Latest Advisories

Live Virus Advisory Feeds
2004-01-30

*Live Feeds are from Panda, Trend Micro, and Symantec

Live Virus Advisory Feeds

National Cyber Alert System (US-Cert)


Secunia

Secunia Highlights:
Internet Explorer URL Spoofing Vulnerability
A vulnerability has been identified in Internet Explorer, which can be exploited by malicious people to display a fake URL in the address and status bars.
Windows XP Malicious Folder Automatic Code Execution Vulnerability
http-equiv has reported a vulnerability in Windows XP, which can be exploited by malicious people to compromise a user's system or gain escalated privileges.
Internet Explorer File Download Extension Spoofing
http-equiv has identified a vulnerability in Internet Explorer, allowing malicious web sites to spoof the file extension of downloadable files.

Latest 15 Secunia Security Advisories:
2004-01-30
- Sun Solaris pfexec Privilege Escalation Vulnerability

- Kietu Arbitrary File Inclusion Vulnerability

- PhpGedView Arbitrary File Inclusion Vulnerabilities

- inlook Insecure Default Permissions

- WWW::Form Potential Cross-Site Scripting Vulnerability

- SGI IRIX Multiple Vulnerabilities

- Bodington Uploaded File Exposure Vulnerability

2004-01-29
- SuSE update for gaim

- DotNetNuke Multiple Vulnerabilities

- Kerio Personal Firewall Privilege Escalation Vulnerability

- Debian update for trr19

- trr19 Privilege Escalation Vulnerability

- Cold Fusion MX Form Denial of Service and Sandbox Bypass

- McAfee ePolicy Orchestrator Invalid Content-Length: Denial of Service

- BRS WebWeaver ISAPISkeleton.dll Cross Site Scripting Vulnerability

Top 5 Most Read Secunia Security Advisories (Last 24 hours):
- Internet Explorer File Download Extension Spoofing

- Internet Explorer URL Spoofing Vulnerability

- Windows XP Malicious Folder Automatic Code Execution Vulnerability

- Sun Solaris pfexec Privilege Escalation Vulnerability

- Microsoft Internet Explorer Multiple Vulnerabilities

Security Tracker

Sun Solaris pfexec May Execute Profile Commands With Elevated Privileges

A vulnerability was reported in the pfexec(1) command in Solaris 8 and 9. A local user may be able to execute a profile command with elevated privileges in certain cases.

Impact: Root access via local system, User access via local system

PhpGedView Include File Holes in 'conf' Files Let Remote Users Execute Arbitrary Commands

Cedric Cochin of netVigilance reported several include file vulnerabilities in PhpGedView. A remote user can execute arbitrary PHP code and operating system commands on the target system. A remote authenticated user with 'admin' privileges can view files on the target system.

Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network

Kietu? Include File Flaw Lets Remote Users Execute Arbitrary Commands

A vulnerability was reported in the 'Kietu?' web site statistics software in 'index.php'. A remote user can execute arbitrary operating system commands on the system.

Impact: Execution of arbitrary code via network, User access via network

PJreview_Neo.cgi Input Validation Hole Discloses Files to Remote Users

Zone-h Security Team reported an input validation flaw in the 'PJreview_Neo.cgi' script. A remote user can view files on the target system.

Impact: Disclosure of system information, Disclosure of user information

BRS WebWeaver Input Validation Flaw in ISAPISkeleton.dll Permits Cross-Site Scripting Attacks

An input validation vulnerability was reported in BRS WebWeaver in ISAPISkeleton.dll. A remote user can conduct cross-site scripting attacks.

Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information


SecurityFocus BugTraq
SecurityFocus Vulnerabilities

01/30/2004 Serv-U exploit Berend-Jan Wever
01/30/2004 FreeBSD Security Advisory FreeBSD-SA-04:01.mksnap_ffs FreeBSD Security Advisories
01/29/2004 Cisco Security Advisory: Buffer Overrun in Microsoft Windows 2000 Workstation Service (MS03-049) Cisco Systems Product Security Incident Response Team
01/29/2004 userland binary vulnerabilities on IRIX SGI Security Coordinator
01/29/2004 Security Announcement: untrusted ELF library path in some cvsup binary RPMs Matthias Andree
01/29/2004 SUSE Security Announcement: gaim (SuSE-SA:2004:004) thomas suse de (Thomas Biege)
01/29/2004 ZH2004-02SA (security advisory): PJ CGI Neo review (NeoBoard review) Remote arbitrary file retrieving ZetaLabs
01/29/2004 ----------========== OPEN3S-2003-08-08-eng-informix-ontape ==========---------- pask open3s com
01/29/2004 ----------========== OPEN3S-2003-08-08-eng-informix-onshowaudit ==========---------- pask open3s com
01/29/2004 ----------========== OPEN3S-2003-08-08-eng-informix-onedcu ==========---------- pask open3s com
01/29/2004 [FLSA-2004:1207] Updated cvs resolves security vulnerability Jesse Keating
01/29/2004 new WIN virus? Atom 'Smasher'
01/29/2004 MacOS X TruBlueEnvironment Buffer Overflow @stake Advisories
01/28/2004 SGI Advanced Linux Environment security update #9 SGI Security Coordinator
01/28/2004 RFC: virus handling Thomas Zehetbauer
01/28/2004 phpBB privmsg.php XSS vulnerability patch. Shaun Colley
01/28/2004 [SECURITY] [DSA 430-1] New trr19 packages fix local games exploit joey infodrom org (Martin Schulze)
01/28/2004 Denial Of Service in SurfNOW 2.2 Donato Ferrante
01/28/2004 Changes to CERT Advisories [INFO#04.20510] CERT Advisory
01/28/2004 BRS WebWeaver Webserver Cross Site Scripting Vulnerability Oliver Karow
01/28/2004 ZH2004-01SA (security advisory): Web Blog 1.1 Remote arbitrary files retrieving ZetaLabs
01/28/2004 SRT2004-01-17-0227 - BlackICE allows local users to become SYSTEM KF
01/28/2004 Re: New MiMail variant is DDoS'ing SCO.com Bob Toxen
01/28/2004 Oracle toplink mapping workbench password algorithm Pete Finnigan
2004-01-28: Apache Web Server ETag Header Information Disclosure Weakness
2004-01-28: Internet Security Systems BlackICE PC Protection blackd.exe Local Buffer Overrun Vulnerability
2004-01-28: Internet Security Systems BlackICE PC Protection Upgrade File Permission Vulnerability
2004-01-27: IBM Informix Multiple Local Privilege Escalation Vulnerabilities
2004-01-27: Linksys WRT54G Router Blank HTTP GET Request Denial Of Service Vulnerability
2004-01-27: Microsoft Internet Explorer CLSID File Extension Misrepresentation Vulnerability
2004-01-27: Novell Groupwise Webacc Cross Site Scripting Vulnerability
2004-01-27: vBulletin Register.PHP HTML Injection Vulnerability
2004-01-27: Apple Security Update 2004-01-26 Released To Fix Multiple Vulnerabilities
2004-01-27: Apple Mac OS X TruBlueEnvironment Local Buffer Overflow Vulnerability
2004-01-27: Apache mod_python Module Malformed Query Denial of Service Vulnerability
2004-01-27: GNU Screen Escape Sequence Integer Overflow Array Indexing Vulnerability
2004-01-27: H+BEDV AntiVir Insecure Temporary File Creation Symbolic Link Vulnerability
2004-01-27: Apache Web Server mod_cgid Module CGI Data Redirection Vulnerability
2004-01-27: Apache Web Server Multiple Module Local Buffer Overflow Vulnerability
2004-01-27: Finjan SurfinGate FHTTP Restart Command Execution Vulnerability
2004-01-27: Midnight Commander Virtual File System Symlink Buffer Overflow Vulnerability
2004-01-27: Microsoft Windows XP Explorer Self-Executing Folder Vulnerability
2004-01-27: WebLogic Server and Express HTTP TRACE Credential Theft Vulnerability
2004-01-27: BEA WebLogic Incorrect Operator Permissions Password Disclosure Vulnerability
2004-01-27: BEA WebLogic Server/Express Potential Administrator Password Disclosure Weakness
2004-01-27: BEA WebLogic Server and Express SSL Client Privilege Escalation Vulnerability
2004-01-27: BEA WebLogic Operator/Admin Password Disclosure Vulnerability
2004-01-27: GnuPG ElGamal Signing Key Private Key Compromise Vulnerability
2004-01-26: InternetNow ProxyNow Multiple Stack and Heap Overflow Vulnerabilities
2004-01-26: Kietu Index.PHP Remote File Include Vulnerability
2004-01-26: Kietu Hit.PHP Remote File Inclusion Vulnerability
2004-01-26: SLocate User-Supplied Database Heap Overflow Vulnerability
2004-01-26: Antologic Antolinux Administrative Interface NDCR Parameter Remote Command Execution Vulnerability
2004-01-26: Xoops Viewtopic.php Cross-Site Scripting Vulnerability
2004-01-26: QuadComm Q-Shop Cross Site Scripting Vulnerabilities
2004-01-26: CGI.pm Start_Form Cross-Site Scripting Vulnerability
2004-01-26: LANDesk Software LANDesk Management Suite IRCBoot.DLL ActiveX Control Buffer Overrun Vulnerability
2004-01-26: Cherokee Error Page Cross Site Scripting Vulnerability
2004-01-26: Mambo Open Source mod_mainmenu.php Remote File Include Vulnerability
2004-01-26: Herberlin BremsServer Cross-Site Scripting Vulnerability
2004-01-26: Herberlin BremsServer Directory Traversal Vulnerability
2004-01-26: Mbedthis Software AppWeb HTTP Server Empty Options Request Denial Of Service Vulnerability
2004-01-26: Multiple Cisco PIX Remote Denial Of Service Vulnerabilities
2004-01-26: mIRC DCC Get Dialog Denial Of Service Vulnerability
2004-01-26: IBM Net.Data db2www Error Message Cross-Site Scripting Vulnerability
2004-01-26: Gallery Remote Global Variable Injection Vulnerability
2004-01-26: Multiple Vendor H.323 Protocol Implementation Vulnerabilities
2004-01-25: Jordan Windows Telnet Server Username Stack Based Buffer Overrun Vulnerability
2004-01-24: Borland Webserver for Corel Paradox Directory Traversal Vulnerability
2004-01-24: TinyServer Multiple Vulnerabilities
2004-01-24: Oracle HTTP Server isqlplus Cross-Site Scripting Vulnerability

