Installation Bug May Overwrite File Permissions. Read More

www.securitytracker.com:
SquirrelMail Input Validation Flaw in 'read_body.php' Lets Remote Users Conduct Cross Site Scripting Attacks. Read More

www.securitytracker.com:
Microsoft Windows XP Wireless LAN Support May Disclose Access Point Information to Remote Users. Read More

www.securitytracker.com:
Sygate Personal Firewall Can Be Stopped Without a Password Even if a Password is Required. Read More

www.securitytracker.com:
Microsoft Outlook Bug in Processing Malformed E-mail Headers Lets Remote Users Crash the Client. Read More

www.securitytracker.com:
Exim Mail Server Format String Bug Lets Local Exim Administrators Execute Arbitrary Code With Root Privileges. Read More

www.securitytracker.com:
Netscape Enterprise Server Manager Input Validation Flaw Lets Remote Users Execute Application Commands. Read More

www.securitytracker.com:
HP-UX ied(1) Input Editor May Disclose 'Invisible' Data to Local Users. Read More

www.securitytracker.com:
SMB2WWW Web-Based Windows Networking Client Bug Lets Remote Users Execute Arbitrary Programs. Read More

www.securitytracker.com:
SAP DB Database Symlink Bug Lets Local Users Execute Arbitrary Files With Root Privileges. Read More

News:
online.securityfocus.com:
Federal agents raid Boston-area software company in terrorism investigation. Read More

www.hackinglinuxexposed.com:
/etc/inittab - The Most Overlooked Cracker Haven. Read More

www.eweek.com:
The Emerging Class of Security Tools. Read More

www.newsfactor.com:
Daily CyberCrime and Security Report for December 6, 2002. Read More

06 december 2002

New Trojans:
BioNet 4.00.05 BE

Hornet 1.0

Stealth Eye 1.1

Vulnerabilities & Exploits:
online.securityfocus.com:
Pedestal Software Integrity Protection Driver Bypass Vulnerability. Read More

online.securityfocus.com:
Xinetd Open File Descriptor Denial Of Service Vulnerability. Read More

online.securityfocus.com:
3Com SuperStack 3 NBX FTPD Denial of Service Vulnerability. Read More

online.securityfocus.com:
libSieve Error Message Buffer Overrun Vulnerability. Read More

online.securityfocus.com:
Cyrus IMAPD Pre-Login Heap Corruption Vulnerability. Read More

online.securityfocus.com:
3D3.Com ShopFactory Shopping Cart Cookie Price Manipulation Vulnerability. Read More

Debian Security Advisory
DSA-203-1 smb2www -- arbitrary command execution. Read More

www.securitytracker.com:
Sendmail 'check_relay' E-mail Access Control Features Can Be Bypassed By Remote Users. Read More

www.securitytracker.com:
Microsoft Internet Explorer showModalDialog() Input Validation Flaw Lets Remote Users Execute Arbitary Scripting Code in Any Security Zone. Read More

www.securitytracker.com:
Linux Kernel Netfilter/IPTables Experimental Queueing Bug May Disclose Network Traffic to Local Users. Read More

www.securitytracker.com:
Linksys BEFW11S4 Wireless Router Buffer Overflows and Parsing Bugs Let Remote Users Take Full Control of the Router. Read More

www.securitytracker.com:
Internet Message (IM) Perl Libraries Use Unsafe Temporary Files That Allow Local Users to Gain Elevated Privileges. Read More

www.securitytracker.com:
Sun Solaris Kernel 'struioget()' Bug Lets Local Users Panic the System. Read More

www.securiteam.com:
ShopFactory Shopping Cart Price Manipulation. Read More

www.securiteam.com:
Remote Heap malloc/free and Multiple Overflow Vulnerability in WSMP3. Read More

www.securiteam.com:
Windows XP Disclosure of Registered AP Information. Read More

www.securiteam.com:
E-mail Header Processing Flaw Could Cause Outlook 2002 to Fail. Read More

www.securiteam.com:
Apache/Tomcat Denial of Service and Information Leakage Vulnerability. Read More

www.securiteam.com:
Cyrus Sieve / libSieve Buffer Overflow. Read More

www.securiteam.com:
Pre-Login Buffer Overflow in Cyrus IMAP server. Read More

News:
www.theinquirer.net:
New worm attacks hard drives. Read More

www.ispreview.co.uk:
New E-Mail Virus Warning - SfxDeth.A. Read More

www.it-analysis.com:
Trouble With Trojans. Read More

www.eweek.com:
Security Expert Takes Issue With Rating of New IE Flaw. Read More

www.theinquirer.net:
Islamic fundamentalist hackers launch 100+Web attacks. Read More

www.nzherald.co.nz:
I shut radio site, boasts teen hacker. Read More

www.hilltoptimes.com:
Computer teams help thewart attacks from hackers. Read More

www.vnunet.com:
Interview: Microsoft wages war on flaws. Read More

www.newsfactor.com:
Daily CyberCrime and Security Report for December 5, 2002. Read More

