CastleCops, Internet Crime Fighters
Need help? Click here to register for free! Absolutely zero advertisements on this site!

Donation/Premium
spacer
Donations. Become Premium Today! Premium Icon
block bottom
Security Central
spacer
· Home
· PIRT/Fried Phish
· MIRT
· SIRT
· Deutsch
· Wiki
· Newsletter
· O16/ActiveX
· CLSID List
· Contest2007
· Downloads
· Feedback (send)
· Forums
· HijackThis
· Hijacktrend
· LSPs
· My Downloads
· O18
· O20
· O21
· O22
· O23
· O9
· Premium
· Private Messages
· Proxomitron
· Reviews
· Search
· StartupList
· Stories Archive
· Submit News
· WsIRT
· Your Account
· Acceptable Use Policy
block bottom
spacer spacer
image Advisories!: Latest Advisories & Live Feeds (12/25/03) image
Cyber Security
Latest Advisories
Live Virus Advisory Feeds
2003-12-25
Secunia
Security Tracker
Security Focus
Symantec
*Live Feeds are from Panda, Trend Micro, and Symantec

Live Virus Advisory Feeds

Secunia

Secunia Highlights:
Internet Explorer URL Spoofing Vulnerability
A vulnerability has been identified in Internet Explorer, which can be exploited by malicious people to display a fake URL in the address and status bars.
rsync File Handling Integer Overflow Vulnerability
A vulnerability has been identified in rsync, which can be exploited by malicious people to compromise a vulnerable system.

Latest 15 Secunia Security Advisories:

2003-12-24
- Xlight FTP Server Buffer Overflow Vulnerability

- PlatinumFTPServer Format String Vulnerability

- Cesar FTP Denial of Service Vulnerability

2003-12-23
- My Little Forum Cross-Site Scripting Vulnerabilities

- ProjectForum and CourseForum Multiple Vulnerabilities

- Sun Grid Engine OpenSSL Vulnerabilities

- Sun Solaris tcsh Privilege Escalation Vulnerability

- Sun Cobalt update for bash

- DCAM Server Directory Traversal Vulnerability

2003-12-22
- mvdsv Download Function Buffer Overflow Vulnerability

- Dada Mail Non-Random Verification PIN

- Xoops URL Parameter Cross Site Scripting Vulnerability

- Subscribe Me Pro Installation Invocation

- Active WebCam Directory Traversal and Cross-Site Scripting

- BoastMachine (bMachine) Comment Cross-Site Scripting Vulnerability

Top 5 Most Read Secunia Security Advisories (Last 24 hours):

Internet Explorer System Compromise Vulnerabilities

- Internet Explorer URL Spoofing Vulnerability

- Xlight FTP Server Buffer Overflow Vulnerability

- Mac OS X Security Update Fixes Multiple Vulnerabilities

- PlatinumFTPServer Format String Vulnerability


Security Tracker

SquirrelMail May Execute Arbitrary Commands When Encrypting Mail to Specially Crafted Addresses

An input validation vulnerability was reported in SquirrelMail in 'gpg_encrypt.php'. Arbitrary operating system commands may be executed when encrypting mail to specially crafted addresses.

Impact: Execution of arbitrary code via network, User access via network

Sun Solaris tcsh(1) Argument Expansion Flaw Lets Local Users Gain Elevated Privileges

A vulnerability was reported in tcsh(1) on Sun Solaris 8. A local user may be able to obtain elevated privileges.

Impact: Modification of system information, Modification of user information, Root access via local system, User access via local system

QuikStore Shopping Cart Input Validation Flaw Discloses Files to Remote Users

Dr`Ponidi of the Indonesia Security Development Team reported vulnerabilities in the QuikStore shopping cart. A remote user can view files on the system. A remote user can also determine the installation path.

Impact: Disclosure of system information, Disclosure of user information

my little forum Input Validation Flaws Permit Cross-Site Scripting Attacks

David Sopas Ferreira reported an input validation vulnerability in 'my little forum'. A remote user can conduct cross-site scripting attacks.

Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information

Xlight FTP Server Buffer Overflow in PASS Command May Let Remote Authenticated Users Execute Arbitrary Code

A buffer overflow vulnerability was reported in Xlight FTP Server. A remote authenticated user may be able to execute arbitrary code.

