Home    News Archive    Translate Traducen
News april 20004
30 april 2004

New in Archive
Magic PS 1.43

FuckTrojan 1.2

Ramirez Trojan 2.0

Guides, Papers, etc
www.eeye.com:
�Beat the Worm:� A Guide to Mitigating Critical Flaws
Part 1: Critical Flaw or Red Herring? Read more

Vulnerabilities & Exploits
www.securitytracker.com:
Sesame Initialization Flaw in SesameServlet.setSessionContext() Lets a Remote User Access Another User's Account. Read more

www.securitytracker.com:
Sysklogd Memory Allocation Flaw May Let Remote Users Crash the Daemon. Read more

www.securitytracker.com:
IBM AIX Console Command Temporary Files May Let Local Users Gain Elevated Privileges. Read more

www.securitytracker.com:
IBM AIX Logical Volume Manager Temporary File Flaws and Buffer Overflows Let Local Users Modify Files and Execute Arbitrary Code. Read more

www.securitytracker.com:
JForum May Let Remote Authenticated Users Access Restricted Forums. Read more

www.securitytracker.com:
Phorum Input Validation Holes in Several Message Fields Let Remote Users Conduct Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
eZ publish Input Validation Hole in 'articleview' Permits Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
Citrix MetaFrame Presentation Server Lets Remote Authenticated Administrators Access a Target User's Client Drives. Read more

www.debian.org:
DSA-497-1 mc -- several vulnerabilities. Read more

www.debian.org:
DSA-496-1 eterm -- missing input sanitising. Read more

News:
www.crime-research.org:
Internet and security. Read more

www.theregister.co.uk:
UK police arrest copycat phisher. Read more

news.zdnet.co.uk:
Hidden 'backdoors' worry security firms. Read more

www.smh.com.au:
Open source group hits out at back-door claims. Read more

zdnet.com.com:
Worm worries grow with release of Windows hacks. Read more

29 april 2004

New in Archive
Witch Control 2004

KaoTan 2.0

Insider 2.3.1

Vulnerabilities & Exploits
www.securitytracker.com:
Zonet Wireless Router NAT Function Modifies Inbound IP Source Addresses. Read more

www.securitytracker.com:
paFileDB Input Validation Flaw in 'Category' Function Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
Linux 2.6 Kernel fb_copy_cmap() Memory Access Flaw Has Unspecified Impact. Read more

www.securitytracker.com:
HP Web Jetadmin ExecuteFile Function Lets Remote Users Execute Programs With Root/SYSTEM Privileges. Read more

www.securitytracker.com:
Siemens S55 Phone Lets Remote Users Send Unauthorized SMS Messages. Read more

www.securitytracker.com:
Kaos news Lets Remote Users Download the Database Containing Passwords. Read more

www.securitytracker.com:
DiGi WWW Server Can Be Crashed By Remote Users. Read more

www.securiteam.com:
Metasploit Microsoft IIS SSL PCT Module. Read more

News:
zdnet.com.com:
Worm worries grow with release of Windows hacks. Read more

www.internetnews.com:
Blaster Redux? SSL Worm Threat Rising. Read more

www.internetweek.com:
Netsky.x Takes Down Web Sites. Read more

www.eweek.com:
New Bagle, Netsky Worms on the Loose. Read more

www.computerworld.com:
Microsoft hole spawns false alarm, real attacks. Read more

zdnet.com.com:
Washington wakes up to spyware, adware. Read more

techdirt.com:
Should We Blame Security Victims? Read more

www.philly.com:
Spam-fighting field grows crowded. Read more

28 april 2004

New in Archive
FTP Center 1.2

NeoControlRed 2.2.0

COF Process Ressurection 1.0b

Vulnerabilities & Exploits
www.securitytracker.com:
McAfee VirusScan ActiveX Controls Let Remote Users Access the Target User's System. Read more

www.securitytracker.com:
Novell eDirectory Role Based Services May Assign Elevated Privileges. Read more

www.securitytracker.com:
Engorile Video Gallery Insufficient Input Validation in 'clipid' and 'catid' Lets Remote Users Inject SQL Commands. Read more

www.debian.org:
DSA-495-1 linux-kernel-2.4.16-arm -- several vulnerabilities. Read more

News:
www.theinquirer.net:
New worm attacks Vole hole. Read more

www.smh.com.au:
Exploit binary released as Symantec finds more code. Read more

www.securityfocus.com:
Stop Being a Victim. Read more

www.nwfusion.com:
Worms, consumers drive NAI profit in Q1. Read more

www.immunitysec.com:
Buy an exploit. Read more

27 april 2004

New in Archive
ProRat 1.8

Ramirez 1.0 alfa

Iroffer 1.3b05 (1306.h)

Guides, Papers, etc
www.vnunet.com:
The real impact of viruses: Part 1. Read more

www.vnunet.com:
The real impact of viruses: Part 2. Read more

Vulnerabilities & Exploits
www.securitytracker.com:
phpwsContacts Discloses CSV File to Remote Users. Read more

www.securitytracker.com:
phpwsBB Search Feature Discloses Message Labels to Remote Users. Read more

www.securitytracker.com:
Samsung SmartEther Authentication Failure Lets Remote Users Gain Administrative Access. Read more

www.securitytracker.com:
Sun Solaris TCP/IP Stack NULL Pointer Bug in ip_sioctl_copyin_done() Lets Local Users Panic the System. Read more

www.securitytracker.com:
IBM HTTP Server Can Be Crashed By Remote Users Sending Specially Crafted SSL Packets. Read more

www.securitytracker.com:
Microsoft Windows Explorer Buffer Overflow in Processing SMB Share Names Lets Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
Microsoft Internet Explorer Buffer Overflow in Processing SMB Share Names Lets Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
Racoon Can Be Crashed By Remote Users Sending Large ISAKMP Length Values. Read more

www.securitytracker.com:
Metadot Portal Server Lets Remote Authenticated Users Gain Elevated Privileges. Read more

www.securitytracker.com:
OpenBB Input Validation Holes Let Remote Users Inject SQL Commands and Conduct Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
Apache Web Server Has Buffer Overflow in ebcdic2ascii() on Older Processor Architectures. Read more

