Home
News Archive    Translate Traducen
News November 2002
30 november 2002

New Trojans:
Y3K_Rat pro 0.2

Boss Eye 1.0

Hanuman

Vulnerabilities & Exploits:
online.securityfocus.com:
AOL Instant Messenger Forced File Download Vulnerability. Read More

online.securityfocus.com:
RealPlayer RealFlash Source Loading Buffer Overflow Vulnerability. Read More

online.securityfocus.com:
RealPlayer Long File Name Now Playing Buffer Overflow Vulnerability. Read More

online.securityfocus.com:
RealOne Player SMIL File Heap Corruption Vulnerability. Read More

www.securitytracker.com:
libcgi (TuxBR) Buffer Overflows May Allow Users to Execute Arbitrary Code. Read More

www.securitytracker.com:
OpenWindows mailtool(1) Client for Sun Solaris Can Be Crashed By Remote Users. Read More

www.securitytracker.com:
Sybase Adaptive Server Buffer Overflows Let Local or Remote Authenticated Users Gain Root Privileges. Read More

www.securitytracker.com:
Solaris priocntl() System Call Lets Local Users Grab Root Privileges. Read More

www.securiteam.com:
Cross-site Scripting Vulnerability in ImageFolio Image Gallery Software. Read More

News:
www.vnunet.com:
Islamic group plans three-day e-jihad. Read More

www.internet-magazine.com:
Jewish group tells of 'electronic Jihad' plan. Read More

www.net-security.org:
Variant of the Harmful CIH Virus Found. Read More

www.vnunet.com:
Bush allocates $900m for cyber security. Read More

www.vnunet.com:
Fines for porn-surfing politicians. Read More

29 november 2002

New Trojans:
Digital Hand 1.1

Fuck Lamers Backdoor 2.6

Remote Desktop

Vulnerabilities & Exploits:
www.securitytracker.com:
Bugzilla Input Validation Hole in 'quips' Feature Lets Remote Users Conduct Cross-Site Scripting Attacks. Read More

www.securitytracker.com:
News Evolution Forum Software Include File Bug Lets Remote Users Execute Arbitrary Commands on the System. Read More

www.securitytracker.com:
Freenews Forum Software Include File Bug Lets Remote Users Execute Arbitrary Commands on the System. Read More

www.securitytracker.com:
IBM Performance Tools Access Control Bug May Let Local Users Gain Elevated Privileges. Read More

www.securitytracker.com:
Netscape Browser Java Buffer Overflow in canCovert() Method Allows Malicious Applets to Execute Arbitrary Code. Read More

www.securitytracker.com:
phpBB2 Input Validation Flaw Lets Remote Users Insert Scripting Code into Certain HTML Tags to Conduct Cross-Site Scripting Attacks. Read More

www.securitytracker.com:
Web Server Creator Include File Error Enables Remote Users to Execute Arbitrary Commands. Read More

www.securiteam.com:
pWins Perl Web Server Directory Transversal Vulnerability. Read More

www.securiteam.com:
Sybase DBCC CHECKVERIFY Buffer Overflow. Read More

www.securiteam.com:
Sybase DROP DATABASE Buffer Overflow. Read More

www.securiteam.com:
Sybase xp_freedll Buffer Overflow. Read More

www.securiteam.com:
Remote Multiple Buffer Overflow Vulnerability in Libcgi-tuxbr. Read More

News:
www.theregister.co.uk:
Winevar worm sets sites on Symantec. Read More

www.theregister.co.uk:
Nasty virus Winevar insults infected users. Read More

www.internet-magazine.com:
A new virus and a possible solution. Read More

www.infosecuritymag.com:
The 5 past attacks that haunt us, the 5 fears that trouble us. Read More

www.internet-magazine.com:
China detains Internet users. Read More

www.vnunet.com:
China criticised for jailing surfers. Read More

www.net-security.org:
Cracking OpenVMS Passwords with John the Ripper. Read More

www.net-security.org:
Challenge: How Did These Processes Get Here? Read More

mdn.mainichi.co.jp:
Seething student hacks woman's Hotmail for porno attack. Read More

28 november 2002

New Trojans:
AntiLamer Light 2.0

DTr 1.2

666 de Troie 1.0

Vulnerabilities & Exploits:
www.securitytracker.com:
NetScreen 'Malicious-URL' Feature Can By Bypassed By Remote Users Via IP Fragmentation. Read More

www.securitytracker.com:
NetScreen Predictable TCP Sequence Numbers Let Remote Users Bypass Security Rules. Read More

www.securitytracker.com:
NetScreen H.323 Session State Bug Lets Remote Users Deny Service. Read More

www.securitytracker.com:
Sun X Font Server (XFS) Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read More

www.securitytracker.com:
WSMP3 Web_server Buffer Overflows and malloc()/free() Bug Allow Remote Users to Execute Arbitrary Code. Read More

www.securitytracker.com:
pico Server (pServ) Buffer Overlow in Processing POST Requests Lets Remote Users Crash the Service. Read More

www.securitytracker.com:
SSH Communications SSH Secure Shell Client Buffer Overflow in Processing URLs May Let Remote Users Execute Arbitrary Code. Read More

www.securitytracker.com:
SSH Communications SSH Secure Shell Process Grouping Flaw in setsid() May Let Authenticated Users Gain Elevated Privileges. Read More

News:
www.pcworld.com:
New E-Mail Worm Causing Severe Damage. Read More

www.silicon.com:
Virus warning: Watch out for the WINEVAR worm. Read More

www.informationweek.com:
New Worm Adds Insult To Injury. Read More

zdnet.com.com:
E-mail virus insults its victims. Read More

www.vnunet.com:
Email limits can slow virus spread. Read More

www.informationweek.com:
Sun Solaris Security Hole Leaves Users Vulnerable. Read More

www.theregister.co.uk:
RealPlayer security fix is faulty. Read More

www.itweb.co.za:
Hackers deface SA sites for fun. Read More

english.joins.com:
Overseas hackers on the rise. Read More

www.theregister.co.uk:
First hackers sighted in high speed mobile phone arena. Read More

www.vnunet.com:
Microsoft alters alerts. Read More

news.bbc.co.uk:
Risk of internet collapse rising. Read More

www.theregister.co.uk:
DDOS attack 'really, really tested' UltraDNS. Read More

zdnet.com.com:
Feds, firms unveil test for security pros. Read More

www.theregister.co.uk:
Feds break massive identity fraud. Read More

www.theregister.co.uk:
Web Bugs - Here Are the Rules. Read More

www.vnunet.com:
Sklyarov allowed into US. Read More

www.pcworld.com:
Feds Fail to Pass Child Porn Laws. Read More

www.newsfactor.com:
Daily CyberCrime and Security Report for November 27, 2002. Read More

27 november 2002

New Trojans:
LANfiltrator 1.0

Remote AOL Password Cracker 2.0

Depth Charge 1.1

Vulnerabilities & Exploits:
online.securityfocus.com:
Multiple Linksys Devices Password Field Buffer Overflow Vulnerability. Read More

online.securityfocus.com:
Macromedia JRun IIS ISAPI Filter GET Request Buffer Overrun Vulnerability. Read More

online.securityfocus.com:
Open WebMail User Name Information Disclosure Vulnerability. Read More

www.securitytracker.com:
Netscape Communicator Java Bytecode Verifier Analysis Flaw Lets Remote Users Bypass Many Java Security Restrictions. Read More

www.securitytracker.com:
Sun Java Runtime Environment (JRE) Bytecode Verifier Analysis Flaw Lets Remote Users Bypass Many Java Security Restrictions. Read More

www.securitytracker.com:
Calisto Internet Talker Bug Lets Remote Users Crash the Service. Read More

www.securitytracker.com:
Microsoft Internet Explorer (IE) Java Class Loader Security Flaw Lets Remote Users Bypass Java Security Restrictions. Read More

www.securitytracker.com:
Microsoft Java Virtual Machine (VM) Class Loader Security Flaw Lets Remote Users Bypass Java Security Restrictions. Read More

www.securitytracker.com:
Netscape Communicator Java Native Code Generation Bug Lets Remote Users Bypass Java Security Controls. Read More

www.securitytracker.com:
Symantec Java! JustInTime (JIT) Compiler Native Code Generation Bug Lets Remote Users Bypass Java Security Controls. Read More

www.securitytracker.com:
AOL Instant Messenger (AIM) File Sharing Bug May Let Remote Users Silently Force Downloads. Read More

www.securitytracker.com:
Allied Telesyn Switch Management Ports Allow Remote Users to Deny Service to Those Ports. Read More

www.securitytracker.com:
BadBlue Server Flaws Disclose System Information, Including Database Passwords, to Remote Users and Also Allow Cross-Site Scripting Attacks. Read More

www.securitytracker.com:
PHP-Nuke Input Validation Holes in Search Module and Other Modules Allow Cross-Site Scripting Attacks. Read More

www.securitytracker.com:
BIND Domain Name Software Allows Remote Users to Spoof the DNS. Read More

www.securiteam.com:
Apache Scoreboard Shared Memory. Read More

www.securiteam.com:
Oracle TNS SEH Exploit. Read More

www.securiteam.com:
Calisto Internet Talker DoS. Read More

www.securiteam.com:
'Malicious-URL' Feature may be Circumvented Using IP Fragmentation in NetScreen. Read More

www.securiteam.com:
Predictable TCP Initial Sequence Numbers in NetScreen. Read More

www.securiteam.com:
Potential H.323 Denial of Service in NetScreen. Read More

www.securiteam.com:
Solaris fs.auto Remote Compromise Vulnerability. Read More

News:
www.vnunet.com:
Government fights off 6,000 online attacks. Read More

www.internet-magazine.com:
Hackers target government and companies. Read More

www.silicon.com:
Mystery attacker swamps .info domain system. Read More

www.newsfactor.com:
E-Commerce in the Shadow of the Hackers. Read More

www.washingtonpost.com:
Microsoft Warns of Windows, Explorer Security Hole. Read More

www.hacktivismo.com:
'Hackers Fight Censorship, Human Rights Violations'. Read More

www.newsfactor.com:
Daily CyberCrime and Security Report for November 26, 2002. Read More

