CastleCops® - Latest Advisories & Live Feeds (12/23/03)

Latest Advisories
Live Virus Advisory Feeds
2003-12-23
Secunia
Security Tracker
Security Focus
Symantec
*Live Feeds are from Panda, Trend Micro, and Symantec

Live Virus Advisory Feeds

Secunia

Secunia Highlights:
Internet Explorer URL Spoofing Vulnerability
A vulnerability has been identified in Internet Explorer, which can be exploited by malicious people to display a fake URL in the address and status bars.
rsync File Handling Integer Overflow Vulnerability
A vulnerability has been identified in rsync, which can be exploited by malicious people to compromise a vulnerable system.

Latest 15 Secunia Security Advisories:
2003-12-23
- My Little Forum Cross-Site Scripting Vulnerabilities

- ProjectForum and CourseForum Multiple Vulnerabilities

- Sun Grid Engine OpenSSL Vulnerabilities

- Sun Solaris tcsh Privilege Escalation Vulnerability

- Sun Cobalt update for bash

- DCAM Server Directory Traversal Vulnerability

2003-12-22
- mvdsv Download Function Buffer Overflow Vulnerability

- Dada Mail Non-Random Verification PIN

- Xoops URL Parameter Cross Site Scripting Vulnerability

- Subscribe Me Pro Installation Invocation

- Active WebCam Directory Traversal and Cross-Site Scripting

- BoastMachine (bMachine) Comment Cross-Site Scripting Vulnerability

- BES-CMS Arbitrary File Inclusion Vulnerabilities

- Double Choco Latte Arbitrary File Inclusion Vulnerabilities

- Red Hat update for kernel

Top 5 Most Read Secunia Security Advisories (Last 24 hours):
- Internet Explorer URL Spoofing Vulnerability

- SuSE update for MySQL

- Mac OS X Security Update Fixes Multiple Vulnerabilities

- DB2 Universal Database Insecure DMS Directory Permissions

- Internet Explorer System Compromise Vulnerabilities

Security Tracker

DCAM WebCam Server Input Validation Flaw Discloses Files to Remote Users

A vulnerability was reported in the DCAM WebCam Server. A remote user can view files on the target system.

Impact: Disclosure of system information, Disclosure of user information

XOOPS Input Filtering Flaw in Weblinks 'myheader.php' Permits Cross-Site Scripting Attacks

Chintan Trivedi from Eye On Security Research Group India reported an input validation vulnerability in the XOOPS weblinks module. A remote user can conduct cross-site scripting attacks.

Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information

CourseForum Can Be Crashed By a Remote User Sending a Long 'find' Request

Peter Winter-Smith reported several vulnerabilities in CourseForum. A remote user can cause the application to crash. A remote user can also conduct cross-site scripting attacks.

Impact: Denial of service via network, Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information

ProjectForum Can Be Crashed By a Remote User Sending a Long 'find' Request

Peter Winter-Smith reported several vulnerabilities in ProjectForum. A remote user can cause the application to crash. A remote user can also conduct cross-site scripting attacks.

Impact: Denial of service via network, Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information

bes-cms Include File Flaws Let Remote Users Execute Arbitary Commands

Security Corporation reported an include file vulnerability in 'bes-cms'. A remote user can execute arbitrary commands on the target server.