News:
news.designtechnica.com:
Latest Bagle Worm Variant Includes Poem. Read more

www.vnunet.com:
Virus alert: Bagle X. Read more

www.theregister.co.uk:
Would you like a cherry Bagle with your zombie PC? Read more

www.theinquirer.net:
Big security problem hits Windows, Internet Explorer. Read more

www.vnunet.com:
'Burnt out' IT staff losing virus battle. Read more

www.theregister.co.uk:
Small.biz fails to tackle spam. Read more

www.theregister.co.uk:
Phishing scams cost UK banks �1m+. Read more

26 april 2004

New in Archive
FTP Center 1.1

BlackCore 1.2.1

davps 1.0

Vulnerabilities & Exploits
www.securitytracker.com:
OpenBB Input Validation Holes Let Remote Users Inject SQL Commands and Conduct Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
Apache Web Server Has Buffer Overflow in ebcdic2ascii() on Older Processor Architectures. Read more

www.securiteam.com:
TCP Window Size RST. Read more

www.securiteam.com:
Netegrity SiteMinder Affiliate Agent Cookie Overflow. Read more

www.securiteam.com:
EpicGames's Unreal Engine UMOD Vulnerability. Read more

www.securiteam.com:
Symantec Multiple Firewall TCP Options Denial Of Service Condition. Read more

www.securiteam.com:
Protector System Multiple Vulnerabilities. Read more

www.securiteam.com:
Multiple Vulnerabilities In phProfession Module For PostNuke. Read more

News:
www.crime-research.org:
Ukraine: hackers school. Read more

www.crime-research.org:
Beware: traps on the Net. Read more

www.baltimoresun.com:
Online criminals using worm to hook accounts. Read more

www.ecommercetimes.com:
Who Should Keep Out the Hackers? Read more

reviews-zdnet.com.com:
How your phone could be hacked. Read more

25 april 2004

New in Archive
Harvester 2003 (mail) 07

Polyserver 1.0

Deaths Corner 1.2.0 v2

Guides, Papers, etc www.cisco.com:
A Comprehensive Review of 802.11 Wireless LAN Security and the Cisco Wireless Security Suite. Read more

Vulnerabilities & Exploits
www.securitytracker.com:
Protector System SQL Protection Mechanism Can Be Bypassed By Remote Users. Read more

www.securitytracker.com:
Network Query Tool Input Validation Flaw in 'portNum' Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
Linux Kernel panic() Buffer Overflow Has Unspecified Impact. Read more

www.securitytracker.com:
artmedic hpmaker Include File Error Lets Remote Users Execute Arbitrary Commands. Read more

www.securitytracker.com:
Modular Site Management System (MSMS) 'ver.asp' May Disclose System Information to Remote Users. Read more

www.securitytracker.com:
Advanced Guestbook Input Validation Hole in Password String Permits SQL Injection. Read more

www.securitytracker.com:
Symantec Client Firewall SYMNDIS.SYS TCP Options Parsing Flaw Lets Remote Users Deny Service. Read more

www.securitytracker.com:
Symantec Client Security SYMNDIS.SYS TCP Options Parsing Flaw Lets Remote Users Deny Service. Read more

www.securitytracker.com:
Linux Kernel cpufreq Signed Integer Assignment Flaw Discloses Memory to Local Users. Read more

www.securitytracker.com:
Unreal Game Engine UMOD '..\' Input Validation Flaw Lets Remote Users Overwrite Files on the Target System. Read more

News:
www.thehostingnews.com:
Web Hosting Company C I Host Monitors Computer Viruses as Pranks Become Malicious. Read more

www.theregister.co.uk:
US defends cybercrime treaty. Read more

www.theregister.co.uk:
Network Associates sells Sniffer. Read more

www.mb.com.ph:
RP joins Microsoft�s gov�t security program. Read more

www.newsfactor.com:
Cyber-Cops Arrest Trio in Piracy Crackdown. Read more

catless.ncl.ac.uk:
Risk of automatic updates. Read more

www.casperstartribune.net:
Online 'phishing' hooks the uwary. Read more

news.netcraft.com:
More Than 400 Phishing Attacks in March. Read more

24 april 2004

New in Archive
51D 1b

Shutdown 1.0

Vulnerabilities & Exploits
www.securitytracker.com:
Solaris sendfilev(3EXT) Lets Local Users Deny Service. Read more

www.securitytracker.com:
Netegrity SiteMinder Affiliate Agent Buffer Overflow in SMPROFILE Cookie Lets Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
Fusion News Input Validation Flaw in 'fullnews.php' Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more

News:
www.crime-research.org:
Microsoft joins the fight against Internet paedophilia. Read more

slashdot.org:
WormRadar Node Volunteers Help Graph Attacks. Read more

23 april 2004

New in Archive
evil-vnc 1.0 beta

hypnotized_hallucination_rat 3.4

Vulnerabilities & Exploits
www.securitytracker.com:
Yahoo Messenger 'yinsthelper.dll' Overflow Lets Remote Users Crash the Client. Read more

www.securitytracker.com:
Ident-2 Buffer Overflow in child_service() May Let Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
NewsTraXer Discloses Database to Remote Users. Read more

www.securitytracker.com:
Journalness Lets Remote Users Create and Edit Posts. Read more

www.securitytracker.com:
pisg IRC Statistics Generator Input Validation Flaw in 'nick' Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
PostNuke Downloads, Web_Links, 'openwindow.php' Input Validation Holes Let Remote Users Conduct Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
phProfession Input Validation Holes Let Remote Users Inject SQL Commands and Conduct Cross-Site Scripting Attacks. Read more

www.debian.org:
DSA-494-1 ident2 -- buffer overflow. Read more

www.cisco.com:
TCP Vulnerabilities in Multiple Non-IOS Cisco Products. Read more

News:
www.theregister.co.uk:
'New' Internet vuln long ignored. Read more

news.netcraft.com:
'Bin Laden Captured' E-mail Downloads Trojan. Read more

22 april 2004

New in Archive
Harvester 2003 (mail) 06

X RAT 2.0

Iroffer 1.3b07

Vulnerabilities & Exploits
www.securitytracker.com:
BEA WebLogic 'config.sh' and 'config.cmd' May Disclose Administrative Password to Local Users. Read more

www.securitytracker.com:
BEA WebLogic Bug Lets Applications Remove EJB Objects Without Permission. Read more