26 november 2002

New Trojans:
ItADeM 3.0

HDoor 4.0

Stealth Port 1.1

Vulnerabilities & Exploits:
Internet Security Systems Security Alert Summary AS02-47. Read More

ISS X-Force Security Advisory
Solaris fs.auto Remote Compromise Vulnerability. Read More

online.securityfocus.com:
RealPlayer RealFlash Source Loading Buffer Overflow Vulnerability. Read More

online.securityfocus.com:
MailEnable Email Server Buffer Overflow Vulnerability. Read More

online.securityfocus.com:
RealPlayer Long File Name Now Playing Buffer Overflow Vulnerability. Read More

online.securityfocus.com:
Rational ClearCase Portscan Denial Of Service Vulnerability. Read More

online.securityfocus.com:
RealOne Player SMIL File Heap Corruption Vulnerability. Read More

online.securityfocus.com:
PHP SafeMode Arbitrary File Execution Vulnerability. Read More

online.securityfocus.com:
VBulletin Memberlist.PHP Cross Site Scripting Vulnerability. Read More

online.securityfocus.com:
Sendmail SMRSH Double Pipe Access Validation Vulnerability. Read More

online.securityfocus.com:
KDE Network RESLISA Buffer Overflow Vulnerability. Read More

online.securityfocus.com:
KDE KIO Subsystem Network Protocol Implementation Arbitrary Command Execution Vulnerability. Read More

www.securitytracker.com:
acFreeProxy Server Input Validation Flaw Allows Remote Users to Conduct Cross-Site Scripting Attacks Against Proxy Server Users. Read More

www.securitytracker.com:
acFTP Server Authentication Flaw May Give Remote Users Access Without Requiring Valid Authentication. Read More

www.securitytracker.com:
Open WebMail Discloses User and Group Account ID Information to Remote Users. Read More

News:
www.vnunet.com:
Government fights off 6,000 online attacks. Read More

online.securityfocus.com:
'Hacking Challenge' Winners Allege $43,000 Contest Rip-Off. Read More

www.smh.com.au:
New email worm detected. Read More

www.news.com.au:
Wireless hacking threat grows. Read More

news.com.com:
Feds charge 3 men with identity theft. Read More

www.newsfactor.com:
Winning the Cybersecurity War. Read More

www.content-wire.com:
Brazil exports Cyber-crime worldwide. Read More

www.newsfactor.com:
Daily CyberCrime and Security Report for November 25, 2002. Read More

25 november 2002

New Trojans:
HRVG2

NetBull 1.1

Huey 3.7.1

Vulnerabilities & Exploits:
online.securityfocus.com:
Microsoft Data Access Components RDS Buffer Overflow Vulnerability. Read More

online.securityfocus.com:
NetBSD ftpd Firewall State Table Corruption Vulnerability. Read More

online.securityfocus.com:
Sun/Netscape Java Virtual Machine Bytecode Verifier Vulnerability. Read More

online.securityfocus.com:
Symantec Java! JustInTime Compiler Command Execution Vulnerability. Read More

online.securityfocus.com:
Netscape Java Virtual Machine Insecure Call Vulnerability. Read More

online.securityfocus.com:
Microsoft Java Virtual Machine Bytecode Verifier Vulnerability. Read More

www.securitytracker.com:
vBulletin Input Validation Flaws in 'memberlist' and 'member2' Allow Cross-Site Scripting Attacks. Read More

www.securitytracker.com:
QNX Photon Discloses Clipboard Content to Local Users. Read More

www.securitytracker.com:
Rational ClearCase Can Be Crashed By Remote Users Conducting Port Scans. Read More

www.securiteam.com:
Multiple phpNuke Modules Vulnerable to Cross-Site Scripting. Read More

www.securiteam.com:
Buffer Overflow in iSMTP Gateway. Read More

www.securiteam.com:
Clipboard in QNX Photon. Read More

www.securiteam.com:
BadBlue XSS/Information Disclosure Vulnerabilities. Read More

www.securiteam.com:
Multiple Vulnerabilities in Macromedia Flash ActiveX. Read More

www.securiteam.com:
Multiple Incorrect Permissions in QNX. Read More

www.securiteam.com:
Open WebMail "background" Magic Info. Read More

News:
www.msnbc.com:
Pentagon drops Internet ID plan. Read More

www.vnunet.com:
Doubts raised over Microsoft patches. Read More

online.securityfocus.com:
Sex, Text, Revenge, Hacking and Friends Reunited. Read More

www.vnunet.com:
Antivirus firms block Friend Greetings. Read More

www.europemedia.net:
Blueprint hacker duped. Read More

www.themoscowtimes.com:
'Hacker' Looks at Hussein's E-Mail, Finds Spam. Read More

www.theinquirer.net:
Chaintech site hacked. Read More

www.theage.com.au:
Security flaws in RealPlayer. Read More

www.sltrib.com:
Think Your Privacy Is Safe on the Internet? Think Again. Read More

www.eedesign.com:
Securing proprietary information in data networks. Read More

24 november 2002

New Trojans:
Institution Open 0.1.2

AIM Pws 2.0

Ulysses 1.4

Vulnerabilities & Exploits:
online.securityfocus.com:
Microsoft Internet Explorer Object Tag Temporary Internet File Folder Vulnerability. Read More

online.securityfocus.com:
Multiple Microsoft Internet Explorer Cached Objects Zone Bypass Vulnerability. Read More

online.securityfocus.com:
Microsoft Internet Explorer IFrame/Frame Cross-Site/Zone Script Execution Vulnerability. Read More

online.securityfocus.com:
Microsoft Internet Explorer HTML Same Origin Policy Violation Vulnerability. Read More

online.securityfocus.com:
Microsoft Internet Explorer PNG Remote Buffer Overflow Vulnerability. Read More

Debian Security Advisory
DSA-200-1 samba -- remote exploit. Read More

www.securitytracker.com:
ImageFolio Input Validation Flaw Allows Remote Users to Conduct Cross-Site Scripting Attacks. Read More

www.securitytracker.com:
Zeroo Web Server Discloses Files on the System to Remote Users. Read More

www.securiteam.com:
acFTP Authentication Issue. Read More

www.securiteam.com:
acFreeProxy Cross-Site Scripting Vulnerability. Read More

www.securiteam.com:
XSS in PostNuke Rogue. Read More

News:
www3.gartner.com:
U.S. Government Fails Its Own Security Test Again. Read More

www.theregister.co.uk:
On the Microsoft FTP server leak. Read More

www.eweek.com:
RealPlayer Patch Fails to Fix Flaws. Read More

www.eweek.com:
Open-Source Security Comes Under Fire. Read More

23 november 2002

New Trojans:
Ehks 2.1

K.B.L. Uploader FWB 2.01

AntiLamer Backdoor 1.0

Vulnerabilities & Exploits:
online.securityfocus.com:
Microsoft Internet Explorer IFRAME dialogArguments Cross-Zone Access Vulnerability. Read More

online.securityfocus.com:
Courier SqWebMail File Disclosure Vulnerability. Read More

www.securitytracker.com"
Samba Buffer Overflow in User Input Routine May Let Remote Users Execute Arbitrary Code with Root Privileges. Read More

www.securitytracker.com"
Microsoft Internet Explorer Buffer Overflow in Processing PNG Images Allows Denial of Service Attacks. Read More

www.securitytracker.com"
RealOne Player Buffer Overflow and Other Bugs May Allow Remote Users to Execute Arbitrary Code. Read More

www.securitytracker.com"
Microsoft Internet Explorer MDAC Component Buffer Overflow Allows Remote Users to Execute Arbitrary Code. Read More

www.securitytracker.com"
Microsoft Data Access Components (MDAC) Buffer Overflow Allows Remote Users to Execute Arbitrary Code. Read More

www.securitytracker.com"
Alcatel OmniSwitch May Include Inadvertent Telnet Server Backdoor in Certain Versions. Read More

www.securitytracker.com"
Cisco PIX Firewall VPN Session Management Bug Allows Man-in-the-Middle Attacks and Buffer Overflow Lets Remote Users Crash the Firewall. Read More