Impact: Execution of arbitrary code via network, User access via network


SecurityFocus BugTraq
SecurityFocus Vulnerabilities

12/23/2003 Re: phpBB v2.06 search_id sql injection exploit Micheal Cottingham
12/23/2003 QuikStore Shopping Cart Discloses Installation Path & Files to Remote Users Dr`Ponidi Haryanto
12/23/2003 Re: Internet Explorer URL parsing vulnerability nesumin
12/23/2003 [Opera 7] Arbitrary File Delete Vulnerability Operash
12/22/2003 Internet Explorer file downloading security alerts bypass Hugo Vázquez Caramés
12/22/2003 Directory traversal bug in DCAM server 8.2.5 Luigi Auriemma
12/22/2003 osCommerce SQL Injection && DoS && Cross Site Scripting JeiAr
12/22/2003 ProjectForum Multiple Vulnerabilities Peter Winter-Smith
12/22/2003 CesarFTP v0.99g CPU OverLoad [Proof of concept] zib zib
2003-12-21: DameWare Mini Remote Control Server Pre-Authentication Buffer Overflow Vulnerability
2003-12-21: PHP-Nuke admin.php SQL Injection Vulnerability
2003-12-20: BES-CMS Multiple Module File Include Vulnerability
2003-12-20: Apple MacOS X ASN.1 Decoding Unspecified Remote Denial Of Service Vulnerability
2003-12-20: Apple MacOS X fs_usage Unspecified Local Privilege Escalation Vulnerability
2003-12-20: Apple MacOS X AppleFileServer Unspecified Vulnerability
2003-12-20: Eric S. Raymond Fetchmail Unspecified Denial of Service Vulnerability
2003-12-20: RSync Daemon Mode Undisclosed Remote Heap Overflow Vulnerability
2003-12-20: Apple MacOS X DHCP Response Root Compromise Vulnerability
2003-12-20: Apple Mac OS X Panther Screen Effects Locking Latency Vulnerability
2003-12-20: MacOSX CD9660.Util Probe For Mounting Argument Local Buffer Overflow Vulnerability
2003-12-19: Multiple PlatinumFTPServer Command Argument Format String Vulnerabilities
2003-12-19: PY Software Active Webcam Webserver Directory Traversal Vulnerability
2003-12-19: PY Software Active Webcam Webserver Cross-Site Scripting Vulnerability
2003-12-19: Linux Kernel do_brk Function Boundary Condition Vulnerability
2003-12-19: Openwares.org Internet Explorer Patch Buffer Overflow Vulnerability
2003-12-19: Kerio Personal Firewall Stealth Port Scan Unspecified Firewall Bypassing Vulnerability
2003-12-19: Xerox Xerox_MicroServer/Xerox11 Directory Traversal Vulnerability
2003-12-19: AOL Instant Messenger Buddy Icon Warning Denial Of Service Vulnerability
2003-12-19: Multiple Vendor X Font Server Remote Buffer Overrun Vulnerability
2003-12-19: EZMeeting EZNet.EXE Long HTTP Request Remote Buffer Overflow Vulnerability
2003-12-19: KDE KDM PAM Module PAM_SetCred Privilege Escalation Vulnerability
2003-12-19: IBM AIX diag Unspecified Privilege Escalation Vulnerability
2003-12-19: IBM AIX enq Local Format String Vulnerability
2003-12-18: lftp Try_Squid_Eplf Buffer Overflow Vulnerability
2003-12-18: lftp Try_Netscape_Proxy Buffer Overflow Vulnerability
2003-12-18: Multiple ASPapp Portal Vulnerabilities
2003-12-18: Autorank PHP Multiple SQL Injection Vulnerabilities
2003-12-18: laitcg Pop 3 Scan Renattach Malicious Attachment Scanning Bypass Vulnerability
2003-12-18: Ethereal Q.931 Protocol Dissector Denial of Service Vulnerability
2003-12-18: Ethereal SMB Protocol Dissector Denial of Service Vulnerability
2003-12-18: Advanced Research Security Auditor Research Assistant Service Banner HTML Injection Vulnerability
2003-12-18: SOLMETRA SPAW Editor spaw_control.class.PHP Remote PHP File Include Vulnerability
2003-12-18: IRSSI Remote Denial of Service Vulnerability
2003-12-18: HP OpenView Network Node Manager Denial Of Service Vulnerabilities
2003-12-18: CVS Malformed Request System Root File Creation Vulnerability
2003-12-18: DUware DUportal Multiple Vulnerabilities
2003-12-18: Botan Es_Unix Privilege Escalation Vulnerability
2003-12-18: IBM DB2 Insecure DMS Directory Permissions Vulnerability
2003-12-18: ECW-Shop Cat Parameter Cross-Site Scripting Vulnerability
2003-12-18: Apache Web Server Multiple Module Local Buffer Overflow Vulnerability
2003-12-18: Pan Long Author Address Denial Of Service Vulnerability