www.securitytracker.com:
BEA WebLogic May Stop Protecting URLs When Configured With Certain Illegal Protection Patterns. Read more

www.securiteam.com:
Buffer Overflow In eXchange POP3 (MAIL FROM). Read more

www.securiteam.com:
Multiple Vulnerabilities in BitDefender Scan Online (ActiveX). Read more

www.debian.org:
DSA-493-1 xchat -- buffer overflow. Read more

News:
www.theage.com.au:
More critical flaws found in Symantec products. Read more

www.winnetmag.com:
Microsoft Presents Antispyware Strategy. Read more

www.theregister.co.uk:
No need for anti-spyware laws - FTC. Read more

www.detnews.com:
Tower Records settles government charges over hacker attacks. Read more

www.sundaytimes.co.za:
New Netsky, Blaster warnings. Read more

www.crn.com:
Netsky.y Sparks High Threat Level. Read more

techdirt.com:
Forget Trojan Horses, Why Not Convince Suckers To Spam For You? Read more

www.itweb.co.za:
New Netsky, Blaster warnings. Read more

21 april 2004

New in Archive
BlackCore 1.2

INSAIM 1.0

Iroffer 1.3b05 (1306.g)

Vulnerabilities & Exploits
Hotmail & Passport (.NET Accounts) Vulnerability. Read more

www.securitytracker.com:
Symantec Norton Personal Firewall Lets Remote Users Execute Arbitrary Code to Take Full Control of the System. Read more

www.securitytracker.com:
Symantec Norton Internet Security Lets Remote Users Execute Arbitrary Code to Take Full Control of the System. Read more

www.securitytracker.com:
Cisco SNMP Bug Lets Remote Users Send SNMP Solicited Operations to Cause the Device to Reload. Read more

www.securitytracker.com:
Sun Fire Server System Controller Can Be Crashed By Remote Users Sending an IP Packet With TOS Bits. Read more

www.securitytracker.com:
Multiple Vendor TCP Stack Implementations Let Remote Users Deny Service. Read more

www.securitytracker.com:
Linux Kernel setsockopt(2) MCAST_MSFILTER Integer Overflow Allows Local Users to Obtain Root Privileges. Read more

www.securitytracker.com:
sSMTP Unsafe Temporary File Lets Local Users Gain Elevated Privileges. Read more

www.securitytracker.com:
eXchange POP3 Server SMTP Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
RealServer Discloses Usernames and Passwords to Local Users. Read more

www.securitytracker.com:
Yahoo! Mail Scripting Filter Can Be Bypassed By Remote Users. Read more

www.securitytracker.com:
utempter Input Validation Errors May Let Local Users Gain Root Privileges. Read more

www.securitytracker.com:
Serv-U FTP Server LIST '-l:' Buffer Overflow Lets Remote Authenticated Users Crash the FTP Service. Read more

www.securitytracker.com:
Fastream NETFile Server Lets Remote Users Deny Service With Non-Existent Usernames. Read more

www.securiteam.com:
Internet Explorer Print without Prompting. Read more

www.uniras.gov.uk:
Vulnerability Issues in TCP. Read more

News:
www.baltimoresun.com:
Security experts move to fix flaw in Internet. Read more

www.detnews.com:
Internet technology vulnerable to hackers, researchers say. Read more

www.theregister.co.uk:
Meet NetSky-X, the Babel Fish worm. Read more

www.esj.com:
Worst Security Problem: Attachments. Read more

www.theregister.co.uk:
One third of email now spam. Read more

20 april 2004

New in Archive
Hotmail Hacker Log Edition 3.0

Backdoor.VB.aq

Iroffer 1.3b05 (1306.c)

Guides, Papers, etc.
Hackers: Under the hood
ZDNet Australia went on the hunt to track down some of the world's most prominent (and notorious) hackers. In this five-part series, we delve into the lives of five prominent hackers who reveal issues close to their heart. Read more

www.securityfocus.com:
Basic Web Session Impersonation. Read more

Vulnerabilities & Exploits
www.securitytracker.com:
phpBB 'common.php' Lets Remote Users Spoof IP Addresses. Read more

www.securitytracker.com:
XChat Socks-5 Proxy Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
BitDefender Scan Online ActiveX Control Lets Remote Users Install and Execute Arbitrary Code. Read more

www.securitytracker.com:
PT Advanced Shoppingcart Discloses Shopping Database to Remote Users. Read more

www.securitytracker.com:
SquirrelMail 'chpasswd' Buffer Overflow Yields Root Privileges to Local Users. Read more

www.securitytracker.com:
Mille Buffer Overflow Lets Local Users Gain Elevated Privileges. Read more

www.securitytracker.com:
natrail.pl Input Validation Holes May Let Remote Users Execute Commands. Read more

www.securitytracker.com:
CVS Server Piped Checkout Input Validation Flaw Discloses RCS Files to Remote Authenticated Users. Read more

www.securitytracker.com:
PostNuke NS-Polls Input Validation Hole in 'pn_uid' Permits SQL Injection. Read more

www.securitytracker.com:
Phorum Input Validation Hole in 'phorum_uriauth' Lets Remote Users Execute SQL Commands. Read more

www.securiteam.com:
Multiple Cisco Exploit Codes. Read more

www.securiteam.com:
Squirrelmail Change_passwd Buffer Overflow Exploit. Read more

www.debian.org:
DSA-492-1 iproute -- denial of service. Read more

News:
www.silicon.com:
New Phatbot worm out there? Read more

www.technewsworld.com:
VeriSign Reports Massive Worm in the Works. Read more

news.bbc.co.uk:
Passwords revealed by sweet deal. Read more

australianit.news.com.au:
The Trojan that wasn't. Read more

19 april 2004

New in Archive
Phoenix RAT 1.0

Checkesp

Litmus 2.02

Tools
knockd is a port-knock server. It listens to all traffic on an ethernet interface, looking for special "knock" sequences of port-hits. A client makes these port-hits by sending a TCP (or UDP) packet to a port on the server. This port need not be open -- since knockd listens at the link-layer level, it sees all traffic even if it's destined for a closed port. When the server detects a specific sequence of port-hits, it runs a command defined in its configuration file. This can be used to open up holes in a firewall for quick access. Read more