www.securitytracker.com"
Libresolv BIND Resolver Library Buffer Overflows in getnetbyname() and getnetbyaddr() Allow Remote Users to Execute Arbitrary Code. Read More

www.securitytracker.com"
MailEnable POP Mail Server Can Be Crashed By Remote Users Sending Long Strings to the Server. Read More

www.securitytracker.com"
Linksys Cable/DSL Routers Can Be Crashed By Remote Users Sending Long Password Strings. Read More

www.securiteam.com:
ClearCase Remote DoS. Read More

www.securiteam.com:
Zeroo Folder Traversal Vulnerability. Read More

www.securiteam.com:
Multiple Buffer Overruns RealOne / RealPlayer / RealOne Enterprise. Read More

www.securiteam.com:
Multiple Vulnerabilities in Tiny HTTPd. Read More

News:
remus.softimage.net:
Internal Microsoft documents out on the Web. Read More

www.theinquirer.net:
How the Microsoft Network Operation Centre was hacked. Read More

www.ispworld.com:
Microsoft Warns of Wind., Expl. Security Hole. Read More

news.zdnet.co.uk:
Microsoft warns of security hole. Read More

www.eweek.com:
RealPlayer Patch Fails to Fix Flaws. Read More

linuxtoday.com:
InternetWeek: Report Rekindles Open Source vs. Microsoft Security Debate. Read More

www.newsfactor.com:
Daily CyberCrime and Security Report for November 22, 2002. Read More

22 november 2002

New Trojans:
Silent Spy 2.10

Lizards Tail 1.1

The Revenge Pack 5.21

Vulnerabilities & Exploits:
Internet Security Systems Security Alert
Microsoft MDAC Remote Compromise Vulnerability. Read More

www.securitytracker.com:
QNX Operating System Unsafe File Permissions May Let Local Users Gain Elevated Privileges. Read More

www.securitytracker.com:
Netscape Communicator May Disclose Preferences File to Remote Users. Read More

www.securitytracker.com:
Eudora E-mail Client May Execute Remotely Supplied Scripting Code in the Local Computer Zone. Read More

www.securiteam.com:
Linksys Router Bypass Vulnerability (XML). Read More

www.securiteam.com:
iPlanet WebServer Vulnerable to Remote Root Compromise. Read More

www.securiteam.com:
Remote Buffer Overflow Vulnerability in Zeroo HTTP Server. Read More

www.securiteam.com:
Cisco PIX Multiple Vulnerabilities. Read More

www.securiteam.com:
Denial of Service Vulnerability in Linksys Cable/DSL Routers. Read More

www.securiteam.com:
Buffer Overrun in Microsoft Data Access Components Could Lead to Code Execution. Read More

www.securiteam.com:
MailEase POP3 Denial of Service. Read More

www.securiteam.com:
PlanetWeb Web Server Buffer Overflow in Processing GET Requests. Read More

www.securiteam.com:
vBulletin XSS Injection Vulnerability (perpage). Read More

www.securiteam.com:
XSS Vulnerability Found in phpBB (Highlight). Read More

News:
www.networknews.co.uk:
Software tool gives hacker countdown. Read More

www.newsfactor.com:
The Cult of Hackers. Read More

www.newsfactor.com:
MS Patches Windows Flaw, But IE Hole Still Gapes. Read More

arstechnica.infopop.net:
Microsoft security flaw opens big hole for hackers, foot. Read More

money.cnn.com:
Hole in Windows lets hackers in. Read More

news.com.com:
Patch slipup raises security questions. Read More

www.networknews.co.uk:
Forensic skill needed to bring hackers to justice. Read More

www.networknews.co.uk:
Bugwatch: A security policy built on sand? Read More

online.securityfocus.com:
Trust us, Microsoft asks in secure computing push. Read More

www.theage.com.au:
Security Through Soundbyte: The 'Cybersecurity Intelligence' Game. Read More

www.internet-magazine.com:
Friends Reunited hacker gets five months. Read More

www.newsfactor.com:
Daily CyberCrime and Security Report for November 21, 2002. Read More

21 november 2002

New Trojans:
Institution OPEN 0.1.1

Advertiser Bot 1.0 Beta

Ultimate Spy Pro 1.4

Vulnerabilities & Exploits:
www.foundstone.com:
Remotely Exploitable Buffer Overflow in Microsoft MDAC. Read More

www.securitytracker.com:
Sun iPlanet Web Server Cross-Site Scripting and Unsafe Perl Script open() Calls Let Remote Users Execute Commands on the Server. Read More

www.securitytracker.com:
Linksys Router Web Management Access Flaw Gives Remote Users Administrative Access to the Device. Read More

www.securitytracker.com:
nullmailer Bug Lets Remote Users Crash the Service. Read More

www.securitytracker.com:
Gordano GMS Mail (NTMail) 'JUCE' Mail Filter Fails to Properly Block Mail. Read More

www.securitytracker.com:
Macromedia ActiveX Flash Player Heap Overflow Will Execute Arbitrary Code in Malicious Flash Content. Read More

News:
Microsoft Security Bulletin MS02-050
Certificate Validation Flaw Could Enable Identity Spoofing (Q329115). Read More

Microsoft Security Bulletin MS02-066
Cumulative Patch for Internet Explorer (Q328970). Read More

zdnet.com.com:
MS bug exposes millions to attack. Read More

quote.bloomberg.com:
Microsoft Says Security Flaw Exists in Most Windows (Update3). Read More

www.informationweek.com:
Microsoft Customers Cope With More Security Vulnerabilities. Read More

zdnet.com.com:
Security holes aren't being filled. Read More

www.pcworld.com:
Pro-Iraq Hacker Threatens Virus Outbreak. Read More

www.idg.net:
War with Iraq will mean virus outbreak, hacker says. Read More

zdnet.com.com:
Stop wasting money on security. Read More

www.vnunet.com:
Next virus could cost UK �2.1bn. Read More

www.nwfusion.com:
COMDEX: Panel: Accept the Net is vulnerable to attack. Read More

zdnet.com.com:
How Homeland Security impacts tech. Read More

www.newsfactor.com:
Daily CyberCrime and Security Report for November 20, 2002. Read More

20 november 2002

New Trojans:
CiGiCiGi 1.7

Eclipse2000 1.27

SpyProgram

Vulnerabilities & Exploits:
Macromedia ColdFusion/JRun Remote SYSTEM Buffer Overflow. Read More

iDEFENSE Security Advisory 11.19.02c:
Predictable Directory Structure Allows Theft of Netscape Preferences File. Read More

iDEFENSE Security Advisory 11.19.02b:
Eudora Script Execution Vulnerability. Read More

Debian Security Advisory
DSA-199-1 mhonarc -- cross site scripting. Read More

online.securityfocus.com:
Squid Proxy Authentication Credential Forwarding Information Disclosure Vulnerability. Read More

online.securityfocus.com:
Squid MSNT Auth Helper Buffer Overflow Vulnerability. Read More

online.securityfocus.com:
Squid FTP Directory Parsing Buffer Overflow Vulnerability. Read More

online.securityfocus.com:
NeoSoft NeoBook 4 ActiveX Control Arbitrary File Type Inclusion Vulnerability. Read More

online.securityfocus.com:
Lonerunner Zeroo HTTP Server Remote Buffer Overflow Vulnerability. Read More

online.securityfocus.com:
KDE Konqueror Sub-Frames Script Execution Vulnerability. Read More

www.securitytracker.com:
Perception LiteServe Input Validation Flaw in Processing Encoded URLs Lets Remote Users Crash the Web Server. Read More

www.securitytracker.com:
TFTPD32 Input Validation Flaw Lets Remote Users Read and Write Files on the System. Read More

www.securitytracker.com:
TFTPD32 Buffer Overflow in Processing Filenames Allows Remote Users to Execute Arbitrary Code. Read More

News:
www.newsfactor.com:
Latest IE Flaw Exposes Hard Drives via Web. Read More

zdnet.com.com:
Security holes aren't being filled. Read More

www.theregister.co.uk:
Accused Pentagon Hacker's Online Life. Read More

star-techcentral.com:
Microsoft to simplify security alerts. Read More

www.itworld.com:
Microsoft adds security service for novice end-users. Read More

www.infowarrior.org:
Security Through Soundbyte: The 'Cybersecurity Intelligence' Game. Read More

computerworld.com:
Experts: Don't dismiss cyberattack warning. Read More

www.wired.com:
How Much Hack Info Is Too Much? Read More

www.silicon.com:
Antivirus vendors' worm alert email carries worm. Read More

www.newsfactor.com:
Daily CyberCrime and Security Report for November 19, 2002. Read More

19 november 2002

New Trojans:
Telserver 3.0

Manipulator Light

CmjSpy 0.5

Vulnerabilities & Exploits:
online.securityfocus.com:
OpenSSH Visible Password Vulnerability. Read More

online.securityfocus.com:
ISC BIND DNS Resolver Buffer Overflow Vulnerability. Read More

online.securityfocus.com:
Cobalt RaQ authenticate Local Privilege Escalation Vulnerability. Read More

online.securityfocus.com:
Courier SqWebMail File Disclosure Vulnerability. Read More