Impact: Execution of arbitrary code via network, User access via network

SecurityFocus BugTraq
SecurityFocus Vulnerabilities

12/22/2003 Internet Explorer file downloading security alerts bypass Hugo V�zquez Caram�s
12/22/2003 Directory traversal bug in DCAM server 8.2.5 Luigi Auriemma
12/22/2003 osCommerce SQL Injection && DoS && Cross Site Scripting JeiAr
12/22/2003 ProjectForum Multiple Vulnerabilities Peter Winter-Smith
12/22/2003 CesarFTP v0.99g CPU OverLoad [Proof of concept] zib zib
12/21/2003 Re: Remote crash in tcpdump from OpenBSD mrh_tech yahoo com
12/21/2003 An undetectable Online Bank Vulnerability? Mark Peterson
12/21/2003 XSS vulnerability in XOOPS 2.0.5.1 Chintan Trivedi
12/20/2003 phpBB v2.06 search_id sql injection exploit f3sy1 f3sy1
12/20/2003 PHP-NUKE version 6.9 'cid' sql injection exploit r00t rsteam ru
12/20/2003 Re: Remote crash in tcpdump from OpenBSD Przemyslaw Frasunek
12/20/2003 [SCSA-024] BES-CMS including file vulnerability Security Corporation Security Advisory
12/20/2003 Re: Remote crash in tcpdump from OpenBSD Henning Brauer
12/20/2003 Multicast from Orinoco wireless stations Andrew Daviel
12/20/2003 Remote crash in tcpdump from OpenBSD Przemyslaw Frasunek
12/20/2003 Re: Security bug in Xerox Document Centre brandon pierce
2003-12-19: Multiple PlatinumFTPServer Command Argument Format String Vulnerabilities
2003-12-19: PY Software Active Webcam Webserver Directory Traversal Vulnerability
2003-12-19: PY Software Active Webcam Webserver Cross-Site Scripting Vulnerability
2003-12-19: Linux Kernel do_brk Function Boundary Condition Vulnerability
2003-12-19: Openwares.org Internet Explorer Patch Buffer Overflow Vulnerability
2003-12-19: Kerio Personal Firewall Stealth Port Scan Unspecified Firewall Bypassing Vulnerability
2003-12-19: Xerox Xerox_MicroServer/Xerox11 Directory Traversal Vulnerability
2003-12-19: AOL Instant Messenger Buddy Icon Warning Denial Of Service Vulnerability
2003-12-19: Multiple Vendor X Font Server Remote Buffer Overrun Vulnerability
2003-12-19: EZMeeting EZNet.EXE Long HTTP Request Remote Buffer Overflow Vulnerability
2003-12-19: KDE KDM PAM Module PAM_SetCred Privilege Escalation Vulnerability
2003-12-19: IBM AIX diag Unspecified Privilege Escalation Vulnerability
2003-12-19: IBM AIX enq Local Format String Vulnerability
2003-12-19: SiteInteractive Subscribe Me Setup.PL Arbitrary Command Execution Vulnerability
2003-12-18: lftp Try_Squid_Eplf Buffer Overflow Vulnerability
2003-12-18: lftp Try_Netscape_Proxy Buffer Overflow Vulnerability
2003-12-18: Multiple ASPapp Portal Vulnerabilities
2003-12-18: Autorank PHP Multiple SQL Injection Vulnerabilities
2003-12-18: laitcg Pop 3 Scan Renattach Malicious Attachment Scanning Bypass Vulnerability
2003-12-18: Multiple Browser URI Display Obfuscation Weakness
2003-12-18: Ethereal Q.931 Protocol Dissector Denial of Service Vulnerability
2003-12-18: Ethereal SMB Protocol Dissector Denial of Service Vulnerability