Vulnerabilities & Exploits
www.securitytracker.com:
UltraApps Portal Discloses Database to Remote Users. Read more

www.securitytracker.com:
Logcheck Unsafe Temporary Directory Lets Local Users Gain Elevated Privileges. Read more

www.securiteam.com:
WinZip MIME Parsing Buffer Overflow Exploit. Read more

www.securiteam.com:
Utility Manager Local Privileges Escalation Exploit. Read more

www.securiteam.com:
ColdFusion MX Oversize Error Message DoS. Read more

www.securiteam.com:
ColdFusion MX File Upload DoS. Read more

www.securiteam.com:
Cisco IPsec VPN Implementation Group Password Usage Vulnerability. Read more

www.securiteam.com:
RealNetworks Helix Universal Server DoS (GET_PARAMETER, DESCRIBE). Read more

www.securiteam.com:
DoS Vulnerability in Microsoft Windows SPNEGO Protocol Decoding (MS04-011). Read more

www.securiteam.com:
Microsoft Windows Utility Manager Vulnerability (MS04-11). Read more

www.netwosix.org:
LNSA-#2004-0012: Multiple format string vulnerabilities in neon. Read more

18 april 2004

New in Archive
EuEx

Backdoor.Lamost

tdongsdbot 1.03

Vulnerabilities & Exploits
www.debian.org:
DSA-491-1 linux-kernel-2.4.19-mips -- several vulnerabilities. Read more

www.debian.org:
DSA-490-1 zope -- arbitrary code execution. Read more

www.debian.org:
DSA-489-1 linux-kernel-2.4.17-mips+mipsel -- several vulnerabilities. Read more

www.debian.org:
DSA-488-1 logcheck -- insecure temporary directory. Read more

www.debian.org:
DSA-487-1 neon -- format string. Read more

www.debian.org:
DSA-486-1 cvs -- several vulnerabilities. Read more

News:
www.theregister.co.uk:
PC makers win back right to sue Microsoft. Read more

scotlandonsunday.scotsman.com:
Massive rise in internet banking fraud. Read more

www.kbalertz.com:
Delete anti-virus and firewall (!?). Read more

money.guardian.co.uk:
Online accounts face massive rise in 'phishing' scams. Read more

www.theregister.co.uk:
US proposes rigorous spam sentencing. Read more

seattletimes.nwsource.com:
10 years of tech: Look at the way we were, then see how far things may go. Read more

www.techworld.com:
Netsky.V climbs through upstairs Windows. Read more

www.infoworld.com:
Supercomputer hacks highlight ed security challenge. Read more

17 april 2004

New in Archive
DTr 1.4.4 (d) server

Backdoor.Jes.16

Iroffer 1.3b06 (1307)

Vulnerabilities & Exploits
www.securitytracker.com:
ColdFusion MX File Upload Disk Space Management Bug Lets Remote Users Deny Service. Read more

www.securitytracker.com:
Gemitel Include File Hole in 'affich.php' Lets Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
KPhone Can Be Crashed By Remote Users Sending Malformed STUN Packets. Read more

www.securitytracker.com:
ZoneAlarm E-mail Security Can Be Bypassed By Remote Users. Read more

www.securitytracker.com:
phpBugTracker Input Validation Flaws in 'user.php', 'bugs.php', and 'query.php' Let Remote Users Inject SQL Commands. Read more

www.securitytracker.com:
WinSCP Can Be Crashed By Specially Crafted URLs. Read more

www.debian.org:
DSA-485-1 ssmtp -- format string. Read more

www.debian.org:
DSA-484-1 xonix -- failure to drop privileges. Read more

News:
www.theregister.co.uk:
The average PC: spyware hotel. Read more

news.xinhuanet.com:
Nearly half of junk e-mails contain viruses: survey. Read more

www.pcworld.com:
Web Braces for Netsky.V's Attack. Read more

www.techweb.com:
Netsky Worms Just Keep On Coming. Read more

www.informationweek.com:
Netsky: W And Counting April. Read more

news.netcraft.com:
Phishing Trojan Grabs Browser Screen Shots. Read more

news.bbc.co.uk:
Teenager comes to Microsoft's aid. Read more

www.pcadvisor.co.uk:
Spyware runs rampant, study says. Read more

www.crime-research.org:
Victims of cyber crime. Read more

16 april 2004

New in Archive
Poltergeist 1.2

Klog Serve beta

PA HAC 1.0 Beta 2004

Tools
FileSystem Investigator is a platform independent file system viewer and data extraction tool. It allows the user to: View the contents of the target file system in a forensicly safe manner, bypassing the normal operating system mechanisms. Read more

Guides, Papers, etc.
www.schneier.com:
Attacking Certificates with Computer Viruses. Read more

www.ebcvg.com:
Web Application Worms: Myth or Reality? Read more

Vulnerabilities & Exploits
www.securitytracker.com:
Cisco IPsec Implementation Lets Certain Users Conduct Man-in-the-Middle Attacks. Read more

www.securitytracker.com:
Cisco IPsec VPN Client Discloses Group Password to Certain Local Users. Read more

www.securitytracker.com:
RealNetworks Helix Universal Server URL Processing Error Lets Remote Users Crash the Service. Read more

www.securitytracker.com:
SCT Campus Pipeline Javascript Event Input Validation Holes Let Remote Users Execute Arbitrary Commands. Read more

www.securitytracker.com:
PostNuke Input Validation Flaw in 'NS-Your_Account' Module Lets Remote Users Inject SQL Commands. Read more

www.securitytracker.com:
Linux Sound Blaster Driver Error Lets Local Users Crash the System. Read more

www.securitytracker.com:
Linux Kernel Leaks System Memory to JFS Filesystem. Read more

www.securitytracker.com:
Linux Kernel Leaks System Memory to XFS Filesystem. Read more

www.securitytracker.com:
Linux Kernel Leaks System Memory to EXT3 Filesystem. Read more

www.securitytracker.com:
cadaver Format String Flaws Let Remote WebDAV Servers Execute Arbitrary Code on Connected Clients. Read more

www.securitytracker.com:
neon Format String Flaws Let Remote WebDAV Servers Execute Arbitrary Code on Connected Clients. Read more

www.securitytracker.com:
Xonix Game High Score Mail Function Lets Local Users Gain Elevated Privileges. Read more