Debian Security Advisory
DSA-198-1 nullmailer -- denial of service. Read More

www.ngsec.com:
iPlanet WebServer, remote root compromise. Read More

www.securitytracker.com:
Zeroo HTTP Server Buffer Overflow Lets Remote Users Execute Arbitrary Code on the Server. Read More

www.securitytracker.com:
NeoSoft NeoBook Content Authoring System Allows Remote Users to Execute Code When Malicious Content is Viewed. Read More

News:
www.gopbi.com:
Hackers mobilizing forces. Read More

www.smh.com.au:
Hackers go public with prizes and glory, and jobs, on the line. Read More

linuxtoday.com:
LinuxWorld: The Worst Security Problems? We Can't Tell From the FBI's Top 20 List. Read More

www.aftenposten.no:
Crackers steal 52,000 university passwords. Read More

www.commweb.com:
Virus-Trapper Prevents Worm Spread. Read More

zdnet.com.com:
Homeland Security--Big Brother is here? Read More

asia.cnn.com:
Indonesians take protests to the net. Read More

www.commweb.com:
Microsoft: Upgrade Windows For Better Security. Read More

www.fcw.com:
GSA awards patch system contract. Read More

www.vnunet.com:
BT offers filter tool for parents. Read More

www.newsfactor.com:
Daily CyberCrime and Security Report for November 18, 2002. Read More

18 november 2002

New Trojans:
MoSucker 3.0

GhostVoice

SlimFTPd 2.2

Vulnerabilities & Exploits:
www.securiteam.com:
Linux Rsync Remote Exploit Code. Read More

www.securiteam.com:
Local Root Exploit for cifslogin on HP-UX. Read More

www.securiteam.com:
i386 Linux Kernel DoS (Local). Read More

www.securiteam.com:
vBulletin Calendar Improved Exploit Code. Read More

online.securityfocus.com:
Python os.py Predictable Temporary Filename Command Execution Vulnerability. Read More

online.securityfocus.com:
Perception LiteServe CGI Source Disclosure Vulnerability. Read More

online.securityfocus.com:
Multiple Unspecified Opera 7 Vulnerabilities. Read more

online.securityfocus.com:
Syslog-ng Macro Expansion Remote Buffer Overflow Vulnerability. Read More

online.securityfocus.com:
IBM AIX Selective ACK Denial of Service Vulnerability. Read More

www.securitytracker.com:
phpBB 'Advanced Quick Reply' Hack Input Validation Flaw Lets Remote Users Execute Commands on the Server. Read More

www.securitytracker.com:
Buffalo Technology AirStation Wireless Access Point Can Be Crashed By Remote Users Conducting Port Scans. Read More

www.securitytracker.com:
Courier SqWebMail Privilege Dropping Bug Lets Local Users View Files on the System. Read More

online.securityfocus.com:
Perception LiteServe DNS Wildcard Cross Site Scripting Vulnerability. Read More

online.securityfocus.com:
Perception LiteServe Directory Query String Cross Site Scripting Vulnerability. Read More

online.securityfocus.com:
IISPop Remote Buffer Overflow Denial of Service Vulnerability. Read More

online.securityfocus.com:
KDE Network RESLISA Buffer Overflow Vulnerability. Read More

online.securityfocus.com:
KDE KIO Subsystem Network Protocol Implementation Arbitrary Command Execution Vulnerability. Read More

www.securiteam.com:
Default SNMP Community in Surecom Broadband Router. Read More

www.securiteam.com:
Buffalo AP Denial of Service. Read More

www.securiteam.com:
LiteServe URL Decoding DoS. Read More

www.securiteam.com:
TFTPD32 Directory Traversal Vulnerability. Read More

www.securiteam.com:
TFTPD32 Buffer Overflow Vulnerability (Long filename). Read More

www.securiteam.com:
IISPop Remote DoS. Read More

www.securiteam.com:
Perception LiteServe HTTP CGI Disclosure Vulnerability. Read More

www.securiteam.com:
Netscape/Mozilla Contains an Exploitable Heap Corruption via JAR URI Handler. Read More

News:
www.rtfm.com:
Security holes... Who cares?(pdf). Read More

www.internet-magazine.com:
Welsh hacker charged with spreading viruses. Read More

www.islandpacket.com:
Free-lance journalist hacks into Saddam's e-mail. Read More

news.com.com:
Judge rules cops' hacker went too far. Read More

www.vnunet.com:
Chat room perverts could face jail. Read More

17 november 2002

New Trojans:
Silent Spy 2.07

DDoS Trojan

B-S Spy 1.8.0

Vulnerabilities & Exploits:
online.securityfocus.com:
IBM HTTP Server Information Disclosure Vulnerability. Read More

online.securityfocus.com:
KeyFocus KF Web Server Directory Traversal Vulnerability. Read More

online.securityfocus.com:
PHP SafeMode Arbitrary File Execution Vulnerability. Read More

online.securityfocus.com:
PHP Post File Upload Buffer Overflow Vulnerabilities. Read More

online.securityfocus.com:
PHP Function CRLF Injection Vulnerability. Read More

online.securityfocus.com:
Cart32 Hidden Form Field Manipulation Vulnerability. Read More

online.securityfocus.com:
JustAddCommerce Hidden Form Field Manipulation Vulnerability. Read More

online.securityfocus.com:
Qualcomm Eudora File Attachment Spoofing Vulnerability. Read More

online.securityfocus.com:
Buffalo AirStation Pro Intelligent Access Point Port 80 Denial Of Service Vulnerability. Read More

online.securityfocus.com:
Surecom Router SNMP Default Community Strings Vulnerability. Read More

online.securityfocus.com:
HP Tru64 IGMP Denial Of Service Vulnerability. Read More

online.securityfocus.com:
HP Tru64/TruCluster OSIS V5.4 LDAP Module Unauthorized File Access Vulnerability. Read More

online.securityfocus.com:
PHPBB Advanced Quick Reply Hack Remote File Include Vulnerability. Read More

online.securityfocus.com:
LibHTTPD POST Buffer Overflow Vulnerability. Read More

online.securityfocus.com:
Multiple Vendor libc DNS Resolver Information Leakage Vulnerability. Read More

online.securityfocus.com:
Apache Server Side Include Cross Site Scripting Vulnerability. Read More

online.securityfocus.com:
Apache Web Server Scoreboard Memory Segment Overwriting SIGUSR1 Sending Vulnerability. Read More

online.securityfocus.com:
Apache HTPasswd Insecure Temporary File Vulnerability. Read More

online.securityfocus.com:
Apache HTDigest Insecure Temporary File Vulnerability. Read More

online.securityfocus.com:
Apache AB.C Web Benchmarking Read_Connection() Buffer Overflow Vulnerability. Read More

www.securitytracker.com:
LiteServe Web Server Input Validation Flaw in Processing CGI Filenames May Disclose CGI Source Code to Remote Users. Read More

www.securitytracker.com:
Opera 7 Undisclosed Vulnerabilities Let Remote Users View Files on the System and Execute Scripting Code in the Context of Other Domains. Read More

www.securitytracker.com:
Mozilla Browser Heap Overflow in Processing 'jar:' URIs Allows Remote Users to Execute Arbitrary Code on the Browser. Read More

News:
www.linuxvoodoo.com:
Japan may drop Windows to boost security. Read More

www.wired.com:
Kids Get Safe Internet Haven. Read More

techupdate.zdnet.co.uk:
Security tightened after 'Needlepoint' virus. Read More

www.vnunet.com:
Comment: The perfect online crime. Read More

16 november 2002

New Trojans:
Manipulator 1.2

KPSULE KeyLogger 1.0

JustJoke 2.6 version 2

Vulnerabilities & Exploits:
online.securityfocus.com:
W3Mail File Disclosure Vulnerability. Read More

online.securityfocus.com:
Multiple Vendor lpd Vulnerabilities. Read More

Debian Security Advisory
DSA-197-1 courier -- buffer overflow. Read More

www.securitytracker.com:
XOOPS Quizz Module Input Filtering Bug Allows Remote Users to Conduct Cross-Site Scripting Attacks. Read More

www.securitytracker.com:
XOOPS WebChat Module Input Validation Flaw Lets Remote Users Inject and Execute SQL Commands on the Underlying Database Server. Read More

www.securitytracker.com:
IISPop EMail Server Can Be Crashed By Remote Users. Read More

www.securitytracker.com:
Tcpdump and Libpcap Distributions May Include Trojan Horse Code. Read More

www.securitytracker.com:
LibHTTPd Buffer Overflow Lets Remote Users Execute Arbitrary Code. Read More

www.securitytracker.com:
SURECOM Broadband Router (EP-4501) Default Configuration Gives Remote Users Read/Write SNMP Access. Read More

www.securitytracker.com:
KeyFocus KF Web Server Discloses Files on the System to Remote Users. Read More

www.securitytracker.com:
Cart32 Shopping Cart Server Trusts User-supplied Pricing Data. Read More

www.securitytracker.com:
JustAddCommerce Server Trusts User-supplied Pricing Data. Read More