Symantec SSR

Keylogger.Stawin
Keylog-Stawin [McAfee], Troj/Stawin-A [Sophos] January 29, 2004 January 30, 2004
W32.Randex.FC
Backdoor.IRCBot.gen [KAV] January 29, 2004 January 30, 2004
W32.HLLW.Anig
W32/Dfcsvc.worm [McAfee] January 29, 2004 January 30, 2004
PWSteal.Olbaid January 29, 2004 January 29, 2004
W32.Mimail.S@mm
W32/Mimail-S [Sophos], WORM_MIMAIL.S [Trend], Win32.Mimail.S [Computer Associates], W32/Mimail.s@MM [McAfee] January 29, 2004 January 29, 2004
Backdoor.Aphexdoor
Backdoor.Aphexdoor.10 [Kaspersky] January 28, 2004 January 28, 2004
W32.IRCBot.C
Backdoor.IRCBot.gen [Kaspersky] January 28, 2004 January 28, 2004
W32.Mydoom.B@mm
Mydoom.B [F-Secure], W32/Mydoom.b@MM [McAfee], WORM_MYDOOM.B [Trend], Win32.Mydoom.B [Computer Associates], I-Worm.Mydoom.b [Kaspersky], W32/MyDoom-B [Sophos] January 28, 2004 January 28, 2004
Trojan.Bookmarker.E January 27, 2004 January 28, 2004
W32.HLLW.Pokibat January 27, 2004 January 28, 2004
W32.Novarg.A@mm
W32/Mydoom@MM [McAfee], WORM_MIMAIL.R [Trend], Win32.Mydoom.A [Computer Associates], W32/Mydoom-A [Sophos], I-Worm.Novarg [Kaspersky] January 26, 2004 January 26, 2004
W32.Mimail.Q@mm
W32/Mimail.q@MM [McAfee], WORM_MIMAIL.Q [Trend], W32/Mimail-Q [Sophos] January 26, 2004 January 26, 2004
W32.Dumaru.Z@mm
W32/Dumaru.z@MM [McAfee] January 25, 2004 January 26, 2004
W32.Dumaru.Y@mm
W32/Dumaru.y@MM [McAfee], I-Worm.Dumaru.j [Kaspersky], Win32.Dumaru.Y [Computer Associates], W32/Dumaru-Y [Sophos], WORM_DUMARU.Y [Trend] January 23, 2004 January 26, 2004
Trojan.Bookmarker.D January 23, 2004 January 26, 2004
W32.HLLW.Sanker January 22, 2004 January 23, 2004
Backdoor.OptixPro.13b
Backdoor.Optix.Pro.13 [Kaspersky] January 21, 2004 January 22, 2004
Backdoor.Tuxder January 20, 2004 January 20, 2004
Trojan.Httpdos
Backdoor.Snart.j[Kaspersky] January 20, 2004 January 20, 2004
Trojan.Mitglieder.C
Mitglieder [F-Secure] January 20, 2004 January 20, 2004
VBS.Zsyang.B@mm
I-Worm.Zsyang [Kaspersky] January 19, 2004 January 19, 2004
W32.Beagle.A@mm
I-Worm.Bagle [Kaspersky], WORM_BAGLE.A [Trend], W32/Bagle-A [Sophos], W32/Bagle@MM [McAfee], Win32.Bagle.A [Computer Associates] January 18, 2004 January 18, 2004
Backdoor.IRC.Aladinz.H January 18, 2004 January 18, 2004
Trojan.Bookmarker.C January 15, 2004 January 16, 2004
W32.Protoride.Worm January 16, 2004 January 16, 2004
W97M.Twopey.E
Macro.Word97.Racaga [Kaspersky] January 15, 2004 January 16, 2004
W32.Stuplo January 15, 2004 January 16, 2004
Backdoor.IRC.Aladinz.G