www.securitytracker.com:
sSMTP Format String Flaws Let Remote Servers Execute Arbitrary Code. Read more

www.securitytracker.com:
MySQL 'mysqld_multi' Temporary File Flaw Lets Local Users Overwrite Files. Read more

www.securitytracker.com:
Servers Alive Stores Passwords in a Local Configuration File. Read more

www.securiteam.com:
Monit Remote Root Proof Of Concept Exploit. Read more

www.securiteam.com:
Microsoft IIS SSL/TLS Remote DoS. Read more

News:
www.theregister.co.uk:
NetSky-V spreads on auto-pilot. Read more

afr.com:
New virus warning for home users. Read more

www.web-user.co.uk:
Netsky variant targets Microsoft holes. Read more

www.theregister.co.uk:
Windows Update groans under patch load. Read more

www.crime-research.org:
Spammer business on the rise. Read more

15 april 2004

New in Archive
X� WebDL 1.1

El Diablo III

Pex

Vulnerabilities & Exploits
Linux Kernel Buffer Overflow in ISO660 File System Rock Ridge Extension Lets Local Users Execute Arbitrary Code. Read more

www.securitytracker.com:
CVS Path Validation Flaw in RCS Diff Files Lets Remote Servers Create Arbitrary Files on the Target Client's System. Read more

www.securitytracker.com:
Zaep AntiSpam Input Validation Flaw Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
Eudora Can Be Crashed By E-mail With Deeply Nested MIME Content. Read more

www.securitytracker.com:
Microsoft H.323 Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
Microsoft SSL Library Input Validation Error Lets Remote Users Crash the Service. Read more

www.securitytracker.com:
Microsoft Windows Kernel Local Descriptor Table Flaw Lets Local Users Gain Elevated Privileges. Read more

www.securitytracker.com:
Microsoft Windows Negotiate Security Software Provider (SSP) Buffer Overflow Lets Remote and Local Users Execute Arbitrary Code. Read more

www.securitytracker.com:
Microsoft Windows Management Interface Provider Lets Local Users Gain Elevated Privileges. Read more

www.securitytracker.com:
Microsoft Utility Manager Lets Local Users Run Applications With Elevated Privileges. Read more

www.securitytracker.com:
Microsoft Winlogon Buffer Overflow Lets Certain Remote Users Execute Arbitrary Code. Read more

www.debian.org:
DSA-483-1 mysql -- insecure temporary file creation. Read more

www.debian.org:
DSA-482-1 linux-kernel-2.4.17-apus+s390 -- several vulnerabilities. Read more

www.debian.org:
DSA-481-1 linux-kernel-2.4.17-ia64 -- several vulnerabilities. Read more

www.debian.org:
DSA-480-1 linux-kernel-2.4.17+2.4.18-hppa -- several vulnerabilities. Read more

www.debian.org:
DSA-479-1 linux-kernel-2.4.18-alpha+i386+powerpc -- several vulnerabilities. Read more

News:
www.theregister.co.uk:
MS score card: four patches, 20 vulns, heaps of trouble. Read more

www.logisticsit.com:
Weekly report on viruses and intrusions. Read more

www.theregister.co.uk:
SEXUALLY-EXPLICIT: FTC labels porno spam. Read more

www.woai.com:
Microsoft Patches Ward Off Hackers. Read more

www.crime-research.org:
Phishing Scams: Statistics from mi2gIntelligence Unit. Read more

www.rednova.com:
Hackers Attack Research Institutions. Rread more

www.securityfocus.com:
War of words rages over Internet taps. Read more

www.pcworld.com:
Security Firm Warns of Spam That Spies. Read more

www.tmcnet.com:
IIJ Launches Emergency Virus Countermeasure Service; Provided as the First Service in the Series of E-Mail Solutions Enhancement. Read more

14 april 2004

New in Archive
Cart�o virtual

Backdoor.Shaggy

Iroffer 1.3b05 (1306.b)

Vulnerabilities & Exploits
xforce.iss.net:
Microsoft SSL Library Remote Compromise Vulnerability. Read more

xforce.iss.net:
Microsoft RPC Race Condition Denial of Service. Read more

xforce.iss.net:
Multiple Vulnerabilities in Microsoft Products. Read more

Microsoft Windows 2000 Domain Controller LDAP Flaw May Let Remote Users Restart the Authentication Service. Read more

BEA WebLogic May Disclose Administrative Password in Certain Cases. Read more

BEA WebLogic Custom Trust Manager Flaw May Let Remote Users Impersonate Target Users or Servers. Read more

BEA WebLogic May Disclose Database Password Via 'config.xml' For Untargeted JDBC Connection Pools. Read more

BEA WebLogic Authentication Provider May Assign Incorrect Privileges in Certain Cases. Read more

Microsoft Windows COM Internet Services and RPC over HTTP Can Be Crashed By Remote Users. Read more

Microsoft Windows COM Object Identifier Creation Flaw May Let Remote Users Cause Applications to Open Network Ports. Read more

Microsoft Virtual DOS Machine (VDM) Lets Local Users Gain Elevated Privileges. Read more

Microsoft Windows RCP Memory Leak Lets Remote Users Deny Service. Read more

Microsoft Jet Database Engine 'msjet40.dll' Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more

Microsoft ASN.1 Library (msasn1.dll) Double-Free Memory Allocation Error May Let Remote Users Execute Arbitrary Code. Read more

Microsoft SSL Library PCT Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more

Microsoft Help and Support Center Input Validation Flaw Lets Remote Users Execute Arbitrary Code in the My Computer Zone. Read more

Microsoft LSASS Service Buffer Overflow Lets Remote Users Execute Arbitrary Code With SYSTEM Privileges. Read more

TUTOS Multiple Input Validation Holes Permit Remote SQL Injection, Path Disclosure, and Cross-Site Scripting Attacks. Read more

Microsoft Outlook Express Can Be Crashed By Remote Users With Specially Crafted EML File. Read more

Microsoft Internet Explorer Javascript OLE Object Lets Remote Users Automatically Print Without Authorization. Read more

Yahoo! Messenger Saves Password in Plain Text to Local Temporary File in Certain Cases. Read more