News:
www.wired.com:
Study Makes Less of Hack Threat. Read More

www.vnunet.com:
Snooping kit excites network managers. Read More

www.wired.com:
Dot-Mil Hacker's Download Mistake. Read More

zdnet.com.com:
Ruling: Cybercops need a hack warrant. Read More

news.zdnet.co.uk:
Hackers drop spyware into popular tool. Read More

www.pcpro.co.uk:
Popular packet sniffing packages contaminated by Trojan. Read More

www.vnunet.com:
Bugwatch: Personal protection. Read More

zdnet.com.com:
Week in review: Life to hackers! Read More

www.newsfactor.com:
Daily CyberCrime and Security Report for November 15, 2002. Read More

15 november 2002

New Trojans:
LANfiltrator Beta 10

ZUD 1.0

IRC BDoor 2.0

Vulnerabilities & Exploits:
online.securityfocus.com:
PXE Server DHCP Packet Denial Of Service Vulnerability. Read More

online.securityfocus.com:
PHP Mail Function ASCII Control Character Header Spoofing Vulnerability. Read More

online.securityfocus.com:
Hotfoon Dialer Buffer Overflow Vulnerability. Read More

online.securityfocus.com:
Hotfoon Dialer Plain Text Password Storage Vulnerability. Read More

online.securityfocus.com:
Novell Netware eMFrame iManage Buffer Overflow Vulnerability. Read More

online.securityfocus.com:
Cisco PIX Firewall Telnet/SSH Subnet Handling Denial Of Service Vulnerability. Read More

online.securityfocus.com:
EZ Systems HTTPBench Information Disclosure Vulnerability. Read More

online.securityfocus.com:
KGPG Key Generation Empty Passphrase Vulnerability. Read More

online.securityfocus.com:
SquirrelMail Options.PHP Web Root Path Disclosure Vulnerability. Read More

online.securityfocus.com:
SquirrelMail Multiple Cross Site Scripting Vulnerablities. Read More

online.securityfocus.com:
Incognito Systems ISMTP Gateway Buffer Overflow Vulnerability. Read More

Debian Security Advisory
DSA-196-1 bind -- several. Read More

www.securitytracker.com:
MasqMail Server Buffer Overflows Let Local Users Grab Root Privileges. Read More

www.securitytracker.com:
APBoard PHP-based Forum Lets Remote Users Post Messages in Protected Forums and Obtain Other User Passwords. Read More

www.securitytracker.com:
INweb Mail Server Can Be Crashed By Remote Users. Read More

www.securitytracker.com:
Hyperion FTP Server Input Validation Flaw Discloses Files on the Server to Remote Authenticated Users. Read More

www.securitytracker.com:
W3Mail Input Validation Flaw in viewAttachment.cgi Lets Remote Authenticated Users View Files on the System. Read More

www.securitytracker.com:
KDE KIO Protocol Subsystem Bugs May Let Remote Users Execute Arbitrary Commands. Read More

www.securitytracker.com:
Novell eDirectory Flaw May Give Remote Users Access to Accounts With Expired Passwords. Read More

www.securitytracker.com:
BIND4 and BIND8 Multiple Bugs Let Remote Users Crash the Service or Execute Arbitrary Code. Read More

www.securiteam.com:
Exploit Code for IP Smart Spoofing. Read More

www.securiteam.com:
XSS Vulnerability in Major Websites (Hotmail, Yahoo and Excite). Read More

www.securiteam.com:
Macromedia ColdFusion/JRun Remote SYSTEM Buffer Overflow Vulnerabilities. Read More

www.securiteam.com:
KeyFocus KF Web Server File Disclosure Vulnerability. Read More

www.securiteam.com:
XOOPS RC3 WebChat Module SQL Injection. Read More

www.securiteam.com:
Remote Buffer Overflow Vulnerability in Light HTTPd. Read More

www.securiteam.com:
Vulnerability Found in Benchmark Tool for HTTP Pages. Read More

www.securiteam.com:
rlogin.protocol and telnet.protocol URL KIO Vulnerability. Read More

News:
news.zdnet.co.uk:
Russians wage cyber war on Chechen Web sites. Read More

news.com.com:
Hackers drop spyware into popular tool. Read More

zdnet.com.com:
Linux utility site hacked, infected. Read More

online.securityfocus.com:
Alien Autopsy: Reverse Engineering Win32 Trojans on Linux. Read More

news.com.com:
Judge rules cops' hacker went too far. Read More

news.bbc.co.uk:
UK 'hacker' to fight US extradition. Read More

www.news.com.au:
Alleged hacker to fight extradition. Read More

www.newsfactor.com:
Daily CyberCrime and Security Report for November 14, 2002. Read More

14 november 2002

New Trojans:
Pinkle 1.0

Ghost Server binder 2.2

FloodNet 2.0

Vulnerabilities & Exploits:
Debian Security Advisory
DSA-195-1 apache-perl -- several. Read More

online.securityfocus.com:
CVSup-Mirror Insecure Temporary Files Vulnerability. Read More

online.securityfocus.com:
MailScanner Attachment Filename Validation Vulnerability. Read More

www.securitytracker.com:
IBM AIX Operating System TCP Selective Acknowledgement Feature May Let Remote Users Crash the System. Read More

www.securitytracker.com:
Hotfoon.com Telelphone Dialer Security Flaws Let Remote Users Execute Arbitrary Code. Read More

www.securitytracker.com:
Light HTTPd (lhttpd) Buffer Overflow Lets Remote Users Execute Arbitrary Code to Gain Shell Access on the System. Read More

www.securitytracker.com:
eZ httpbench Tool Discloses Files on the System to Remote Users. Read More

www.securitytracker.com:
Tiny HTTPd Input Validation Bug Discloses Files on the Server to Remote Users and Also Lets Users Execute Commands. Read More

www.securitytracker.com:
KDE LISa 'resLISa' Buffer Overflow Lets Local Users Gain Access to Network Sockets. Read More

News:
online.securityfocus.com:
Accused Pentagon Hacker's Online Life. Read More

news.com.com:
House considers jailing hackers for life. Read More

rootprompt.org:
Trojan Found in libpcap and tcpdump. Read More

www.vnunet.com:
Domain name servers flawed again. Read More

zdnet.com.com:
British hacker indicted for break-ins. Read More

www.govexec.com:
Hackers could be planning major attack, says White House. Read More

www.vnunet.com:
Hacker must wait to know his fate. Read More

www.idg.net:
The worst security problems? We can't tell from the FBI's top 20 list. Read More

www.idg.net:
Internet users to buy online despite security fears. Read More

www.newsfactor.com:
Daily CyberCrime and Security Report for November 13, 2002. Read More

13 november 2002

New Trojans:
QQ Murderer 3.97

RFM 1.3

Retrieve 1.1

Vulnerabilities & Exploits:
Internet Security Systems Security Advisory
Multiple Remote Vulnerabilities in BIND4 and BIND8. Read More

Debian Security Advisory
DSA-194-1 masqmail -- buffer overflows. Read More

online.securityfocus.com:
CVSup-Mirror Insecure Temporary Files Vulnerability. Read More

online.securityfocus.com:
MailScanner Attachment Filename Validation Vulnerability. Read More

online.securityfocus.com:
Pine From: Field Heap Corruption Vulnerability. Read More

online.securityfocus.com:
Multiple Vendor IPSec Implementation Denial of Service Vulnerabilities. Read More

online.securityfocus.com:
Sun Solaris Network Interface Denial Of Service Vulnerability. Read More

online.securityfocus.com:
Lotus Domino Non-existent NSF Database Banner Information Disclosure Vulnerability. Read More

online.securityfocus.com:
QNX RTOS Application Packager Non-Explicit Path Execution Vulnerability. Read More

www.securitytracker.com:
Incognito Software iSMTP Gateway for Banyan VINES Lets Remote Users Crash the Server. Read More

www.securitytracker.com:
KGPG Key Generation Bug Discloses Unencrypted Keys to Local Users. Read More

www.securiteam.com:
Buffer Overflow in KDE resLISa. Read More

News:
www.theregister.co.uk:
Oracle in buffer overflow brown alert. Read More

www.internetweek.com:
Popular Small Office Router Has Security Hole. Read More

news.com.com:
New flaws could spawn more Net attacks. Read More

news.com.com:
Greeting card virus licensed to spread. Read More

www.infoworld.com:
U.S. charges U.K. hacker caused $900,000 in damage. Read More

www.chron.com:
Briton charged with hacking U.S. military networks. Read More

www.cnn.com:
British national indicted in military hacking case. Read More

www.theregister.co.uk:
FT site defaced to promote Russian DJ. Read More

www.theregister.co.uk:
US military zeros in on Brit cracker. Read More

www.hacktivismo.com:
Crackers Over Hackers. Read More

www.newsfactor.com:
Daily CyberCrime and Security Report for November 12, 2002. Read More