Symantec SSR

PWSteal.Bancos.D December 22, 2003 December 23, 2003
W32.Cissi.A@mm December 22, 2003 December 23, 2003
W32.Gluber.B@mm December 21, 2003 December 22, 2003
Trojan.Bookmarker December 20, 2003 December 22, 2003
Backdoor.Trodal December 20, 2003 December 20, 2003
VBS.Sling December 20, 2003 December 20, 2003
W32.Sober.C@mm December 20, 2003 December 20, 2003
W32.Sober.gen December 20, 2003 December 20, 2003
W32.HLLW.Warpigs.C
Backdoor.Spyboter.gen [KAV] December 19, 2003 December 20, 2003
Trojan.Anymail December 18, 2003 December 19, 2003
W32.Sober.B@mm December 18, 2003 December 18, 2003
W32.Wilsef December 17, 2003 December 18, 2003
Trojan.Gema December 16, 2003 December 17, 2003
W32.HLLW.Cayam@mm December 16, 2003 December 17, 2003
W32.Randex.BE
W32/Sdbot.worm.gen.b [McAfee], Backdoor.SdBot.gen [Kaspersky] December 15, 2003 December 16, 2003
PWSteal.Sagic December 15, 2003 December 15, 2003
Hacktool.Sagic December 15, 2003 December 15, 2003
Trojan.PWS.Qphook December 14, 2003 December 15, 2003
Backdoor.Uprootkit
Backdoor.UpRootKit [Kaspersky] December 13, 2003 December 15, 2003
Backdoor.Uprootkit.cli
Backdoor.UpRootKit [Kaspersky] December 13, 2003 December 15, 2003
Trojan.Sysbin December 11, 2003 December 12, 2003
MHTMLRedir.Exploit December 11, 2003 December 12, 2003
W32.HLLW.Gaobot.EE December 11, 2003 December 11, 2003
W32.Mertian.Worm
W32.Mertian@mm December 11, 2003 December 11, 2003
Backdoor.Volac.dr December 10, 2003 December 11, 2003
Backdoor.Volac December 10, 2003 December 11, 2003
Backdoor.Roxy.C December 10, 2003 December 11, 2003
W32.Scold@mm
W32/Scold@MM [McAfee], Win32.Scold.A [Computer Associates], WORM_SCOLD.A [Trend], W32/Scold-A [Sophos], I-Worm.Scold [Kaspersky] December 10, 2003 December 11, 2003
Trojan.Slog December 10, 2003 December 11, 2003
Backdoor.Formador
Backdoor.Trojan.Client, Backdoor.Formador.c [AVP], Downloader-DP [Mcafee] December 10, 2003 December 10, 2003
Trojan.Benuti December 9, 2003 December 10, 2003
W32.Randex.BD
Backdoor.IRCBot.gen [Kaspersky] December 9, 2003 December 9, 2003
W32.HLLW.Bodiru December 8, 2003 December 8, 2003
PHP.Feast December 8, 2003 December 8, 2003
Backdoor.Xibo
Backdoor.XLBH.b [Kaspersky] December 8, 2003 December 8, 2003
Backdoor.Ketch December 5, 2003 December 8, 2003
W32.HLLW.Gaobot.DK
W32.HLLW.Gaobot.gen, W32/Gaobot.worm.gen [McAfee], Backdoor.Agobot.3.gen [Kaspersky] December 5, 2003 December 8, 2003
Trojan.Digits
Download.Trojan December 5, 2003 December 5, 2003
W32.Memas@mm
W32/Memas@mm[McAfee] December 4, 2003 December 5, 2003
W32.HLLW.Slideshow December 4, 2003 December 5, 2003
W32.Randex.AZ
W32.Randex.AX December 4, 2003 December 4, 2003
Trojan.Framar December 3, 2003 December 3, 2003
W32.Mimail.M@mm
W32.Mimail.Gen, W32/Mimail.gen@MM [McAfee] December 3, 2003 December 3, 2003
W32.HLLW.Epon@mm
I-Worm.Epon [Kaspersky] December 2, 2003 December 3, 2003
Backdoor.Freefors December 2, 2003 December 2, 2003
W32.Kwbot.S.Worm@mm
Backdoor.IRCBot.gen [KAV] December 2, 2003 December 2, 2003
JS.Pun.Trojan December 1, 2003 December 2, 2003
W32.Mimail.L@mm
W32.Mimail.Gen, W32/Mimail.l@MM [McAfee] December 1, 2003 December 2, 2003
Backdoor.Dragonqq
PWS-QQDrag [McAfee] December 1, 2003 December 1, 2003
Backdoor.Haxdoor
Backdoor.Haxdoor.i [Kaspersky] November 30, 2003 December 1, 2003
W32.HLLW.Studd
W32/Duster [McAfee] November 28, 2003 December 1, 2003
W32.HLLW.Southghost November 28, 2003 December 1, 2003
W32.Midlak@mm November 27, 2003 December 1, 2003
Backdoor.IRC.Whisper November 26, 2003 November 26, 2003
W32.Spex.B.Worm
Worm.P2P.Specx [Kaspersky] November 26, 2003 November 26, 2003
Backdoor.Asoxy November 26, 2003 November 26, 2003
W32.Randex.AX November 25, 2003 November 26, 2003
Backdoor.Spotcom November 25, 2003 November 25, 2003
Backdoor.Sysbug
BackDoor-CAG [McAfee], Troj/Sysbug-A [Sophos] November 25, 2003 November 25, 2003
W32.Azha.Worm November 24, 2003 November 25, 2003
W32.Randex.AW
Backdoor.SdBot.gen [Kaspersky], W32/Sdbot.worm.gen [McAfee] November 24, 2003 November 25, 2003
W32.HLLW.Bandie November 24, 2003 November 25, 2003
W32.Widare
Bloodhound.W32.2 November 23, 2003 November 24, 2003
Backdoor.Ciadoor.B
Backdoor.Ciadoor.12.b [Kaspersky], Backdoor-ASB [McAfee] November 23, 2003 November 24, 2003
W32.Notime November 22, 2003 November 24, 2003
W32.HLLW.Gaobot.DJ
W32.HLLW.Gaobot.gen November 21, 2003 November 24, 2003
W32.Randex.AT
Backdoor.SdBot.gen [KAV] November 21, 2003 November 21, 2003
Backdoor.Tinydog November 20, 2003 November 21, 2003
W32.Bolgi.Worm November 20, 2003 November 21, 2003
W32.HLLW.Taplak
W32.Klap, W32.HLLW.Taplak November 20, 2003 November 20, 2003
PWSteal.Banpaes.B November 20, 2003 November 20, 2003
W32.Randex.AR November 19, 2003 November 20, 2003
W32.HLLW.Anarch@mm November 19, 2003 November 20, 2003