Microsoft Internet Explorer Bitmap Memory Allocation Error Lets Remote Users Cause All Available Memory to Be Consumed. Read more

Trillian Saves Yahoo! Password in Plain Text to Local Temporary File in Certain Cases. Read more

PHP-Nuke 'auth.php' Input Validation Error Lets Remote Users Bypass Authentication and Execute Admin-Level PHP-Nuke Commands. Read more

PHP-Nuke 'modules.php' Input Validation Error Lets Remote Users Bypass Authentication and Execute User-Level PHP-Nuke Commands. Read more

NewsPHP Authentication Flaw Lets Remote Users Gain Administrative Access. Read more

www.securiteam.com:
eMule DecodeBase16 Remote Buffer Overflow Exploit Code. Read more

www.securiteam.com:
Solaris Kernel Module Insertion Exploit. Read more

www.securiteam.com:
IPFW ECE Firewall Bypassing Exploit. Read more

News:
www.microsoft.com:
How to Tell If a Microsoft Security-Related Message Is Genuine. Read more

Microsoft Security Bulletin MS01-041.
Malformed RPC Request Can Cause Service Failure. Read more

Microsoft Security Bulletin MS02-011
Authentication Flaw Could Allow Unauthorized Users To Authenticate To SMTP Service. Read more

Microsoft Security Bulletin MS03-046
Vulnerability in Exchange Server Could Allow Arbitrary Code Execution (829436). Read more

Microsoft Security Bulletin (MS00-082)
Patch Available for 'Malformed MIME Header' Vulnerability. Read more

www.theregister.co.uk:
Browser-based attacks on the up. Read more

www.overclockersclub.com:
"News: Microsoft puts out 4 security patches". Read more

www.logisticsit.com:
Weekly report on viruses and intrusions. Read more

www.silicon.com:
Hackers attack Linux supercomputers. Read more

www.news-journalonline.com:
Why do I get e-mails saying I've sent other people viruses? Read more

13 april 2004

New in Archive
Visitor 1.1

manSlut Uploader 1.0 rc7

Backdoor.Winker.b

Vulnerabilities & Exploits
www.securitytracker.com:
SurgeLDAP 'user.cgi' Directory Traversal Flaw Discloses Files to Remote Users. Read more

www.securitytracker.com:
TikiWiki Multiple Input Validation Holes Let Remote Users Inject SQL Commands, Conduct Cross-Site Scripting Attacks, and Upload Files. Read more

www.vnunet.com:
Spam reaches new heights. Read more

www.petroleumworld.com:
The Rise of Complex Terrorism. Read more

News:

12 april 2004

New in Archive
Recon 2.0

Che CGI Bot 1.0 Build 2

Transistor 1.2 (b)

Guides, Papers, etc.
www.enterpriseitplanet.com:
An Hour with Kevin Mitnick. Read more

www.enterpriseitplanet.com:
An Hour with Kevin Mitnick, Part 2. Read more

orchestra.webhostme.com:
Self Reshaping Script Code In Textbox With Add-In Functionality. Read more

razor.bindview.com:
Comparing binaries with graph isomorphisms. Read more

Vulnerabilities & Exploits
www.securitytracker.com:
X-Micro WLAN 11b Broadband Router Has Built-in Backdoor Administrator Account. Read more

www.securiteam.com:
McAfee FreeScan ActiveX Buffer Overflow and Information Disclosure. Read more

www.securiteam.com:
Panda ActiveScan Remote Buffer Overflow and DoS. Read more

www.securiteam.com:
Multiple Vulnerabilities in Monit. Read more

www.securiteam.com:
RSniff DoS. Read more

News:
www.overclockersclub.com:
"News: Netsky Worm Variant Attacks P2P Services". Read more

www.crime-research.org:
Cyber Terrorism : The new kind of Terrorism. Read more

www.fcw.com:
Nowhere to hide. StealthWatch catches intruders even if they try to cover their tracks. Read more

www.buffalonews.com:
Online criminals are 'phishing' for your personal financial data. Read more

www.vnunet.com:
Bugwatch: Foiling phishers. Read more

11 april 2004

New in Archive
Hotmail Hacker Log Edition 2.6

Hook universal plus

Backdoor.Delf.ew

Vulnerabilities & Exploits
www.securitytracker.com:
Scorched 3D Format String Flaw Lets Remote Users Crash the Server and May Permit Arbitrary Code Execution. Read more

www.securitytracker.com:
Open WebMail Input Validation Flaw Lets Remote Users Create Arbitrary Directories. Read more

www.securitytracker.com:
RSniff Connection State Error Lets Remote Users Deny Service. Read more

www.securitytracker.com:
Sun Cluster Race Condition Lets Remote Users Panic the Cluster. Read more

www.securitytracker.com:
Crackalaka IRC Server Can Be Crashed By Remote Users. Read more

WINDOWS XP software restriction policy [path rule] bypass. Read more

News:
www.theregister.co.uk:
NY Times hacker sentencing delayed. Read more

www.theregister.co.uk:
Germany moots jail for spammers. Read more

www.gridtoday.com:
New Marking Process Traces Spammers, Pirates And Hackers. Read more

10 april 2004

New in Archive
NetCrack 1.3 beta 1.0

Cab of Filth 1.2b English

Stealth Redirector 1.3

Vulnerabilities & Exploits
www.securitytracker.com:
FirstClass Client Buffer Overflow in Processing PROXYADDR Parameter Lets Local Users Execute Arbitrary Code. Read more

www.securitytracker.com:
LCDproc Format String and Buffer Overflows Let Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
LCDproc Buffer Overflow in Processing Too Many Arguments Lets Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
NukeCalendar Input Validation Holes Let Remote Users Inject SQL Commands and Conduct Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
AzDGDatingLite Input Validation Flaw Lets Remote Users Conduct Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
Cisco IPSec VPN Services Module IKE Bug Lets Remote Users Crash the Affected Switch/Router. Read more

www.securitytracker.com:
Sun Solaris sshd May Fail to Log SSH Client IP Addresses. Read more

www.securiteam.com:
REAL One Player R3T File Format Stack Overflow. Read more

News:
catless.ncl.ac.uk:
Yet another version of the Beagle social engineering. Read more

www.sundaytimes.co.za:
Netsky.Q to launch Easter attack. Read more

www.tmcnet.com:
GeoTrust Warns Consumers of Rapidly Growing Internet/Web Scams Known as ``Phishing''. Read more

www.searchenginejournal.com:
Google GMail Targeted by Privacy and Civil Liberty Groups. Read more