12 november 2002

New Trojans:
Magic Link 2.0

Hack99 KeyLogger

NETObserve 2.9

Tool:
www.insecure.org:
Nmap version 3.10ALPHA4 is now available. Read More

www.greyhats.org:
SMTPScan, Remote SMTP Server Version Detector. Read More

Vulnerabilities & Exploits:
iDEFENSE Security Advisory 11.11.02:
Buffer Overflow in KDE resLISa. Read More

online.securityfocus.com:
Simple Web Server File Disclosure Vulnerability. Read More

online.securityfocus.com:
Zeus Web Server Admin Interface Cross Site Scripting Vulnerability. Read More

online.securityfocus.com:
Perception LiteServe Directory Query String Cross Site Scripting Vulnerability. Read More

online.securityfocus.com:
LPRNG html2ps Remote Command Execution Vulnerability. Read More

www.securitytracker.com:
Zeus Admin Server Input Validation Flaw Permits Cross-Site Scripting Attacks Against Administrators. Read More

www.securitytracker.com:
RhinoSoft Serv-U FTP Server Can Be Crashed By Remote Authenticated Users Sending Repeated 'MKD' Commands. Read More

News:
White Paper Exploring Host Discovery (pdf). Read More

SMTPScan, Remote SMTP Server Version Detection (pdf). Read More

www.pcworld.com:
Friendly Greeting Hides Worm. Read More

www.infoworld.com:
BrideX worm bites Kasperky Labs. Read More

www.informationweek.com:
Study: E-Mail Viruses Up, Spam Down. Read More

www.smh.com.au:
New trojan spotted. Read More

digitalmass.boston.com:
U.S. cracks case of British hacker who broke into military networks. Read More

seattletimes.nwsource.com:
Bad guys win, hacker's book seems to gloat. Read More

www.sbpost.ie:
IT bunglers a bigger threat than hackers. Read More

www.businessweek.com:
Computer Break-Ins: Your Right to Know. Read More

www.eetimes.com:
Hackers beware: quantum encryption is coming. Read More

www.newscientist.com:
'Rewiring' file-sharing networks may stop attacks. Read More

www.newsfactor.com:
Daily CyberCrime and Security Report for November 11, 2002. Read More

11 november 2002

New Trojans:
Zimenok 0.6

Fuckdoor 1.0

KeySpy 7.30

Vulnerabilities & Exploits:
online.securityfocus.com:
PADL Software nss_ldap DNS Query Response Denial of Service Vulnerability. Read More

online.securityfocus.com:
PADL Software nss_ldap DNS Buffer Overflow Vulnerability. Read More

online.securityfocus.com:
PAM_LDAP And Squid_Auth_LDAP Logging Format String Vulnerabilities. Read More

www.securitytracker.com:
Cisco PIX Firewall Can Be Crashed By Remote Users When In a Certain Configuration. Read More

www.securitytracker.com:
Magic Notebook Can Be Crashed By Remote Users. Read More

www.securitytracker.com:
QNX Neutrino Operating System Relative Path Bug Lets Local Users Grab Root Privileges. Read More

www.securitytracker.com:
Simple Web Server Lets Remote Users Bypass File Access Controls. Read More

www.securitytracker.com:
PostNuke Input Filtering Error in 'modules.php' Facilitates Remote Cross-Site Scripting Attacks. Read More

www.securiteam.com:
Technical Information on Un-patched MS Java Vulnerabilities. Read More

News:
www.popsci.com:
All Eyes are on you
Tollbooths, ATMs, doctors' offices, online chat: You leave critical personal data behind wherever you go. Let's follow one American as he scatters his digital DNA. Read More

techupdate.zdnet.co.uk:
Microsoft earns security badge. Read More

www.businessweek.com:
Computer Break-Ins: Your Right to Know. Read More

www.hardwarezone.com:
McAfee Security Protects More Than 100 Million Customers Worldwide Through Third-Party Email Delivery. Read More

www.theinquirer.net:
SETI email database hacked? Read More

www.vnunet.com:
CD copy protection 'a waste of time'. Read More

10 november 2002

New Trojans:
BioNet 4.00.04 BE

Ulysses 1.1

SchoolBus 1.5

Vulnerabilities & Exploits:
online.securityfocus.com:
Microsoft Internet Explorer Document Reference Zone Bypass Vulnerability. Read More

www.securitytracker.com:
Yahoo! Messenger Invisible User Function Can Be Circumvented. Read More

www.securitytracker.com:
linuxconf Default Configuration on Conectiva Linux Lets Remote Users Send Open Relay Mail. Read More

www.securitytracker.com:
CuteCast Forum Discloses Passwords to Remote Users. Read More

www.securitytracker.com:
LiteServe Web Server Input Validation Errors Let Remote Users Conduct Cross-Site Scripting Attacks. Read More

www.securitytracker.com:
IBM Lotus Notes Domino Server Discloses Server Banner to Remote Users When Configured Not To. Read More

www.securitytracker.com:
MailScanner Input Validation Flaws in Processing Attachment File Names May Let Remote Users Bypass Security. Read More

www.securitytracker.com:
'nss_ldap' Buffer Overflow in DNS Code May Allow Remote Users to Execute Arbitrary Code. Read More

www.securitytracker.com:
Macromedia ColdFusion Source Code May Be Disclosed to Remote Users. Read More

www.securitytracker.com:
Pine E-mail Client Input Validation Bug Lets Remote Users Crash the Client. Read More

www.securitytracker.com:
Window Maker Window Manager Buffer Overflow May Let Remote Users Execute Arbitrary Code. Read More

News:
www.computerworld.com:
Microsoft calls 'foul' on OS vulnerability data. Read More

www.theregister.co.uk:
Kaspersky mailing list hijacked! Read More

www.computerworld.com:
Study: Government IT workers closing skills gap. Read More

www.theregister.co.uk:
Verisign moves DNS root servers in defensive ploy. Read More

www.newsfactor.com:
Beware the Toothless Antitrust Lawsuit. Read More

www.aftenposten.no:
Cordless keyboard woes continue. Read More

www.japantimes.co.jp:
NPA reports hackers attacking its computers. Read More

www.theregister.co.uk:
Accused eBay hacker out on bond. Read More

09 november 2002

New Trojans:
Silent Spy 2.06

SubSari 1.4.5

Joiner 1.5

Vulnerabilities & Exploits:
online.securityfocus.com:
Microsoft IIS Administrative Pages Cross Site Scripting Vulnerabilities. Read More

online.securityfocus.com:
Networking_Utils Remote Command Execution Vulnerability. Read More

online.securityfocus.com:
Apache Server Side Include Cross Site Scripting Vulnerability. Read More

online.securityfocus.com:
Apache Web Server Scoreboard Memory Segment Overwriting SIGUSR1 Sending Vulnerability. Read More

online.securityfocus.com:
Apache HTPasswd Insecure Temporary File Vulnerability. Read More

online.securityfocus.com:
Apache HTDigest Insecure Temporary File Vulnerability. Read More

online.securityfocus.com:
Apache AB.C Web Benchmarking Buffer Overflow Vulnerability. Read More

online.securityfocus.com:
Apache AB.C Web Benchmarking Read_Connection() Buffer Overflow Vulnerability. Read More

online.securityfocus.com:
Apache /tmp File Race Vulnerability. Read More

online.securityfocus.com:
Astrocam Remote Command Execution Vulnerability. Read More

online.securityfocus.com:
The Magic Notebook Invalid Username Denial Of Service Vulnerability. Read More

online.securityfocus.com:
Cisco PIX Firewall Telnet/SSH Subnet Handling Denial Of Service Vulnerability. Read More

online.securityfocus.com:
SnortCenter Insecure Temporary Filename Vulnerability. Read More

online.securityfocus.com:
IPFilter FTP Proxy Unauthorized Access Vulnerability. Read More

iDEFENSE Security Advisory 11.08.02b:
Non-Explicit Path Vulnerability in QNX Neutrino RTOS. Read More

iDEFENSE Security Advisory 11.08.02b:
File Disclosure Vulnerability in Simple Web Server. Read More

www.techie.hopto.org:
LiteServe Directory Index Script Injection Vulnerability. Read More

www.securitytracker.com:
OpenBSD Kernel Bug in gertrlimit() Function May Let Local Users Crash the System. Read More

www.securitytracker.com:
Apache mod_php Module May Allow Local Users to Gain Control of the Web Port. Read More

www.securitytracker.com:
QNX Operating System Timer Implementation Bug Lets Local Users Crash the System. Read More

www.securitytracker.com:
LuxMan Game Software File Path Bug May Let Local Users Gain Root Access on the System. Read More

www.securitytracker.com:
Macromedia JRun Server Contains a Buffer Overflow and May Also Disclose Log File Contents to Remote Users. Read More

News:
www.net-security.org:
Oror Worm - Highest Threat Levels Since Bugbear. Read More

news.com.com:
E-mail virus alert carries own worm. Read More

rtnews.globetechnology.com:
Virus or spyware slows computer. Read More

www.redherring.com:
Up Against the Firewall. Read More

news.com.com:
Microsoft to offer peek at new tools. Read More

www.newsfactor.com:
Daily CyberCrime and Security Report for November 8, 2002. Read More

08 november 2002

New Trojans:
Postic

Shah 1.0 version 2

Remote Server Trojan 2.0

Vulnerabilities & Exploits:
online.securityfocus.com:
Microsoft IIS Out Of Process Privilege Escalation Vulnerability. Read More