Live Virus Advisory Feed
Posted on Thursday, 25 December 2003 @ 09:38:44 UTC by phoenix22 (1104 reads)
[ Trackback ]		image

"Advisories!: Latest Advisories & Live Feeds (12/25/03)" | Login/Create an Account | 0 comments
Threshold
The comments are owned by the poster. We aren't responsible for their content.

No Comments Allowed for Anonymous, please register
 
Login
spacer
Nickname

Password

Security Code: Type Security Code: Usage signifies AUP acceptance
· New User? · Click here to create a registered account.
block bottom
Related Links
spacer
· del.icio.us!
· digg it!
· reddit!
· TrackBack (0)
· Linux.com
· IBM
· PHP HomePage
· Linux Kernel Archives
· PHP-Nuke
· HotScripts
· Apple
· Apache Web Server
· W3 Consortium
· HTML Standard
· KDE
· Netscape
· Hewlett Packard
· America Online
· More about Cyber Security
· News by phoenix22

Most read story about Cyber Security:
Booby Trapped software!
block bottom
Article Rating
spacer
Average Score: 0
Votes: 0

Please take a second and vote for this article:

Bad
Regular
Good
Very Good
Excellent
block bottom
Options
spacer

Printer Friendly Page  Printer Friendly Page
block bottom
2002-2008 © Computer Cops LLC dba CastleCops®. All rights reserved.
Acceptable Use Policy. Use signifies your agreement.
74ppm 0.181s (0.005s)
Making cybercriminals unhappy since 2002*
In Memory of Trpm
spacer spacer