09 april 2004

New in Archive
Backdoor.Carufax.d

Harvester2003 v01 servervb

Iroffer 1.2b28

Iroffer 1.3b05 (1306.a)

Tools
The Metasploit Project. Read more

Guides, Papers, etc.
www.phrack.org:
Phrack-62 call for papers. Read more

Vulnerabilities & Exploits
www.securitytracker.com:
HP OpenView Operations/VantagePoint Authentication Flaw Grants Administrative Access to Remote Users. Read more

www.securitytracker.com:
Avaya Converged Communication Server Buffer Overflow in Processing SIP Packets Lets Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
1st Class Mail Server Input Validation Holes Disclose Files to Remote Users and Permit Cross-Site Scripting Attacks. Read more

News:
news.com.com:
Plug-in flaw leaves RealPlayer users open to attack. Read more

www.eweek.com:
Security Alert: New Bagle.X Worm Variant Detected. Read more

news.com.com:
Security tool more harmful than helpful? Read more

www.intego.com:
Intego Announces Protection against the First Mac OS X Trojan Horse: MP3Concept. Read more

www.pcworld.com:
'Homeless Hacker' Sentencing Delayed. Read more

news.bbc.co.uk:
Phishing con hijacks browser bar. Read more

slashdot.org:
Hidden Messages in Spam. Read more

08 april 2004

New in Archive
Toquito Bandito 5h17

BlackCore 1.1

NeoControlRed 2.1.3

Iroffer 1.3b02 (1302.l)

Vulnerabilities & Exploits
www.securitytracker.com:
Gentoo Portage Lockfile Flaw Lets Local Users Truncate Files. Read more

www.securitytracker.com:
Wireless LAN Solution Engine (WLSE) Hardcoded User Account Grants Full Access to Remote Users. Read more

www.securitytracker.com:
Cisco Hosting Solution Engine (HSE) Hardcoded User Account Grants Full Access to Remote Users. Read more

www.securitytracker.com:
KAME Racoon RSA Signature IKE Phase 1 Authentication Flaw Authenticates Remote Users. Read more

www.securitytracker.com:
GNU Sharutils Buffer Overflow in 'shar' Lets Users Execute Arbitrary Code. Read more

www.securitytracker.com:
Microsoft Internet Explorer Security Domain Flaw in Accessing CHM Files Lets Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
Intel Server Setup Utilities May Let Remote Users Access Motherboard Utility Functions. Read more

www.securitytracker.com:
Panda ActiveScan 'ascontrol.dll' Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
F-Secure Anti-Virus for MIMEsweeper Fails to Detect Sober.D Worm. Read more

www.securitytracker.com:
McAfee FreeScan ActiveX Control Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
Symantec Security Check ActiveX Buffer Overflow in GetPrivateProfileString() Lets Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
blaxxun3D Scripting Object Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
RealOne/RealPlayer Buffer Overflow in Processing R3T Files Lets Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
Apple Mac OS X Mail Has Unspecified Flaw in Processing HTML E-mail. Read more

www.securitytracker.com:
Apple Mac OS X CUPS Configuration Flaw Has Unspecified Impact. Read more

www.securitytracker.com:
F-Secure BackWeb (for AntiVirus) Lets Local Users Gain SYSTEM Privileges. Read more

www.securitytracker.com:
Adobe Photoshop Remote COM Scripting Objects Let Remote Users Deny Service. Read more

www.securitytracker.com:
Macromedia Flash Null Pointer Assignment in LoadMovie() Lets Remote Users Deny Service. Read more

www.securitytracker.com:
Microsoft Windows XP 'mswebdvd.dll' Buffer Overflow Lets Remote Users Deny Service. Read more

www.cisco.com:
Cisco Security Advisory: A Default Username and Password in WLSE and HSE Devices. Read more

News:
www.theregister.co.uk:
KaZaA and eDonkey brace for NetSky-Q onslaught. Read more

www.theregister.co.uk:
Witty extinction. Read more

www.securityfocus.com:
Tracking the blackout bug. Read more

www.theregister.co.uk:
Japanese finger virus for police document leak. Read more

www.guardian.co.uk:
Locking out viruses. Read more

www.crime-research.org:
Maxim Kovalchuck wil be out on bail. Read more

www.baltimoresun.com:
'Phishing' hooks many a Net surfer. Read more

www.globetechnology.com:
Growing acceptance of Linux has dark side. Read more

www.guardian.co.uk:
There's only one thing scarier than a computer virus and that's anti-virus software. Read more

www.pitch.com:
The Spammer Next Door. Read more

07 april 2004

New in Archive
SuperStar 1.0

Remote Dark Trojan 1.0

Iroffer 1.3b05 (1306.d)

Iroffer 1.3b05 (1306.e)

Iroffer 1.3b05 (1306.f)

Vulnerabilities & Exploits
www.securitytracker.com:
SuSE YaST 'online_update' Temporary File Symlink Flaw Lets Local Users Gain Elevated Privileges. Read more

www.securitytracker.com:
IGI-2 Covert Strike Game Format String Flaw Lets Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
Microsoft SharePoint Portal Server Input Validation Holes Permit Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
IBM Director Agent Can Be Crashed By Remote Users. Read more

www.securitytracker.com:
ActivePerl win32_stat() Buffer Overflow May Let Users Execute Arbitrary Code. Read more

www.securitytracker.com:
Perl win32_stat() Buffer Overflow May Let Users Execute Arbitrary Code. Read more

www.securitytracker.com:
Monit Errors in Basic Authentication on the Administration Interface Let Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
TeXUtil Temporary File Symlink Flaw May Let Local Users Gain Elevated Privileges. Read more

www.securitytracker.com:
Winamp Fasttracker 2 File 'in_mod.dll' Heap Overflow Lets Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
Citrix MetaFrame Password Manager May Disclose Passwords to Local Users. Read more

www.uniras.gov.uk:
Vulnerability in Internet Explorer. Read more

www.debian.org:
DSA-477-1 xine-ui -- insecure temporary file creation. Read more

www.debian.org:
DSA-476-1 heimdal -- cross-realm. Read more

News:
www.theregister.co.uk:
The Joe Job DoS attack. Read more

www.crime-research.org:
$2M from nothing. Read more

www.infoworld.com:
New Netsky worms change their stripes. Read more

www.techworld.com:
Windows to remain security risk for years to come. Read more

www.net4nowt.com:
There�s something Phishy going on around here. Read more

www.informationweek.com:
Bugbear's Back. Read more

www.techweb.com:
New Bugbear Worm Exploits Unpatched IE Vulnerability. Read more April