Debian Security Advisory
DSA-191-1 squirrelmail -- cross site scripting. Read More

Debian Security Advisory
DSA-190-1 wmaker -- buffer overflow. Read More

www.securitytracker.com:
Perl Safe Module May Allow Sandbox Compartment Access Restrictions to Be Bypassed. Read More

www.securitytracker.com:
networking_utils PHP Script Input Validation Flaw Allows Remote Users to View Files and Execute Commands on the System. Read More

www.securitytracker.com:
SnortCenter Temporary File Access Control Bug. Read More

www.securitytracker.com:
Iatek PortalApp Access Control Bug Lets Remote Authenticated Users Gain Administrator Privileges on the Portal. Read More

www.securitytracker.com:
perl-MailTools Input Validation Hole in Mail::Mailer Package May Let Remote Users Execute Arbitrary Commands. Read More

www.securiteam.com:
QNX Timer Implementation Vulnerable to DoS. Read More

www.securiteam.com:
Xsun (Sparc) Local Exploit (RGB_DB). Read More

www.securiteam.com:
Com21 Cable Modem Configuration File Feeding Vulnerability. Read More

www.securiteam.com:
Bug in Monkey Webserver Causes DoS (POST). Read More

News:
www.smh.com.au:
New worm threat upgraded. Read More

www.net-security.org:
The Value of Honeypots (pdf). Read More

www.vnunet.com:
Bugwatch: The perils of small print. Read More

www.newsfactor.com:
The FBI's Cybercrime Crackdown. Read More

www.japantimes.co.jp:
NPA reports hackers attacking its computers. Read More

news.bbc.co.uk:
Hack attacks on rise in Asia. Read More

www.thesun.co.uk:
Hackers' bid to fix poll. Read More

www.smh.com.au:
Wormholes in hacker case. Read More

www.newscientist.com:
Key internet server relocated. Read More

www.canada.com:
Technology experts make defensive change to key Internet computers. Read More

www.informationweek.com:
Piecing Together Huge Security Network. Read More

www.newsfactor.com:
Daily CyberCrime and Security Report for November 7, 2002. Read More

07 november 2002

New Trojans:
Win-Spy 5.6.1

Socks4 Proxy 1.0

Beast 1.8

Vulnerabilities & Exploits:
Georgi Guninski security advisory #58, 2002
Fun with mod_php/Apache 1.3, yet Apache much better than II$. Read More

iDEFENSE Security Advisory 11.06.02:
Non-Explicit Path Vulnerability in LuxMan. Read More

Debian Security Advisory
DSA-189-1 luxman -- local root exploit. Read More

www.securitytracker.com:
pp_powerSwitch Access Control Bug May Let Remote Authenticated Users Control Any Port. Read More

www.securitytracker.com:
HP Tru64 UNIX TruCluster Server Interconnect Has an Unspecified Flaw That May Let Remote Users Crash the Server. Read More

www.securitytracker.com:
Wisecom Wireless Access Point Discloses Encryption Keys and Passwords to Remote Users. Read More

www.securitytracker.com:
Various libc Implementations Have a Denial of Service Bug That Lets Remote Users Crash Affected RPC Services. Read More

www.securitytracker.com:
Macromedia Dreamweaver Weak Encoding Lets Local Users Retrieve FTP Site Passwords. Read More

www.securiteam.com:
Lycos Mail and Lycos HTMLGear XSS/Cookie Problems Advisory. Read More

www.securiteam.com:
Accesspoints Disclose WEP Keys, Password and MAC Filters. Read More

www.securiteam.com:
SnortCenter Temporary File Vulnerability. Read More

www.securiteam.com:
Networking Utils PHP Allows Execution of Arbitrary code. Read More

www.securiteam.com:
Non-Explicit Path Vulnerability in LuxMan. Read More

News:
online.securityfocus.com:
Complete Snort-based IDS Architecture, Part One. Read More

news.com.com:
Russian firm warns of Roron virus. Read More

www.net-security.org:
Honeypots: Tracking Hackers. Read More

www.msnbc.com:
Hackers may get U.S. funds to fight China�s Web curbs. Read More

www.bellevueleader.com:
Internet monitoring on the rise. Read More

www.wired.com:
Mitnick's 'Lost Chapter' Found. Read More

www.informationweek.com:
Piecing Together Huge Security Network. Read More

www.canada.com:
Technology experts make defensive change to key Internet computers. Read More

www.wired.com:
Navy Sites Spring Security Leaks. Read More

news.com.com:
Notre Dame math guru cracks code. Read More

www.newsfactor.com:
Daily CyberCrime and Security Report for November 6, 2002. Read More

06 november 2002

New Trojans:
FuckLamers Backdoor 2.5

ftppw 0.1

iOpus STARR PRO

Vulnerabilities & Exploits:
Debian Security Advisory
DSA-188-1 apache-ssl -- several. Read More

Debian Security Advisory
DSA-187-1 apache -- several. Read More

online.securityfocus.com:
Microsoft SQL Server Login Weak Authentication Mechanism. Read More

online.securityfocus.com:
Monkey HTTP Server Invalid POST Request Denial Of Service Vulnerability. Read More

www.securitytracker.com:
Xeneo PHP Web Server Input Validation Bug Lets Remote Users Crash the Web Service. Read More

www.securitytracker.com:
XGroove Xlib Library Bugs May Allow Remote Users to Deny Service to Other Systems. Read More

www.securitytracker.com:
Com21 DOXport Cable Modems Let Remote Users on the Local Network Load an Alternate Configuration File. Read More

www.securiteam.com:
Oracle iSQL*Plus Buffer Overflow (Long User ID). Read More

www.securiteam.com:
Pablo FTP Server DoS Vulnerability (%n). Read More

www.securiteam.com:
Denial of Service Vulnerability in Xeneo Web Server. Read More

www.securiteam.com:
Microsoft IIS Local Cross-site Scripting Vulnerability. Read More

News:
news.zdnet.co.uk:
Braid virus winds its way through email. Read More

zdnet.com.com:
Braid virus shows Klez similiarities. Read More

online.securityfocus.com:
Polymorphic Macro Viruses, Part Two. Read More

boston.internet.com:
As the Bridex Worm Turns. Read More

www.rockymountainnews.com:
Types of hackers. Read More

www.computerworld.com:
Hacking syndicates threaten banking. Read More

www.newsfactor.com:
SBC Creates Anti-Hacker Lab. Read More

www.startribune.com:
Hacker turncoat opines on computer security. Read More

www.wired.com:
Navy Sites Spring Security Leaks. Read More

www.theregister.co.uk:
Mozilla riddled with security holes. Read More

www.startribune.com:
Hackers stick California city with $30,000 phone bill. Read More

www.eweek.com:
eEye Tool Helps Find, Fix Vulnerabilities. Read More

news.zdnet.co.uk:
Teleworking hits security barriers. Read More

www.theregister.co.uk:
SAN security under the spotlight. Read More

www.desktoplinux.com:
How to avoid security problems, Linux vs. Windows security [NewsForge]. Read More

www.linuxdevices.com:
U.S. National Security Agency develops 'Security-Enhanced Linux'. Read More

news.com.com:
New Web services tools look to security. Read More

thestar.com.my:
New law to punish firms which leak data on clients. Read More

news.zdnet.co.uk:
'WirelessUSB' could beat Bluetooth on the PC. Read More

zdnet.com.com:
Switch may send wireless four miles. Read More

www.newsfactor.com:
Daily CyberCrime and Security Report for November 5, 2002. Read More

05 november 2002

New Trojans:
New NeoTurk will soon be released.

Stealth Eye 1.0

Specrem 4.0

Snake's Proxy Server 1.03

Vulnerabilities & Exploits:
online.securityfocus.com:
ION Script Remote File Disclosure Vulnerability. Read More

bvlive01.iss.ne:
Internet Security Systems Security Alert Summary AS02-44. Read More

NGSSoftware Insight Security Research Advisory
Oracle iSQL*Plus buffer overflow. Read More

iDEFENSE Security Advisory 11.04.02b:
Denial of Service Vulnerability in Xeneo Web Server. Read More

iDEFENSE Security Advisory 11.04.02a:
Pablo FTP Server DoS Vulnerability. Read More

www.securitytracker.com:
AstroCam Webcam Management Software Input Validation Flaw Lets Remote Users Execute Arbitrary Programs. Read More

www.securitytracker.com:
Abuse Video Game Buffer Overflow Allows Local Users to Gain Root Privileges. Read More

www.securitytracker.com:
Motorola SURFboard Cable Modem Can Be Crashed By Remote Users Conducting Port Scans. Read More