05 december 2002

New Trojans:
DTr 1.4.3

Whomp Downloader 4.0

ButtMan 0.9p

Vulnerabilities & Exploits:
www.securiteam.com:
Zeroo Webserver Remote Directory Traversal Exploit. Read More

www.securiteam.com:
BigFun Remote DoS Attack. Read More

www.securiteam.com:
3com NBX IP Phone System Denial of Service Attack (CEL). Read More

www.securiteam.com:
Vulnerability Report for Linksys Devices. Read More

www.securiteam.com:
Poisonous Style for Dialog Window Bypasses Zone Security. Read More

www.securitytracker.com:
Computer Associates InoculateIT Incremental Scan Weakness May Fail to Detect Viruses in Certain Cases. Read More

www.securitytracker.com:
Lawson Financials Discloses Database Password to Local Users in a Certain Configuration. Read More

www.securitytracker.com:
Cyrus IMAP Server Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read More

www.securitytracker.com:
Cyrus IMAP Server 'Sieve' Buffer Overflows Let Local Users Gain Elevated Privileges. Read More

www.securitytracker.com:
ShopFactory Shopping Cart Lets Remote Users Modify the Prices of Items in Their Shopping Cart. Read More

www.securitytracker.com:
Thatphpware Has More Input Validation Flaws That Let Remote Users Execute Arbitrary Code. Read More

www.securitytracker.com:
3Com SuperStack 3 NBX and NBX 100 Telephony Systems Can Be Crashed By Remote Users Sending FTP Commands. Read More

News:
Microsoft Security Bulletin MS02-067
E-mail Header Processing Flaw Could Cause Outlook 2002 to Fail (331866). Read More

Microsoft Security Bulletin MS02-068
Cumulative Patch for Internet Explorer (324929). Read More

news.zdnet.co.uk:
Lagel worm wipes files. Read More

www.pcworld.com:
New Year to Bring Nastier Viruses Yet. Read More

www.smh.com.au:
New virus spotted, may have originated Down Under. Read More

www.pcworld.com:
Klez Worm Was Worst of 2002. Read More

www.secunia.com:
Microsoft update to stop remote execution. Read More

news.com.com:
"Security warning" ads draw lawsuit. Read More

www.hilltoptimes.com:
Computer teams help thewart attacks from hackers. Read More

www.denverpost.com:
Hacker breaks into book promotion. Read More

www.newsfactor.com:
Does Cybercrime Still Pay? Read More

www.web-user.co.uk:
Criminals spy on absent web users. Read More

www.theregister.co.uk:
PGP goes back to its roots. Read More

www.newsfactor.com:
Daily CyberCrime and Security Report for December 4, 2002. Read More

04 december 2002

New Trojans:
Cyrex msn trojan

Invisible Activity Spy 2.0

Daodan 1.1

Vulnerabilities & Exploits:
Debian Security Advisory
DSA-202-1 im -- insecure temporary files. Read More

online.securityfocus.com:
Pserv HTTP Request Parsing Buffer Overflow. Read More

online.securityfocus.com:
Pserv User-Agent HTTP Header Buffer Overflow Vulnerability. Read More

online.securityfocus.com:
Pserv HTTP Version Specifier Buffer Overflow Vulnerability. Read More

online.securityfocus.com:
Pserv Request Method Buffer Overflow Vulnerability. Read More

online.securityfocus.com:
Pserv Stream Reading Buffer Overflow Vulnerability. Read More

online.securityfocus.com:
SuidPerl Information Disclosure Vulnerability. Read More

News:
www.itworld.com:
Virus payloads getting bigger, nastier. Read More

horus.vcsa.uci.edu:
Hackers Infiltrate. Read More

www.theage.com.au:
The men who hold off Canberra's cyber siege. Read More

news.com.com:
Copyright law stands first day of trial. Read More

kerneltrap.org:
Interview: Ingo Molnar. Read More

www.silicon.com:
What's hot in the world of spam? Read More

03 december 2002

New Trojans:
DTr 1.5

Poor

SlimFTPd 3.1

Vulnerabilities & Exploits:
Debian Security Advisory
DSA-201-1 freeswan -- denial of service. Read More

online.securityfocus.com:
Mozilla Browser Large HTTP Header Buffer Overflow Vulnerability. Read More

online.securityfocus.com:
Mozilla Netscape Navigator Plug-In Path Disclosure Vulnerability. Read More

online.securityfocus.com:
Netscape/Mozilla Javascript Array Object Heap Corruption Vulnerability. Read More

online.securityfocus.com:
PalmOS Authentication Bypass Vulnerability. Read More

online.securityfocus.com:
Jahia Null Password LDAP Authentication Bypass Vulnerability. Read More

online.securityfocus.com:
Microsoft Internet Explorer UserData Insecure Default Configuration Vulnerability. Read More

online.securityfocus.com:
Imatix Xitami 2.5 Beta Denial Of Service Vulnerability. Read More

online.securityfocus.com:
Steve Horsburg Filemanager File Disclosure Vulnerability. Read More

online.securityfocus.com:
Sun Solaris 8 PAM Session Evasion Vulnerability. Read More