05 april 2004

New in Archive
Intruzzo 1.1 client

Tiny RAT

Hook universal

Iroffer 1.3b05 (k)

Vulnerabilities & Exploits
www.securitytracker.com:
FTE Command Line and Environment Variable Buffer Overflows May Let Local Users Gain Elevated Privileges. Read more

www.securitytracker.com:
Aborior Encore Web Forum Input Validation Flaw in 'display.cgi' Lets Remote Users Execute Arbitrary Commands. Read more

www.securitytracker.com:
eMule DecodeBase16() Stack Overflow Lets Remote Users Execute Arbitrary Code. Read more

News:
www.crime-research.org:
The price for security. Read more

www.abc.net.au:
Keystroke trackers target Internet banking. Read more

mdn.mainichi.co.jp:
Hackers have some balls to pooh-pooh Winny. Read more

reviews-zdnet.com.co:
Why I'm not sending you viruses. Read more

www.bizjournals.com:
'Worm' cripples C I Host servers. Read more

australianit.news.com.au:
Virus alerts explode. Read more

www.ameinfo.com:
Incidents of 'Phishing' or Internet scams involving theft of financial information on the rise. Read more

www.theinquirer.net:
Windows Server security claims hammered. Read more

www.rutlandherald.com:
E-mail scams are getting more sophisticated. Read more

04 april 2004

New in Archive
NeoControlRed 2.0.2

NeoControlRed 2.1.1

Backdoor.Dumador.f

Guides, Papers, etc.
www.linuxexposed.com:
IP Spoofing: Understanding the basics. Read more

Vulnerabilities & Exploits
www.securitytracker.com:
Macromedia Dreamweaver Test Scripts Disclose DSNs to Remote Users and May Permit SQL Injection. Read more

www.securitytracker.com:
Heimdal Kerberos Cross-Realm Validation Flaw May Permit User Impersonation. Read more

www.securitytracker.com:
Interchange Commerce System Discloses SQL Access Information to Remote Users. Read more

www.securitytracker.com:
HAHTsite Scenario Server Project Name Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read more

www.securitytracker.com:
MondoSearch 'MsmChgPw.msk' Discloses Valid Administrator Account Names to Remote Users. Read more

www.securitytracker.com:
MondoSearch 'MsmHigh.exe' Can By Used As a Web Proxy By Remote Users. Read more

www.securitytracker.com:
MondoSearch 'MsmHigh.exe' and 'MsmLink.exe' Memory Consumption Lets Remote Users Deny Service. Read more

News:
www.technewsworld.com:
The Myth of the Secure Operating System. Read more

news.com.com:
MSBlast epidemic far larger than believed. Read more

www.theregister.co.uk:
Google mail is evil - privacy advocates. Read more

03 april 2004

New in Archive
System33r Stealth Downloader 0.7.3b (LITE)

Iroffer 1.3b04 (1305.h)

Iroffer 1.3b04 (1305.i)

Cab of Filth 1.2f (h)

Vulnerabilities & Exploits
www.securitytracker.com:
FTGatePro 'Display Name' Input Validation Flaw Permits Cross-Site Scripting Attacks. Read more

www.securitytracker.com:
Mollensoft FTP Server STOR Command Buffer Overflow Lets Remote Authenticated Users Execute Arbitrary Code. Read more

www.debian.or:
DSA-471-1 interchange -- missing input sanitising. Read more

www.debian.or:
DSA-470-1 linux-kernel-2.4.17-hppa -- several vulnerabilities. Read more

News:
zdnet.com.com:
MSBlast epidemic far larger than believed. Read more

www.crime-research.org:
Computer & Internet Crime 2004. read more

www.crime-research.org:
Ukrainian system of criminal investigation in the action. Read more

thewhir.com:
C I Host Replaces BlackIce Firewall. Read more

www3.gartner.com:
Hacker's 'Toolkit' Shows Security Flaws Not Just in Software. Read more

www.antiphishing.org:
Paypal - "Please, update your Paypal account". Read more

www.sophos.com:
Sophos white paper describes how spammers disguise their emails as non-delivery reports. Read more

02 april 2004

New in Archive
KaoTan 1.0

MoUsSa's Noobies Trojan 1.0

Vulnerabilities & Exploits
OpenLDAP back-ldbm Initialization Error May Let Remote Users Crash the Server. Read more

ImgSvr Web Interface Discloses Directory Listings and Files to Remote Users. Read more

madBMS Authentication Flaw May Yield Access to Remote Users. Read more

Clam AntiVirus Unsafe VirusEvent Directive May Let Local Users Gain Root Privileges. Read more

cdp Song Name Buffer Overflow May Execute Arbitrary Code When a Malicious CD is Played. Read more

Oracle Single Sign-On Customized Login Page Feature Lets Remote Users Obtain a Target User's Credentials. Read more

Microsoft Internet Explorer Does Not Correctly Display Links With Embedded FORM Data. Read more

Microsoft Outlook Express Does Not Correctly Display Links With Embedded FORM Data. Read more

CactuShop Input Validation Holes in 'mailorder.asp' and 'payonline.asp' Let Remote Users Inject SQL Commands and Execute Operating System Commands. Read more

PHPKIT Input Validation Holes in Forum Section Permits Cross-Site Scripting Attacks. Read more

News:
www.channelnewsasia.com:
New 'Bagle' Internet virus spreading fast: experts. Read more

www.smh.com.au:
Netsky, Bagle worms top malware charts. Read more

www.theregister.co.uk:
Netsky tops virus charts by a country mile. Read more

www.theregister.co.uk:
Tech heavyweights explain how to destroy the Internet. Read more

www.theregister.co.uk:
Bug hunters go open source. Read more


Copyright� MegaSecurity.org