News:
www.pcworld.com:
FunLove Virus Spawns New Pest. Read More

www.idg.net:
Bride of Funlove virus getting around. Read More

www.smh.com.au:
New virus spotted. Read More

www.theregister.co.uk:
Email deletion bug bites Norton Internet Security. Read More

sci.newsfactor.com:
Future Hacking: How Vulnerable Is the Net? Read More

www.smh.com.au:
Less is more when it comes to keeping out the hackers and viruses. Read More

news.bbc.co.uk:
Suspected hacker attacked with axe. Read More

www.mlive.com:
Critics: 'Trusted computing' threatens consumer freedom. Read More

www.cleveland.com:
Combating cybercrime. Read More

www.fcw.com:
FBI asks companies to fight cybercrime. Read More

www.europemedia.net:
Hacker takes advantage of dialer billing system. Read More

www.theage.com.au:
Wormholes in hacker case. Read More

www.theregister.co.uk:
Scary movie 2.0. Read More

04 november 2002

New Trojans:
NetSlayer 1.0

OwnedFTP 1.0

Tourniquet 1.0

Tool:
www.hping.org:
hping is a command-line oriented TCP/IP packet assembler/analyzer. Read More

www.packetfactory.net:
nemesis is a command-line UNIX network packet injection suite. Read More

Vulnerabilities & Exploits:
online.securityfocus.com:
Multiple Browser Zero Width GIF Image Memory Corruption Vulnerability. Read More

www.securitytracker.com:
Log2mail Script Buffer Overflow May Let Remote Users Execute Arbitrary Code With Root Privileges. Read More

www.securitytracker.com:
EventSave/EventSave+ File Access Error May Cause Events to Be Lost in Certain Cases. Read More

www.securitytracker.com:
Oracle iSQL*Plus Buffer Overflow in Oracle9i Database Server May Let Remote Users Execute Arbitrary Code. Read More

www.securitytracker.com:
VSNL Integrated Dialer Weak Encoding Discloses Passwords to Local Users. Read More

www.securitytracker.com:
ION Script Input Validation Flaw Lets Remote Users View Files on the Server. Read More

www.securitytracker.com:
Iomega NAS A300u Network Storage Device May Disclose Passwords to Remote Users. Read More

www.securitytracker.com:
NetScreen Firewalls Can Be Crashed By Remote Users When SSH is Enabled for Remote Management. Read More

www.securiteam.com:
Denial of Service Vulnerability in Linksys BEFSR41 EtherFast Cable/DSL Router. Read More

www.securiteam.com:
Prometheus Application Framework Code Injection. Read More

www.securiteam.com:
PHP-Nuke SQL Injection Vulnerability. Read More

www.securiteam.com:
Buffer Overflow Vulnerability in Abuse. Read More

News:
www.theregister.co.uk:
MS settlement rotten with loopholes. Read More

03 november 2002

New Trojans:
AIM-SPY 1.0

Troyano de Malpayo 1.1

Fuck MZN Troyan 3.0

Vulnerabilities & Exploits:
online.securityfocus.com:
Microsoft Windows 2000 / NT Path Precedence Vulnerability. Read More

online.securityfocus.com:
Multiple Microsoft IIS Vulnerabilities. Read More

online.securityfocus.com:
Microsoft PPTP Buffer Overrun Vulnerability. Read More

www.nextgenss.com:
Threat Profiling Microsoft SQL Server (pdf). Read More

www.securitytracker.com:
Prometheus Web Application Framework Include Path Bug Lets Remote Users Execute Arbitrary PHP Commands. Read More

www.securitytracker.com:
PHP-Nuke SQL Injection Bug in 'modules.php' in the 'bio' Field Lets Remote Users Execute SQL Commands. Read More

www.securitytracker.com:
Linksys BEFSR41 EtherFast Cable/DSL Router Can Be Crashed By Remote Users Via the Web Management Port. Read More

www.securitytracker.com:
Cisco ONS Optional Networking Software Flaws May Let Remote Users Gain Full Control of the ONS Platform. Read More

www.securitytracker.com:
Monkey Web Server Can Be Crashed By Remote Users Sending Certain POST Requests. Read More

www.securitytracker.com:
SmartMail Server E-Mail Server Can Be Crashed By Remote Users. Read More

News:
www.securityfocus.com:
Top Attacks for the 1st Quarter 2002. Read More

www.newsfactor.com:
Don't Buy the Windows 98 Forced Upgrade. Read More

www.ntsecurity.net:
Common Criteria Configuration Guides for Win2K. Read More

www.theregister.co.uk:
Proof Win2K is still insecure by design. Read More

www.pcworld.com:
Did Microsoft Get Off Easy? Read More

www.siliconvalley.com:
Hacker reveals secrets of success. Read More

02 november 2002

New Trojans:
Rosy Bartosy 1.0

Sub7 Tool Webdl

Trail Of Destruction 1.0

Vulnerabilities & Exploits:
online.securityfocus.com:
GTetrinet Multiple Remote Buffer Overflow Vulnerabilities. Read More

iDEFENSE Security Advisory 11.01.02:
Buffer Overflow Vulnerability in Abuse. Read More

www.securitytracker.com:
Microsoft Internet Information Server (IIS) Script Access Control Bug May Let Remote Authenticated Users Upload Unauthorized Executable Files. Read More

www.securitytracker.com:
Microsoft Internet Information Server (IIS) WebDAV Memory Allocation Flaw Lets Remote Users Crash the Server. Read More

www.securitytracker.com:
Microsoft Internet Information Server (IIS) Administrative Pages Allow Cross-Site Scripting Attacks. Read More

Microsoft Internet Information Server (IIS) Out-of-Process Access Control Bug Lets Certain Authenticated Users Gain Full Control of the Server. Read More

News:
www.washingtonpost.com:
Root-Server Attack Traced to South Korea, U.S. Read More

digitalmass.boston.com:
Law enforcement officials pledge to keep secret names of hacking victims. Read More

www.idg.com.sg:
Mac OS among least prone to attack. Read More

www.pcworld.com:
Proposed Antitrust Deal Accepted. Read More

www.vnunet.com:
Economic warfare enters the cyber-age. Read More

www.pcworld.com:
FBI Struggling to Stop Cybercrime. Read More

www.aftenposten.no:
Cordless keyboard wrote on neighbor's computer. Read More

www.newsfactor.com:
Daily CyberCrime and Security Report for November 1, 2002. Read More

01 november 2002

New Trojans:
Silent Spy 2.05 by HaTcHeT

Nova 1.0

Lithium 1.03 by Olympus

Vulnerabilities & Exploits:
iDEFENSE Security Advisory 10.31.02c:
PHP-Nuke SQL Injection Vulnerability. Read More

iDEFENSE Security Advisory 10.31.02b:
Prometheus Application Framework Code Injection. Read More

iDEFENSE Security Advisory 10.31.02a:
Denial of Service Vulnerability in Linksys BEFSR41 EtherFast Cable/DSL Router. Read More

Debian Security Advisory
DSA-185-1 heimdal -- buffer overflow. Read More

www.securitytracker.com:
Apache Web Server (2.0.42) May Disclose CGI Source Code to Remote Users When Used With WebDAV. Read More

www.securitytracker.com:
Sun Web-Based Enterprise Management (WBEM) Default Installation Error May Let Local Users Grab Root Privileges. Read More

www.securitytracker.com:
GTetrinet Game Client Buffer Overflows Let Remote Users Execute Arbitrary Code. Read More

www.securitytracker.com:
Solaris 8 Kernel 'kmem_flags' Bug Lets Local Users Cause a System Panic. Read More

www.securiteam.com:
MDaemon SMTP/POP/IMAP Server DoS (Invalid UIDL, DELE). Read More

www.securiteam.com:
XXE (Xml eXternal Entity) Attack. Read More

www.securiteam.com:
Windows 2000 Default Permissions Could Allow Trojan Horse Program. Read More

www.securiteam.com:
Unchecked Buffer in PPTP Implementation Could Enable Denial of Service Attacks. Read More

www.securiteam.com:
Oracle9iAS Web Cache Denial of Service. Read More

www.securiteam.com:
Apache Discloses Source Code via POST Requests to a Location with WebDAV and CGI enabled. Read More

www.securiteam.com:
Privilege Escalation Vulnerability on phpBB. Read More

www.securiteam.com:
Multiple Vulnerabilities in mailreader.com. Read More

www.securiteam.com:
GIMP Can Print Erased Sections of Images. Read More

News:
news.com.com:
Microsoft flags three security holes. Read More

online.securityfocus.com:
BugBear tops virus charts as Klez refuses to die. Read More

biz.thestar.com.my:
Hire hackers to find loopholes in IT system, firms advised. Read More

www.newsfactor.com:
Why Can't Hackers Be Stopped? Read More

online.securityfocus.com:
How to get certified security for Win2k, by Microsoft. Read More

star-techcentral.com:
Demand for ethical hackers. Read More

news.com.com:
Security guide aims to lock up agencies. Read More

www.hackinglinuxexposed.com:
Use illegal networks when discussing your systems. Read More

news.com.com:
Software heals systems while they work. Read More

www.vnunet.com:
Islamic groups attack western networks. Read More

www.secadministrator.com:
Protect Your Contact List: Read the EULA! Read More

www.hindustantimes.com:
Orissa cops to check cyber crime. Read More

online.securityfocus.com:
Don't Touch that Dial. Read More

www.newsfactor.com:
Daily CyberCrime and Security Report for October 31, 2002. Read More


Copyright� MegaSecurity.org