2003-12-18: Advanced Research Security Auditor Research Assistant Service Banner HTML Injection Vulnerability
2003-12-18: SOLMETRA SPAW Editor spaw_control.class.PHP Remote PHP File Include Vulnerability
2003-12-18: IRSSI Remote Denial of Service Vulnerability
2003-12-18: HP OpenView Network Node Manager Denial Of Service Vulnerabilities
2003-12-18: CVS Malformed Request System Root File Creation Vulnerability
2003-12-18: DUware DUportal Multiple Vulnerabilities
2003-12-18: Botan Es_Unix Privilege Escalation Vulnerability
2003-12-18: CyberGuard Firewall/VPN 5.1 Cross-Site Scripting Vulnerability
2003-12-18: IBM DB2 Insecure DMS Directory Permissions Vulnerability
2003-12-18: ECW-Shop Cat Parameter Cross-Site Scripting Vulnerability
2003-12-18: Apache Web Server Multiple Module Local Buffer Overflow Vulnerability
2003-12-18: Pan Long Author Address Denial Of Service Vulnerability
2003-12-17: Dizzy unix2tcp Unspecified Buffer Overflow Vulnerability
2003-12-17: osCommerce osCsid Parameter Cross-Site Scripting Vulnerability
2003-12-17: GoAhead Webserver ASP Script File Source Code Disclosure Vulnerability
2003-12-17: Ipswitch WS_FTP Server Resource Consumption Remote Denial Of Service Vulnerability
2003-12-17: osCommerce SQL Injection Vulnerability
2003-12-17: OpenSSL ASN.1 Parsing Vulnerabilities
2003-12-17: Sendmail Ruleset Parsing Buffer Overflow Vulnerability
2003-12-17: Sun XDR Library xdrmem_getbytes() Integer Overflow Vulnerability
2003-12-17: Sendmail Prescan() Variant Remote Buffer Overrun Vulnerability
2003-12-17: GnuPG ElGamal Signing Key Private Key Compromise Vulnerability
2003-12-16: Macromedia Flash Player Flash Cookie Predictable File Location Weakness
2003-12-16: Apache Web Server mod_cgid Module CGI Data Redirection Vulnerability
2003-12-16: Microsoft Windows Messenger Service Buffer Overrun Vulnerability
2003-12-16: X Design sipd Remote Format String Vulnerability
2003-12-16: Michael Dean Double Choco Latte Multiple Module Remote File Include Vulnerability
2003-12-16: Dada Mail Unauthorized Mailing List Subscription Vulnerability
2003-12-16: Dada Mail Blank List Password Authentication Bypass Weakness
2003-12-16: MVDSV Quake Server Download Buffer Overrun Vulnerability
2003-12-16: OpenSSH Buffer Mismanagement Vulnerabilities
2003-12-16: e-Zone FuseTalk Search Results Cross Site Scripting Vulnerability
2003-12-16: Microsoft Outlook Web Access HTML Attachment Script Execution Vulnerability
2003-12-16: Multiple Ethereal Protocol Dissector Vulnerabilities
2003-12-16: GNU Zebra / Quagga Remote Denial of Service Vulnerability
2003-12-16: Spoofed Kernel Netlink Interface Message Denial of Service Vulnerability
2003-12-16: mIRC DCC SEND Variant Buffer Overflow Vulnerability
2003-12-16: mIRC DCC SEND Buffer Overflow Vulnerability
2003-12-16: Invision Power Board Index.PHP SQL Injection Vulnerability
2003-12-16: Aardvark Topsites PHP Multiple Vulnerabilities
2003-12-16: J2EE/RI Pointbase Database Remote Command Execution Vulnerability