Worm.Win32.Randon.o [Kaspersky] January 15, 2004 January 15, 2004
Downloader.Mimail.B
Downloader-GN [McAfee], Troj/Mmdload-A [Sophos] January 14, 2004 January 16, 2004
W32.HLLC.Elpmis January 14, 2004 January 15, 2004
W32.HLLW.Nettrash
Backdoor.NetTrash, Backdoor/NetTrash.10.a [Kaspersky] January 12, 2004 January 13, 2004
Trojan.Bookmarker.B January 12, 2004 January 13, 2004
W32.HLLW.Gaobot.FQ
W32/Gaobot.worm.gw [McAfee] January 12, 2004 January 13, 2004
PWSteal.Freemega January 11, 2004 January 12, 2004
PWSteal.Leox January 11, 2004 January 12, 2004
Backdoor.Threadsys January 10, 2004 January 12, 2004
Trojan.Xombe
Xombe [FSecure], Downloader-GJ [McAfee], Troj/Dloader-L [Sophos] January 9, 2004 January 9, 2004
Backdoor.Sdbot.S
Backdoor.SdBot.gen [Kaspersky] January 8, 2004 January 8, 2004
W32.Opaserv.AE.Worm January 7, 2004 January 8, 2004
W32.Mimail.P@mm
W32/Mimail.p@MM [McAfee], Win32.Mimail.P [Computer Associates], WORM_MIMAIL.P [Trend], W32/Mimail-N [Sophos], I-Worm.Mimail.p [Kaspersky] January 7, 2004 January 8, 2004
W32.HLLW.Gaobot.FL January 6, 2004 January 7, 2004
W32.Bizten
Trojan.Win32.Bizten [Kaspersky] January 6, 2004 January 6, 2004
W32.HLLW.Gaobot.FB
Backdoor.Agobot.3.gen [Kaspersky] January 4, 2004 January 5, 2004
Backdoor.Graybird.H January 4, 2004 January 5, 2004
W32.Miroot.Worm
W32/Legemer.worm [McAfee] January 3, 2004 January 5, 2004
W32.Bugbros@mm January 2, 2004 January 5, 2004
Backdoor.IRC.Aladinz.F
Win32.Randon.AC [Kaspersky] January 1, 2004 January 2, 2004
W32.Tupeg January 1, 2004 January 2, 2004
Download.Berbew.dam
Downloader-DI.dam [McAfee], Troj/Antikl-Dam [Sophos] December 31, 2003 January 2, 2004
W32.Jitux.Worm
W32/Jitux.worm [McAfee], WORM_JITUX.A [Trend] December 31, 2003 December 31, 2003
W32.Mumo December 29, 2003 December 30, 2003
Backdoor.Gaster December 29, 2003 December 30, 2003
W32.Torun
W32.Torun.dr, Worm.W32.Torun [Kaspersky], PE_TORUN.A [Trend] December 28, 2003 December 29, 2003
Trojan.Download.Revird December 27, 2003 December 29, 2003
Backdoor.Portless December 26, 2003 December 29, 2003






NAV Daily Definitions (Go)


*Note: The i32 Intelligent Updater package cannot be used to update Symantec AntiVirus Corporate Edition 8.0 servers or Norton AntiVirus Corporate Edition 7.6 servers, but can be used to update Corporate Edition clients. The x86 Intelligent Updater package can be used to update corporate Edition clients and servers.

National Cyber Alert System (US-Cert)

Live Virus Advisory Feed