online.securityfocus.com:
Sun Solaris PCMCIAD File Corruption Vulnerability. Read More

online.securityfocus.com:
Lib CGI Include Buffer Overflow Vulnerability. Read More

online.securityfocus.com:
Livingston RADIUS Accounting Hostname Resolution Buffer Overflow Vulnerability. Read More

online.securityfocus.com:
News Evolution Include Undefined Variable Command Execution Vulnerability. Read More

www.securitytracker.com:
Webster HTTP Server Multiple Bugs Let Remote Users Execute Arbitrary Code and View Files on the System. Read More

online.securityfocus.com:
Boozt index.cgi Buffer Overrun Vulnerability. Read More

online.securityfocus.com:
Linux Kernel 2.4 System Call TF Flag Denial Of Service Vulnerability. Read More

online.securityfocus.com:
Sun Solaris MailTool Attachment Denial Of Service Vulnerability. Read More

online.securityfocus.com:
Solaris priocntl() System Call Local Root Vulnerability. Read More

online.securityfocus.com:
Microsoft Windows XP Fast User Switching Process Viewing Weakness. Read More

online.securityfocus.com:
Bogofilter Bogopass Insecure Temporary File Creation Vulnerability. Read More

online.securityfocus.com:
Moby NetSuite POST Handler Buffer Overflow Vulnerability. Read More

online.securityfocus.com:
Samba Server Encrypted Password Buffer Overrun Vulnerability. Read More

News:
abc.net.au:
S Koreans launch cyber attack on US over schoolgirls' deaths. Read More

www.eweek.com:
ISS Goes Public With Vulnerability Disclosure Guidelines. Read More

www.eweek.com:
Hacker Log: Pathway to Successful Site Attack. Read More

www.eweek.com:
Security Firm Deserts Users. Read More

www.oaklandtribune.com:
Hackers prey on passwords with ease. Read More

02 december 2002

New Trojans:
TLPilon 1.2

Dark Omen 1.3

Super Stealth Key Capturer 2.0

Vulnerabilities & Exploits:
online.securityfocus.com:
Traceroute-Nanog Hostname Buffer Overflow Vulnerability. Read More

online.securityfocus.com:
PortailPHP SQL Injection Vulnerability. Read More

online.securityfocus.com:
Sendmail SMRSH Double Pipe Access Validation Vulnerability. Read More

online.securityfocus.com:
Clam AntiVirus Archive Scanning Memory Corruption Vulnerability. Read More

online.securityfocus.com:
YaBB YaBB.pl Cross Site Scripting Vulnerability. Read More

online.securityfocus.com:
pWins Web Server Directory Traversal Vulnerability. Read More

www.securitytracker.com:
Bogofilter 'bogopass' SPAM Filter Provides Local Users With an Attack Method to Gain Elevated Privileges on the System. Read More

www.securitytracker.com:
Moby NetSuite Buffer Overflow in Processing POST Requests Lets Remote Users Crash the Service. Read More

www.securiteam.com:
VNC Man in the Middle Exploit Code. Read More

www.securiteam.com:
User Downgraded from Administrator to User Retains the Ability to List Other User's Running Tasks. Read More

www.securiteam.com:
Multiple pServ Remote Buffer Overflow Vulnerabilities. Read More

www.securiteam.com:
Webster HTTP Server Buffer Overflow Vulnerabilities. Read More

www.securiteam.com:
Moby NetSuite POST Denial of Service Vulnerability. Read More

www.securiteam.com:
TracerouteNG - The Never Ending Story. Read More

www.securiteam.com:
Bogofilter Contrib/Bogopass Temp File Vulnerability. Read More

News:
abc.net.au:
S Koreans launch cyber attack on US over schoolgirls' deaths. Read More

www.nytimes.com:
The Insecurity of Computer Security. Read More

www.usatoday.com:
Millions of pirates are plundering satellite TV. Read More

01 december 2002

New Trojans:
GhostVoice 1.2

NetKill 1.01

DTr 1.4.4 (c)

Vulnerabilities & Exploits:
x82.inetcop.org:
Remote Libcgi-tuxbr CGI Sxploit. Read More

online.securityfocus.com:
Sybase Adaptive Server DROP DATABASE Buffer Overflow Vulnerability. Read More

www.securitytracker.com:
Aldap Contact Manager Authentication Flaw Lets Remote Users Obtain Administrative Privileges on the Application. Read More

www.securitytracker.com:
pWins Web Server Input Validation Flaw Discloses Files on the System to Remote Users. Read More

News:
www.hardwarezone.com:
RealPlayer security fix is faulty. Read More

www.computeruser.com:
RealPlayer Patch Fails to Fix Flaws. Read More

www.silicon.com:
Virus Top Ten: Bugbear top of the pops. Read More

www.computeruser.com:
IT Warns Against Slippery Slope to Regulation. Read More

news.com.com:
Week in review: Scuttling the pirates. Read More

news.com.com:
Microsoft antitrust ruling faces appeal. Read More

www.computeruser.com:
Hackers Fight Censorship, Human Rights Violations. Read More


Copyright© MegaSecurity.org