Symantec SSR

W32.Cissi.A@mm December 22, 2003 December 23, 2003
W32.Gluber.B@mm December 21, 2003 December 22, 2003
Trojan.Bookmarker December 20, 2003 December 22, 2003
Backdoor.Trodal December 20, 2003 December 20, 2003
VBS.Sling December 20, 2003 December 20, 2003
W32.Sober.C@mm December 20, 2003 December 20, 2003
W32.Sober.gen December 20, 2003 December 20, 2003
W32.HLLW.Warpigs.C
Backdoor.Spyboter.gen [KAV] December 19, 2003 December 20, 2003
Trojan.Anymail December 18, 2003 December 19, 2003
W32.Sober.B@mm December 18, 2003 December 18, 2003
W32.Wilsef December 17, 2003 December 18, 2003
W32.HLLW.Cayam@mm December 16, 2003 December 17, 2003
W32.Randex.BE
W32/Sdbot.worm.gen.b [McAfee], Backdoor.SdBot.gen [Kaspersky] December 15, 2003 December 16, 2003
PWSteal.Sagic December 15, 2003 December 15, 2003
Hacktool.Sagic December 15, 2003 December 15, 2003
Trojan.PWS.Qphook December 14, 2003 December 15, 2003
Backdoor.Uprootkit
Backdoor.UpRootKit [Kaspersky] December 13, 2003 December 15, 2003
Backdoor.Uprootkit.cli
Backdoor.UpRootKit [Kaspersky] December 13, 2003 December 15, 2003
Trojan.Sysbin December 11, 2003 December 12, 2003
MHTMLRedir.Exploit December 11, 2003 December 12, 2003
W32.HLLW.Gaobot.EE December 11, 2003 December 11, 2003
W32.Mertian.Worm
W32.Mertian@mm December 11, 2003 December 11, 2003
Backdoor.Volac.dr December 10, 2003 December 11, 2003
Backdoor.Volac December 10, 2003 December 11, 2003
Backdoor.Roxy.C December 10, 2003 December 11, 2003
W32.Scold@mm
W32/Scold@MM [McAfee], Win32.Scold.A [Computer Associates], WORM_SCOLD.A [Trend], W32/Scold-A [Sophos], I-Worm.Scold [Kaspersky] December 10, 2003 December 11, 2003
Trojan.Slog December 10, 2003 December 11, 2003
Backdoor.Formador
Backdoor.Trojan.Client, Backdoor.Formador.c [AVP], Downloader-DP [Mcafee] December 10, 2003 December 10, 2003
Trojan.Benuti December 9, 2003 December 10, 2003
W32.Randex.BD
Backdoor.IRCBot.gen [Kaspersky] December 9, 2003 December 9, 2003
W32.HLLW.Bodiru December 8, 2003 December 8, 2003
PHP.Feast December 8, 2003 December 8, 2003
Backdoor.Xibo
Backdoor.XLBH.b [Kaspersky] December 8, 2003 December 8, 2003
Backdoor.Ketch December 5, 2003 December 8, 2003
W32.HLLW.Gaobot.DK
W32.HLLW.Gaobot.gen, W32/Gaobot.worm.gen [McAfee], Backdoor.Agobot.3.gen [Kaspersky] December 5, 2003 December 8, 2003
Trojan.Digits
Download.Trojan December 5, 2003 December 5, 2003
W32.Memas@mm
W32/Memas@mm[McAfee] December 4, 2003 December 5, 2003
W32.HLLW.Slideshow December 4, 2003 December 5, 2003
W32.Randex.AZ
W32.Randex.AX December 4, 2003 December 4, 2003
Trojan.Framar December 3, 2003 December 3, 2003
W32.Mimail.M@mm
W32.Mimail.Gen, W32/Mimail.gen@MM [McAfee] December 3, 2003 December 3, 2003
W32.HLLW.Epon@mm
I-Worm.Epon [Kaspersky] December 2, 2003 December 3, 2003
Backdoor.Freefors December 2, 2003 December 2, 2003
W32.Kwbot.S.Worm@mm
Backdoor.IRCBot.gen [KAV] December 2, 2003 December 2, 2003
JS.Pun.Trojan December 1, 2003 December 2, 2003
W32.Mimail.L@mm
W32.Mimail.Gen, W32/Mimail.l@MM [McAfee] December 1, 2003 December 2, 2003
Backdoor.Dragonqq
PWS-QQDrag [McAfee] December 1, 2003 December 1, 2003
Backdoor.Haxdoor
Backdoor.Haxdoor.i [Kaspersky] November 30, 2003 December 1, 2003
W32.HLLW.Studd
W32/Duster [McAfee] November 28, 2003 December 1, 2003
W32.HLLW.Southghost November 28, 2003 December 1, 2003
W32.Midlak@mm November 27, 2003 December 1, 2003
Backdoor.IRC.Whisper November 26, 2003 November 26, 2003
W32.Spex.B.Worm
Worm.P2P.Specx [Kaspersky] November 26, 2003 November 26, 2003
Backdoor.Asoxy November 26, 2003 November 26, 2003
W32.Randex.AX November 25, 2003 November 26, 2003
Backdoor.Spotcom November 25, 2003 November 25, 2003
Backdoor.Sysbug
BackDoor-CAG [McAfee], Troj/Sysbug-A [Sophos] November 25, 2003 November 25, 2003
W32.Azha.Worm November 24, 2003 November 25, 2003
W32.Randex.AW
Backdoor.SdBot.gen [Kaspersky], W32/Sdbot.worm.gen [McAfee] November 24, 2003 November 25, 2003
W32.HLLW.Bandie November 24, 2003 November 25, 2003
W32.Widare
Bloodhound.W32.2 November 23, 2003 November 24, 2003
Backdoor.Ciadoor.B
Backdoor.Ciadoor.12.b [Kaspersky], Backdoor-ASB [McAfee] November 23, 2003 November 24, 2003
W32.Notime November 22, 2003 November 24, 2003
W32.HLLW.Gaobot.DJ
W32.HLLW.Gaobot.gen November 21, 2003 November 24, 2003
W32.Randex.AT
Backdoor.SdBot.gen [KAV] November 21, 2003 November 21, 2003
Backdoor.Tinydog November 20, 2003 November 21, 2003
W32.Bolgi.Worm November 20, 2003 November 21, 2003
W32.HLLW.Taplak
W32.Klap, W32.HLLW.Taplak November 20, 2003 November 20, 2003
PWSteal.Banpaes.B November 20, 2003 November 20, 2003
W32.Randex.AR November 19, 2003 November 20, 2003
W32.HLLW.Anarch@mm November 19, 2003 November 20, 2003

Live Virus Advisory Feed


	2002-2008 � Computer Cops LLC dba CastleCops®. All rights reserved. Acceptable Use Policy. Use signifies your agreement. 91ppm 0.309s (0.009s) Making cybercriminals unhappy since 2002*